Skip to content

Fuzzing As Easy As Unit Testing

CI Fuzz is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.

# Initialize fuzzing

$ cifuzz init

# Create your first fuzz test

$ cifuzz create my_fuzz_test

# Run fuzz test and find bugs

$ cifuzz run my_fuzz_test

Start Fuzzing

See on GitHub


makes fuzz tests as easy as unit tests

release v.1.6.0 68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f436f6465496e74656c6c6967656e636554657374696e672f636966757a7a2f706970656c696e655f74657374732e796d6c3f PRs welcome licence Apache-2.0

Docs | Glossary | Examples | Website | Blog | Twitter | YouTube

IMPORTANT: This project is under active development. Be aware that the behavior of the commands or the configuration can change.

What is cifuzz

cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.


  • Easily set up, create and run fuzz tests
  • Generate coverage reports that can be integrated in your IDE
  • Supports multiple programming languages and build systems


Coming Soon

Getting started

If you are new to the world of fuzzing, we recommend you to take a look at our Glossary and our example projects.

Read the getting started guide if you just want to learn how to fuzz your applications with cifuzz.


You can get the latest release from GitHub or by running our install script:

sh -c "$(curl -fsSL"

If you are using Windows, you can download the latest release and execute it.

By default, CI Fuzz gets installed in your home directory under cifuzz. You can customize the installation directory with ./cifuzz_installer -i /target/dir.

Do not forget to add the installation's bin directory to your PATH.


C/C++ (with CMake) Installation Prerequisites

Ubuntu / Debian

sudo apt install cmake clang llvm


sudo pacman -S cmake clang llvm


brew install cmake llvm


At least Visual Studio 2022 version 17 is required.

choco install cmake llvm
C/C++ (with Bazle) Installation Prerequisites

Ubuntu / Debian

sudo curl -L -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel
sudo apt install clang llvm lcov default-jdk


sudo pacman -S clang llvm lcov python jdk-openjdk
sudo curl -L -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel


brew install llvm lcov openjdk bazelisk


At least Visual Studio 2022 version 17 is required.

choco install cmake llvm microsoft-openjdk bazelisk
Java (with Maven)

Installation Prerequisites

Ubuntu / Debian

sudo apt install openjdk maven 


sudo pacman -S jdk-openjdk maven


brew install openjdk maven


choco install microsoft-openjdk maven
Java (with Gradle) Installation Prerequisites

Ubuntu / Debian

sudo apt install openjdk gradle


sudo pacman -S jdk-openjdk gradle


brew install openjdk gradle


choco install microsoft-openjdk gradle


Want to help improve cifuzz? Check out our contributing documentation. There you will find instructions for building the tool locally.

If you find an issue, please report it on the issue tracker.

Start Fuzzing

Tutorial: How to Use CI Fuzz

Jochen Hilgers, one of the maintainers of CI Fuzz, demonstrates how CLI-integrated fuzz testing can be used to uncover bugs and vulnerabilities in C/C++.

Click here to see the full recording.
Uncovering Hidden Bugs and Vulnerabilities in C/C++
"Thanks to Code Intelligence, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."
Andreas WeichslgartnerDeveloper, Security Professional