ossf
include config and logging in final report
include configs and logs in the final report
This is useful to track, for instance, which functions were discarded from the analysis
Somewhat related: https://github.com/ossf/fuzz-introspector/issues/468 We need improved metadata in the UI which can be used to trace/track/compare reports.
We need improved metadata in the UI which can be used to trace/track/compare reports
Agreed. I think configs should be included in reports because they should be more or less the same everywhere but links to logs would depend on where reports were built. Usually it's OSS-Fuzz but FI can be used outside of OSS-Fuzz too and I think it would be better if optional links like that could be configurable by passing them explicitly somewhere or something like that.
FWIW I think that even though FI reports are the main way to interact with FI it could (in theory) be used to automate issues like https://github.com/google/oss-fuzz/issues/7190 (where two snapshots of the same project should be compared). That particular issue could have been found by comparing coverage collected at runtime but combined with the static analysis it would be much more useful in general because it would cover scenarios where coverage is seemingly the same (or maybe even a bit better) but it can't keep up with new code that is suddenly reachable but isn't covered at all. I'm just spitballing but all in all I'm not sure FI should limit itself to reports on OSS-Fuzz (though I understand that it's the main use case) :-)