Support Gradle in Coverage-guided fuzz testing

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Problem to solve

Coverage-guided fuzz testing appears to be dependent to Maven when testing Java with Javafuzz. This is also highlighted in the Javafuzz repository: https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/javafuzz/-/tree/master#installing

One of our customer is using Gradle for their Java project.

When running ./gitlab-cov-fuzz run --engine javafuzz it will still try to download the javafuzz library in the official maven repository, even after adding this in the build.gradle file:

repositories {
    mavenCentral()
    maven {
        url "https://gitlab.com/api/v4/projects/19871573/packages/maven"
    }
}

Gradle has generatePomFileForMavenPublication but there doesn't seem to be a way to generate a pom.xml file that has the required repository.

So far, it appears the only way to do this with Gradle is to call generatePomFileForMavenPublication and then manually update the genrated pom.xml file.

Proposal

Add native support to Gradle with our Coverage-guided fuzz testing to make it easier for developers that use Gradle.

Intended users

• Sasha (Software Developer)
• Simone (Software Engineer in Test)

Feature Usage Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.