Create a fuzzing project
To set up fuzzing for Spring Boot Applications with CI Fuzz, open the project in VS Code:
If you have our extension installed, you can start it with clicking on our logo in the left sidebar. This will lead you from VS Code’s file browser sidebar to our CI Fuzz sidebar:
From here you can create the Fuzzing Project with a click on the Plus button next to “Create Fuzzing Project”
CI Fuzz will automatically detect most current build systems that can build Spring Boot Applications, including Maven, Gradle and Ant. If it recognizes a build system it will ask to l automatically create a script to build the project with sensible defaults.
But even if the build system is not detected you can just enter the steps needed to build the project manually.
Here you also need to provide the name of a docker image, which will allow CI Fuzz to create containers in which the fuzzing project and fuzz tests will be built. This image must contain all the dependencies. In case of WebGoat, the official Maven image can be used. Alternatively, local mode creates distroless docker containers which will use dependencies installed on your system.
