Skip to content

AAP service activation origin metric #8934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: sezen.leblay/upgrade-libddwaf-java-1.23
Choose a base branch
from
Draft

AAP service activation origin metric #8934

wants to merge 3 commits into from

Conversation

sezen-datadog
Copy link
Contributor

@sezen-datadog sezen-datadog commented Jun 5, 2025
edited by jira bot
Loading

What Does This Do

It sends appsec.enabled metric every 60 seconds (existing heartbeat value for telemetry)

Motivation

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-57893

@sezen-datadog sezen-datadog force-pushed the sezen.leblay/APPSEC-57893-appsec-enabled-metric branch from 437276f to 03e4246 Compare June 5, 2025 16:10
@pr-commenter
Copy link

pr-commenter bot commented Jun 5, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/APPSEC-57893-appsec-enabled-metric
git_commit_date 1749673130 1749711439
git_commit_sha 2442b1f d05b090
release_version 1.50.0-SNAPSHOT~2442b1fa6d 1.50.0-SNAPSHOT~d05b090830
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1749713636 1749713636
ci_job_id 977794818 977794818
ci_pipeline_id 67477472 67477472
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-66eemyw1-project-304-concurrent-0-5llh7jdy 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-66eemyw1-project-304-concurrent-0-5llh7jdy 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 7 performance improvements and 1 performance regressions! Performance is the same for 48 metrics, 15 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:insecure-bank:tracing:AppSec better
[-28.033ms; -25.115ms] or [-49.876%; -44.683%]		 29.632ms 56.206ms
scenario:startup:insecure-bank:tracing:Remote Config better
[-99.141µs; -46.968µs] or [-13.620%; -6.452%]		 654.860µs 727.914µs
scenario:startup:petclinic:appsec:AppSec better
[-10.766ms; -9.162ms] or [-6.154%; -5.237%]		 164.992ms 174.956ms
scenario:startup:petclinic:appsec:Telemetry worse
[+796.625µs; +1132.880µs] or [+11.011%; +15.659%]		 8.200ms 7.235ms
scenario:startup:petclinic:profiling:AppSec better
[-31.500ms; -26.717ms] or [-51.487%; -43.670%]		 32.071ms 61.179ms
scenario:startup:petclinic:tracing:Agent.start better
[-35.799ms; -29.492ms] or [-3.487%; -2.873%]		 0.994s 1.027s
scenario:startup:petclinic:tracing:AppSec better
[-29.744ms; -25.719ms] or [-51.982%; -44.948%]		 29.488ms 57.220ms
scenario:startup:petclinic:tracing:Remote Config better
[-94.785µs; -54.484µs] or [-12.969%; -7.455%]		 656.217µs 730.852µs
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.029 s) : 0, 1029099
Total [baseline] (8.522 s) : 0, 8522366
Agent [candidate] (999.419 ms) : 0, 999419
Total [candidate] (8.542 s) : 0, 8541979
section iast
Agent [baseline] (1.168 s) : 0, 1168038
Total [baseline] (9.214 s) : 0, 9213909
Agent [candidate] (1.127 s) : 0, 1126673
Total [candidate] (9.204 s) : 0, 9203564
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.15 s) : 0, 1149864
Total [baseline] (9.16 s) : 0, 9159535
Agent [candidate] (1.127 s) : 0, 1127145
Total [candidate] (9.177 s) : 0, 9177115
section iast_TELEMETRY_OFF
Agent [baseline] (1.144 s) : 0, 1144306
Total [baseline] (9.159 s) : 0, 9159243
Agent [candidate] (1.139 s) : 0, 1139060
Total [candidate] (9.267 s) : 0, 9266562
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.029 s -
Agent iast 1.168 s 138.939 ms (13.5%)
Agent iast_HARDCODED_SECRET_DISABLED 1.15 s 120.765 ms (11.7%)
Agent iast_TELEMETRY_OFF 1.144 s 115.207 ms (11.2%)
Total tracing 8.522 s -
Total iast 9.214 s 691.544 ms (8.1%)
Total iast_HARDCODED_SECRET_DISABLED 9.16 s 637.17 ms (7.5%)
Total iast_TELEMETRY_OFF 9.159 s 636.877 ms (7.5%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 999.419 ms -
Agent iast 1.127 s 127.253 ms (12.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.127 s 127.726 ms (12.8%)
