Skip to content

feat(ai-guard): return SDS findings into SDK Response#10821

Open
obordeau wants to merge 4 commits intomasterfrom
oceane.bordeau/sds-attach-sdk-response
Open

feat(ai-guard): return SDS findings into SDK Response#10821
obordeau wants to merge 4 commits intomasterfrom
oceane.bordeau/sds-attach-sdk-response

Conversation

@obordeau
Copy link
Contributor

@obordeau obordeau commented Mar 12, 2026
edited
Loading

What Does This Do

Takes the SDS tags receives from the AI Guard evaluation API and exposes them in the span tags.

Motivation

Additional Notes

APPSEC-61588 - SDS scans returned in SDK response by AI Guard [system-tests]
System Test for this feature is passing locally

 ./run.sh AI_GUARD
=================================================================================================== test context ====================================================================================================
Scenario: AI_GUARD
Logs folder: ./logs_ai_guard
Starting containers...
Agent: 7.76.1
Backend: datad0g.com
Library: java@1.60.0-SNAPSHOT+5448f3c473
Weblog variant: spring-boot
Weblog system: Linux weblog 6.12.65-linuxkit #1 SMP Thu Jan 15 14:58:53 UTC 2026 aarch64 aarch64 aarch64 GNU/Linux

================================================================================================ test session starts ================================================================================================
collected 2267 items / 2256 deselected / 11 selected                                                                                                                                                                
---------------------------------------------------------------------------------------------------- tests setup ----------------------------------------------------------------------------------------------------

tests/ai_guard/test_ai_guard_sdk.py .........

----------------------------------------------------------------------------------------- Wait for library interface (25s) ------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------- Wait for agent interface (5s) -------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------ Wait for backend interface (0s) ------------------------------------------------------------------------------------------

tests/ai_guard/test_ai_guard_sdk.py ....X..XX                                                                                                                                                                 [ 81%]
tests/schemas/test_schemas.py ..                                                                                                                                                                              [100%]

-------------------------------------------------- generated xml file: /Users/oceane.bordeau/go/src/github.com/DataDog/system-tests/logs_ai_guard/reportJunit.xml ---------------------------------------------------
============================================================================================== short test summary info ==============================================================================================
XPASS tests/ai_guard/test_ai_guard_sdk.py::Test_RootSpanUserKeep::test_root_span_user_keep missing_feature
XPASS tests/ai_guard/test_ai_guard_sdk.py::Test_SensitiveDataScanning::test_sensitive_data missing_feature (declared version for java is v1.61.0-SNAPSHOT)
XPASS tests/ai_guard/test_ai_guard_sdk.py::Test_SDS_Findings_In_SDK_Response::test_sds_in_response missing_feature

Contributor Checklist

Jira ticket: [APPSEC-61589]

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@pr-commenter
Copy link

pr-commenter bot commented Mar 12, 2026
edited
Loading

Benchmarks

⚠️ Warning: Baseline build not found for merge-base commit. Comparing against the latest commit on master instead.

