Skip to content

API Security sampling when tracers lack HTTP routes [Rfc 1076]#10424

Draft
jandro996 wants to merge 6 commits intomasterfrom
alejandro.gonzalez/rfc-1076
Draft

API Security sampling when tracers lack HTTP routes [Rfc 1076]#10424
jandro996 wants to merge 6 commits intomasterfrom
alejandro.gonzalez/rfc-1076

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Jan 22, 2026
edited by atlassian bot
Loading

What Does This Do

Implements http.endpoint fallback in the API Security Sampler when http.route is unavailable, enabling sampling of traffic in frameworks that don't provide route information.

  • Reuses EndpointResolver.computeEndpoint() from RFC-1051 (no code duplication)
  • Uses static computation method to avoid tagging the span when endpoint is used as fallback
  • Excludes 404 responses from fallback sampling (failsafe against sampling not-found routes)
  • Caches computed endpoint with boolean flag to prevent multiple computations per request

Motivation

https://docs.google.com/document/d/1GnWwiaw6dkVtgn5f1wcHJETND_Svqd-sJl6FSVVuCkI/edit?pli=1&tab=t.0

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-60824

@pr-commenter
Copy link

pr-commenter bot commented Jan 22, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770105340 1770111115
git_commit_sha 2ffa640 f2779e4
release_version 1.60.0-SNAPSHOT~2ffa640f24 1.60.0-SNAPSHOT~f2779e4292
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770112904 1770112904
ci_job_id 1396266852 1396266852
ci_pipeline_id 94269899 94269899
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-f1ny9bbk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-f1ny9bbk 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 64 metrics, 7 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.071 s) : 0, 1070667
Total [baseline] (8.767 s) : 0, 8767164
Agent [candidate] (1.063 s) : 0, 1063271
Total [candidate] (8.739 s) : 0, 8738500
section iast
Agent [baseline] (1.236 s) : 0, 1236143
Total [baseline] (9.457 s) : 0, 9456928
Agent [candidate] (1.238 s) : 0, 1238330
Total [candidate] (9.429 s) : 0, 9428768
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.071 s -
Agent iast 1.236 s 165.477 ms (15.5%)
Total tracing 8.767 s -
Total iast 9.457 s 689.764 ms (7.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.063 s -
Agent iast 1.238 s 175.059 ms (16.5%)
Total tracing 8.739 s -
Total iast 9.429 s 690.267 ms (7.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.187 ms) : 0, 1187
BytebuddyAgent [baseline] (632.871 ms) : 0, 632871
BytebuddyAgent [candidate] (628.559 ms) : 0, 628559
AgentMeter [baseline] (28.975 ms) : 0, 28975
AgentMeter [candidate] (28.738 ms) : 0, 28738
GlobalTracer [baseline] (259.669 ms) : 0, 259669
GlobalTracer [candidate] (258.192 ms) : 0, 258192
AppSec [baseline] (33.125 ms) : 0, 33125
AppSec [candidate] (32.777 ms) : 0, 32777
Debugger [baseline] (60.082 ms) : 0, 60082
Debugger [candidate] (60.995 ms) : 0, 60995
Remote Config [baseline] (626.419 µs) : 0, 626
Remote Config [candidate] (612.118 µs) : 0, 612
