ZAP Cronjob using more memory

[Darshil Shah]

I am using automation plan to use ZAP which is executed periodically by kubernetes cronjob. The pod is created new each time cronjob is executed. 

And each time the pod has been ended with OOMKilled after providing heafty 8G memory. Though the issue has been resolved after increasing allocated memory to 16G but upon monitoring the memory using memory monitoring tool, I noticed that the requested memory for ZAP has been increasing with each execution. 

1. Does ZAP stores the previous data/session and pass to new pod? If yes is there any option to stop this

2. Is there any other solution to this issue?

[Simon Bennetts]

That sounds unlikely, but it all depends on how you are running ZAP and setting up your pods.

Cheers,

Simon

[Darshil Shah]

I'm running the below commands to execute the ZAP : 

./zap.sh -cmd -addonupdate -addoninstall jython -addoninstall pscanrulesBeta -addoninstall ascanrulesAlpha

./zap.sh -cmd -autorun /zap/wrk/zap.yml

Here, I'm usig zap.yml to pass the automation steps. 

Also, is it expected from ZAP that it uses heavy memory like 16GB if we are testing large enterprise level solutions

Thanks

[Darshil Shah]

Thanks Simon for reply. 

I'm running ZAP with the below commands

./zap.sh -cmd -addonupdate -addoninstall jython -addoninstall pscanrulesBeta -addoninstall ascanrulesAlpha

./zap.sh -cmd -autorun /zap/wrk/zap.yml

Here zap.yml is the file where I've defined the automation stages. 

Also, Is it expected from ZAP using 16GB of RAM if we are testing large enterprise-level solutions?

Regards,

Darshil Shah

--
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/JZS8H6QrngQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/d49b5378-93a1-415c-9e5e-361d3933c082n%40googlegroups.com.

[Simon Bennetts]

ZAP will not be inheriting anything if you run it that way.

Is 16GB RAM expected? Maybe, it all depends on how big your app is :)

Does your app have any Data Driven Content?

https://www.zaproxy.org/docs/desktop/start/features/ddc/

If so you may well be getting ZAP to do much more than you need it to.

Cheers,

Simon

[Darshil Shah]

Okay. Thanks for confirming.

1. Would using -lowmem flag make any significant difference? (https://www.zaproxy.org/docs/desktop/cmdline/#add-ons )

2. I've used spiderAjax phase in my scan and provided 2 cpu. I found one thread where it was mentioned that numberOfBrowsers would be 2 * the number of processors.

Regards,

Darshil Shah

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/171d715b-e1cf-45b9-b422-43fffd758672n%40googlegroups.com.

[thc...@gmail.com]

> I noticed that the requested memory for ZAP has been increasing with
each execution.

Can you provide more details on how are you executing ZAP? Sounds like
you are not creating a new session after each execution.

Best regards.

On 09/02/2024 11:01, Darshil Shah wrote:
> Okay. Thanks for confirming.
> 1. Would using -lowmem flag make any significant difference? (
> https://www.zaproxy.org/docs/desktop/cmdline/#add-ons )
> 2. I've used spiderAjax phase in my scan and provided 2 cpu. I found one
> thread

> <https://groups.google.com/g/zaproxy-users/c/arnqqgYe9DA/m/_0X9ytshAQAJ>

>>>> <https://groups.google.com/d/msgid/zaproxy-users/d49b5378-93a1-415c-9e5e-361d3933c082n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .

>>>>
>>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "ZAP User Group" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/zaproxy-users/JZS8H6QrngQ/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> zaproxy-user...@googlegroups.com.
>> To view this discussion on the web visit

>> https://groups.google.com/d/msgid/zaproxy-users/171d715b-e1cf-45b9-b422-43fffd758672n%40googlegroups.com
>> <https://groups.google.com/d/msgid/zaproxy-users/171d715b-e1cf-45b9-b422-43fffd758672n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>

[Darshil Shah]

I'm running the below command to run ZAP. Here zap.yml is yaml file for automation purpose.

./zap.sh -cmd -autorun /zap/wrk/zap.yml

Regards,

Darshil Shah

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8b0cf53d-1638-49a1-9c23-fa03d16dce38%40gmail.com.

[Darshil Shah]

1. Would using -lowmem flag make any significant difference? (https://www.zaproxy.org/docs/desktop/cmdline/#add-ons )

2. I've used spiderAjax phase in my scan and provided 2 cpu. I found one thread where it was mentioned that numberOfBrowsers would be 2 * the number of processors.

Regards,

Darshil Shah

[Simon Bennetts]

The "-lowmem" flag is experimental and has not been worked on in a long time. It may even stop ZAP from working properly.

Can you find out which processes are using all of the memory?

We need to know if ZAP is consuming the most memory, or if its the browsers ZAP is launching. Or something else of course :)

Cheers,

Simon

[Darshil Shah]

Okay thanks for helping. I'll try to find out the process consuming most memory.

Regards,

Darshil Shah

--

You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/JZS8H6QrngQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/d1ac5dd4-afd0-4b4b-b9e6-2f5792869565n%40googlegroups.com.