Google Takes Security up a Notch for CI/CD With ClusterFuzzLite

Google makes fuzzing easier and faster with ClusterFuzzLite


Google noticed the increase in attention given to security with the recent happenings concerning cybersecurity around the world. The tech giant then decided to support its customers by bringing ClusterFuzzLite security solutions into the software development process.

ClusterFuzzLite can be Integrated into GitHub users’ workflow with just a few lines of code.
ClusterFuzzLite can be Integrated into GitHub users’ workflow with just a few lines of code.
Key Facts
  1. 1

    ClusterFuzzLite is a solution that runs as part of continuous integration (CI) workflow.

  2. 2

    It is easy to set up and integrate into GitHub users workflow

  3. 3

    It is based on ClusterFuzz

  4. 4

    It works in association with Google’s OSS-Fuzz program

  5. 5

    It supports a number of program languages, including C++, C, Go, Python, etc.


With the increase in software supply chain attacks, increased security measure is now the order of the day. Code testing is now more needed than ever to catch vulnerabilities quickly before moving the code to the next phase. Google LLC  brought on ClusterFuzzLite, a continuous fuzzing solution that works with continuous integration workflow, and it finds vulnerabilities faster than ever. You might be wondering what fuzzing is; it is a debugging technique where you feed garbage to your program and see what happens.

ClusterFuzzLite supports three CI systems for now, including GitHub Actions, Prow, and Google Cloud Build, while they are working on other CI systems to support. ClusterFuzzLite can be Integrated into GitHub users’ workflow with just a few lines of code.

ClusterFuzzLite has two modes of fuzzing, which are code change fuzzing and batch fuzzing.

ClusterFuzzLite has a handful of a feature that makes it an efficient security tool. It has a pull request code change fuzzing to find bugs before they land. It has longer continuous fuzzing (batch fuzzing) to locate bugs missed while using the code change fuzzing, and it downloads crashing test cases. Its coverage report feature helps users know which part of the code has been fuzzed, and best of all - you can decide which feature to use for fuzzing or which one not to use.

ClusterFuzzLite has many of the features that ClusterFuzz (a scalable fuzzing infrastructure) has; they both have continuous fuzzing, sanitizer support, corpus management, and corporate report generation features. ClusterFuzzLite also uses the same toolchain as the OSS-Fuzz for easier building, meaning that ClusterFuzzLite will also build your project in a Docker container except that ClusterFuzzLite will make Dockerfile copy directly from the source code during docker build while OSS-Fuzz will use git clone to check your Dockerfile.

This first launch of ClusterFuzzLite only supports libFuzzer fuzzing engine; its sanitizers can also be used for AddressSanitizer (ASan) - to detect memory safety issues; UndefinedBehaviorSanitizer (UBSan) - to detect undefined behavior, e.g., integer overflow; MemorySanitizer (MSan) - to detect the use of uninitialized memory.

ClusterFuzzLite supports various languages: C, C++, Python, Rust, Swift, Go, and every JVM-based language.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …