Skip to main content

FuzzForge CLI Reference

Complete reference for the FuzzForge CLI (ff command). Use this as your quick lookup for all commands, options, and examples.

Global Optionsโ€‹

OptionDescription
--help, -hShow help message
--version, -vShow version information

Core Commandsโ€‹

ff initโ€‹

Initialize a new FuzzForge project in the current directory.

Usage:

ff init [OPTIONS]

Options:

  • --name, -n โ€” Project name (defaults to current directory name)
  • --api-url, -u โ€” FuzzForge API URL (defaults to http://localhost:8000)
  • --force, -f โ€” Force initialization even if project already exists

Examples:

ff init                           # Initialize with defaults
ff init --name my-project         # Set custom project name
ff init --api-url http://prod:8000  # Use custom API URL

ff statusโ€‹

Show project and latest execution status.

Usage:

ff status

Example Output:

๐Ÿ“Š Project Status
   Project: my-security-project
   API URL: http://localhost:8000

Latest Execution:
   Run ID: security_scan-a1b2c3
   Workflow: security_assessment
   Status: COMPLETED
   Started: 2 hours ago

ff configโ€‹

Manage project configuration.

Usage:

ff config                    # Show all config
ff config <key>              # Get specific value
ff config <key> <value>      # Set value

Examples:

ff config                         # Display all settings
ff config api_url                 # Get API URL
ff config api_url http://prod:8000  # Set API URL

ff cleanโ€‹

Clean old execution data and findings.

Usage:

ff clean [OPTIONS]

Options:

  • --days, -d โ€” Remove data older than this many days (default: 90)
  • --dry-run โ€” Show what would be deleted without deleting

Examples:

ff clean                    # Clean data older than 90 days
ff clean --days 30          # Clean data older than 30 days
ff clean --dry-run          # Preview what would be deleted

Workflow Commandsโ€‹

ff workflowsโ€‹

Browse and list available workflows.

Usage:

ff workflows [COMMAND]

Subcommands:

  • list โ€” List all available workflows
  • info <workflow> โ€” Show detailed workflow information
  • params <workflow> โ€” Show workflow parameters

Examples:

ff workflows list                    # List all workflows
ff workflows info python_sast        # Show workflow details
ff workflows params python_sast      # Show parameters

ff workflowโ€‹

Execute and manage individual workflows.

Usage:

ff workflow <COMMAND>

Subcommands:

ff workflow runโ€‹

Execute a security testing workflow.

Usage:

ff workflow run <workflow> <target> [params...] [OPTIONS]

Arguments:

  • <workflow> โ€” Workflow name
  • <target> โ€” Target path to analyze
  • [params...] โ€” Parameters as key=value pairs

Options:

  • --param-file, -f โ€” JSON file containing workflow parameters
  • --timeout, -t โ€” Execution timeout in seconds
  • --interactive / --no-interactive, -i / -n โ€” Interactive parameter input (default: interactive)
  • --wait, -w โ€” Wait for execution to complete
  • --live, -l โ€” Start live monitoring after execution
  • --auto-start / --no-auto-start โ€” Automatically start required worker
  • --auto-stop / --no-auto-stop โ€” Automatically stop worker after completion
  • --fail-on โ€” Fail build if findings match SARIF level (error, warning, note, info, all, none)
  • --export-sarif โ€” Export SARIF results to file after completion

Examples:

# Basic workflow execution
ff workflow run python_sast ./project

# With parameters
ff workflow run python_sast ./project check_secrets=true

# CI/CD integration - fail on errors
ff workflow run python_sast ./project --wait --no-interactive \
  --fail-on error --export-sarif results.sarif

# With parameter file
ff workflow run python_sast ./project --param-file config.json

# Live monitoring for fuzzing
ff workflow run atheris_fuzzing ./project --live

ff workflow statusโ€‹

Check status of latest or specific workflow execution.

