diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1524706..e7dbe3c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,6 +1,10 @@
name: CI Fuzz
-# Set an action secret called "CI_FUZZ_API_TOKEN" with an API token
-# generated in CI Fuzz web interface.
+# Set a CI/CD variable called "CI_SENSE_API_TOKEN" with an API token
+# generated in CI Fuzz web interface and a variable called "CI_FUZZ_DOWNLOAD_TOKEN"
+# with a download token from https://downloads.code-intelligence.com.
+# To download the CI Fuzz maven extension or gradle plugin set the secrets
+# MAVEN_REGISTRY_USERNAME and MAVEN_REGISTRY_PASSWORD with the credentials
+# from https://downloads.code-intelligence.com.
on:
workflow_dispatch:
@@ -10,67 +14,64 @@ on:
branches: [ main ]
env:
- # The fuzzing server gRPC URL.
- FUZZING_SERVER_ADDRESS: grpc.code-intelligence.com:443
- # The fuzzing server HTTP URL.
- WEB_APP_ADDRESS: https://app.code-intelligence.com
+ # Timeout until the pipeline is marked as 'success'
+ # if during that time no failing findings are found.
+ TIMEOUT: "5m"
+ # Minimum severity for findings that causes the pipeline to fail.
+ # Findings with lower severity are still reported but do not fail
+ # the pipeline.
+ # Possible values: 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'
+ MIN_FINDINGS_SEVERITY: MEDIUM
+ # The CI Sense URL.
+ CI_SENSE_HTTP_URL: https://app.staging.code-intelligence.com
+ CI_SENSE_GRPC_URL: grpc.staging.code-intelligence.com:443
+ # The CI Sense project name.
+ PROJECT: prj-tSg6cwlCgIil
# Directory in which the repository will be cloned.
CHECKOUT_DIR: checkout-dir/
- CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64"
- CIFUZZ_INSTALL_DIR: ./cifuzz
- FUZZING_ARTIFACT: fuzzing-artifact.tar.gz
jobs:
fuzz_tests:
runs-on: ubuntu-latest
- container: maven:3.9.2-eclipse-temurin-17
steps:
- id: checkout
name: Checkout Repository
uses: actions/checkout@v2
with:
path: ${{ env.CHECKOUT_DIR }}
+ - uses: actions/setup-java@v3
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ - uses: s4u/maven-settings-action@v2.8.0
+ with:
+ servers: '[{"id": "code-intelligence", "username": "${{ secrets.MAVEN_REGISTRY_USERNAME }}", "password": "${{ secrets.MAVEN_REGISTRY_PASSWORD }}"}]'
- id: install-cifuzz
name: Install cifuzz
- run: |
- curl --fail --silent --show-error --location -o cifuzz_installer "$CIFUZZ_DOWNLOAD_URL"
- chmod u+x cifuzz_installer
- ./cifuzz_installer --install-dir $CIFUZZ_INSTALL_DIR
- - id: build-fuzzers
- name: Build Fuzzers
- run: |
- export cifuzz_DIR="$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/share/cmake"
- cd $CHECKOUT_DIR/
- $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \
- --commit $GITHUB_SHA \
- --branch $GITHUB_REF_NAME \
- --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT
- shell: "bash"
- - id: start-fuzzing
- name: Start Fuzzing
- uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v5
+ uses: CodeIntelligenceTesting/github-actions/install-cifuzz@v6
with:
- ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
- fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
- fuzzing_artifact: ${{ env.CHECKOUT_DIR }}/${{ env.FUZZING_ARTIFACT }}
- checkout_directory: ${{ env.CHECKOUT_DIR }}
- project: "projects/api-testing-spring-boot-e8a299e2"
- - id: monitor-fuzzing
- name: Fuzzing
- uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v5
+ download_token: ${{ secrets.CI_FUZZ_DOWNLOAD_TOKEN }}
+ version: 'latest'
+ - id: run-fuzz-tests
+ name: Run Fuzz Tests
+ uses: CodeIntelligenceTesting/github-actions/run-fuzz-tests@v6
with:
- ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
- test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
- fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
- dashboard_address: ${{ env.WEB_APP_ADDRESS }}
+ ci_sense_api_token: ${{ secrets.CI_SENSE_API_TOKEN }}
+ project_name: ${{ env.PROJECT }}
+ repository_dir: ${{ env.CHECKOUT_DIR }}
+ timeout: ${{ env.TIMEOUT }}
+ min_findings_severity: ${{ env.MIN_FINDINGS_SEVERITY }}
+ ci_sense_http_url: ${{ env.CI_SENSE_HTTP_URL }}
+ fuzz_tests: "com.example.app.GreetEndpointTests::fuzzTestGreet"
- id: save-results
name: Save Fuzz Test Results
- uses: CodeIntelligenceTesting/github-actions/save-results@v5
+ uses: CodeIntelligenceTesting/github-actions/save-results@v6
if: ${{ success() || failure() }}
with:
- ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
- test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
- fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
- dashboard_address: ${{ env.WEB_APP_ADDRESS }}
+ ci_sense_api_token: ${{ secrets.CI_SENSE_API_TOKEN }}
+ ci_sense_http_url: ${{ env.CI_SENSE_HTTP_URL }}
+ ci_sense_grpc_url: ${{ env.CI_SENSE_GRPC_URL }}
+ project_name: ${{ env.PROJECT }}
+ started_run: ${{ steps.run-fuzz-tests.outputs.started_run }}
- id: upload-artifact
uses: actions/upload-artifact@v2
if: ${{ (success() || failure()) }}
diff --git a/pom.xml b/pom.xml
index 0bf276f..cfcc840 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,12 +57,6 @@
spring-boot-starter-test
test
-
- com.code-intelligence
- jazzer-junit
- 0.19.0
- test
-
com.opencsv
opencsv
@@ -76,26 +70,14 @@
-
-
- cifuzz
-
-
-
- org.jacoco
- jacoco-maven-plugin
-
- ${cifuzz.report.format}
- ${cifuzz.report.output}
-
-
-
-
-
-
-
-
+
+
+ com.code-intelligence
+ cifuzz-maven-extension
+ 1.1.0
+
+
org.jacoco
@@ -122,5 +104,16 @@
-
+
+
+ code-intelligence
+ https://gitlab.code-intelligence.com/api/v4/projects/89/packages/maven
+
+
+
+
+ code-intelligence
+ https://gitlab.code-intelligence.com/api/v4/projects/89/packages/maven
+
+