Science Score: 54.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
✓Committers with academic emails
16 of 1055 committers (1.5%) from academic institutions -
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (9.4%) to scientific vocabulary
Keywords
fuzz-testing
fuzzing
oss-fuzz
security
stability
vulnerabilities
Keywords from Contributors
system
distributed
systemd
services
init
deep-neural-networks
argument-parser
embedded
subcommands
positional-arguments
Last synced: 4 months ago
·
JSON representation
·
Repository
OSS-Fuzz - continuous fuzzing for open source software.
Basic Info
- Host: GitHub
- Owner: google
- License: apache-2.0
- Language: Shell
- Default Branch: master
- Homepage: https://google.github.io/oss-fuzz
- Size: 46 MB
Statistics
- Stars: 11,275
- Watchers: 254
- Forks: 2,469
- Open Issues: 439
- Releases: 0
Topics
fuzz-testing
fuzzing
oss-fuzz
security
stability
vulnerabilities
Created over 9 years ago
· Last pushed 4 months ago
Metadata Files
Readme
Contributing
License
Citation
README.md
OSS-Fuzz: Continuous Fuzzing for Open Source Software
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.
In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz (e.g. closed source) can run their own instances of ClusterFuzz or ClusterFuzzLite.
We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.
Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, Java/JVM, and JavaScript code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
Overview
Documentation
Read our detailed documentation to learn how to use OSS-Fuzz.
Trophies
As of May 2025, OSS-Fuzz has helped identify and fix over 13,000 vulnerabilities and 50,000 bugs across 1,000 projects.
Blog posts
- 2024-11-20 - Leveling Up Fuzzing: Finding more vulnerabilities with AI
- 2023-08-16 - AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
- 2023-02-01 - Taking the next step: OSS-Fuzz in 2023
- 2022-09-08 - Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically
- 2021-12-16 - Improving OSS-Fuzz and Jazzer to catch Log4Shell
- 2021-03-10 - Fuzzing Java in OSS-Fuzz
- 2020-12-07 - Improving open source security during the Google summer internship program
- 2020-10-09 - Fuzzing internships for Open Source Software
- 2018-11-06 - A New Chapter for OSS-Fuzz
- 2017-05-08 - OSS-Fuzz: Five months later, and rewarding projects
- 2016-12-01 - Announcing OSS-Fuzz: Continuous fuzzing for open source software
Owner
- Name: Google
- Login: google
- Kind: organization
- Email: opensource@google.com
- Location: United States of America
- Website: https://opensource.google/
- Twitter: GoogleOSS
- Repositories: 2,773
- Profile: https://github.com/google
Google ❤️ Open Source
Citation (CITATION.cff)
cff-version: 1.2.0
title: OSS-Fuzz
message: >-
If you use this software, please cite it using the
metadata from this file.
type: software
authors:
- given-names: Abhishek
family-names: Arya
affiliation: Google LLC
email: aarya@google.com
orcid: 'https://orcid.org/0009-0009-4558-4314'
- given-names: Oliver
family-names: Chang
email: ochang@google.com
affiliation: Google LLC
orcid: 'https://orcid.org/0009-0006-3181-4551'
- given-names: Jonathan
family-names: Metzman
email: metzman@google.com
affiliation: Google LLC
orcid: 'https://orcid.org/0000-0002-7042-0444'
- given-names: Kostya
family-names: Serebryany
email: kcc@google.com
affiliation: Google LLC
orcid: 'https://orcid.org/0009-0009-2379-3641'
- given-names: Dongge
family-names: Liu
email: donggeliu@google.com
affiliation: Google LLC
orcid: 'https://orcid.org/0000-0003-4821-7033'
repository-code: 'https://github.com/google/oss-fuzz'
abstract: >-
OSS-Fuzz is an open-source project by Google that provides
continuous fuzzing for open-source software. It aims to
make common open-source software more secure and stable by
combining modern fuzzing techniques with scalable,
distributed execution. As of August 2023, OSS-Fuzz has
helped identify and fix over 10,000 vulnerabilities and
36,000 bugs across 1,000 projects.
