Skip to content

Improve git security settings#10486

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 6 commits intomasterfrom
daniel.mohedano/git-security-settings
Feb 6, 2026
Merged

Improve git security settings#10486
gh-worker-dd-mergequeue-cf854d[bot] merged 6 commits intomasterfrom
daniel.mohedano/git-security-settings

Conversation

@daniel-mohedano
Copy link
Contributor

@daniel-mohedano daniel-mohedano commented Jan 30, 2026
edited
Loading

What Does This Do

  • Improves the git security settings by passing -c safe.directory=... as config in all git commands instead of adding it with git config --global --add safe.directory ...
  • It now traverses up from the potential root to ensure it finds a .git directory or file.

Motivation

The previous approach, to avoid "dubious ownership" errors, actually added a new global git config option every single time that code run, causing config pollution.

Contributor Checklist

Jira ticket: SDTEST-3224

@daniel-mohedano daniel-mohedano added type: enhancement Enhancements and improvements comp: ci visibility Continuous Integration Visibility labels Jan 30, 2026
@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - sbt-scalatest

Job Status: success

Scenario Overhead (%)
agent 57.57
agentEvpProxy 57.60

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - pass4s

Job Status: success

Scenario Overhead (%)
agent 10.84
agentless 7.85
agentlessCodeCoverage 17.85

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - nebula-release-plugin

Job Status: success

Scenario Overhead (%)
agent 37.40
agentless 36.35
agentlessCodeCoverage 46.45
agentlessLineCoverage 76.95

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - reactive-streams-jvm

Job Status: success

Scenario Overhead (%)
agent 21.29
agentless 18.11
agentlessCodeCoverage 19.75
agentlessLineCoverage 29.57

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - netflix-zuul

Job Status: success

Scenario Overhead (%)
agent 90.95
agentless 84.55
agentlessCodeCoverage 99.90
agentlessLineCoverage 113.82

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - sonar-kotlin

Job Status: success

Scenario Overhead (%)
agent 13.25
agentless 12.24
agentlessCodeCoverage 15.38
agentlessLineCoverage 19.96

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - jolokia

Job Status: success

Scenario Overhead (%)
agent 92.57
agentless 89.49
agentlessCodeCoverage 97.02
agentlessLineCoverage 97.48

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - okhttp

Job Status: success

Scenario Overhead (%)
agent 17.86
agentless 17.73
agentlessCodeCoverage 20.62
agentlessLineCoverage 37.23

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - spring_boot

Job Status: success

Scenario Overhead (%)
agent 15.14
agentless 7.96
agentlessCodeCoverage 11.74
agentlessLineCoverage 31.18

@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Feb 3, 2026
edited
Loading

Test Environment - sonar-java

Job Status: success

Scenario Overhead (%)
agent -1.03
agentless -0.78
agentlessCodeCoverage 100.83
agentlessLineCoverage 150.32

