OSS-Fuzz Architecture

This page contains selected architectural views of the OSS-Fuzz project, which is available in GitHub under the Google organization. 

Structure of the Codebase

The above figure shows a heatmap of the amount of Git commits during the 365 days preceding the most recent commit. The most active part has been the projects directory.

OSS-Fuzz infra directory dependencies with a commit count heatmap

The OSS-Fuzz infra directory's dependencies visualized together with its Git commit count heatmap. It indicates that base-images is the most active part, but helper.py is very critical since it is indirectly used by the rest of the system and is also changing quite often.

Most actively developed OSS-Fuzz projects

These parts have been changing the most. Curiously, build.sh has been changing a lot. After a closer look at the source code, it is revealed that it contains lot of hard-coded compile flags and some version numbers.

A closer look at some of the fuzzing project

cifuzz: Continuous Integration to integrate with fuzzers

This module is used by CI tools in order to interact with fuzzers.

Dockerfiles everywhere

Some interesting big Dockerfiles lay in there:

Many familiar projects, like libreoffice and git, have been dockerized here. Notice that the complexity of the Dockerfiles varies: e.g. LOC doesn't always correlate with the amount of outgoing dependencies (e.g. apt packages or cloned Git repos).