Skip to content

API Security sampling when tracers lack HTTP routes - Rfc 1076#10424

Open
jandro996 wants to merge 3 commits intomasterfrom
alejandro.gonzalez/rfc-1076
Open

API Security sampling when tracers lack HTTP routes - Rfc 1076#10424
jandro996 wants to merge 3 commits intomasterfrom
alejandro.gonzalez/rfc-1076

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Jan 22, 2026
edited by atlassian bot
Loading

What Does This Do

Implements http.endpoint fallback in the API Security Sampler when http.route is unavailable, enabling sampling of traffic in frameworks that don't provide route information.

  • Reuses EndpointResolver.computeEndpoint() from RFC-1051 (no code duplication)
  • Uses static computation method to avoid tagging the span when endpoint is used as fallback
  • Excludes 404 responses from fallback sampling (failsafe against sampling not-found routes)
  • Caches computed endpoint with boolean flag to prevent multiple computations per request

Motivation

https://docs.google.com/document/d/1GnWwiaw6dkVtgn5f1wcHJETND_Svqd-sJl6FSVVuCkI/edit?pli=1&tab=t.0

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-60824

@pr-commenter
Copy link

pr-commenter bot commented Jan 22, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770374071 1770378287
git_commit_sha 91a239a 9e4cfe6
release_version 1.60.0-SNAPSHOT~91a239a8ca 1.60.0-SNAPSHOT~9e4cfe6b22
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770380101 1770380101
ci_job_id 1406006048 1406006048
ci_pipeline_id 94985443 94985443
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-usc3k283 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-usc3k283 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 62 metrics, 9 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1074748
Total [baseline] (10.928 s) : 0, 10927821
Agent [candidate] (1.064 s) : 0, 1064314
Total [candidate] (10.882 s) : 0, 10881665
section appsec
Agent [baseline] (1.237 s) : 0, 1237418
Total [baseline] (11.077 s) : 0, 11077198
Agent [candidate] (1.239 s) : 0, 1239423
Total [candidate] (11.074 s) : 0, 11074067
section iast
Agent [baseline] (1.23 s) : 0, 1230110
Total [baseline] (11.182 s) : 0, 11181561
Agent [candidate] (1.231 s) : 0, 1231365
Total [candidate] (11.189 s) : 0, 11188692
section profiling
Agent [baseline] (1.197 s) : 0, 1196937
Total [baseline] (11.007 s) : 0, 11007193
Agent [candidate] (1.198 s) : 0, 1198295
Total [candidate] (10.983 s) : 0, 10983139
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.237 s 162.67 ms (15.1%)
Agent iast 1.23 s 155.362 ms (14.5%)
Agent profiling 1.197 s 122.19 ms (11.4%)
Total tracing 10.928 s -
Total appsec 11.077 s 149.377 ms (1.4%)
Total iast 11.182 s 253.74 ms (2.3%)
Total profiling 11.007 s 79.373 ms (0.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent appsec 1.239 s 175.108 ms (16.5%)
Agent iast 1.231 s 167.051 ms (15.7%)
Agent profiling 1.198 s 133.981 ms (12.6%)
Total tracing 10.882 s -
Total appsec 11.074 s 192.402 ms (1.8%)
Total iast 11.189 s 307.027 ms (2.8%)
Total profiling 10.983 s 101.474 ms (0.9%) 
gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.199 ms) : 0, 1199
crashtracking [candidate] (1.195 ms) : 0, 1195
BytebuddyAgent [baseline] (634.887 ms) : 0, 634887
BytebuddyAgent [candidate] (629.318 ms) : 0, 629318
AgentMeter [baseline] (29.223 ms) : 0, 29223
AgentMeter [candidate] (29.007 ms) : 0, 29007
GlobalTracer [baseline] (260.123 ms) : 0, 260123
GlobalTracer [candidate] (258.016 ms) : 0, 258016
AppSec [baseline] (33.007 ms) : 0, 33007
AppSec [candidate] (32.684 ms) : 0, 32684
Debugger [baseline] (60.914 ms) : 0, 60914
