Skip to main content

GitLab CI/CD

Prerequisites

Add the CIFUZZ_DOWNLOAD_TOKEN from downloads.code-intelligence.com as a CI/CD variable to the GitLab project via "Settings" -> "CI/CD" -> "Variables" to access it in the actions.

For more details on what you can do with CI Fuzz and its outputs in your pipeline, check the general CI/CD-Setup page.

Example pipeline

The following GitLab CI/CD Pipeline shows an example of how you can run CI Fuzz in GitLab CI/CD.

  • If you want to commit your Findings to the repository, uncomment the "Commit Findings to repository"-step and set the CI/CD variable ACCESS_TOKEN to a valid GitLab access token.
stages:
- test

fuzz:
stage: test
image: ubuntu:latest
script:

# Install dependecies
# Adapt this if you are not running on a container with Debian-based distribution
- sudo apt update
- sudo apt install cmake clang llvm lcov rclone

# Install CI Fuzz
- sh -c "$(curl -fsSL http://downloads.code-intelligence.com/assets/install-cifuzz.sh)" ${CIFUZZ_DOWNLOAD_TOKEN} 3.15.0
- cifuzz --version

# Copy corpus from cloud storage
# Needs rclone configuration setup
# - mkdir -p .cifuzz-corpus
# - rclone copy -v cloud-storage:corpora/PROJECT_NAME .cifuzz-corpus

# Run fuzzing
- cifuzz run -v --interactive=false || true

# Copy corpus to cloud storage
# Needs rclone configuration setup
# - rclone copy -v .cifuzz-corpus cloud-storage:corpora/PROJECT_NAME

# Calculate coverage
- cifuzz coverage --format=html --output coverage_report --plain
- cifuzz coverage --format=lcov --output lcov.info --plain

# Findings overview
- cifuzz findings --plain > findings.txt

# Fail pipeline if Findings are present
- cifuzz findings --fail

# Commit Findings to repository
# - git config user.email "my-email@email.com"
# - git config user.name "ci-bot"
# - git remote add gitlab_origin https://oauth2:$ACCESS_TOKEN@gitlab.com/path-to-project.git
# - git add .cifuzz-findings
# - git commit -m "Automated commit of CI Fuzz Findings"
# - git push gitlab_origin HEAD:main -o ci.skip # prevent triggering pipeline again

artifacts:
paths:
- coverage_report
- lcov.info
- findings.txt