Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OSS-Fuzz - continuous fuzzing for open source software.
3,355 Commits 188 Branches 0 Tags 128 MiB
Shell 27.3%
Python 19.3%
Dockerfile 17.4%
Java 17.1%
C 7.2%
Other 11.5%
Go to file
Abhishek Arya 758186cd0a
Add redirect for old reproducing.md (#2666) 		2019-08-07 12:57:10 -07:00
docs Add redirect for old reproducing.md (#2666) 2019-08-07 12:57:10 -07:00
infra Switch docs to new structure (#2663) 2019-08-07 07:37:16 -07:00
projects [envoy] fix ubsan build (#2664) 2019-08-07 08:41:47 -07:00
.gitignore [infra] replacing wget with ADD where possible 2016-12-28 14:09:09 -08:00
.travis.yml [infra] Add support for dataflow builds to the helper script and build check (#1632). (#2501) 2019-06-12 11:08:15 -07:00
CONTRIBUTING Other projects use the notation GitHub, but this project was fixed as Github. (#1377) 2018-04-29 19:04:09 -07:00
LICENSE Create LICENSE 2016-10-03 12:24:25 -07:00
README.md Switch docs to new structure (#2663) 2019-08-07 07:37:16 -07:00
oss-fuzz.iml Add jekyll generator for docs. (#2660) 2019-08-06 13:29:19 -07:00

README.md

OSS-Fuzz - Continuous Fuzzing for Open Source Software

Introduction

Fuzz testing is a well-known technique for uncovering various kinds of programming errors in software. Many of these detectable errors (e.g. buffer overflow) can have serious security implications.

We successfully deployed guided in-process fuzzing of Chrome components and found hundreds of security vulnerabilities and stability bugs. We now want to share the experience and the service with the open source community.

In cooperation with the Core Infrastructure Initiative, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques and scalable distributed execution.

We support libFuzzer and AFL as fuzzing engines in combination with Sanitizers. ClusterFuzz provides a distributed fuzzer execution environment and reporting. You can checkout ClusterFuzz here.

Currently OSS-Fuzz supports C and C++ code (other languages supported by LLVM may work too).

Documentation

You can find detailed documentation here.

Trophies

As of August 2019, OSS-Fuzz has found ~14,000 bugs in over 200 open source projects.

Blog posts

  • 2016-12-01 (1, 2, 3)
  • 2017-05-08 (1, 2, 3)
  • 2018-11-06 (1)