vishalcoc44 opened a new pull request, #762: URL: https://github.com/apache/commons-compress/pull/762
JIRA Ticket: [COMPRESS-720](https://issues.apache.org/jira/browse/COMPRESS-720) Currently, our fuzz testing lives externally in the google/oss-fuzz repository. While effective, this creates a gap between development and security testing. and also the fact that google is increasingly wanting their fuzzers to live in the upstream repositories. This integration ensures that: Fuzzers evolve with the code: No more "bit-rot" when internal APIs change. Instant Feedback: The new CIFuzz workflow automatically stress-tests every Pull Request before it's merged. Developer Empowerment: Any contributor can now run these security tests locally with a single Maven command. Maven Integration: * Added jazzer-junit as a test-scoped dependency. Introduced a fuzz Maven profile. This keeps the fuzzers tucked away during standard mvn test runs but makes them easy to trigger via mvn test -Pfuzz. 17 Fuzzer Targets: * We’ve integrated coverage for all major formats: Zip, Tar, 7z, Ar, Arj, Cpio, Dump, and several compressors (BZip2, Gzip, LZ4, Snappy, Z, etc.). Automated Workflow: * Added .github/workflows/cifuzz.yml to tap into Google's cifuzz actions for continuous security monitoring. (this workflow will run a mini cifuzz test everytime someone changes something in the repo. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
