Bundle / remote run
The cifuzz remote-run
command builds fuzz tests, packages all runtime
artifacts into a bundle, and uploads that to a remote CI Fuzz server to start a
remote fuzzing run. This section covers the components of the remote-run
command that are necessary to make it work with your CI Fuzz installation.
Requirements
These are the items that you need to specify to use cifuzz remote-run
with CI
Fuzz in a CI/CD pipeline.
cifuzz.yaml
The project must have a cifuzz.yaml
(created from cifuzz init
) with the
appropriate build-system files modified. See how to initialize a
project
for details on how to do that.
cifuzz.yaml
should have the correct build-system
set, for example CMake or Bazel. If
the build-system
is other, you need to specify a build-command
. You can
either set this in cifuzz.yaml
or pass a command line argument using the
--build-command
flag of remote-run
.
Docker image
The bundle requires a docker image to run on CI Fuzz. The default image is
"ubuntu:rolling", but you can also specify your own image by using the
--docker-image
flag. The docker image you specify should contain the necessary
runtime libraries.
Project
Specify the project, otherwise cifuzz prompts for it. It's
expected that the project was already created on the remote server. Creating a
project from scratch using the cifuzz isn't supported yet. Use the --project
flag to specify the project name, for example c-cpp-demo-4c381320
.
Server
Specify the location of the CI Sense server using the --server
flag
(protocol://domain:port).
Access token
CI Fuzz requires an access token. Set an environment variable named
CIFUZZ_API_TOKEN
and assign it a token that you create in the CI Sense web
app. This token is stored in ~/.config/cifuzz/access_tokens.json
and used on subsequent executions of cifuzz remote-run
.
Fuzz test
You must specify the name of 1 or more fuzz tests that you want to run.