Manage Findings

If CI Fuzz encountered Findings during a fuzzing run, you can access detailed information about them with the cifuzz finding command:

cifuzz finding [--options...] [<name>]

The <name> argument is the name of the Finding created during the fuzzing run, for example adventurous_otter. This argument is optional. If you specify a Finding, you can access details like the stack trace, the severity and a description that support you in fixing the issue.

Without a specified Finding, the command prints an overview of all Findings:

Example Finding Overview
➜ cifuzz finding
cifuzz version dev
Origin | Severity | Name            | Description          | Fuzz Test    | Location
Local  | 9.0      | objective_moose | heap buffer overflow | my_fuzz_test | src/explore_me.cpp:18:11
Local  | 2.0      | able_possum     | undefined behavior   | my_fuzz_test | src/explore_me.cpp:13:11

Options

The cifuzz finding command supports the following command specific options:

Flag	Description
`-f, --format <format>`	Output format of the Findings report: `plain`, `json` or `sarif` (default=`plain`). See Data Export for more information about how to use the SARIF format to generate Code Scanning reports
`--interactive`	Toggle interactive prompting in the terminal (default=`true`)
`--json`	Print output as JSON
`--project-dir <dir>`	The project root which is the parent for all the project sources Defaults to the directory containing the cifuzz.yaml

You can find all supported global options on the "Learn CI Fuzz" page.

Options​

Options