Skip to content

Adapt standalone ASM to support API Security #8804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 14, 2025
Merged

Adapt standalone ASM to support API Security #8804

merged 5 commits into from
May 14, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented May 12, 2025
edited
Loading

What Does This Do

  • Fix conflict between ASM standalone and API Security sampling (traces were discarded as they don't have the ASM KEEP)
  • Remove redundant ctx.setKeepOpenForApiSecurityPostProcessing call (it's already set to true in the APISecuritySampler)

Motivation

Additional Notes

Tested locally with latest system-tests
https://github.com/DataDog/system-tests/pull/4617/files

Contributor Checklist

Jira ticket: APPSEC-57333

@jandro996 jandro996 added type: bug comp: asm waf Application Security Management (WAF) labels May 12, 2025
@pr-commenter
Copy link

pr-commenter bot commented May 12, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/fix-api-sampling-for-standalone
git_commit_date 1747210908 1747218200
git_commit_sha be63fb9 1bd3d1e6a9
release_version 1.50.0-SNAPSHOT~be63fb9999 1.50.0-SNAPSHOT~c1bd3d1e6a9
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1747220048 1747220048
ci_job_id 937490194 937490194
ci_pipeline_id 65045601 65045601
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-drbnw7cb-project-304-concurrent-0-0rsp81x9 6.8.0-1028-aws #30~22.04.1-Ubuntu SMP Sun Apr 20 06:03:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-drbnw7cb-project-304-concurrent-0-0rsp81x9 6.8.0-1028-aws #30~22.04.1-Ubuntu SMP Sun Apr 20 06:03:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 1 performance improvements and 2 performance regressions! Performance is the same for 55 metrics, 13 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:profiling:ProfilingAgent worse
[+5.769ms; +7.547ms] or [+5.598%; +7.323%]		 109.720ms 103.062ms
scenario:startup:petclinic:profiling:AppSec better
[-8.630ms; -7.459ms] or [-14.024%; -12.121%]		 53.495ms 61.540ms
scenario:startup:petclinic:profiling:Profiling worse
[+5.771ms; +7.548ms] or [+5.598%; +7.322%]		 109.745ms 103.086ms
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.02 s) : 0, 1019843
Total [baseline] (8.644 s) : 0, 8644237
Agent [candidate] (1.031 s) : 0, 1030812
Total [candidate] (8.666 s) : 0, 8665683
section iast
Agent [baseline] (1.146 s) : 0, 1145714
Total [baseline] (9.214 s) : 0, 9214327
Agent [candidate] (1.155 s) : 0, 1155470
Total [candidate] (9.227 s) : 0, 9227217
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.148 s) : 0, 1147816
Total [baseline] (9.183 s) : 0, 9183227
Agent [candidate] (1.149 s) : 0, 1149191
Total [candidate] (9.216 s) : 0, 9215506
section iast_TELEMETRY_OFF
Agent [baseline] (1.145 s) : 0, 1144861
Total [baseline] (9.252 s) : 0, 9251653
Agent [candidate] (1.144 s) : 0, 1143515
Total [candidate] (9.23 s) : 0, 9230288
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.02 s -
Agent iast 1.146 s 125.871 ms (12.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.148 s 127.974 ms (12.5%)
Agent iast_TELEMETRY_OFF 1.145 s 125.018 ms (12.3%)
Total tracing 8.644 s -
Total iast 9.214 s 570.09 ms (6.6%)
Total iast_HARDCODED_SECRET_DISABLED 9.183 s 538.99 ms (6.2%)
Total iast_TELEMETRY_OFF 9.252 s 607.416 ms (7.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.031 s -
Agent iast 1.155 s 124.657 ms (12.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.149 s 118.379 ms (11.5%)
Agent iast_TELEMETRY_OFF 1.144 s 112.702 ms (10.9%)
Total tracing 8.666 s -
Total iast 9.227 s 561.534 ms (6.5%)
Total iast_HARDCODED_SECRET_DISABLED 9.216 s 549.823 ms (6.3%)
Total iast_TELEMETRY_OFF 9.23 s 564.605 ms (6.5%) 
gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (680.891 ms) : 0, 680891
