Platform Overview
Fuzzing Terminology
Install the Fuzzbuzz CLI
Find your first C/C++ bug
Find your first Python bug
Find your first Rust bug
Find your first Go bug
Protocol Fuzzing
Seeding your fuzzer
Integrating with libFuzzer
Heartbleed in 5 Minutes
GitHub Integration
GitLab Integration
CLI Integration
fuzzbuzz.yaml reference
Fuzzer Reference
Bug Types
Self-Hosted Fuzzbuzz
Overview
Getting Started
Guides
Tutorials
Integrations
Reference
GitHub Integration
This tutorial will walk you through integrating Fuzzbuzz into your GitLab CI/CD pipeline.
Project Setup
Start by clicking the New Project
button on the Fuzzbuzz platform. Select "Coverage Guided Fuzzer" at the next screen and click Next
.
Next, choose the GitHub option at the Git provider screen.
If this is your first time setting up a project, you will be asked to authorize the GitHub App with your personal GitHub account.
This authorization is only used to list the projects you have access to, not to access sensitive project data like source code.
Once you have authorized your account, you will see an installation screen - select the organization or user that owns the project you wish to set up.
After selecting the project owner, you will have the choice of providing Fuzzbuzz with access to a specific project, or any project in the organization. Fuzzbuzz will only receive read access to source code, and will be unable to make changes to your repository. Once you've made your decision, press Save
to return to Fuzzbuzz.
Fuzzbuzz will list all the projects it now has access to. Select one, and press Next
to continue.
Note: If you wish to install Fuzzbuzz on new organizations or projects, click the Configure on GitHub
link at the top of the project list.
Once your project is created, you will see a screen with instructions describing how to set up fuzz tests for your repository. Once you have configured your GitHub project with a fuzzbuzz.yaml
, push the changes up to your GitHub repository. Fuzzbuzz will pick up your changes, build them, and start running all detected fuzz tests in the repository.