CI Fuzz CLI Brings Fuzz Testing to Java Applications

CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow.

The open source security tool
CI Fuzz CLI now supports Java
, according to Code Intelligence, the company behind the project.
Back in September, Code Intelligence announced
CI Fuzz CLI
, which lets developers run coverage-guided fuzz tests directly from the command line to find and fix functional bugs and security vulnerabilities at scale. CI Fuzz CLI can be integrated into common build systems such as Maven and Bazel; integrated development environments (IDEs), and continuous integration/continuous delivery (CI/CD) tools such as Jenkins. Initially, the tool supported C, C++, and CMake. The latest update, which includes the Junit integration, allows Java developers to run fuzz tests directly from the IDE.
Fuzz testing
– or fuzzing – refers to when the tester
throws a lot of data (fuzz) against an application
to see how the application reacts. Because the input data includes random and invalid inputs, developers can uncover issues which could result in memory corruptions, application crashes, and security issues such as denial-of-service and uncaught exceptions.
The latest guidelines for software verification from the National Institute of Standards and Technology includes fuzzing among the minimum standard requirements. Google recently reported more than 40,500 bugs in 650 open source projects have been uncovered through fuzz testing. The company launched
OSS-Fuzz
in 2016 in response to the
Heartbleed vulnerability
, a memory buffer overflow flaw that could have been detected by fuzz testing.
While fuzz testing is
slowly gaining traction
within the open source community, it is not yet widely used by developers outside open source and information security, Code Intelligence says. Part of that is because fuzzing is a specialized skill and many security teams dont have the knowledge and experience to use fuzz testing tools effectively. Code Intelligence says CI Fuzz CLI lowers the barrier to entry for fuzzing because the tool has only three commands. By allowing developers to run the tool from the command line or within the IDE makes fuzzing more accessible, the company says.
The fact that the tool integrates into the developer workflow means it can automatically fuzz the code whenever there is a new pull or merge request, the company says.
“Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It’s like having an automated security expert always by your side,” Thomas Dohmke, CEO of GitHub, said in a statement.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CI Fuzz CLI Brings Fuzz Testing to Java Applications