🎨 Future Design - continuous fuzz after initial release MVC

Problem to solve

A robust fuzzing job can be a long-running task. Additionally, customers may wish to fuzz a target indefinitely until a crash is found. For mature projects, this could be hours or days. Longer duration fuzz testing will find additional bugs and vulnerabilities.

In the above scenario, running a fuzzing job in a pipeline does not make sense, since the pipeline will never complete or will timeout after a certain period.

User Stories/Tasks

• As a user, I want to set up a 24/7 continuous fuzzing, so that I would monitor my application all the time
• As a user, I want to check continuous fuzz result anytime, so that I could fix important bugs in time
• As a user, I want to pause/start continuous fuzzing, so that I could control the fuzz scan

User experience goal

Consider how, where, and when to surface results from continuous fuzz testing as compared to results from a pipeline. Since there is no "done" to a continuous fuzz test job, we don't have the normal "end of a pipeline" step to collect and process results.

• Idea: Consider introducing a new screen where continuous fuzz testing results are collected and then can be manually promoted to vulnerabilities/findings after a user has reviewed them. This would be similar to some of the earlier designs we saw where all fuzz testing results were on their own screen.

A goal is that the same approach & UX can be used for both coverage-guided & API fuzzing.

• This issue only is intended coverage-guided fuzz testing though. API fuzzing will come later.

The technical issue: &4486