| layout | title | permalink | nav_order | has_children |
|---|---|---|---|---|
default |
ClusterFuzz |
/ |
1 |
true |
ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software.
It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz.
ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project's development process:
- Highly scalable. Google's internal instance runs on over 25,000 machines.
- Accurate deduplication of crashes.
- Fully automatic bug filing and closing for issue trackers (Monorail only for now).
- Testcase minimization.
- Regression finding through bisection.
- Statistics for analyzing fuzzer performance, and crash rates.
- Easy to use web interface for management and viewing crashes.
- Support for [coverage guided fuzzing] (e.g. libFuzzer and AFL) and [blackbox fuzzing].
As of January 2019, ClusterFuzz has found ~16,000 bugs in Chrome and ~11,000 bugs in over 160 open source projects integrated with OSS-Fuzz.
[blackbox fuzzing]: {{ site.baseurl }}/setting-up-fuzzing/blackbox-fuzzing/ [coverage guided fuzzing]: {{ site.baseurl }}/setting-up-fuzzing/libfuzzer-and-afl/