Technology

Google debuts ClusterFuzzLite security tool for CI, CD workflows | ZDNet

By Naomi Gleit

Google has launched ClusterFuzzLite, a continuous fuzzing solution for improving software supply chain security. 

On Thursday, Google software engineers Jonathan Metzman and Oliver Chang, together with product lead for Google’s CI/CD products, Michael Winser, said in a blog post that the new tool can run “as part of CI/CD workflows to find vulnerabilities faster than ever before.”

Fuzzing is an automated testing technique for finding bugs and unexpected behavior by inputting invalid and random data into programs. This can flag up vulnerabilities or errors that may otherwise go unnoticed through manual analysis. 

The new tool, ClusterFuzzLite, is based on ClusterFuzz, an open source scalable fuzzing infrastructure previously released by Google and used as the fuzzing backbone for the OSS-Fuzz program. 

According to Google, ClusterFuzzLite can be integrated into existing workflows to fuzz pull requests, improving the chance of vulnerabilities to be found earlier in the development process and before changes are committed. 

While ClusterFuzz and ClusterFuzzLite contain some of the same features — including continuous fuzzing, coverage report creation, and sanitizer support — the team says that the main difference is ClusterFuzz is easy to set up with closed source projects, and so developers can make use of it to quickly fuzz their software. 

As of now, ClusterFuzzLite supports GitHub Actions, Google Cloud Build, and Prow. 

“With ClusterFuzzLite, fuzzing is no longer just an idealized “bonus” round of testing for those who have access to it, but a critical must-have step that everyone can use continuously on every software project,” the team said. “By finding and preventing bugs before they enter the codebase we can build a more secure software ecosystem.”

Documentation on the tool can be accessed at GitHub

In February, Google launched the Open Source Vulnerabilities (OSV) website, a platform for open source vulnerability mapping.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Naomi Gleit 44842 posts 0 comments
More Stories

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

Google to appeal Play Store ruling | Computer Weekly

Smart charger aims to ease grid stress from EVs

1 of 69,748