BytebuddyAgent [candidate] (689.687 ms) : 0, 689687
GlobalTracer [baseline] (239.906 ms) : 0, 239906
GlobalTracer [candidate] (242.152 ms) : 0, 242152
AppSec [baseline] (54.629 ms) : 0, 54629
AppSec [candidate] (55.549 ms) : 0, 55549
Debugger [baseline] (9.056 ms) : 0, 9056
Debugger [candidate] (9.797 ms) : 0, 9797
Remote Config [baseline] (699.079 µs) : 0, 699
Remote Config [candidate] (720.71 µs) : 0, 721
Telemetry [baseline] (11.193 ms) : 0, 11193
Telemetry [candidate] (9.071 ms) : 0, 9071
section iast
BytebuddyAgent [baseline] (799.766 ms) : 0, 799766
BytebuddyAgent [candidate] (807.081 ms) : 0, 807081
GlobalTracer [baseline] (229.531 ms) : 0, 229531
GlobalTracer [candidate] (231.892 ms) : 0, 231892
IAST [baseline] (25.938 ms) : 0, 25938
IAST [candidate] (29.871 ms) : 0, 29871
AppSec [baseline] (52.734 ms) : 0, 52734
AppSec [candidate] (47.822 ms) : 0, 47822
Debugger [baseline] (5.867 ms) : 0, 5867
Debugger [candidate] (5.923 ms) : 0, 5923
Remote Config [baseline] (585.534 µs) : 0, 586
Remote Config [candidate] (596.038 µs) : 0, 596
Telemetry [baseline] (7.834 ms) : 0, 7834
Telemetry [candidate] (7.895 ms) : 0, 7895
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (800.953 ms) : 0, 800953
BytebuddyAgent [candidate] (803.397 ms) : 0, 803397
GlobalTracer [baseline] (230.714 ms) : 0, 230714
GlobalTracer [candidate] (229.831 ms) : 0, 229831
IAST [baseline] (29.274 ms) : 0, 29274
IAST [candidate] (28.758 ms) : 0, 28758
AppSec [baseline] (48.421 ms) : 0, 48421
AppSec [candidate] (49.315 ms) : 0, 49315
Debugger [baseline] (5.829 ms) : 0, 5829
Debugger [candidate] (5.863 ms) : 0, 5863
Remote Config [baseline] (583.095 µs) : 0, 583
Remote Config [candidate] (609.947 µs) : 0, 610
Telemetry [baseline] (7.796 ms) : 0, 7796
Telemetry [candidate] (7.833 ms) : 0, 7833
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (798.305 ms) : 0, 798305
BytebuddyAgent [candidate] (797.712 ms) : 0, 797712
GlobalTracer [baseline] (230.796 ms) : 0, 230796
GlobalTracer [candidate] (230.189 ms) : 0, 230189
IAST [baseline] (22.938 ms) : 0, 22938
IAST [candidate] (23.135 ms) : 0, 23135
AppSec [baseline] (55.124 ms) : 0, 55124
AppSec [candidate] (54.633 ms) : 0, 54633
Debugger [baseline] (5.881 ms) : 0, 5881
Debugger [candidate] (5.904 ms) : 0, 5904
Remote Config [baseline] (592.139 µs) : 0, 592
Remote Config [candidate] (592.809 µs) : 0, 593
Telemetry [baseline] (7.685 ms) : 0, 7685
Telemetry [candidate] (7.783 ms) : 0, 7783
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.019 s) : 0, 1019046
Total [baseline] (10.516 s) : 0, 10515565
Agent [candidate] (1.019 s) : 0, 1018917
Total [candidate] (10.506 s) : 0, 10506497
section appsec
Agent [baseline] (1.166 s) : 0, 1165812
Total [baseline] (10.731 s) : 0, 10731443
Agent [candidate] (1.162 s) : 0, 1162031
Total [candidate] (10.69 s) : 0, 10689822
section iast
Agent [baseline] (1.146 s) : 0, 1146283
Total [baseline] (10.942 s) : 0, 10942007
Agent [candidate] (1.148 s) : 0, 1147839
Total [candidate] (10.936 s) : 0, 10936065
section profiling
Agent [baseline] (1.276 s) : 0, 1275957
Total [baseline] (10.864 s) : 0, 10864165
Agent [candidate] (1.278 s) : 0, 1278290
Total [candidate] (10.913 s) : 0, 10912563
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.019 s -
Agent appsec 1.166 s 146.765 ms (14.4%)
Agent iast 1.146 s 127.237 ms (12.5%)
Agent profiling 1.276 s 256.911 ms (25.2%)
Total tracing 10.516 s -
Total appsec 10.731 s 215.877 ms (2.1%)
Total iast 10.942 s 426.442 ms (4.1%)
Total profiling 10.864 s 348.6 ms (3.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.019 s -
Agent appsec 1.162 s 143.114 ms (14.0%)
Agent iast 1.148 s 128.922 ms (12.7%)
Agent profiling 1.278 s 259.373 ms (25.5%)
Total tracing 10.506 s -
Total appsec 10.69 s 183.325 ms (1.7%)