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master oceane.bordeau/sds-attach-sdk-response
git_commit_date 1773436250 1773651978
git_commit_sha 8185dcf d218176
release_version 1.61.0-SNAPSHOT~8185dcf699 1.61.0-SNAPSHOT~d218176c92
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1773653862 1773653862
ci_job_id 1507500296 1507500296
ci_pipeline_id 102603809 102603809
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-xb75cc4g 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-xb75cc4g 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 63 metrics, 8 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1063756
Total [baseline] (8.885 s) : 0, 8884954
Agent [candidate] (1.057 s) : 0, 1056946
Total [candidate] (8.868 s) : 0, 8867601
section iast
Agent [baseline] (1.23 s) : 0, 1230165
Total [baseline] (9.564 s) : 0, 9564482
Agent [candidate] (1.248 s) : 0, 1247905
Total [candidate] (9.68 s) : 0, 9679609
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent iast 1.23 s 166.409 ms (15.6%)
Total tracing 8.885 s -
Total iast 9.564 s 679.528 ms (7.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.057 s -
Agent iast 1.248 s 190.959 ms (18.1%)
Total tracing 8.868 s -
Total iast 9.68 s 812.008 ms (9.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.228 ms) : 0, 1228
crashtracking [candidate] (1.192 ms) : 0, 1192
BytebuddyAgent [baseline] (631.363 ms) : 0, 631363
BytebuddyAgent [candidate] (625.901 ms) : 0, 625901
AgentMeter [baseline] (29.247 ms) : 0, 29247
AgentMeter [candidate] (29.096 ms) : 0, 29096
GlobalTracer [baseline] (258.09 ms) : 0, 258090
GlobalTracer [candidate] (256.88 ms) : 0, 256880
AppSec [baseline] (31.785 ms) : 0, 31785
AppSec [candidate] (31.458 ms) : 0, 31458
Debugger [baseline] (59.171 ms) : 0, 59171
Debugger [candidate] (58.562 ms) : 0, 58562
Remote Config [baseline] (620.478 µs) : 0, 620
Remote Config [candidate] (612.039 µs) : 0, 612
Telemetry [baseline] (8.714 ms) : 0, 8714
Telemetry [candidate] (8.66 ms) : 0, 8660
Flare Poller [baseline] (7.271 ms) : 0, 7271
Flare Poller [candidate] (8.588 ms) : 0, 8588
section iast
crashtracking [baseline] (1.205 ms) : 0, 1205
crashtracking [candidate] (1.215 ms) : 0, 1215
BytebuddyAgent [baseline] (798.459 ms) : 0, 798459
BytebuddyAgent [candidate] (809.84 ms) : 0, 809840
AgentMeter [baseline] (11.38 ms) : 0, 11380
AgentMeter [candidate] (11.868 ms) : 0, 11868
GlobalTracer [baseline] (248.326 ms) : 0, 248326
GlobalTracer [candidate] (251.265 ms) : 0, 251265
AppSec [baseline] (26.443 ms) : 0, 26443
AppSec [candidate] (27.077 ms) : 0, 27077
Debugger [baseline] (62.844 ms) : 0, 62844
Debugger [candidate] (63.967 ms) : 0, 63967
Remote Config [baseline] (517.202 µs) : 0, 517
Remote Config [candidate] (519.176 µs) : 0, 519
Telemetry [baseline] (14.762 ms) : 0, 14762
Telemetry [candidate] (14.989 ms) : 0, 14989
Flare Poller [baseline] (4.915 ms) : 0, 4915
Flare Poller [candidate] (4.954 ms) : 0, 4954
IAST [baseline] (25.155 ms) : 0, 25155
IAST [candidate] (25.813 ms) : 0, 25813
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.061 s) : 0, 1061337
Total [baseline] (11.115 s) : 0, 11115284
Agent [candidate] (1.063 s) : 0, 1062986
Total [candidate] (11.161 s) : 0, 11160854
section appsec
Agent [baseline] (1.255 s) : 0, 1255451
Total [baseline] (11.223 s) : 0, 11222542
Agent [candidate] (1.256 s) : 0, 1255992
Total [candidate] (11.266 s) : 0, 11266081
section iast
Agent [baseline] (1.235 s) : 0, 1235098
Total [baseline] (11.344 s) : 0, 11344433
Agent [candidate] (1.228 s) : 0, 1228365
Total [candidate] (11.276 s) : 0, 11276189
section profiling
Agent [baseline] (1.182 s) : 0, 1182444
Total [baseline] (11.042 s) : 0, 11042288
Agent [candidate] (1.19 s) : 0, 1190095
Total [candidate] (11.227 s) : 0, 11226774
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.061 s -
Agent appsec 1.255 s 194.114 ms (18.3%)
Agent iast 1.235 s 173.761 ms (16.4%)
Agent profiling 1.182 s 121.107 ms (11.4%)
Total tracing 11.115 s -
Total appsec 11.223 s 107.258 ms (1.0%)
Total iast 11.344 s 229.149 ms (2.1%)
Total profiling 11.042 s -72.996 ms (-0.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.063 s -
Agent appsec 1.256 s 193.006 ms (18.2%)