Agent iast_TELEMETRY_OFF 1.139 s 139.641 ms (14.0%)
Total tracing 8.542 s -
Total iast 9.204 s 661.584 ms (7.7%)
Total iast_HARDCODED_SECRET_DISABLED 9.177 s 635.136 ms (7.4%)
Total iast_TELEMETRY_OFF 9.267 s 724.583 ms (8.5%) 
gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (688.694 ms) : 0, 688694
BytebuddyAgent [candidate] (688.74 ms) : 0, 688740
GlobalTracer [baseline] (242.087 ms) : 0, 242087
GlobalTracer [candidate] (242.125 ms) : 0, 242125
AppSec [baseline] (56.206 ms) : 0, 56206
AppSec [candidate] (29.632 ms) : 0, 29632
Debugger [baseline] (6.24 ms) : 0, 6240
Debugger [candidate] (6.113 ms) : 0, 6113
Remote Config [baseline] (727.914 µs) : 0, 728
Remote Config [candidate] (654.86 µs) : 0, 655
Telemetry [baseline] (11.424 ms) : 0, 11424
Telemetry [candidate] (8.347 ms) : 0, 8347
section iast
BytebuddyAgent [baseline] (815.478 ms) : 0, 815478
BytebuddyAgent [candidate] (802.983 ms) : 0, 802983
GlobalTracer [baseline] (233.901 ms) : 0, 233901
GlobalTracer [candidate] (231.065 ms) : 0, 231065
IAST [baseline] (28.256 ms) : 0, 28256
IAST [candidate] (26.17 ms) : 0, 26170
AppSec [baseline] (51.973 ms) : 0, 51973
AppSec [candidate] (28.594 ms) : 0, 28594
Debugger [baseline] (6.017 ms) : 0, 6017
Debugger [candidate] (5.761 ms) : 0, 5761
Remote Config [baseline] (614.804 µs) : 0, 615
Remote Config [candidate] (599.161 µs) : 0, 599
Telemetry [baseline] (7.996 ms) : 0, 7996
Telemetry [candidate] (7.956 ms) : 0, 7956
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (801.315 ms) : 0, 801315
BytebuddyAgent [candidate] (803.281 ms) : 0, 803281
GlobalTracer [baseline] (230.615 ms) : 0, 230615
GlobalTracer [candidate] (231.163 ms) : 0, 231163
IAST [baseline] (24.715 ms) : 0, 24715
IAST [candidate] (28.613 ms) : 0, 28613
AppSec [baseline] (55.13 ms) : 0, 55130
AppSec [candidate] (26.368 ms) : 0, 26368
Debugger [baseline] (5.979 ms) : 0, 5979
Debugger [candidate] (5.822 ms) : 0, 5822
Remote Config [baseline] (606.29 µs) : 0, 606
Remote Config [candidate] (582.831 µs) : 0, 583
Telemetry [baseline] (7.952 ms) : 0, 7952
Telemetry [candidate] (7.817 ms) : 0, 7817
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (797.35 ms) : 0, 797350
BytebuddyAgent [candidate] (812.405 ms) : 0, 812405
GlobalTracer [baseline] (229.715 ms) : 0, 229715
GlobalTracer [candidate] (233.875 ms) : 0, 233875
IAST [baseline] (24.993 ms) : 0, 24993
IAST [candidate] (29.627 ms) : 0, 29627
AppSec [baseline] (54.37 ms) : 0, 54370
AppSec [candidate] (25.187 ms) : 0, 25187
Debugger [baseline] (5.981 ms) : 0, 5981
Debugger [candidate] (5.884 ms) : 0, 5884
Remote Config [baseline] (609.057 µs) : 0, 609
Remote Config [candidate] (603.056 µs) : 0, 603
Telemetry [baseline] (7.81 ms) : 0, 7810
Telemetry [candidate] (7.753 ms) : 0, 7753
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.027 s) : 0, 1026535
Total [baseline] (11.164 s) : 0, 11163613
Agent [candidate] (993.889 ms) : 0, 993889
Total [candidate] (11.135 s) : 0, 11135442
section appsec
Agent [baseline] (1.174 s) : 0, 1174044
Total [baseline] (11.176 s) : 0, 11176477
Agent [candidate] (1.161 s) : 0, 1161446
Total [candidate] (11.302 s) : 0, 11301767
section iast
Agent [baseline] (1.152 s) : 0, 1151877
Total [baseline] (11.363 s) : 0, 11362904
Agent [candidate] (1.127 s) : 0, 1126974
Total [candidate] (11.366 s) : 0, 11365507
section profiling
Agent [baseline] (1.266 s) : 0, 1266203
Total [baseline] (11.393 s) : 0, 11393479
Agent [candidate] (1.249 s) : 0, 1249490
Total [candidate] (11.577 s) : 0, 11577398
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.027 s -
Agent appsec 1.174 s 147.509 ms (14.4%)
Agent iast 1.152 s 125.342 ms (12.2%)
Agent profiling 1.266 s 239.668 ms (23.3%)
Total tracing 11.164 s -
Total appsec 11.176 s 12.865 ms (0.1%)
Total iast 11.363 s 199.291 ms (1.8%)
