45 lines
1.7 KiB
YAML
45 lines
1.7 KiB
YAML
# Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing
|
|
|
|
variables:
|
|
# Which branch we want to run full fledged long running fuzzing jobs.
|
|
# All others will run fuzzing regression
|
|
COVFUZZ_BRANCH: "$CI_DEFAULT_BRANCH"
|
|
# This is using semantic version and will always download latest v2 gitlab-cov-fuzz release
|
|
COVFUZZ_VERSION: v2
|
|
# This is for users who have an offline environment and will have to replicate gitlab-cov-fuzz release binaries
|
|
# to their own servers
|
|
COVFUZZ_URL_PREFIX: "https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw"
|
|
|
|
|
|
coverage_fuzzing_unlicensed:
|
|
stage: test
|
|
allow_failure: true
|
|
rules:
|
|
- if: $GITLAB_FEATURES !~ /\bcoverage_fuzzing\b/ && $COVFUZZ_DISABLED == null
|
|
script:
|
|
- echo "ERROR Your GitLab project is missing licensing for Coverage Fuzzing" && exit 1
|
|
|
|
.fuzz_base:
|
|
stage: fuzz
|
|
allow_failure: true
|
|
before_script:
|
|
- export COVFUZZ_JOB_TOKEN=$CI_JOB_TOKEN
|
|
- export COVFUZZ_PRIVATE_TOKEN=$CI_PRIVATE_TOKEN
|
|
- export COVFUZZ_PROJECT_ID=$CI_PROJECT_ID
|
|
- if [ -x "$(command -v apt-get)" ] ; then apt-get update && apt-get install -y wget; fi
|
|
- wget -O gitlab-cov-fuzz "${COVFUZZ_URL_PREFIX}"/"${COVFUZZ_VERSION}"/binaries/gitlab-cov-fuzz_Linux_x86_64
|
|
- chmod a+x gitlab-cov-fuzz
|
|
- export REGRESSION=true
|
|
- if [[ $CI_COMMIT_BRANCH = $COVFUZZ_BRANCH ]]; then REGRESSION=false; fi;
|
|
artifacts:
|
|
paths:
|
|
- corpus
|
|
- crashes
|
|
- gl-coverage-fuzzing-report.json
|
|
reports:
|
|
coverage_fuzzing: gl-coverage-fuzzing-report.json
|
|
when: always
|
|
rules:
|
|
- if: $COVFUZZ_DISABLED
|
|
when: never
|
|
- if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bcoverage_fuzzing\b/
|