►
From YouTube: GitLab Fuzz Testing 13.7 Kickoff
Description
Sam Kerr walks through fuzz testing group's areas of focus for GitLab's 13.7 release.
Product direction page - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
A
Hi
there
I'm
sam
kerr,
I'm
a
principal
product
manager
here
at
git
lab
and
today
I'm
going
to
be
talking
to
you
about
what
some
of
the
items
we're
going
to
be
focusing
on
in
gitlab's.
Upcoming
release
are
going
to
be
for
the
fuzz
testing
group.
So
let
me
share
my
screen
and
we
will
walk
through
what
we're
going
to
be
focusing
on.
A
So
one
of
the
areas
that
we've
become
aware
of
is
that,
when
you're
using
get
labs
coverage,
guided
fuzz
testing
is
that
managing
your
corpus
and
your
input
seed
corpus
can
be
difficult
because
of
the
way
it
works.
Today
you
have
to
commit
files
directly
to
your
git
repository
and
manage
them
as
artifacts
in
some
cases,
which
can
be
some
extra
steps
and
we
thought
there
could
be
a
better
way.
So
one
of
the
things
we're
going
to
be
focusing
on
13
7
is
what
we're
calling
the
corpus
registry-
and
this
is
really
designed
to.
A
So
if
you
want
to
read
the
full
details
on
the
issue,
it's
issue
235
484
in
the
gitlab
project,
but
I
want
to
walk
you
through
a
couple
of
the
designs
to
show
you
what
we're
thinking
so
we're
going
to
be
implementing
a
new
set
of
screens
for
the
corpus
registry,
and
these
are
really
going
to
be
all
about.
Where
do
your
corpus
objects
live?
How
can
you
get
information
about
them
and
how
can
you
update
and
create
new
ones,
so
I'm
showing
a
mock-up
design
here?
A
A
A
A
All
of
these
api
fuzzing
results
are
going
to
be
alongside
all
the
other
scanning
results
that
you're
used
to
you'll,
be
able
to
filter
them
to
look
at
just
api
fuzzing
or
any
of
the
other
scanning
type
results
that
you
like,
and
that
way
you'll
be
able
to
use
the
same
workflow,
whether
it's
for
api
fuzzing
or
any
other
scanner.
That
gitlab
offers
and
another
effort
I
wanted
to
highlight
that
we're
going
to
be
focusing
on
is:
how
do
we
publish
integration
for
api,
fuzzing
and
junit?
A
A
Look
at
the
way
that
they're
defined
and
be
able
to
generate
the
necessary
api
fuzzing
harnesses
directly
from
those
test
cases-
and
this
is
going
to
be
a
great
win
for
usability,
because
it
means
you
won't
have
to
either
create
a
specification
file.
If
you
don't
have
one,
you
won't
have
to
do
an
extra
step
to
create
those
recordings
to
pass
to
the
api.
Fuzzer
you'll
be
able
to
use
the
existing
test
cases.
A
Stop
sharing,
and
so
those
are
a
few
of
the
things
that
we're
going
to
be
focusing
on
in
our
upcoming
13.7
release
at
gitlab.
We
plan
ambitiously,
so
not
everything
I
walked
through
will
necessarily
be
delivered
in
13.7,
but
it
is
good
to
give
visibility,
and
I
wanted
to
share
some
insight
into
what
we're
thinking
about
is
some
of
the
priorities
for
this
upcoming
release
cycle
with
that.
Thank
you.
So
much
for
your
time
again,
I'm
sam
kurt.
I
would
love
to
engage
in
a
discussion
with
you
on
any
of
these
issues.
A
If
you
want
to
ping
me
or
anyone
else
in
the
team
directly,
we
love
feedback,
whether
it's
good
bad
or
ugly,
because
it
helps
us
make
sure
that
we're
building
the
the
best
product
for
you
and
and
the
rest
of
the
teams
that
use
gitlab.
Thank
you.
So
much
have
a
good
day.