search

openclarity / apiclarity

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 
https://apiclarity.io
Apache License 2.0
498 stars 64 forks source link

When trace sampling is enabled, API event not recorded #340

Closed amccormi closed 1 year ago

amccormi commented 1 year ago

What happened:

In trying to test out the BFLA analyzer, I enabled trace sampling in the APIClarity helm chart, then ran some application traffic. None of the API traffic was recorded in the API events table. Once I disabled trace sampling, API events started showing up in the table again.

What you expected to happen:

API event should have still been recorded when trace sampling was enabled.

How to reproduce it (as minimally and precisely as possible):

Enable trace sampling, run some application traffic, observe that no new API events are recorded.

Environment:

APIClarity v0.14.2

amccormi commented 1 year ago

I found out this is expected behavior. Once trace sampling is enabled, any sampling has be to explicitly started/stopped.