CI Fuzz is a state-of-the-art security testing software. It offers easy IDE integration that saves developers’ time and effort while drastically improving the stability and reliability of the codebase.
Why Code Intelligence?
- Get access to state-of-the-art technology: Feedback-based fuzzing and concolic code execution
- Achieve reliable testing results: Almost no false positives due to the combination of dynamic and static analysis
- Improve the discovery of vulnerabilities: Higher code coverage
- No additional effort: IDE integration helps to define tests while writing the code
- Maximize your productivity: Browse and replay the found bugs and fix them more quickly
- Test when and where you need it: Fast and reliable source code testing integrates into your CI/CD process
- Supplements feedback-based fuzzing with concolic execution
- Combines several fuzzing engines: AFL++, libFuzzer with -Sanitizers and honggfuzz
- Additionally includes classic fuzzing approaches generating patterns such as radamsa
- Utilizes grammar-aware fuzzing for structured inputs
- Uses a framework similar to Qsym and Driller for concolic execution
- Includes, where applicable, APIs and network sockets into testing
CI Fuzz offers an easy to use interface to apply these advanced technologies. No deep technical knowledge of fuzzing is required. Instead, users just define which functions or interfaces (e.g. network sockets) they want to have tested and our software does the rest.
Our IDE plugin displays which parts of the code have been reached by the fuzzer and visualizes the fuzzing process. Found crashes can also be replayed by starting the IDE’s debugger with the input causing the crash. Alternatively, you can interact with the core software using the command line.
Code Intelligence software easily integrates into a standard CI / CD workflow such as Jenkins, the fuzz tests are run automatically with each new code change and incidents are reported timely. We also handle special requests for fuzzing on a Kubernetes cluster.