Skip to main content

CI Fuzz

CI Fuzz is command line tool for creating Fuzz Tests. CI Fuzz enables developers to identify bugs and vulnerabilities early in the testing process. It connects to the source code and analyzes code when executed, unlike static analysis tools (SAST). This ensures zero false positives - every flagged issue represents an actual bug in the running code.

All uncovered bugs are pinpointed to the exact line of code in the repository and accompanied by inputs that triggered an issue and clear actions to remediate those. So you can quickly identify the root cause, start fixing them, and release features faster.

CI Fuzz runs locally and can exchange information about Findings with CI Sense.

Features

  • Easily setup, create, and run Fuzz Tests
  • Generate coverage reports that can be integrated in your IDE
  • Supports multiple programming languages and build systems

Languages and build systems

CI Fuzz directly supports the following language and build system combinations:

  • C/C++ - CMake, Bazel
  • Java - Maven, Gradle
  • Javascript/Typescript - NodeJS

CI Fuzz also provides general support for other C/C++ build systems, like Make.