Enable fuzzing of OpenAPI v3 applications
Problem to solve
There are multiple versions of OpenAPI and many customers have defined API specifications in the latest version, which is v3. However, GitLab does not support this. This means they must then decide to either convert to an older version of the spec or not use GitLab's fuzz testing.
Intended users
User experience goal
The user should be able to have the same fuzz testing experience whether they have a v2 or a v3 OpenAPI specification in their repo.
Proposal
Add support for v3 protocol.
Allow users to use the same approach for this that they currently do for v2 protocols. The goal of this is so that the experience between the two is identical.
Further details
What does success look like, and how can we measure that?
Users can use v3 OpenAPI specs.
What is the type of buyer?
GitLab Ultimate ~"fuzzing::api" Category:Fuzz Testing
Is this a cross-stage feature?
No
Links / references
The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Designs
- Show closed items
- Issue#324228BacklogCategory:SAST GitLab Core GitLab Premium GitLab Ultimate [deprecated] Accepting merge requests backend devops application security testing group static analysis section sec type feature
- Epicgitlab-org#130501219Feb 10 – Sep 13, 2024Category:SAST devops application security testing feature consolidation group static analysis section sec type feature
- Issue#439046BacklogCategory:SAST backend customer devops application security testing group static analysis section sec
- Issue#425084BacklogCategory:SAST devops application security testing group static analysis section sec type feature workflow planning breakdown
- Issue#373117515.9Category:SAST Deliverable Track Health Status [DEPRECATED] devops application security testing feature enhancement group static analysis section sec type feature workflow complete
- Issue#36295816.0Category:SAST Deliverable GitLab Free GitLab Premium GitLab Ultimate backend customer devops application security testing documentation group static analysis missed-deliverable missed:15.7 missed:15.8 section sec type feature workflow complete
- Issue#36284915.10Category:SAST Deliverable [deprecated] Accepting merge requests devops application security testing feature consolidation group static analysis section sec type feature workflow complete
- Issue#35266615.4Category:SAST GitLab Free GitLab Premium GitLab Ultimate backend devops application security testing documentation group static analysis missed:15.2 missed:15.3 section sec type feature
- Issue#34725815.4Category:SAST backend customer devops application security testing feature enhancement group static analysis section sec type feature workflow production
- Issue#335221BacklogCategory:SAST [deprecated] Accepting merge requests devops application security testing group static analysis maintenance workflow section sec type maintenance
- Issue#33406514.02Category:SAST backend devops application security testing group static analysis section sec type maintenance workflow in dev
- Epicgitlab-org#544064Feb 18 – Apr 17, 2021Category:SAST devops application security testing group static analysis section sec type feature
- EpicClosedgitlab-org#56881013Jan 18 – Jun 17, 2021Category:SAST backend devops application security testing group static analysis section sec
- Issue#331801BacklogCategory:SAST [deprecated] Accepting merge requests backend devops application security testing feature enhancement group static analysis section sec type feature
- Issue#330578BacklogCategory:SAST Product Feedback SAST: New Scanner [deprecated] Accepting merge requests customer devops application security testing group static analysis section sec
- Epicgitlab-org#57971015Apr 18 – May 17, 2021Category:SAST [deprecated] Accepting merge requests backend devops application security testing feature enhancement group static analysis section sec type feature
- Issue#327236BacklogCategory:SAST [deprecated] Accepting merge requests backend devops application security testing feature enhancement group static analysis section sec type feature
- Issue#321204BacklogCategory:SAST [deprecated] Accepting merge requests backend devops application security testing group static analysis section sec type feature
- Issue#118496BacklogCategory:SAST SAST: Integrate customer devops application security testing group static analysis section sec type feature workflow start
- Issue#26206813.11Category:SAST Deliverable Discovery SAST: Integrate [deprecated] Accepting merge requests backend devops application security testing group static analysis missed-deliverable missed:13.10 missed:13.9 section sec type feature workflow planning breakdown
- IssueClosed#300486BacklogCategory:SAST [deprecated] Accepting merge requests auto updated backend devops application security testing group static analysis section sec type feature
Is blocked by
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Sam Kerr added typefeature label
added typefeature label
- Sam Kerr mentioned in issue #217659 (closed)
mentioned in issue #217659 (closed)
Tentatively setting for %13.5 while we dig into scope and prioritize against other capabilities.
- Seth Berger added backend devopssecure fuzzingcoverage + 1 deleted label
added backend devopssecure fuzzingcoverage + 1 deleted label
- Seth Berger marked this issue as related to #217659 (closed)
marked this issue as related to #217659 (closed)
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- Seth Berger added 1 deleted label and removed fuzzingcoverage label
added 1 deleted label and removed fuzzingcoverage label
- 🤖 GitLab Bot 🤖 added sectionsec label
added sectionsec label
- Seth Berger changed milestone to %13.6
changed milestone to %13.6
- Seth Berger removed [deprecated] Accepting merge requests label
removed [deprecated] Accepting merge requests label
- Nicole Schwartz added Category:Fuzz Testing label
added Category:Fuzz Testing label
added [deprecated] good for new contributors label
- Sam Kerr added GitLab Ultimate label
added GitLab Ultimate label
- Developer
This issue is being rolled into #273111 (closed)
Collapse replies @mikeeddington I'm re-opening this issue, since its a direction issue that we've shared externally a number of times and that users/customers are watching. I'll block this one on the newly linked issue and we can close it once that one is completed.
- Michael Eddington closed
closed
- Sam Kerr marked this issue as related to #273111 (closed)
marked this issue as related to #273111 (closed)
- Sam Kerr reopened
reopened
- Sam Kerr removed the relation with #273111 (closed)
removed the relation with #273111 (closed)
- Sam Kerr marked this issue as related to #273111 (closed)
marked this issue as related to #273111 (closed)
- Seth Berger added to epic &4254 (closed)
added to epic &4254 (closed)
- Michael Eddington changed milestone to %13.7
changed milestone to %13.7
- Michael Eddington added 1 deleted label
added 1 deleted label
- Developer
@stkerr, after talking with @herbmadrigal, it looks like this work will not be completed in 13.7. I'm going to move the milestone to 13.8.
Collapse replies Thanks for the heads up @mikeeddington!
- Developer
@stkerr, moving this issue to the 13.9 milestone as the csharp runner issue will not be completed this week in time for 13.8.
- Michael Eddington changed milestone to %13.8
changed milestone to %13.8
- Seth Berger added Stretch label
added Stretch label
- Michael Eddington changed milestone to %13.9
changed milestone to %13.9
- Seth Berger mentioned in issue #273111 (closed)
mentioned in issue #273111 (closed)
- Seth Berger changed milestone to %13.10
changed milestone to %13.10
- Sam Kerr mentioned in issue #321698 (closed)
mentioned in issue #321698 (closed)
- Michael Eddington changed milestone to %13.9
changed milestone to %13.9
- Michael Eddington removed the relation with #273111 (closed)
removed the relation with #273111 (closed)
- Developer
@stkerr OpenAPI v3 support is now in production. Documentation MR update has been reviewed, just waiting on merge.
- Developer
@stkerr Docs merged, closing this issue.
1 - Michael Eddington closed
closed
- Sam Kerr mentioned in merge request gitlab-com/www-gitlab-com!75809 (merged)
mentioned in merge request gitlab-com/www-gitlab-com!75809 (merged)
- 🤖 GitLab Bot 🤖 added groupdynamic analysis label and removed 1 deleted label
added groupdynamic analysis label and removed 1 deleted label
- 🤖 GitLab Bot 🤖 changed the description
Compare with previous version changed the description