In recent years, continuous fuzz testing has become an important part of the software development life cycle. This technology usually inputs unexpected or random data into the program, and then can dig out some crash points that are easily missed or not discovered manually. NIST's Software Validation Guidelines recently released a standard (in response to the White House's call to improve nationalcyber securityExecutive Order), it is clearly stipulated in the code verification of this standard that software verification must undergo fuzz testing.
So the Google team announced an open source project, ClusterFuzzLite, a continuous fuzz testing solution that runs as part of a CI/CD workflow to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflows and fuzz test pull requests to catch errors before committing, thereby enhancing the overall security of the software supply chain.
Since its launch in 2016, more than 500 critical open source projects have been integrated into Google's OSS-Fuzz program, and more than 6,500 vulnerabilities and 21,000 functional bugs have been fixed. ClusterFuzzLite goes hand in hand with OSS-Fuzz by catching regression errors earlier in the development process.
Large projects including systemd and curl have used ClusterFuzzLite during code reviews with great results.
With the release of ClusterFuzzLite, any project can integrate this essential testing standard and benefit from fuzz testing. ClusterFuzzLite provides many of the same features as ClusterFuzz, such as continuous fuzz testing, corpus management, and coverage report generation. Best of all, it's easy to use, making ClusterFuzzLite a top choice for any developer who wants to fuzz test.
To learn more, you can check out ClusterFuzzLite Documentation.
ClusterFuzzLite currently supports GitHub Actions and Google Cloud Build
Original article by CNCSO, if reproduced, please credit: https://cncso.com/en/google-releases-clusterfuzzlite-a-kind-of-continuous-fuzzy-testing-solution-html