Fixinator and Foundeo Security Bundle

I'm pleased to announce that Fixinator and the Foundeo CFML Continuous Security Bundle are both avaliable to purchase.

What is Fixinator?

Fixinator is a CFML security code scanner that can not only find security issues in your code it can also help you fix them (hence the name). Take a look at the screenshot below to see how it works:

Fixinator is looking for all sorts of CFML specific security vulnerabilities in the code. Working as a ColdFusion security consultant over the past 10 or so years, I have conducted dozens of reviews of real world CFML code and systems. Fixinator attempts to bottle up as much of that experience as possible and bring it to your fingertips.

Not only does Fixinator look for security vulnerabilities in your own code, it can also detect security vulnerabilities in third party CFML code (for example if you are using an old FCKeditor with a file upload vulnerability, etc). JavaScript libraries and jar files in your codebase are also checked for known third party vulnerabilities.

What is this Continuous Security you speak of?

Continuous security is a method of adding automatic security checks. Security experts find that when you bring security tools closer to the developer less security vulnerabilities exist in the code.

Fixinator fits well into this model, you can easily set it up to scan your code every time you commit to version control. It doesn't matter if you are using GitHub, GitLab, Bitbucket, any other git provider or even a subversion repository it is pretty easy to setup (and Foundeo is happy to help you set it up). Here's a few examples of setting up Fixinator in a continuous integration pipeline using a few different providers:

• Running Fixinator on Azure DevOps Pipelines or Team Foundation Server (TFS) - Azure DevOps or TFS (on premises) can connect to any Git or Subversion repository to scan your code automatically.
• Running Fixinator on Bitbucket Pipelines - if your code is on BitBucket you can setup a pipeline for free.
• Running Fixinator on Circle CI - supports GitHub and Bitbucket Repos
• Running Fixinator on GitLab - GitLab also has a free tier that you can take advantage of.
• Running Fixinator on TravisCI - TravisCI supports GitHub repositories

Here's an example of setting up an Azure DevOps pipeline that runs Fixinator:

What is the Foundeo CFML Continuous Security Bundle?

With the addition of Fixinator, Foundeo now has 3 CFML security products: FuseGuard, HackMyCF, and Fixinator. There are already several companies that have purchased all three tools, so it only made sense to offer a bundle where you can get all three tools at a discounted price. Pricing for the bundle starts at $96/month.