Telemetry [baseline] (13.25 ms) : 0, 13250
Telemetry [candidate] (13.043 ms) : 0, 13043
Flare Poller [baseline] (5.304 ms) : 0, 5304
Flare Poller [candidate] (3.802 ms) : 0, 3802
section iast
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (797.091 ms) : 0, 797091
BytebuddyAgent [candidate] (801.295 ms) : 0, 801295
AgentMeter [baseline] (11.246 ms) : 0, 11246
AgentMeter [candidate] (11.401 ms) : 0, 11401
GlobalTracer [baseline] (250.543 ms) : 0, 250543
GlobalTracer [candidate] (249.185 ms) : 0, 249185
IAST [baseline] (27.496 ms) : 0, 27496
IAST [candidate] (27.01 ms) : 0, 27010
AppSec [baseline] (32.449 ms) : 0, 32449
AppSec [candidate] (33.212 ms) : 0, 33212
Debugger [baseline] (67.92 ms) : 0, 67920
Debugger [candidate] (66.927 ms) : 0, 66927
Remote Config [baseline] (568.854 µs) : 0, 569
Remote Config [candidate] (541.879 µs) : 0, 542
Telemetry [baseline] (8.831 ms) : 0, 8831
Telemetry [candidate] (8.667 ms) : 0, 8667
Flare Poller [baseline] (3.544 ms) : 0, 3544
Flare Poller [candidate] (3.51 ms) : 0, 3510
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.067 s) : 0, 1067002
Total [baseline] (10.958 s) : 0, 10958260
Agent [candidate] (1.072 s) : 0, 1072384
Total [candidate] (10.896 s) : 0, 10895941
section appsec
Agent [baseline] (1.25 s) : 0, 1250005
Total [baseline] (11.121 s) : 0, 11121268
Agent [candidate] (1.241 s) : 0, 1240556
Total [candidate] (11.011 s) : 0, 11011338
section iast
Agent [baseline] (1.235 s) : 0, 1234695
Total [baseline] (11.295 s) : 0, 11295237
Agent [candidate] (1.235 s) : 0, 1235487
Total [candidate] (4.394 s) : 0, 4393895
section profiling
Agent [baseline] (1.198 s) : 0, 1197913
Total [baseline] (11.039 s) : 0, 11038631
Agent [candidate] (1.188 s) : 0, 1188404
Total [candidate] (11.022 s) : 0, 11022308
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.067 s -
Agent appsec 1.25 s 183.003 ms (17.2%)
Agent iast 1.235 s 167.693 ms (15.7%)
Agent profiling 1.198 s 130.911 ms (12.3%)
Total tracing 10.958 s -
Total appsec 11.121 s 163.008 ms (1.5%)
Total iast 11.295 s 336.976 ms (3.1%)
Total profiling 11.039 s 80.371 ms (0.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.072 s -
Agent appsec 1.241 s 168.171 ms (15.7%)
Agent iast 1.235 s 163.103 ms (15.2%)
Agent profiling 1.188 s 116.019 ms (10.8%)
Total tracing 10.896 s -
Total appsec 11.011 s 115.397 ms (1.1%)
Total iast 4.394 s -6.502 s (-59.7%)
Total profiling 11.022 s 126.367 ms (1.2%) 
gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.189 ms) : 0, 1189
crashtracking [candidate] (1.182 ms) : 0, 1182
BytebuddyAgent [baseline] (629.814 ms) : 0, 629814
BytebuddyAgent [candidate] (632.021 ms) : 0, 632021
AgentMeter [baseline] (28.805 ms) : 0, 28805
AgentMeter [candidate] (28.97 ms) : 0, 28970
GlobalTracer [baseline] (258.462 ms) : 0, 258462
GlobalTracer [candidate] (259.461 ms) : 0, 259461
AppSec [baseline] (32.886 ms) : 0, 32886
AppSec [candidate] (33.157 ms) : 0, 33157
Debugger [baseline] (62.216 ms) : 0, 62216
Debugger [candidate] (63.087 ms) : 0, 63087
Remote Config [baseline] (625.62 µs) : 0, 626
