Hi There is an oss-fuzz project for commons where multiple modules are hosted (I am sure Imaging is there, and I think Compress too).
It is a single project with fuzzers for different components. I think it may be simpler to add your new fuzzer there. That project had some changes in the reporting policy to adapt to ASF Commons release practices too. Cheers Bruno On Fri, 22 Jul 2022, 7:59 am Alonso Schaich, <scha...@code-intelligence.com> wrote: > Hi all, > > I have prepared the initial integration of commons-math into google > oss-fuzz<https://github.com/google/oss-fuzz> in > https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/94cfd612612dde84388322391bf612dd348cf810 > . This will enable continuous fuzzing of this project, which will be > conducted by Google. Bugs that will be found by fuzzing will be reported to > you. After the initial integration of this project into oss-fuzz, I will > continue to add additional fuzz tests to improve the code coverage over > time. > > > The integration requires a primary contact, someone to deal with the bug > reports submitted by oss-fuzz. The email address needs to belong to an > established project committer and be associated with a Google account as > per > https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/ > . When a bug is found, you will receive an email that will provide you with > access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1 > person can be included. Please let me know who I should include, if anyone. > > Jazzer<https://github.com/CodeIntelligenceTesting/jazzer> ( > https://github.com/CodeIntelligenceTesting/jazzer) is used for fuzzing > Java applications. Jazzer is a coverage-guided, in-process fuzzer for the > JVM platform developed by Code Intelligence. It is based on libFuzzer and > brings many of its instrumentation-powered mutation features to the JVM. > Jazzer has already found several bugs in JVM applications: > https://github.com/CodeIntelligenceTesting/jazzer#findings > > [ > https://repository-images.githubusercontent.com/333867901/e8c8cf80-6b8c-11eb-90ee-13efd7719871 > ]<https://github.com/CodeIntelligenceTesting/jazzer> > CodeIntelligenceTesting/jazzer: Coverage-guided, in-process fuzzing for > the JVM - GitHub<https://github.com/CodeIntelligenceTesting/jazzer> > Jazzer. Jazzer is a coverage-guided, in-process fuzzer for the JVM > platform developed by Code Intelligence.It is based on libFuzzer and brings > many of its instrumentation-powered mutation features to the JVM.. The JVM > bytecode is executed inside the fuzzer process, which ensures fast > execution speeds and allows seamless fuzzing of native libraries. > github.com > > > > Please let me know if you have any questions regarding fuzzing or the > oss-fuzz integration. > >
