1. What Platforms & Technologies does VioFixer supports to?
2. Does it work as an on-premises or a cloud solution?
a. At present, VioFixer is offered as a hosted cloud solution, an on-premises model will be supported soon.
3. How frequently are VioFixer updates available with fixes for new vulnerabilities?
a. Scheduling of updates depends on the criticality of the fixes and the number of fixes available. We expect monthly or bimonthly updates during the initial stages and quarterly updates after that.
4. If the VioFixer system is accessing the code on my repository, what about the security of the application code?
a. We do not retain any of the customer code once the VioFixer process is done.
b. All credentials and source code repository URLs provided are encrypted.
c. Please note, we will also provide on-premises or standalone versions of VioFixer soon, if third-party access to your repository remains a concern.
5. Will I lose control of my code?
a. No. VioFixer provides the list of files that will be modified in fixing the issues. Users can review before accepting and committing the changes.
b. VioFixer also inserts comments into the code clearly identifying and explaining any changes made. Users can always restore the original code or apply a different fix manually.
c. Further, we will soon provide a fully customized mechanism to selectively choose lists of fixes and issues to fix and commit.
6. What if you screw up the code, and I need to rewrite it?
a. It will never happen, since we won’t update/commit the VioFixer modified code directly onto working branch.
b. Any changes you commit to the code can also be easily reviewed later, as VioFixer inserts comments explaining each fix.
7. On which technology is your stack built?
8. For which static analysis tool does VioFixer fix vulnerabilities?
a. Sonarqube and Fortify.
9. Will VioFixer help to fix vulnerabilities found in open source tools?
10. What is the best approach to handle technical problems with VioFixer?
a. Please contact us through email or customer support.
11. What exactly is VioFixer?
a. VioFixer is a security tool built with high intelligence to automatically fix the security vulnerabilities identified by Scanning solutions like Sonarqube and Fortify Static Code Analyzer (SCA).
12. Is VioFixer secure?
a. Yes. All communications between VioFixer and external tools/applications are performed via secured channels.
b. All information and data (including source code, repository, credentials, etc.) are maintained securely and deleted/cleaned up after usage.
c. We follow strict Privacy and Retention policies and guidelines with respect to our customer’s information or data.
13. Where can I buy licenses for VioFixer?
14. What are the advantages of
a. A cloud-hosted deployment avoids costs
associated with infrastructure, setup, and maintenance. It’s a
cost-efficient way to quickly and conveniently use VioFixer.
15. Can I run the VioFixer as a multi-user
16. Can I evaluate a product for free/trial
before purchasing it?
a. Yes. We offer a trial version for a limited period
for the purpose of evaluation.
17. How long is the trial period? Do I lose
all my data when this period expires?
a. Users are given two free scans that can be
used within a 15-day period as a trial.
b. After 15 days, this temporary trial
subscription will expire automatically.
c. Note: Beta Testers will have 90 days to use
VioFixer with unlimited scans, before VioFixer goes to market
18. Which repositories will VioFixer
a. Currently, VioFixer supports SaaS flavours of GIT
hosted by GitHub, Bitbucket and standalone installations.
19. How do VioFixer users get trained
on product and usage?
a. VioFixer comes with user guide
documentation. A short demo video inside the VioFixer application
also walks users through basic functions.
b. For any specific queries, please contact
our support team.
20. How can I request new product features
or report issues on VioFixer?
a. Please call our support team.
21. Who can use VioFixer
a. Any organization or individual has a requirement
to automatically correct code vulnerabilities.
22. How much time it takes to fixed
security vulnerability reported for my application?
a. It depends on the number of issues and size
of the application.
b. In general, it would take ~20 mins to fix
around 250 issues (includes Critical/High/Lows)
23. Which Code Security Standards does
a. VioFixer follows OWASP & NIST recommendations to fix
b. Viofixer follows all Code Security Standards of
its supporting technologies and takes into account the
recomendations provided by Sonarqube & Fortify.
24. Do you still have to perform security
test on our software if we use VioFixer?
a.VioFixer is designed to correct
vulnerabilities and provides a template fixer for the vulnerabilities.
These templates can be used as is or modified into a different version
based on the standards used by the user. The user must use and rely
on their own solution & process to validate the fixes.