OSS-CRS

Orchestrate autonomous Cyber Reasoning Systems for OSS-Fuzz-style targets — bug-finding, bug-fixing, triage, and ensembles, all behind one CLI.

Run a baseline CRS against an OSS-Fuzz target in three commands. No LLM keys required for the libFuzzer baseline.

Get started →

Registry

Browse certified CRSs — bug-finding, bug-fixing, triage, seed-filter — that drop into your compose file.

Browse CRSs →

Docs

Compose & CRS configuration, target project setup, LLM routing, design notes, and the full CRS development guide.

Read the docs →

Quick Start

OSS-CRS works with projects that follow the OSS-Fuzz project structure. Make sure you have Python 3.10+, Docker, git, and uv installed.

1. Prepare a target project

git clone https://github.com/google/oss-fuzz.git ~/oss-fuzz

2. Run a baseline CRS

crs-libfuzzer is a lightweight CRS that runs libFuzzer on the target. It needs no LLM credentials and is a good baseline.

# Prepare the CRS
uv run oss-crs prepare \
  --compose-file ./example/crs-libfuzzer/compose.yaml

# Build the target project
uv run oss-crs build-target \
  --compose-file ./example/crs-libfuzzer/compose.yaml \
  --fuzz-proj-path ~/oss-fuzz/projects/libxml2

# Run the CRS against the "xml" harness
uv run oss-crs run \
  --compose-file ./example/crs-libfuzzer/compose.yaml \
  --fuzz-proj-path ~/oss-fuzz/projects/libxml2 \
  --target-harness xml

3. Run an LLM-backed CRS

For LLM-backed CRSs, export provider keys (or put them in .env) and use one of the multi-language Atlantis examples.

export OPENAI_API_KEY=<OPENAI_API_KEY>
export GEMINI_API_KEY=<GEMINI_API_KEY>
export ANTHROPIC_API_KEY=<ANTHROPIC_API_KEY>

uv run oss-crs prepare \
  --compose-file ./example/atlantis-multilang-wo-concolic/compose.yaml

uv run oss-crs build-target \
  --compose-file ./example/atlantis-multilang-wo-concolic/compose.yaml \
  --fuzz-proj-path ~/oss-fuzz/projects/libxml2

uv run oss-crs run \
  --compose-file ./example/atlantis-multilang-wo-concolic/compose.yaml \
  --fuzz-proj-path ~/oss-fuzz/projects/libxml2 \
  --target-harness xml

See LLM configuration for full provider details.

4. Compose an ensemble

Define multiple CRSs in one compose file to run them in parallel against the same target. Each CRS keeps its own CPU, memory, and LLM budget. See the compose reference for the full schema.

OSS-CRS is a sandbox project in the OpenSSF

Next steps

Browse the CRS Registry — pick a registered CRS to plug into your compose file.
Build your own CRS — package a bug-finding or bug-fixing tool behind the OSS-CRS lifecycle.
Host setup — enable cgroup-parent mode for flexible per-CRS resource sharing.
Architecture notes — main components and lifecycle.