The CI Fuzz CLI includes ready-to-use connectors for Maven, Gradle, and Bazel. Developers can even run fuzz tests straight from their IDEs with the help of a JUnit configuration.
Java developers can now simply integrate fuzz testing into their current JUnit setup to uncover functional defects and security vulnerabilities at scale with Code Intelligence’s open source CI Fuzz CLI tool.
The GitHub-hosted CI Fuzz CLI uses genetic and evolutionary techniques, automated instrumentation, and millions of unique inputs to test Java programmes for unexpected behaviours that could result in crashes, denial-of-service attacks, or zero-day exploits.
The open source community is becoming more and more interested in fuzz testing, which can be thought of as a complimentary method to unit testing. Fuzz testing was used by Google’s Open-Source-Security (OSS) team to find more than 40,500 problems in 650 open-source projects. The majority of developers outside the OSS and security communities are still learning about fuzz testing, though.
According to a recent study among Go developers, less than 12% of all participants use fuzz testing at work, with implementation issues and a lack of knowledge among the main barriers to adoption.
With its new open-source tool, Code Intelligence hopes to address these issues by enabling all developers to use fuzz testing straight from their command line or IDE. CI Fuzz CLI offers continuous application security testing directly in the CI/CD workflow by adding additional fuzzing features for Java. This is particularly helpful for businesses that want to establish a robust DevSecOps pipeline and offer cloud-based goods and services.
“With the CI Fuzz CLI, Java developers can now improve the overall security and robustness of their applications with confidence and ease. It takes just three commands to set up and run a fuzz test. The tool comes with ready-to-use integrations for Maven, Gradle and Bazel. With a JUnit setup in place, developers can even run fuzz tests directly from their IDE,” said Werner Krahe, Product Director at Code Intelligence.