Home Cd software Google launches ClusterFuzzLite security tool for CI and CD workflows

Google launches ClusterFuzzLite security tool for CI and CD workflows

4
0

Google launched ClusterFuzzLite, a continuous fuzz solution to improve the security of the software supply chain.

Google software engineers Jonathan Metzman and Oliver Chang, as well as Google CI / CD product manager, Michael Winser, said on Thursday in a blog post that the new tool can run “as part of CI / CD workflows to find vulnerabilities faster than ever.”

Fuzzing is an automated testing technique for finding bugs and unexpected behavior by entering invalid and random data into programs. This can signal vulnerabilities or errors that might otherwise go unnoticed during a manual scan.

The new tool, ClusterFuzzLite, is based on ClusterFuzz, an open source scalable fuzzing infrastructure previously released by Google and used as the fuzzing backbone for the OSS-Fuzz program.

According to Google, ClusterFuzzLite can be integrated with existing workflows to fuzz pull requests, improving the chances of finding vulnerabilities earlier in the development process and before changes are committed.

While ClusterFuzz and ClusterFuzzLite contain some of the same features – including continuous fuzz, coverage reporting, and sanitizer support – the team says the main difference is that ClusterFuzz is easy to set up with closed source projects, and therefore developers can use it to quickly fuzz their software.

As of now, ClusterFuzzLite supports GitHub, Google Cloud Build, and Prow actions.

“With ClusterFuzzLite, fuzzing is no longer just a series of idealized ‘bonus’ tests for those with access to it, but an essential step that anyone can use on an ongoing basis on every software project,” the team said. “By finding and preventing bugs before they enter the code base, we can create a more secure software ecosystem.”

Documentation on the tool is available at GitHub.

In February, Google launched the Open Source Vulnerabilities (OSV) website, an open source vulnerability mapping platform.

Prior and related coverage


Do you have any advice? Contact us securely via WhatsApp | Call +447 713 025 499, or Keybase: charlie0



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here