@pr-commenter
Copy link

pr-commenter bot commented Feb 3, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master daniel.mohedano/git-security-settings
git_commit_date 1770367396 1770384998
git_commit_sha b83178b 526780e
release_version 1.60.0-SNAPSHOT~b83178b28d 1.59.0-SNAPSHOT~526780e135
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770386754 1770386754
ci_job_id 1406197678 1406197678
ci_pipeline_id 94993939 94993939
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-fmjnn6zk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-fmjnn6zk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 64 metrics, 7 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.069 s) : 0, 1068963
Total [baseline] (10.932 s) : 0, 10932116
Agent [candidate] (1.066 s) : 0, 1066255
Total [candidate] (10.877 s) : 0, 10876779
section appsec
Agent [baseline] (1.248 s) : 0, 1248110
Total [baseline] (11.04 s) : 0, 11040012
Agent [candidate] (1.237 s) : 0, 1237251
Total [candidate] (10.994 s) : 0, 10993616
section iast
Agent [baseline] (1.235 s) : 0, 1235386
Total [baseline] (11.165 s) : 0, 11164614
Agent [candidate] (1.232 s) : 0, 1232348
Total [candidate] (11.238 s) : 0, 11238200
section profiling
Agent [baseline] (1.201 s) : 0, 1200633
Total [baseline] (11.093 s) : 0, 11093498
Agent [candidate] (1.192 s) : 0, 1192192
Total [candidate] (10.992 s) : 0, 10991689
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.069 s -
Agent appsec 1.248 s 179.147 ms (16.8%)
Agent iast 1.235 s 166.423 ms (15.6%)
Agent profiling 1.201 s 131.669 ms (12.3%)
Total tracing 10.932 s -
Total appsec 11.04 s 107.896 ms (1.0%)
Total iast 11.165 s 232.498 ms (2.1%)
Total profiling 11.093 s 161.381 ms (1.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent appsec 1.237 s 170.996 ms (16.0%)
Agent iast 1.232 s 166.093 ms (15.6%)
Agent profiling 1.192 s 125.937 ms (11.8%)
Total tracing 10.877 s -
Total appsec 10.994 s 116.838 ms (1.1%)
Total iast 11.238 s 361.422 ms (3.3%)
Total profiling 10.992 s 114.91 ms (1.1%) 
gantt
    title petclinic - break down per module: candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.184 ms) : 0, 1184
crashtracking [candidate] (1.18 ms) : 0, 1180
BytebuddyAgent [baseline] (630.293 ms) : 0, 630293
BytebuddyAgent [candidate] (628.721 ms) : 0, 628721
AgentMeter [baseline] (29.012 ms) : 0, 29012
AgentMeter [candidate] (28.973 ms) : 0, 28973
GlobalTracer [baseline] (257.855 ms) : 0, 257855
GlobalTracer [candidate] (257.652 ms) : 0, 257652
AppSec [baseline] (32.855 ms) : 0, 32855
AppSec [candidate] (32.831 ms) : 0, 32831
Debugger [baseline] (64.061 ms) : 0, 64061
Debugger [candidate] (62.616 ms) : 0, 62616
Remote Config [baseline] (611.134 µs) : 0, 611
Remote Config [candidate] (614.953 µs) : 0, 615
Telemetry [baseline] (13.114 ms) : 0, 13114
Telemetry [candidate] (10.566 ms) : 0, 10566
Flare Poller [baseline] (4.593 ms) : 0, 4593
Flare Poller [candidate] (7.723 ms) : 0, 7723
section appsec
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.179 ms) : 0, 1179
BytebuddyAgent [baseline] (662.695 ms) : 0, 662695
BytebuddyAgent [candidate] (656.627 ms) : 0, 656627
AgentMeter [baseline] (12.022 ms) : 0, 12022
AgentMeter [candidate] (11.917 ms) : 0, 11917
GlobalTracer [baseline] (260.418 ms) : 0, 260418
GlobalTracer [candidate] (258.34 ms) : 0, 258340
