|Date of the premiere of the system:||November 2021|
|Technology:||TMS - Test Management System, Application Development Tools|
2021: Tool Release
On November 11, 2021, Google announced the release of a ClusterFuzzLite tool to search for errors in software using random or inaccurate data. The tool simplifies the integration of phasing into any project workflow and makes phase testing an integral standard for Comitas.
Fazzing, also called phase testing, has become a fundamental part of the detection of errors and vulnerabilities in software (software). Testing identifies errors that can elude manual tests by throwing random and unexpected data into the code to get beyond-limit results and failures that can reveal software flaws. This type of testing is especially important for any software that will be subject to external user input, because it is here that hackers can try to use the system or the user may accidentally encounter a situation that will lead to a serious failure in the application.
The ClusterFuzzLite tool works with OSS-Fuzz, a program that was developed by Google to ensure continuous verification of selected key open source software projects. Since the release of OSS-Fuzz in 2016, it has detected and eliminated more than 6.5 thousand vulnerabilities and 21 thousand functional errors in more than 500 critical open source projects. According to the company, such large projects as systemd, the user process management service in the Linux operating system (OS), and curl, a command-line tool and a data transfer library, are already using ClusterFuzzLite during code validation.
|When human reviewers nod and approve code, and your static code analyzers and linters can no longer detect any problems, phaszing is what takes you to the next level of maturity. OSS-Fuzz and ClusterFuzzLite help us maintain curl as a quality project, around the clock, every day and every Comitas, "said curl author Daniel Stenberg.|
Users can GitHub easily add it to their workflow and phase-test change requests to identify errors before fixing code with just a few lines of code. Equally important, it is easy to configure for closed source projects. By adding phasing during the integration process, you can catch errors in the code before the new code is added to the base. As of November 2021, the solution supports GitHub Actions, Google Cloud Build and Prow. The tool was created taking into account the extensibility of continuous integration systems, and the team made it so that the addition of support for other CI systems was simple, meaning the integration of individual pieces of application code among themselves.