Re: FYI: Fuzzing for CNCF Projects

Lorenzo Fontana <fontanalorenz@...>

Thanks for sharing, this is a very useful initiative Chris.

I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser.

I’ll bring up this topic at the next Falco community call to see what other maintainers think.  

Thanks again for sharing!


On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote:
Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness:

I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (, we found it fairly useful on top of normal security audits.

Chris Aniszczyk (@cra)

Join { to automatically receive all group messages.