Total profiling 11.393 s 229.867 ms (2.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 993.889 ms -
Agent appsec 1.161 s 167.556 ms (16.9%)
Agent iast 1.127 s 133.085 ms (13.4%)
Agent profiling 1.249 s 255.6 ms (25.7%)
Total tracing 11.135 s -
Total appsec 11.302 s 166.326 ms (1.5%)
Total iast 11.366 s 230.065 ms (2.1%)
Total profiling 11.577 s 441.956 ms (4.0%) 
gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.106 ms) : 0, 685106
BytebuddyAgent [candidate] (685.064 ms) : 0, 685064
GlobalTracer [baseline] (240.822 ms) : 0, 240822
GlobalTracer [candidate] (240.566 ms) : 0, 240566
AppSec [baseline] (57.22 ms) : 0, 57220
AppSec [candidate] (29.488 ms) : 0, 29488
Debugger [baseline] (6.14 ms) : 0, 6140
Debugger [candidate] (6.082 ms) : 0, 6082
Remote Config [baseline] (730.852 µs) : 0, 731
Remote Config [candidate] (656.217 µs) : 0, 656
Telemetry [baseline] (12.864 ms) : 0, 12864
Telemetry [candidate] (8.249 ms) : 0, 8249
section appsec
BytebuddyAgent [baseline] (704.638 ms) : 0, 704638
BytebuddyAgent [candidate] (702.564 ms) : 0, 702564
GlobalTracer [baseline] (235.339 ms) : 0, 235339
GlobalTracer [candidate] (233.831 ms) : 0, 233831
IAST [baseline] (21.857 ms) : 0, 21857
IAST [candidate] (21.823 ms) : 0, 21823
AppSec [baseline] (174.956 ms) : 0, 174956
AppSec [candidate] (164.992 ms) : 0, 164992
Debugger [baseline] (5.931 ms) : 0, 5931
Debugger [candidate] (5.896 ms) : 0, 5896
Remote Config [baseline] (624.67 µs) : 0, 625
Remote Config [candidate] (679.031 µs) : 0, 679
Telemetry [baseline] (7.235 ms) : 0, 7235
Telemetry [candidate] (8.2 ms) : 0, 8200
section iast
BytebuddyAgent [baseline] (802.586 ms) : 0, 802586
BytebuddyAgent [candidate] (803.053 ms) : 0, 803053
GlobalTracer [baseline] (231.451 ms) : 0, 231451
GlobalTracer [candidate] (230.925 ms) : 0, 230925
IAST [baseline] (27.938 ms) : 0, 27938
IAST [candidate] (28.509 ms) : 0, 28509
AppSec [baseline] (51.726 ms) : 0, 51726
AppSec [candidate] (26.802 ms) : 0, 26802
Debugger [baseline] (6.034 ms) : 0, 6034
Debugger [candidate] (5.843 ms) : 0, 5843
Remote Config [baseline] (607.816 µs) : 0, 608
Remote Config [candidate] (580.146 µs) : 0, 580
Telemetry [baseline] (7.992 ms) : 0, 7992
Telemetry [candidate] (7.759 ms) : 0, 7759
section profiling
BytebuddyAgent [baseline] (675.956 ms) : 0, 675956
BytebuddyAgent [candidate] (680.679 ms) : 0, 680679
GlobalTracer [baseline] (360.429 ms) : 0, 360429
GlobalTracer [candidate] (362.925 ms) : 0, 362925
AppSec [baseline] (61.179 ms) : 0, 61179
AppSec [candidate] (32.071 ms) : 0, 32071
Debugger [baseline] (6.036 ms) : 0, 6036
Debugger [candidate] (10.577 ms) : 0, 10577
Remote Config [baseline] (659.962 µs) : 0, 660
Remote Config [candidate] (706.629 µs) : 0, 707
Telemetry [baseline] (8.125 ms) : 0, 8125
Telemetry [candidate] (9.067 ms) : 0, 9067
ProfilingAgent [baseline] (103.109 ms) : 0, 103109
ProfilingAgent [candidate] (102.381 ms) : 0, 102381
Profiling [baseline] (103.133 ms) : 0, 103133
Profiling [candidate] (102.406 ms) : 0, 102406
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-06-12T07:07:08 2025-06-12T07:18:14
git_branch master sezen.leblay/APPSEC-57893-appsec-enabled-metric
git_commit_date 1749673130 1749711439
git_commit_sha 2442b1f d05b090
release_version 1.50.0-SNAPSHOT~2442b1fa6d 1.50.0-SNAPSHOT~d05b090830
start_time 2025-06-12T07:06:53 2025-06-12T07:17:59
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1749713288 1749713288
ci_job_id 977794819 977794819
ci_pipeline_id 67477472 67477472
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-qrcmbjps-project-304-concurrent-0-ycot3m3f 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-qrcmbjps-project-304-concurrent-0-ycot3m3f 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
thresholds_or_results results results
variant iast iast

