diff --git a/go.mod b/go.mod
index 4897e26..83fb0be 100644
--- a/go.mod
+++ b/go.mod
@@ -3,12 +3,13 @@ module github.com/spdx/spdx-sbom-generator
 go 1.15
 
 require (
+	git.fuzzbuzz.io/fuzz v0.0.16
 	github.com/go-enry/go-license-detector/v4 v4.2.0
 	github.com/go-git/go-git/v5 v5.1.0
 	github.com/google/uuid v1.2.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.1.3
-	github.com/stretchr/testify v1.6.1
+	github.com/stretchr/testify v1.7.0
 	github.com/vifraa/gopom v0.1.0
 	golang.org/x/mod v0.4.2
 )
diff --git a/go.sum b/go.sum
index 6479460..df17842 100644
--- a/go.sum
+++ b/go.sum
@@ -11,6 +11,8 @@ cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqCl
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+git.fuzzbuzz.io/fuzz v0.0.16 h1:WovQKS4TaqrJeEe82Bs5ONQwTmuDfCc8Gn9O971H6Ls=
+git.fuzzbuzz.io/fuzz v0.0.16/go.mod h1:Wi44MZ5w0hfdfstzIAlay361oBmlY5YGHCOIP+EpoaA=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -90,6 +92,8 @@ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/flatbuffers v1.12.0 h1:/PtAHvnBY4Kqnx/xCQ3OIV9uYcSFGScBsWI3Oogeh6w=
+github.com/google/flatbuffers v1.12.0/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -234,6 +238,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/vifraa/gopom v0.1.0 h1:v897eVxf6lflkEXzPmKbo4YhX2oS/LGjz7cqjWnSmCU=
diff --git a/pkg/modules/javagradle/project_fuzz.go b/pkg/modules/javagradle/project_fuzz.go
new file mode 100644
index 0000000..ef15a7a
--- /dev/null
+++ b/pkg/modules/javagradle/project_fuzz.go
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: Apache-2.0
+
+package javagradle
+
+import "git.fuzzbuzz.io/fuzz"
+
+func FuzzParseProject(f *fuzz.F) {
+	parseProjectInfo(f.Bytes("Project").Get())
+}
diff --git a/pkg/modules/javagradle/project_test.go b/pkg/modules/javagradle/project_test.go
index 763f970..8a1717d 100644
--- a/pkg/modules/javagradle/project_test.go
+++ b/pkg/modules/javagradle/project_test.go
@@ -3,6 +3,7 @@
 package javagradle
 
 import (
+	fuzztest "git.fuzzbuzz.io/fuzz/testing"
 	"testing"
 )
 
@@ -58,3 +59,9 @@ func TestParseProjectInfo_Failures(t *testing.T) {
 		}
 	}
 }
+
+func TestFuzzParseProjectInfo(t *testing.T) {
+	f := fuzztest.NewChecker(t)
+	// run the fuzz test using 100 iterations
+	fuzztest.Randomize(f, FuzzParseProject, 100)
+}