Clayton

Introducing Fix-Bot: automated fixes made easy

“Hey Clayton, how about fixing some code for me?”

With our latest innovation (we call it Fix-Bot), Clayton can now open pull requests with proposed fixes to resolve common errors and styling inconsistencies.

Watch your code transform into clean, optimised, and error-free perfection with a simple click.

Get new rules and policy updates automatically, and stay on top of the latest best practices.

Clayton helps you keep your developments consistent. Our managed updates will keep your standards up-to-date!

Illuminate your experience with Dark Mode

Immerse yourself in a captivating experience that is easy on the eyes and enhances your productivity, focus, and overall enjoyment.

With this release, we have also added the ability to choose your user avatar, making your experience with Clayton more engaging and unique.

Configure your own payloads on webhooks and integrate more easily with your other DevOps tools, such as Copado and many more.

Here are some juicy additions to our rule catalogue.

<a href="https://help.clayton.io/en/articles/8016201-avoid-using-http-referer-headers">HTTP Referer Headers detection</a>: HTTP Referer headers can be modified by attackers. Making a decision based on the value of the referer can be dangerous.

<a href="https://help.clayton.io/en/articles/8021507-avoid-inline-css-styles">Inline CSS Styles detection</a>: When using CSS style tags and attributes, the HTML parser switches to CDATA or raw text context, which is prone to code injection. For this reason, using inline CSS is considered unsafe and should be avoided.

<a href="https://help.clayton.io/en/articles/7888135-no-autocompletion-on-password-fields">Autocompletion on password fields</a>: Detect any password fields with autocompletion enabled. The user browser can save and remember the entered values for user input fields with autocomplete-enabled attributes. This might reveal sensitive information like passwords, especially on public and multi-user computers.

<a href="https://help.clayton.io/en/articles/7888150-no-insecure-cookies">No insecure cookies</a>: Make sure to allow only allow access to your application cookies through HTTPS. The <code>isSecure</code> attribute controls whether a cookie can only be accessed through HTTPS or not. By setting this attribute to false, sensitive cookies may be exposed if sent over an insecure connection.

- <a href="https://help.clayton.io/en/articles/8016201-avoid-using-http-referer-headers">HTTP Referer Headers detection</a>: HTTP Referer headers can be modified by attackers. Making a decision based on the value of the referer can be dangerous.
- <a href="https://help.clayton.io/en/articles/8021507-avoid-inline-css-styles">Inline CSS Styles detection</a>: When using CSS style tags and attributes, the HTML parser switches to CDATA or raw text context, which is prone to code injection. For this reason, using inline CSS is considered unsafe and should be avoided.
- <a href="https://help.clayton.io/en/articles/7888135-no-autocompletion-on-password-fields">Autocompletion on password fields</a>: Detect any password fields with autocompletion enabled. The user browser can save and remember the entered values for user input fields with autocomplete-enabled attributes. This might reveal sensitive information like passwords, especially on public and multi-user computers.
- <a href="https://help.clayton.io/en/articles/7888150-no-insecure-cookies">No insecure cookies</a>: Make sure to allow only allow access to your application cookies through HTTPS. The <code>isSecure</code> attribute controls whether a cookie can only be accessed through HTTPS or not. By setting this attribute to false, sensitive cookies may be exposed if sent over an insecure connection.

Introducing Fix-Bot: automated fixes made easy

“Hey Clayton, how about fixing some code for me?”

Managed updates

Illuminate your experience with Dark Mode

Custom Webhook Payloads

New Security Rules