Summary

Found 3 performance improvements and 2 performance regressions! Performance is the same for 6 metrics, 17 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:petclinic:appsec better
[-5.685ms; -5.208ms] or [-59.952%; -54.923%]		 unstable
[-774.999op/s; +2033.821op/s] or [-149.187%; +391.511%]		 4.036ms 1148.892op/s 9.483ms 519.481op/s
scenario:load:petclinic:no_agent better
[-1.145ms; -1.094ms] or [-12.996%; -12.414%]		 better
[+63.838op/s; +107.604op/s] or [+11.411%; +19.234%]		 7.690ms 645.161op/s 8.809ms 559.441op/s
scenario:load:petclinic:profiling worse
[+2.303ms; +2.416ms] or [+28.610%; +30.018%]		 worse
[-166.623op/s; -111.766op/s] or [-27.076%; -18.162%]		 10.408ms 476.190op/s 8.049ms 615.385op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (8.809 ms) : 8783, 8834
.   : milestone, 8809,
appsec (9.483 ms) : 9435, 9531
.   : milestone, 9483,
code_origins (203.207 µs) : 176, 231
.   : milestone, 203,
iast (900.687 µs) : 850, 951
.   : milestone, 901,
profiling (8.049 ms) : 8020, 8078
.   : milestone, 8049,
tracing (0.151 µs) : 0, 0
.   : milestone, 0,
section candidate
no_agent (7.69 ms) : 7668, 7711
.   : milestone, 7690,
appsec (4.036 ms) : 3726, 4346
.   : milestone, 4036,
code_origins (1.326 ms) : 1051, 1601
.   : milestone, 1326,
iast (2.699 ms) : 2400, 2999
.   : milestone, 2699,
profiling (10.408 ms) : 10340, 10477
.   : milestone, 10408,
tracing (8.16 ms) : 8134, 8186
.   : milestone, 8160,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 8.809 ms [8.783 ms, 8.834 ms] -
appsec 9.483 ms [9.435 ms, 9.531 ms] 674.294 µs (7.7%)
code_origins 203.207 µs [175.663 µs, 230.752 µs] -8.605 ms (-97.7%)
iast 900.687 µs [850.283 µs, 951.092 µs] -7.908 ms (-89.8%)
profiling 8.049 ms [8.02 ms, 8.078 ms] -759.658 µs (-8.6%)
tracing 0.151 µs [-0.021 µs, 0.323 µs] -8.809 ms (-100.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 7.69 ms [7.668 ms, 7.711 ms] -
appsec 4.036 ms [3.726 ms, 4.346 ms] -3.653 ms (-47.5%)
code_origins 1.326 ms [1.051 ms, 1.601 ms] -6.364 ms (-82.8%)
iast 2.699 ms [2.4 ms, 2.999 ms] -4.99 ms (-64.9%)
profiling 10.408 ms [10.34 ms, 10.477 ms] 2.719 ms (35.4%)
tracing 8.16 ms [8.134 ms, 8.186 ms] 470.29 µs (6.1%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (384.797 µs) : 365, 404
.   : milestone, 385,
iast (534.695 µs) : 511, 558
.   : milestone, 535,
iast_FULL (747.473 µs) : 724, 771
.   : milestone, 747,
iast_GLOBAL (583.547 µs) : 560, 607
.   : milestone, 584,
iast_HARDCODED_SECRET_DISABLED (533.246 µs) : 512, 555
.   : milestone, 533,
iast_INACTIVE (482.363 µs) : 459, 506
.   : milestone, 482,
iast_TELEMETRY_OFF (514.781 µs) : 493, 537
.   : milestone, 515,
tracing (483.232 µs) : 461, 506
