Fix AWS API Gateway endpoints correlation HTTP span tags - Inferred Proxy Spans

[jandro996]

What Does This Do

This PR implements standardized tags for inferred proxy spans produced by the Java tracer when instrumenting AWS API Gateway (v1 REST and v2 HTTP APIs). The changes align proxy spans with the cross-platform contract defined in RFC-1081 for endpoint discovery and correlation.

Mandatory tags implemented:

• Span naming: aws.httpapi for v2 HTTP API, aws.apigateway for v1 REST (previously only v1 was supported)
• span.kind: set to server
• http.url: prefixed with https:// scheme (was missing, causing backend parsing issues)
• http.route: populated from new x-dd-proxy-resource-path header (resource template, e.g. /users/{id})
• resource.name: uses <Method> <Route> when http.route is available, falls back to <Method> <Path>

Optional tags (set only when the corresponding header is present):

• account_id from x-dd-proxy-account-id
• apiid from x-dd-proxy-api-id
• region from x-dd-proxy-region
• dd_resource_key: computed ARN (arn:aws:apigateway:{region}::/restapis/{api-id} or .../apis/{api-id})

AppSec Tag Propagation

RFC-1081 requires _dd.appsec.enabled and _dd.appsec.json on the inferred proxy span so security activity can be correlated with the API Gateway endpoint.

GatewayBridge.onRequestEnded sets AppSec tags on the service-entry span (where detection occurs). InferredProxySpan.copyAppSecTagsFromServiceEntry(), called from finish(), then copies only those two RFC-required tags to the inferred proxy span — keeping the propagation logic encapsulated in InferredProxySpan.

traceSeg.setTagTop() is still used for _dd.asm.keep and _dd.propagated_trace_source, as sampling decisions require these on the root span immediately.

Motivation

This implementation is required by RFC-1081: Endpoint Discovery & Correlation from Inferred Spans

This PR covers the Inferred Proxy Spans portion of the RFC. The Inferred Lambda Spans portion will be addressed in a separate PR #10576.

Additional Notes

ST checked locally

aws_user excluded: intentionally omitted per RFC guidance due to PII concerns (assumed-role session names may contain user identifiers). Implementation requires explicit approval.

AppSec Bug Fix

When an inferred proxy span is present, it becomes the local root of the trace. HttpServerDecorator.onRequestEndForInstrumentationGateway() was guarded by if (span.getLocalRootSpan() != span) return, which caused it to silently skip the service-entry span — meaning no AppSec tags were set on any span in this scenario.
The fix relaxes the guard to also allow execution when the local root is an inferred proxy span (detected via the _dd.inferred_span tag).

Contributor Checklist

• Format the title according to the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any other useful labels
• Avoid using close, fix, or any linking keywords when referencing an issue
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, migration, or deletion
• Update public documentation with any new configuration flags or behaviors

Jira ticket: APPSEC-61198

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/RFC-1081
git_commit_date	1771513426	1771514763
git_commit_sha	5418feb	a49044a
release_version	1.60.0-SNAPSHOT~5418feb23a	1.60.0-SNAPSHOT~a49044a437

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1771516569	1771516569
ci_job_id	1439726693	1439726693
ci_pipeline_id	97576411	97576411
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-3-s4s7f0s8 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-3-s4s7f0s8 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 62 metrics, 9 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.068 s) : 0, 1067592
Total [baseline] (10.913 s) : 0, 10912509
Agent [candidate] (1.068 s) : 0, 1067974
Total [candidate] (10.852 s) : 0, 10851653
section appsec
Agent [baseline] (1.263 s) : 0, 1262964
Total [baseline] (11.077 s) : 0, 11076732
Agent [candidate] (1.251 s) : 0, 1250825
Total [candidate] (11.239 s) : 0, 11239102
section iast
Agent [baseline] (1.23 s) : 0, 1230348
Total [baseline] (11.287 s) : 0, 11286765
Agent [candidate] (1.229 s) : 0, 1229304
Total [candidate] (11.213 s) : 0, 11213093
section profiling
Agent [baseline] (1.202 s) : 0, 1201947
Total [baseline] (11.036 s) : 0, 11035904
Agent [candidate] (1.201 s) : 0, 1200971
Total [candidate] (11.093 s) : 0, 11093482

