{"id":13515522,"url":"https://github.com/google/clusterfuzz","last_synced_at":"2026-03-09T21:24:57.554Z","repository":{"id":38272657,"uuid":"168060021","full_name":"google/clusterfuzz","owner":"google","description":"Scalable fuzzing infrastructure.","archived":false,"fork":false,"pushed_at":"2026-01-21T00:20:22.000Z","size":117554,"stargazers_count":5513,"open_issues_count":69,"forks_count":596,"subscribers_count":113,"default_branch":"master","last_synced_at":"2026-01-21T01:16:02.429Z","etag":null,"topics":["fuzzing","security","stability","vulnerabilities"],"latest_commit_sha":null,"homepage":"https://google.github.io/clusterfuzz","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2019-01-29T00:19:40.000Z","updated_at":"2026-01-19T19:02:42.000Z","dependencies_parsed_at":"2023-10-20T20:03:32.828Z","dependency_job_id":"f32bd58f-a53f-49a3-bfc2-510ba58917f7","html_url":"https://github.com/google/clusterfuzz","commit_stats":{"total_commits":3426,"total_committers":88,"mean_commits":38.93181818181818,"dds":0.7454757734967893,"last_synced_commit":"6c26da13a748e7ba7012eb1f24f904281ef1da4b"},"previous_names":[],"tags_count":74,"template":false,"template_full_name":null,"purl":"pkg:github/google/clusterfuzz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fclusterfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fclusterfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fclusterfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fclusterfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/clusterfuzz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fclusterfuzz/sbom","scorecard":{"id":436610,"data":{"date":"2024-03-19","repo":{"name":"github.com/google/clusterfuzz","commit":"4867a3b9f71068edfa808d9a9ec283a83bd18a51"},"scorecard":{"version":"v4.10.2","commit":"376f465c111c39c6a5ad7408e8896cd790cb5219"},"score":6.5,"checks":[{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: local/bin/golint:1","Warn: binary detected: resources/platform/android/aapt:1","Warn: binary detected: resources/platform/android/adb:1","Warn: binary detected: resources/platform/android/fastboot:1","Warn: binary detected: resources/platform/linux/chrpath:1","Warn: binary detected: resources/platform/linux/libstdc++.so.6:1","Warn: binary detected: resources/platform/linux/llvm-symbolizer:1","Warn: binary detected: resources/platform/linux/minijail0:1","Warn: binary detected: resources/platform/linux/radamsa/libradamsa.so:1","Warn: binary detected: resources/platform/linux/unshare:1","Warn: binary detected: resources/platform/mac/llvm-symbolizer:1","Warn: binary detected: resources/platform/windows/handle.exe:1","Warn: binary detected: resources/platform/windows/llvm-symbolizer.exe:1","Warn: binary detected: src/clusterfuzz/_internal/bot/fuzzers/bin/linux/radamsa:1","Warn: binary detected: src/clusterfuzz/_internal/bot/fuzzers/bin/mac/radamsa:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/afl-analyze:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/afl-fuzz:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/afl-gotcpu:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/afl-showmap:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/afl-tmin:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/always_crash_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/assert_fail:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/easy_crash_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/return_code_255:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/afl/data/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/__extra_build/clusterfuzz_format_target:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/__extra_build/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/centipede:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/clusterfuzz_format_target:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/clusterfuzz_format_target_sanitized:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/minimize_me_fuzz_target:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/centipede/test_data/test_fuzzer_sanitized:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/honggfuzz/test_data/always_crash_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/honggfuzz/test_data/fuzz_netdriver_crash:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/honggfuzz/test_data/honggfuzz:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/honggfuzz/test_data/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/always_crash_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/analyze_dict_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/android/always_crash_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/android/analyze_dict_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/android/crash_with_A_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/android/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/check_out:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/check_tmp:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/crash_with_A_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/exit_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/fuzzers/libFuzzer/data/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/tasks/utasks/corpus_pruning_task_data/build/test_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/untrusted_runner/test_data/test_build/binary:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/untrusted_runner/test_data/test_build/do_stuff_fuzzer:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/bot/untrusted_runner/test_data/test_build/target:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/build_management/build_manager_data/rpath_existing_msan/app:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/build_management/build_manager_data/rpath_libfuzzer/target_1:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/build_management/build_manager_data/rpath_libfuzzer/target_2:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/build_management/build_manager_data/rpath_new/app:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/build_management/build_manager_data/rpath_prepend_to_existing/app:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/platforms/android/sanitizer_data/libclang_rt.asan-aarch64-android.so:1","Warn: binary detected: src/clusterfuzz/_internal/tests/core/platforms/android/sanitizer_data/libclang_rt.asan-arm-android.so:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":1,"reason":"branch protection is not maximal on development and all release branches","details":["Warn: 'force pushes' enabled on branch 'master'","Info: 'allow deletion' disabled on branch 'master'","Warn: settings do not apply to administrators on branch 'master'","Info: status checks require up-to-date branches for 'master'","Warn: 'last push approval' disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Warn: number of required reviewers is only 1 on branch 'master'","Warn: stale review dismissal disabled on branch 'master'","Warn: codeowner review is not required on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":9,"reason":"20 out of 22 merged PRs checked by a CI test -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: in_progress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":2,"reason":"6 out of last 30 changesets reviewed before merge -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"21 different organizations found -- score normalized to 10","details":["Info: contributors work for AFLplusplus,AVULN,BalalaikaCr3w,GoogleCloudPlatform,NoiSeBit,WebAssembly,arc-bits-goa,bytedance,computeranonymous,google,google inc,googlers,hackerschoice,hcs,leetchicken,llvm,recursecenter,rubyforgood,the hacker's choice | mh-sec | me | myself,v8,w3c"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: Dependabot detected: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":null,"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) out of 30 and 25 issue activity out of 30 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"publishing workflow detected","details":["Info: GitHub publishing workflow used in run https://api.github.com/repos/google/clusterfuzz/actions/runs/4120598232: .github/workflows/publish-to-pypi.yaml:23"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/google/clusterfuzz/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/google/clusterfuzz/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/google/clusterfuzz/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/google/clusterfuzz/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/google/clusterfuzz/tests.yaml/master?enable=pin","Warn: containerImage not pinned by hash: docker/base/Dockerfile:17: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: docker/base/Dockerfile:26: pin your Docker image by updating ubuntu to ubuntu@sha256:77906da86b60585ce12215807090eb327e7386c8fafb5402369e421f44eff17e","Warn: containerImage not pinned by hash: docker/chromium/base/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/chromium/builder/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/chromium/high-end/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/chromium/base to gcr.io/clusterfuzz-images/chromium/base@sha256:cf25189fe068390fb6c5b294d3bd4e8aef8b7cce5967133fbe2fb2b010982a22","Warn: containerImage not pinned by hash: docker/chromium/python-profiler/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/chromium/base to gcr.io/clusterfuzz-images/chromium/base@sha256:cf25189fe068390fb6c5b294d3bd4e8aef8b7cce5967133fbe2fb2b010982a22","Warn: containerImage not pinned by hash: docker/chromium/tests-syncer/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/ci/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/fuchsia/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/high-end/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/oss-fuzz/base/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: containerImage not pinned by hash: docker/oss-fuzz/host-high-end/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/oss-fuzz/host to gcr.io/clusterfuzz-images/oss-fuzz/host@sha256:7926955c243fec9138ffe9ea191dcafba7fbf87831b2d68bef18c0610623d8bc","Warn: containerImage not pinned by hash: docker/oss-fuzz/host/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/oss-fuzz/base to gcr.io/clusterfuzz-images/oss-fuzz/base@sha256:e521bc662ad537dae3accceaf423c519c7602ad4228a606d3ac1eba2ae00c15c","Warn: containerImage not pinned by hash: docker/oss-fuzz/worker/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/oss-fuzz/base to gcr.io/clusterfuzz-images/oss-fuzz/base@sha256:e521bc662ad537dae3accceaf423c519c7602ad4228a606d3ac1eba2ae00c15c","Warn: containerImage not pinned by hash: docker/utask-main-scheduler/Dockerfile:14: pin your Docker image by updating gcr.io/clusterfuzz-images/base to gcr.io/clusterfuzz-images/base@sha256:cbe0cd7e1941d60b3225e83e4e92b3a60269d382df950558dab9644a2b7c7c66","Warn: npmCommand not pinned by hash: docker/ci/Dockerfile:38","Warn: pipCommand not pinned by hash: configs/test/bot/setup/android.bash:99","Warn: pipCommand not pinned by hash: configs/test/bot/setup/linux.bash:94","Warn: pipCommand not pinned by hash: configs/test/bot/setup/mac.bash:87","Warn: pipCommand not pinned by hash: configs/test/gce/android-init.bash:100","Warn: npmCommand not pinned by hash: local/install_deps_macos.bash:35","Warn: npmCommand not pinned by hash: local/install_python_deps_linux.bash:53","Warn: pipCommand not pinned by hash: .github/workflows/publish-to-pypi.yaml:39","Info: Third-party GitHubActions are pinned","Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles","Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commmits","details":["Warn: 0 commits out of 22 are checked with a SAST tool","Info: SAST tool detected: CodeQL"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: