google/clusterfuzz
Scalable fuzzing infrastructure.
| repo name | google/clusterfuzz |
| repo link | https://github.com/google/clusterfuzz |
| homepage | https://google.github.io/clusterfuzz |
| language | Python |
| size (curr.) | 56274 kB |
| stars (curr.) | 4144 |
| created | 2019-01-29 |
| license | Apache License 2.0 |
ClusterFuzz
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.
Google uses ClusterFuzz to fuzz the Chrome Browser and as the fuzzing backend for OSS-Fuzz.
ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project’s development process:
- Highly scalable. Google’s internal instance runs on over 25,000 machines.
- Accurate deduplication of crashes.
- Fully automatic bug filing and closing for issue trackers (Monorail only for now).
- Testcase minimization.
- Regression finding through bisection.
- Statistics for analyzing fuzzer performance, and crash rates.
- Easy to use web interface for management and viewing crashes.
- Firebase authentication.
- Support for coverage guided fuzzing (e.g. libFuzzer and AFL) and blackbox fuzzing.
Overview
Documentation
You can find detailed documentation here.
Trophies
As of January 2019, ClusterFuzz has found ~16,000 bugs in Chrome and ~11,000 bugs in over 160 open source projects integrated with OSS-Fuzz.
Getting Help
You can file an issue to ask questions, request features, or ask for help.
Staying Up to Date
We will use clusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.