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.068 s	-
Agent	appsec	1.263 s	195.372 ms (18.3%)
Agent	iast	1.23 s	162.756 ms (15.2%)
Agent	profiling	1.202 s	134.355 ms (12.6%)
Total	tracing	10.913 s	-
Total	appsec	11.077 s	164.223 ms (1.5%)
Total	iast	11.287 s	374.256 ms (3.4%)
Total	profiling	11.036 s	123.395 ms (1.1%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.068 s	-
Agent	appsec	1.251 s	182.851 ms (17.1%)
Agent	iast	1.229 s	161.33 ms (15.1%)
Agent	profiling	1.201 s	132.997 ms (12.5%)
Total	tracing	10.852 s	-
Total	appsec	11.239 s	387.45 ms (3.6%)
Total	iast	11.213 s	361.44 ms (3.3%)
Total	profiling	11.093 s	241.829 ms (2.2%)

gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.206 ms) : 0, 1206
crashtracking [candidate] (1.194 ms) : 0, 1194
BytebuddyAgent [baseline] (628.086 ms) : 0, 628086
BytebuddyAgent [candidate] (628.749 ms) : 0, 628749
AgentMeter [baseline] (29.169 ms) : 0, 29169
AgentMeter [candidate] (29.116 ms) : 0, 29116
GlobalTracer [baseline] (258.178 ms) : 0, 258178
GlobalTracer [candidate] (257.814 ms) : 0, 257814
AppSec [baseline] (33.033 ms) : 0, 33033
AppSec [candidate] (33.018 ms) : 0, 33018
Debugger [baseline] (66.775 ms) : 0, 66775
Debugger [candidate] (67.559 ms) : 0, 67559
Remote Config [baseline] (622.342 µs) : 0, 622
Remote Config [candidate] (621.584 µs) : 0, 622
Telemetry [baseline] (10.625 ms) : 0, 10625
Telemetry [candidate] (9.941 ms) : 0, 9941
Flare Poller [baseline] (3.809 ms) : 0, 3809
Flare Poller [candidate] (3.771 ms) : 0, 3771
section appsec
crashtracking [baseline] (1.225 ms) : 0, 1225
crashtracking [candidate] (1.202 ms) : 0, 1202
BytebuddyAgent [baseline] (671.15 ms) : 0, 671150
BytebuddyAgent [candidate] (663.277 ms) : 0, 663277
AgentMeter [baseline] (12.149 ms) : 0, 12149
AgentMeter [candidate] (12.147 ms) : 0, 12147
GlobalTracer [baseline] (262.924 ms) : 0, 262924
GlobalTracer [candidate] (261.376 ms) : 0, 261376
IAST [baseline] (26.277 ms) : 0, 26277
IAST [candidate] (25.918 ms) : 0, 25918
AppSec [baseline] (169.981 ms) : 0, 169981
AppSec [candidate] (169.526 ms) : 0, 169526
Debugger [baseline] (68.284 ms) : 0, 68284
Debugger [candidate] (67.184 ms) : 0, 67184
Remote Config [baseline] (682.304 µs) : 0, 682
