Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/application_security/coverage_fuzzing/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/coverage_fuzzing/index.md')
-rw-r--r--doc/user/application_security/coverage_fuzzing/index.md25
1 files changed, 20 insertions, 5 deletions
diff --git a/doc/user/application_security/coverage_fuzzing/index.md b/doc/user/application_security/coverage_fuzzing/index.md
index 0d5eb2b6d50..cdb2e7109bf 100644
--- a/doc/user/application_security/coverage_fuzzing/index.md
+++ b/doc/user/application_security/coverage_fuzzing/index.md
@@ -7,15 +7,26 @@ type: reference, howto
# Coverage-guided fuzz testing **(ULTIMATE)**
+Coverage-guided fuzzing sends random inputs to an instrumented version of your application in an
+effort to cause unexpected behavior. Such behavior indicates a bug that you should address.
GitLab allows you to add coverage-guided fuzz testing to your pipelines. This helps you discover
-bugs and potential security issues that other QA processes may miss. Coverage-guided fuzzing sends
-random inputs to an instrumented version of your application in an effort to cause unexpected
-behavior, such as a crash. Such behavior indicates a bug that you should address.
+bugs and potential security issues that other QA processes may miss.
We recommend that you use fuzz testing in addition to the other security scanners in [GitLab Secure](../index.md)
and your own test processes. If you're using [GitLab CI/CD](../../../ci/index.md),
-you can run your coverage-guided fuzz tests as part your CI/CD workflow. You can take advantage of
-coverage-guided fuzzing by including the CI job in your existing `.gitlab-ci.yml` file.
+you can run your coverage-guided fuzz tests as part your CI/CD workflow.
+
+## Coverage-guided fuzz testing process
+
+The fuzz testing process:
+
+1. Compiles the target application.
+1. Runs the instrumented application, using the `gitlab-cov-fuzz` tool.
+1. Parses and analyzes the exception information output by the fuzzer.
+1. Downloads the [corpus](../terminology/index.md#corpus) and crash events from previous pipelines.
+1. Outputs the parsed crash events and data to the `gl-coverage-fuzzing-report.json` file.
+
+The results of the coverage-guided fuzz testing are available in the CI/CD pipeline.
## Supported fuzzing engines and languages
@@ -249,6 +260,8 @@ which shows an overview of all the security vulnerabilities in your groups, proj
Clicking the vulnerability opens a modal that provides additional information about the
vulnerability:
+<!-- vale gitlab.Acronyms = NO -->
+
- Status: The vulnerability's status. As with any type of vulnerability, a coverage fuzzing
vulnerability can be Detected, Confirmed, Dismissed, or Resolved.
- Project: The project in which the vulnerability exists.
@@ -262,3 +275,5 @@ vulnerability:
- Scanner: The scanner that detected the vulnerability (for example, Coverage Fuzzing).
- Scanner Provider: The engine that did the scan. For Coverage Fuzzing, this can be any of the
engines listed in [Supported fuzzing engines and languages](#supported-fuzzing-engines-and-languages).
+
+<!-- vale gitlab.Acronyms = YES -->
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 17:19:08 +0300