Remote Config [candidate] (622.156 µs) : 0, 622
Telemetry [baseline] (11.511 ms) : 0, 11511
Telemetry [candidate] (13.113 ms) : 0, 13113
Flare Poller [baseline] (6.202 ms) : 0, 6202
Flare Poller [candidate] (5.372 ms) : 0, 5372
section appsec
crashtracking [baseline] (1.188 ms) : 0, 1188
crashtracking [candidate] (1.183 ms) : 0, 1183
BytebuddyAgent [baseline] (663.701 ms) : 0, 663701
BytebuddyAgent [candidate] (659.151 ms) : 0, 659151
AgentMeter [baseline] (11.884 ms) : 0, 11884
AgentMeter [candidate] (11.763 ms) : 0, 11763
GlobalTracer [baseline] (260.976 ms) : 0, 260976
GlobalTracer [candidate] (258.912 ms) : 0, 258912
AppSec [baseline] (169.268 ms) : 0, 169268
AppSec [candidate] (167.881 ms) : 0, 167881
Debugger [baseline] (68.024 ms) : 0, 68024
Debugger [candidate] (67.466 ms) : 0, 67466
Remote Config [baseline] (685.229 µs) : 0, 685
Remote Config [candidate] (674.215 µs) : 0, 674
Telemetry [baseline] (9.316 ms) : 0, 9316
Telemetry [candidate] (9.146 ms) : 0, 9146
Flare Poller [baseline] (3.673 ms) : 0, 3673
Flare Poller [candidate] (3.642 ms) : 0, 3642
IAST [baseline] (25.853 ms) : 0, 25853
IAST [candidate] (25.357 ms) : 0, 25357
section iast
crashtracking [baseline] (1.185 ms) : 0, 1185
crashtracking [candidate] (1.181 ms) : 0, 1181
BytebuddyAgent [baseline] (797.211 ms) : 0, 797211
BytebuddyAgent [candidate] (796.148 ms) : 0, 796148
AgentMeter [baseline] (11.158 ms) : 0, 11158
AgentMeter [candidate] (11.082 ms) : 0, 11082
GlobalTracer [baseline] (248.528 ms) : 0, 248528
GlobalTracer [candidate] (247.896 ms) : 0, 247896
AppSec [baseline] (34.555 ms) : 0, 34555
AppSec [candidate] (27.348 ms) : 0, 27348
Debugger [baseline] (66.97 ms) : 0, 66970
Debugger [candidate] (76.844 ms) : 0, 76844
Remote Config [baseline] (549.856 µs) : 0, 550
Remote Config [candidate] (560.474 µs) : 0, 560
Telemetry [baseline] (8.721 ms) : 0, 8721
Telemetry [candidate] (8.607 ms) : 0, 8607
Flare Poller [baseline] (3.451 ms) : 0, 3451
Flare Poller [candidate] (3.442 ms) : 0, 3442
IAST [baseline] (27.039 ms) : 0, 27039
IAST [candidate] (26.808 ms) : 0, 26808
section profiling
ProfilingAgent [baseline] (99.765 ms) : 0, 99765
ProfilingAgent [candidate] (98.702 ms) : 0, 98702
crashtracking [baseline] (1.215 ms) : 0, 1215
crashtracking [candidate] (1.214 ms) : 0, 1214
BytebuddyAgent [baseline] (686.464 ms) : 0, 686464
BytebuddyAgent [candidate] (681.375 ms) : 0, 681375
AgentMeter [baseline] (8.704 ms) : 0, 8704
AgentMeter [candidate] (8.616 ms) : 0, 8616
GlobalTracer [baseline] (217.517 ms) : 0, 217517
GlobalTracer [candidate] (215.77 ms) : 0, 215770
AppSec [baseline] (32.827 ms) : 0, 32827
AppSec [candidate] (32.418 ms) : 0, 32418
Debugger [baseline] (68.042 ms) : 0, 68042
Debugger [candidate] (67.292 ms) : 0, 67292
Remote Config [baseline] (599.37 µs) : 0, 599
Remote Config [candidate] (596.067 µs) : 0, 596
Telemetry [baseline] (8.774 ms) : 0, 8774
Telemetry [candidate] (8.815 ms) : 0, 8815
Flare Poller [baseline] (3.828 ms) : 0, 3828
Flare Poller [candidate] (3.753 ms) : 0, 3753
