Gitlab CI/CD
Prerequisites
The CIFUZZ_DOWNLOAD_TOKEN
from downloads.code-intelligence.com has to be added as a CI/CD variable to the Gitlab project. It can be added in the projects' "Settings" under "CI/CD" -> "Variables".
For more details on what you can do with CI Fuzz and its outputs in your pipeline, check the general CI/CD-Setup page.
Example Pipeline
The following Gitlab CI/CD Pipeline shows an example of how you can run CI Fuzz in Gitlab CI/CD.
- If you want to commit your findings to the repository, uncomment the "Commit findings to repository"-step and set the CI/CD variable
ACCESS_TOKEN
to a valid Gitlab access token.
stages:
- test
fuzz:
stage: test
image: ubuntu:latest
script:
# Install dependecies
# Adapt this if you are not running on a container with Debian-based distribution
- sudo apt update
- sudo apt install cmake clang llvm lcov rclone
# Install CI Fuzz
- sh -c "$(curl -fsSL http://downloads.code-intelligence.com/assets/install-cifuzz.sh)" ${CIFUZZ_DOWNLOAD_TOKEN} 3.15.0
- cifuzz --version
# Copy corpus from cloud storage
# Needs configuration of rclone
# - mkdir -p .cifuzz-corpus
# - rclone copy -v cloud-storage:corpora/PROJECT_NAME .cifuzz-corpus
# Run fuzzing
- cifuzz run --interactive=false -v || true
# Copy corpus to cloud storage
# Needs configuration of rclone
# - rclone copy -v .cifuzz-corpus cloud-storage:corpora/PROJECT_NAME
# Calculate coverage
- cifuzz coverage --format=html --output coverage_report --plain
- cifuzz coverage --format=lcov --output lcov.info --plain
# Findings overview
- cifuzz findings --plain > findings.txt
# Fail pipeline if findings are present
- cifuzz run --interactive=false -v --engine-arg -runs=0
# Commit findings to repository
# - git config user.email "my-email@email.com"
# - git config user.name "ci-bot"
# - git remote add gitlab_origin https://oauth2:$ACCESS_TOKEN@gitlab.com/path-to-project.git
# - git add .cifuzz-findings
# - git commit -m "Automated commit of CI Fuzz findings"
# - git push gitlab_origin HEAD:main -o ci.skip # prevent triggering pipeline again
artifacts:
paths:
- coverage_report
- lcov.info
- findings.txt