You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a limited set of property-based testing libraries for JavaScript and TypeScript including fast-check.
a limited set of property-based testing libraries for Erlang, including proper and quickcheck.
Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect vulnerabilities that may be exploited by others, especially since attackers can also use fuzzing to find the same flaws.
Note
A project that fulfills this criterion with other tools may still receive a low score on this test. There are many ways to implement fuzzing, and it is challenging for an automated tool like Scorecard to detect them all. A low score
is therefore not a definitive indication that the project is at risk.
See google/clusterfuzzlite#128
From ossf scorecard:
Risk: Medium (possible vulnerabilities in code)
This check tries to determine if the project uses fuzzing by checking:
Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data into a program to expose bugs. Regular fuzzing is important to detect vulnerabilities that may be exploited by others, especially since attackers can also use fuzzing to find the same flaws.
Note
A project that fulfills this criterion with other tools may still receive a low score on this test. There are many ways to implement fuzzing, and it is challenging for an automated tool like Scorecard to detect them all. A low score
is therefore not a definitive indication that the project is at risk.