IAST [baseline] (25.469 ms) : 0, 25469
IAST [candidate] (25.225 ms) : 0, 25225
AppSec [baseline] (168.894 ms) : 0, 168894
AppSec [candidate] (167.724 ms) : 0, 167724
Debugger [baseline] (68.116 ms) : 0, 68116
Debugger [candidate] (67.493 ms) : 0, 67493
Remote Config [baseline] (682.987 µs) : 0, 683
Remote Config [candidate] (663.42 µs) : 0, 663
Telemetry [baseline] (9.336 ms) : 0, 9336
Telemetry [candidate] (9.111 ms) : 0, 9111
Flare Poller [baseline] (3.753 ms) : 0, 3753
Flare Poller [candidate] (3.752 ms) : 0, 3752
section iast
crashtracking [baseline] (1.187 ms) : 0, 1187
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (798.0 ms) : 0, 798000
BytebuddyAgent [candidate] (796.445 ms) : 0, 796445
AgentMeter [baseline] (11.298 ms) : 0, 11298
AgentMeter [candidate] (11.306 ms) : 0, 11306
GlobalTracer [baseline] (248.369 ms) : 0, 248369
GlobalTracer [candidate] (248.645 ms) : 0, 248645
IAST [baseline] (27.16 ms) : 0, 27160
IAST [candidate] (26.63 ms) : 0, 26630
AppSec [baseline] (33.358 ms) : 0, 33358
AppSec [candidate] (34.585 ms) : 0, 34585
Debugger [baseline] (67.927 ms) : 0, 67927
Debugger [candidate] (65.468 ms) : 0, 65468
Remote Config [baseline] (546.583 µs) : 0, 547
Remote Config [candidate] (547.602 µs) : 0, 548
Telemetry [baseline] (8.735 ms) : 0, 8735
Telemetry [candidate] (8.795 ms) : 0, 8795
Flare Poller [baseline] (3.452 ms) : 0, 3452
Flare Poller [candidate] (3.47 ms) : 0, 3470
section profiling
crashtracking [baseline] (1.224 ms) : 0, 1224
crashtracking [candidate] (1.206 ms) : 0, 1206
BytebuddyAgent [baseline] (687.923 ms) : 0, 687923
BytebuddyAgent [candidate] (683.589 ms) : 0, 683589
AgentMeter [baseline] (9.08 ms) : 0, 9080
AgentMeter [candidate] (9.013 ms) : 0, 9013
GlobalTracer [baseline] (217.029 ms) : 0, 217029
GlobalTracer [candidate] (215.538 ms) : 0, 215538
AppSec [baseline] (32.811 ms) : 0, 32811
AppSec [candidate] (32.432 ms) : 0, 32432
Debugger [baseline] (68.559 ms) : 0, 68559
Debugger [candidate] (67.804 ms) : 0, 67804
Remote Config [baseline] (609.245 µs) : 0, 609
Remote Config [candidate] (609.461 µs) : 0, 609
Telemetry [baseline] (9.103 ms) : 0, 9103
Telemetry [candidate] (8.912 ms) : 0, 8912
Flare Poller [baseline] (3.81 ms) : 0, 3810
Flare Poller [candidate] (3.779 ms) : 0, 3779
ProfilingAgent [baseline] (100.119 ms) : 0, 100119
ProfilingAgent [candidate] (99.453 ms) : 0, 99453
Profiling [baseline] (100.703 ms) : 0, 100703
Profiling [candidate] (100.034 ms) : 0, 100034
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1075066
Total [baseline] (8.786 s) : 0, 8786158
Agent [candidate] (1.072 s) : 0, 1072477
Total [candidate] (8.795 s) : 0, 8795295
section iast
Agent [baseline] (1.231 s) : 0, 1231383
Total [baseline] (9.39 s) : 0, 9390006
Agent [candidate] (1.235 s) : 0, 1235329
Total [candidate] (9.416 s) : 0, 9415628
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent iast 1.231 s 156.316 ms (14.5%)
Total tracing 8.786 s -
Total iast 9.39 s 603.847 ms (6.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.072 s -
Agent iast 1.235 s 162.852 ms (15.2%)
Total tracing 8.795 s -
Total iast 9.416 s 620.333 ms (7.1%) 
gantt
    title insecure-bank - break down per module: candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.217 ms) : 0, 1217
crashtracking [candidate] (1.197 ms) : 0, 1197
BytebuddyAgent [baseline] (633.769 ms) : 0, 633769
