Your ColdFusion applications must meet specific compilation requirements before you can submit them for scanning.
See Supported Languages and Platforms for instructions for other platforms.
- All binary executables
- All required libraries
- The complete debug information for the application
Supported ColdFusion Versions
|ColdFusion||Deployed as Java||7–11, 2016||7–11, 2016 (
Veracode analyzes ColdFusion applications you compile into Java. To prepare your application:
- Compile the ColdFusion code into Java.
- Build a Java Web Archive (WAR) file for uploading to Veracode.
To compile your application CFML files to Java classfiles, use the
cfcompile utility with the
-deploy option. On Windows, you can usually find this utility installed in
c:\coldfusion9\bin. This sample command line compiles a ColdFusion application to Java:
"c:\coldfusion8\bin\cfcompile" -deploy c:\mycfwebroot c:\mycfapp c:\mycfappbin
This sample command compiles all CFML files in
c:mycfapp and places them in
cfcompile utility may not correctly process application pathnames with spaces. For this step to succeed, you may have to rename your application path without spaces.
Building the compiled ColdFusion application into a WAR file ensures that Veracode has the proper context for analyzing your application. To build a WAR file for deployment on an application server:
- Log in to ColdFusion Administrator.
- Choose Packaging and Deployment > J2EE Archives.
- Add a new archive of type WAR. The application directory is the location of the compiled application, for example:
- Place the finished WAR archive in the distribution directory.
- Add any related data sources.
- Clear the Include CFML Source checkbox.
- Clear the Include CF Administratorcheckbox.
- Clear the Disable Debugging checkbox.
Submit and wait for the WAR packaging to complete.
The resulting WAR file might be large, at least 100 MB.
Upload the resulting WAR file to Veracode.