Debugger [candidate] (62.838 ms) : 0, 62838
Remote Config [baseline] (645.345 µs) : 0, 645
Remote Config [candidate] (616.041 µs) : 0, 616
Telemetry [baseline] (13.834 ms) : 0, 13834
Telemetry [candidate] (10.787 ms) : 0, 10787
Flare Poller [baseline] (5.28 ms) : 0, 5280
Flare Poller [candidate] (4.473 ms) : 0, 4473
section appsec
crashtracking [baseline] (1.174 ms) : 0, 1174
crashtracking [candidate] (1.188 ms) : 0, 1188
BytebuddyAgent [baseline] (656.814 ms) : 0, 656814
BytebuddyAgent [candidate] (659.272 ms) : 0, 659272
AgentMeter [baseline] (11.938 ms) : 0, 11938
AgentMeter [candidate] (11.941 ms) : 0, 11941
GlobalTracer [baseline] (258.466 ms) : 0, 258466
GlobalTracer [candidate] (258.754 ms) : 0, 258754
AppSec [baseline] (167.841 ms) : 0, 167841
AppSec [candidate] (167.327 ms) : 0, 167327
Debugger [baseline] (67.217 ms) : 0, 67217
Debugger [candidate] (66.955 ms) : 0, 66955
Remote Config [baseline] (653.49 µs) : 0, 653
Remote Config [candidate] (662.648 µs) : 0, 663
Telemetry [baseline] (9.211 ms) : 0, 9211
Telemetry [candidate] (9.2 ms) : 0, 9200
Flare Poller [baseline] (3.63 ms) : 0, 3630
Flare Poller [candidate] (3.621 ms) : 0, 3621
IAST [baseline] (25.214 ms) : 0, 25214
IAST [candidate] (25.153 ms) : 0, 25153
section iast
crashtracking [baseline] (1.178 ms) : 0, 1178
crashtracking [candidate] (1.194 ms) : 0, 1194
BytebuddyAgent [baseline] (794.294 ms) : 0, 794294
BytebuddyAgent [candidate] (795.183 ms) : 0, 795183
AgentMeter [baseline] (11.221 ms) : 0, 11221
AgentMeter [candidate] (11.257 ms) : 0, 11257
GlobalTracer [baseline] (247.937 ms) : 0, 247937
GlobalTracer [candidate] (248.108 ms) : 0, 248108
AppSec [baseline] (33.19 ms) : 0, 33190
AppSec [candidate] (32.834 ms) : 0, 32834
Debugger [baseline] (67.326 ms) : 0, 67326
Debugger [candidate] (67.853 ms) : 0, 67853
Remote Config [baseline] (551.436 µs) : 0, 551
Remote Config [candidate] (539.804 µs) : 0, 540
Telemetry [baseline] (8.714 ms) : 0, 8714
Telemetry [candidate] (8.699 ms) : 0, 8699
Flare Poller [baseline] (3.485 ms) : 0, 3485
Flare Poller [candidate] (3.489 ms) : 0, 3489
IAST [baseline] (26.965 ms) : 0, 26965
IAST [candidate] (26.912 ms) : 0, 26912
section profiling
crashtracking [baseline] (1.217 ms) : 0, 1217
crashtracking [candidate] (1.21 ms) : 0, 1210
BytebuddyAgent [baseline] (686.135 ms) : 0, 686135
BytebuddyAgent [candidate] (686.547 ms) : 0, 686547
AgentMeter [baseline] (8.822 ms) : 0, 8822
AgentMeter [candidate] (8.797 ms) : 0, 8797
GlobalTracer [baseline] (217.39 ms) : 0, 217390
GlobalTracer [candidate] (217.316 ms) : 0, 217316
AppSec [baseline] (32.87 ms) : 0, 32870
AppSec [candidate] (32.839 ms) : 0, 32839
Debugger [baseline] (68.062 ms) : 0, 68062
Debugger [candidate] (67.986 ms) : 0, 67986
Remote Config [baseline] (595.441 µs) : 0, 595
Remote Config [candidate] (603.843 µs) : 0, 604
Telemetry [baseline] (8.864 ms) : 0, 8864
Telemetry [candidate] (8.972 ms) : 0, 8972
Flare Poller [baseline] (3.777 ms) : 0, 3777
Flare Poller [candidate] (3.814 ms) : 0, 3814
ProfilingAgent [baseline] (98.926 ms) : 0, 98926
ProfilingAgent [candidate] (99.985 ms) : 0, 99985
Profiling [baseline] (99.495 ms) : 0, 99495
Profiling [candidate] (100.573 ms) : 0, 100573
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.071 s) : 0, 1070776
Total [baseline] (8.749 s) : 0, 8748755
Agent [candidate] (1.066 s) : 0, 1065650
Total [candidate] (8.724 s) : 0, 8723557
section iast
Agent [baseline] (1.229 s) : 0, 1228693
Total [baseline] (9.358 s) : 0, 9358234
Agent [candidate] (1.236 s) : 0, 1236342
Total [candidate] (9.441 s) : 0, 9440593
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.071 s -
Agent iast 1.229 s 157.916 ms (14.7%)
Total tracing 8.749 s -
Total iast 9.358 s 609.479 ms (7.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent iast 1.236 s 170.692 ms (16.0%)
Total tracing 8.724 s -
Total iast 9.441 s 717.036 ms (8.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (632.902 ms) : 0, 632902
BytebuddyAgent [candidate] (629.237 ms) : 0, 629237
AgentMeter [baseline] (29.149 ms) : 0, 29149
AgentMeter [candidate] (28.882 ms) : 0, 28882
GlobalTracer [baseline] (259.097 ms) : 0, 259097
GlobalTracer [candidate] (257.67 ms) : 0, 257670
AppSec [baseline] (32.978 ms) : 0, 32978
AppSec [candidate] (32.706 ms) : 0, 32706
Debugger [baseline] (60.647 ms) : 0, 60647
Debugger [candidate] (61.104 ms) : 0, 61104
Remote Config [baseline] (609.21 µs) : 0, 609
Remote Config [candidate] (619.231 µs) : 0, 619
Telemetry [baseline] (11.534 ms) : 0, 11534
Telemetry [candidate] (12.903 ms) : 0, 12903
Flare Poller [baseline] (7.091 ms) : 0, 7091
Flare Poller [candidate] (6.052 ms) : 0, 6052
section iast
crashtracking [baseline] (1.179 ms) : 0, 1179
crashtracking [candidate] (1.193 ms) : 0, 1193
BytebuddyAgent [baseline] (793.738 ms) : 0, 793738
BytebuddyAgent [candidate] (799.03 ms) : 0, 799030
AgentMeter [baseline] (11.206 ms) : 0, 11206
AgentMeter [candidate] (11.308 ms) : 0, 11308
GlobalTracer [baseline] (247.89 ms) : 0, 247890
GlobalTracer [candidate] (249.794 ms) : 0, 249794
AppSec [baseline] (33.988 ms) : 0, 33988
AppSec [candidate] (32.249 ms) : 0, 32249
Debugger [baseline] (65.879 ms) : 0, 65879
Debugger [candidate] (67.538 ms) : 0, 67538
Remote Config [baseline] (540.993 µs) : 0, 541
Remote Config [candidate] (539.451 µs) : 0, 539
Telemetry [baseline] (8.69 ms) : 0, 8690
Telemetry [candidate] (8.779 ms) : 0, 8779
Flare Poller [baseline] (3.48 ms) : 0, 3480
Flare Poller [candidate] (3.509 ms) : 0, 3509
IAST [baseline] (26.855 ms) : 0, 26855
IAST [candidate] (27.082 ms) : 0, 27082
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770374071 1770378287
git_commit_sha 91a239a 9e4cfe6
release_version 1.60.0-SNAPSHOT~91a239a8ca 1.60.0-SNAPSHOT~9e4cfe6b22
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770380422 1770380422
ci_job_id 1406006050 1406006050
ci_pipeline_id 94985443 94985443
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-beqbmdul 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-beqbmdul 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 18 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:profiling:high_load better
[-159.082µs; -36.111µs] or [-9.304%; -2.112%]		 unstable
[-991.155µs; -139.085µs] or [-19.489%; -2.735%]		 unstable
[-66.209op/s; +429.959op/s] or [-3.150%; +20.453%]		 1.612ms 4.521ms 2284.031op/s 1.710ms 5.086ms 2102.156op/s
scenario:load:petclinic:tracing:high_load worse
[+384.824µs; +1461.327µs] or [+2.218%; +8.423%]		 unsure
[+0.565ms; +2.158ms] or [+1.971%; +7.527%]		 unstable
[-36.520op/s; +13.520op/s] or [-13.898%; +5.145%]		 18.273ms 30.038ms 251.281op/s 17.350ms 28.676ms 262.781op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.293 ms) : 17119, 17467
.   : milestone, 17293,
appsec (18.226 ms) : 18039, 18413
.   : milestone, 18226,
code_origins (17.518 ms) : 17343, 17693
.   : milestone, 17518,
iast (17.822 ms) : 17643, 18000
.   : milestone, 17822,
profiling (18.626 ms) : 18438, 18815
.   : milestone, 18626,
tracing (17.756 ms) : 17579, 17934
.   : milestone, 17756,
section candidate
no_agent (18.212 ms) : 18024, 18400
.   : milestone, 18212,
appsec (18.563 ms) : 18376, 18750
.   : milestone, 18563,
code_origins (17.842 ms) : 17664, 18020
.   : milestone, 17842,
iast (18.083 ms) : 17906, 18260
.   : milestone, 18083,
