API Fuzz test Rails code in GitLab

Problem to solve

User experience goal

Intended users

Further details

We should expect ~"group::fuzz testing" to do the actual work to build a dogfood project, with the help and input from another group. We should not expect another group to own it start-to-finish.

Proposal

Identify some target projects with Ruby code that would be candidates to fuzz test.

• Ideas:
  1. API endpoints
  2. Unit tests to call into the code
• Things for later:
  1. add to this list organically

Collaborate with the GitLab security team to regularly fuzz these & address the resulting vulnerabilities that are found.

Create a pipeline job that can be manually triggered to start a long-running fuzz job. Review the resulting fuzz results over time on the dashboard as they are reported.

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.