Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Extended appsec request/response headers collection #8724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Extended appsec request/response headers collection #8724

wants to merge 12 commits into from

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Apr 23, 2025
edited
Loading

What Does This Do

  • Adds the APPSEC_COLLECT_ALL_HEADERS flag, which enables collection of all request and response headers. This feature is disabled by default.

  • Adds the APPSEC_HEADER_COLLECTION_REDACTION_ENABLED flag, which enabled header redaction. This feature is true by deafult. (The redaction is out of the scope, right now we only want to collect the headers without redaction)

  • Introduces the APPSEC_MAX_COLLECTED_HEADERS setting to limit the maximum number of headers collected.

  • Updates the writeHeaders logic to collect all headers when APPSEC_COLLECT_ALL_HEADERS is enabled. Allowed headers are prioritized and must be collected if present.

  • If the number of headers exceeds APPSEC_MAX_COLLECTED_HEADERS, the following tags are added to the span indicating the number of discarded headers:

    • dd.appsec.request.header_collection.discarded
    • dd.appsec.response.header_collection.discarded

Motivation

Additional Notes

RFC

Contributor Checklist

Jira ticket: APPSEC-57269

@jandro996 jandro996 added comp: asm waf Application Security Management (WAF) type: enhancement labels Apr 23, 2025
@pr-commenter
Copy link

