fd21a5e7b1
- Remove volumes/env/.env.example file - Update all documentation references to use .env.template instead - Update bootstrap script error message - Update .gitignore comment
5.3 KiB
FuzzForge Documentation
Welcome to FuzzForge, a comprehensive security analysis platform built on Temporal that automates security testing workflows. FuzzForge provides production-ready workflows that run static analysis, secret detection, infrastructure scanning, penetration testing, and custom fuzzing campaigns with Docker-based isolation and SARIF-compliant reporting.
🚀 Quick Navigation
📚 Tutorials - Learn by doing
Perfect for newcomers who want to learn FuzzForge step by step.
- Getting Started - Complete setup from installation to first workflow
🛠️ How-To Guides - Problem-focused solutions
Step-by-step guides for specific tasks and common problems.
- Docker Setup - Docker requirements and worker profiles
- Create Workflow - Build custom security workflows
- Create Module - Develop security analysis modules
- API Integration - REST API usage and integration
- MCP Integration - AI assistant integration setup
- Troubleshooting - Common issues and solutions
💡 Concepts - Understanding-oriented
Background information and conceptual explanations.
- Architecture - System design and component interactions
- Workflows - How workflows function and interact
- Security Analysis - Security analysis methodology
- Docker Containers - Containerization approach
- SARIF Format - Industry-standard security results format
📖 Reference - Information-oriented
Technical reference materials and specifications.
Workflows
- All Workflows - Complete workflow reference
- Static Analysis - Code vulnerability detection
- Secret Detection - Credential discovery
- Infrastructure Scan - Infrastructure security
- Penetration Testing - Security testing
- Language Fuzzing - Input validation testing
- Security Assessment - Comprehensive analysis
APIs and Interfaces
- REST API - Complete API documentation
- CLI Reference - Command-line interface
- Configuration - System configuration options
Additional Resources
- AI Orchestration (Advanced) - Multi-agent orchestration, A2A services, ingestion, and LLM configuration
- Docker Configuration - Complete Docker setup requirements
- Contributing - Development and contribution guidelines
- FAQ - Frequently asked questions
- Changelog - Version history and updates
🎯 FuzzForge at a Glance
Production-Ready Workflows:
- Security Assessment - Regex-based analysis for secrets, SQL injection, dangerous functions
- Gitleaks Detection - Pattern-based secret scanning
- TruffleHog Detection - Pattern-based secret scanning
- LLM Secret Detection - AI-powered secret detection (requires API key)
Development Workflows:
- Atheris Fuzzing - Python fuzzing (early development)
- Cargo Fuzzing - Rust fuzzing (early development)
- OSS-Fuzz Campaign - OSS-Fuzz integration (heavy development)
Multiple Interfaces:
- 💻 CLI:
fuzzforge workflow run security_assessment /path/to/code - 🐍 Python SDK: Programmatic workflow integration
- 🌐 REST API: HTTP-based workflow management
- 🤖 MCP: AI assistant integration (Claude, ChatGPT)
Key Features:
- Container-based workflow execution with Docker isolation
- SARIF-compliant security results format
- Real-time workflow monitoring and progress tracking
- Persistent result storage with shared volumes
- Custom Docker image building for specialized tools
🚨 Important Setup Requirement
Environment Configuration Required
Before starting FuzzForge, you must create the environment configuration file:
cp volumes/env/.env.template volumes/env/.env
Docker Compose will fail without this file. You can leave it with default values if you're only using basic workflows (no AI features).
See Getting Started Guide for detailed setup instructions.
📋 Documentation Framework
This documentation follows the Diátaxis framework:
- Tutorials: Learning-oriented, hands-on lessons
- How-to guides: Problem-oriented, step-by-step instructions
- Concepts: Understanding-oriented, theoretical knowledge
- Reference: Information-oriented, technical specifications
New to FuzzForge? Start with the Getting Started Tutorial
Need help? Check the FAQ or Troubleshooting Guide
Want to contribute? See the Contributing Guide