Usage:

ff workflow status [run_id]

Examples:

ff workflow status                     # Show latest execution status
ff workflow status python_sast-abc123  # Show specific execution

ff workflow historyโ€‹

Show execution history.

Usage:

ff workflow history [OPTIONS]

Options:

  • --limit, -l โ€” Number of executions to show (default: 10)

Example:

ff workflow history --limit 20

ff workflow retryโ€‹

Retry a failed workflow execution.

Usage:

ff workflow retry <run_id>

Example:

ff workflow retry python_sast-abc123

Finding Commandsโ€‹

ff findingsโ€‹

Browse all findings across executions.

Usage:

ff findings [COMMAND]

Subcommands:

ff findings listโ€‹

List findings from a specific run.

Usage:

ff findings list [run_id] [OPTIONS]

Options:

  • --format โ€” Output format: table, json, sarif (default: table)
  • --save โ€” Save findings to file

Examples:

ff findings list                        # Show latest findings
ff findings list python_sast-abc123     # Show specific run
ff findings list --format json          # JSON output
ff findings list --format sarif --save  # Export SARIF

ff findings exportโ€‹

Export findings to various formats.

Usage:

ff findings export <run_id> [OPTIONS]

Options:

  • --format โ€” Output format: json, sarif, csv
  • --output, -o โ€” Output file path

Example:

ff findings export python_sast-abc123 --format sarif --output results.sarif

ff findings historyโ€‹

Show finding history across multiple runs.

Usage:

ff findings history [OPTIONS]

Options:

  • --limit, -l โ€” Number of runs to include (default: 10)

ff findingโ€‹

View and analyze individual findings.

Usage:

ff finding [id]                         # Show latest or specific finding
ff finding show <run_id> --rule <rule>  # Show specific finding detail

Examples:

ff finding                                # Show latest finding
ff finding python_sast-abc123             # Show specific run findings
ff finding show python_sast-abc123 --rule f2cf5e3e  # Show specific finding

Worker Management Commandsโ€‹

ff workerโ€‹

Manage Temporal workers for workflow execution.

Usage:

ff worker <COMMAND>

Subcommands:

ff worker listโ€‹

List FuzzForge workers and their status.

Usage:

ff worker list [OPTIONS]

Options:

  • --all, -a โ€” Show all workers (including stopped)

Examples:

ff worker list          # Show running workers
ff worker list --all    # Show all workers

Example Output:

FuzzForge Workers
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“
โ”ƒ Worker  โ”ƒ Status    โ”ƒ Uptime         โ”ƒ
โ”กโ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ฉ
โ”‚ android โ”‚ โ— Running โ”‚ 5 minutes ago  โ”‚
โ”‚ python  โ”‚ โ— Running โ”‚ 10 minutes ago โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

โœ… 2 worker(s) running

ff worker startโ€‹

Start a specific worker.

Usage:

ff worker start <name> [OPTIONS]

Arguments:

  • <name> โ€” Worker name (e.g., python, android, rust, secrets)

Options:

  • --build โ€” Rebuild worker image before starting

Examples:

ff worker start python           # Start Python worker
ff worker start android --build  # Rebuild and start Android worker

Available Workers:

  • python โ€” Python security analysis and fuzzing
  • android โ€” Android APK analysis
  • rust โ€” Rust fuzzing and analysis
  • secrets โ€” Secret detection workflows
  • ossfuzz โ€” OSS-Fuzz integration

ff worker stopโ€‹

Stop all running FuzzForge workers.

Usage:

ff worker stop [OPTIONS]

Options:

  • --all โ€” Stop all workers (default behavior, flag for clarity)

Example:

ff worker stop

Note: This command stops only worker containers, leaving core services (backend, temporal, minio) running.

Monitoring Commandsโ€‹

ff monitorโ€‹

Real-time monitoring for running workflows.

