Fixinator makes it easy to find and fix security vulnerabilities in your CFML / ColdFusion source code.

Try It!

Scan your code today!



Ideal for starting out

  • 1K Cloud Scan Req/mo
  • Cloud Based Scan API
  • Up to 2 Developers
  • -
  • -

Start Scanning



Great Value

  • 5K Cloud Scan Req/mo
  • Cloud Based Scan API
  • Up to 4 Developers
  • Ideal for CI/CD
  • -

Start Scanning


Best for Enterprise

  • 10K Cloud Scan Req/mo
  • Cloud Based Scan API
  • Up to 8 Developers
  • Ideal for CI/CD
  • Run Locally (Unlimited)

Start Scanning

Want to try it out before you buy? Request a Trial. Are you a Freelancer (1 employee company)? $24/month.

Each Scan Request can scan multiple files, details about how Fixinator works here. With the enterprise plan you can run the scanner on your own CFML server (Lucee 5+ or Adobe ColdFusion 2016+). For Starter and Fixer plans you cannot run scans locally, they are sent to the Fixinator Cloud Scan API for processing. All plans are billed annually.

Try Before Buy?

Try It

Have a Question?

Contact Us

Need a Quote?

Request a Quote

Fixinator + FuseGuard + HackMyCF =

Bundle Fixinator with other Security Products & Services from Foundeo Inc. for the best deal.

Starter Bundle


Great Savings

  • Fixinator Starter Plan
  • 1 FuseGuard Server License
  • HackMyCF Basic (2 servers/domains) Subscription

Start Scanning

Fixer Bundle


Powerful Security

  • Fixinator Fixer Plan
  • 4 FuseGuard Server License
  • HackMyCF Plus (6 servers/domains) Subscription

Start Scanning
Enterprise Bundle


Best for Enterprise

  • Fixinator Enterprise Plan
  • FuseGuard Enterprise License
  • HackMyCF Premium (12 servers/domains) Subscription

Start Scanning

Already a FuseGuard or HackMyCF customer? Contact Us for pricing.

Features you can get used to

Fixinator is a ColdFusion code security scanner that is both flexible and configurable. It doesn't matter what CFML engine (Adobe ColdFusion / Lucee), what CF edition (Enterprise / Standard), or what IDE you use. Fixinator can help you improve the security of your CFML apps by the end of the day.

Auto Fix

Auto fix can either automatically fix vulnerabilities or prompt you with suggested fixes.

Known Vulnerabilities

Fixinator can detect hundreds of known CFML, Java and JavaScript vulnerable libraries.

Continuous Integration

Fixinator can easily integrate into continuous integration pipelines (Jenkins, Travis CI, Github Actions, Bitbucket Pipelines, AWS Code Build, GitLab CI Jobs, etc.)

Vulnerable Code

Detect vulnerabilities within your source code. Fixinator is looking for things like SQL Injection, Remote Code Execution, Unsecured File Upload and more.


Toggle scanners, mute low confidence results, or only view high severity items. Ignored issues are ignored for all future scans.

Backdoor Detection

Identify known malicious CFML backdoors in your code or on your server.

Frequently Asked Questions

Here are some of the common questions we get about Fixinator, feel free to contact us with your questions.

Can Fixinator find unscoped variables for the searchImplicitScopes setting?

Yes, Fixinator can find and even help fix unscoped variables that would cause searchImplicitScopes=false to throw an exception. Read more about it here.

Is there a trial version?

Yes, you can request a trial api key here.

What kinds of security vulnerabilities can Fixinator find?

Fixinator can search through your CFML code to find several different types of security vulnerabilities such as: SQL Injection, Cross Site Scripting (XSS), Remote Code Execution, Path Traversals, Unsafe File Access or Upload, Weak Hash or Encryption algorithms, Unsafe Application Settings, and many more.

Your best bet is to just give it a try on your code, and see what it can find.

Can Fixinator run every time I commit code / in CI?

You bet! Fixinator was made for running in continuous integration pipelines!

It can run on any CI platform, but we've already written guides for 9 of the most popular ones including Github Actions, Bitbucket Pipelines, Gitlab Pipelines and more. See our Continuous Integration Guide for step by step instructions.

Does Fixinator run or execute my source code?

No, Fixinator is a static code analysis tool. It reads, but does not execute your ColdFusion or CFML source code.

How many files can I scan with the Starter plan?

The Starter plan gives you 1000 Cloud Scan Requests per month. Each scan request can contain about 35 files, so the maximum number of files you could scan per month is 35,000. This should be plenty for most, but if you have a large code base, more than two developers, or plan to scan frequently in a continuous integration pipeline, then you may be better off with the Fixer or Enterprise plan.

Can I pay month to month and cancel any time?

Yes, you can pay month to month and cancel any time. When you add Fixinator to your cart it will default to the annual payment, but you can click switch it monthly on the cart page.

Does the code scan require an internet connection?

No, the enterprise version can run fully locally, and fully air gapped from the internet.

The Starter or Fixer plans do require an internet connection to scan code. The Starter / Fixer plans make use of our Cloud Scanning Server which performs the code scan on our servers. The code resides in memory only, and is not stored to disk during the scan. Learn more about how Fixinator works here.

Continuous CFML security awaits!

Signup   Getting Started Guide

We questions!