keywords:
- open-source
- fuzzing
license: Apache-2.0
Committers
Last synced: 4 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| DavidKorczynski | d****d@a****m | 1,493 |
| jonathanmetzman | 3****n | 789 |
| Oliver Chang | o****g | 744 |
| Mike Aizatsky | m****y@g****m | 624 |
| Abhishek Arya | i****o@c****g | 576 |
| AdamKorcz | 4****z | 482 |
| Max Moroz | m****z@c****g | 403 |
| Catena cyber | 3****r | 351 |
| Guido Vranken | g****n | 253 |
| Kostya Serebryany | k****y@g****m | 241 |
| Arthur Chan | a****n@a****m | 216 |
| Mike Aizatsky | a****y@g****m | 132 |
| Evgeny Vereshchagin | e****s@y****u | 115 |
| Kevin Lubick | k****k | 106 |
| Fabian Meumertzheim | m****m@c****m | 76 |
| maflcko | 6****o | 76 |
| Alex Gaynor | a****r@g****m | 75 |
| Navidem | n****t@g****m | 74 |
| Bhargava Shastry | b****3@g****m | 68 |
| manunio | m****r@g****m | 68 |
| Robert Löhning | r****g@q****o | 66 |
| tsdgeos | a****d@k****g | 65 |
| Dongge Liu | d****u@g****m | 62 |
| OSS-Fuzz Team | n****y@g****m | 58 |
| Arjun | 3****d | 58 |
| Julien Voisin | j****n | 56 |
| Henry Lin | h****3@g****m | 56 |
| Sergey Bronnikov | e****s@g****m | 54 |
| Patrice.S | p****e@c****m | 53 |
| Tyson Smith | t****h | 52 |
| and 1,025 more... | ||
Committer Domains (Top 20 + Academic)
google.com: 84
intel.com: 13
redhat.com: 13
chromium.org: 8
gmx.de: 7
code-intelligence.com: 6
arm.com: 5
fb.com: 4
mozilla.com: 4
wolfssl.com: 4
qq.com: 4
amazon.com: 3
cisco.com: 3
yubico.com: 3
free.fr: 3
github.com: 3
python.org: 2
gnu.org: 2
cpan.org: 2
corelight.com: 2
psc.edu: 1
seas.upenn.edu: 1
cs.stanford.edu: 1
fh-muenster.de: 1
bu.edu: 1
loyola.edu: 1
inf.u-szeged.hu: 1
cs.nyu.edu: 1
mit.edu: 1
vt.edu: 1
ucla.edu: 1
virginia.edu: 1
sanger.ac.uk: 1
ucsc.edu: 1
ieee.org: 1
Issues and Pull Requests
Last synced: 4 months ago
All Time
- Total issues: 481
- Total pull requests: 4,040
- Average time to close issues: over 1 year
- Average time to close pull requests: about 1 month
- Total issue authors: 231
- Total pull request authors: 533
- Average comments per issue: 2.9
- Average comments per pull request: 2.03
- Merged pull requests: 2,935
- Bot issues: 1
- Bot pull requests: 107
Past Year
- Issues: 156
- Pull requests: 1,858
- Average time to close issues: 11 days
- Average time to close pull requests: 4 days
- Issue authors: 105
- Pull request authors: 253
- Average comments per issue: 1.06
- Average comments per pull request: 1.57
- Merged pull requests: 1,341
- Bot issues: 1
- Bot pull requests: 75
Top Authors
Issue Authors
- jonathanmetzman (46)
- DavidKorczynski (18)
- evverx (14)
- oliverchang (13)
- ligurio (11)
- kasper93 (10)
- catenacyber (9)
- szhorvat (8)
- AdamKorcz (8)
- maflcko (7)
- alexcrichton (5)
- zi0Black (5)
- sudiptob2 (5)
- jreiser (5)
- davidben (5)
Pull Request Authors
- DavidKorczynski (560)
- AdamKorcz (250)
- arthurscchan (212)
- jonathanmetzman (202)
- oliverchang (198)
- maflcko (135)
- dependabot[bot] (58)
- ligurio (57)
- catenacyber (51)
- copybara-service[bot] (49)
- DaveLak (39)
- silvergasp (38)
- manunio (38)
- tyler92 (37)
- ennamarie19 (37)
Top Labels
Issue Labels
infrastructure (10)
clusterfuzz (5)
priority (4)
minor enhancement (2)
enhancement (2)
cflite (2)
ready to merge (2)
wontfix (1)
bug (1)
dependencies (1)
ruby (1)
Pull Request Labels
ready to merge (1,271)
dependencies (58)
java (26)
ruby (14)
javascript (8)
python (6)
cflite (2)
go (1)
Packages
- Total packages: 2
-
Total downloads:
- pypi 17 last-month
-
Total dependent packages: 0
(may contain duplicates) -
Total dependent repositories: 1
(may contain duplicates) - Total versions: 838
- Total maintainers: 1
proxy.golang.org: github.com/google/oss-fuzz
- Homepage: https://github.com/google/oss-fuzz
- Documentation: https://pkg.go.dev/github.com/google/oss-fuzz#section-documentation
- License: Apache-2.0
-
Latest release: v0.0.0-20240125183725-5acb10b65c22
published almost 2 years ago
Rankings
Forks count: 0.6%
Stargazers count: 0.7%
Average: 3.9%
Dependent repos count: 4.7%
Dependent packages count: 9.6%
Last synced:
4 months ago
pypi.org: pysecsan
Sanitizers to detect security vulnerabilities at runtime.
