Google has opened the source code for the ClusterFuzz platform, intended for fuzzing code testing using a server cluster. In addition to coordinating the execution of checks, ClusterFuzz also automates the execution of tasks such as sending a notification to developers, creating an application for a patch (issue), tracking a bug fix, and closing reports after a patch. The code is written in Python and Go, and distributed under the Apache 2.0 license. ClusterFuzz instances can run on Linux, macOS and Windows systems, as well as in various cloud environments.
Since 2011, ClusterFuzz has been used in the depths of Google to detect errors in the Chrome codebase and to ensure the operation of the OSS-Fuzz project, in the framework of which continuous fuzzing testing of open source software was organized. In total, ClusterFuzz has revealed more than 16 thousand errors in Chrome and more than 11 thousand errors in 160 open source projects participating in the OSS-Fuzz program. Due to the continuous process of checking the current code base, errors are usually caught within a few parts after the code is introduced and the changes causing them.