pr-commenter bot commented Apr 23, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/WaPo-headers
git_commit_date 1746523171 1746523310
git_commit_sha 19cd36d c117ce0
release_version 1.49.0-SNAPSHOT~19cd36dd8a 1.49.0-SNAPSHOT~c117ce08b7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1746526823 1746526823
ci_job_id 925158153 925158153
ci_pipeline_id 64221160 64221160
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-mxzd64wf-project-304-concurrent-3-98q5dpin 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-mxzd64wf-project-304-concurrent-3-98q5dpin 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 65 metrics, 6 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.011 s) : 0, 1011181
Total [baseline] (10.623 s) : 0, 10623026
Agent [candidate] (1.008 s) : 0, 1008327
Total [candidate] (10.52 s) : 0, 10519514
section appsec
Agent [baseline] (1.15 s) : 0, 1149891
Total [baseline] (10.694 s) : 0, 10694253
Agent [candidate] (1.154 s) : 0, 1153606
Total [candidate] (10.692 s) : 0, 10692209
section iast
Agent [baseline] (1.139 s) : 0, 1139053
Total [baseline] (10.879 s) : 0, 10878962
Agent [candidate] (1.145 s) : 0, 1144842
Total [candidate] (10.877 s) : 0, 10876851
section profiling
Agent [baseline] (1.267 s) : 0, 1267455
Total [baseline] (10.858 s) : 0, 10858445
Agent [candidate] (1.265 s) : 0, 1265241
Total [candidate] (10.791 s) : 0, 10791396
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.011 s -
Agent appsec 1.15 s 138.71 ms (13.7%)
Agent iast 1.139 s 127.872 ms (12.6%)
Agent profiling 1.267 s 256.274 ms (25.3%)
Total tracing 10.623 s -
Total appsec 10.694 s 71.227 ms (0.7%)
Total iast 10.879 s 255.936 ms (2.4%)
Total profiling 10.858 s 235.418 ms (2.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.008 s -
Agent appsec 1.154 s 145.279 ms (14.4%)
Agent iast 1.145 s 136.515 ms (13.5%)
Agent profiling 1.265 s 256.914 ms (25.5%)
Total tracing 10.52 s -
Total appsec 10.692 s 172.695 ms (1.6%)
Total iast 10.877 s 357.337 ms (3.4%)
Total profiling 10.791 s 271.882 ms (2.6%) 
gantt
    title petclinic - break down per module: candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (674.362 ms) : 0, 674362
BytebuddyAgent [candidate] (671.529 ms) : 0, 671529
GlobalTracer [baseline] (241.135 ms) : 0, 241135
GlobalTracer [candidate] (240.35 ms) : 0, 240350
AppSec [baseline] (55.18 ms) : 0, 55180
AppSec [candidate] (54.82 ms) : 0, 54820
Debugger [baseline] (6.239 ms) : 0, 6239
Debugger [candidate] (6.186 ms) : 0, 6186
Remote Config [baseline] (736.804 µs) : 0, 737
Remote Config [candidate] (731.071 µs) : 0, 731
Telemetry [baseline] (10.02 ms) : 0, 10020
Telemetry [candidate] (11.342 ms) : 0, 11342
section appsec
BytebuddyAgent [baseline] (689.174 ms) : 0, 689174
BytebuddyAgent [candidate] (691.301 ms) : 0, 691301
GlobalTracer [baseline] (236.959 ms) : 0, 236959
GlobalTracer [candidate] (237.58 ms) : 0, 237580
AppSec [baseline] (175.573 ms) : 0, 175573
AppSec [candidate] (176.061 ms) : 0, 176061
Debugger [baseline] (5.871 ms) : 0, 5871
Debugger [candidate] (5.902 ms) : 0, 5902
Remote Config [baseline] (643.022 µs) : 0, 643
Remote Config [candidate] (635.142 µs) : 0, 635
Telemetry [baseline] (7.379 ms) : 0, 7379
Telemetry [candidate] (7.773 ms) : 0, 7773
IAST [baseline] (21.63 ms) : 0, 21630
IAST [candidate] (21.68 ms) : 0, 21680
section iast
BytebuddyAgent [baseline] (791.601 ms) : 0, 791601
BytebuddyAgent [candidate] (796.798 ms) : 0, 796798
GlobalTracer [baseline] (230.505 ms) : 0, 230505
GlobalTracer [candidate] (230.778 ms) : 0, 230778
