mirror of https://github.com/google/clusterfuzz.git synced 2025-03-16 05:02:07 +08:00

Go to file

Hayley Denbraver 92be4a5fb1

I updated the README to keep the trophy stats in this repo current with
OSS-Fuzz.

I also moved the scorecard to the top of the README, to make it more
uniform with our other repos and to highlight it.

2023-02-20 10:16:32 +11:00

.allstar

Opt-out of allstar security policy (#2707 )

2022-06-27 14:26:23 +02:00

.github

Disable dependabot. (#2913 )

2023-01-12 08:27:23 +11:00

bot

UI changes for chromium extended stable (#2332 )

2021-05-11 12:37:33 +10:00

configs/test

Comment out corpus-backup/make-public from cron.yaml (#2686 )

2022-05-30 13:24:35 +10:00

docker

Install recent Node.js in ClusterFuzz images. (#2947 )

2023-02-13 04:11:22 +00:00

docs

Update README.md (#2939 )

2023-02-06 10:35:59 -05:00

local

Fix local clusterfuzz server error (#2907 )

2023-01-04 10:40:21 +11:00

resources

Add up-to-date (statically linked) unshare binary. (#2450 )

2021-09-15 13:41:48 +10:00

src

Delete another unused function. (#2945 )

2023-02-08 05:16:57 +00:00

.bowerrc

Initial commit.

2019-01-30 09:55:19 -08:00

.coveragerc

Fix omit directories in .coveragerc. (#10 )

2019-01-30 12:29:01 -08:00

.gitignore

Add .vscode to .gitignore (#2700 )

2022-06-29 14:14:19 +10:00

.pylintrc

Add a lint exclusion. (#2688 )

2022-05-30 11:51:29 +10:00

.style.yapf

Initial commit.

2019-01-30 09:55:19 -08:00

bower.json

Support GitHub login. (#2567 )

2022-03-15 14:28:06 +11:00

butler.py

Delete reproduce_tool. (#2809 )

2022-10-04 13:49:57 +11:00

CHANGELOG.md

CHANGELOG.md: improvements (#2465 )

2021-09-27 09:32:02 +10:00

cloudbuild.yaml

Many CI fixes. (#2428 )

2021-08-24 11:43:13 +10:00

CONTRIBUTING.md

Update CONTRIBUTING.md

2019-02-07 13:05:14 -08:00

LICENSE

Fix license header year in non-python files. (#300 )

2019-03-22 13:12:51 -07:00

Pipfile

Pin all vendored dependencies. (#2573 )

2022-03-15 14:22:33 +11:00

Pipfile.lock

Pin all vendored dependencies. (#2573 )

2022-03-15 14:22:33 +11:00

README.md

Small readme changes. (#2949 )

2023-02-20 10:16:32 +11:00

README.md

ClusterFuzz

ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz.

ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process:

Highly scalable. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs).
Accurate deduplication of crashes.
Fully automatic bug filing, triage and closing for various issue trackers (e.g. Monorail, Jira).
Supports multiple coverage guided fuzzing engines (libFuzzer, AFL, AFL++ and Honggfuzz) for optimal results (with ensemble fuzzing and fuzzing strategies).
Support for blackbox fuzzing.
Testcase minimization.
Regression finding through bisection.
Statistics for analyzing fuzzer performance, and crash rates.
Easy to use web interface for management and viewing crashes.
Support for various authentication providers using Firebase.

Overview

Documentation

You can find detailed documentation here.

Trophies

As of February 2023, ClusterFuzz has found ~27,000 bugs in Google (e.g. Chrome). Additionally, ClusterFuzz has helped identify and fix over 8,900 vulnerabilities and 28,000 bugs across 850 projects integrated with OSS-Fuzz.

Getting Help

You can file an issue to ask questions, request features, or ask for help.

Staying Up to Date

We will use clusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.

ClusterFuzzLite

For a more lightweight version of ClusterFuzz that runs on CI/CD systems, check out ClusterFuzzLite.

Languages

Python 87.6%

HTML 8%

Shell 1.5%

HCL 0.9%

Dockerfile 0.3%

Other 1.6%