Enable fuzzing of OpenAPI v3 applications

Problem to solve

There are multiple versions of OpenAPI and many customers have defined API specifications in the latest version, which is v3. However, GitLab does not support this. This means they must then decide to either convert to an older version of the spec or not use GitLab's fuzz testing.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Sam (Security Analyst)

User experience goal

The user should be able to have the same fuzz testing experience whether they have a v2 or a v3 OpenAPI specification in their repo.

Proposal

Add support for v3 protocol.

Allow users to use the same approach for this that they currently do for v2 protocols. The goal of this is so that the experience between the two is identical.

Further details

What does success look like, and how can we measure that?

Users can use v3 OpenAPI specs.

What is the type of buyer?

GitLab Ultimate ~"fuzzing::api" Category:Fuzz Testing

Is this a cross-stage feature?

No

Links / references

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.