Running Fixinator on TeamCity - foundeo/fixinator GitHub Wiki
Fixinator can be integrated into JetBrain's TeamCity CI/CD platform to scan your ColdFusion / CFML source code for security issues.
Add a Fixinator Build Step
In your TeamCity build setting for your project click on the Add Build Step button. Use the following configuration:
Runner Type: Command Line
Step Name: Fixinator Security Scan
Run: Custom Script
Custom Script:
echo "Running Fixinator!!!"
test -e ~/box || curl --location -o ~/box.zip https://www.ortussolutions.com/parent/download/commandbox/type/bin
test -e ~/box || apt-get install -y unzip
test -e ~/box || unzip ~/box.zip -d ~/
chmod a+x ~/box
~/box install fixinator
~/box fixinator path=. resultFile=./fixinator-results.xml resultFormat=junit failOnIssues=false
echo "##teamcity[importData type='junit' path='fixinator-results.xml']"
The above script was tested and verified to work on the TeamCity jetbrains/teamcity-minimal-agent:linux
agent. If you are running a Windows based agent slight modifications may need to be made.
Add Fixinator Environment Variables
Go to the Parameters section of the Build Settings, click on the Add new parameter button.
Name: CI
Kind: Environment Variable
Value: true
Click Save and then Add new parameter again.
Name: FIXINATOR_API_KEY
Kind: Environment Variable
Value: YOUR-API-KEY
Spec: Click Edit and Specify Type: Password
Click Save
If you are running the Fixinator Enterprise Edition with your own scanning server, then you can specify an additional environment variable FIXINATOR_API_URL
pointing to your fixinator enterprise server URL. If you do not specify the FIXINATOR_API_URL
the code will be scanned using the Fixinator Cloud Scanning Service API.