Agent iast 1.228 s 165.379 ms (15.6%)
Agent profiling 1.19 s 127.11 ms (12.0%)
Total tracing 11.161 s -
Total appsec 11.266 s 105.228 ms (0.9%)
Total iast 11.276 s 115.335 ms (1.0%)
Total profiling 11.227 s 65.921 ms (0.6%) 
gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.221 ms) : 0, 1221
crashtracking [candidate] (1.202 ms) : 0, 1202
BytebuddyAgent [baseline] (631.139 ms) : 0, 631139
BytebuddyAgent [candidate] (629.051 ms) : 0, 629051
AgentMeter [baseline] (29.084 ms) : 0, 29084
AgentMeter [candidate] (29.104 ms) : 0, 29104
GlobalTracer [baseline] (257.193 ms) : 0, 257193
GlobalTracer [candidate] (257.681 ms) : 0, 257681
AppSec [baseline] (31.436 ms) : 0, 31436
AppSec [candidate] (31.596 ms) : 0, 31596
Debugger [baseline] (59.336 ms) : 0, 59336
Debugger [candidate] (59.488 ms) : 0, 59488
Remote Config [baseline] (617.735 µs) : 0, 618
Remote Config [candidate] (622.235 µs) : 0, 622
Telemetry [baseline] (8.725 ms) : 0, 8725
Telemetry [candidate] (8.669 ms) : 0, 8669
Flare Poller [baseline] (6.423 ms) : 0, 6423
Flare Poller [candidate] (9.515 ms) : 0, 9515
section appsec
crashtracking [baseline] (1.203 ms) : 0, 1203
crashtracking [candidate] (1.225 ms) : 0, 1225
BytebuddyAgent [baseline] (663.581 ms) : 0, 663581
BytebuddyAgent [candidate] (662.857 ms) : 0, 662857
AgentMeter [baseline] (12.146 ms) : 0, 12146
AgentMeter [candidate] (12.153 ms) : 0, 12153
GlobalTracer [baseline] (259.923 ms) : 0, 259923
GlobalTracer [candidate] (260.438 ms) : 0, 260438
AppSec [baseline] (178.421 ms) : 0, 178421
AppSec [candidate] (178.374 ms) : 0, 178374
Debugger [baseline] (66.277 ms) : 0, 66277
Debugger [candidate] (66.574 ms) : 0, 66574
Remote Config [baseline] (584.742 µs) : 0, 585
Remote Config [candidate] (600.052 µs) : 0, 600
Telemetry [baseline] (8.986 ms) : 0, 8986
Telemetry [candidate] (9.324 ms) : 0, 9324
Flare Poller [baseline] (3.69 ms) : 0, 3690
Flare Poller [candidate] (3.788 ms) : 0, 3788
IAST [baseline] (24.17 ms) : 0, 24170
IAST [candidate] (24.235 ms) : 0, 24235
section iast
crashtracking [baseline] (1.193 ms) : 0, 1193
crashtracking [candidate] (1.208 ms) : 0, 1208
BytebuddyAgent [baseline] (801.463 ms) : 0, 801463
BytebuddyAgent [candidate] (795.791 ms) : 0, 795791
AgentMeter [baseline] (11.434 ms) : 0, 11434
AgentMeter [candidate] (11.345 ms) : 0, 11345
GlobalTracer [baseline] (248.848 ms) : 0, 248848
GlobalTracer [candidate] (248.193 ms) : 0, 248193
AppSec [baseline] (26.673 ms) : 0, 26673
AppSec [candidate] (26.48 ms) : 0, 26480
Debugger [baseline] (67.511 ms) : 0, 67511
Debugger [candidate] (65.034 ms) : 0, 65034
Remote Config [baseline] (529.759 µs) : 0, 530
Remote Config [candidate] (524.34 µs) : 0, 524
Telemetry [baseline] (11.909 ms) : 0, 11909
Telemetry [candidate] (13.859 ms) : 0, 13859
Flare Poller [baseline] (4.04 ms) : 0, 4040
Flare Poller [candidate] (4.58 ms) : 0, 4580
IAST [baseline] (25.297 ms) : 0, 25297
IAST [candidate] (25.195 ms) : 0, 25195
section profiling
crashtracking [baseline] (1.174 ms) : 0, 1174
crashtracking [candidate] (1.175 ms) : 0, 1175
BytebuddyAgent [baseline] (683.027 ms) : 0, 683027
BytebuddyAgent [candidate] (686.975 ms) : 0, 686975
AgentMeter [baseline] (8.648 ms) : 0, 8648
AgentMeter [candidate] (8.687 ms) : 0, 8687
GlobalTracer [baseline] (215.498 ms) : 0, 215498
GlobalTracer [candidate] (216.823 ms) : 0, 216823
AppSec [baseline] (31.822 ms) : 0, 31822
AppSec [candidate] (32.323 ms) : 0, 32323
Debugger [baseline] (63.072 ms) : 0, 63072
Debugger [candidate] (64.902 ms) : 0, 64902
Remote Config [baseline] (599.649 µs) : 0, 600
Remote Config [candidate] (596.952 µs) : 0, 597
Telemetry [baseline] (9.771 ms) : 0, 9771
Telemetry [candidate] (9.045 ms) : 0, 9045
Flare Poller [baseline] (4.269 ms) : 0, 4269
Flare Poller [candidate] (3.505 ms) : 0, 3505
ProfilingAgent [baseline] (93.722 ms) : 0, 93722
ProfilingAgent [candidate] (94.843 ms) : 0, 94843
Profiling [baseline] (94.288 ms) : 0, 94288
Profiling [candidate] (95.41 ms) : 0, 95410
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master oceane.bordeau/sds-attach-sdk-response
git_commit_date 1773436250 1773651978
git_commit_sha 8185dcf d218176
