Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

java won't run on latest zap2docker in concourse

See original GitHub issue

Describe the bug

We run a baseline scan in our CI/CD pipeline (concourse-ci) and use the owasp/zap2docker-weekly:latest

The current version with Digest:sha256:f1204fb6d5d28b3f765817cbd31476150837e3eccba14b5f6fa19e66f5672026 fails to launch with the 600 second timeout.

# docker run -v $(pwd):/zap/wrk/:rw --rm -it owasp/zap2docker-weekly zap-baseline.py -c repo/ci/files/alerts.conf -I -r archive/"${ENV}-baseline-report-${SCAN_DATE}".html -t "${TEST_URL}"  --autooff
ERROR [Errno 5] Failed to connect to ZAP after 600 seconds
2022-09-29 05:54:30,774 I/O error: [Errno 5] Failed to connect to ZAP after 600 seconds
Traceback (most recent call last):
  File "/zap/zap-baseline.py", line 499, in main
    wait_for_zap_start(zap, timeout * 60)
  File "/zap/zap_common.py", line 321, in wait_for_zap_start
    raise IOError(
OSError: [Errno 5] Failed to connect to ZAP after 600 seconds
Exiting: ZAP requires a minimum of Java 8 to run, found

When investigating it seems even running java -version inside the zap2docker container won’t work and it fails with an OOM error

zap@1ad18da52e41:/zap$ java -version
[0.020s][warning][os,thread] Failed to start thread "GC Thread#0" - pthread_create failed (EPERM) for attributes: stacksize: 1024k, guardsize: 4k, detached.
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Cannot create worker GC thread. Out of system resources.
# An error report file with more information is saved as:
# /zap/hs_err_pid28.log

Weirdly, I’ve tried this locally on my M2 Air in Docker Desktop (arm64) and I can’t replicate the issue.

Steps to reproduce the behavior

Inside of concourse job:

# docker run -v $(pwd):/zap/wrk/:rw --rm -it owasp/zap2docker-weekly:latest /bin/bash
Unable to find image 'owasp/zap2docker-weekly:latest' locally
latest: Pulling from owasp/zap2docker-weekly
7b8346a07eec: Already exists
525e4bf6406b: Already exists
9d7ff4a0f941: Already exists
c06f66eb4ecf: Already exists
aef9a46a5304: Already exists
6538dafe9219: Already exists
6e0a521706ba: Already exists
4f4fb700ef54: Already exists
491065d3830f: Already exists
d0ac6ccbbde1: Already exists
3ea6c3fae64b: Already exists
0f8520f77633: Already exists
0a6ddbdf6b10: Already exists
ce2fa5c38cdf: Already exists
9a6f01dff536: Already exists
11f7c64602b7: Already exists
cf983c17f68f: Already exists
30b85b77b23c: Already exists
43c67b4b60d4: Already exists
cb8af647ef2b: Already exists
Digest: sha256:f1204fb6d5d28b3f765817cbd31476150837e3eccba14b5f6fa19e66f5672026
Status: Downloaded newer image for owasp/zap2docker-weekly:latest
zap@1ad18da52e41:/zap$ java -version
[0.020s][warning][os,thread] Failed to start thread "GC Thread#0" - pthread_create failed (EPERM) for attributes: stacksize: 1024k, guardsize: 4k, detached.
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Cannot create worker GC thread. Out of system resources.
# An error report file with more information is saved as:
# /zap/hs_err_pid28.log

Expected behavior

$ docker run -v $(pwd):/zap/wrk/:rw --rm -it owasp/zap2docker-weekly:latest /bin/bash
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
zap@dc4e3b8bf9c5:/zap$ java -version
openjdk version "11.0.16" 2022-07-19
OpenJDK Runtime Environment (build 11.0.16+8-post-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.16+8-post-Debian-1, mixed mode, sharing)

Software versions

zap2docker container with Digest: sha256:f1204fb6d5d28b3f765817cbd31476150837e3eccba14b5f6fa19e66f5672026

concourse-ci 4.0.0

Screenshots

No response

Errors from the zap.log file

No response

Additional context

I noticed a commit that happened recently that states

# This apparently must be run separately so the packaged scans will run, don't know why

https://github.com/zaproxy/zaproxy/commit/680d0024afbef18339c7acfe3b64b9861e73de51#diff-1aabb4d72bfcda905646bec4ff84c7b1474987a3ca762e65137e5ade60bee088L62

But the commit stopped running it separately and combined the installation of the packages. I’m wondering if that is related and talking about this type of issue.

I’m also wondering if anyone else on Concourse-ci or using other container based CI/CD systems have a similar issue.

Would you like to help fix this issue?

Issue Analytics

State:
Created a year ago
Comments:13 (8 by maintainers)

Top GitHub Comments

2reactions

thc202commented, Sep 30, 2022

You (or the CI/CD pipeline provider) might need to update Docker, based on: https://github.com/adoptium/containers/issues/215#issuecomment-1142046045

1reaction

thc202commented, Oct 28, 2022

No, but I think we can close it anyway, this does not seem to be an issue with the image itself.

Top Results From Across the Web

zap weekly baseline error - Google Groups

I am using the following docker-ce version on Ubuntu 16.04 (latest weekly): ... docker run -t owasp/zap2docker-weekly zap-baseline.py -t https://example.com.

Dockerized, OWASP-ZAP security scanning, in Jenkins, part one

As a quick exercise, issue the docker run command above, then open a new Docker terminal window (Quickstart, if you're on OS X), ......

Problem starting OWASP ZAP with OpenJDK 11 installed

Solution: Installing OpenJDK with the msi file. The installer has an option "JavaSoft (Oracle) registry keys" ...

Run ZAP without Java using Docker and Webswing

Posted Wednesday February 3, 2021 541 Words. The ZAP Docker images are a great way to automate ZAP, but when testing a new...

Always On - » ADMIN Magazine

ZAP stores everything in a database, which doesn't suit automated ... docker run -p 9090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host ...