Skip to content

API Security sampling when tracers lack HTTP routes - Rfc 1076#10424

Merged
jandro996 merged 5 commits intomasterfrom
alejandro.gonzalez/rfc-1076
Feb 12, 2026
Merged

API Security sampling when tracers lack HTTP routes - Rfc 1076#10424
jandro996 merged 5 commits intomasterfrom
alejandro.gonzalez/rfc-1076

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Jan 22, 2026
edited
Loading

What Does This Do

Implements http.endpoint fallback in the API Security Sampler when http.route is unavailable, enabling sampling of traffic in frameworks that don't provide route information.

  • Reuses EndpointResolver.computeEndpoint() from RFC-1051 (no code duplication)
  • Uses static computation method to avoid tagging the span when endpoint is used as fallback
  • Excludes 404 responses from fallback sampling (failsafe against sampling not-found routes)
  • Caches computed endpoint with boolean flag to prevent multiple computations per request

Motivation

https://docs.google.com/document/d/1GnWwiaw6dkVtgn5f1wcHJETND_Svqd-sJl6FSVVuCkI/edit?pli=1&tab=t.0

Additional Notes

Exclude WAF-blocked requests from API Security endpoint inference

Issue

Before RFC-1076 (master):

  • In Java's implementation, WAF blocking occurs early in the request lifecycle, before
    http.route is set via the onHttpRoute() callback
  • Blocked requests have route=null → API Security sampling returns false → no schemas
    extracted
  • System test Test_Schema_Response_on_Block validates this behavior

After RFC-1076:

  • When route=null, the sampler now attempts endpoint inference from http.url
  • Blocked requests have http.url available (the original request URL)
  • Endpoint can be computed → sampling proceeds → schemas are extracted from synthetic
    blocking response
  • Test fails: blocked requests now have schemas when they shouldn't

Solution

Explicitly exclude WAF-blocked requests from endpoint inference by checking
ctx.isWafBlocked() before attempting to compute the endpoint.

This preserves the original behavior where blocked requests (which produce synthetic
responses, not real API responses) are not sampled for API Security, regardless of
whether they have a computable endpoint.