release_version 1.61.0-SNAPSHOT~8185dcf699 1.61.0-SNAPSHOT~d218176c92
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1773654357 1773654357
ci_job_id 1507500297 1507500297
ci_pipeline_id 102603809 102603809
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-eq0x0jrp 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-eq0x0jrp 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 3 performance regressions! Performance is the same for 15 metrics, 17 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_FULL:high_load unsure
[+48.969µs; +261.547µs] or [+0.974%; +5.200%]		 worse
[+258.285µs; +954.921µs] or [+2.183%; +8.073%]		 unstable
[-100.860op/s; +54.360op/s] or [-12.321%; +6.640%]		 5.185ms 12.436ms 795.375op/s 5.030ms 11.829ms 818.625op/s
scenario:load:insecure-bank:profiling:high_load better
[-237.474µs; -84.842µs] or [-12.946%; -4.625%]		 unstable
[-1.540ms; -0.580ms] or [-26.488%; -9.981%]		 unstable
[+104.566op/s; +564.246op/s] or [+5.602%; +30.228%]		 1.673ms 4.754ms 2201.062op/s 1.834ms 5.814ms 1866.656op/s
scenario:load:petclinic:profiling:high_load worse
[+0.570ms; +1.574ms] or [+3.077%; +8.494%]		 unsure
[+0.422ms; +2.036ms] or [+1.396%; +6.734%]		 unstable
[-40.146op/s; +14.084op/s] or [-16.178%; +5.675%]		 19.600ms 31.465ms 235.125op/s 18.528ms 30.236ms 248.156op/s
scenario:load:petclinic:appsec:high_load worse
[+491.602µs; +1253.949µs] or [+2.667%; +6.802%]		 unsure
[+0.477ms; +1.797ms] or [+1.600%; +6.033%]		 unstable
[-37.205op/s; +17.643op/s] or [-15.004%; +7.115%]		 19.307ms 30.926ms 238.188op/s 18.434ms 29.789ms 247.969op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.307 ms) : 19111, 19504
.   : milestone, 19307,
appsec (18.822 ms) : 18634, 19010
.   : milestone, 18822,
code_origins (17.941 ms) : 17759, 18122
.   : milestone, 17941,
iast (17.613 ms) : 17440, 17787
.   : milestone, 17613,
profiling (18.805 ms) : 18615, 18996
.   : milestone, 18805,
tracing (18.016 ms) : 17838, 18195
.   : milestone, 18016,
section candidate
no_agent (19.311 ms) : 19115, 19507
.   : milestone, 19311,
appsec (19.593 ms) : 19393, 19793
.   : milestone, 19593,
code_origins (17.838 ms) : 17663, 18013
.   : milestone, 17838,
iast (17.668 ms) : 17490, 17846
.   : milestone, 17668,
profiling (19.855 ms) : 19653, 20057
.   : milestone, 19855,
tracing (17.736 ms) : 17559, 17912
.   : milestone, 17736,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.307 ms [19.111 ms, 19.504 ms] -
appsec 18.822 ms [18.634 ms, 19.01 ms] -485.534 µs (-2.5%)
code_origins 17.941 ms [17.759 ms, 18.122 ms] -1.367 ms (-7.1%)
iast 17.613 ms [17.44 ms, 17.787 ms] -1.694 ms (-8.8%)
profiling 18.805 ms [18.615 ms, 18.996 ms] -502.018 µs (-2.6%)
tracing 18.016 ms [17.838 ms, 18.195 ms] -1.291 ms (-6.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.311 ms [19.115 ms, 19.507 ms] -
appsec 19.593 ms [19.393 ms, 19.793 ms] 282.154 µs (1.5%)
code_origins 17.838 ms [17.663 ms, 18.013 ms] -1.473 ms (-7.6%)
iast 17.668 ms [17.49 ms, 17.846 ms] -1.643 ms (-8.5%)
profiling 19.855 ms [19.653 ms, 20.057 ms] 544.035 µs (2.8%)
tracing 17.736 ms [17.559 ms, 17.912 ms] -1.575 ms (-8.2%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.195 ms) : 1183, 1207
.   : milestone, 1195,
iast (3.132 ms) : 3088, 3176
.   : milestone, 3132,
iast_FULL (5.644 ms) : 5589, 5700
.   : milestone, 5644,
iast_GLOBAL (3.549 ms) : 3493, 3605
.   : milestone, 3549,
profiling (2.433 ms) : 2405, 2460
.   : milestone, 2433,
tracing (1.887 ms) : 1869, 1904
.   : milestone, 1887,
section candidate
no_agent (1.176 ms) : 1164, 1187
.   : milestone, 1176,
iast (3.064 ms) : 3024, 3105
.   : milestone, 3064,
iast_FULL (5.814 ms) : 5756, 5873
.   : milestone, 5814,
iast_GLOBAL (3.431 ms) : 3378, 3483
.   : milestone, 3431,
profiling (2.053 ms) : 2034, 2071
.   : milestone, 2053,
tracing (1.763 ms) : 1749, 1777
.   : milestone, 1763,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.195 ms [1.183 ms, 1.207 ms] -
iast 3.132 ms [3.088 ms, 3.176 ms] 1.937 ms (162.1%)
iast_FULL 5.644 ms [5.589 ms, 5.7 ms] 4.449 ms (372.3%)
iast_GLOBAL 3.549 ms [3.493 ms, 3.605 ms] 2.354 ms (197.0%)
profiling 2.433 ms [2.405 ms, 2.46 ms] 1.238 ms (103.6%)
