Skip to content

DRAFT IW #10055

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 34 commits into
base: master
Choose a base branch
from
Draft

DRAFT IW #10055

wants to merge 34 commits into from
+2,611 −17

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Dec 1, 2025

What Does This Do

Motivation

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@jandro996
[appsec] Add Remote Config subscription for ASM_SCA product
c542c6b 
  Implements Remote Config infrastructure for Supply Chain Analysis (SCA)
  vulnerability detection via dynamic instrumentation.

  This commit adds:
  - New Product.ASM_SCA enum value for Remote Config product type
  - CAPABILITY_ASM_SCA_VULNERABILITY_DETECTION capability flag (bit 47)
  - AppSecSCAConfig data model with InstrumentationTarget (className/methodName)
  - AppSecSCAConfigDeserializer for JSON deserialization
  - subscribeSCA()/unsubscribeSCA() lifecycle methods in AppSecConfigServiceImpl
  - Integration into Remote Config subscription/cleanup flows

  The subscription stores incoming SCA configs in currentSCAConfig field.
  Actual bytecode retransformation will be implemented in future commits
  when AppSecInstrumentationUpdater is added.
@jandro996
AppSecConfigServiceImpl integration
6893a5d
@jandro996
[appsec] Implement SCA hot instrumentation via ClassFileTransformer
d6fd88f 
  Adds dynamic bytecode instrumentation for Supply Chain Analysis (SCA)
  vulnerability detection. When Remote Config sends instrumentation targets,
  the agent retransforms loaded classes and injects detection logic at method
  entry using ASM. Instrumented methods call AppSecSCADetector.onMethodInvocation()
  to log vulnerable library usage (POC implementation). Future versions will
  report to Datadog backend with CVE metadata and stack traces.
@jandro996
[appsec] Integrate SCA instrumentation with agent bootstrap and wire …
c171a65 
…Instrumentation API

  Completes end-to-end integration of SCA hot instrumentation by wiring the
  Java Instrumentation API through the agent initialization chain. The
  Instrumentation instance is now passed from Agent.start() → AppSecSystem.start()
  → AppSecConfigServiceImpl.setInstrumentation(), enabling dynamic bytecode
  transformation when SCA configs arrive via Remote Config.
@jandro996 jandro996 added tag: do not merge Do not merge changes comp: asm waf Application Security Management (WAF) comp: remote config Configuration at Runtime labels Dec 1, 2025
@pr-commenter
Copy link

