Repository files navigation

ClusterFuzz is a scalablefuzzinginfrastructure that finds security and stability issues in software.

Google uses ClusterFuzz to fuzz all Google products and as the fuzzingbackend forOSS-Fuzz.

ClusterFuzz provides many features which help seamlessly integrate fuzzing intoa software project's development process:

• Highly scalable. Can run on any size cluster (e.g. OSS-Fuzz instance runs on100,000 VMs).
• Accurate deduplication of crashes.
• Fully automatic bug filing, triage and closing for various issue trackers(e.g.Monorail,Jira).
• Supports multiplecoverage guided fuzzing engines(libFuzzer,AFL,AFL++ andHonggfuzz)for optimal results (withensemble fuzzing andfuzzing strategies).
• Support forblackbox fuzzing.
• Testcase minimization.
• Regression finding throughbisection.
• Statistics for analyzing fuzzer performance, and crash rates.
• Easy to use web interface for management and viewing crashes.
• Support for various authentication providers usingFirebase.

You can find detailed documentationhere.

As of May 2022, ClusterFuzz has found ~29,000 bugs in Google (e.g.Chrome)and36,000+ bugs in over550 open source projects integrated withOSS-Fuzz.

You canfile an issue to askquestions, request features, or ask for help.

We will useclusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.

For a more lightweight version of ClusterFuzz that runs on CI/CDsystems, check outClusterFuzzLite.