tracing 1.887 ms [1.869 ms, 1.904 ms] 691.576 µs (57.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.176 ms [1.164 ms, 1.187 ms] -
iast 3.064 ms [3.024 ms, 3.105 ms] 1.888 ms (160.6%)
iast_FULL 5.814 ms [5.756 ms, 5.873 ms] 4.638 ms (394.4%)
iast_GLOBAL 3.431 ms [3.378 ms, 3.483 ms] 2.255 ms (191.7%)
profiling 2.053 ms [2.034 ms, 2.071 ms] 876.605 µs (74.5%)
tracing 1.763 ms [1.749 ms, 1.777 ms] 587.244 µs (49.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master oceane.bordeau/sds-attach-sdk-response
git_commit_date 1773436250 1773651978
git_commit_sha 8185dcf d218176
release_version 1.61.0-SNAPSHOT~8185dcf699 1.61.0-SNAPSHOT~d218176c92
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1773654179 1773654179
ci_job_id 1507500298 1507500298
ci_pipeline_id 102603809 102603809
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-f8c4fizn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-f8c4fizn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 1 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:appsec better
[-1.372ms; -1.034ms] or [-36.901%; -27.819%]		 2.515ms 3.718ms
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (3.718 ms) : 3503, 3934
.   : milestone, 3718,
iast (2.255 ms) : 2186, 2324
.   : milestone, 2255,
iast_GLOBAL (2.29 ms) : 2221, 2359
.   : milestone, 2290,
profiling (2.072 ms) : 2018, 2127
.   : milestone, 2072,
tracing (2.072 ms) : 2018, 2126
.   : milestone, 2072,
section candidate
no_agent (1.474 ms) : 1462, 1486
.   : milestone, 1474,
appsec (2.515 ms) : 2461, 2570
.   : milestone, 2515,
iast (2.243 ms) : 2174, 2311
.   : milestone, 2243,
iast_GLOBAL (2.292 ms) : 2223, 2362
.   : milestone, 2292,
profiling (2.509 ms) : 2344, 2675
.   : milestone, 2509,
tracing (2.062 ms) : 2009, 2115
.   : milestone, 2062,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.473 ms [1.462 ms, 1.485 ms] -
appsec 3.718 ms [3.503 ms, 3.934 ms] 2.245 ms (152.4%)
iast 2.255 ms [2.186 ms, 2.324 ms] 781.5 µs (53.0%)
iast_GLOBAL 2.29 ms [2.221 ms, 2.359 ms] 816.772 µs (55.4%)
profiling 2.072 ms [2.018 ms, 2.127 ms] 598.943 µs (40.6%)
tracing 2.072 ms [2.018 ms, 2.126 ms] 598.981 µs (40.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.474 ms [1.462 ms, 1.486 ms] -
appsec 2.515 ms [2.461 ms, 2.57 ms] 1.041 ms (70.6%)
iast 2.243 ms [2.174 ms, 2.311 ms] 768.693 µs (52.1%)
iast_GLOBAL 2.292 ms [2.223 ms, 2.362 ms] 818.199 µs (55.5%)
profiling 2.509 ms [2.344 ms, 2.675 ms] 1.035 ms (70.2%)
tracing 2.062 ms [2.009 ms, 2.115 ms] 587.975 µs (39.9%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~d218176c92, baseline=1.61.0-SNAPSHOT~8185dcf699
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.813 s) : 14813000, 14813000
.   : milestone, 14813000,
appsec (14.921 s) : 14921000, 14921000
.   : milestone, 14921000,
iast (18.07 s) : 18070000, 18070000
.   : milestone, 18070000,
iast_GLOBAL (17.702 s) : 17702000, 17702000
.   : milestone, 17702000,
profiling (15.006 s) : 15006000, 15006000
.   : milestone, 15006000,
tracing (15.185 s) : 15185000, 15185000
.   : milestone, 15185000,
section candidate
no_agent (15.673 s) : 15673000, 15673000
.   : milestone, 15673000,
appsec (14.834 s) : 14834000, 14834000
.   : milestone, 14834000,
iast (17.774 s) : 17774000, 17774000
.   : milestone, 17774000,
iast_GLOBAL (17.059 s) : 17059000, 17059000
.   : milestone, 17059000,
profiling (14.944 s) : 14944000, 14944000
.   : milestone, 14944000,
tracing (15.257 s) : 15257000, 15257000
.   : milestone, 15257000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.813 s [14.813 s, 14.813 s] -
appsec 14.921 s [14.921 s, 14.921 s] 108.0 ms (0.7%)
iast 18.07 s [18.07 s, 18.07 s] 3.257 s (22.0%)
iast_GLOBAL 17.702 s [17.702 s, 17.702 s] 2.889 s (19.5%)
profiling 15.006 s [15.006 s, 15.006 s] 193.0 ms (1.3%)
tracing 15.185 s [15.185 s, 15.185 s] 372.0 ms (2.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.673 s [15.673 s, 15.673 s] -
appsec 14.834 s [14.834 s, 14.834 s] -839.0 ms (-5.4%)
iast 17.774 s [17.774 s, 17.774 s] 2.101 s (13.4%)
iast_GLOBAL 17.059 s [17.059 s, 17.059 s] 1.386 s (8.8%)
profiling 14.944 s [14.944 s, 14.944 s] -729.0 ms (-4.7%)
tracing 15.257 s [15.257 s, 15.257 s] -416.0 ms (-2.7%)