Found linked content in security policy: github.com/google/.github/SECURITY.md","Info: Found text in security policy: github.com/google/.github/SECURITY.md","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/google/.github/SECURITY.md","Info: security policy detected in org repo: github.com/google/.github/SECURITY.md"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":9,"reason":"non read-only tokens detected in GitHub workflows","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/google/clusterfuzz/codeql-analysis.yml/master?enable=permissions","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:26","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:27","Info: topLevel permissions set to 'read-all': .github/workflows/publish-to-pypi.yaml:20","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:20","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:21","Info: topLevel permissions set to 'read-all': .github/workflows/tests.yaml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":-1,"reason":"internal error: vulnerabilitiesClient.ListUnfixedVulnerabilities: osvscanner.DoScan: vulnerabilities found","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/376f465c111c39c6a5ad7408e8896cd790cb5219/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T04:50:02.740Z","repository_id":38272657,"created_at":"2025-08-19T04:50:02.741Z","updated_at":"2025-08-19T04:50:02.741Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28670366,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T19:36:09.361Z","status":"ssl_error","status_checked_at":"2026-01-22T19:36:05.567Z","response_time":144,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","security","stability","vulnerabilities"],"created_at":"2024-08-01T05:01:12.418Z","updated_at":"2026-01-22T20:15:13.101Z","avatar_url":"https://github.com/google.png","language":"Python","readme":"# ClusterFuzz\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/logo.png\" width=\"400\"\u003e\n\u003c/p\u003e\n\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/google/clusterfuzz/badge)](https://api.securityscorecards.dev/projects/github.com/google/clusterfuzz)\n\nClusterFuzz is a scalable [fuzzing](https://en.wikipedia.org/wiki/Fuzzing)\ninfrastructure that finds security and stability issues in software.\n\nGoogle uses ClusterFuzz to fuzz all Google products and as the fuzzing\nbackend for [OSS-Fuzz].\n\nClusterFuzz provides many features which help seamlessly integrate fuzzing into\na software project's development process:\n- Highly scalable. Can run on any size cluster (e.g. OSS-Fuzz instance runs on\n  100,000 VMs).\n- Accurate deduplication of crashes.\n- Fully automatic bug filing, triage and closing for various issue trackers\n  (e.g. [Monorail], [Jira]).\n- Supports multiple [coverage guided fuzzing engines]\n  ([libFuzzer], [AFL], [AFL++] and [Honggfuzz])\n  for optimal results (with [ensemble fuzzing] and [fuzzing strategies]).\n- Support for [blackbox fuzzing].\n- Testcase minimization.\n- Regression finding through [bisection].\n- Statistics for analyzing fuzzer performance, and crash rates.\n- Easy to use web interface for management and viewing crashes.\n- Support for various authentication providers using [Firebase].\n\n## Overview\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/overview.png\"\u003e\n\u003c/p\u003e\n\n## Documentation\nYou can find detailed documentation [here](https://google.github.io/clusterfuzz).\n\n## Trophies\nAs of February 2023, ClusterFuzz has found ~27,000 bugs in Google (e.g. [Chrome]). Additionally, ClusterFuzz has helped identify and fix over [8,900] vulnerabilities and [28,000] bugs across [850] projects integrated with [OSS-Fuzz].\n\n## Getting Help\nYou can [file an issue](https://github.com/google/clusterfuzz/issues/new) to ask\nquestions, request features, or ask for help.\n\n## Staying Up to Date\nWe will use [clusterfuzz-announce(#)googlegroups.com](https://groups.google.com/forum/#!forum/clusterfuzz-announce) to make announcements about ClusterFuzz.\n\n## ClusterFuzzLite\nFor a more lightweight version of ClusterFuzz that runs on CI/CD\nsystems, check out [ClusterFuzzLite](http://github.com/google/clusterfuzzlite).\n\n[Chrome]: https://bugs.chromium.org/p/chromium/issues/list?can=1\u0026q=label%3AClusterFuzz+-status%3AWontFix%2CDuplicate\n[8,900]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=status%3AFixed%2CVerified%20Type%3DBug-Security\u0026can=1\n[28,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=status%3AFixed%2CVerified%20Type%3DBug\u0026can=1\n[850]: https://github.com/google/oss-fuzz/tree/master/projects\n[OSS-Fuzz]: https://github.com/google/oss-fuzz\n[Monorail]: https://opensource.google.com/projects/monorail\n[Jira]: https://www.atlassian.com/software/jira\n[bisection]: https://en.wikipedia.org/wiki/Bisection_(software_engineering)\n[Firebase]: https://firebase.google.com/docs/auth\n[libFuzzer]: http://llvm.org/docs/LibFuzzer.html\n[AFL]: https://github.com/google/AFL\n[AFL++]: https://github.com/AFLplusplus/AFLplusplus\n[Honggfuzz]: https://github.com/google/honggfuzz\n[blackbox fuzzing]: https://google.github.io/clusterfuzz/setting-up-fuzzing/blackbox-fuzzing/\n[coverage guided fuzzing engines]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/\n[fuzzing strategies]: https://i.blackhat.com/eu-19/Wednesday/eu-19-Arya-ClusterFuzz-Fuzzing-At-Google-Scale.pdf#page=27\n[ensemble fuzzing]: https://www.usenix.org/system/files/sec19-chen-yuanliang.pdf\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Fuzzing","Python","Python (144)","📚 Books","Python (1887)","Python程序","Chaos Testing","Programming/Comp Sci/SE Things"],"sub_categories":["功能","资源传输下载","A11y (accessibility)","Chrome Bugs"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fclusterfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fclusterfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fclusterfuzz/lists"}