- FYI: Fuzzing for CNCF Projects
Re: FYI: Fuzzing for CNCF Projects
toggle quoted messageShow quoted text
That's a very insightful report! Would be great to see more CNCF projects using fuzzing integration to simplify vulnerability scanning and bug fixing.
Thanks for sharing, this is a very useful initiative Chris.
I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller to perform continuous fuzzing of the inputs/language parser.
I’ll bring up this topic at the next Falco community call to see what other maintainers think.
Thanks again for sharing!
Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853
I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk
), we found it fairly useful on top of normal security audits.
Join firstname.lastname@example.org to automatically receive all group messages.