ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed.
ClusterFuzzLite is based on ClusterFuzz.
- Quick code change (pull request) fuzzing to find bugs before they land
- Downloads of crashing testcases
- Continuous longer running fuzzing (batch fuzzing) to asynchronously find deeper bugs missed during code change fuzzing and build a corpus for use in code change fuzzing
- Coverage reports showing which parts of your code are fuzzed
- Modular functionality, so you can decide which features you want to use
- C
- C++
- Java (and other JVM-based languages)
- Go
- Python
- Rust
- Swift
- GitHub Actions
- GitLab
- Google Cloud Build
- Prow
- Support for more CI systems is in-progess, and extending support to other CI systems is easy
Read our detailed documentation to learn how to use ClusterFuzzLite.
Join our mailing list for announcements and discussions.
If you use ClusterFuzzLite, please fill out this form so we know who is using it. This gives us an idea of the impact of ClusterFuzzLite and allows us to justify future work.
Feel free to file an issue if you experience any trouble or have feature requests.