StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.
Code Intelligence is adding support for JavaScript into OSS-Fuzz, Google’s platform for continuous fuzzing for open-source software.
JavaScript is one of the most widely used programming languages, especially in the context of web applications. However, security testing for the JavaScript landscape is insufficient, due to a lack of reliable security tools and good integration to common development environments. As part of Code Intelligence's initiative to develop advanced fuzzing and bug detection capabilities for memory-safe languages, it recently released Jazzer.js, a state-of-the-art fuzz testing engine that brings the advancements of white-box fuzzing into the JavaScript ecosystem.
The integration of Jazzer.js into OSS-Fuzz will be the second major language integration from Code Intelligence into Google’s open-source security testing service, for which Code Intelligence provides a complete and advanced fuzzing and bug detection solution. The company’s previous fuzz testing integration into OSS-Fuzz, for Java projects, has already contributed to finding over 500 critical bugs and security vulnerabilities, including remote code execution (such as Log4Shell), Cross-Site Scripting, and injections.
OSS-Fuzz integrates advanced, industry-standard fuzzing technologies for the languages it supports. As part of their collaboration, Code Intelligence has been a strong contributor to OSS-Fuzz for memory-safe languages, such as Java and Go:
“We’ve continuously made improvements to OSS-Fuzz’s infrastructure over the years and expanded our language offerings to cover C/C++, Go, Rust, Java, Python, and Swift, and have introduced support for new frameworks such as FuzzTest.” says Oliver Chang, Senior Staff Engineer at Google’s OSS Fuzzing Team. “Additionally, as part of an ongoing collaboration with Code Intelligence, we’ll soon have support for JavaScript fuzzing through Jazzer.js.”
Jazzer.js is free, open-source, and offers a Jest testing framework integration, so developers can write fuzz tests as easily as unit tests. Furthermore, Jazzer.js is released into the node package manager (npm) so that it is easily accessible by developers. As a result, developers can benefit from excellent integration into their integrated development environments (IDEs), such as IntelliJ and Visual Studio Code, out-of-the-box.
“Our mission is to give every developer the necessary tools to write more secure code.”, says Khaled Yakdan, Chief Scientist and Co-Founder of Code Intelligence. “I’m very glad about the collaboration with Google’s Open-Source Security Team. This will help in making the JavaScript ecosystem more reliable and secure.”
Jazzer.js enables coverage-guided fuzzing for JavaScript and the Node.js.
Industry News
Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.
Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.
AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.
Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.
Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.
Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.
Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.
Platform9 announced that Private Cloud Director Community Edition is generally available.
Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.
CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.