Getting Started

Step 1 - Obtain an API Key

Obtain an API Key by visiting: https://fixinator.app

Step 2 - Download and Install CommandBox

Mac Users

If you are on a Mac with homebrew, simply run the following:

brew install commandbox

If you do not use homebrew please follow the Windows / Linux instructions below.

Windows / Linux

Download (box.exe) and add it to your system PATH (optional). ( Installation Instructions)

What is CommandBox?

CommandBox is a command line tool for CFML developers it is very powerful, fixinator uses it to write a command line tool to run scans. Learn More about CommandBox here.

Step 3 - Install the fixinator command

First make sure you have an API key (visit https://fixinator.app ), and have installed box (also know as CommandBox, see Step 2 above for details).

Now you can install the fixinator CommandBox command by running:

box install fixinator

in your Terminal or Command Prompt

Step 4 - Set your API key

You can set the API key by running the following command:

box config set modules.fixinator.api_key=YOUR_API_KEY

You can also set the API key by setting an environment variable named FIXINATOR_API_KEY

Step 5 - Scan Some Code

Now use the fixinator command to scan some code:

box fixinator /some/folder

Tips

Getting more results

If you are not seeing many results, you can try changing the confidence level to low or medium. Fixinator defaults to high confidence mode which means it will have a very low false positive rate, but it will also skip over issues it is less confident about. To run a scan with low confidence try this:

box fixinator confidence=low path=/some/folder

You should see more results.

Getting less results

If you are getting too many results you can try switching the severity mode to high or medium. The severity level defaults to low which means it will show issues which are low, medium or high. To see only high severity issues try this:

box fixinator severity=high path=/some/folder 

You can also ignore files or folders by creating a .fixinator.json file. Documentation

Keep box running

You can just run box or box.exe without any arguments and then you will have a CommandBox shell. From the box shell you can cd to a directory and run the fixinator command. It will be faster to keep the box shell open, rather than starting / stopping box each time you run a scan.

More Info

Here are a few more guides you might find useful:

• How Does Fixinator Work - details about how fixinator works.
• Continuous Integration Guides - Run fixinator automatically whenever you commit code to your source control repository.
  • Running Fixinator on Bitbucket
  • Running Fixinator on Travis-CI (GitHub)
  • Running Fixinator on CircleCI (GitHub or Bitbucket)
  • Running Fixinator on GitLab CI / CD
  • Running Fixinator on Azure DevOps or TFS (GitHub, BitBucket, Azure Git, Any Git Repo, Any Subversion Repo)