pr-commenter bot commented Dec 1, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/Q4-2025-IW
git_commit_date 1764344838 1764934732
git_commit_sha 17c7fcf 6e61adb
release_version 1.57.0-SNAPSHOT~17c7fcf3e9 1.57.0-SNAPSHOT~6e61adb597
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1764936603 1764936603
ci_job_id 1272153872 1272153872
ci_pipeline_id 84996493 84996493
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-e8jvdhwl 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-e8jvdhwl 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 5 performance regressions! Performance is the same for 49 metrics, 11 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:insecure-bank:tracing:AppSec worse
[+6.814ms; +7.258ms] or [+21.320%; +22.709%]		 38.996ms 31.960ms
scenario:startup:insecure-bank:tracing:Debugger worse
[+207.520µs; +393.701µs] or [+3.240%; +6.147%]		 6.705ms 6.404ms
scenario:startup:petclinic:profiling:AppSec worse
[+6.288ms; +7.702ms] or [+19.368%; +23.723%]		 39.464ms 32.468ms
scenario:startup:petclinic:tracing:AppSec worse
[+6.663ms; +8.429ms] or [+20.683%; +26.163%]		 39.763ms 32.217ms
scenario:startup:petclinic:tracing:Debugger worse
[+245.641µs; +414.760µs] or [+3.820%; +6.450%]		 6.760ms 6.430ms
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.056 s) : 0, 1055974
Total [baseline] (10.814 s) : 0, 10813972
Agent [candidate] (1.071 s) : 0, 1070870
Total [candidate] (11.027 s) : 0, 11026859
section appsec
Agent [baseline] (1.232 s) : 0, 1231998
Total [baseline] (10.897 s) : 0, 10896716
Agent [candidate] (1.233 s) : 0, 1232605
Total [candidate] (10.891 s) : 0, 10891426
section iast
Agent [baseline] (1.211 s) : 0, 1210511
Total [baseline] (11.195 s) : 0, 11194539
Agent [candidate] (1.204 s) : 0, 1203666
Total [candidate] (11.259 s) : 0, 11259432
section profiling
Agent [baseline] (1.208 s) : 0, 1208052
Total [baseline] (10.947 s) : 0, 10946614
Agent [candidate] (1.207 s) : 0, 1206956
Total [candidate] (11.016 s) : 0, 11016497
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.056 s -
Agent appsec 1.232 s 176.024 ms (16.7%)
Agent iast 1.211 s 154.537 ms (14.6%)
Agent profiling 1.208 s 152.078 ms (14.4%)
Total tracing 10.814 s -
Total appsec 10.897 s 82.744 ms (0.8%)
Total iast 11.195 s 380.567 ms (3.5%)
Total profiling 10.947 s 132.642 ms (1.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.071 s -
Agent appsec 1.233 s 161.735 ms (15.1%)
Agent iast 1.204 s 132.796 ms (12.4%)
Agent profiling 1.207 s 136.086 ms (12.7%)
Total tracing 11.027 s -
Total appsec 10.891 s -135.433 ms (-1.2%)
Total iast 11.259 s 232.573 ms (2.1%)
Total profiling 11.016 s -10.362 ms (-0.1%) 
gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.493 ms) : 0, 1493
crashtracking [candidate] (1.505 ms) : 0, 1505
BytebuddyAgent [baseline] (709.044 ms) : 0, 709044
BytebuddyAgent [candidate] (714.601 ms) : 0, 714601
GlobalTracer [baseline] (250.705 ms) : 0, 250705
GlobalTracer [candidate] (252.174 ms) : 0, 252174
AppSec [baseline] (32.217 ms) : 0, 32217
AppSec [candidate] (39.763 ms) : 0, 39763
Debugger [baseline] (6.43 ms) : 0, 6430
Debugger [candidate] (6.76 ms) : 0, 6760
Remote Config [baseline] (682.289 µs) : 0, 682
Remote Config [candidate] (699.534 µs) : 0, 700
Telemetry [baseline] (14.061 ms) : 0, 14061
Telemetry [candidate] (14.597 ms) : 0, 14597
Flare Poller [baseline] (6.434 ms) : 0, 6434
Flare Poller [candidate] (5.744 ms) : 0, 5744