- Homepage: https://github.com/google/oss-fuzz/tree/master/infra/sanitizers/pysecsan
- Documentation: https://pysecsan.readthedocs.io/
- License: Apache Software License
-
Latest release: 0.1.0
published over 3 years ago
Rankings
Stargazers count: 0.3%
Forks count: 0.3%
Dependent packages count: 6.6%
Downloads: 7.0%
Average: 9.0%
Dependent repos count: 30.6%
Maintainers (1)
Last synced:
4 months ago
Dependencies
projects/sketches-core/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/spatial4j/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/sqlite-jdbc/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/swagger-core/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/twelve-monkeys/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/tyrus/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/xmldom/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-javascript latest build
projects/cloud-custodian/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/docker-client/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/flyway/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/g-oauth-java-client/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/go-git/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-go latest build
projects/java-diff-utils/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/jooq/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/kie-soup/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/libultrahdr/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/mariadb-connector-j/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/memcached/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/mybatis-3/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/nokogiri/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/proton-bridge/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-go latest build
projects/quartz/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/libcue/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
.github/workflows/cflite_pr.yml
actions
- google/clusterfuzzlite/actions/build_fuzzers v1 composite
- google/clusterfuzzlite/actions/run_fuzzers v1 composite
.github/workflows/codeql-analysis.yml
actions
- actions/checkout v3 composite
- github/codeql-action/analyze v2 composite
- github/codeql-action/autobuild v2 composite
- github/codeql-action/init v2 composite
.github/workflows/infra_tests.yml
actions
- actions/checkout v3 composite
- actions/setup-python v3 composite
- google-github-actions/setup-gcloud v0 composite
.github/workflows/pr_helper.yml
actions
- actions/checkout v3 composite
- actions/github-script v6 composite
- actions/setup-go v4 composite
- actions/setup-python v3 composite
.github/workflows/presubmit.yml
actions
- actions/checkout v3 composite
- actions/setup-python v3 composite
.github/workflows/project_tests.yml
actions
- actions/checkout v3 composite
- actions/setup-python v3 composite
infra/cifuzz/actions/build_fuzzers/action.yml
actions
- ../../../build_fuzzers.Dockerfile * docker
infra/cifuzz/actions/run_fuzzers/action.yml
actions
- ../../../run_fuzzers.Dockerfile * docker
infra/cifuzz/external-actions/build_fuzzers/action.yml
actions
- ../../../build_fuzzers.Dockerfile * docker
infra/cifuzz/external-actions/run_fuzzers/action.yml
actions
- ../../../run_fuzzers.Dockerfile * docker
infra/build/status/bower.json
bower
- web-component-tester ^6.0.0-prerelease.5 development
- webcomponentsjs webcomponents/webcomponentsjs#^1.1.0 development
- app-layout PolymerElements/app-layout#2.0-preview
- app-route PolymerElements/app-route#2.0-preview
- iron-ajax PolymerElements/iron-ajax#2.0-preview
- iron-flex-layout PolymerElements/iron-flex-layout#2.0-preview
- iron-icons PolymerElements/iron-icons#2.0-preview
- paper-card PolymerElements/paper-card#2.0-preview
- paper-icon-button PolymerElements/paper-icon-button#2.0-preview
- paper-item PolymerElements/paper-item#2.0-preview
- paper-tabs PolymerElements/paper-tabs#2.0-preview
- polymer Polymer/polymer#^2.0.0-rc.3
projects/redis-rs/fuzz/Cargo.toml
cargo
projects/rust-brotli/fuzz/Cargo.toml
cargo
projects/serde_urlencoded/fuzz/Cargo.toml
cargo
projects/zip-rs/fuzz/Cargo.toml
cargo
.clusterfuzzlite/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python v1 build
infra/base-images/base-builder/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-clang latest build
infra/base-images/base-builder-fuzzbench/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-builder-go/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-builder-javascript/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-builder-jvm/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-builder-python/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-builder-rust/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-builder-swift/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/base-images/base-clang/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-image latest build
infra/base-images/base-image/Dockerfile
docker
- $parent_image latest build
infra/base-images/base-runner/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-clang latest build
- gcr.io/oss-fuzz-base/base-image latest build
infra/base-images/base-runner-debug/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-runner latest build
infra/build/build_status/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-runner latest build
infra/build/functions/trial_build/Dockerfile
docker
- gcr.io/cloud-builders/gcloud latest build
infra/build/fuzz-introspector-webapp/Dockerfile
docker
- python 3.11-bullseye build
infra/cifuzz/cifuzz-base/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-runner latest build
infra/cifuzz/test_data/external-project/.clusterfuzzlite/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/experimental/SystemSan/PoEs/node-shell-quote-v1.7.3/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
infra/experimental/SystemSan/PoEs/pytorch-lightning-1.5.10/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
infra/uploader/Dockerfile
docker
- ubuntu 16.04 build
projects/abseil-cpp/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/abseil-py/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/ada-url/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/adal/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/aiohttp/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/airflow/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/alembic/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/ampproject/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/angular/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-javascript latest build
projects/angus-mail/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/aniso8601/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/ansible/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/antlr3-java/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/antlr4-java/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-axis2/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-bcel/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-beanutils/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-cli/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-codec/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-collections/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-compress/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-configuration/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-csv/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-fileupload/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-geometry/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-imaging/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-io/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-jxpath/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-lang/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-logging/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-math/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-commons-text/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-cxf/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-felix-dev/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/apache-httpd/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/apache-poi/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/aptos-core/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-rust latest build
projects/archaius-core/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-jvm latest build
projects/arduinojson/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder latest build
projects/argcomplete/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-python latest build
projects/argo/Dockerfile
docker
- gcr.io/oss-fuzz-base/base-builder-go latest build