BytebuddyAgent [candidate] (633.834 ms) : 0, 633834
AgentMeter [baseline] (29.259 ms) : 0, 29259
AgentMeter [candidate] (29.229 ms) : 0, 29229
GlobalTracer [baseline] (260.223 ms) : 0, 260223
GlobalTracer [candidate] (259.28 ms) : 0, 259280
AppSec [baseline] (33.061 ms) : 0, 33061
AppSec [candidate] (33.034 ms) : 0, 33034
Debugger [baseline] (62.737 ms) : 0, 62737
Debugger [candidate] (61.421 ms) : 0, 61421
Remote Config [baseline] (625.287 µs) : 0, 625
Remote Config [candidate] (623.315 µs) : 0, 623
Telemetry [baseline] (10.827 ms) : 0, 10827
Telemetry [candidate] (10.737 ms) : 0, 10737
Flare Poller [baseline] (7.735 ms) : 0, 7735
Flare Poller [candidate] (7.592 ms) : 0, 7592
section iast
crashtracking [baseline] (1.191 ms) : 0, 1191
crashtracking [candidate] (1.186 ms) : 0, 1186
BytebuddyAgent [baseline] (795.724 ms) : 0, 795724
BytebuddyAgent [candidate] (798.733 ms) : 0, 798733
AgentMeter [baseline] (11.322 ms) : 0, 11322
AgentMeter [candidate] (11.364 ms) : 0, 11364
GlobalTracer [baseline] (247.839 ms) : 0, 247839
GlobalTracer [candidate] (249.072 ms) : 0, 249072
IAST [baseline] (27.072 ms) : 0, 27072
IAST [candidate] (27.227 ms) : 0, 27227
AppSec [baseline] (35.673 ms) : 0, 35673
AppSec [candidate] (35.471 ms) : 0, 35471
Debugger [baseline] (64.299 ms) : 0, 64299
Debugger [candidate] (64.027 ms) : 0, 64027
Remote Config [baseline] (543.415 µs) : 0, 543
Remote Config [candidate] (538.447 µs) : 0, 538
Telemetry [baseline] (8.883 ms) : 0, 8883
Telemetry [candidate] (8.815 ms) : 0, 8815
Flare Poller [baseline] (3.535 ms) : 0, 3535
Flare Poller [candidate] (3.526 ms) : 0, 3526
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master daniel.mohedano/git-security-settings
git_commit_date 1770367396 1770384998
git_commit_sha b83178b 526780e
release_version 1.60.0-SNAPSHOT~b83178b28d 1.59.0-SNAPSHOT~526780e135
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770387243 1770387243
ci_job_id 1406197679 1406197679
ci_pipeline_id 94993939 94993939
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-qd69778l 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-qd69778l 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 3 performance improvements and 4 performance regressions! Performance is the same for 13 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load worse
[+166.083µs; +260.636µs] or [+6.350%; +9.965%]		 worse
[+408.797µs; +911.287µs] or [+5.493%; +12.245%]		 unstable
[-269.997op/s; +62.059op/s] or [-19.833%; +4.559%]		 2.829ms 8.102ms 1257.375op/s 2.615ms 7.442ms 1361.344op/s
scenario:load:insecure-bank:iast:high_load worse
[+85.690µs; +164.184µs] or [+3.539%; +6.781%]		 worse
[+185.918µs; +540.744µs] or [+2.602%; +7.568%]		 unstable
[-245.034op/s; +103.284op/s] or [-16.788%; +7.076%]		 2.546ms 7.508ms 1388.719op/s 2.421ms 7.145ms 1459.594op/s
scenario:load:petclinic:appsec:high_load better
[-1.536ms; -0.652ms] or [-7.964%; -3.382%]		 unsure
[-1.999ms; -0.377ms] or [-6.425%; -1.212%]		 unstable
[-15.463op/s; +38.776op/s] or [-6.480%; +16.250%]		 18.187ms 29.924ms 250.281op/s 19.281ms 31.112ms 238.625op/s
scenario:load:petclinic:iast:high_load better
[-1.583ms; -0.511ms] or [-8.480%; -2.737%]		 better
[-2.110ms; -0.650ms] or [-6.939%; -2.139%]		 unstable