Remote Config [candidate] (653.739 µs) : 0, 654
Telemetry [baseline] (9.943 ms) : 0, 9943
Telemetry [candidate] (9.537 ms) : 0, 9537
Flare Poller [baseline] (3.882 ms) : 0, 3882
Flare Poller [candidate] (3.74 ms) : 0, 3740
section iast
crashtracking [baseline] (1.183 ms) : 0, 1183
crashtracking [candidate] (1.184 ms) : 0, 1184
BytebuddyAgent [baseline] (794.878 ms) : 0, 794878
BytebuddyAgent [candidate] (793.929 ms) : 0, 793929
AgentMeter [baseline] (11.269 ms) : 0, 11269
AgentMeter [candidate] (11.239 ms) : 0, 11239
GlobalTracer [baseline] (247.27 ms) : 0, 247270
GlobalTracer [candidate] (247.136 ms) : 0, 247136
IAST [baseline] (27.076 ms) : 0, 27076
IAST [candidate] (26.847 ms) : 0, 26847
AppSec [baseline] (34.661 ms) : 0, 34661
AppSec [candidate] (32.291 ms) : 0, 32291
Debugger [baseline] (65.383 ms) : 0, 65383
Debugger [candidate] (68.104 ms) : 0, 68104
Remote Config [baseline] (532.754 µs) : 0, 533
Remote Config [candidate] (547.167 µs) : 0, 547
Telemetry [baseline] (8.689 ms) : 0, 8689
Telemetry [candidate] (8.574 ms) : 0, 8574
Flare Poller [baseline] (3.454 ms) : 0, 3454
Flare Poller [candidate] (3.436 ms) : 0, 3436
section profiling
crashtracking [baseline] (1.226 ms) : 0, 1226
crashtracking [candidate] (1.182 ms) : 0, 1182
BytebuddyAgent [baseline] (688.17 ms) : 0, 688170
BytebuddyAgent [candidate] (688.611 ms) : 0, 688611
AgentMeter [baseline] (8.642 ms) : 0, 8642
AgentMeter [candidate] (8.609 ms) : 0, 8609
GlobalTracer [baseline] (217.745 ms) : 0, 217745
GlobalTracer [candidate] (217.464 ms) : 0, 217464
AppSec [baseline] (32.73 ms) : 0, 32730
AppSec [candidate] (32.833 ms) : 0, 32833
Debugger [baseline] (68.173 ms) : 0, 68173
Debugger [candidate] (67.61 ms) : 0, 67610
Remote Config [baseline] (643.144 µs) : 0, 643
Remote Config [candidate] (643.163 µs) : 0, 643
Telemetry [baseline] (9.253 ms) : 0, 9253
Telemetry [candidate] (9.22 ms) : 0, 9220
Flare Poller [baseline] (3.808 ms) : 0, 3808
Flare Poller [candidate] (3.781 ms) : 0, 3781
ProfilingAgent [baseline] (100.472 ms) : 0, 100472
ProfilingAgent [candidate] (99.994 ms) : 0, 99994
Profiling [baseline] (101.045 ms) : 0, 101045
Profiling [candidate] (100.574 ms) : 0, 100574