Contributor Checklist

Jira ticket: APPSEC-60824

@pr-commenter
Copy link

pr-commenter bot commented Jan 22, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770808413 1770808563
git_commit_sha 6d44cf9 bb7503b
release_version 1.60.0-SNAPSHOT~6d44cf9e09 1.60.0-SNAPSHOT~bb7503b7fa
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770810335 1770810335
ci_job_id 1416730090 1416730090
ci_pipeline_id 95774966 95774966
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-5b8gtq11 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-5b8gtq11 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 61 metrics, 10 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.066 s) : 0, 1066401
Total [baseline] (10.936 s) : 0, 10936075
Agent [candidate] (1.065 s) : 0, 1064986
Total [candidate] (10.864 s) : 0, 10864112
section appsec
Agent [baseline] (1.236 s) : 0, 1236376
Total [baseline] (10.966 s) : 0, 10965502
Agent [candidate] (1.242 s) : 0, 1242197
Total [candidate] (10.967 s) : 0, 10967385
section iast
Agent [baseline] (1.232 s) : 0, 1232395
Total [baseline] (11.097 s) : 0, 11096676
Agent [candidate] (1.239 s) : 0, 1238941
Total [candidate] (11.177 s) : 0, 11176508
section profiling
Agent [baseline] (1.191 s) : 0, 1191320
Total [baseline] (10.962 s) : 0, 10962125
Agent [candidate] (1.197 s) : 0, 1196730
Total [candidate] (11.015 s) : 0, 11015169
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent appsec 1.236 s 169.975 ms (15.9%)
Agent iast 1.232 s 165.994 ms (15.6%)
Agent profiling 1.191 s 124.919 ms (11.7%)
Total tracing 10.936 s -
Total appsec 10.966 s 29.428 ms (0.3%)
Total iast 11.097 s 160.601 ms (1.5%)
Total profiling 10.962 s 26.05 ms (0.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.065 s -
Agent appsec 1.242 s 177.211 ms (16.6%)
Agent iast 1.239 s 173.955 ms (16.3%)
Agent profiling 1.197 s 131.743 ms (12.4%)
Total tracing 10.864 s -
Total appsec 10.967 s 103.273 ms (1.0%)
Total iast 11.177 s 312.397 ms (2.9%)
Total profiling 11.015 s 151.057 ms (1.4%) 
gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.182 ms) : 0, 1182
BytebuddyAgent [baseline] (629.861 ms) : 0, 629861
BytebuddyAgent [candidate] (629.554 ms) : 0, 629554
AgentMeter [baseline] (29.01 ms) : 0, 29010
AgentMeter [candidate] (29.011 ms) : 0, 29011
GlobalTracer [baseline] (257.742 ms) : 0, 257742
GlobalTracer [candidate] (257.966 ms) : 0, 257966
AppSec [baseline] (32.925 ms) : 0, 32925
AppSec [candidate] (32.594 ms) : 0, 32594
Debugger [baseline] (62.295 ms) : 0, 62295
Debugger [candidate] (61.241 ms) : 0, 61241
Remote Config [baseline] (635.68 µs) : 0, 636
Remote Config [candidate] (617.152 µs) : 0, 617
Telemetry [baseline] (13.023 ms) : 0, 13023
Telemetry [candidate] (11.488 ms) : 0, 11488
Flare Poller [baseline] (4.527 ms) : 0, 4527
Flare Poller [candidate] (6.054 ms) : 0, 6054
section appsec
crashtracking [baseline] (1.182 ms) : 0, 1182
crashtracking [candidate] (1.191 ms) : 0, 1191
BytebuddyAgent [baseline] (656.805 ms) : 0, 656805
BytebuddyAgent [candidate] (660.651 ms) : 0, 660651
AgentMeter [baseline] (11.92 ms) : 0, 11920
AgentMeter [candidate] (12.033 ms) : 0, 12033
GlobalTracer [baseline] (257.476 ms) : 0, 257476
GlobalTracer [candidate] (259.025 ms) : 0, 259025
AppSec [baseline] (167.94 ms) : 0, 167940
AppSec [candidate] (168.667 ms) : 0, 168667
Debugger [baseline] (66.686 ms) : 0, 66686
Debugger [candidate] (66.185 ms) : 0, 66185
Remote Config [baseline] (645.816 µs) : 0, 646
Remote Config [candidate] (644.612 µs) : 0, 645
Telemetry [baseline] (9.607 ms) : 0, 9607
Telemetry [candidate] (9.537 ms) : 0, 9537
Flare Poller [baseline] (3.68 ms) : 0, 3680
Flare Poller [candidate] (3.639 ms) : 0, 3639
IAST [baseline] (25.179 ms) : 0, 25179
IAST [candidate] (25.251 ms) : 0, 25251
section iast
crashtracking [baseline] (1.183 ms) : 0, 1183
crashtracking [candidate] (1.205 ms) : 0, 1205
