Fuzz testing results in MR widget [Parent] - Coverage guided fuzz testing
Promoted to Epic &4485 (closed)
Problem to solve
Fuzz testing provides lots of valuable information to users in terms of ways to crash the app. Currently, it is difficult for them to access this information since it is buried in individual pipeline results, rather than in other screens they regularly interact with, such as the Merge Request widget.
Intended users
Further details
Design 1 (In scope if #12896 (closed) is NOT done)
When implement it in an old MR widget
| Old MR widget collapsed | Old MR widget expanded |
|---|---|
| https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=4%3A0 | https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=1%3A2 |
| We contribute the number if we can tell the findings are new or not | Download artefacts available from this page, rest is the same as other scanners |
 |
 |
Design 2 (In scope if #12896 (closed) is done)
When implement it in a one new MR widget
| New MR widget collapsed | New MR widget leads to a new tab |
|---|---|
| https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=3%3A142 | https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=3%3A1236 |
| We contribute the number if we can tell the findings are new or not | |
 |
 |
Design 3 (Definetely in scope)
No matter old or new MR widget, the modal window details keep the same
| Coverage guide - collapsed | Coverage guide - expanded |
|---|---|
| https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=4%3A2 | https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=78%3A1092 |
| https://www.figma.com/file/ckuKpzAUe7M0iAF9NdnDQl/Fuzz-testing-MR-page?node-id=80%3A0 | |
| we only show 6 lines of stack trace | we only keep one scroll bar of the modal window |
 |
 
|
-
🎥 Video walkthrough: https://youtu.be/rKX1MJsHFCo
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
Add usage ping to record the number of times users view the fuzz testing results.
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Implementation Strategy
Frontend
| Tasks # | Description | frontend issue | frontend weight |
|---|---|---|---|
| 1 | Fuzz testing results in MR widget - Coverage guided fuzz testing - Update getters to reflect updated summary counts | #254637 (closed) | frontend-weight2 |
| 2 | Fuzz testing results in MR widget - Coverage guided fuzz testing - Render fuzzing report section in MR widget | #251017 (closed) | frontend-weight2 |
| 3 | Fuzz testing results in MR widget - Coverage guided fuzz testing - Render fuzz related vuln data in modal | #254650 (closed) | frontend-weight3 |
| 4 | Fuzz testing results in MR widget - Coverage guided fuzz testing - Add artifact download dropdown | #254711 (closed) | frontend-weight3 |
| 5 | Fuzz testing results in MR widget - Coverage guided fuzz testing - Docs | #254652 (closed) | frontend-weight2 |
Follow-up Frontend
Remove Feature Flag - #257839 (closed)
Backend
| Tasks # | Description | backend issue | backend weight |
|---|---|---|---|
| 1 | Fuzz testing results in MR widget - Coverage guided fuzz testing - Implement coverage fuzzing report endpoint for Mr widget | #255169 (closed) | TBD |
Edited by Sam Kerr