Maven

Dependencies

Ubuntu / Debian

sudo apt install default-jdk maven

Arch

sudo pacman -S jdk-openjdk maven

macOS

brew install openjdk maven

Windows

choco install microsoft-openjdk maven

Version requirements

• Java JDK >= 8 (1.8)
  • for example OpenJDK or Zulu
• Maven >= 3.3.1
• JUnit >= 5.8

Initialize a project

Initialize CI Fuzz in the root directory of your Maven project with the following command:

cifuzz init

Enable CI repository access

To use CI Fuzz and its dependencies, you have to configure access to the CI repository. Your username and private token are available on your CI Download Portal Configuration page.

settings.xml

Add the following code to your ~/.m2/settings.xml:

~/.m2/settings.xml

<?xml version="1.0" encoding="UTF-8"?>
    <settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd" xmlns="http://maven.apache.org/SETTINGS/1.2.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <servers>
            <server>
                <id>code-intelligence</id>
                <username><!--YOUR_USERNAME--></username>
                <password><!--YOUR_TOKEN--></password>
            </server>
        </servers>
    </settings>

pom.xml

To use the CI repository in your project, add it to your projects pom.xml:

pom.xml

<repositories>
    <repository>
        <id>code-intelligence</id>
        <url>https://gitlab.code-intelligence.com/api/v4/projects/89/packages/maven</url>
    </repository>
</repositories>
<pluginRepositories>
    <pluginRepository>
        <id>code-intelligence</id>
        <url>https://gitlab.code-intelligence.com/api/v4/projects/89/packages/maven</url>
    </pluginRepository>
</pluginRepositories>

Add Maven extension

To enable fuzz testing in your project, add the CI Fuzz Maven extension to your projects pom.xml:

pom.xml

<build>
    <extensions>
        <extension>
            <groupId>com.code-intelligence</groupId>
            <artifactId>cifuzz-maven-extension</artifactId>
            <version>1.5.0</version>
        </extension>
    </extensions>
</build>

Multi-project setup

CI Fuzz currently supports multi-project setups with Maven by initializing cifuzz in the sub-projects instead of the root project. Additionally the sub-projects need the following property defined in it's pom.xml:

pom.xml

<properties>
    <cifuzz.fuzztests>true</cifuzz.fuzztests>
</properties>

JUnit

Fuzz tests are executed with JUnit 5. If it's not already set up, the plugin automatically adds the required dependencies and configuration to your project. If you are using JUnit 4, be aware that CI Fuzz requires the JUnit Vintage engine to run both JUnit 4 and JUnit 5 tests in one project. See the official JUnit documentation for more information.

Example projects

• Maven project
• Maven project with JUnit 4 and JUnit 5
• Maven project with multiple modules