BytebuddyAgent [baseline] (795.914 ms) : 0, 795914
BytebuddyAgent [candidate] (801.194 ms) : 0, 801194
AgentMeter [baseline] (11.257 ms) : 0, 11257
AgentMeter [candidate] (11.533 ms) : 0, 11533
GlobalTracer [baseline] (248.46 ms) : 0, 248460
GlobalTracer [candidate] (248.75 ms) : 0, 248750
AppSec [baseline] (30.423 ms) : 0, 30423
AppSec [candidate] (33.163 ms) : 0, 33163
Debugger [baseline] (70.55 ms) : 0, 70550
Debugger [candidate] (67.977 ms) : 0, 67977
Remote Config [baseline] (540.738 µs) : 0, 541
Remote Config [candidate] (537.776 µs) : 0, 538
Telemetry [baseline] (8.568 ms) : 0, 8568
Telemetry [candidate] (8.624 ms) : 0, 8624
Flare Poller [baseline] (3.471 ms) : 0, 3471
Flare Poller [candidate] (3.501 ms) : 0, 3501
IAST [baseline] (26.817 ms) : 0, 26817
IAST [candidate] (27.111 ms) : 0, 27111
section profiling
crashtracking [baseline] (1.233 ms) : 0, 1233
crashtracking [candidate] (1.224 ms) : 0, 1224
BytebuddyAgent [baseline] (683.246 ms) : 0, 683246
BytebuddyAgent [candidate] (685.754 ms) : 0, 685754
AgentMeter [baseline] (8.647 ms) : 0, 8647
AgentMeter [candidate] (8.674 ms) : 0, 8674
GlobalTracer [baseline] (215.935 ms) : 0, 215935
GlobalTracer [candidate] (217.339 ms) : 0, 217339
AppSec [baseline] (32.437 ms) : 0, 32437
AppSec [candidate] (32.745 ms) : 0, 32745
Debugger [baseline] (67.557 ms) : 0, 67557
Debugger [candidate] (67.703 ms) : 0, 67703
Remote Config [baseline] (625.843 µs) : 0, 626
Remote Config [candidate] (631.244 µs) : 0, 631
Telemetry [baseline] (8.882 ms) : 0, 8882
Telemetry [candidate] (8.922 ms) : 0, 8922
Flare Poller [baseline] (3.82 ms) : 0, 3820
Flare Poller [candidate] (3.795 ms) : 0, 3795
ProfilingAgent [baseline] (98.973 ms) : 0, 98973
ProfilingAgent [candidate] (99.565 ms) : 0, 99565
Profiling [baseline] (99.548 ms) : 0, 99548
Profiling [candidate] (100.14 ms) : 0, 100140
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.066 s) : 0, 1066413
Total [baseline] (8.703 s) : 0, 8703228
Agent [candidate] (1.064 s) : 0, 1064060
Total [candidate] (8.736 s) : 0, 8735544
section iast
Agent [baseline] (1.233 s) : 0, 1232682
Total [baseline] (9.335 s) : 0, 9334853
Agent [candidate] (1.237 s) : 0, 1236613
Total [candidate] (9.324 s) : 0, 9323802
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent iast 1.233 s 166.268 ms (15.6%)
Total tracing 8.703 s -
Total iast 9.335 s 631.625 ms (7.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent iast 1.237 s 172.554 ms (16.2%)
Total tracing 8.736 s -
Total iast 9.324 s 588.258 ms (6.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.185 ms) : 0, 1185
crashtracking [candidate] (1.207 ms) : 0, 1207
BytebuddyAgent [baseline] (630.291 ms) : 0, 630291
BytebuddyAgent [candidate] (628.389 ms) : 0, 628389
AgentMeter [baseline] (29.031 ms) : 0, 29031
AgentMeter [candidate] (28.832 ms) : 0, 28832
GlobalTracer [baseline] (257.529 ms) : 0, 257529
GlobalTracer [candidate] (257.611 ms) : 0, 257611
AppSec [baseline] (32.773 ms) : 0, 32773
AppSec [candidate] (32.748 ms) : 0, 32748
Debugger [baseline] (61.76 ms) : 0, 61760
Debugger [candidate] (61.764 ms) : 0, 61764
Remote Config [baseline] (619.965 µs) : 0, 620
Remote Config [candidate] (614.302 µs) : 0, 614
Telemetry [baseline] (9.907 ms) : 0, 9907
Telemetry [candidate] (11.633 ms) : 0, 11633
Flare Poller [baseline] (7.899 ms) : 0, 7899
Flare Poller [candidate] (6.073 ms) : 0, 6073
section iast
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (797.396 ms) : 0, 797396
BytebuddyAgent [candidate] (800.229 ms) : 0, 800229
AgentMeter [baseline] (11.252 ms) : 0, 11252
AgentMeter [candidate] (11.482 ms) : 0, 11482
GlobalTracer [baseline] (248.671 ms) : 0, 248671
GlobalTracer [candidate] (249.388 ms) : 0, 249388
AppSec [baseline] (33.925 ms) : 0, 33925
AppSec [candidate] (32.228 ms) : 0, 32228
Debugger [baseline] (65.38 ms) : 0, 65380
Debugger [candidate] (67.208 ms) : 0, 67208