[-13.961op/s; +42.586op/s] or [-5.697%; +17.378%]		 17.624ms 29.026ms 259.375op/s 18.671ms 30.406ms 245.062op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.221 ms) : 17052, 17391
.   : milestone, 17221,
appsec (19.567 ms) : 19367, 19767
.   : milestone, 19567,
code_origins (17.875 ms) : 17699, 18050
.   : milestone, 17875,
iast (19.046 ms) : 18850, 19242
.   : milestone, 19046,
profiling (18.988 ms) : 18799, 19177
.   : milestone, 18988,
tracing (17.62 ms) : 17446, 17794
.   : milestone, 17620,
section candidate
no_agent (18.141 ms) : 17954, 18328
.   : milestone, 18141,
appsec (18.648 ms) : 18459, 18837
.   : milestone, 18648,
code_origins (17.676 ms) : 17501, 17851
.   : milestone, 17676,
iast (17.989 ms) : 17808, 18171
.   : milestone, 17989,
profiling (18.607 ms) : 18420, 18793
.   : milestone, 18607,
tracing (17.579 ms) : 17404, 17754
.   : milestone, 17579,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.221 ms [17.052 ms, 17.391 ms] -
appsec 19.567 ms [19.367 ms, 19.767 ms] 2.346 ms (13.6%)
code_origins 17.875 ms [17.699 ms, 18.05 ms] 653.684 µs (3.8%)
iast 19.046 ms [18.85 ms, 19.242 ms] 1.825 ms (10.6%)
profiling 18.988 ms [18.799 ms, 19.177 ms] 1.767 ms (10.3%)
tracing 17.62 ms [17.446 ms, 17.794 ms] 399.025 µs (2.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.141 ms [17.954 ms, 18.328 ms] -
appsec 18.648 ms [18.459 ms, 18.837 ms] 507.035 µs (2.8%)
code_origins 17.676 ms [17.501 ms, 17.851 ms] -465.23 µs (-2.6%)
iast 17.989 ms [17.808 ms, 18.171 ms] -152.162 µs (-0.8%)
profiling 18.607 ms [18.42 ms, 18.793 ms] 465.473 µs (2.6%)
tracing 17.579 ms [17.404 ms, 17.754 ms] -562.084 µs (-3.1%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.186 ms) : 1174, 1198
.   : milestone, 1186,
iast (3.133 ms) : 3090, 3176
.   : milestone, 3133,
iast_FULL (5.802 ms) : 5744, 5860
.   : milestone, 5802,
iast_GLOBAL (3.365 ms) : 3310, 3419
.   : milestone, 3365,
profiling (2.056 ms) : 2037, 2075
.   : milestone, 2056,
tracing (1.845 ms) : 1829, 1861
.   : milestone, 1845,
section candidate
no_agent (1.186 ms) : 1174, 1198
.   : milestone, 1186,
iast (3.296 ms) : 3250, 3341
.   : milestone, 3296,
iast_FULL (5.908 ms) : 5848, 5967
.   : milestone, 5908,
iast_GLOBAL (3.649 ms) : 3579, 3719
.   : milestone, 3649,
profiling (1.995 ms) : 1978, 2013
.   : milestone, 1995,
tracing (1.771 ms) : 1757, 1785
.   : milestone, 1771,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.186 ms [1.174 ms, 1.198 ms] -
iast 3.133 ms [3.09 ms, 3.176 ms] 1.947 ms (164.2%)
iast_FULL 5.802 ms [5.744 ms, 5.86 ms] 4.616 ms (389.1%)
iast_GLOBAL 3.365 ms [3.31 ms, 3.419 ms] 2.179 ms (183.7%)
profiling 2.056 ms [2.037 ms, 2.075 ms] 869.549 µs (73.3%)
tracing 1.845 ms [1.829 ms, 1.861 ms] 658.694 µs (55.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.186 ms [1.174 ms, 1.198 ms] -
iast 3.296 ms [3.25 ms, 3.341 ms] 2.11 ms (177.9%)
iast_FULL 5.908 ms [5.848 ms, 5.967 ms] 4.722 ms (398.1%)
iast_GLOBAL 3.649 ms [3.579 ms, 3.719 ms] 2.463 ms (207.7%)
profiling 1.995 ms [1.978 ms, 2.013 ms] 809.389 µs (68.2%)
tracing 1.771 ms [1.757 ms, 1.785 ms] 585.131 µs (49.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master daniel.mohedano/git-security-settings
git_commit_date 1770367396 1770384998
git_commit_sha b83178b 526780e
release_version 1.60.0-SNAPSHOT~b83178b28d 1.59.0-SNAPSHOT~526780e135
