Copy link to clipboard
Copied
We are seeing more and more requests for reporting on static code analysis with regards to security specifically. Since currently are running CF 2016 Standard Edition and the only way to utilize CF Builder's Security Analyzer feature is to have CF 2016 Enterprise (or a trial version of it which obviously expires). Very frustrating due to the importance of this feature and also the lack of other tools in the marketplace to do this for CF code bases.
Any chance we will see this in CF 2018 Standard Edition?
And I have pressed for this, including during the CF2018 beta cycle, and I was told directly just 2 weeks ago that the answer is still no, it will remain Enterprise (and Trial) only.
Like you, Mike, I find this to be maddening and quite sad. To me, security imperatives should absolutely trump profit motives.
/charlie
Copy link to clipboard
Copied
Sure, there's a chance. But my suspicion is that it's unlikely, and that asking here isn't going to make a difference one way or the other. Adobe has to have some product differentiation between Standard and Enterprise, and static code analysis is definitely an "enterprisey" feature. I know we all want more for less - I'm no different - but Adobe has to make a certain amount of money on CF for it to stay in the marketplace, and this is one way that happens.
Dave Watts, Fig Leaf Software
Copy link to clipboard
Copied
And I have pressed for this, including during the CF2018 beta cycle, and I was told directly just 2 weeks ago that the answer is still no, it will remain Enterprise (and Trial) only.
Like you, Mike, I find this to be maddening and quite sad. To me, security imperatives should absolutely trump profit motives.
/charlie
Copy link to clipboard
Copied
I would think that if Adobe really wanted to make money, they would license it separately so they could market it to non-Enterprise users. It's a nice feature, but not enough by itself to warrant upgrading.
I was just curious as to what's available and downloaded CFLint for the first time and had an HTML report generated in less than 5 minutes. (I checked other alternatives, but there's not much available that specifically supports ColdFusion.)