Remote Config [baseline] (548.515 µs) : 0, 549
Remote Config [candidate] (527.226 µs) : 0, 527
Telemetry [baseline] (8.576 ms) : 0, 8576
Telemetry [candidate] (8.515 ms) : 0, 8515
Flare Poller [baseline] (3.46 ms) : 0, 3460
Flare Poller [candidate] (3.434 ms) : 0, 3434
IAST [baseline] (27.043 ms) : 0, 27043
IAST [candidate] (27.115 ms) : 0, 27115
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770808413 1770808563
git_commit_sha 6d44cf9 bb7503b
release_version 1.60.0-SNAPSHOT~6d44cf9e09 1.60.0-SNAPSHOT~bb7503b7fa
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770810824 1770810824
ci_job_id 1416730092 1416730092
ci_pipeline_id 95774966 95774966
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-4i5yclho 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-4i5yclho 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 19 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:petclinic:tracing:high_load better
[-1.560ms; -0.612ms] or [-8.435%; -3.311%]		 unsure
[-1789.290µs; -155.269µs] or [-6.023%; -0.523%]		 unstable
[-12.162op/s; +39.725op/s] or [-4.885%; +15.956%]		 17.407ms 28.737ms 262.750op/s 18.493ms 29.709ms 248.969op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.192 ms) : 1181, 1204
.   : milestone, 1192,
iast (3.112 ms) : 3074, 3151
.   : milestone, 3112,
iast_FULL (5.815 ms) : 5756, 5873
.   : milestone, 5815,
iast_GLOBAL (3.604 ms) : 3544, 3665
.   : milestone, 3604,
profiling (2.099 ms) : 2080, 2117
.   : milestone, 2099,
tracing (1.819 ms) : 1804, 1834
.   : milestone, 1819,
section candidate
no_agent (1.169 ms) : 1158, 1180
.   : milestone, 1169,
iast (3.166 ms) : 3125, 3207
.   : milestone, 3166,
iast_FULL (5.783 ms) : 5725, 5841
.   : milestone, 5783,
iast_GLOBAL (3.626 ms) : 3560, 3692
.   : milestone, 3626,
profiling (2.217 ms) : 2197, 2237
.   : milestone, 2217,
tracing (1.8 ms) : 1783, 1817
.   : milestone, 1800,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.192 ms [1.181 ms, 1.204 ms] -
iast 3.112 ms [3.074 ms, 3.151 ms] 1.92 ms (161.0%)
iast_FULL 5.815 ms [5.756 ms, 5.873 ms] 4.622 ms (387.7%)
iast_GLOBAL 3.604 ms [3.544 ms, 3.665 ms] 2.412 ms (202.3%)
profiling 2.099 ms [2.08 ms, 2.117 ms] 906.18 µs (76.0%)
tracing 1.819 ms [1.804 ms, 1.834 ms] 626.564 µs (52.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.169 ms [1.158 ms, 1.18 ms] -
iast 3.166 ms [3.125 ms, 3.207 ms] 1.997 ms (170.9%)
iast_FULL 5.783 ms [5.725 ms, 5.841 ms] 4.614 ms (394.8%)
iast_GLOBAL 3.626 ms [3.56 ms, 3.692 ms] 2.457 ms (210.2%)
profiling 2.217 ms [2.197 ms, 2.237 ms] 1.048 ms (89.7%)
tracing 1.8 ms [1.783 ms, 1.817 ms] 631.284 µs (54.0%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.269 ms) : 17092, 17446
.   : milestone, 17269,
appsec (18.764 ms) : 18572, 18955
.   : milestone, 18764,
code_origins (17.82 ms) : 17643, 17996
.   : milestone, 17820,
iast (18.074 ms) : 17895, 18253
.   : milestone, 18074,
profiling (19.178 ms) : 18976, 19380
.   : milestone, 19178,
tracing (18.744 ms) : 18558, 18930
.   : milestone, 18744,
section candidate
no_agent (17.954 ms) : 17771, 18137
.   : milestone, 17954,
appsec (18.63 ms) : 18441, 18818
.   : milestone, 18630,
code_origins (17.637 ms) : 17463, 17811
.   : milestone, 17637,
iast (17.694 ms) : 17517, 17871
.   : milestone, 17694,
profiling (19.603 ms) : 19406, 19800
.   : milestone, 19603,
tracing (17.761 ms) : 17584, 17938
.   : milestone, 17761,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.269 ms [17.092 ms, 17.446 ms] -
appsec 18.764 ms [18.572 ms, 18.955 ms] 1.495 ms (8.7%)
code_origins 17.82 ms [17.643 ms, 17.996 ms] 550.886 µs (3.2%)
iast 18.074 ms [17.895 ms, 18.253 ms] 805.238 µs (4.7%)
profiling 19.178 ms [18.976 ms, 19.38 ms] 1.909 ms (11.1%)
tracing 18.744 ms [18.558 ms, 18.93 ms] 1.475 ms (8.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.954 ms [17.771 ms, 18.137 ms] -
