Getting Started
Obtain an API Key by visiting: https://fixinator.app/try/
If you are on a Mac with homebrew, simply run the following:
brew install commandbox
If you do not use homebrew please follow the Windows / Linux instructions below.
Download (box.exe) and add it to your system PATH (recommended) or just double click box.exe. See the CommandBox
Installation Instructions for details.
Follow the CommandBox Installation Instructions for linux.
CommandBox is a command line tool for CFML developers it is very powerful, fixinator uses it to write a command line tool to run scans. Learn More about CommandBox here.
First make sure you have an API key (visit https://fixinator.app ), and have installed box (also know as CommandBox, see Step 2 above for details).
Now you can install the fixinator CommandBox command by running:
box install fixinator
in your Terminal or Command Prompt
You can set the API key by running the following command:
box config set modules.fixinator.api_key=YOUR_API_KEY
You can also set the API key by setting an environment variable named FIXINATOR_API_KEY
Now use the fixinator command to scan some code:
box fixinator /some/folder
Getting more results
If you are not seeing many results, you can try changing the confidence level to low or medium. Fixinator defaults to high confidence mode which means it will have a very low false positive rate, but it will also skip over issues it is less confident about. To run a scan with low confidence try this:
box fixinator confidence=low path=/some/folder
You should see more results.
Getting less results
If you are getting too many results you can try switching the severity mode to high or medium. The severity level defaults to low which means it will show issues which are low, medium or high. To see only high severity issues try this:
box fixinator severity=high path=/some/folder
You can also ignore files or folders by creating a .fixinator.json file. Documentation
Keep box running
You can just run box or box.exe without any arguments and then you will have a CommandBox shell. From the box shell you can cd to a directory and run the fixinator command. It will be faster to keep the box shell open, rather than starting / stopping box each time you run a scan.
If you are getting the error:
Command "fixinator" cannot be resolved.
Make sure you have run box install fixinator, and if you are still getting the error try running box reload.
Any other issues, please don't hesitate to contact us
We are working on a native Windows and Mac GUI app called Fixinator GUI. The commandbox fixinator command is the most stable way to use Fixinator right now, but if you'd like to try the GUI let us know how it works for you.
Here are a few more guides you might find useful:
- Video: Fixinator and FuseGuard - this video is about an hour long and covers how to fix security vulnerabilities with Fixinator and how to block them with FuseGuard.
- How Does Fixinator Work - details about how fixinator works.
-
Continuous Integration Guides - Run fixinator automatically whenever you commit code to your source control repository.
- Running Fixinator on Bitbucket
- Running Fixinator on Travis-CI (GitHub)
- Running Fixinator on CircleCI (GitHub or Bitbucket)
- Running Fixinator on GitLab CI / CD
- Running Fixinator on Azure DevOps or TFS (GitHub, BitBucket, Azure Git, Any Git Repo, Any Subversion Repo)