Total iast 10.936 s 429.568 ms (4.1%)
Total profiling 10.913 s 406.066 ms (3.9%) 
gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (681.493 ms) : 0, 681493
BytebuddyAgent [candidate] (681.733 ms) : 0, 681733
GlobalTracer [baseline] (240.268 ms) : 0, 240268
GlobalTracer [candidate] (240.37 ms) : 0, 240370
AppSec [baseline] (55.027 ms) : 0, 55027
AppSec [candidate] (55.146 ms) : 0, 55146
Debugger [baseline] (9.015 ms) : 0, 9015
Debugger [candidate] (8.29 ms) : 0, 8290
Remote Config [baseline] (692.748 µs) : 0, 693
Remote Config [candidate] (680.579 µs) : 0, 681
Telemetry [baseline] (9.047 ms) : 0, 9047
Telemetry [candidate] (9.119 ms) : 0, 9119
section appsec
BytebuddyAgent [baseline] (703.385 ms) : 0, 703385
BytebuddyAgent [candidate] (701.432 ms) : 0, 701432
GlobalTracer [baseline] (238.008 ms) : 0, 238008
GlobalTracer [candidate] (236.833 ms) : 0, 236833
AppSec [baseline] (175.924 ms) : 0, 175924
AppSec [candidate] (175.156 ms) : 0, 175156
Debugger [baseline] (5.958 ms) : 0, 5958
Debugger [candidate] (5.914 ms) : 0, 5914
Remote Config [baseline] (631.097 µs) : 0, 631
Remote Config [candidate] (624.151 µs) : 0, 624
Telemetry [baseline] (7.443 ms) : 0, 7443
Telemetry [candidate] (7.759 ms) : 0, 7759
IAST [baseline] (21.669 ms) : 0, 21669
IAST [candidate] (21.649 ms) : 0, 21649
section iast
BytebuddyAgent [baseline] (800.108 ms) : 0, 800108
BytebuddyAgent [candidate] (800.809 ms) : 0, 800809
GlobalTracer [baseline] (230.389 ms) : 0, 230389
GlobalTracer [candidate] (230.68 ms) : 0, 230680
AppSec [baseline] (47.341 ms) : 0, 47341
AppSec [candidate] (51.996 ms) : 0, 51996
Debugger [baseline] (5.87 ms) : 0, 5870
Debugger [candidate] (5.897 ms) : 0, 5897
Remote Config [baseline] (578.785 µs) : 0, 579
Remote Config [candidate] (582.485 µs) : 0, 582
Telemetry [baseline] (7.818 ms) : 0, 7818
Telemetry [candidate] (7.835 ms) : 0, 7835
IAST [baseline] (30.706 ms) : 0, 30706
IAST [candidate] (25.762 ms) : 0, 25762
section profiling
ProfilingAgent [baseline] (103.062 ms) : 0, 103062
ProfilingAgent [candidate] (109.72 ms) : 0, 109720
BytebuddyAgent [baseline] (671.973 ms) : 0, 671973
BytebuddyAgent [candidate] (672.333 ms) : 0, 672333
GlobalTracer [baseline] (373.751 ms) : 0, 373751
GlobalTracer [candidate] (377.519 ms) : 0, 377519
AppSec [baseline] (61.54 ms) : 0, 61540
AppSec [candidate] (53.495 ms) : 0, 53495
Debugger [baseline] (6.264 ms) : 0, 6264
Debugger [candidate] (6.14 ms) : 0, 6140
Remote Config [baseline] (653.922 µs) : 0, 654
Remote Config [candidate] (664.705 µs) : 0, 665
Telemetry [baseline] (8.106 ms) : 0, 8106
Telemetry [candidate] (8.093 ms) : 0, 8093
Profiling [baseline] (103.086 ms) : 0, 103086
Profiling [candidate] (109.745 ms) : 0, 109745
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-05-14T10:24:24 2025-05-14T10:32:11
git_branch master alejandro.gonzalez/fix-api-sampling-for-standalone
git_commit_date 1747210908 1747218195
git_commit_sha be63fb9 1bd3d1e6a9
release_version 1.50.0-SNAPSHOT~be63fb9999 1.50.0-SNAPSHOT~c1bd3d1e6a9
start_time 2025-05-14T10:24:10 2025-05-14T10:31:56
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1747219129 1747219129
ci_job_id 937490195 937490195
ci_pipeline_id 65045601 65045601
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-bhsi38qb-project-304-concurrent-0-td1jq6tb 6.8.0-1028-aws #30~22.04.1-Ubuntu SMP Sun Apr 20 06:03:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-bhsi38qb-project-304-concurrent-0-td1jq6tb 6.8.0-1028-aws #30~22.04.1-Ubuntu SMP Sun Apr 20 06:03:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 18 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.358 ms) : 1339, 1378
.   : milestone, 1358,
appsec (1.734 ms) : 1710, 1758
.   : milestone, 1734,
appsec_no_iast (1.742 ms) : 1719, 1766