section appsec
crashtracking [baseline] (1.497 ms) : 0, 1497
crashtracking [candidate] (1.481 ms) : 0, 1481
BytebuddyAgent [baseline] (733.253 ms) : 0, 733253
BytebuddyAgent [candidate] (732.576 ms) : 0, 732576
GlobalTracer [baseline] (242.472 ms) : 0, 242472
GlobalTracer [candidate] (242.179 ms) : 0, 242179
AppSec [baseline] (175.587 ms) : 0, 175587
AppSec [candidate] (177.503 ms) : 0, 177503
Debugger [baseline] (6.302 ms) : 0, 6302
Debugger [candidate] (6.268 ms) : 0, 6268
Remote Config [baseline] (686.361 µs) : 0, 686
Remote Config [candidate] (692.527 µs) : 0, 693
Telemetry [baseline] (8.126 ms) : 0, 8126
Telemetry [candidate] (8.135 ms) : 0, 8135
Flare Poller [baseline] (3.962 ms) : 0, 3962
Flare Poller [candidate] (3.894 ms) : 0, 3894
IAST [baseline] (25.075 ms) : 0, 25075
IAST [candidate] (24.885 ms) : 0, 24885
section iast
crashtracking [baseline] (1.512 ms) : 0, 1512
crashtracking [candidate] (1.482 ms) : 0, 1482
BytebuddyAgent [baseline] (845.315 ms) : 0, 845315
BytebuddyAgent [candidate] (834.096 ms) : 0, 834096
GlobalTracer [baseline] (240.33 ms) : 0, 240330
GlobalTracer [candidate] (239.041 ms) : 0, 239041
AppSec [baseline] (31.647 ms) : 0, 31647
AppSec [candidate] (36.727 ms) : 0, 36727
Debugger [baseline] (6.135 ms) : 0, 6135
Debugger [candidate] (6.144 ms) : 0, 6144
Remote Config [baseline] (617.072 µs) : 0, 617
Remote Config [candidate] (601.204 µs) : 0, 601
Telemetry [baseline] (8.154 ms) : 0, 8154
Telemetry [candidate] (7.925 ms) : 0, 7925
Flare Poller [baseline] (10.931 ms) : 0, 10931
Flare Poller [candidate] (10.931 ms) : 0, 10931
IAST [baseline] (30.543 ms) : 0, 30543
IAST [candidate] (31.734 ms) : 0, 31734
section profiling
crashtracking [baseline] (1.454 ms) : 0, 1454
crashtracking [candidate] (1.433 ms) : 0, 1433
BytebuddyAgent [baseline] (740.675 ms) : 0, 740675
BytebuddyAgent [candidate] (735.757 ms) : 0, 735757
GlobalTracer [baseline] (224.021 ms) : 0, 224021
GlobalTracer [candidate] (223.013 ms) : 0, 223013
AppSec [baseline] (32.468 ms) : 0, 32468
AppSec [candidate] (39.464 ms) : 0, 39464
Debugger [baseline] (7.685 ms) : 0, 7685
Debugger [candidate] (10.723 ms) : 0, 10723
Remote Config [baseline] (719.253 µs) : 0, 719
Remote Config [candidate] (2.984 ms) : 0, 2984
Telemetry [baseline] (15.684 ms) : 0, 15684
Telemetry [candidate] (9.768 ms) : 0, 9768
Flare Poller [baseline] (4.161 ms) : 0, 4161
Flare Poller [candidate] (4.295 ms) : 0, 4295
ProfilingAgent [baseline] (111.469 ms) : 0, 111469
ProfilingAgent [candidate] (110.104 ms) : 0, 110104
Profiling [baseline] (112.094 ms) : 0, 112094
Profiling [candidate] (110.776 ms) : 0, 110776
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1055251
Total [baseline] (8.723 s) : 0, 8722845
Agent [candidate] (1.059 s) : 0, 1058930
Total [candidate] (8.747 s) : 0, 8746707
section iast
Agent [baseline] (1.201 s) : 0, 1201138
Total [baseline] (9.362 s) : 0, 9362310
Agent [candidate] (1.203 s) : 0, 1202928
Total [candidate] (9.318 s) : 0, 9318247
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.055 s -
Agent iast 1.201 s 145.887 ms (13.8%)
Total tracing 8.723 s -
Total iast 9.362 s 639.465 ms (7.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.059 s -
Agent iast 1.203 s 143.998 ms (13.6%)
Total tracing 8.747 s -
Total iast 9.318 s 571.54 ms (6.5%) 
gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.5 ms) : 0, 1500
crashtracking [candidate] (1.488 ms) : 0, 1488
