{"id":21897423,"url":"https://github.com/form3tech-oss/go-ci-fuzz","last_synced_at":"2025-10-09T00:44:54.155Z","repository":{"id":208838079,"uuid":"722610841","full_name":"form3tech-oss/go-ci-fuzz","owner":"form3tech-oss","description":"A tool for running Native Go Fuzz tests in CI pipelines","archived":false,"fork":false,"pushed_at":"2024-03-26T08:31:03.000Z","size":58,"stargazers_count":6,"open_issues_count":1,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-15T18:10:03.281Z","etag":null,"topics":["ci","fuzzing","go","testing"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/form3tech-oss.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-23T14:16:56.000Z","updated_at":"2025-01-15T15:04:46.000Z","dependencies_parsed_at":"2023-11-27T10:34:20.557Z","dependency_job_id":"0df06523-a3b1-4546-9b92-de56c484e61a","html_url":"https://github.com/form3tech-oss/go-ci-fuzz","commit_stats":{"total_commits":24,"total_committers":6,"mean_commits":4.0,"dds":"0.41666666666666663","last_synced_commit":"4663eaaadb263d2621592c62681dac7f7002d582"},"previous_names":["form3tech-oss/go-ci-fuzz"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/form3tech-oss/go-ci-fuzz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/form3tech-oss%2Fgo-ci-fuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/form3tech-oss%2Fgo-ci-fuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/form3tech-oss%2Fgo-ci-fuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/form3tech-oss%2Fgo-ci-fuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/form3tech-oss","download_url":"https://codeload.github.com/form3tech-oss/go-ci-fuzz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/form3tech-oss%2Fgo-ci-fuzz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000641,"owners_count":26082879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","fuzzing","go","testing"],"created_at":"2024-11-28T14:17:13.732Z","updated_at":"2025-10-09T00:44:54.088Z","avatar_url":"https://github.com/form3tech-oss.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go CI Fuzz\n\nCLI and set of GitHub Actions to help you run [Native Go Fuzz Tests](https://go.dev/security/fuzz/) in CI. \n\nIt's a light wrapper around `go test -fuzz=` supporting multiple test targets.\n\n## Motivation\n\nThis project was created to achieve a developer friendly and lightweight way of running _Native Go Fuzz Tests_ in Continuous Integration pipelines.\n\nIt implements missing functionalities in 'go test -fuzz' such as\n- run multiple test targets in a single command\n- extract failed outputs\n\nCurrent alternatives (ClusterFuzzLite, go-fuzz, etc.) don't support _Native Go Fuzzing_ or only inadequately through wrappers.\n\n## Workflow\n\n```mermaid\nflowchart LR\n    engineer[Engineer] -- 1. Writes Fuzz Tests --\u003e GitHub\n    GitHub -- 2. Schedules a run --\u003e go-ci-fuzz[Go CI Fuzz]\n    go-ci-fuzz -- 3. Reports failing inputs --\u003e engineer\n    engineer -- 4. Commits failing inputs \u0026 fixes  the issue --\u003e GitHub\n```\n\n## Run\n\n### Locally\n\nAlthough this tool is meant for CI pipelines, it's still useful in local development. \n\nIf your project has many fuzz tests you can run all of them with:\n\n```shell\ngo install github.com/form3tech-oss/go-ci-fuzz@{version}\ngo-ci-fuzz fuzz --fuzz-time 10m \u003cpackages\u003e [--out /tmp/failures]\n```\n\n### As GitHub Action\n\nFrom your own workflow, you can reference our reusable Github actions located in [./ci/github-actions](ci/github-actions). \n\nAll fuzz findings are uploaded as artifacts to the workflow run.\n\nHere are the Github Action properties:\n\n```yaml\ninputs:\n  version:\n    description: \"Version of go-ci-fuzz, e.g. latest or 0.1.3\"\n    required: false\n    default: \"0.1.3\"\n  source-path:\n    description: \"Path to the project's source code, current directory by default.\"\n    required: false\n    default: \".\"\n  fail-fast:\n    description: \"Whether to continue fuzzing other targets if failing input was found.\"\n    required: false\n    default: \"false\"\n  fuzz-time:\n    description: \"Cumulative time FuzzTests will run, in Go time.Duration format.\"\n    required: false\n    default: \"5m\"\n  artifact-name:\n    description: \"Name of the artifact\"\n    required: false\n    default: \"failing-inputs\"\n```\n\n## Examples \n\nHere are some example workflows to incorporate in your CI pipelines. Feel free to adjust the fuzz-time according to your appetite!\n\n### Fuzz incoming Pull Requests\n\n```yaml\n# .github/workflows/gocifuzz_pr.yml\nname: Go CI Fuzz - Pull Requests\non:\n  pull_request:\n    \npermissions:\n  contents: read\n\njobs:\n  Fuzz:\n    runs-on: ubuntu-20.04\n    steps:\n    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1\n    - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0\n      with:\n        go-version: stable\n    - name: Run fuzzers\n      id: build\n      uses: form3tech-oss/go-ci-fuzz/ci/github-actions/fuzz@2b38b4142d7fa5dde3823e60a358c28ed17635df # v0.1.3\n      with:\n        fuzz-time: 5m\n        fail-fast: true\n```\n\n### Fuzz on fixed schedule\n\n```yaml\n# .github/workflows/gocifuzz_schedule.yml\nname: Go CI Fuzz - Scheduled\non:\n  workflow_dispatch: {}\n  schedule:\n    - cron: '0 2 * * *'\n\npermissions:\n  contents: read\n  \njobs:\n  Fuzz:\n    runs-on: ubuntu-20.04\n    steps:\n    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1\n    - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0\n      with:\n        go-version: stable\n    - name: Run fuzzers\n      id: build\n      uses: form3tech-oss/go-ci-fuzz/ci/github-actions/fuzz@2b38b4142d7fa5dde3823e60a358c28ed17635df # v0.1.3\n      with:\n        fuzz-time: 30m\n        fail-fast: false\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fform3tech-oss%2Fgo-ci-fuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fform3tech-oss%2Fgo-ci-fuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fform3tech-oss%2Fgo-ci-fuzz/lists"}