Usage:

ff monitor [COMMAND]

Subcommands:

  • live <run_id> โ€” Live monitoring for a specific execution
  • stats <run_id> โ€” Show statistics for fuzzing workflows

Examples:

ff monitor live atheris-abc123    # Monitor fuzzing campaign
ff monitor stats atheris-abc123   # Show fuzzing statistics

AI Integration Commandsโ€‹

ff aiโ€‹

AI-powered analysis and assistance.

Usage:

ff ai [COMMAND]

Subcommands:

  • analyze <run_id> โ€” Analyze findings with AI
  • explain <finding_id> โ€” Get AI explanation of a finding
  • remediate <finding_id> โ€” Get remediation suggestions

Examples:

ff ai analyze python_sast-abc123           # Analyze all findings
ff ai explain python_sast-abc123:finding1  # Explain specific finding
ff ai remediate python_sast-abc123:finding1  # Get fix suggestions

Knowledge Ingestion Commandsโ€‹

ff ingestโ€‹

Ingest knowledge into the AI knowledge base.

Usage:

ff ingest [COMMAND]

Subcommands:

  • file <path> โ€” Ingest a file
  • directory <path> โ€” Ingest directory contents
  • workflow <workflow_name> โ€” Ingest workflow documentation

Examples:

ff ingest file ./docs/security.md           # Ingest single file
ff ingest directory ./docs                  # Ingest directory
ff ingest workflow python_sast              # Ingest workflow docs

Common Workflow Examplesโ€‹

CI/CD Integrationโ€‹

# Run security scan in CI, fail on errors
ff workflow run python_sast . \
  --wait \
  --no-interactive \
  --fail-on error \
  --export-sarif results.sarif

Local Developmentโ€‹

# Quick security check
ff workflow run python_sast ./my-code

# Check specific file types
ff workflow run python_sast . file_extensions='[".py",".js"]'

# Interactive parameter configuration
ff workflow run python_sast . --interactive

Fuzzing Workflowsโ€‹

# Start fuzzing with live monitoring
ff workflow run atheris_fuzzing ./project --live

# Long-running fuzzing campaign
ff workflow run ossfuzz_campaign ./project \
  --auto-start \
  duration=3600 \
  --live

Worker Managementโ€‹

# Check which workers are running
ff worker list

# Start needed worker manually
ff worker start python --build

# Stop all workers when done
ff worker stop

Configuration Filesโ€‹

Project Config (.fuzzforge/config.json)โ€‹

{
  "project_name": "my-security-project",
  "api_url": "http://localhost:8000",
  "default_workflow": "python_sast",
  "auto_start_workers": true,
  "auto_stop_workers": false
}

Parameter File Exampleโ€‹

{
  "check_secrets": true,
  "file_extensions": [".py", ".js", ".go"],
  "severity_threshold": "medium",
  "exclude_patterns": ["**/test/**", "**/vendor/**"]
}

Exit Codesโ€‹

CodeMeaning
0Success
1General error
2Findings matched --fail-on criteria
3Worker startup failed
4Workflow execution failed

Environment Variablesโ€‹

VariableDescriptionDefault
FUZZFORGE_API_URLBackend API URLhttp://localhost:8000
FUZZFORGE_ROOTFuzzForge installation directoryAuto-detected
FUZZFORGE_DEBUGEnable debug loggingfalse

Tips and Best Practicesโ€‹

  1. Use --no-interactive in CI/CD โ€” Prevents prompts that would hang automated pipelines
  2. Use --fail-on for quality gates โ€” Fail builds based on finding severity
  3. Export SARIF for tool integration โ€” Most security tools support SARIF format
  4. Let workflows auto-start workers โ€” More efficient than manually managing workers
  5. Use --wait with --export-sarif โ€” Ensures results are available before export
  6. Check ff worker list regularly โ€” Helps manage system resources
  7. Use parameter files for complex configs โ€” Easier to version control and reuse

Need Help?

ff --help                # General help
ff workflow run --help   # Command-specific help
ff worker --help         # Worker management help