Manage Findings
If CI Fuzz encountered Findings during a fuzzing run, you can access detailed information about them with
the cifuzz finding
command:
cifuzz finding [--options...] [<name>]
The <name>
argument is the name of the Finding created during the fuzzing run, for example adventurous_otter
.
This argument is optional. If you specify a Finding, you can access details like the stack trace, the severity and a
description that support you in fixing the issue.
Without a specified Finding, the command prints an overview of all Findings:
Example Finding Overview
➜ cifuzz finding
cifuzz version dev
Origin | Severity | Name | Description | Fuzz Test | Location
Local | 9.0 | objective_moose | heap buffer overflow | my_fuzz_test | src/explore_me.cpp:18:11
Local | 2.0 | able_possum | undefined behavior | my_fuzz_test | src/explore_me.cpp:13:11
Options
The cifuzz finding
command supports the following command specific options:
Flag | Description |
---|---|
-f, --format <format> | Output format of the Findings report: plain , json or sarif (default=plain ). See Data Export for more information about how to use the SARIF format to generate Code Scanning reports |
--interactive | Toggle interactive prompting in the terminal (default=true ) |
--json | Print output as JSON |
--project-dir <dir> | The project root which is the parent for all the project sources Defaults to the directory containing the cifuzz.yaml |
You can find all supported global options on the "Learn CI Fuzz" page.