CI/CD

Metalware integrates into CI/CD pipelines with two complementary fuzzing strategies: long-running nightly campaigns that explore deeply, and short PR checks that regression-test against an existing corpus.

Corpus Reuse

Use --seed-from-tag to start a new analysis from the corpus of a previous one:

metalware submit firmware.elf --tag my-project-main --seed-from-tag my-project-main

Both flags use the same tag here: --seed-from-tag reads the existing corpus and --tag writes new findings back, so the corpus accumulates across runs.

Note

PR checks are most effective once the nightly pipeline has built up a substantial corpus.

Auto-Filing Issues

Use --file-github-issues or --file-gitlab-issues on nightly runs to automatically create issues in your issue tracker for newly discovered defects. Metalware deduplicates against previously filed issues, so the same bug won’t create multiple tickets.

GitHub Actions

name: Metalware
on:
  schedule:
    - cron: "0 0 * * *"
  pull_request:

jobs:
  fuzz:
    runs-on: ubuntu-latest
    env:
      METALWARE_URL: ${{ secrets.METALWARE_URL }}
      METALWARE_API_KEY: ${{ secrets.METALWARE_API_KEY }}
    steps:
      - uses: actions/checkout@v4
      # Replace with your firmware build command
      - name: Build firmware
        run: make

      - uses: astral-sh/setup-uv@v4
      - name: Install CLI
        run: uv tool install metalware

      # Nightly: deep fuzz off main, auto-file issues for new defects
      - name: Nightly fuzz
        if: ${{ github.event_name == 'schedule' }}
        run: |
          metalware submit build/firmware.elf \
            --tag my-project-main \
            --seed-from-tag my-project-main \
            --file-github-issues \
            --timeout 24h

      # PR: short regression check seeded from main corpus
      - name: PR fuzz
        if: ${{ github.event_name == 'pull_request' }}
        run: |
          metalware submit build/firmware.elf \
            --tag my-project-pr${{ github.event.number }} \
            --seed-from-tag my-project-main \
            --timeout 10m

GitLab CI

.metalware:
  image: ghcr.io/astral-sh/uv:python3.12
  variables:
    METALWARE_URL: $METALWARE_URL
    METALWARE_API_KEY: $METALWARE_API_KEY
  before_script:
    - uv tool install metalware

# Nightly: deep fuzz off main, auto-file issues for new defects
nightly-fuzz:
  extends: .metalware
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule"
  script:
    - make  # Replace with your firmware build command
    - >-
      metalware submit build/firmware.elf
      --tag my-project-main
      --seed-from-tag my-project-main
      --file-gitlab-issues
      --timeout 24h

# MR: short regression check seeded from main corpus
fuzz-mr:
  extends: .metalware
  rules:
    - if: $CI_MERGE_REQUEST_IID
  script:
    - make  # Replace with your firmware build command
    - >-
      metalware submit build/firmware.elf
      --tag my-project-mr$CI_MERGE_REQUEST_IID
      --seed-from-tag my-project-main
      --timeout 10m