Google Takes Security up a Notch for CI/CD With ClusterFuzzLite
Google makes fuzzing easier and faster with ClusterFuzzLite
TL;DR
Google noticed the increase in attention given to security with the recent happenings concerning cybersecurity around the world. The tech giant then decided to support its customers by bringing ClusterFuzzLite security solutions into the software development process.
Key Facts
ClusterFuzzLite is a solution that runs as part of continuous integration (CI) workflow.
It is easy to set up and integrate into GitHub users workflow
It is based on ClusterFuzz
It works in association with Google’s OSS-Fuzz program
It supports a number of program languages, including C++, C, Go, Python, etc.
Details
With the increase in software supply chain attacks, increased security measure is now the order of the day. Code testing is now more needed than ever to catch vulnerabilities quickly before moving the code to the next phase. Google LLC brought on ClusterFuzzLite, a continuous fuzzing solution that works with continuous integration workflow, and it finds vulnerabilities faster than ever. You might be wondering what fuzzing is; it is a debugging technique where you feed garbage to your program and see what happens.
ClusterFuzzLite supports three CI systems for now, including GitHub Actions, Prow, and Google Cloud Build, while they are working on other CI systems to support. ClusterFuzzLite can be Integrated into GitHub users’ workflow with just a few lines of code.
ClusterFuzzLite has two modes of fuzzing, which are code change fuzzing and batch fuzzing.
ClusterFuzzLite has a handful of a feature that makes it an efficient security tool. It has a pull request code change fuzzing to find bugs before they land. It has longer continuous fuzzing (batch fuzzing) to locate bugs missed while using the code change fuzzing, and it downloads crashing test cases. Its coverage report feature helps users know which part of the code has been fuzzed, and best of all - you can decide which feature to use for fuzzing or which one not to use.
ClusterFuzzLite has many of the features that ClusterFuzz (a scalable fuzzing infrastructure) has; they both have continuous fuzzing, sanitizer support, corpus management, and corporate report generation features. ClusterFuzzLite also uses the same toolchain as the OSS-Fuzz for easier building, meaning that ClusterFuzzLite will also build your project in a Docker container except that ClusterFuzzLite will make Dockerfile
copy directly from the source code during docker build
while OSS-Fuzz will use git clone
to check your Dockerfile
.
This first launch of ClusterFuzzLite only supports libFuzzer fuzzing engine; its sanitizers can also be used for AddressSanitizer (ASan) - to detect memory safety issues; UndefinedBehaviorSanitizer (UBSan) - to detect undefined behavior, e.g., integer overflow; MemorySanitizer (MSan) - to detect the use of uninitialized memory.
ClusterFuzzLite supports various languages: C, C++, Python, Rust, Swift, Go, and every JVM-based language.
Get similar news in your inbox weekly, for free
Share this news:
Latest stories
How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring
We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …
AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost
In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …
A Review of Zoho ManageEngine
Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …
Should I learn Java in 2023? A Practical Guide
Java is one of the most widely used programming languages in the world. It has …
The fastest way to ramp up on DevOps
You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …
Why You Need a Blockchain Node Provider
In this article, we briefly cover the concept of blockchain nodes provider and explain why …
Top 5 Virtual desktop Provides in 2022
Here are the top 5 virtual desktop providers who offer a range of benefits such …
Why Your Business Should Connect Directly To Your Cloud
Today, companies make the most use of cloud technology regardless of their size and sector. …
7 Must-Watch DevSecOps Videos
Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …