fuzzforge_ai/docs/index.md

FuzzForge Documentation

Welcome to FuzzForge, a comprehensive security analysis platform built on Temporal that automates security testing workflows. FuzzForge provides production-ready workflows that run static analysis, secret detection, infrastructure scanning, penetration testing, and custom fuzzing campaigns with Docker-based isolation and SARIF-compliant reporting.

🚀 Quick Navigation

📚 Tutorials - Learn by doing

Perfect for newcomers who want to learn FuzzForge step by step.

• Getting Started - Complete setup from installation to first workflow
• First Workflow - Run your first security workflow
• Building Custom Workflows - Create and deploy custom workflows

🛠️ How-To Guides - Problem-focused solutions

Step-by-step guides for specific tasks and common problems.

• Installation - Install FuzzForge with proper Docker setup
• Docker Setup - Configure Docker with insecure registry (required)
• Running Workflows - Execute different workflow types
• CLI Usage - Command-line interface patterns
• API Integration - REST API usage and integration
• MCP Integration - AI assistant integration setup
• Troubleshooting - Common issues and solutions

💡 Concepts - Understanding-oriented

Background information and conceptual explanations.

• Architecture - System design and component interactions
• Workflows - How workflows function and interact
• Security Analysis - Security analysis methodology
• Docker Containers - Containerization approach
• SARIF Format - Industry-standard security results format

📖 Reference - Information-oriented

Technical reference materials and specifications.

Workflows

• All Workflows - Complete workflow reference
• Static Analysis - Code vulnerability detection
• Secret Detection - Credential discovery
• Infrastructure Scan - Infrastructure security
• Penetration Testing - Security testing
• Language Fuzzing - Input validation testing
• Security Assessment - Comprehensive analysis

APIs and Interfaces

• REST API - Complete API documentation
• CLI Reference - Command-line interface
• Configuration - System configuration options

Additional Resources

• AI Orchestration (Advanced) - Multi-agent orchestration, A2A services, ingestion, and LLM configuration
• Docker Configuration - Complete Docker setup requirements
• Contributing - Development and contribution guidelines
• FAQ - Frequently asked questions
• Changelog - Version history and updates

---

🎯 FuzzForge at a Glance

6 Production Workflows:

• Static Analysis (Semgrep, Bandit, CodeQL)
• Secret Detection (TruffleHog, Gitleaks, detect-secrets)
• Infrastructure Scan (Checkov, Hadolint, Kubesec)
• Penetration Testing (Nuclei, Nmap, SQLMap, Nikto)
• Language Fuzzing (AFL++, libFuzzer, Cargo Fuzz)
• Security Assessment (Comprehensive multi-tool analysis)

Multiple Interfaces:

• 💻 CLI: fuzzforge runs submit static_analysis_scan /path/to/code
• 🐍 Python SDK: Programmatic workflow integration
• 🌐 REST API: HTTP-based workflow management
• 🤖 MCP: AI assistant integration (Claude, ChatGPT)

Key Features:

• Container-based workflow execution with Docker isolation
• SARIF-compliant security results format
• Real-time workflow monitoring and progress tracking
• Persistent result storage with shared volumes
• Custom Docker image building for specialized tools

---

🚨 Important Setup Requirement

Docker Insecure Registry Configuration Required

FuzzForge uses a local Docker registry for workflow images. You must configure Docker to allow insecure registries:

{
  "insecure-registries": ["localhost:5001"]
}

See Docker Setup Guide for detailed configuration instructions.

---

📋 Documentation Framework

This documentation follows the Diátaxis framework:

• Tutorials: Learning-oriented, hands-on lessons
• How-to guides: Problem-oriented, step-by-step instructions
• Concepts: Understanding-oriented, theoretical knowledge
• Reference: Information-oriented, technical specifications

---

New to FuzzForge? Start with the Getting Started Tutorial

Need help? Check the FAQ or Troubleshooting Guide

Want to contribute? See the Contributing Guide