.   : milestone, 483,
section candidate
no_agent (386.584 µs) : 366, 407
.   : milestone, 387,
iast (529.752 µs) : 506, 553
.   : milestone, 530,
iast_FULL (744.959 µs) : 721, 768
.   : milestone, 745,
iast_GLOBAL (578.84 µs) : 554, 604
.   : milestone, 579,
iast_HARDCODED_SECRET_DISABLED (528.108 µs) : 505, 551
.   : milestone, 528,
iast_INACTIVE (476.979 µs) : 454, 500
.   : milestone, 477,
iast_TELEMETRY_OFF (519.116 µs) : 496, 542
.   : milestone, 519,
tracing (465.752 µs) : 444, 488
.   : milestone, 466,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 384.797 µs [365.218 µs, 404.376 µs] -
iast 534.695 µs [511.481 µs, 557.908 µs] 149.897 µs (39.0%)
iast_FULL 747.473 µs [723.97 µs, 770.977 µs] 362.676 µs (94.3%)
iast_GLOBAL 583.547 µs [559.95 µs, 607.145 µs] 198.75 µs (51.7%)
iast_HARDCODED_SECRET_DISABLED 533.246 µs [511.558 µs, 554.933 µs] 148.448 µs (38.6%)
iast_INACTIVE 482.363 µs [459.168 µs, 505.558 µs] 97.565 µs (25.4%)
iast_TELEMETRY_OFF 514.781 µs [492.969 µs, 536.594 µs] 129.984 µs (33.8%)
tracing 483.232 µs [460.78 µs, 505.684 µs] 98.435 µs (25.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 386.584 µs [366.276 µs, 406.891 µs] -
iast 529.752 µs [506.379 µs, 553.124 µs] 143.168 µs (37.0%)
iast_FULL 744.959 µs [721.427 µs, 768.491 µs] 358.375 µs (92.7%)
iast_GLOBAL 578.84 µs [554.015 µs, 603.665 µs] 192.257 µs (49.7%)
iast_HARDCODED_SECRET_DISABLED 528.108 µs [504.897 µs, 551.318 µs] 141.524 µs (36.6%)
iast_INACTIVE 476.979 µs [453.927 µs, 500.032 µs] 90.395 µs (23.4%)
iast_TELEMETRY_OFF 519.116 µs [495.971 µs, 542.261 µs] 132.532 µs (34.3%)
tracing 465.752 µs [443.857 µs, 487.647 µs] 79.168 µs (20.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/APPSEC-57893-appsec-enabled-metric
git_commit_date 1749673130 1749711439
git_commit_sha 2442b1f d05b090
release_version 1.50.0-SNAPSHOT~2442b1fa6d 1.50.0-SNAPSHOT~d05b090830
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1749713434 1749713434
ci_job_id 977794820 977794820
ci_pipeline_id 67477472 67477472
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-ytwrhy75-project-304-concurrent-0-axcyam04 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-ytwrhy75-project-304-concurrent-0-axcyam04 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.111 s) : 15111000, 15111000
.   : milestone, 15111000,
appsec (14.701 s) : 14701000, 14701000
.   : milestone, 14701000,
iast (18.722 s) : 18722000, 18722000
.   : milestone, 18722000,
iast_GLOBAL (18.062 s) : 18062000, 18062000
.   : milestone, 18062000,
profiling (15.22 s) : 15220000, 15220000
.   : milestone, 15220000,
tracing (14.891 s) : 14891000, 14891000
.   : milestone, 14891000,
