About

This page is designed to be a convenient way for understanding the state of open source fuzzing as provided by OSS-Fuzz. OSS-Fuzz builds projects by way of Fuzz Introspector in order to extract detailed insights about the state of fuzzing of a given open source project. The information provided by Fuzz Introspector is useful to understand how well a given project is being fuzzed and how to improve the fuzzing. Each Fuzz Introspector report provides lots of data for each project, and this page is used to aggregate specific pieces of this information about all OSS-Fuzz projects that successfully build with Fuzz Introspector.

The page is designed with several audiences in mind, this includes both developers and security researchers. Developers may find this page useful for quickly assessing whether specific parts of an open source project is being analysed, which is useful information when using or adapting a new open source project. Security researchers may find this page useful to assess where there are gaps in the analysis and where security efforts are likely to benefit. The goal is to have as much code analysed of the projects integrated into OSS-Fuzz.

We welcome any feedback and please refer to the relevant GitHub repositories when suggesting improvements or highlighting issues.

FAQs

There are two main reasons for this:
  1. 1) In order to index the project it needs to be analysed by Fuzz Introspector. Fuzz Introspector currently supports C/C++/Python/Java so if your project is in another language than this then it currently can't be indexed.
  2. 2) The OSS-Fuzz build is currently failing either code coverage builds or fuzz introspector builds, if any of these are failing then the project will not be indexed.

Any project integrated into https://github.com/google/oss-fuzz will be added to this database. Please add your project to OSS-Fuzz and it will be automatically indexed.