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.079 s) : 0, 1079371
Total [baseline] (8.771 s) : 0, 8770757
Agent [candidate] (1.063 s) : 0, 1062846
Total [candidate] (8.74 s) : 0, 8740033
section iast
Agent [baseline] (1.232 s) : 0, 1232188
Total [baseline] (9.431 s) : 0, 9430660
Agent [candidate] (1.229 s) : 0, 1228914
Total [candidate] (9.418 s) : 0, 9417686

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.079 s	-
Agent	iast	1.232 s	152.817 ms (14.2%)
Total	tracing	8.771 s	-
Total	iast	9.431 s	659.903 ms (7.5%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.063 s	-
Agent	iast	1.229 s	166.068 ms (15.6%)
Total	tracing	8.74 s	-
Total	iast	9.418 s	677.654 ms (7.8%)

gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.208 ms) : 0, 1208
crashtracking [candidate] (1.184 ms) : 0, 1184
BytebuddyAgent [baseline] (636.137 ms) : 0, 636137
BytebuddyAgent [candidate] (627.034 ms) : 0, 627034
AgentMeter [baseline] (29.475 ms) : 0, 29475
AgentMeter [candidate] (29.009 ms) : 0, 29009
GlobalTracer [baseline] (260.288 ms) : 0, 260288
GlobalTracer [candidate] (257.311 ms) : 0, 257311
AppSec [baseline] (33.66 ms) : 0, 33660
AppSec [candidate] (32.924 ms) : 0, 32924
Debugger [baseline] (64.706 ms) : 0, 64706
Debugger [candidate] (62.834 ms) : 0, 62834
Remote Config [baseline] (634.691 µs) : 0, 635
Remote Config [candidate] (633.744 µs) : 0, 634
Telemetry [baseline] (12.252 ms) : 0, 12252
Telemetry [candidate] (11.445 ms) : 0, 11445
Flare Poller [baseline] (4.657 ms) : 0, 4657
Flare Poller [candidate] (4.39 ms) : 0, 4390
section iast
crashtracking [baseline] (1.195 ms) : 0, 1195
crashtracking [candidate] (1.195 ms) : 0, 1195
BytebuddyAgent [baseline] (795.504 ms) : 0, 795504
BytebuddyAgent [candidate] (794.189 ms) : 0, 794189
AgentMeter [baseline] (11.349 ms) : 0, 11349
AgentMeter [candidate] (11.29 ms) : 0, 11290
GlobalTracer [baseline] (248.542 ms) : 0, 248542
GlobalTracer [candidate] (247.763 ms) : 0, 247763
IAST [baseline] (27.069 ms) : 0, 27069
IAST [candidate] (27.13 ms) : 0, 27130
AppSec [baseline] (33.314 ms) : 0, 33314
AppSec [candidate] (33.753 ms) : 0, 33753
Debugger [baseline] (66.487 ms) : 0, 66487
Debugger [candidate] (65.158 ms) : 0, 65158
Remote Config [baseline] (535.085 µs) : 0, 535
Remote Config [candidate] (531.764 µs) : 0, 532
Telemetry [baseline] (8.651 ms) : 0, 8651
Telemetry [candidate] (8.59 ms) : 0, 8590
Flare Poller [baseline] (3.455 ms) : 0, 3455
Flare Poller [candidate] (3.389 ms) : 0, 3389

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/RFC-1081
git_commit_date	1771513426	1771514763
git_commit_sha	5418feb	a49044a
release_version	1.60.0-SNAPSHOT~5418feb23a	1.60.0-SNAPSHOT~a49044a437

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1771517129	1771517129
ci_job_id	1439726696	1439726696
ci_pipeline_id	97576411	97576411
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-3-i0x1o6pc 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-3-i0x1o6pc 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 18 metrics, 16 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:petclinic:code_origins:high_load	worse [+477.116µs; +941.017µs] or [+2.776%; +5.475%]	unsure [+192.645µs; +1321.571µs] or [+0.679%; +4.660%]	unstable [-34.267op/s; +14.079op/s] or [-12.929%; +5.312%]	17.897ms	29.119ms	254.938op/s	17.188ms	28.362ms	265.031op/s
scenario:load:petclinic:profiling:high_load	better [-919.418µs; -440.019µs] or [-4.825%; -2.309%]	unsure [-1585.509µs; -129.867µs] or [-5.211%; -0.427%]	unstable [-15.297op/s; +30.360op/s] or [-6.313%; +12.529%]	18.375ms	29.570ms	249.844op/s	19.055ms	30.428ms	242.312op/s

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.255 ms) : 1242, 1268
.   : milestone, 1255,
iast (3.18 ms) : 3136, 3224
.   : milestone, 3180,
iast_FULL (5.809 ms) : 5751, 5866
.   : milestone, 5809,
iast_GLOBAL (3.582 ms) : 3530, 3634
.   : milestone, 3582,
profiling (2.105 ms) : 2086, 2124
.   : milestone, 2105,
tracing (1.78 ms) : 1765, 1795
.   : milestone, 1780,
section candidate
no_agent (1.18 ms) : 1168, 1192
.   : milestone, 1180,
iast (3.106 ms) : 3068, 3143
.   : milestone, 3106,
iast_FULL (5.967 ms) : 5906, 6027
.   : milestone, 5967,
iast_GLOBAL (3.672 ms) : 3603, 3741
.   : milestone, 3672,
profiling (2.138 ms) : 2118, 2157
.   : milestone, 2138,
tracing (1.783 ms) : 1768, 1798
.   : milestone, 1783,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.255 ms [1.242 ms, 1.268 ms]	-
iast	3.18 ms [3.136 ms, 3.224 ms]	1.925 ms (153.4%)
iast_FULL	5.809 ms [5.751 ms, 5.866 ms]	4.554 ms (362.9%)
iast_GLOBAL	3.582 ms [3.53 ms, 3.634 ms]	2.327 ms (185.5%)
profiling	2.105 ms [2.086 ms, 2.124 ms]	850.065 µs (67.7%)
tracing	1.78 ms [1.765 ms, 1.795 ms]	524.673 µs (41.8%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.18 ms [1.168 ms, 1.192 ms]	-
iast	3.106 ms [3.068 ms, 3.143 ms]	1.926 ms (163.2%)
iast_FULL	5.967 ms [5.906 ms, 6.027 ms]	4.786 ms (405.6%)
iast_GLOBAL	3.672 ms [3.603 ms, 3.741 ms]	2.492 ms (211.1%)
profiling	2.138 ms [2.118 ms, 2.157 ms]	957.361 µs (81.1%)
tracing	1.783 ms [1.768 ms, 1.798 ms]	602.98 µs (51.1%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.109 ms) : 18915, 19303
.   : milestone, 19109,
appsec (18.535 ms) : 18347, 18723
.   : milestone, 18535,
code_origins (17.607 ms) : 17433, 17782
.   : milestone, 17607,
iast (17.416 ms) : 17244, 17589
.   : milestone, 17416,
profiling (19.263 ms) : 19073, 19454
.   : milestone, 19263,
tracing (17.701 ms) : 17528, 17874
.   : milestone, 17701,
section candidate
no_agent (18.166 ms) : 17973, 18359
.   : milestone, 18166,
appsec (18.314 ms) : 18126, 18503
.   : milestone, 18314,
code_origins (18.307 ms) : 18123, 18490
.   : milestone, 18307,
iast (17.742 ms) : 17565, 17920
.   : milestone, 17742,
profiling (18.681 ms) : 18494, 18868
.   : milestone, 18681,
tracing (17.489 ms) : 17316, 17663
.   : milestone, 17489,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	19.109 ms [18.915 ms, 19.303 ms]	-
appsec	18.535 ms [18.347 ms, 18.723 ms]	-574.145 µs (-3.0%)
code_origins	17.607 ms [17.433 ms, 17.782 ms]	-1.501 ms (-7.9%)
iast	17.416 ms [17.244 ms, 17.589 ms]	-1.692 ms (-8.9%)
profiling	19.263 ms [19.073 ms, 19.454 ms]	154.488 µs (0.8%)
tracing	17.701 ms [17.528 ms, 17.874 ms]	-1.408 ms (-7.4%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	18.166 ms [17.973 ms, 18.359 ms]	-
appsec	18.314 ms [18.126 ms, 18.503 ms]	148.616 µs (0.8%)
code_origins	18.307 ms [18.123 ms, 18.49 ms]	140.973 µs (0.8%)
iast	17.742 ms [17.565 ms, 17.92 ms]	-423.437 µs (-2.3%)
profiling	18.681 ms [18.494 ms, 18.868 ms]	515.411 µs (2.8%)
tracing	17.489 ms [17.316 ms, 17.663 ms]	-676.471 µs (-3.7%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/RFC-1081
git_commit_date	1771513426	1771514763
git_commit_sha	5418feb	a49044a
release_version	1.60.0-SNAPSHOT~5418feb23a	1.60.0-SNAPSHOT~a49044a437