section candidate
no_agent (15.245 s) : 15245000, 15245000
.   : milestone, 15245000,
appsec (15.049 s) : 15049000, 15049000
.   : milestone, 15049000,
iast (18.842 s) : 18842000, 18842000
.   : milestone, 18842000,
iast_GLOBAL (18.013 s) : 18013000, 18013000
.   : milestone, 18013000,
profiling (15.986 s) : 15986000, 15986000
.   : milestone, 15986000,
tracing (14.859 s) : 14859000, 14859000
.   : milestone, 14859000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.111 s [15.111 s, 15.111 s] -
appsec 14.701 s [14.701 s, 14.701 s] -410.0 ms (-2.7%)
iast 18.722 s [18.722 s, 18.722 s] 3.611 s (23.9%)
iast_GLOBAL 18.062 s [18.062 s, 18.062 s] 2.951 s (19.5%)
profiling 15.22 s [15.22 s, 15.22 s] 109.0 ms (0.7%)
tracing 14.891 s [14.891 s, 14.891 s] -220.0 ms (-1.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.245 s [15.245 s, 15.245 s] -
appsec 15.049 s [15.049 s, 15.049 s] -196.0 ms (-1.3%)
iast 18.842 s [18.842 s, 18.842 s] 3.597 s (23.6%)
iast_GLOBAL 18.013 s [18.013 s, 18.013 s] 2.768 s (18.2%)
profiling 15.986 s [15.986 s, 15.986 s] 741.0 ms (4.9%)
tracing 14.859 s [14.859 s, 14.859 s] -386.0 ms (-2.5%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~d05b090830, baseline=1.50.0-SNAPSHOT~2442b1fa6d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.477 ms) : 1465, 1488
.   : milestone, 1477,
appsec (2.409 ms) : 2360, 2458
.   : milestone, 2409,
iast (2.189 ms) : 2128, 2250
.   : milestone, 2189,
iast_GLOBAL (2.241 ms) : 2179, 2303
.   : milestone, 2241,
profiling (2.059 ms) : 2008, 2109
.   : milestone, 2059,
tracing (2.014 ms) : 1966, 2062
.   : milestone, 2014,
section candidate
no_agent (1.48 ms) : 1468, 1491
.   : milestone, 1480,
appsec (2.405 ms) : 2356, 2454
.   : milestone, 2405,
iast (2.2 ms) : 2139, 2262
.   : milestone, 2200,
iast_GLOBAL (2.234 ms) : 2172, 2296
.   : milestone, 2234,
profiling (2.05 ms) : 2000, 2100
.   : milestone, 2050,
tracing (2.002 ms) : 1955, 2050
.   : milestone, 2002,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.477 ms [1.465 ms, 1.488 ms] -
appsec 2.409 ms [2.36 ms, 2.458 ms] 932.051 µs (63.1%)
iast 2.189 ms [2.128 ms, 2.25 ms] 712.228 µs (48.2%)
iast_GLOBAL 2.241 ms [2.179 ms, 2.303 ms] 764.187 µs (51.7%)
profiling 2.059 ms [2.008 ms, 2.109 ms] 581.653 µs (39.4%)
tracing 2.014 ms [1.966 ms, 2.062 ms] 537.207 µs (36.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.48 ms [1.468 ms, 1.491 ms] -
appsec 2.405 ms [2.356 ms, 2.454 ms] 924.799 µs (62.5%)
iast 2.2 ms [2.139 ms, 2.262 ms] 720.699 µs (48.7%)
iast_GLOBAL 2.234 ms [2.172 ms, 2.296 ms] 754.152 µs (51.0%)
profiling 2.05 ms [2.0 ms, 2.1 ms] 570.157 µs (38.5%)
tracing 2.002 ms [1.955 ms, 2.05 ms] 522.649 µs (35.3%)