@obordeau obordeau marked this pull request as ready for review March 13, 2026 09:24
@obordeau obordeau requested a review from a team as a code owner March 13, 2026 09:24
@github-actions
Copy link
Contributor

github-actions bot commented Mar 13, 2026

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@obordeau obordeau added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) tag: experimental Experimental changes labels Mar 13, 2026
jandro996
jandro996 approved these changes Mar 13, 2026
View reviewed changes
Copy link
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@obordeau obordeau enabled auto-merge March 13, 2026 13:59
@obordeau obordeau disabled auto-merge March 16, 2026 09:06
@obordeau
Copy link
Contributor Author

obordeau commented Mar 16, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 16, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-16 09:27:21 UTC ℹ️ Start processing command /merge
Use /merge -c to cancel this operation!

2026-03-16 09:27:31 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

Use /merge -c to cancel this operation!

2026-03-16 13:02:04 UTC ℹ️ MergeQueue: merge request added to the queue

The expected merge time in master is approximately 2h (p90).

Use /merge -c to cancel this operation!

⏳ Processing

@obordeau obordeau removed the request for review from daniel-romano-DD March 16, 2026 12:59
@obordeau obordeau added comp: asm waf Application Security Management (WAF) and removed comp: asm waf Application Security Management (WAF) labels Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@jandro996 jandro996 jandro996 approved these changes

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) tag: experimental Experimental changes type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@obordeau @manuel-alvarez-alvarez @jandro996