profiling (19.275 ms) : 19080, 19471
.   : milestone, 19275,
tracing (18.576 ms) : 18383, 18769
.   : milestone, 18576,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.293 ms [17.119 ms, 17.467 ms] -
appsec 18.226 ms [18.039 ms, 18.413 ms] 933.327 µs (5.4%)
code_origins 17.518 ms [17.343 ms, 17.693 ms] 225.351 µs (1.3%)
iast 17.822 ms [17.643 ms, 18.0 ms] 528.799 µs (3.1%)
profiling 18.626 ms [18.438 ms, 18.815 ms] 1.334 ms (7.7%)
tracing 17.756 ms [17.579 ms, 17.934 ms] 463.652 µs (2.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.212 ms [18.024 ms, 18.4 ms] -
appsec 18.563 ms [18.376 ms, 18.75 ms] 351.462 µs (1.9%)
code_origins 17.842 ms [17.664 ms, 18.02 ms] -369.878 µs (-2.0%)
iast 18.083 ms [17.906 ms, 18.26 ms] -128.298 µs (-0.7%)
profiling 19.275 ms [19.08 ms, 19.471 ms] 1.064 ms (5.8%)
tracing 18.576 ms [18.383 ms, 18.769 ms] 364.212 µs (2.0%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.179 ms) : 1167, 1190
.   : milestone, 1179,
iast (3.161 ms) : 3120, 3202
.   : milestone, 3161,
iast_FULL (5.925 ms) : 5865, 5985
.   : milestone, 5925,
iast_GLOBAL (3.64 ms) : 3583, 3697
.   : milestone, 3640,
profiling (2.152 ms) : 2132, 2173
.   : milestone, 2152,
tracing (1.82 ms) : 1804, 1835
.   : milestone, 1820,
section candidate
no_agent (1.188 ms) : 1176, 1200
.   : milestone, 1188,
iast (3.111 ms) : 3068, 3153
.   : milestone, 3111,
iast_FULL (5.745 ms) : 5687, 5802
.   : milestone, 5745,
iast_GLOBAL (3.626 ms) : 3566, 3686
.   : milestone, 3626,
profiling (1.974 ms) : 1958, 1991
.   : milestone, 1974,
tracing (1.888 ms) : 1872, 1903
.   : milestone, 1888,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.179 ms [1.167 ms, 1.19 ms] -
iast 3.161 ms [3.12 ms, 3.202 ms] 1.982 ms (168.2%)
iast_FULL 5.925 ms [5.865 ms, 5.985 ms] 4.746 ms (402.6%)
iast_GLOBAL 3.64 ms [3.583 ms, 3.697 ms] 2.461 ms (208.8%)
profiling 2.152 ms [2.132 ms, 2.173 ms] 973.307 µs (82.6%)
tracing 1.82 ms [1.804 ms, 1.835 ms] 640.745 µs (54.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.188 ms [1.176 ms, 1.2 ms] -
iast 3.111 ms [3.068 ms, 3.153 ms] 1.923 ms (161.9%)
iast_FULL 5.745 ms [5.687 ms, 5.802 ms] 4.557 ms (383.6%)
iast_GLOBAL 3.626 ms [3.566 ms, 3.686 ms] 2.438 ms (205.3%)
profiling 1.974 ms [1.958 ms, 1.991 ms] 786.633 µs (66.2%)
tracing 1.888 ms [1.872 ms, 1.903 ms] 699.881 µs (58.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770374071 1770378287
git_commit_sha 91a239a 9e4cfe6
release_version 1.60.0-SNAPSHOT~91a239a8ca 1.60.0-SNAPSHOT~9e4cfe6b22
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1770380111 1770380111
ci_job_id 1406006052 1406006052
ci_pipeline_id 94985443 94985443
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-mmgwhafk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-mmgwhafk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 2 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (2.516 ms) : 2461, 2571
.   : milestone, 2516,
iast (2.241 ms) : 2173, 2310
.   : milestone, 2241,
iast_GLOBAL (2.291 ms) : 2222, 2361
.   : milestone, 2291,
profiling (2.485 ms) : 2322, 2648
.   : milestone, 2485,
tracing (2.054 ms) : 2001, 2108
.   : milestone, 2054,
section candidate
no_agent (1.47 ms) : 1459, 1482
.   : milestone, 1470,
appsec (3.769 ms) : 3547, 3991
.   : milestone, 3769,
iast (2.245 ms) : 2176, 2315
.   : milestone, 2245,
iast_GLOBAL (2.289 ms) : 2220, 2359
.   : milestone, 2289,
profiling (2.094 ms) : 2037, 2151
.   : milestone, 2094,
tracing (2.072 ms) : 2017, 2126
.   : milestone, 2072,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.472 ms [1.46 ms, 1.483 ms] -
appsec 2.516 ms [2.461 ms, 2.571 ms] 1.044 ms (71.0%)