.   : milestone, 1742,
code_origins (1.697 ms) : 1670, 1724
.   : milestone, 1697,
iast (1.524 ms) : 1500, 1548
.   : milestone, 1524,
profiling (1.508 ms) : 1485, 1531
.   : milestone, 1508,
tracing (1.488 ms) : 1465, 1511
.   : milestone, 1488,
section candidate
no_agent (1.372 ms) : 1352, 1392
.   : milestone, 1372,
appsec (1.759 ms) : 1736, 1783
.   : milestone, 1759,
appsec_no_iast (1.727 ms) : 1704, 1750
.   : milestone, 1727,
code_origins (1.686 ms) : 1660, 1713
.   : milestone, 1686,
iast (1.526 ms) : 1501, 1551
.   : milestone, 1526,
profiling (1.516 ms) : 1493, 1540
.   : milestone, 1516,
tracing (1.487 ms) : 1464, 1510
.   : milestone, 1487,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.358 ms [1.339 ms, 1.378 ms] -
appsec 1.734 ms [1.71 ms, 1.758 ms] 375.382 µs (27.6%)
appsec_no_iast 1.742 ms [1.719 ms, 1.766 ms] 383.89 µs (28.3%)
code_origins 1.697 ms [1.67 ms, 1.724 ms] 338.235 µs (24.9%)
iast 1.524 ms [1.5 ms, 1.548 ms] 165.397 µs (12.2%)
profiling 1.508 ms [1.485 ms, 1.531 ms] 149.231 µs (11.0%)
tracing 1.488 ms [1.465 ms, 1.511 ms] 129.496 µs (9.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.372 ms [1.352 ms, 1.392 ms] -
appsec 1.759 ms [1.736 ms, 1.783 ms] 387.2 µs (28.2%)
appsec_no_iast 1.727 ms [1.704 ms, 1.75 ms] 354.9 µs (25.9%)
code_origins 1.686 ms [1.66 ms, 1.713 ms] 314.158 µs (22.9%)
iast 1.526 ms [1.501 ms, 1.551 ms] 154.226 µs (11.2%)
profiling 1.516 ms [1.493 ms, 1.54 ms] 144.018 µs (10.5%)
tracing 1.487 ms [1.464 ms, 1.51 ms] 114.565 µs (8.3%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999
    dateFormat X
    axisFormat %s
section baseline
no_agent (377.308 µs) : 357, 397
.   : milestone, 377,
iast (526.795 µs) : 504, 550
.   : milestone, 527,
iast_FULL (744.894 µs) : 723, 767
.   : milestone, 745,
iast_GLOBAL (567.591 µs) : 545, 590
.   : milestone, 568,
iast_HARDCODED_SECRET_DISABLED (531.858 µs) : 509, 555
.   : milestone, 532,
iast_INACTIVE (474.15 µs) : 452, 497
.   : milestone, 474,
iast_TELEMETRY_OFF (513.63 µs) : 490, 537
.   : milestone, 514,
tracing (467.776 µs) : 446, 490
.   : milestone, 468,
section candidate
no_agent (385.719 µs) : 366, 406
.   : milestone, 386,
iast (521.449 µs) : 500, 543
.   : milestone, 521,
iast_FULL (736.645 µs) : 715, 759
.   : milestone, 737,
iast_GLOBAL (562.902 µs) : 541, 585
.   : milestone, 563,
iast_HARDCODED_SECRET_DISABLED (527.147 µs) : 504, 550
.   : milestone, 527,
iast_INACTIVE (469.237 µs) : 447, 491
.   : milestone, 469,
iast_TELEMETRY_OFF (524.323 µs) : 501, 548
.   : milestone, 524,
tracing (461.688 µs) : 439, 484
.   : milestone, 462,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 377.308 µs [357.268 µs, 397.348 µs] -
iast 526.795 µs [503.722 µs, 549.868 µs] 149.487 µs (39.6%)
iast_FULL 744.894 µs [723.033 µs, 766.755 µs] 367.586 µs (97.4%)
iast_GLOBAL 567.591 µs [545.318 µs, 589.864 µs] 190.283 µs (50.4%)
iast_HARDCODED_SECRET_DISABLED 531.858 µs [509.108 µs, 554.608 µs] 154.55 µs (41.0%)
iast_INACTIVE 474.15 µs [451.574 µs, 496.725 µs] 96.842 µs (25.7%)
iast_TELEMETRY_OFF 513.63 µs [490.415 µs, 536.844 µs] 136.322 µs (36.1%)
tracing 467.776 µs [445.704 µs, 489.848 µs] 90.468 µs (24.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 385.719 µs [365.742 µs, 405.696 µs] -
iast 521.449 µs [499.621 µs, 543.278 µs] 135.731 µs (35.2%)
iast_FULL 736.645 µs [714.717 µs, 758.572 µs] 350.926 µs (91.0%)
iast_GLOBAL 562.902 µs [541.234 µs, 584.57 µs] 177.183 µs (45.9%)
iast_HARDCODED_SECRET_DISABLED 527.147 µs [504.351 µs, 549.943 µs] 141.428 µs (36.7%)
iast_INACTIVE 469.237 µs [447.287 µs, 491.188 µs] 83.519 µs (21.7%)
iast_TELEMETRY_OFF 524.323 µs [500.653 µs, 547.993 µs] 138.604 µs (35.9%)
tracing 461.688 µs [439.395 µs, 483.982 µs] 75.97 µs (19.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/fix-api-sampling-for-standalone
