Blog Post: Alert De-Duplication

Simon Bennetts

unread,

Sep 30, 2025, 9:12:59 AMSep 30

to ZAP User Group

We are in the process of making some changes which will help remove "duplicate" alerts.

For more details see https://www.zaproxy.org/blog/2025-09-30-alert-de-duplication/

And feel free to ask any questions or raise any concerns about these changes on this thread.

Many thanks,

Simon

Simon Bennetts

unread,

Oct 16, 2025, 9:36:05 AMOct 16

to ZAP User Group

We have just regenerated the ZAP nightly docker image with some key change for alert de-duplication.

In theory you should see no differences right now, but the changes could have some unanticipated side effects.

So if you are using the nightly release and see anything "strange" then please let us know ASAP.

Many thanks,

Simon

Simon Bennetts

unread,

Oct 24, 2025, 4:47:33 AM (13 days ago) Oct 24

to ZAP User Group

The most recent weekly includes the initial alert de-duplication changes.

We have found that for some apps we are seeing a significant reduction in the number of instances of passive scan alerts.

This is a good thing - the instances were in fact duplicates which provided no extra value.

But we would love to hear from anyone using the weeklies - are you seeing a similar reduction in alerts?

Or have you noticed any other changes?

Many thanks,

Simon

Simon Bennetts

unread,

Oct 28, 2025, 8:18:13 AM (9 days ago) Oct 28

to ZAP User Group

Yesterdays weekly release now includes all of the key changes for alert de-duplication :D

By default the "systemic alerts" are turned off.

You can enable them via the Desktop UI - Options / Alerts / Systemic Limit - set this to anything other than zero.

The plan is to enable this in 2.17.0, probably with a default of 5.

We do not have a specific option in the Automation Framework for this limit, but we have just added generic configs:

https://www.zaproxy.org/docs/desktop/addons/automation-framework/environment/#configs

The ‘configs’ section can be used to define any value that can be set in the ZAP configuration file, which works in the same way as the ZAP ‘-config’ command line option.

The advantages of using this section instead of the command line are:

The configuration will be self contained in the plan
The ZAP team will monitor the keys used in this way (when telemetry is enabled) and prioritise adding full support for the most frequently used ones
Warnings will be raised when a key being used has a better solution available

No validation is performed on the keys and values, so you are responsible for checking that your configuration is correct. Invalid keys will be silently ignored.

To enable the systemic alerts in the weekly you can use the following configs section:

configs:
alert.systemicLimit: 5

Feedback appreciated!

Simon

Reply all

Reply to author

Forward