iast 2.241 ms [2.173 ms, 2.31 ms] 769.659 µs (52.3%)
iast_GLOBAL 2.291 ms [2.222 ms, 2.361 ms] 819.707 µs (55.7%)
profiling 2.485 ms [2.322 ms, 2.648 ms] 1.014 ms (68.9%)
tracing 2.054 ms [2.001 ms, 2.108 ms] 582.639 µs (39.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.47 ms [1.459 ms, 1.482 ms] -
appsec 3.769 ms [3.547 ms, 3.991 ms] 2.299 ms (156.4%)
iast 2.245 ms [2.176 ms, 2.315 ms] 774.991 µs (52.7%)
iast_GLOBAL 2.289 ms [2.22 ms, 2.359 ms] 819.131 µs (55.7%)
profiling 2.094 ms [2.037 ms, 2.151 ms] 623.543 µs (42.4%)
tracing 2.072 ms [2.017 ms, 2.126 ms] 601.514 µs (40.9%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~9e4cfe6b22, baseline=1.60.0-SNAPSHOT~91a239a8ca
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.539 s) : 15539000, 15539000
.   : milestone, 15539000,
appsec (15.06 s) : 15060000, 15060000
.   : milestone, 15060000,
iast (17.806 s) : 17806000, 17806000
.   : milestone, 17806000,
iast_GLOBAL (17.792 s) : 17792000, 17792000
.   : milestone, 17792000,
profiling (14.9 s) : 14900000, 14900000
.   : milestone, 14900000,
tracing (14.777 s) : 14777000, 14777000
.   : milestone, 14777000,
section candidate
no_agent (15.423 s) : 15423000, 15423000
.   : milestone, 15423000,
appsec (14.732 s) : 14732000, 14732000
.   : milestone, 14732000,
iast (18.47 s) : 18470000, 18470000
.   : milestone, 18470000,
iast_GLOBAL (18.215 s) : 18215000, 18215000
.   : milestone, 18215000,
profiling (14.478 s) : 14478000, 14478000
.   : milestone, 14478000,
tracing (14.782 s) : 14782000, 14782000
.   : milestone, 14782000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.539 s [15.539 s, 15.539 s] -
appsec 15.06 s [15.06 s, 15.06 s] -479.0 ms (-3.1%)
iast 17.806 s [17.806 s, 17.806 s] 2.267 s (14.6%)
iast_GLOBAL 17.792 s [17.792 s, 17.792 s] 2.253 s (14.5%)
profiling 14.9 s [14.9 s, 14.9 s] -639.0 ms (-4.1%)
tracing 14.777 s [14.777 s, 14.777 s] -762.0 ms (-4.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.423 s [15.423 s, 15.423 s] -
appsec 14.732 s [14.732 s, 14.732 s] -691.0 ms (-4.5%)
iast 18.47 s [18.47 s, 18.47 s] 3.047 s (19.8%)
iast_GLOBAL 18.215 s [18.215 s, 18.215 s] 2.792 s (18.1%)
profiling 14.478 s [14.478 s, 14.478 s] -945.0 ms (-6.1%)
tracing 14.782 s [14.782 s, 14.782 s] -641.0 ms (-4.2%)

@jandro996 jandro996 changed the title WIP - Rfc 1076 API Security sampling when tracers lack HTTP routes [Rfc 1076] Jan 23, 2026
@jandro996 jandro996 added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) labels Jan 23, 2026
@jandro996 jandro996 force-pushed the alejandro.gonzalez/add-apm-trace-metrics-tags branch from b6fd7f4 to 196140a Compare February 3, 2026 08:20
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 1f3ddc2 to f2779e4 Compare February 3, 2026 09:33
Base automatically changed from alejandro.gonzalez/add-apm-trace-metrics-tags to master February 5, 2026 13:28
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from f2779e4 to 3aa2e02 Compare February 6, 2026 09:11
@jandro996 jandro996 marked this pull request as ready for review February 6, 2026 10:36
@jandro996 jandro996 requested review from a team as code owners February 6, 2026 10:36
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 7a8e157 to fffbc5a Compare February 6, 2026 10:39
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Remove the tag from the pull request title

If you need help, please check our contributing guidelines.

@jandro996 jandro996 changed the title API Security sampling when tracers lack HTTP routes [Rfc 1076] API Security sampling when tracers lack HTTP routes - Rfc 1076 Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996