37c15af130
Updated documentation to reflect v0.7.0 Temporal architecture which uses MinIO for storage instead of a Docker registry. Major changes: - getting-started.md: Added mandatory volumes/env/.env setup, removed registry config section, updated service list - docker-setup.md: Complete rewrite focusing on system requirements and worker profiles instead of registry - index.md: Replaced registry warning with environment file requirement - troubleshooting.md: Removed all registry troubleshooting, added environment configuration issues
5.5 KiB
FuzzForge Documentation
Welcome to FuzzForge, a comprehensive security analysis platform built on Temporal that automates security testing workflows. FuzzForge provides production-ready workflows that run static analysis, secret detection, infrastructure scanning, penetration testing, and custom fuzzing campaigns with Docker-based isolation and SARIF-compliant reporting.
🚀 Quick Navigation
📚 Tutorials - Learn by doing
Perfect for newcomers who want to learn FuzzForge step by step.
- Getting Started - Complete setup from installation to first workflow
- First Workflow - Run your first security workflow
- Building Custom Workflows - Create and deploy custom workflows
🛠️ How-To Guides - Problem-focused solutions
Step-by-step guides for specific tasks and common problems.
- Installation - Install FuzzForge with proper Docker setup
- Docker Setup - Configure Docker with insecure registry (required)
- Running Workflows - Execute different workflow types
- CLI Usage - Command-line interface patterns
- API Integration - REST API usage and integration
- MCP Integration - AI assistant integration setup
- Troubleshooting - Common issues and solutions
💡 Concepts - Understanding-oriented
Background information and conceptual explanations.
- Architecture - System design and component interactions
- Workflows - How workflows function and interact
- Security Analysis - Security analysis methodology
- Docker Containers - Containerization approach
- SARIF Format - Industry-standard security results format
📖 Reference - Information-oriented
Technical reference materials and specifications.
Workflows
- All Workflows - Complete workflow reference
- Static Analysis - Code vulnerability detection
- Secret Detection - Credential discovery
- Infrastructure Scan - Infrastructure security
- Penetration Testing - Security testing
- Language Fuzzing - Input validation testing
- Security Assessment - Comprehensive analysis
APIs and Interfaces
- REST API - Complete API documentation
- CLI Reference - Command-line interface
- Configuration - System configuration options
Additional Resources
- AI Orchestration (Advanced) - Multi-agent orchestration, A2A services, ingestion, and LLM configuration
- Docker Configuration - Complete Docker setup requirements
- Contributing - Development and contribution guidelines
- FAQ - Frequently asked questions
- Changelog - Version history and updates
🎯 FuzzForge at a Glance
6 Production Workflows:
- Static Analysis (Semgrep, Bandit, CodeQL)
- Secret Detection (TruffleHog, Gitleaks, detect-secrets)
- Infrastructure Scan (Checkov, Hadolint, Kubesec)
- Penetration Testing (Nuclei, Nmap, SQLMap, Nikto)
- Language Fuzzing (AFL++, libFuzzer, Cargo Fuzz)
- Security Assessment (Comprehensive multi-tool analysis)
Multiple Interfaces:
- 💻 CLI:
fuzzforge runs submit static_analysis_scan /path/to/code - 🐍 Python SDK: Programmatic workflow integration
- 🌐 REST API: HTTP-based workflow management
- 🤖 MCP: AI assistant integration (Claude, ChatGPT)
Key Features:
- Container-based workflow execution with Docker isolation
- SARIF-compliant security results format
- Real-time workflow monitoring and progress tracking
- Persistent result storage with shared volumes
- Custom Docker image building for specialized tools
🚨 Important Setup Requirement
Environment Configuration Required
Before starting FuzzForge, you must create the environment configuration file:
cp volumes/env/.env.example volumes/env/.env
Docker Compose will fail without this file. You can leave it with default values if you're only using basic workflows (no AI features).
See Getting Started Guide for detailed setup instructions.
📋 Documentation Framework
This documentation follows the Diátaxis framework:
- Tutorials: Learning-oriented, hands-on lessons
- How-to guides: Problem-oriented, step-by-step instructions
- Concepts: Understanding-oriented, theoretical knowledge
- Reference: Information-oriented, technical specifications
New to FuzzForge? Start with the Getting Started Tutorial
Need help? Check the FAQ or Troubleshooting Guide
Want to contribute? See the Contributing Guide