Thanks to the new commandbox vscode extension, it is now really easy to scan your CFML code for security issues from VS Code with Fixinator:
Here's how:
- Setup Fixinator & CommandBox
- Install the VS Code commandbox extension
- Add or update your
box.jsonfile to have ascriptsentry (see below). - Click the Run button under CommandBox Scripts
Here's an example: box.json
{
"name":"fixinator-demo",
"scripts": {
"fixinator" : "fixinator severity=high"
}
}
You can see I am passing severity=high there, you can customize with whatever fixinator arguments you need.