AppSec [baseline] (56.251 ms) : 0, 56251
AppSec [candidate] (56.37 ms) : 0, 56370
Debugger [baseline] (5.904 ms) : 0, 5904
Debugger [candidate] (5.928 ms) : 0, 5928
Remote Config [baseline] (627.654 µs) : 0, 628
Remote Config [candidate] (596.334 µs) : 0, 596
Telemetry [baseline] (7.877 ms) : 0, 7877
Telemetry [candidate] (7.896 ms) : 0, 7896
IAST [baseline] (22.767 ms) : 0, 22767
IAST [candidate] (22.871 ms) : 0, 22871
section profiling
BytebuddyAgent [baseline] (668.641 ms) : 0, 668641
BytebuddyAgent [candidate] (667.382 ms) : 0, 667382
GlobalTracer [baseline] (382.15 ms) : 0, 382150
GlobalTracer [candidate] (381.834 ms) : 0, 381834
AppSec [baseline] (55.043 ms) : 0, 55043
AppSec [candidate] (54.027 ms) : 0, 54027
Debugger [baseline] (6.121 ms) : 0, 6121
Debugger [candidate] (6.174 ms) : 0, 6174
Remote Config [baseline] (658.576 µs) : 0, 659
Remote Config [candidate] (647.644 µs) : 0, 648
Telemetry [baseline] (8.15 ms) : 0, 8150
Telemetry [candidate] (8.279 ms) : 0, 8279
ProfilingAgent [baseline] (95.972 ms) : 0, 95972
ProfilingAgent [candidate] (96.232 ms) : 0, 96232
Profiling [baseline] (95.997 ms) : 0, 95997
Profiling [candidate] (96.255 ms) : 0, 96255
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.014 s) : 0, 1013828
Total [baseline] (8.7 s) : 0, 8700118
Agent [candidate] (1.016 s) : 0, 1015647
Total [candidate] (8.719 s) : 0, 8719203
section iast
Agent [baseline] (1.138 s) : 0, 1137569
Total [baseline] (9.225 s) : 0, 9225148
Agent [candidate] (1.141 s) : 0, 1141103
Total [candidate] (9.262 s) : 0, 9261800
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.137 s) : 0, 1136536
Total [baseline] (9.207 s) : 0, 9207026
Agent [candidate] (1.139 s) : 0, 1139029
Total [candidate] (9.232 s) : 0, 9232318
section iast_TELEMETRY_OFF
Agent [baseline] (1.134 s) : 0, 1133731
Total [baseline] (9.202 s) : 0, 9201909
Agent [candidate] (1.137 s) : 0, 1136809
Total [candidate] (9.229 s) : 0, 9229480
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.014 s -
Agent iast 1.138 s 123.741 ms (12.2%)
Agent iast_HARDCODED_SECRET_DISABLED 1.137 s 122.708 ms (12.1%)
Agent iast_TELEMETRY_OFF 1.134 s 119.903 ms (11.8%)
Total tracing 8.7 s -
Total iast 9.225 s 525.03 ms (6.0%)
Total iast_HARDCODED_SECRET_DISABLED 9.207 s 506.908 ms (5.8%)
Total iast_TELEMETRY_OFF 9.202 s 501.791 ms (5.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.016 s -
Agent iast 1.141 s 125.456 ms (12.4%)
Agent iast_HARDCODED_SECRET_DISABLED 1.139 s 123.381 ms (12.1%)
Agent iast_TELEMETRY_OFF 1.137 s 121.162 ms (11.9%)
Total tracing 8.719 s -
Total iast 9.262 s 542.597 ms (6.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.232 s 513.115 ms (5.9%)
Total iast_TELEMETRY_OFF 9.229 s 510.277 ms (5.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (676.49 ms) : 0, 676490
BytebuddyAgent [candidate] (676.593 ms) : 0, 676593
GlobalTracer [baseline] (241.849 ms) : 0, 241849
GlobalTracer [candidate] (241.965 ms) : 0, 241965
AppSec [baseline] (55.128 ms) : 0, 55128
AppSec [candidate] (55.138 ms) : 0, 55138
Debugger [baseline] (6.954 ms) : 0, 6954
Debugger [candidate] (6.215 ms) : 0, 6215
Remote Config [baseline] (709.319 µs) : 0, 709
Remote Config [candidate] (708.926 µs) : 0, 709
Telemetry [baseline] (9.173 ms) : 0, 9173
Telemetry [candidate] (11.436 ms) : 0, 11436
section iast
BytebuddyAgent [baseline] (790.077 ms) : 0, 790077
BytebuddyAgent [candidate] (791.73 ms) : 0, 791730
GlobalTracer [baseline] (230.511 ms) : 0, 230511
GlobalTracer [candidate] (231.782 ms) : 0, 231782
AppSec [baseline] (56.453 ms) : 0, 56453
AppSec [candidate] (56.77 ms) : 0, 56770
Debugger [baseline] (5.861 ms) : 0, 5861
Debugger [candidate] (5.907 ms) : 0, 5907
Remote Config [baseline] (586.897 µs) : 0, 587
Remote Config [candidate] (594.822 µs) : 0, 595
Telemetry [baseline] (7.902 ms) : 0, 7902
Telemetry [candidate] (7.986 ms) : 0, 7986
IAST [baseline] (22.774 ms) : 0, 22774
IAST [candidate] (22.829 ms) : 0, 22829
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (789.25 ms) : 0, 789250
BytebuddyAgent [candidate] (790.525 ms) : 0, 790525
GlobalTracer [baseline] (229.894 ms) : 0, 229894
GlobalTracer [candidate] (230.849 ms) : 0, 230849
AppSec [baseline] (56.44 ms) : 0, 56440
AppSec [candidate] (56.492 ms) : 0, 56492
Debugger [baseline] (5.943 ms) : 0, 5943
Debugger [candidate] (5.925 ms) : 0, 5925
Remote Config [baseline] (589.64 µs) : 0, 590
Remote Config [candidate] (595.253 µs) : 0, 595
Telemetry [baseline] (8.015 ms) : 0, 8015
Telemetry [candidate] (8.011 ms) : 0, 8011
IAST [baseline] (23.003 ms) : 0, 23003
IAST [candidate] (23.159 ms) : 0, 23159
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (787.038 ms) : 0, 787038
BytebuddyAgent [candidate] (789.32 ms) : 0, 789320
GlobalTracer [baseline] (230.219 ms) : 0, 230219
GlobalTracer [candidate] (230.747 ms) : 0, 230747
AppSec [baseline] (56.216 ms) : 0, 56216
AppSec [candidate] (56.485 ms) : 0, 56485
Debugger [baseline] (5.953 ms) : 0, 5953
Debugger [candidate] (5.985 ms) : 0, 5985
Remote Config [baseline] (593.158 µs) : 0, 593
Remote Config [candidate] (606.609 µs) : 0, 607
Telemetry [baseline] (7.792 ms) : 0, 7792
Telemetry [candidate] (7.809 ms) : 0, 7809
IAST [baseline] (22.518 ms) : 0, 22518
IAST [candidate] (22.406 ms) : 0, 22406
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-05-06T09:50:43 2025-05-06T09:58:27
git_branch master alejandro.gonzalez/WaPo-headers
git_commit_date 1746523171 1746523310
git_commit_sha 19cd36d c117ce0
release_version 1.49.0-SNAPSHOT~19cd36dd8a 1.49.0-SNAPSHOT~c117ce08b7
start_time 2025-05-06T09:50:29 2025-05-06T09:58:13
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1746525904 1746525904
ci_job_id 925158154 925158154
ci_pipeline_id 64221160 64221160
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-dhdkofs9-project-304-concurrent-1-maxiqcpv 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-dhdkofs9-project-304-concurrent-1-maxiqcpv 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.37 ms) : 1350, 1390
.   : milestone, 1370,
appsec (1.726 ms) : 1702, 1749
.   : milestone, 1726,
appsec_no_iast (1.73 ms) : 1705, 1755
.   : milestone, 1730,
code_origins (1.678 ms) : 1652, 1705
.   : milestone, 1678,
iast (1.511 ms) : 1487, 1536
.   : milestone, 1511,
profiling (1.531 ms) : 1506, 1556
.   : milestone, 1531,
tracing (1.494 ms) : 1469, 1519
.   : milestone, 1494,
section candidate
no_agent (1.345 ms) : 1325, 1364
.   : milestone, 1345,
appsec (1.755 ms) : 1732, 1778
.   : milestone, 1755,
appsec_no_iast (1.722 ms) : 1698, 1746
.   : milestone, 1722,
code_origins (1.679 ms) : 1652, 1706
.   : milestone, 1679,
iast (1.529 ms) : 1504, 1553
.   : milestone, 1529,
profiling (1.518 ms) : 1495, 1542
.   : milestone, 1518,
tracing (1.483 ms) : 1458, 1508
.   : milestone, 1483,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.37 ms [1.35 ms, 1.39 ms] -
appsec 1.726 ms [1.702 ms, 1.749 ms] 355.767 µs (26.0%)
appsec_no_iast 1.73 ms [1.705 ms, 1.755 ms] 359.67 µs (26.3%)
code_origins 1.678 ms [1.652 ms, 1.705 ms] 308.06 µs (22.5%)
iast 1.511 ms [1.487 ms, 1.536 ms] 141.252 µs (10.3%)
profiling 1.531 ms [1.506 ms, 1.556 ms] 160.666 µs (11.7%)
tracing 1.494 ms [1.469 ms, 1.519 ms] 123.97 µs (9.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.345 ms [1.325 ms, 1.364 ms] -
appsec 1.755 ms [1.732 ms, 1.778 ms] 410.87 µs (30.6%)
appsec_no_iast 1.722 ms [1.698 ms, 1.746 ms] 377.13 µs (28.0%)
code_origins 1.679 ms [1.652 ms, 1.706 ms] 334.704 µs (24.9%)
iast 1.529 ms [1.504 ms, 1.553 ms] 183.977 µs (13.7%)
profiling 1.518 ms [1.495 ms, 1.542 ms] 173.73 µs (12.9%)
tracing 1.483 ms [1.458 ms, 1.508 ms] 138.37 µs (10.3%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a
    dateFormat X
    axisFormat %s
section baseline
no_agent (386.665 µs) : 367, 406
.   : milestone, 387,
iast (508.449 µs) : 485, 532
.   : milestone, 508,
iast_FULL (736.684 µs) : 713, 760
.   : milestone, 737,
iast_GLOBAL (558.245 µs) : 535, 582
.   : milestone, 558,
iast_HARDCODED_SECRET_DISABLED (528.039 µs) : 505, 551
.   : milestone, 528,
iast_INACTIVE (467.228 µs) : 446, 489
.   : milestone, 467,
iast_TELEMETRY_OFF (515.336 µs) : 492, 538
.   : milestone, 515,
tracing (462.696 µs) : 441, 485
.   : milestone, 463,
section candidate
no_agent (382.612 µs) : 362, 403
.   : milestone, 383,
iast (529.896 µs) : 507, 553
.   : milestone, 530,
iast_FULL (735.15 µs) : 712, 758
.   : milestone, 735,
iast_GLOBAL (570.924 µs) : 548, 594
.   : milestone, 571,
iast_HARDCODED_SECRET_DISABLED (525.343 µs) : 502, 548
.   : milestone, 525,
iast_INACTIVE (465.927 µs) : 444, 488
.   : milestone, 466,
iast_TELEMETRY_OFF (516.108 µs) : 493, 539
.   : milestone, 516,
tracing (462.087 µs) : 440, 484
.   : milestone, 462,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 386.665 µs [366.896 µs, 406.434 µs] -
iast 508.449 µs [485.32 µs, 531.578 µs] 121.784 µs (31.5%)
iast_FULL 736.684 µs [713.353 µs, 760.015 µs] 350.019 µs (90.5%)
iast_GLOBAL 558.245 µs [534.982 µs, 581.508 µs] 171.58 µs (44.4%)
iast_HARDCODED_SECRET_DISABLED 528.039 µs [505.369 µs, 550.708 µs] 141.374 µs (36.6%)
iast_INACTIVE 467.228 µs [445.625 µs, 488.832 µs] 80.564 µs (20.8%)
iast_TELEMETRY_OFF 515.336 µs [492.495 µs, 538.176 µs] 128.671 µs (33.3%)
tracing 462.696 µs [440.626 µs, 484.766 µs] 76.031 µs (19.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 382.612 µs [362.232 µs, 402.991 µs] -
iast 529.896 µs [506.585 µs, 553.206 µs] 147.284 µs (38.5%)
iast_FULL 735.15 µs [711.99 µs, 758.31 µs] 352.538 µs (92.1%)
iast_GLOBAL 570.924 µs [547.816 µs, 594.032 µs] 188.312 µs (49.2%)
iast_HARDCODED_SECRET_DISABLED 525.343 µs [502.49 µs, 548.196 µs] 142.731 µs (37.3%)
iast_INACTIVE 465.927 µs [443.771 µs, 488.084 µs] 83.316 µs (21.8%)
iast_TELEMETRY_OFF 516.108 µs [493.076 µs, 539.14 µs] 133.496 µs (34.9%)
tracing 462.087 µs [439.997 µs, 484.177 µs] 79.476 µs (20.8%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/WaPo-headers
git_commit_date 1746523171 1746523310
git_commit_sha 19cd36d c117ce0
release_version 1.49.0-SNAPSHOT~19cd36dd8a 1.49.0-SNAPSHOT~c117ce08b7
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1746526411 1746526411
ci_job_id 925158155 925158155
ci_pipeline_id 64221160 64221160
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-mxzd64wf-project-304-concurrent-4-5kqbbunh 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-mxzd64wf-project-304-concurrent-4-5kqbbunh 6.8.0-1027-aws #29~22.04.1-Ubuntu SMP Sun Mar 30 07:45:38 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.846 s) : 14846000, 14846000
.   : milestone, 14846000,
appsec (15.107 s) : 15107000, 15107000