Profiling [baseline] (100.341 ms) : 0, 100341
Profiling [candidate] (99.275 ms) : 0, 99275
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770105340 1770111115
git_commit_sha 2ffa640 f2779e4
release_version 1.60.0-SNAPSHOT~2ffa640f24 1.60.0-SNAPSHOT~f2779e4292
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770113504 1770113504
ci_job_id 1396266853 1396266853
ci_pipeline_id 94269899 94269899
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-jl136rio 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-jl136rio 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 4 performance improvements and 4 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load better
[-150.197µs; -86.807µs] or [-5.302%; -3.064%]		 better
[-585.696µs; -236.099µs] or [-7.299%; -2.942%]		 unstable
[-59.526op/s; +195.276op/s] or [-4.696%; +15.405%]		 2.714ms 7.613ms 1335.469op/s 2.833ms 8.024ms 1267.594op/s
scenario:load:petclinic:code_origins:high_load worse
[+0.981ms; +1.848ms] or [+5.712%; +10.761%]		 worse
[+1.264ms; +2.790ms] or [+4.494%; +9.921%]		 unstable
[-48.393op/s; +9.018op/s] or [-18.131%; +3.379%]		 18.583ms 30.147ms 247.219op/s 17.169ms 28.120ms 266.906op/s
scenario:load:petclinic:appsec:high_load better
[-1.993ms; -0.901ms] or [-10.108%; -4.571%]		 better
[-2.296ms; -0.784ms] or [-7.312%; -2.497%]		 unstable
[-12.957op/s; +42.207op/s] or [-5.495%; +17.901%]		 18.271ms 29.859ms 250.406op/s 19.718ms 31.399ms 235.781op/s
scenario:load:petclinic:profiling:high_load worse
[+0.751ms; +1.843ms] or [+4.127%; +10.134%]		 worse
[+0.847ms; +2.492ms] or [+2.871%; +8.443%]		 unstable
[-43.464op/s; +11.901op/s] or [-17.192%; +4.708%]		 19.482ms 31.187ms 237.031op/s 18.185ms 29.517ms 252.812op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.193 ms) : 1181, 1205
.   : milestone, 1193,
iast (3.164 ms) : 3122, 3205
.   : milestone, 3164,
iast_FULL (5.853 ms) : 5795, 5912
.   : milestone, 5853,
iast_GLOBAL (3.619 ms) : 3556, 3682
.   : milestone, 3619,
profiling (2.187 ms) : 2165, 2209
.   : milestone, 2187,
tracing (1.806 ms) : 1790, 1822
.   : milestone, 1806,
section candidate
no_agent (1.198 ms) : 1186, 1210
.   : milestone, 1198,
iast (3.184 ms) : 3142, 3227
.   : milestone, 3184,
iast_FULL (5.988 ms) : 5928, 6049
.   : milestone, 5988,
iast_GLOBAL (3.432 ms) : 3383, 3481
.   : milestone, 3432,
profiling (1.99 ms) : 1973, 2008
.   : milestone, 1990,
tracing (1.865 ms) : 1847, 1882
.   : milestone, 1865,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.193 ms [1.181 ms, 1.205 ms] -
iast 3.164 ms [3.122 ms, 3.205 ms] 1.971 ms (165.2%)
iast_FULL 5.853 ms [5.795 ms, 5.912 ms] 4.661 ms (390.8%)
iast_GLOBAL 3.619 ms [3.556 ms, 3.682 ms] 2.427 ms (203.4%)
profiling 2.187 ms [2.165 ms, 2.209 ms] 994.274 µs (83.4%)
tracing 1.806 ms [1.79 ms, 1.822 ms] 613.537 µs (51.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.198 ms [1.186 ms, 1.21 ms] -
iast 3.184 ms [3.142 ms, 3.227 ms] 1.986 ms (165.8%)
iast_FULL 5.988 ms [5.928 ms, 6.049 ms] 4.79 ms (399.8%)
iast_GLOBAL 3.432 ms [3.383 ms, 3.481 ms] 2.234 ms (186.5%)