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1770387034 1770387034
ci_job_id 1406197680 1406197680
ci_pipeline_id 94993939 94993939
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-8rtnr86p 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-8rtnr86p 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.476 ms) : 1465, 1488
.   : milestone, 1476,
appsec (3.78 ms) : 3555, 4004
.   : milestone, 3780,
iast (2.255 ms) : 2186, 2324
.   : milestone, 2255,
iast_GLOBAL (2.3 ms) : 2230, 2370
.   : milestone, 2300,
profiling (2.106 ms) : 2050, 2163
.   : milestone, 2106,
tracing (2.067 ms) : 2013, 2120
.   : milestone, 2067,
section candidate
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (3.783 ms) : 3561, 4005
.   : milestone, 3783,
iast (2.252 ms) : 2184, 2321
.   : milestone, 2252,
iast_GLOBAL (2.299 ms) : 2229, 2369
.   : milestone, 2299,
profiling (2.095 ms) : 2040, 2150
.   : milestone, 2095,
tracing (2.079 ms) : 2025, 2133
.   : milestone, 2079,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.465 ms, 1.488 ms] -
appsec 3.78 ms [3.555 ms, 4.004 ms] 2.303 ms (156.0%)
iast 2.255 ms [2.186 ms, 2.324 ms] 778.608 µs (52.7%)
iast_GLOBAL 2.3 ms [2.23 ms, 2.37 ms] 823.286 µs (55.8%)
profiling 2.106 ms [2.05 ms, 2.163 ms] 629.942 µs (42.7%)
tracing 2.067 ms [2.013 ms, 2.12 ms] 590.252 µs (40.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.473 ms [1.462 ms, 1.485 ms] -
appsec 3.783 ms [3.561 ms, 4.005 ms] 2.309 ms (156.7%)
iast 2.252 ms [2.184 ms, 2.321 ms] 778.981 µs (52.9%)
iast_GLOBAL 2.299 ms [2.229 ms, 2.369 ms] 825.823 µs (56.0%)
profiling 2.095 ms [2.04 ms, 2.15 ms] 621.12 µs (42.2%)
tracing 2.079 ms [2.025 ms, 2.133 ms] 605.326 µs (41.1%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.59.0-SNAPSHOT~526780e135, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.04 s) : 15040000, 15040000
.   : milestone, 15040000,
appsec (15.142 s) : 15142000, 15142000
.   : milestone, 15142000,
iast (18.092 s) : 18092000, 18092000
.   : milestone, 18092000,
iast_GLOBAL (18.12 s) : 18120000, 18120000
.   : milestone, 18120000,
profiling (14.89 s) : 14890000, 14890000
.   : milestone, 14890000,
tracing (14.643 s) : 14643000, 14643000
.   : milestone, 14643000,
section candidate
no_agent (15.595 s) : 15595000, 15595000
.   : milestone, 15595000,
appsec (14.394 s) : 14394000, 14394000
.   : milestone, 14394000,
iast (18.073 s) : 18073000, 18073000
.   : milestone, 18073000,
iast_GLOBAL (17.965 s) : 17965000, 17965000
.   : milestone, 17965000,
profiling (14.973 s) : 14973000, 14973000
.   : milestone, 14973000,
tracing (15.151 s) : 15151000, 15151000
.   : milestone, 15151000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.04 s [15.04 s, 15.04 s] -
appsec 15.142 s [15.142 s, 15.142 s] 102.0 ms (0.7%)
iast 18.092 s [18.092 s, 18.092 s] 3.052 s (20.3%)
iast_GLOBAL 18.12 s [18.12 s, 18.12 s] 3.08 s (20.5%)
profiling 14.89 s [14.89 s, 14.89 s] -150.0 ms (-1.0%)
tracing 14.643 s [14.643 s, 14.643 s] -397.0 ms (-2.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.595 s [15.595 s, 15.595 s] -
appsec 14.394 s [14.394 s, 14.394 s] -1.201 s (-7.7%)
iast 18.073 s [18.073 s, 18.073 s] 2.478 s (15.9%)
iast_GLOBAL 17.965 s [17.965 s, 17.965 s] 2.37 s (15.2%)
profiling 14.973 s [14.973 s, 14.973 s] -622.0 ms (-4.0%)
tracing 15.151 s [15.151 s, 15.151 s] -444.0 ms (-2.8%)