git_commit_date 1747210908 1747218201
git_commit_sha be63fb9 1bd3d1e6a9
release_version 1.50.0-SNAPSHOT~be63fb9999 1.50.0-SNAPSHOT~c1bd3d1e6a9
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1747219660 1747219660
ci_job_id 937490196 937490196
ci_pipeline_id 65045601 65045601
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-drbnw7cb-project-304-concurrent-1-q9u6wo28 6.8.0-1028-aws #30~22.04.1-Ubuntu SMP Sun Apr 20 06:03:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-drbnw7cb-project-304-concurrent-1-q9u6wo28 6.8.0-1028-aws #30~22.04.1-Ubuntu SMP Sun Apr 20 06:03:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.433 s) : 15433000, 15433000
.   : milestone, 15433000,
appsec (15.178 s) : 15178000, 15178000
.   : milestone, 15178000,
iast (18.769 s) : 18769000, 18769000
.   : milestone, 18769000,
iast_GLOBAL (17.921 s) : 17921000, 17921000
.   : milestone, 17921000,
profiling (14.922 s) : 14922000, 14922000
.   : milestone, 14922000,
tracing (15.116 s) : 15116000, 15116000
.   : milestone, 15116000,
section candidate
no_agent (15.449 s) : 15449000, 15449000
.   : milestone, 15449000,
appsec (15.096 s) : 15096000, 15096000
.   : milestone, 15096000,
iast (19.181 s) : 19181000, 19181000
.   : milestone, 19181000,
iast_GLOBAL (18.082 s) : 18082000, 18082000
.   : milestone, 18082000,
profiling (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
tracing (14.928 s) : 14928000, 14928000
.   : milestone, 14928000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.433 s [15.433 s, 15.433 s] -
appsec 15.178 s [15.178 s, 15.178 s] -255.0 ms (-1.7%)
iast 18.769 s [18.769 s, 18.769 s] 3.336 s (21.6%)
iast_GLOBAL 17.921 s [17.921 s, 17.921 s] 2.488 s (16.1%)
profiling 14.922 s [14.922 s, 14.922 s] -511.0 ms (-3.3%)
tracing 15.116 s [15.116 s, 15.116 s] -317.0 ms (-2.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.449 s [15.449 s, 15.449 s] -
appsec 15.096 s [15.096 s, 15.096 s] -353.0 ms (-2.3%)
iast 19.181 s [19.181 s, 19.181 s] 3.732 s (24.2%)
iast_GLOBAL 18.082 s [18.082 s, 18.082 s] 2.633 s (17.0%)
profiling 15.026 s [15.026 s, 15.026 s] -423.0 ms (-2.7%)
tracing 14.928 s [14.928 s, 14.928 s] -521.0 ms (-3.4%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~c1bd3d1e6a9, baseline=1.50.0-SNAPSHOT~be63fb9999
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.474 ms) : 1462, 1485
.   : milestone, 1474,
appsec (2.4 ms) : 2350, 2449
.   : milestone, 2400,
iast (2.185 ms) : 2123, 2247
.   : milestone, 2185,
iast_GLOBAL (2.222 ms) : 2160, 2285
.   : milestone, 2222,
profiling (2.02 ms) : 1971, 2070
.   : milestone, 2020,
tracing (2.005 ms) : 1957, 2053
.   : milestone, 2005,
section candidate
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (2.403 ms) : 2354, 2452
.   : milestone, 2403,
iast (2.171 ms) : 2109, 2233
.   : milestone, 2171,
iast_GLOBAL (2.233 ms) : 2171, 2296
.   : milestone, 2233,
profiling (2.027 ms) : 1977, 2077
.   : milestone, 2027,
tracing (1.998 ms) : 1950, 2045
.   : milestone, 1998,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.462 ms, 1.485 ms] -
appsec 2.4 ms [2.35 ms, 2.449 ms] 925.814 µs (62.8%)
iast 2.185 ms [2.123 ms, 2.247 ms] 711.133 µs (48.3%)
iast_GLOBAL 2.222 ms [2.16 ms, 2.285 ms] 748.435 µs (50.8%)
profiling 2.02 ms [1.971 ms, 2.07 ms] 546.318 µs (37.1%)
tracing 2.005 ms [1.957 ms, 2.053 ms] 531.148 µs (36.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.473 ms [1.462 ms, 1.485 ms] -
appsec 2.403 ms [2.354 ms, 2.452 ms] 929.665 µs (63.1%)
iast 2.171 ms [2.109 ms, 2.233 ms] 697.196 µs (47.3%)
iast_GLOBAL 2.233 ms [2.171 ms, 2.296 ms] 759.861 µs (51.6%)
profiling 2.027 ms [1.977 ms, 2.077 ms] 553.546 µs (37.6%)
tracing 1.998 ms [1.95 ms, 2.045 ms] 524.218 µs (35.6%)