BytebuddyAgent [baseline] (709.098 ms) : 0, 709098
BytebuddyAgent [candidate] (707.14 ms) : 0, 707140
GlobalTracer [baseline] (250.097 ms) : 0, 250097
GlobalTracer [candidate] (249.407 ms) : 0, 249407
AppSec [baseline] (31.96 ms) : 0, 31960
AppSec [candidate] (38.996 ms) : 0, 38996
Debugger [baseline] (6.404 ms) : 0, 6404
Debugger [candidate] (6.705 ms) : 0, 6705
Remote Config [baseline] (683.016 µs) : 0, 683
Remote Config [candidate] (693.394 µs) : 0, 693
Telemetry [baseline] (15.663 ms) : 0, 15663
Telemetry [candidate] (14.044 ms) : 0, 14044
Flare Poller [baseline] (4.885 ms) : 0, 4885
Flare Poller [candidate] (5.701 ms) : 0, 5701
section iast
crashtracking [baseline] (1.496 ms) : 0, 1496
crashtracking [candidate] (1.482 ms) : 0, 1482
BytebuddyAgent [baseline] (837.491 ms) : 0, 837491
BytebuddyAgent [candidate] (833.995 ms) : 0, 833995
GlobalTracer [baseline] (239.172 ms) : 0, 239172
GlobalTracer [candidate] (238.93 ms) : 0, 238930
AppSec [baseline] (30.797 ms) : 0, 30797
AppSec [candidate] (33.021 ms) : 0, 33021
Debugger [baseline] (6.134 ms) : 0, 6134
Debugger [candidate] (6.04 ms) : 0, 6040
Remote Config [baseline] (622.874 µs) : 0, 623
Remote Config [candidate] (592.909 µs) : 0, 593
Telemetry [baseline] (8.099 ms) : 0, 8099
Telemetry [candidate] (7.788 ms) : 0, 7788
Flare Poller [baseline] (10.788 ms) : 0, 10788
Flare Poller [candidate] (10.971 ms) : 0, 10971
IAST [baseline] (31.472 ms) : 0, 31472
IAST [candidate] (35.269 ms) : 0, 35269
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/Q4-2025-IW
git_commit_date 1764344838 1764934732
git_commit_sha 17c7fcf 6e61adb
release_version 1.57.0-SNAPSHOT~17c7fcf3e9 1.57.0-SNAPSHOT~6e61adb597
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1764937106 1764937106
ci_job_id 1272153873 1272153873
ci_pipeline_id 84996493 84996493
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-wgn0x5lk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-wgn0x5lk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 6 performance regressions! Performance is the same for 15 metrics, 15 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_FULL:high_load worse
[+224.983µs; +397.585µs] or [+4.454%; +7.872%]		 unsure
[+35.558µs; +998.643µs] or [+0.287%; +8.061%]		 unstable
[-124.215op/s; +44.340op/s] or [-15.442%; +5.512%]		 5.362ms 12.905ms 764.438op/s 5.051ms 12.388ms 804.375op/s
scenario:load:petclinic:tracing:high_load worse
[+0.743ms; +1.822ms] or [+4.354%; +10.671%]		 unsure
[+0.346ms; +1.911ms] or [+1.217%; +6.716%]		 unstable
[-43.387op/s; +13.262op/s] or [-16.309%; +4.985%]		 18.359ms 29.586ms 250.969op/s 17.076ms 28.457ms 266.031op/s
scenario:load:petclinic:code_origins:high_load worse
[+609.149µs; +1122.340µs] or [+3.555%; +6.550%]		 unsure
[+0.479ms; +1.633ms] or [+1.672%; +5.693%]		 unstable
[-39.061op/s; +17.061op/s] or [-14.737%; +6.437%]		 18.001ms 29.735ms 254.062op/s 17.135ms 28.679ms 265.062op/s
scenario:load:petclinic:profiling:high_load worse
[+1.368ms; +2.451ms] or [+7.677%; +13.760%]		 worse
[+1.536ms; +3.674ms] or [+5.225%; +12.500%]		 unstable
[-50.083op/s; +3.208op/s] or [-19.573%; +1.254%]		 19.724ms 32.002ms 232.438op/s 17.814ms 29.397ms 255.875op/s
scenario:load:petclinic:appsec:high_load worse
[+489.525µs; +1252.776µs] or [+2.664%; +6.817%]		 unsure
[+0.286ms; +1.732ms] or [+0.957%; +5.783%]		 unstable
