From 43093dcf21a9153b22ee1ec45c8e40dd5ab2c655 Mon Sep 17 00:00:00 2001
From: Max Moroz <mmoroz@chromium.org>
Date: Thu, 6 Jun 2019 09:49:21 -0700
Subject: [PATCH] [docs] Add FAQ for non open source projects, mention
 ClusterFuzz. (#2489)

* [docs] Add FAQ for non open source projects, mention ClusterFuzz.

* Remove TOC as GitHub does not support it.

* Address review feedback.
---
 docs/faq.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/faq.md b/docs/faq.md
index 2f31b6f8e..92acfb80b 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -20,6 +20,18 @@ You should look for places in your code that:
   - use an algorithm that has two or more implementations (to verify their equivalence).
   - look for existing fuzz target [examples](https://github.com/google/oss-fuzz/tree/master/projects) and find similarities.
 
+## My project is not open source. Can I use OSS-Fuzz?
+
+You cannot use OSS-Fuzz, but you can use [ClusterFuzz] which OSS-Fuzz is based
+on. ClusterFuzz is an open-source fuzzing infrastructure that you can deploy in
+your own environment and run continuously at scale.
+
+OSS-Fuzz is a production instance of ClusterFuzz, plus the code living in
+[OSS-Fuzz repository]: build scripts, `project.yaml` files with contacts, etc.
+
+[ClusterFuzz]: https://github.com/google/clusterfuzz
+[OSS-Fuzz repository]: https://github.com/google/oss-fuzz
+
 ## Why do you use a [different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in OSS projects?
 
 Security access control is important for the kind of issues that OSS-Fuzz detects.