@sezen-datadog sezen-datadog force-pushed the sezen.leblay/APPSEC-57893-appsec-enabled-metric branch 8 times, most recently from 20f69bd to 7b3cf77 Compare June 6, 2025 11:57
@sezen-datadog sezen-datadog marked this pull request as ready for review June 6, 2025 11:58
@sezen-datadog sezen-datadog requested review from a team as code owners June 6, 2025 11:58
@sezen-datadog sezen-datadog requested review from smola, manuel-alvarez-alvarez and dougqh and removed request for a team June 6, 2025 11:58
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 6, 2025

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jun 9, 2025
View reviewed changes
internal-api/src/main/java/datadog/trace/api/telemetry/AppSecMetricCollector.java
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;

public class AppSecMetricCollector implements MetricCollector<MetricCollector.Metric> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Traditionally we've used the WafMetricCollector as the source for all appsec metrics, although I'm not against about this new one.

manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jun 9, 2025
View reviewed changes
internal-api/src/main/java/datadog/trace/api/telemetry/AppSecMetricCollector.java Outdated
// Periodically report AppSec enabled status
final ProductActivation appSecActivation = Config.get().getAppSecActivation();
if (appSecActivation == ProductActivation.FULLY_ENABLED
|| ConfigOrigin.REMOTE == appsecOrigin) { // remote enablement can happen later
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understood correctly, you have to report the metric in every heartbeat when appsec is fully enabled (not only when it's configured via RC),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, but we have to report remote enablement as well

manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jun 9, 2025
View reviewed changes
dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java Outdated
@@ -521,6 +523,11 @@ private void setAppSecActivation(final AppSecFeatures.Asm asm) {
newState = tracerConfig.getAppSecActivation() == ProductActivation.FULLY_ENABLED;
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez Jun 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we receive a null via RC then we should go back to report the metric with the locally configured origin (default, env_var, ...)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point

manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jun 9, 2025
View reviewed changes
dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java Outdated
if (newState) {
AppSecMetricCollector.appsecOrigin = ConfigOrigin.REMOTE;
} else {
AppSecMetricCollector.appsecOrigin = null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In here the source is still RC, the difference is that appsec is disabled so we should not report the gauge

@sezen-datadog sezen-datadog changed the base branch from master to sezen.leblay/upgrade-libddwaf-java-1.23 June 10, 2025 06:59
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/upgrade-libddwaf-java-1.23 branch from 6c47b1e to 42f13c9 Compare June 10, 2025 11:37
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/APPSEC-57893-appsec-enabled-metric branch 3 times, most recently from fafba5f to daf546f Compare June 11, 2025 12:41
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/upgrade-libddwaf-java-1.23 branch from 42f13c9 to 5b79c2f Compare June 12, 2025 06:46
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/upgrade-libddwaf-java-1.23 branch from 5b79c2f to 8212f64 Compare June 12, 2025 06:47
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/APPSEC-57893-appsec-enabled-metric branch from 957025f to af32b13 Compare June 12, 2025 06:54
@sezen-datadog sezen-datadog marked this pull request as draft June 19, 2025 08:36
@sezen-datadog
Copy link
Contributor Author

possibly canceled @robertpi tell us if opened or closed with regards to what is decided on the origin metric

@sezen-datadog sezen-datadog force-pushed the sezen.leblay/upgrade-libddwaf-java-1.23 branch from c837ca4 to bad8ea7 Compare June 20, 2025 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez left review comments

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

@dougqh dougqh Awaiting requested review from dougqh dougqh is a code owner automatically assigned from DataDog/apm-lang-platform-java

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sezen-datadog @manuel-alvarez-alvarez