[-36.466op/s; +16.466op/s] or [-14.662%; +6.620%]		 19.248ms 30.958ms 238.719op/s 18.377ms 29.949ms 248.719op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.212 ms) : 1200, 1224
.   : milestone, 1212,
iast (3.19 ms) : 3145, 3236
.   : milestone, 3190,
iast_FULL (5.748 ms) : 5691, 5806
.   : milestone, 5748,
iast_GLOBAL (3.654 ms) : 3600, 3708
.   : milestone, 3654,
profiling (1.962 ms) : 1946, 1979
.   : milestone, 1962,
tracing (1.827 ms) : 1813, 1842
.   : milestone, 1827,
section candidate
no_agent (1.224 ms) : 1212, 1237
.   : milestone, 1224,
iast (3.275 ms) : 3234, 3316
.   : milestone, 3275,
iast_FULL (6.052 ms) : 5991, 6114
.   : milestone, 6052,
iast_GLOBAL (3.517 ms) : 3469, 3565
.   : milestone, 3517,
profiling (2.037 ms) : 2018, 2055
.   : milestone, 2037,
tracing (1.812 ms) : 1797, 1827
.   : milestone, 1812,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.212 ms [1.2 ms, 1.224 ms] -
iast 3.19 ms [3.145 ms, 3.236 ms] 1.978 ms (163.2%)
iast_FULL 5.748 ms [5.691 ms, 5.806 ms] 4.536 ms (374.3%)
iast_GLOBAL 3.654 ms [3.6 ms, 3.708 ms] 2.442 ms (201.5%)
profiling 1.962 ms [1.946 ms, 1.979 ms] 750.475 µs (61.9%)
tracing 1.827 ms [1.813 ms, 1.842 ms] 615.274 µs (50.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.224 ms [1.212 ms, 1.237 ms] -
iast 3.275 ms [3.234 ms, 3.316 ms] 2.051 ms (167.5%)
iast_FULL 6.052 ms [5.991 ms, 6.114 ms] 4.828 ms (394.3%)
iast_GLOBAL 3.517 ms [3.469 ms, 3.565 ms] 2.292 ms (187.2%)
profiling 2.037 ms [2.018 ms, 2.055 ms] 812.23 µs (66.3%)
tracing 1.812 ms [1.797 ms, 1.827 ms] 587.595 µs (48.0%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.069 ms) : 18875, 19263
.   : milestone, 19069,
appsec (18.766 ms) : 18577, 18956
.   : milestone, 18766,
code_origins (17.606 ms) : 17428, 17784
.   : milestone, 17606,
iast (17.458 ms) : 17285, 17631
.   : milestone, 17458,
profiling (18.236 ms) : 18055, 18417
.   : milestone, 18236,
tracing (17.541 ms) : 17365, 17716
.   : milestone, 17541,
section candidate
no_agent (19.27 ms) : 19076, 19465
.   : milestone, 19270,
appsec (19.554 ms) : 19356, 19752
.   : milestone, 19554,
code_origins (18.366 ms) : 18180, 18551
.   : milestone, 18366,
iast (17.542 ms) : 17366, 17719
.   : milestone, 17542,
profiling (20.083 ms) : 19868, 20297
.   : milestone, 20083,
tracing (18.597 ms) : 18409, 18784
.   : milestone, 18597,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.069 ms [18.875 ms, 19.263 ms] -
appsec 18.766 ms [18.577 ms, 18.956 ms] -302.466 µs (-1.6%)
code_origins 17.606 ms [17.428 ms, 17.784 ms] -1.463 ms (-7.7%)
iast 17.458 ms [17.285 ms, 17.631 ms] -1.611 ms (-8.4%)
profiling 18.236 ms [18.055 ms, 18.417 ms] -832.862 µs (-4.4%)
tracing 17.541 ms [17.365 ms, 17.716 ms] -1.528 ms (-8.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.27 ms [19.076 ms, 19.465 ms] -
appsec 19.554 ms [19.356 ms, 19.752 ms] 283.59 µs (1.5%)
code_origins 18.366 ms [18.18 ms, 18.551 ms] -904.875 µs (-4.7%)
iast 17.542 ms [17.366 ms, 17.719 ms] -1.728 ms (-9.0%)
profiling 20.083 ms [19.868 ms, 20.297 ms] 812.335 µs (4.2%)
tracing 18.597 ms [18.409 ms, 18.784 ms] -673.924 µs (-3.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/Q4-2025-IW
git_commit_date 1764344838 1764934732
git_commit_sha 17c7fcf 6e61adb
release_version 1.57.0-SNAPSHOT~17c7fcf3e9 1.57.0-SNAPSHOT~6e61adb597
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1764936819 1764936819
ci_job_id 1272153874 1272153874
ci_pipeline_id 84996493 84996493