appsec 18.63 ms [18.441 ms, 18.818 ms] 675.561 µs (3.8%)
code_origins 17.637 ms [17.463 ms, 17.811 ms] -317.039 µs (-1.8%)
iast 17.694 ms [17.517 ms, 17.871 ms] -259.94 µs (-1.4%)
profiling 19.603 ms [19.406 ms, 19.8 ms] 1.649 ms (9.2%)
tracing 17.761 ms [17.584 ms, 17.938 ms] -192.835 µs (-1.1%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770808413 1770808563
git_commit_sha 6d44cf9 bb7503b
release_version 1.60.0-SNAPSHOT~6d44cf9e09 1.60.0-SNAPSHOT~bb7503b7fa
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1770810395 1770810395
ci_job_id 1416730094 1416730094
ci_pipeline_id 95774966 95774966
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-dyd3melz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-dyd3melz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.926 s) : 14926000, 14926000
.   : milestone, 14926000,
appsec (14.902 s) : 14902000, 14902000
.   : milestone, 14902000,
iast (18.515 s) : 18515000, 18515000
.   : milestone, 18515000,
iast_GLOBAL (17.736 s) : 17736000, 17736000
.   : milestone, 17736000,
profiling (15.062 s) : 15062000, 15062000
.   : milestone, 15062000,
tracing (14.609 s) : 14609000, 14609000
.   : milestone, 14609000,
section candidate
no_agent (15.315 s) : 15315000, 15315000
.   : milestone, 15315000,
appsec (15.009 s) : 15009000, 15009000
.   : milestone, 15009000,
iast (18.156 s) : 18156000, 18156000
.   : milestone, 18156000,
iast_GLOBAL (17.829 s) : 17829000, 17829000
.   : milestone, 17829000,
profiling (15.135 s) : 15135000, 15135000
.   : milestone, 15135000,
tracing (14.885 s) : 14885000, 14885000
.   : milestone, 14885000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.926 s [14.926 s, 14.926 s] -
appsec 14.902 s [14.902 s, 14.902 s] -24.0 ms (-0.2%)
iast 18.515 s [18.515 s, 18.515 s] 3.589 s (24.0%)
iast_GLOBAL 17.736 s [17.736 s, 17.736 s] 2.81 s (18.8%)
profiling 15.062 s [15.062 s, 15.062 s] 136.0 ms (0.9%)
tracing 14.609 s [14.609 s, 14.609 s] -317.0 ms (-2.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.315 s [15.315 s, 15.315 s] -
appsec 15.009 s [15.009 s, 15.009 s] -306.0 ms (-2.0%)
iast 18.156 s [18.156 s, 18.156 s] 2.841 s (18.6%)
iast_GLOBAL 17.829 s [17.829 s, 17.829 s] 2.514 s (16.4%)
profiling 15.135 s [15.135 s, 15.135 s] -180.0 ms (-1.2%)
tracing 14.885 s [14.885 s, 14.885 s] -430.0 ms (-2.8%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~bb7503b7fa, baseline=1.60.0-SNAPSHOT~6d44cf9e09
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.47 ms) : 1459, 1482
.   : milestone, 1470,
appsec (3.775 ms) : 3554, 3997
.   : milestone, 3775,
iast (2.25 ms) : 2181, 2320
.   : milestone, 2250,
iast_GLOBAL (2.292 ms) : 2223, 2362
.   : milestone, 2292,
profiling (2.08 ms) : 2025, 2135
.   : milestone, 2080,
tracing (2.053 ms) : 2000, 2107
.   : milestone, 2053,
section candidate
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (3.767 ms) : 3547, 3988
.   : milestone, 3767,
iast (2.248 ms) : 2179, 2316
.   : milestone, 2248,
iast_GLOBAL (2.287 ms) : 2218, 2356
.   : milestone, 2287,
profiling (2.063 ms) : 2009, 2118
.   : milestone, 2063,
tracing (2.05 ms) : 1996, 2103
.   : milestone, 2050,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.47 ms [1.459 ms, 1.482 ms] -
appsec 3.775 ms [3.554 ms, 3.997 ms] 2.305 ms (156.8%)
iast 2.25 ms [2.181 ms, 2.32 ms] 779.962 µs (53.1%)
iast_GLOBAL 2.292 ms [2.223 ms, 2.362 ms] 822.225 µs (55.9%)
profiling 2.08 ms [2.025 ms, 2.135 ms] 610.256 µs (41.5%)
tracing 2.053 ms [2.0 ms, 2.107 ms] 583.032 µs (39.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.457 ms, 1.48 ms] -
appsec 3.767 ms [3.547 ms, 3.988 ms] 2.299 ms (156.5%)
iast 2.248 ms [2.179 ms, 2.316 ms] 778.831 µs (53.0%)
iast_GLOBAL 2.287 ms [2.218 ms, 2.356 ms] 818.091 µs (55.7%)
profiling 2.063 ms [2.009 ms, 2.118 ms] 594.321 µs (40.5%)
tracing 2.05 ms [1.996 ms, 2.103 ms] 580.813 µs (39.5%)

