Skip to main content

Gitlab CI/CD

Prerequisites

The CIFUZZ_DOWNLOAD_TOKEN from downloads.code-intelligence.com has to be added as a CI/CD variable to the Gitlab project. It can be added in the projects' "Settings" under "CI/CD" -> "Variables".

For more details on what you can do with CI Fuzz and its outputs in your pipeline, check the general CI/CD-Setup page.

Example Pipeline

The following Gitlab CI/CD Pipeline shows an example of how you can run CI Fuzz in Gitlab CI/CD.

  • If you want to commit your findings to the repository, uncomment the "Commit findings to repository"-step and set the CI/CD variable ACCESS_TOKEN to a valid Gitlab access token.
stages:
  - test

fuzz:
  stage: test
  image: ubuntu:latest
  script:

      # Install dependecies
      # Adapt this if you are not running on a container with Debian-based distribution
    - sudo apt update
    - sudo apt install cmake clang llvm lcov rclone

      # Install CI Fuzz
    - sh -c "$(curl -fsSL http://downloads.code-intelligence.com/assets/install-cifuzz.sh)" ${CIFUZZ_DOWNLOAD_TOKEN} 3.15.0
    - cifuzz --version

      # Copy corpus from cloud storage
      # Needs configuration of rclone
    # - mkdir -p .cifuzz-corpus
    # - rclone copy -v cloud-storage:corpora/PROJECT_NAME .cifuzz-corpus

      # Run fuzzing
    - cifuzz run --interactive=false -v || true

      # Copy corpus to cloud storage
      # Needs configuration of rclone
    # - rclone copy -v .cifuzz-corpus cloud-storage:corpora/PROJECT_NAME

      # Calculate coverage
    - cifuzz coverage --format=html --output coverage_report --plain
    - cifuzz coverage --format=lcov --output lcov.info --plain

      # Findings overview
    - cifuzz findings --plain > findings.txt

      # Fail pipeline if findings are present
    - cifuzz run --interactive=false -v --engine-arg -runs=0

      # Commit findings to repository
    # - git config user.email "my-email@email.com"
    # - git config user.name "ci-bot"
    # - git remote add gitlab_origin https://oauth2:$ACCESS_TOKEN@gitlab.com/path-to-project.git
    # - git add .cifuzz-findings
    # - git commit -m "Automated commit of CI Fuzz findings"
    # - git push gitlab_origin HEAD:main -o ci.skip # prevent triggering pipeline again

  artifacts:
    paths:
      - coverage_report
      - lcov.info
      - findings.txt