Skip to content

Uncovering Hidden Bugs and Vulnerabilities in C/C++

How to Fuzz Your Code With 3 Commands

What to Expect

CI Fuzz is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.

In this live stream, our expert Jochen will:

  • Cover the current state of fuzz testing
  • Set up CLI fuzzing within 3 commands
  • Uncover multiple bugs and severe memory corruption vulnerabilities

All code examples and tools used are open-source.

# Initialize fuzzing

$ cifuzz init

# Create your first fuzz test

$ cifuzz create my_fuzz_test

# Run fuzz test and find bugs

$ cifuzz run my_fuzz_test

Jochen Hilgers

Speaker Profile

Your host Jochen Hilgers is one of the maintainers of CI Fuzz. In his work as a Senior Software Engineer at Code Intelligence, he specializes in CLI-integrated software testing solutions. Jochen also holds a master's in Computer Science from Hochschule Trier and has a background in Backend and Web Development with a strong focus on software quality.

See on GitHub


makes fuzz tests as easy as unit tests


Docs | Glossary | Examples | Website | Blog | Twitter | YouTube

IMPORTANT: This project is under active development. Be aware that the behavior of the commands or the configuration can change.

What is cifuzz

cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.


  • Easily set up, create and run fuzz tests
  • Generate coverage reports that can be integrated in your IDE
  • Supports multiple programming languages and build systems


Coming Soon

Getting started

If you are new to the world of fuzzing, we recommend you to take a look at our Glossary and our example projects.

Read the getting started guide if you just want to learn how to fuzz your applications with cifuzz.


You can get the latest release from GitHub or by running our install script:

sh -c "$(curl -fsSL"

If you are using Windows, you can download the latest release and execute it.

By default, CI Fuzz gets installed in your home directory under cifuzz. You can customize the installation directory with ./cifuzz_installer -i /target/dir.

Do not forget to add the installation's bin directory to your PATH.


C/C++ (with CMake) Installation Prerequisites

Ubuntu / Debian

sudo apt install cmake clang llvm


sudo pacman -S cmake clang llvm


brew install cmake llvm


At least Visual Studio 2022 version 17 is required.

choco install cmake llvm
C/C++ (With Bazle) Installation Prerequisites

Ubuntu / Debian

sudo curl -L -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel
sudo apt install clang llvm lcov default-jdk


sudo pacman -S clang llvm lcov python jdk-openjdk
sudo curl -L -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel


brew install llvm lcov openjdk bazelisk


At least Visual Studio 2022 version 17 is required.

choco install cmake llvm microsoft-openjdk bazelisk
Java (with Maven)

Installation Prerequisites

Ubuntu / Debian

sudo apt install openjdk maven 


sudo pacman -S jdk-openjdk maven


brew install openjdk maven


choco install microsoft-openjdk maven
Java (with Gradle) Installation Prerequisites

Ubuntu / Debian

sudo apt install openjdk gradle


sudo pacman -S jdk-openjdk gradle


brew install openjdk gradle


choco install microsoft-openjdk gradle


Want to help improve cifuzz? Check out our contributing documentation. There you will find instructions for building the tool locally.

If you find an issue, please report it on the issue tracker.

"Thanks to Code Intelligence fuzzing approaches, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."
Andreas Weichselgartner_Rund-1 (1)
Andreas WeichslgartnerDeveloper, Security Professional