Integrate Jazzer with Vulnetix. Fuzz Java libraries with coverage-guided mutations, then convert JVM crash findings to JSON for upload.
Java / JVMCLI toolJSON
Install & scan
$ # Download the latest Jazzer release from GitHub curl -L https://github.com/CodeIntelligenceTesting/jazzer/releases/latest/download/jazzer_release.tar.gz -o jazzer.tar.gz && tar xzf jazzer.tar.gz # Or via Maven/Gradle (for JUnit 5 integration) # Maven: add com.code-intelligence:jazzer-junit:0.22.0 to test dependencies $ # Run Jazzer with a fuzz target class ./jazzer --cp=target/classes:target/dependency/* --target_class=com.example.FuzzTarget --instrumentation_includes=com.example.** corpus/
Run Jazzer in CI
Scan on every push and upload the results to Vulnetix:
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build project
run: mvn package -DskipTests
- name: Download Jazzer
run: |
curl -L https://github.com/CodeIntelligenceTesting/jazzer/releases/latest/download/jazzer_release.tar.gz | tar xz
- name: Run Jazzer (5 minutes)
run: |
timeout 300 ./jazzer --cp=target/classes:target/dependency/* --target_class=com.example.FuzzTarget corpus/ || true
Centralise Jazzer results in Vulnetix
Upload Jazzer JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.