Ideal for starting out
Great Value
Best for Enterprise
Want to try it out before you buy? Request a Trial. Are you a Freelancer (1 employee company)? $24/month.
Each Scan Request can scan multiple files, details about how Fixinator works here. With the enterprise plan you can run the scanner on your own CFML server (Lucee 5+ or Adobe ColdFusion 2016+). For Starter and Fixer plans you cannot run scans locally, they are sent to the Fixinator Cloud Scan API for processing. All plans are billed annually.
Bundle Fixinator with other Security Products & Services from Foundeo Inc. for the best deal.
Great Savings
Powerful Security
Best for Enterprise
Already a FuseGuard or HackMyCF customer? Contact Us for pricing.
Fixinator is a ColdFusion code security scanner that is both flexible and configurable. It doesn't matter what CFML engine (Adobe ColdFusion / Lucee), what CF edition (Enterprise / Standard), or what IDE you use. Fixinator can help you improve the security of your CFML apps by the end of the day.
Auto fix can either automatically fix vulnerabilities or prompt you with suggested fixes.
Fixinator can detect hundreds of known CFML, Java and JavaScript vulnerable libraries.
Fixinator can easily integrate into continuous integration pipelines (Jenkins, Travis CI, Github Actions, Bitbucket Pipelines, AWS Code Build, GitLab CI Jobs, etc.)
Detect vulnerabilities within your source code. Fixinator is looking for things like SQL Injection, Remote Code Execution, Unsecured File Upload and more.
Toggle scanners, mute low confidence results, or only view high severity items. Ignored issues are ignored for all future scans.
Identify known malicious CFML backdoors in your code or on your server.
Here are some of the common questions we get about Fixinator, feel free to contact us with your questions.
Yes, Fixinator can find and even help fix unscoped variables that would cause searchImplicitScopes=false to throw an exception. Read more about it here.
Yes, you can request a trial api key here.
Fixinator can search through your CFML code to find several different types of security vulnerabilities such as: SQL Injection, Cross Site Scripting (XSS), Remote Code Execution, Path Traversals, Unsafe File Access or Upload, Weak Hash or Encryption algorithms, Unsafe Application Settings, and many more.
Your best bet is to just give it a try on your code, and see what it can find.
You bet! Fixinator was made for running in continuous integration pipelines!
It can run on any CI platform, but we've already written guides for 9 of the most popular ones including Github Actions, Bitbucket Pipelines, Gitlab Pipelines and more.
See our Continuous Integration Guide for step by step instructions.
No, Fixinator is a static code analysis tool. It reads, but does not execute your ColdFusion or CFML source code.
The Starter plan gives you 1000 Cloud Scan Requests per month. Each scan request can contain about 35 files, so the maximum number of files you could scan per month is 35,000. This should be plenty for most, but if you have a large code base, more than two developers, or plan to scan frequently in a continuous integration pipeline, then you may be better off with the Fixer or Enterprise plan.
Yes, you can pay month to month and cancel any time. When you add Fixinator to your cart it will default to the annual payment, but you can click switch it monthly on the cart page.
No, the enterprise version can run fully locally, and fully air gapped from the internet.
The Starter or Fixer plans do require an internet connection to scan code. The Starter / Fixer plans make use of our Cloud Scanning Server which performs the code scan on our servers. The code resides in memory only, and is not stored to disk during the scan. Learn more about how Fixinator works here.