►
From YouTube: Fuzz Testing 13.2 group kickoff call
Description
Sam Kerr discusses the upcoming plans for GitLab's Fuzz Testing group & the 13.2 release.
Fuzz Testing Direction page: https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
13.2 Planning Board: https://gitlab.com/groups/gitlab-org/-/boards/1655608?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=group%3A%3Afuzz%20testing&label_name[]=direction&milestone_title=13.2
A
Alright,
thanks
for
joining
so
welcome
to
the
gitlab
fuzz
testing,
13.2
kickoff
call
I'm,
Sam,
Kerr
I'm,
a
principal
product
manager
here
at
gitlab,
focusing
on
fuzz
testing
and
what
we're
gonna
do
as
part
of
this
meeting
is
review.
What
our
plans
are
for
the
upcoming
13.2
release,
as
it
relates
to
fuzz
testing,
talk
a
little
bit
about
the
details
of
what
you
can
expect
on
that
release
and
what
we're
going
to
be
targeting
for
the
release
as
stretch
goals.
A
So
really,
the
the
key
overall
theme
of
this
release
is
get
lab,
wants
to
put
our
initial
preview
release
of
coverage
guided
fuzz
testing.
So
this
is
going
to
be
all
about
leveraging
the
new
technology
from
the
fuzzy
acquisition
which
we
recently
announced
and
bringing
that
into
the
gait
lab
product
itself,
and
so
as
part
of
13.2.
We've
got
three
issues
which
we're
tracking
I've
got
those
shared
on
the
screen
right
now,
and
so,
let's
review
each
one
from
top
to
bottom.
A
So
the
the
very
first
issue
we
have
is
implementation
of
the
fuzzing
CLI
to
actually
run
the
fuzzing
jobs
and
what
this
issue
is
about.
It's
part
of
a
larger
epic,
which
involves
actually
bringing
that
fuzzy
technology
that
does
an
engine
into
get
lab
and
allowing
end
users
to
run
that
as
part
of
their
pipelines,
there's
some
more
detailed
requirements
in
the
overarching
epics.
So
let's
take
a
look
at
that
and
talk
about
what
this
issue
means.
Specifically.
A
So
as
part
of
this
issue,
what
we're
going
to
be
doing
is
providing
a
CI
job
template
file
tentatively
named
fuzzing
gitlab
CI
ml,
and
this
is
going
to
be
very
similar
to
how
end-users
would
include
SAS
toward
asked
as
part
of
their
pipelines.
They'll
include
this
template
file
at
the
top
of
their
CI
pipeline
and
then
provide
any
sort
of
application.
Specific
configuration,
that's
needed
to
actually
tell
get
labs
pipeline,
how
to
run
coverage
guide,
fuzz
testing
against
their
application,
and
that's
really
what
this
issue
is
all
about.
A
A
A
If
we
look
at
our
next
issue
in
our
board,
we're
going
to
be
focusing
on
coverage,
guided
fuzzing
results
download.
So
let's
take
a
look
at
this
issue,
so
this
issue
was
all
about,
is
actually
being
able
to
provide
the
results
of
a
fuzzy
test
to
our
end
users
so
that
they
can
consume
them
in
some
meaningful
way.
A
So
with
that
said,
a
picture's
worth
a
thousand
words,
so
let's
take
a
look
at
some
of
the
designs
we
have
on
this
issue,
so
one
of
the
things
we're
going
to
be
targeting
with
us
is
adding
fuzz
testing
to
the
configuration
screen
similar
to
how
you
see
other
security
scanners
inside
of
get
labs,
secure,
so
you'll
be
able
to
very
quickly
see
yes,
this
is
enabled-
or
no
this
is
not
I-
should
go.
Enable
this
in
my
project,
secondarily
buzz
test
is
run.
The
way
that
we
plan
to
present
the
results
to
end
users.
A
Is
this
button
right
here
that
I'm
moving
my
cursor
around?
So
there
will
be
a
new
download
report,
button,
you'll
click
it
and
that'll,
give
you
that
zip
or
that
archive
file
I
mentioned
previously,
with
all
of
those
different
pieces
of
information
about
the
fuzz
system
that
ran
as
part
of
your
pipeline.
We
plans
to
expand
this,
provide
a
richer
sort
of
interface,
with
more
information
about
those
testing
results,
and
this
is
our
first
step
towards
getting
there
notably.
This
issue
is
also
deliverable
for
the
thirteen
point
two
milestone.
A
A
A
That
is
the
conclusion
of
the
items
that
we're
going
to
be
focusing
on
that
are
deliverable
and
stretched
Direction
items
as
part
of
gitlab
13.2.
We're
incredibly
excited
to
be
bringing
this
first
preview,
release
of
fuzz
testing
for
coverage,
guided
fuzzing
and
would
love
to
hear
what
you
think
about
it
feel
free
to
tag
me.
I'm
an
st
qur'an
gitlab
in
an
issue,
we'd
love
to
hear
your
comments,
your
questions
concerns
and
thank
you
very
much,
and
we
will
see
you
on
the
next
fuzz
testing
release.
Kickoff
call
have
a
good
day.