profiling 1.99 ms [1.973 ms, 2.008 ms] 791.964 µs (66.1%)
tracing 1.865 ms [1.847 ms, 1.882 ms] 666.395 µs (55.6%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.804 ms) : 17624, 17983
.   : milestone, 17804,
appsec (19.804 ms) : 19601, 20007
.   : milestone, 19804,
code_origins (17.481 ms) : 17310, 17652
.   : milestone, 17481,
iast (17.845 ms) : 17667, 18023
.   : milestone, 17845,
profiling (18.462 ms) : 18278, 18646
.   : milestone, 18462,
tracing (17.688 ms) : 17515, 17861
.   : milestone, 17688,
section candidate
no_agent (19.011 ms) : 18813, 19208
.   : milestone, 19011,
appsec (18.638 ms) : 18448, 18828
.   : milestone, 18638,
code_origins (18.88 ms) : 18689, 19071
.   : milestone, 18880,
iast (17.433 ms) : 17260, 17606
.   : milestone, 17433,
profiling (19.694 ms) : 19494, 19894
.   : milestone, 19694,
tracing (17.323 ms) : 17150, 17496
.   : milestone, 17323,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.804 ms [17.624 ms, 17.983 ms] -
appsec 19.804 ms [19.601 ms, 20.007 ms] 2.0 ms (11.2%)
code_origins 17.481 ms [17.31 ms, 17.652 ms] -323.002 µs (-1.8%)
iast 17.845 ms [17.667 ms, 18.023 ms] 41.464 µs (0.2%)
profiling 18.462 ms [18.278 ms, 18.646 ms] 657.886 µs (3.7%)
tracing 17.688 ms [17.515 ms, 17.861 ms] -115.543 µs (-0.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.011 ms [18.813 ms, 19.208 ms] -
appsec 18.638 ms [18.448 ms, 18.828 ms] -372.157 µs (-2.0%)
code_origins 18.88 ms [18.689 ms, 19.071 ms] -130.648 µs (-0.7%)
iast 17.433 ms [17.26 ms, 17.606 ms] -1.577 ms (-8.3%)
profiling 19.694 ms [19.494 ms, 19.894 ms] 683.611 µs (3.6%)
tracing 17.323 ms [17.15 ms, 17.496 ms] -1.687 ms (-8.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/rfc-1076
git_commit_date 1770105340 1770111115
git_commit_sha 2ffa640 f2779e4
release_version 1.60.0-SNAPSHOT~2ffa640f24 1.60.0-SNAPSHOT~f2779e4292
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1770113290 1770113290
ci_job_id 1396266854 1396266854
ci_pipeline_id 94269899 94269899
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-8pum1aa1 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-8pum1aa1 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 1 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:appsec better
[-1.430ms; -1.084ms] or [-38.090%; -28.855%]		 2.498ms 3.755ms
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.529 s) : 15529000, 15529000
.   : milestone, 15529000,
appsec (14.791 s) : 14791000, 14791000
.   : milestone, 14791000,
iast (18.16 s) : 18160000, 18160000
.   : milestone, 18160000,
iast_GLOBAL (18.063 s) : 18063000, 18063000
.   : milestone, 18063000,
profiling (14.715 s) : 14715000, 14715000
.   : milestone, 14715000,
tracing (14.785 s) : 14785000, 14785000
.   : milestone, 14785000,
section candidate
no_agent (14.696 s) : 14696000, 14696000
.   : milestone, 14696000,
appsec (14.745 s) : 14745000, 14745000
.   : milestone, 14745000,
iast (17.97 s) : 17970000, 17970000
.   : milestone, 17970000,
iast_GLOBAL (18.177 s) : 18177000, 18177000
.   : milestone, 18177000,
