Question 1

Is OneFuzz still maintained after 2023?

Accepted Answer

No, Microsoft announced the project will be archived by September 30, 2023, with no further updates or community support. Forking is possible, but it's unsupported for long-term use.

Question 2

How does OneFuzz compare to OSS-Fuzz?

Accepted Answer

OneFuzz is self-hosted and allows custom fuzzers, giving more control but requiring infrastructure management. OSS-Fuzz is a Google-managed service for open-source projects, offering easier setup but less customization.

Question 3

How to integrate OneFuzz with CI/CD pipelines?

Accepted Answer

The README provides a GitHub Actions example and documentation for baking fuzz jobs into CI/CD. It involves a single command to launch jobs, but setup requires configuring self-hosted infrastructure.

Question 4

Can OneFuzz fuzz closed-source software?

Accepted Answer

Yes, as a self-hosted platform, it can fuzz any software, including closed-source, by onboarding custom fuzzers and instrumentation, though it requires managing the infrastructure internally.

Question 5

What are alternatives to OneFuzz now that it's archived?

Accepted Answer

For self-hosted options, consider forking OneFuzz or using tools like AFL++. For managed services, OSS-Fuzz (open-source) or commercial platforms like ForAllSecure are alternatives, but they may lack OneFuzz's customizability.

Question 6

Does OneFuzz work on macOS or only Windows/Linux?

Accepted Answer

No, the supported platforms documentation states it only works on Windows and Linux, not macOS, limiting its use for Apple ecosystem projects.

OneFuzz

What is OneFuzz?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions