To use cnfuzzy, I only need to prepare the following 3 points.？

[zyd6]

My project is the spring boot project

1、cnfuzz/enable: "true" Set to use cnfuzzy identification
2、cnfuzz/open-api-doc: "/swagger/swagger.json" I need to prepare the swagger document under the target project container directory
3、cnfuzz/secret: "0d5989ed-d60c-470e-b1b5-576fcf0f5d8c" I don't understand the meaning of this secret. Whether the key of cnfuzzy service or the key of target project

[zyd6]

[pcktdmp]

Hi @zyd6!

1、cnfuzz/enable: "true" Set to use cnfuzzy identification
2、cnfuzz/open-api-doc: "/swagger/swagger.json" I need to prepare the swagger document under the target project container directory
3、cnfuzz/secret: "0d5989ed-d60c-470e-b1b5-576fcf0f5d8c" I don't understand the meaning of this secret. Whether the key of cnfuzzy service or the key of target project

1. correct, from that moment on CNFuzz will start fuzzing the target once a new container image (hash) is being pushed.
2. correct, so that HTTP path needs to be returning an OpenAPI spec document for the REST API running in the container.
3. this secret string is being used as soon as CNFuzz encounters an endpoint which is secured by oauth, basic auth, etc. So it is about the target API that CNFuzz is going to fuzz. We are going to better document this feature.

[pcktdmp]

#126 has been created to resolve this unclearity.

[zyd6]

hi
On the second point, can I use such a swagger document, such as: http://dev.secp.127.0.0.1.nip.io/api/test/doc.html

[pcktdmp]

hi On the second point, can I use such a swagger document, such as: http://dev.secp.127.0.0.1.nip.io/api/test/doc.html

Yes, as long as it is a JSON with an OpenAPI spec in it.

[zyd6]

[zyd6]

ok thanks i will try it