profiling (15.443 s) : 15443000, 15443000
.   : milestone, 15443000,
tracing (14.595 s) : 14595000, 14595000
.   : milestone, 14595000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.529 s [15.529 s, 15.529 s] -
appsec 14.791 s [14.791 s, 14.791 s] -738.0 ms (-4.8%)
iast 18.16 s [18.16 s, 18.16 s] 2.631 s (16.9%)
iast_GLOBAL 18.063 s [18.063 s, 18.063 s] 2.534 s (16.3%)
profiling 14.715 s [14.715 s, 14.715 s] -814.0 ms (-5.2%)
tracing 14.785 s [14.785 s, 14.785 s] -744.0 ms (-4.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.696 s [14.696 s, 14.696 s] -
appsec 14.745 s [14.745 s, 14.745 s] 49.0 ms (0.3%)
iast 17.97 s [17.97 s, 17.97 s] 3.274 s (22.3%)
iast_GLOBAL 18.177 s [18.177 s, 18.177 s] 3.481 s (23.7%)
profiling 15.443 s [15.443 s, 15.443 s] 747.0 ms (5.1%)
tracing 14.595 s [14.595 s, 14.595 s] -101.0 ms (-0.7%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~f2779e4292, baseline=1.60.0-SNAPSHOT~2ffa640f24
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.469 ms) : 1458, 1481
.   : milestone, 1469,
appsec (3.755 ms) : 3534, 3977
.   : milestone, 3755,
iast (2.25 ms) : 2181, 2319
.   : milestone, 2250,
iast_GLOBAL (2.29 ms) : 2221, 2359
.   : milestone, 2290,
profiling (2.107 ms) : 2050, 2163
.   : milestone, 2107,
tracing (2.056 ms) : 2003, 2110
.   : milestone, 2056,
section candidate
no_agent (1.47 ms) : 1458, 1481
.   : milestone, 1470,
appsec (2.498 ms) : 2444, 2552
.   : milestone, 2498,
iast (2.244 ms) : 2175, 2313
.   : milestone, 2244,
iast_GLOBAL (2.294 ms) : 2224, 2363
.   : milestone, 2294,
profiling (2.496 ms) : 2333, 2659
.   : milestone, 2496,
tracing (2.056 ms) : 2003, 2110
.   : milestone, 2056,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.458 ms, 1.481 ms] -
appsec 3.755 ms [3.534 ms, 3.977 ms] 2.286 ms (155.6%)
iast 2.25 ms [2.181 ms, 2.319 ms] 780.483 µs (53.1%)
iast_GLOBAL 2.29 ms [2.221 ms, 2.359 ms] 820.691 µs (55.9%)
profiling 2.107 ms [2.05 ms, 2.163 ms] 637.109 µs (43.4%)
tracing 2.056 ms [2.003 ms, 2.11 ms] 587.048 µs (40.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.47 ms [1.458 ms, 1.481 ms] -
appsec 2.498 ms [2.444 ms, 2.552 ms] 1.028 ms (70.0%)
iast 2.244 ms [2.175 ms, 2.313 ms] 774.173 µs (52.7%)
iast_GLOBAL 2.294 ms [2.224 ms, 2.363 ms] 823.884 µs (56.1%)
profiling 2.496 ms [2.333 ms, 2.659 ms] 1.026 ms (69.8%)
tracing 2.056 ms [2.003 ms, 2.11 ms] 586.565 µs (39.9%)

@jandro996 jandro996 changed the title WIP - Rfc 1076 API Security sampling when tracers lack HTTP routes [Rfc 1076] Jan 23, 2026
@jandro996 jandro996 added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) labels Jan 23, 2026
@jandro996 jandro996 force-pushed the alejandro.gonzalez/add-apm-trace-metrics-tags branch from b6fd7f4 to 196140a Compare February 3, 2026 08:20
@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 1f3ddc2 to f2779e4 Compare February 3, 2026 09:33
Base automatically changed from alejandro.gonzalez/add-apm-trace-metrics-tags to master February 5, 2026 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996