@jandro996 jandro996 changed the title WIP - Rfc 1076 API Security sampling when tracers lack HTTP routes [Rfc 1076] Jan 23, 2026
@jandro996 jandro996 added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) labels Jan 23, 2026
@jandro996 jandro996 force-pushed the alejandro.gonzalez/add-apm-trace-metrics-tags branch from b6fd7f4 to 196140a Compare February 3, 2026 08:20
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 1f3ddc2 to f2779e4 Compare February 3, 2026 09:33
Base automatically changed from alejandro.gonzalez/add-apm-trace-metrics-tags to master February 5, 2026 13:28
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from f2779e4 to 3aa2e02 Compare February 6, 2026 09:11
@jandro996 jandro996 marked this pull request as ready for review February 6, 2026 10:36
@jandro996 jandro996 requested review from a team as code owners February 6, 2026 10:36
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 7a8e157 to fffbc5a Compare February 6, 2026 10:39
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Remove the tag from the pull request title

If you need help, please check our contributing guidelines.

@jandro996 jandro996 changed the title API Security sampling when tracers lack HTTP routes [Rfc 1076] API Security sampling when tracers lack HTTP routes - Rfc 1076 Feb 6, 2026
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 35abdf1 to 9e4cfe6 Compare February 11, 2026 10:17
@jandro996 jandro996 requested a review from smola February 11, 2026 10:18
@jandro996 jandro996 merged commit f3e5e5b into master Feb 12, 2026
545 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/rfc-1076 branch February 12, 2026 08:09
@github-actions github-actions bot added this to the 1.60.0 milestone Feb 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.60.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jandro996 @smola

Comments