mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-02-12 20:32:46 +00:00

Files

tduhamel42 187b171360 docs: Fix workflow references and module paths for v0.7.0

Updated all documentation to reflect actual v0.7.0 workflow implementation:

Workflow name changes:
- Removed all references to non-existent workflows (static_analysis_scan,
  secret_detection_scan, infrastructure_scan, penetration_testing_scan)
- Updated examples to use actual workflows (security_assessment, gitleaks_detection,
  trufflehog_detection, llm_secret_detection)
- Deleted docs/docs/reference/workflows/static-analysis.md (described non-existent workflow)

Content corrections:
- Fixed workflow tool descriptions (removed incorrect Semgrep/Bandit references,
  documented actual SecurityAnalyzer and FileScanner modules)
- Updated all workflow lists to show production-ready vs development status
- Fixed all example configurations to match actual workflow parameters

Module creation guide fixes:
- Fixed 4 path references: backend/src/toolbox → backend/toolbox
- Updated import statements in example code

Files updated:
- docs/index.md - workflow list, CLI example, broken tutorial links
- docs/docs/tutorial/getting-started.md - workflow list, example output, tool descriptions
- docs/docs/how-to/create-module.md - module paths and imports
- docs/docs/how-to/mcp-integration.md - workflow examples and list
- docs/docs/ai/prompts.md - workflow example
- docs/docs/reference/cli-ai.md - 3 workflow references

2025-10-17 10:48:48 +02:00

5.3 KiB

Raw Blame History

FuzzForge Documentation

Welcome to FuzzForge, a comprehensive security analysis platform built on Temporal that automates security testing workflows. FuzzForge provides production-ready workflows that run static analysis, secret detection, infrastructure scanning, penetration testing, and custom fuzzing campaigns with Docker-based isolation and SARIF-compliant reporting.

📚 Tutorials - Learn by doing

Perfect for newcomers who want to learn FuzzForge step by step.

Getting Started - Complete setup from installation to first workflow

🛠️ How-To Guides - Problem-focused solutions

Step-by-step guides for specific tasks and common problems.

Docker Setup - Docker requirements and worker profiles
Create Workflow - Build custom security workflows
Create Module - Develop security analysis modules
API Integration - REST API usage and integration
MCP Integration - AI assistant integration setup
Troubleshooting - Common issues and solutions

💡 Concepts - Understanding-oriented

Background information and conceptual explanations.

Architecture - System design and component interactions
Workflows - How workflows function and interact
Security Analysis - Security analysis methodology
Docker Containers - Containerization approach
SARIF Format - Industry-standard security results format

📖 Reference - Information-oriented

Technical reference materials and specifications.

Workflows

All Workflows - Complete workflow reference
Static Analysis - Code vulnerability detection
Secret Detection - Credential discovery
Infrastructure Scan - Infrastructure security
Penetration Testing - Security testing
Language Fuzzing - Input validation testing
Security Assessment - Comprehensive analysis

APIs and Interfaces

REST API - Complete API documentation
CLI Reference - Command-line interface
Configuration - System configuration options

Additional Resources

AI Orchestration (Advanced) - Multi-agent orchestration, A2A services, ingestion, and LLM configuration
Docker Configuration - Complete Docker setup requirements
Contributing - Development and contribution guidelines
FAQ - Frequently asked questions
Changelog - Version history and updates

🎯 FuzzForge at a Glance

Production-Ready Workflows:

Security Assessment - Regex-based analysis for secrets, SQL injection, dangerous functions
Gitleaks Detection - Pattern-based secret scanning
TruffleHog Detection - Pattern-based secret scanning
LLM Secret Detection - AI-powered secret detection (requires API key)

Development Workflows:

Atheris Fuzzing - Python fuzzing (early development)
Cargo Fuzzing - Rust fuzzing (early development)
OSS-Fuzz Campaign - OSS-Fuzz integration (heavy development)

Multiple Interfaces:

💻 CLI: fuzzforge workflow run security_assessment /path/to/code
🐍 Python SDK: Programmatic workflow integration
🌐 REST API: HTTP-based workflow management
🤖 MCP: AI assistant integration (Claude, ChatGPT)

Key Features:

Container-based workflow execution with Docker isolation
SARIF-compliant security results format
Real-time workflow monitoring and progress tracking
Persistent result storage with shared volumes
Custom Docker image building for specialized tools

🚨 Important Setup Requirement

Environment Configuration Required

Before starting FuzzForge, you must create the environment configuration file:

cp volumes/env/.env.example volumes/env/.env

Docker Compose will fail without this file. You can leave it with default values if you're only using basic workflows (no AI features).

See Getting Started Guide for detailed setup instructions.

📋 Documentation Framework

This documentation follows the Diátaxis framework:

Tutorials: Learning-oriented, hands-on lessons
How-to guides: Problem-oriented, step-by-step instructions
Concepts: Understanding-oriented, theoretical knowledge
Reference: Information-oriented, technical specifications

New to FuzzForge? Start with the Getting Started Tutorial

Need help? Check the FAQ or Troubleshooting Guide

Want to contribute? See the Contributing Guide

5.3 KiB Raw Blame History