{"id":13484874,"url":"https://github.com/google/oss-fuzz","last_synced_at":"2025-05-12T05:32:43.683Z","repository":{"id":37389727,"uuid":"63809205","full_name":"google/oss-fuzz","owner":"google","description":"OSS-Fuzz - continuous fuzzing for open source software.","archived":false,"fork":false,"pushed_at":"2025-05-09T22:13:15.000Z","size":46863,"stargazers_count":11030,"open_issues_count":514,"forks_count":2379,"subscribers_count":254,"default_branch":"master","last_synced_at":"2025-05-12T02:46:14.579Z","etag":null,"topics":["fuzz-testing","fuzzing","oss-fuzz","security","stability","vulnerabilities"],"latest_commit_sha":null,"homepage":"https://google.github.io/oss-fuzz","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-07-20T19:39:50.000Z","updated_at":"2025-05-11T14:50:48.000Z","dependencies_parsed_at":"2025-05-11T05:42:30.035Z","dependency_job_id":null,"html_url":"https://github.com/google/oss-fuzz","commit_stats":{"total_commits":11222,"total_committers":999,"mean_commits":"11.233233233233234","dds":0.880859026911424,"last_synced_commit":"b59dc2e691ee42b5722671013214dff0fee1d8a0"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Foss-fuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Foss-fuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Foss-fuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Foss-fuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/oss-fuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253672734,"owners_count":21945482,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzz-testing","fuzzing","oss-fuzz","security","stability","vulnerabilities"],"created_at":"2024-07-31T17:01:37.219Z","updated_at":"2025-05-12T05:32:43.646Z","avatar_url":"https://github.com/google.png","language":"Shell","readme":"# OSS-Fuzz: Continuous Fuzzing for Open Source Software\n\n[Fuzz testing] is a well-known technique for uncovering programming errors in\nsoftware. Many of these detectable errors, like [buffer overflow], can have\nserious security implications. Google has found [thousands] of security\nvulnerabilities and stability bugs by deploying [guided in-process fuzzing of\nChrome components], and we now want to share that service with the open source\ncommunity.\n\n[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing\n[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow\n[thousands]: https://issues.chromium.org/issues?q=label:Stability-LibFuzzer%20-status:Duplicate,WontFix\n[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html\n\nIn cooperation with the [Core Infrastructure Initiative] and the [OpenSSF],\nOSS-Fuzz aims to make common open source software more secure and stable by\ncombining modern fuzzing techniques with scalable, distributed execution.\nProjects that do not qualify for OSS-Fuzz (e.g. closed source) can run their own\ninstances of [ClusterFuzz] or [ClusterFuzzLite].\n\n[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/\n[OpenSSF]: https://www.openssf.org/\n\nWe support the [libFuzzer], [AFL++], and [Honggfuzz] fuzzing engines in\ncombination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer\nexecution environment and reporting tool.\n\n[libFuzzer]: https://llvm.org/docs/LibFuzzer.html\n[AFL++]: https://github.com/AFLplusplus/AFLplusplus\n[Honggfuzz]: https://github.com/google/honggfuzz\n[Sanitizers]: https://github.com/google/sanitizers\n[ClusterFuzz]: https://github.com/google/clusterfuzz\n[ClusterFuzzLite]: https://google.github.io/clusterfuzzlite/\n\nCurrently, OSS-Fuzz supports C/C++, Rust, Go, Python, Java/JVM, and JavaScript code. Other languages\nsupported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386\nbuilds.\n\n[LLVM]: https://llvm.org\n\n## Overview\n![OSS-Fuzz process diagram](docs/images/process.png)\n\n## Documentation\nRead our [detailed documentation] to learn how to use OSS-Fuzz.\n\n[detailed documentation]: https://google.github.io/oss-fuzz\n\n## Trophies\nAs of August 2023, OSS-Fuzz has helped identify and fix over [10,000] vulnerabilities and [36,000] bugs across [1,000] projects.\n\n[10,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug-Security%20label%3Aclusterfuzz%20-status%3ADuplicate%2CWontFix\u0026can=1\n[36,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug%20label%3Aclusterfuzz%20-status%3ADuplicate%2CWontFix\u0026can=1\n[1,000]: https://github.com/google/oss-fuzz/tree/master/projects\n\n## Blog posts\n* 2023-08-16 - [AI-Powered Fuzzing: Breaking the Bug Hunting Barrier]\n* 2023-02-01 - [Taking the next step: OSS-Fuzz in 2023]\n* 2022-09-08 - [Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically]\n* 2021-12-16 - [Improving OSS-Fuzz and Jazzer to catch Log4Shell]\n* 2021-03-10 - [Fuzzing Java in OSS-Fuzz]\n* 2020-12-07 - [Improving open source security during the Google summer internship program]\n* 2020-10-09 - [Fuzzing internships for Open Source Software]\n* 2018-11-06 - [A New Chapter for OSS-Fuzz]\n* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects]\n* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software]\n\n[AI-Powered Fuzzing: Breaking the Bug Hunting Barrier]: https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html\n[Announcing OSS-Fuzz: Continuous fuzzing for open source software]: https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html\n[OSS-Fuzz: Five months later, and rewarding projects]: https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html\n[A New Chapter for OSS-Fuzz]: https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html\n[Fuzzing internships for Open Source Software]: https://security.googleblog.com/2020/10/fuzzing-internships-for-open-source.html\n[Improving open source security during the Google summer internship program]: https://security.googleblog.com/2020/12/improving-open-source-security-during.html\n[Fuzzing Java in OSS-Fuzz]: https://security.googleblog.com/2021/03/fuzzing-java-in-oss-fuzz.html\n[Improving OSS-Fuzz and Jazzer to catch Log4Shell]: https://security.googleblog.com/2021/12/improving-oss-fuzz-and-jazzer-to-catch.html\n[Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically]: https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html\n[Taking the next step: OSS-Fuzz in 2023]: https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html\n","funding_links":[],"categories":["Shell","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Fuzzing","DAST","Tools","C (61)","C","Continuous Integration","Инструменты","Shell (473)","Fuzz Testing","Application Security","Testing"],"sub_categories":["功能","Messaging","Fuzzing","API Fuzzing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Foss-fuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Foss-fuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Foss-fuzz/lists"}