Below are the results to date for the 2022 State of the CF Union survey. This is the seventh part of the Survey, about how you deploy, host, containizer, build and secure your CF apps.
For those of you who don't have time to read it now, here is a link to Download the PDF and read it later.
If you want to see the other 7 parts, just click on the section below.
1. Server Environment | 2. Your Environment | 3. Frameworks and Methodology | 4. Tools | 5. Your Programming Background | 6. ColdFusion Community | 7. Deployment | 8. Wrap up
Contents
- 7. Deployment
- 35. What types of DEVELOPMENT setups do you use? (Check all that apply)
- 36. What types of PRODUCTION deployments do you use? (Check all that apply)
- 37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
- 38. What Docker Image(s) are you using, if applicable? (Check all that apply)
- 39. What deployment/build tools do you use? (Check all that apply)
- 40. What monitoring tools are you using? (Check all that apply)
- 41. How do you lock down your servers for security? (Check all that apply)
- 42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
- 43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
7. Deployment
35. What types of DEVELOPMENT setups do you use? (Check all that apply)
Others
... yes, I know, but all the code is mine, so I can usually get away with this. |
None - don't say it. Yes, I know. But every line of code is mine so I usually get away with this. |
1 Coldfusion instance per developer |
Learning docker, commandBox, etc. need more |
A shared staging web server used by all devs, with a shared staging DB server (3 environments - dev, stage, prod) |
Kubernetes |
Remote Desktop to client's dev environment server |
custom built tools integrated with github enterprise |
local development, testing, then transfert to the server. |
We are trying Docker right now |
36. What types of PRODUCTION deployments do you use? (Check all that apply)
Others
GIT |
Shared hosting for external CF sites, own installations on VMs in LAN for internal sites and applications. |
We use Azure VM’s and services |
Cloud |
Azure vm deployments with custom code |
DeployHQ |
CommandBox |
DeployHQ |
Kubernetes w/ containers |
Just file move from UAT to prod |
Gcp |
N/A |
Not sure, I don't handle that stuff much. |
37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
Others
Ntirety (was HostMySite, sold to Hosting.com, sold to Ntirety). Hostek will be my choice if the CF knowledge at Ntirety continues to drop. |
Started at HostMySite, who sold to Hosting.com, who sold to Ntirety. Hostek will be my next (and only) move. Ntirety is sadly losing support knowledge on ColdFusion. |
biznet |
LuceePlanet.com |
We use our own servers. |
Self Hosted |
Godaddy |
Ntirety |
None |
Host Meida |
self-hosted |
Hetzner |
Luceeplanet |
Ntirety |
Hetzner |
site4u.nl |
Liquid web |
elmec |
Luceeplanet.com |
Hetzner |
Jenkins |
None |
Hostmedia |
Glesys.se |
38. What Docker Image(s) are you using, if applicable? (Check all that apply)
Others
Not sure what that is. |
idk |
don't know - sorry |
just starting this journey... undecided |
None |
none |
None |
None |
NA |
We are just starting with containers |
minibox |
None |
None |
None |
Don't use docker. |
None |
None |
None |
no docker |
None |
Docker is evil. |
n/a |
none |
None |
none |
39. What deployment/build tools do you use? (Check all that apply)
Others
rsync |
Deploybot |
automated git pulls |
Git Hooks |
buddy.works |
Sourcetree, not built for this, but we make it work, kind of... |
None internally, Hostek auto-deployment from GitHub externally. |
FileZilla |
I need to start using automation |
octopus |
Bamboo |
DeployHQ |
Custom scripts that push from dev to prod |
Bamboo |
DeployHQ |
Hostek custom hooks from git repos |
Bamboo |
Capistrano |
Buddy.works |
rsync |
Yarn |
Shell scripts |
CodeShip |
Bamboo |
Gitea |
40. What monitoring tools are you using? (Check all that apply)
Others
It is not my duty, I don't know |
Not sure |
We do, but I have not specifically |
Homegrown - Logparser with Grafana and ipsentry |
Managed by another team - I don't know |
Uptime Doctor |
Custom |
Zabbix, ELK + Grafana, Sentry |
Not sure |
Don't know |
Elasticsearch |
Zabbix |
Sentry |
nagios, zabbix, icing |
Cross-monitoring |
Lucee |
Pingdom.com / freshping |
Rollbar |
idk ops does monitoring |
Host does |
Sentry |
BeyondUptime |
Pingdom |
Uptime Robot |
ELK, Prometheus, Grafana |
41. How do you lock down your servers for security? (Check all that apply)
Others
At least I didn't check "What's security?", Lol. |
It is not my duty, I don't know |
Not sure |
Combination lock down guides and CF Best practices. |
Managed by another team - I don't know |
firewall; web server path restrictions |
OWASP |
Internal only |
Handle by other team |
Dont understand the question |
DoD STIGs |
DISA STIGs |
Pete Freitag guide |
fuseguard, local scripts and STIG applications along with boundary protection on our FW |
not sure |
Don't know |
DISA |
Aws WAF |
Actually I need to check that |
42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
Others
I ensure that our CF installations are up to date and I code for secure pages. Have never been hacked via ColdFusion. Hope I didn't just jinx my company by saying that. |
Not sure |
Lucee still has unpatched RCEs (june 2022) |
Word press on server let them in |
No- but. Not at all pleased with Adobe's speed of updates esp Log4j 1.x |
Log4j |
Lucee admin hack |
Not knowingly |
Windows exploited |
Not that I'm aware of |
out of date version - who likes to upgrade? Put it off as long as possible |
windows 2008 R2 server, I do not know how. |
43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
Others
Not sure |
Managed by another team - I don't know |
No, but I want to, don't I? Should I? We are researching options to reduce spend and improve release SOP |
Will consider |
Node |
maybe |
Not sure |
Uncertain |
no sure |
Possibly, we use it outside of CF already |
Lambda with Node |
Quite possibly. I was just made aware of this option. |
Have used it for years, but not running CFML on it |
Yes, but not with CFML |
Se use AWS Lambda directly with Node.js and integrate its API with CF |
Node.js Lambda on AWS |
Not my call. I don't know if that's a plan for some clients or not. |
Lambda with Node.js |
No I wasn't aware of it so not planning to yet. |
No, but it may be planned in middle terms |
It's on our radar as a possibility but nothing planned |
Would like more info on this |
never heard of it |
Previous: 6. ColdFusion Community
Michaela Light is the host of the CF Alive Podcast and has interviewed more than 100 ColdFusion experts. In each interview, she asks "What Would It Take to make CF more alive this year?" The answers still inspire her to continue to write and interview new speakers.
Michaela has been programming in ColdFusion for more than 20 years. She founded TeraTech in 1989. The company specializes in ColdFusion application development, security and optimization. She has also founded the CFUnited Conference and runs the annual State of the CF Union Survey.