►
From YouTube: GitLab 13.3 Kickoff - Secure:Fuzz Testing
Description
Sam Kerr discusses the fuzz testing groups upcoming plans for the 13.3 GitLab release.
A
Hello,
I'm
sam
kerr,
I'm
a
principal
product
manager
here
at
git
lab
and
today
I'm
going
to
be
talking
to
you
about
our
upcoming
13.3
release
and
what
the
fuzz
testing
group
is
going
to
be
focusing
on
during
it
and
what
we're
expecting
to
deliver
at
the
end
of
it.
And
so
I'm
sharing
my
screen
right
now,
and
this
is
the
fuzz
testing
planning
board
the
sports
public.
A
A
A
So
our
first
one
we
have
is
about
reusing
a
corpus
from
a
previous
job
run.
So
what
we're
going
to
be
doing
as
part
of
this
issue
is
at
the
completion
of
running
a
fuzz
testing
job
in
your
pipeline.
The
corpus
that's
generated
during
that
test
will
actually
be
saved
as
an
artifact
from
the
job
and
attached
to
that
pipeline.
A
This
is
going
to
be
great
for
you,
because
it's
going
to
mean
your
fuzz
tests
are
going
to
be
faster
and
they're
going
to
be
more
effective,
since
they
won't
have
to
relearn
everything
from
scratch.
Each
and
every
time
they're
run,
and
so
we're
really
excited
to
be
bringing
this
issue
to
you.
We
think
you'll
really
like
it
moving
to
the
second
one.
A
This
is
also
related
to
corpus
support,
and
so
what
this
is
about,
it's
about
giving
you
a
little
bit
more
customizability
so
that
as
you're
working
in
your
application,
you
know
your
workflow's
best
and
we
want
to
make
sure
that
the
ability
to
use
a
fuzzing
corpus
can
be
done,
regardless
of
what
that
workflow
looks
like.
So
what
this
issue
is
all
about.
Is
it's
going
to
allow
you
as
part
of
your
ci
job
configuration
to
say
I
want
my
corpus
files
to
be
read
from
this
location
and
stored
at
that
location.
A
So
this
is
issue
two
one,
seven,
six,
one
zero.
If
you
want
to
read
all
the
details,
but
this
region
of
text
I'm
highlighting
here
there
will
be
something
very
similar
to
this.
The
snippet
that
you'll
add
to
your
ci
pipeline
configuration
you'll,
specify
where
you
want
those
corpus
files
to
live,
and
then
the
fuzz
testing
jobs
will
be
smart
enough
to
respect
that
in
terms
of
picking
artifacts
up
from
that
location,
as
well
as
saving
them
to
that
location.
A
So
with
that
said,
let's
talk
about
what
these
are
and
both
of
these
issues
relate
to
our
api,
fuzzing
and
api
fuzz
testing
capability
that
we're
working
on
if
you're
familiar
with
what
we've
done,
13.2
with
coverage
guided.
These
are
going
to
be
very
analogous
to
those
issues,
and
so,
let's
dig
into
the
first
one,
which
is
all
about
fuzzing:
the
application
given
an
open
api
v2
definition.
A
This
specification
file,
details
out
all
the
various
endpoints
and
how
to
interact
with
them
as
part
of
your
app
in
a
rest,
a
restful
way,
and
we
can
actually
take
that
specification
file
and
generate
all
of
our
various
fuzz
test
cases
using
that.
A
So
as
part
of
this
issue,
what
this
is
really
about
is
taking
that
specification
file
being
able
to
put
that
in
your
ci
job
configuration
as
I've
highlighted
on
the
screen
here,
including
our
fuzzing
template,
and
then
the
fuzz
testing
job
being
smart
enough
to
see
okay.
This
is
the
specification
file
that
I
need
to
be
testing
against
and
starting
to
run
those
fuzz
tests
automatically
using
your
specific
applications,
logic
and
specification,
because
that's
what
this
issue
is
all
about.
A
A
There's
going
to
be
a
test
tab,
just
like
you
would
have
for
any
other
application
that
uses
junit
to
test
it
and
you'll
easily
be
able
to
see
all
the
various
faults
and
pieces
of
information
that
the
behavioral
fuzz
testing
job
was
able
to
find
something
else.
We
also
hope
to
be
able
to
work
on,
as
part
of
this
issue
is
figuring
out
how
we
can
integrate
behavioral
fuzz
testing
results
in
a
way,
that's
similar
to
what
we're
doing
with
coverage,
guided
fuss
testing
as
part
of
this
issue.
A
To
that,
to
that
end,
we're
going
to
be
investigating
you
know:
how
can
we
service
these
issues
in
the
security
dashboard?
What
makes
sense?
How
can
we
provide
these
to
you
in
that
sort
of
security,
modal
dialogue
that
you're
familiar
with
in
other
security
scanners
and
give
you
a
similar
sort
of
workflow-
is
what
you
might
be
expecting
based
on
coverage,
fuzz
testing,
as
well
as
our
other
security
scanners,
and
so
with
that.
Thank
you
for
your
time
and
attention.
A
I've
really
enjoyed
talking
about
the
issues
that
we're
going
to
be
working
on
and
focusing
on
is
part
of
get
live.
13.3
again,
my
name
is
sam
kerr.
If
you
want
to
talk
to
me
on
gitlab,
my
handle
is
s-t-k-e-r-r
and
would
love
for
you
to
contribute
to
these
or
any
of
the
other
issues
that
you
see
on
the
board.
Thanks
a
lot
have
a
great
day.