Below are the results to date for the 2022 State of the CF Union survey. This is the seventh part of the Survey, about how you deploy, host, containizer, build and secure your CF apps.
If you want to see the other 7 parts, just click on the part below.
1. Server Environment | 2. Your Environment | 3. Frameworks and Methodology | 4. Tools | 5. Your Programming Background | 6. ColdFusion Community | 7. Deployment | 8. Wrap up
Contents
- 7. Deployment
- 35. What types of DEVELOPMENT setups do you use? (Check all that apply)*
- 36. What types of PRODUCTION deployments do you use? (Check all that apply)*
- 37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)*
- 38. What Docker Image(s) are you using, if applicable? (Check all that apply)
- 39. What deployment/build tools do you use? (Check all that apply)*
- 40. What monitoring tools are you using? (Check all that apply)*
- 41. How do you lock down your servers for security? (Check all that apply)*
- 42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)*
- 43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)*
7. Deployment
35. What types of DEVELOPMENT setups do you use? (Check all that apply)*
Others
| 1 Coldfusion instance per developer |
| Learning docker, commandBox, etc. need more |
| A shared staging web server used by all devs, with a shared staging DB server (3 environments - dev, stage, prod) |
| Kubernetes |
| Remote Desktop to client's dev environment server |
| custom built tools integrated with github enterprise |
| local development, testing, then transfert to the server. |
| We are trying Docker right now |
36. What types of PRODUCTION deployments do you use? (Check all that apply)*
Others
| Shared hosting for external CF sites, own installations on VMs in LAN for internal sites and applications. |
| We use Azure VM’s and services |
| Cloud |
| Azure vm deployments with custom code |
| DeployHQ |
| CommandBox |
| DeployHQ |
| Kubernetes w/ containers |
| Just file move from UAT to prod |
| Gcp |
| N/A |
| Not sure, I don't handle that stuff much. |
37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)*
Others
| LuceePlanet.com |
| We use our own servers. |
| Self Hosted |
| Godaddy |
| Ntirety |
| None |
| Host Meida |
| self-hosted |
| Hetzner |
| Luceeplanet |
| Ntirety |
| Hetzner |
| site4u.nl |
| Liquid web |
| elmec |
| Luceeplanet.com |
| Hetzner |
| Jenkins |
| None |
| Hostmedia |
| Glesys.se |
| Oracle Cloud |
| Oracle Cloud |
| Transip vps |
38. What Docker Image(s) are you using, if applicable? (Check all that apply)
Others
| just starting this journey... undecided |
| None |
| none |
| None |
| None |
| NA |
| We are just starting with containers |
| minibox |
| None |
| None |
| None |
| Don't use docker. |
| None |
| None |
| None |
| no docker |
| None |
| Docker is evil. |
| n/a |
| none |
| None |
| none |
| Don't use docker |
39. What deployment/build tools do you use? (Check all that apply)*
Others
| automated git pulls |
| Git Hooks |
| buddy.works |
| Sourcetree, not built for this, but we make it work, kind of... |
| None internally, Hostek auto-deployment from GitHub externally. |
| FileZilla |
| I need to start using automation |
| octopus |
| Bamboo |
| DeployHQ |
| Custom scripts that push from dev to prod |
| Bamboo |
| DeployHQ |
| Hostek custom hooks from git repos |
| Bamboo |
| Capistrano |
| Buddy.works |
| rsync |
| Yarn |
| Shell scripts |
| CodeShip |
| Bamboo |
| Gitea |
| Buddy |
| custom scripts |
40. What monitoring tools are you using? (Check all that apply)*
Others
| Uptime Doctor |
| Custom |
| Zabbix, ELK + Grafana, Sentry |
| Not sure |
| Don't know |
| Elasticsearch |
| Zabbix |
| Sentry |
| nagios, zabbix, icing |
| Cross-monitoring |
| Lucee |
| Pingdom.com / freshping |
| Rollbar |
| idk ops does monitoring |
| Host does |
| Sentry |
| BeyondUptime |
| Pingdom |
| Uptime Robot |
| ELK, Prometheus, Grafana |
| Sentry and Uptime Robot |
| Sentry |
| host monitors |
| Gcp |
| Don't know |
41. How do you lock down your servers for security? (Check all that apply)*
Others
| firewall; web server path restrictions |
| OWASP |
| Internal only |
| Handle by other team |
| Dont understand the question |
| DoD STIGs |
| DISA STIGs |
| Pete Freitag guide |
| fuseguard, local scripts and STIG applications along with boundary protection on our FW |
| not sure |
| Don't know |
| DISA |
| Aws WAF |
| Actually I need to check that |
42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)*
Others
| Lucee still has unpatched RCEs (june 2022) |
| Word press on server let them in |
| No- but. Not at all pleased with Adobe's speed of updates esp Log4j 1.x |
| Log4j |
| Lucee admin hack |
| Not knowingly |
| Windows exploited |
| Not that I'm aware of |
| out of date version - who likes to upgrade? Put it off as long as possible |
| windows 2008 R2 server, I do not know how. |
43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)*
Others
| No, but I want to, don't I? Should I? We are researching options to reduce spend and improve release SOP |
| Will consider |
| Node |
| maybe |
| Not sure |
| Uncertain |
| no sure |
| Possibly, we use it outside of CF already |
| Lambda with Node |
| Quite possibly. I was just made aware of this option. |
| Have used it for years, but not running CFML on it |
| Yes, but not with CFML |
| Se use AWS Lambda directly with Node.js and integrate its API with CF |
| Node.js Lambda on AWS |
| Not my call. I don't know if that's a plan for some clients or not. |
| Lambda with Node.js |
| No I wasn't aware of it so not planning to yet. |
| No, but it may be planned in middle terms |
| It's on our radar as a possibility but nothing planned |
| Would like more info on this |
| never heard of it |
Previous: 6. ColdFusion Community
Michaela Light is the host of the CF Alive Podcast and has interviewed more than 100 ColdFusion experts. In each interview, she asks "What Would It Take to make CF more alive this year?" The answers still inspire her to continue to write and interview new speakers.
Michaela has been programming in ColdFusion for more than 20 years. She founded TeraTech in 1989. The company specializes in ColdFusion application development, security and optimization. She has also founded the CFUnited Conference and runs the annual State of the CF Union Survey.
Related Posts
074 Planning for CFML ISP disaster (Commandbox and Docker to the rescue) with Mark Drew – Transcript- 021 Behind the Scenes at CFObjective, with Steven Hauer – Transcript
- Cold Depression and ColdFusion
- What are CFers learning in 2022?
- 027 State of CF Union Survey 2017 pt.2, with Brad Wood
- 075 Breaking out of your ColdFusion comfort zone (How to make CF mainstream) with Igor Ilyinsky – Transcript
