Link Search Menu Expand Document

ClusterFuzzLite

ClusterFuzzLite (repo) is a continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed.

ClusterFuzzLite is based on ClusterFuzz.

Features

  • Quick code change (pull request) fuzzing to find bugs before they land
  • Downloads of crashing testcases
  • Continuous longer running fuzzing (batch fuzzing) to asynchronously find deeper bugs missed during code change fuzzing and build a corpus for use in code change fuzzing
  • Coverage reports showing which parts of your code are fuzzed
  • Modular functionality, so you can decide which features you want to use

demo

Supported Languages

  • C
  • C++
  • Java (and other JVM-based languages)
  • Go
  • Python
  • Rust
  • Swift

Supported CI Systems

Supported Fuzzing Engine and Sanitizers

Getting Started

If you’re new to using libFuzzer and sanitizers, start with the Overview for an explanation of terms and the fuzzing process.

If you’re already familiar with using libFuzzer and sanitizers, start with Step 1: Build Integration.

Staying in touch

Join our mailing list for announcements and discussions.

If you use ClusterFuzzLite, please fill out this form so we know who is using it. This gives us an idea of the impact of ClusterFuzzLite and allows us to justify future work.

Please file an issue if you experience any trouble or have feature requests.


Table of contents