A self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing to harden software prior to release.
OneFuzz is a self-hosted Fuzzing-As-A-Service platform that enables continuous developer-driven fuzzing to proactively harden software prior to release. It allows developers to launch scalable fuzz jobs from a few virtual machines to thousands of cores with a single command, which can be integrated into CI/CD pipelines. The platform provides composable workflows, built-in ensemble fuzzing, and on-demand live-debugging to identify and reproduce unique flaws.
Software developers, security engineers, and DevOps teams who need to integrate fuzzing into their development and release cycles to improve software security and quality.
Developers choose OneFuzz for its self-hosted, scalable Fuzzing-As-A-Service model that integrates seamlessly into CI/CD, supports custom fuzzers and instrumentation, and provides reproducible results with live-debugging capabilities across Windows and Linux platforms.
A self-hosted Fuzzing-As-A-Service platform
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Allows launching fuzz jobs from a few virtual machines to thousands of cores with a single command, as emphasized in the README, enabling seamless integration into CI/CD pipelines.
Supports onboarding custom fuzzers and swapping instrumentation, providing flexibility for specialized testing needs without being locked into a specific toolset.
Facilitates collaboration between multiple fuzzing technologies by default, sharing inputs to improve coverage and effectiveness in finding unique flaws.
Designed for Windows and Linux, including custom OS builds and kernels, making it versatile for cross-platform software hardening.
Microsoft is archiving the project as of September 2023, meaning no future development, bug fixes, or official support, which poses a significant risk for adoption.
Requires managing virtual machines and infrastructure, which can be resource-intensive and challenging for teams without prior experience in deploying such platforms.
Crash reporting notifications are primarily integrated with Azure DevOps and Microsoft Teams, limiting ease of use for teams in other environments like AWS or Slack.