.   : milestone, 15107000,
iast (18.606 s) : 18606000, 18606000
.   : milestone, 18606000,
iast_GLOBAL (17.88 s) : 17880000, 17880000
.   : milestone, 17880000,
profiling (14.882 s) : 14882000, 14882000
.   : milestone, 14882000,
tracing (15.068 s) : 15068000, 15068000
.   : milestone, 15068000,
section candidate
no_agent (15.528 s) : 15528000, 15528000
.   : milestone, 15528000,
appsec (14.84 s) : 14840000, 14840000
.   : milestone, 14840000,
iast (18.855 s) : 18855000, 18855000
.   : milestone, 18855000,
iast_GLOBAL (18.003 s) : 18003000, 18003000
.   : milestone, 18003000,
profiling (15.589 s) : 15589000, 15589000
.   : milestone, 15589000,
tracing (15.086 s) : 15086000, 15086000
.   : milestone, 15086000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.846 s [14.846 s, 14.846 s] -
appsec 15.107 s [15.107 s, 15.107 s] 261.0 ms (1.8%)
iast 18.606 s [18.606 s, 18.606 s] 3.76 s (25.3%)
iast_GLOBAL 17.88 s [17.88 s, 17.88 s] 3.034 s (20.4%)
profiling 14.882 s [14.882 s, 14.882 s] 36.0 ms (0.2%)
tracing 15.068 s [15.068 s, 15.068 s] 222.0 ms (1.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.528 s [15.528 s, 15.528 s] -
appsec 14.84 s [14.84 s, 14.84 s] -688.0 ms (-4.4%)
iast 18.855 s [18.855 s, 18.855 s] 3.327 s (21.4%)
iast_GLOBAL 18.003 s [18.003 s, 18.003 s] 2.475 s (15.9%)
profiling 15.589 s [15.589 s, 15.589 s] 61.0 ms (0.4%)
tracing 15.086 s [15.086 s, 15.086 s] -442.0 ms (-2.8%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.49.0-SNAPSHOT~c117ce08b7, baseline=1.49.0-SNAPSHOT~19cd36dd8a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.48 ms) : 1468, 1491
.   : milestone, 1480,
appsec (2.384 ms) : 2338, 2431
.   : milestone, 2384,
iast (2.161 ms) : 2101, 2220
.   : milestone, 2161,
iast_GLOBAL (2.215 ms) : 2155, 2275
.   : milestone, 2215,
profiling (2.034 ms) : 1986, 2083
.   : milestone, 2034,
tracing (1.987 ms) : 1941, 2033
.   : milestone, 1987,
section candidate
no_agent (1.475 ms) : 1463, 1486
.   : milestone, 1475,
appsec (2.384 ms) : 2337, 2431
.   : milestone, 2384,
iast (2.165 ms) : 2105, 2225
.   : milestone, 2165,
iast_GLOBAL (2.208 ms) : 2148, 2267
.   : milestone, 2208,
profiling (2.004 ms) : 1957, 2051
.   : milestone, 2004,
tracing (1.986 ms) : 1940, 2031
.   : milestone, 1986,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.48 ms [1.468 ms, 1.491 ms] -
appsec 2.384 ms [2.338 ms, 2.431 ms] 904.762 µs (61.2%)
iast 2.161 ms [2.101 ms, 2.22 ms] 681.03 µs (46.0%)
iast_GLOBAL 2.215 ms [2.155 ms, 2.275 ms] 735.661 µs (49.7%)
profiling 2.034 ms [1.986 ms, 2.083 ms] 554.718 µs (37.5%)
tracing 1.987 ms [1.941 ms, 2.033 ms] 507.767 µs (34.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.475 ms [1.463 ms, 1.486 ms] -
appsec 2.384 ms [2.337 ms, 2.431 ms] 908.907 µs (61.6%)
iast 2.165 ms [2.105 ms, 2.225 ms] 690.274 µs (46.8%)
iast_GLOBAL 2.208 ms [2.148 ms, 2.267 ms] 732.991 µs (49.7%)
profiling 2.004 ms [1.957 ms, 2.051 ms] 529.465 µs (35.9%)
tracing 1.986 ms [1.94 ms, 2.031 ms] 511.204 µs (34.7%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/WaPo-headers branch from dc48fa1 to 761eade Compare April 30, 2025 11:32
@jandro996 jandro996 marked this pull request as ready for review May 6, 2025 11:06
@jandro996 jandro996 requested review from a team as code owners May 6, 2025 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@robertpi robertpi Awaiting requested review from robertpi

@sezen-datadog sezen-datadog Awaiting requested review from sezen-datadog

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jandro996