@daniel-mohedano daniel-mohedano added comp: ci visibility Continuous Integration Visibility and removed comp: ci visibility Continuous Integration Visibility labels Feb 6, 2026
@daniel-mohedano daniel-mohedano marked this pull request as ready for review February 6, 2026 10:34
@daniel-mohedano daniel-mohedano requested a review from a team as a code owner February 6, 2026 10:34
nikita-tkachenko-datadog
nikita-tkachenko-datadog approved these changes Feb 6, 2026
View reviewed changes
...nt/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/ShellGitClient.java Outdated
this.latestCommitsLimit = latestCommitsLimit;
commandExecutor = new ShellCommandExecutor(new File(repoRoot), timeoutMillis);

String gitRepoRoot = findGitRepositoryRoot(new File(repoRoot).getAbsoluteFile());
Copy link
Contributor

@nikita-tkachenko-datadog nikita-tkachenko-datadog Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: you're calling .getAbsoluteFile() here, and then again inside the findGitRepositoryRoot() method

Copy link
Contributor

@nikita-tkachenko-datadog nikita-tkachenko-datadog Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the gitRepoRoot variable seems redundant: you could just do this.repoRoot = findGitRepositoryRoot(new File(repoRoot).getAbsoluteFile()); and then use the field everywhere.

repoRoot and gitRepoRoot are semantically the same (it's not like we can have a repo root that is not a Git repo root).

Copy link
Contributor Author

@daniel-mohedano daniel-mohedano Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, addressed in 526780e to cleanup the implementation.

@daniel-mohedano daniel-mohedano removed the comp: ci visibility Continuous Integration Visibility label Feb 6, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@daniel-mohedano daniel-mohedano added the comp: ci visibility Continuous Integration Visibility label Feb 6, 2026
@daniel-mohedano
Copy link
Contributor Author

daniel-mohedano commented Feb 6, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Feb 6, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-02-06 14:28:24 UTC ℹ️ Start processing command /merge

2026-02-06 14:28:29 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 1h (p90).

2026-02-06 15:21:50 UTC ℹ️ MergeQueue: This merge request was merged

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot merged commit fdfd27f into master Feb 6, 2026
550 of 554 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot deleted the daniel.mohedano/git-security-settings branch February 6, 2026 15:21
@github-actions github-actions bot added this to the 1.60.0 milestone Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikita-tkachenko-datadog nikita-tkachenko-datadog nikita-tkachenko-datadog approved these changes

Assignees

No one assigned

Labels

comp: ci visibility Continuous Integration Visibility mergequeue-status: done type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.60.0

Development

Successfully merging this pull request may close these issues.

2 participants

@daniel-mohedano @nikita-tkachenko-datadog