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1771516883	1771516883
ci_job_id	1439726698	1439726698
ci_pipeline_id	97576411	97576411
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-4-j1ms356w 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-4-j1ms356w 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.478 ms) : 1467, 1490
.   : milestone, 1478,
appsec (3.82 ms) : 3597, 4043
.   : milestone, 3820,
iast (2.25 ms) : 2181, 2318
.   : milestone, 2250,
iast_GLOBAL (2.305 ms) : 2235, 2375
.   : milestone, 2305,
profiling (2.088 ms) : 2033, 2142
.   : milestone, 2088,
tracing (2.074 ms) : 2021, 2128
.   : milestone, 2074,
section candidate
no_agent (1.48 ms) : 1469, 1492
.   : milestone, 1480,
appsec (3.789 ms) : 3567, 4011
.   : milestone, 3789,
iast (2.26 ms) : 2191, 2329
.   : milestone, 2260,
iast_GLOBAL (2.305 ms) : 2235, 2374
.   : milestone, 2305,
profiling (2.117 ms) : 2060, 2174
.   : milestone, 2117,
tracing (2.062 ms) : 2008, 2115
.   : milestone, 2062,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.478 ms [1.467 ms, 1.49 ms]	-
appsec	3.82 ms [3.597 ms, 4.043 ms]	2.341 ms (158.4%)
iast	2.25 ms [2.181 ms, 2.318 ms]	771.25 µs (52.2%)
iast_GLOBAL	2.305 ms [2.235 ms, 2.375 ms]	826.527 µs (55.9%)
profiling	2.088 ms [2.033 ms, 2.142 ms]	609.192 µs (41.2%)
tracing	2.074 ms [2.021 ms, 2.128 ms]	595.964 µs (40.3%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.48 ms [1.469 ms, 1.492 ms]	-
appsec	3.789 ms [3.567 ms, 4.011 ms]	2.309 ms (156.0%)
iast	2.26 ms [2.191 ms, 2.329 ms]	779.875 µs (52.7%)
iast_GLOBAL	2.305 ms [2.235 ms, 2.374 ms]	824.709 µs (55.7%)
profiling	2.117 ms [2.06 ms, 2.174 ms]	636.94 µs (43.0%)
tracing	2.062 ms [2.008 ms, 2.115 ms]	581.596 µs (39.3%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~a49044a437, baseline=1.60.0-SNAPSHOT~5418feb23a
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.964 s) : 14964000, 14964000
.   : milestone, 14964000,
appsec (14.694 s) : 14694000, 14694000
.   : milestone, 14694000,
iast (18.205 s) : 18205000, 18205000
.   : milestone, 18205000,
iast_GLOBAL (17.968 s) : 17968000, 17968000
.   : milestone, 17968000,
profiling (14.691 s) : 14691000, 14691000
.   : milestone, 14691000,
tracing (14.715 s) : 14715000, 14715000
.   : milestone, 14715000,
section candidate
no_agent (14.876 s) : 14876000, 14876000
.   : milestone, 14876000,
appsec (14.66 s) : 14660000, 14660000
.   : milestone, 14660000,
iast (18.471 s) : 18471000, 18471000
.   : milestone, 18471000,
iast_GLOBAL (17.978 s) : 17978000, 17978000
.   : milestone, 17978000,
profiling (15.386 s) : 15386000, 15386000
.   : milestone, 15386000,
tracing (14.647 s) : 14647000, 14647000
.   : milestone, 14647000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.964 s [14.964 s, 14.964 s]	-
appsec	14.694 s [14.694 s, 14.694 s]	-270.0 ms (-1.8%)
iast	18.205 s [18.205 s, 18.205 s]	3.241 s (21.7%)
iast_GLOBAL	17.968 s [17.968 s, 17.968 s]	3.004 s (20.1%)
profiling	14.691 s [14.691 s, 14.691 s]	-273.0 ms (-1.8%)
tracing	14.715 s [14.715 s, 14.715 s]	-249.0 ms (-1.7%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.876 s [14.876 s, 14.876 s]	-
appsec	14.66 s [14.66 s, 14.66 s]	-216.0 ms (-1.5%)
iast	18.471 s [18.471 s, 18.471 s]	3.595 s (24.2%)
iast_GLOBAL	17.978 s [17.978 s, 17.978 s]	3.102 s (20.9%)
profiling	15.386 s [15.386 s, 15.386 s]	510.0 ms (3.4%)
tracing	14.647 s [14.647 s, 14.647 s]	-229.0 ms (-1.5%)

[github-actions]

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

• Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 06ba1cf584

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 883f1cbd9c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".