Below are the results to date for the 2022 State of the CF Union survey. This is the seventh part of the Survey, about how you deploy, host, containizer, build and secure your CF apps.
For those of you who don't have time to read it now, here is a link to Download the PDF and read it later.
If you want to see the other 7 parts, just click on the section below.
1. Server Environment | 2. Your Environment | 3. Frameworks and Methodology | 4. Tools | 5. Your Programming Background | 6. ColdFusion Community | 7. Deployment | 8. Wrap up
Contents
- 7. Deployment
- 35. What types of DEVELOPMENT setups do you use? (Check all that apply)
- 36. What types of PRODUCTION deployments do you use? (Check all that apply)
- 37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
- 38. What Docker Image(s) are you using, if applicable? (Check all that apply)
- 39. What deployment/build tools do you use? (Check all that apply)
- 40. What monitoring tools are you using? (Check all that apply)
- 41. How do you lock down your servers for security? (Check all that apply)
- 42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
- 43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
7. Deployment
35. What types of DEVELOPMENT setups do you use? (Check all that apply)
Others
| We are trying Docker right now |
| local development, testing, then transfert to the server. |
| custom built tools integrated with github enterprise |
| Remote Desktop to client's dev environment server |
| Kubernetes |
| A shared staging web server used by all devs, with a shared staging DB server (3 environments - dev, stage, prod) |
| Learning docker, commandBox, etc. need more |
| 1 Coldfusion instance per developer |
| None - don't say it. Yes, I know. But every line of code is mine so I usually get away with this. |
| ... yes, I know, but all the code is mine, so I can usually get away with this. |
36. What types of PRODUCTION deployments do you use? (Check all that apply)
Others
| Not sure, I don't handle that stuff much. |
| N/A |
| Gcp |
| Just file move from UAT to prod |
| Kubernetes w/ containers |
| DeployHQ |
| CommandBox |
| DeployHQ |
| Azure vm deployments with custom code |
| Cloud |
| We use Azure VM’s and services |
| Shared hosting for external CF sites, own installations on VMs in LAN for internal sites and applications. |
| GIT |
37. What hosting services do you use for your PRODUCTION deployments? (Check all that apply)
Others
| CONTABO |
| Local Datacenter |
| Swiss services |
| IBM Cloud |
| https://www.weareha.co.uk/ |
| my own server hosted. |
| LuceePlanet |
| Handy Networks |
| netcup, hetzner |
| Colo with VMs. |
| LiquidWeb |
| Google cloud |
| N/A |
| Hurricane Electric |
| NewTek |
| NewTek |
| Gcp |
| Local hosting company (internex.at) |
| Ntirety |
| ovh |
| IBM |
| Local datacentre |
| Godaddy |
| Herzberg vm |
38. What Docker Image(s) are you using, if applicable? (Check all that apply)
Others
| Don't use docker |
| none |
| None |
| none |
| n/a |
| Docker is evil. |
| None |
| no docker |
| None |
| None |
| None |
| Don't use docker. |
| None |
| None |
| None |
| minibox |
| We are just starting with containers |
| NA |
| None |
| None |
| none |
| None |
| just starting this journey... undecided |
| don't know - sorry |
| idk |
39. What deployment/build tools do you use? (Check all that apply)
Others
| Powershell |
| Capistrano |
| Self made deployment |
| deploybot |
| Docker Build |
| Maven, gradle |
| git push |
| Webpack |
| Don't know |
| Rsync |
| Custom git script called from Coldfusion page |
| custom scripts |
| Buddy |
| Gitea |
| Bamboo |
| CodeShip |
| Shell scripts |
| Yarn |
| rsync |
| Buddy.works |
| Capistrano |
| Bamboo |
| Hostek custom hooks from git repos |
| DeployHQ |
| Bamboo |
40. What monitoring tools are you using? (Check all that apply)
Others
| Grafana, Azure Log Analytics |
| Sentry |
| DigitalOcean monitors |
| Unknown |
| Appdynamics |
| PRTG |
| Lumigo |
| Depends |
| SolarWinds |
| PRTG |
| Don't know |
| Gcp |
| host monitors |
| Sentry |
| Sentry and Uptime Robot |
| ELK, Prometheus, Grafana |
| Uptime Robot |
| Pingdom |
| BeyondUptime |
| Sentry |
| Host does |
| idk ops does monitoring |
| Rollbar |
| Pingdom.com / freshping |
| Lucee |
41. How do you lock down your servers for security? (Check all that apply)
Others
| Actually I need to check that |
| Aws WAF |
| DISA |
| Don't know |
| not sure |
| fuseguard, local scripts and STIG applications along with boundary protection on our FW |
| Pete Freitag guide |
| DISA STIGs |
| DoD STIGs |
| Dont understand the question |
| Handle by other team |
| Internal only |
| OWASP |
| firewall; web server path restrictions |
| Managed by another team - I don't know |
| Combination lock down guides and CF Best practices. |
| Not sure |
| It is not my duty, I don't know |
| At least I didn't check "What's security?", Lol. |
42. Have your CF servers suffered from a hacking exploit in the last 2 years due to a CF-based vector? (Remember, this is anonymous) (Check all that apply)
Others
| windows 2008 R2 server, I do not know how. |
| out of date version - who likes to upgrade? Put it off as long as possible |
| Not that I'm aware of |
| Windows exploited |
| Not knowingly |
| Lucee admin hack |
| Log4j |
| No- but. Not at all pleased with Adobe's speed of updates esp Log4j 1.x |
| Word press on server let them in |
| Lucee still has unpatched RCEs (june 2022) |
| Not sure |
| I ensure that our CF installations are up to date and I code for secure pages. Have never been hacked via ColdFusion. Hope I didn't just jinx my company by saying that. |
43. Are you using or planning to use AWS Lambda (serverless) (Check all that apply)
Others
| never heard of it |
| Would like more info on this |
| It's on our radar as a possibility but nothing planned |
| No, but it may be planned in middle terms |
| No I wasn't aware of it so not planning to yet. |
| Lambda with Node.js |
| Not my call. I don't know if that's a plan for some clients or not. |
| Node.js Lambda on AWS |
| Se use AWS Lambda directly with Node.js and integrate its API with CF |
| Yes, but not with CFML |
| Have used it for years, but not running CFML on it |
| Quite possibly. I was just made aware of this option. |
| Lambda with Node |
| Possibly, we use it outside of CF already |
| no sure |
| Uncertain |
| Not sure |
| maybe |
| Node |
| Will consider |
| No, but I want to, don't I? Should I? We are researching options to reduce spend and improve release SOP |
| Managed by another team - I don't know |
| Not sure |
Previous: 6. ColdFusion Community
Michaela Light is the host of the CF Alive Podcast and has interviewed more than 100 ColdFusion experts. In each interview, she asks "What Would It Take to make CF more alive this year?" The answers still inspire her to continue to write and interview new speakers.
Michaela has been programming in ColdFusion for more than 20 years. She founded TeraTech in 1989. The company specializes in ColdFusion application development, security and optimization. She has also founded the CFUnited Conference and runs the annual State of the CF Union Survey.
