I personally needed a tool that would help me connect CI and go-fuzz togheter. Since the CI I use (jenkins) doesn’t have a concept of “last job” I made fuzzi! (FUZZ Integration)
Fuzzy is a webservice app that manages go-fuzz jobs for you. The basic idea is simple.
- Someone pushes a change to a repository
- Your CI/CD builds the Go project/package
- Your CI/CD sends a message to fuzzy that a jobs needs update (or start)
- fuzzi downloads your repo
- fuzzi builds the fuzzing binary
- fuzzi launches and monitors go-fuzz on your project.
Since fuzzing is essentially an infinite process it will continue to monitor until the end of time.
There are already a cool of features that fuzzy provides.
- There is no distinction between launching or updating a fuzz job, meaning if you ask fuzzy to start fuzzing something, it’ll either start it from scratch, or reuse the corpus it built over time (for a given identical package and fuzz function)
- You can ask fuzzy for a list of crashers. It returns a JSON list.
- You can ask fuzzy to build you a Go file that reproduces a specific crasher.
At the moment documentation is scarce … which I’m not proud of, but it’s my next step. (also tons and tons of test)
Now I need potential users of this library to tell me what features they would like out of fuzzy
Do you want master-slave fuzzing ?
Do you want email on crash ?
Do you want timed fuzz (like fuzz for 1h and then report to X) ?
Slack integration ?
Other branch than master ?
hg support ?
JUST ASK 
EDIT: I forgot to give a link didn’t I
https://github.com/hydroflame/fuzzi