GitLab acquired Peach Tech, the industry leader in protocol and API fuzz testing, last year.
We were thrilled to release API fuzz testing as part of our 13.4 release. Since then we’ve made tons of improvements, such as adding Postman support and supporting runtime value overrides, and we’ve received great feedback. We’ve also heard the questions about the Peach protocol fuzz testing capabilities and what is going to happen to them.
Today, we are incredibly excited to announce that we are releasing the core protocol fuzz testing engine of Peach as GitLab Protocol Fuzzer Community Edition, and it’s open source! This edition has many capabilities previously only available with a commercial Peach license. It contains the engine to run and orchestrate fuzz tests as well as the pieces needed to define your own protocols.
This is a major gain for the open source community
Previously, the only way to get access to many of these tools was to pay for the commercial version of Peach Fuzzer, or to use an older, unmaintained version of Peach Fuzzer Community that lacked many of the features and bug fixes available in the commercial version. By open sourcing much of what was previously available only with a paid license, we are thrilled to enable more security researchers, students, and developers to experiment with and use protocol fuzz testing to find vulnerabilities and bugs that other tools will not. This also enables everyone to contribute and help advance the state of the art even further!
Future plans for fuzz testing
We plan to add additional capabilities to the Community Edition in the future and integrate it into GitLab the product. You can read more details about our future plans on our fuzz testing direction page. We will keep our stewardship policy in mind as we determine which tiers of GitLab that specific features are added to. Some of the capabilities you can look forward to are industry-specific features, tighter integration with the CI process and vulnerability management, as well as pre-built support for many common network protocols.
One of our values at GitLab is iteration and we wanted to share the Community Edition as soon as we could so everyone can contribute sooner! We would love for you to check it out and provide feedback and your own contributions.