These new features provide 3 JVM options for configuring jvm memory in container environments.
-XX:InitialRAMPercentage: sets the initial heap size (similar -Xms) based on percentage of memory available to the container
-XX:MaxRAMPercentage: sets the max heap size (similar to -Xmx) based on percentage of memory available to the containerwhen the system has more than 96M of ram
-XX:MinRAMPercentage: sets the max heap size (similar to -Xmx) based on percentage of memory available to the containerwhen the system has less than 96M of ram aka it is a very small system
For CxFlow's purposes where we anticipate it will run on server environments, the -XX:MinRAMPercentage is irrelevant.
How do these settings affect CxFlow's memory?
CxFlow is using these percentage default values today:
Where 1822425088 bytes is approx 1.8 GB which is approx 25% of 7GB available in the Github Action environment.
How out of memory exceptions occur
If CxFlow requires more heap than 1.8 GB then an out of memory exception will occur. This can happen if a report for a scan is sufficiently large.
Proposed Solution
Create a java_opts argument with a default value to override the -XX:MaxRAMPercentage to 75% to increase available heap space based on the size of the container environment in order to work with Github Actions run by Github or self hosted, leaving 25% memory available for other use.
checkmarx-cxflow-github-action does not provide any mechanism to configure Java memory settings like -Xmx -Xms or other.
Background
The CxFlow Runtime Environment for Github Actions
Github actions are executed on Github's servers which have 2 processors and 7 GB of memory available.
See Supported runners and hardware resources which states:
Hardware specification for Windows and Linux virtual machines:
CxFlow is executed using the Java 8 version of the cxflow container.
Improved container memory configuration support was backported from Java 10 into Java 8 in sufficiently long ago builds of 8. See https://blog.softwaremill.com/docker-support-in-new-java-8-finally-fd595df0ca54.
These new features provide 3 JVM options for configuring jvm memory in container environments.
-XX:InitialRAMPercentage: sets the initial heap size (similar-Xms) based on percentage of memory available to the container-XX:MaxRAMPercentage: sets the max heap size (similar to-Xmx) based on percentage of memory available to the container when the system has more than 96M of ram-XX:MinRAMPercentage: sets the max heap size (similar to-Xmx) based on percentage of memory available to the container when the system has less than 96M of ram aka it is a very small systemFor CxFlow's purposes where we anticipate it will run on server environments, the
-XX:MinRAMPercentageis irrelevant.How do these settings affect CxFlow's memory?
CxFlow is using these percentage default values today:
The default percentages in Github Action environments result in these settings:
Where
1822425088 bytesis approx1.8 GBwhich is approx 25% of7GBavailable in the Github Action environment.How out of memory exceptions occur
If CxFlow requires more heap than
1.8 GBthen an out of memory exception will occur. This can happen if a report for a scan is sufficiently large.Proposed Solution
-XX:MaxRAMPercentageto 75% to increase available heap space based on the size of the container environment in order to work with Github Actions run by Github or self hosted, leaving 25% memory available for other use.Github Action Environment Memory Percentages