Code Intelligence CI Fuzz CLI Automatically Tests Java Applications
November 29, 2022

Code Intelligence announced its open-source Command-Line Interface (CLI) tool, CI Fuzz CLI, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale.

CI Fuzz CLI leverages genetic and evolutionary algorithms as well as automated instrumentation to dynamically generate millions of unusual inputs to test applications for unexpected behaviors that may lead to crashes, Denial of Service (DoS) or Zero-Day exploits.

Fuzz testing, which can be seen as a complementary approach to unit testing, is gaining popularity in the open-source community. Google’s Open-Source-Security (OSS) team recently reported more than 40,500 bugs in 650 open source projects have been detected through fuzz testing. However, fuzz testing remains new to most developers outside the OSS and security community. A recent study among Go developers indicates that less than 12% of all participants use fuzz testing at work, citing a lack of understanding as well as challenges with implementation as key reasons for low adoption.

Code Intelligence's new open-source tool aims to tackle these challenges by making fuzz testing accessible and usable for all developers directly from their command line or IDE. By introducing new fuzzing capabilities for Java, CI Fuzz CLI enables continuous application security testing directly in the CI/CD process. This is especially valuable to companies with cloud-based products and services who want to develop a mature DevSecOps pipeline.

“With the CI Fuzz CLI, Java developers can now improve the overall security and robustness of their applications with confidence and ease. It takes just three commands to set up and run a fuzz test. The tool comes with ready-to-use integrations for Maven, Gradle and Bazel. With a JUnit setup in place, developers can even run fuzz tests directly from their IDE.”, said Werner Krahe, Product Director at Code Intelligence. “If you’re completely new to fuzzing, I recommend starting with a simple test setup. Use your pre-existing unit tests as a template to run local fuzz tests on small libraries and utils. After a while, you could take it further and apply it to more complex testing setups. Ultimately, fuzz testing will provide the best results when running continuously in your CI/CD.”

Share this

Industry News

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.