Skip to main content

Bundle / remote run

The cifuzz remote-run command builds fuzz tests, packages all runtime artifacts into a bundle, and uploads that to a remote CI Fuzz server to start a remote fuzzing run. This section covers the components of the remote-run command that are necessary to make it work with your CI Fuzz installation.


Requirements

These are the items that you need to specify to use cifuzz remote-run with CI Fuzz in a CI/CD pipeline.

cifuzz.yaml

The project must have a cifuzz.yaml (created from cifuzz init) with the appropriate build-system files modified. See how to initialize a project for details on how to do that.

cifuzz.yaml should have the correct build-system set, for example CMake or Bazel. If the build-system is other, you need to specify a build-command. You can either set this in cifuzz.yaml or pass a command line argument using the --build-command flag of remote-run.

Docker image

The bundle requires a docker image to run on CI Fuzz. The default image is "ubuntu:rolling", but you can also specify your own image by using the --docker-image flag. The docker image you specify should contain the necessary runtime libraries.

Project

Specify the project, otherwise cifuzz prompts for it. It's expected that the project was already created on the remote server. Creating a project from scratch using the cifuzz isn't supported yet. Use the --project flag to specify the project name, for example c-cpp-demo-4c381320.

Server

Specify the location of the CI Sense server using the --server flag (protocol://domain:port).

Access token

CI Fuzz requires an access token. Set an environment variable named CIFUZZ_API_TOKEN and assign it a token that you create in the CI Sense web app. This token is stored in ~/.config/cifuzz/access_tokens.json and used on subsequent executions of cifuzz remote-run.

Fuzz test

You must specify the name of 1 or more fuzz tests that you want to run.