Google Open Sources ClusterFuzzLite

ClusterFuzzLite is a stripped-down version of continuous fuzzing tool ClusterFuzz that integrates CI tools.

Google has released
ClusterFuzzLite
, an open source fuzzing project that is a lightweight version of the company’s
ClusterFuzz
tool.
Fuzzing is a technique where the tester throws a lot of data (“fuzz”), including random or invalid inputs, against an application to see how the application reacts. If the application crashes, the tester can look for memory leaks and security flaws. Continuous fuzzing has become a critical part of software development – even the latest guidelines for software verification from the
National Institute of Standards and Technology
specifies fuzzing among the minimum standard requirements.
Google released
OSS-Fuzz
, which combined various fuzzing engines to provide
continuous fuzzing capabilities
back in 2016, and then released one of the services,
ClusterFuzz
, as open source in 2019. ClusterFuzz was famously used to
run 50 million test cases
per day against various Chrome builds and helped find more than 16,000 bugs in Chrome, Google said at the time. Since its inception, OSS-Fuzz has been used to fix 6,500 vulnerabilities and 21,000 functional bugs, Google said.
ClusterFuzzLite offers many of the same features as ClusterFuzz, such as continuous fuzzing, sanitizer support, corpus management, and coverage report generation. ClusterFuzzLite runs as part of continuous integration/continuous delivery (CI/CD) workflows, so it can fuzz GitHub pull requests to catch bugs before they are committed.
As of launch, ClusterFuzzLite officially supports GitHubActions and Google Cloud Build. It also supports Prow as part of an early-stage beta. Support for other CI systems are expected at a later time.
Any project – even closed source projects – can be set up to use ClusterFuzzLite, moving continuous fuzzing from a “nice-to-have” to a critical must-have aspect of secure software development. Google says ClusterFuzzLite is already being used by large projects, including
systemd
and
curl
for code review.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Google Open Sources ClusterFuzzLite