Using the CI Fuzz Web Interface

How to Run Your Fuzz Tests Using CI Fuzz SaaS


You can run your fuzz tests in the Code Intelligence cloud using our web app. In the following, it is assumed that you already have set up a fuzzing project and created fuzz tests.

The easiest way to do this is by using the CI Fuzz plugin for Visual Studio Code. You have to push your fuzz tests to your project repository.

$ git add .code-intelligence
$ git commit -m "Add ci-fuzz project setup and fuzz tests"
$ git push

The CI Fuzz server will pull the build docker image you configured in VS Code automatically. So make sure it is available at a docker registry like docker hub or

Sign In to the Web App

Open in your web browser. To sign in to the web app, you can use your GitHub, GitLab, or bitbucket account.

Fuzzing as a Service | CI Fuzz

If you want to work on a project together with others, you can use an organization. To learn more about how organizations work, read Work Together Using Organizations.

Create a new project in CI Fuzz



Importing Your Project

When you click "New Project" you can decide if you want the project to be owned by your organization or if you want to create a personal project.

Import existing projects in CI Fuzz for fuzzing

In the next step, you need to provide the git URL of your project repository.


Create a new fuzzing project in CI Fuzz

Repository Token

This is needed for authentication if you want to check out from a private git repository. You can create a personal access token in your account settings in GitHub, GitLab, or BitBucket. For GitLab, using a deploy token is also supported. This feature is disabled in the SaaS since it is currently intended for open source projects only.

After the project has been initialized successfully, you see an overview showing the findings and the code coverage. Since we haven't run any fuzz tests, there are no findings yet.

Connect CI Fuzz SaaS Platform to GitHub, GitLab, or Bitbucket

Pull Script

If you tick off "Git Repository" (not recommended unless necessary), you can provide an arbitrary shell script.

Connect your Git Repository to CI Fuzz

This script should result in the project with the fuzzing configuration (.code_intelligence directory) ending up in the current working directory. Also, it should work if the project is already there but needs updating.  An example of a working pull script (replace parts surrounded by <>):

git clone  --depth=100 https://<username>:<githubtoken><yourproject>/<somerepo>.git . || git pull

In this example, a pull script is necessary, because git commit history is need when the SUT is being built, but by default, CI Fuzz does not clone older commits (it uses --depth=0).

Docker Image

This docker image will be used to spawn containers that will:

  • Clone/pull the project repository or run the pull script. For this reason, the image must have git installed and if your git server's certificate is not signed by a public CA, then it's custom CA certificate must be in the system certificate store in the container. Example dockerfile:
    FROM ubuntu 20.04
    RUN apt-get -y install git
    COPY git_server_ca_cert.crt /usr/local/share/ca-certificates/git/git_server_ca_cert.crt
    RUN update-ca-certificates
  • Build the SUT (with the exception of Java Web Application fuzz tests). For this reason, the image must contain all the dependencies needed to build your project.
  • Run the fuzz tests (with the exception of Java Web Application fuzz tests)

Running fuzz tests

Choose which Test Collection you want to run in the left column. Clicking start will build and execute the corresponding fuzz tests. As an example project, we use the ZINT Barcode Generator, in which we found and reported several vulnerabilities.

For Java out of process fuzzing, you must first configure your Web App for fuzzing with CI-Fuzz server.


fuzz test run build pipeline with logs

After the build is completed and the fuzz tests start running, you can watch the coverage increasing. The fuzz test runs until a bug is found or the configured time limit is reached.

fuzzing coverga graphs with finding

Viewing findings and coverage reports

To view the details of the finding, click "All Findings". Here you can see a list of all findings. If you are only interested in findings of a specific type or severity, you can use the filters.

Viewing fuzzing findings and coverage reports

By selecting a finding, you see all details like the source file containing the bug, the crashing input, and the full address sanitizer log, which are very useful for further investigating the finding.

what bugs can you find with fuzzing?

Finding a Stack Buffer Overflow With Fuzzing

If you are interested in more details about the code coverage, click "Code Coverage" in the overview tab to get a list of all source files and their coverage.

Fuzzing Coverage Reporting


You can continue with Continuous Fuzzing Setup.