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-35laohxu 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-35laohxu 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1464, 1487
.   : milestone, 1476,
appsec (2.45 ms) : 2399, 2501
.   : milestone, 2450,
iast (2.211 ms) : 2147, 2276
.   : milestone, 2211,
iast_GLOBAL (2.255 ms) : 2190, 2320
.   : milestone, 2255,
profiling (2.073 ms) : 2020, 2126
.   : milestone, 2073,
tracing (2.042 ms) : 1991, 2093
.   : milestone, 2042,
section candidate
no_agent (1.476 ms) : 1465, 1488
.   : milestone, 1476,
appsec (3.688 ms) : 3469, 3907
.   : milestone, 3688,
iast (2.212 ms) : 2147, 2277
.   : milestone, 2212,
iast_GLOBAL (2.256 ms) : 2191, 2321
.   : milestone, 2256,
profiling (2.094 ms) : 2040, 2148
.   : milestone, 2094,
tracing (2.041 ms) : 1990, 2092
.   : milestone, 2041,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.487 ms] -
appsec 2.45 ms [2.399 ms, 2.501 ms] 974.225 µs (66.0%)
iast 2.211 ms [2.147 ms, 2.276 ms] 735.589 µs (49.8%)
iast_GLOBAL 2.255 ms [2.19 ms, 2.32 ms] 779.112 µs (52.8%)
profiling 2.073 ms [2.02 ms, 2.126 ms] 597.105 µs (40.5%)
tracing 2.042 ms [1.991 ms, 2.093 ms] 565.908 µs (38.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.465 ms, 1.488 ms] -
appsec 3.688 ms [3.469 ms, 3.907 ms] 2.212 ms (149.8%)
iast 2.212 ms [2.147 ms, 2.277 ms] 735.921 µs (49.9%)
iast_GLOBAL 2.256 ms [2.191 ms, 2.321 ms] 779.496 µs (52.8%)
profiling 2.094 ms [2.04 ms, 2.148 ms] 617.944 µs (41.9%)
tracing 2.041 ms [1.99 ms, 2.092 ms] 565.203 µs (38.3%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~6e61adb597, baseline=1.57.0-SNAPSHOT~17c7fcf3e9
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.578 s) : 15578000, 15578000
.   : milestone, 15578000,
appsec (14.872 s) : 14872000, 14872000
.   : milestone, 14872000,
iast (18.236 s) : 18236000, 18236000
.   : milestone, 18236000,
iast_GLOBAL (18.306 s) : 18306000, 18306000
.   : milestone, 18306000,
profiling (14.956 s) : 14956000, 14956000
.   : milestone, 14956000,
tracing (14.815 s) : 14815000, 14815000
.   : milestone, 14815000,
section candidate
no_agent (15.511 s) : 15511000, 15511000
.   : milestone, 15511000,
appsec (15.096 s) : 15096000, 15096000
.   : milestone, 15096000,
iast (18.379 s) : 18379000, 18379000
.   : milestone, 18379000,
iast_GLOBAL (18.018 s) : 18018000, 18018000
.   : milestone, 18018000,
profiling (14.914 s) : 14914000, 14914000
.   : milestone, 14914000,
tracing (14.511 s) : 14511000, 14511000
.   : milestone, 14511000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.578 s [15.578 s, 15.578 s] -
appsec 14.872 s [14.872 s, 14.872 s] -706.0 ms (-4.5%)
iast 18.236 s [18.236 s, 18.236 s] 2.658 s (17.1%)
iast_GLOBAL 18.306 s [18.306 s, 18.306 s] 2.728 s (17.5%)
profiling 14.956 s [14.956 s, 14.956 s] -622.0 ms (-4.0%)
tracing 14.815 s [14.815 s, 14.815 s] -763.0 ms (-4.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.511 s [15.511 s, 15.511 s] -
appsec 15.096 s [15.096 s, 15.096 s] -415.0 ms (-2.7%)
iast 18.379 s [18.379 s, 18.379 s] 2.868 s (18.5%)
iast_GLOBAL 18.018 s [18.018 s, 18.018 s] 2.507 s (16.2%)
profiling 14.914 s [14.914 s, 14.914 s] -597.0 ms (-3.8%)
tracing 14.511 s [14.511 s, 14.511 s] -1.0 s (-6.4%)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) comp: remote config Configuration at Runtime tag: do not merge Do not merge changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jandro996