As far as I know, we need to provide a PR on their repository with some configuration (YAML) and a build file.
They will build the project and attempt to fuzz in an automated way. So in our repositories nothing should be changed. Il giorno mer 5 lug 2023 alle ore 16:39 Pasquale Congiusti < pasquale.congiu...@gmail.com> ha scritto: > Hi Andrea, > any automation that helps us in having a better quality of software is > definitely good IMO. What it's not really clear to me is what kind of > additional development we should do and how much could be the cost of > maintenance if we include the project. > > Thanks, > Pasquale. > > On Tue, Jul 4, 2023 at 4:43 PM Andrea Cosentino <anco...@gmail.com> wrote: > > > Hello all, > > > > I was investigating Fuzzing and all the related tools today. > > > > I was already aware about OSSFuzz project and I verified some other > Apache > > Projects are already included [1] > > > > With this integration the project could be part of Fuzzing automation and > > get some report as Vulnerabilities or bugs. > > > > I think there is value in this kind of report, so I'd like to gather some > > more feedback and see if there is interest in the community. > > > > Thanks. > > > > [1] https://github.com/google/oss-fuzz/tree/master/projects > > >