@datadog-datadog-prod-us1
Copy link
Contributor

Datadog Summary

✅ Code Quality    ✅ Code Security    ✅ Dependencies

Was this helpful? Give us feedback!

@jandro996 jandro996 marked this pull request as ready for review May 13, 2025 08:13
@jandro996 jandro996 requested a review from a team as a code owner May 13, 2025 08:13
smola
smola requested changes May 13, 2025
View reviewed changes
dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java Outdated
@@ -668,7 +668,8 @@ private NoopFlow onRequestEnded(RequestContext ctx_, IGSpanInfo spanInfo) {
Map<String, Object> tags = spanInfo.getTags();

if (maybeSampleForApiSecurity(ctx, spanInfo, tags)) {
ctx.setKeepOpenForApiSecurityPostProcessing(true);
traceSeg.setTagTop(Tags.ASM_KEEP, true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would defeat the purpose of the current sampling strategy. The actual sampling decision for API Security is taken much later (this is only a "pre-sample" decision).

This is when the actual decision to include API Security schemas is made:

dd-trace-java/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/AppSecSpanPostProcessor.java

Line 87 in f21ec9e

ctx.commitDerivatives(traceSegment);

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we discussed offline, I kept the the tags in the pre-sample but only set the is apm tracing is disabled

@jandro996 jandro996 requested a review from smola May 14, 2025 10:13
@jandro996 jandro996 enabled auto-merge (squash) May 14, 2025 11:22
@jandro996 jandro996 merged commit 80eed8e into master May 14, 2025
585 of 589 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/fix-api-sampling-for-standalone branch May 14, 2025 11:36
@github-actions github-actions bot added this to the 1.50.0 milestone May 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@robertpi robertpi Awaiting requested review from robertpi robertpi is a code owner automatically assigned from DataDog/asm-java

@sezen-datadog sezen-datadog Awaiting requested review from sezen-datadog

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: bug
Projects
None yet
Milestone
1.50.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @smola