Add security control metrics

[jandro996]

What Does This Do

Add suppressed.vulnerabilities metrics when a vulnerability is suppressed due to a security control

RFC (Milestone 1)

Motivation

Additional Notes

Metrics

Metrics can be an invaluable tool for understanding the effectiveness and impact of Security Controls. This set of metrics that need to be provided are those involving the frequency of vulnerability suppression by Security Controls.

As these metrics must be correlated to traces, they will be included as tags in the root span of the trace just as they already exist today for source and sink.

For each type of suppressed vulnerability, libraries must include a tag prefixed with _dd.iast.telemetry.suppressed.vulnerabilities and the name of the vulnerability type for which the value is marked as safe, with the number of times that the vulnerability has been suppressed.

Some examples of how to compose the tags:

Metric	Type
_dd.iast.telemetry.suppressed.vulnerabilities.sql_injection	count
_dd.iast.telemetry.suppressed.vulnerabilities.command_injection	count
_dd.iast.telemetry.suppressed.vulnerabilities.xss	count

With the current implementation of the marking system, we lack traceability regarding who added each mark, so we won’t be able to differentiate if it was introduced by a user-defined security control or one of the default language-implemented controls.

To address this, we will define a new mark, CUSTOM_SECURE_MARK, which will be added whenever a user-defined security control applies marks.

This solution is not 100% accurate as this would not ensure that the suppression was due to a secure mark set by a security control.

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

[github-actions]

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

• Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

[manuel-alvarez-alvarez]

The parent method has access to the IastContext you should pass it to the IastMetticCollector#add(IastMetric, byte, int, Object)

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/security-controls-metrics
git_commit_date	1736503404	1736516961
git_commit_sha	22458b3	e17c56a
release_version	1.46.0-SNAPSHOT~22458b3367	1.46.0-SNAPSHOT~e17c56a0a4

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1736519496	1736519496
ci_job_id	761824798	761824798
ci_pipeline_id	52664829	52664829
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 3 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.051 s) : 0, 1051403
Total [baseline] (10.408 s) : 0, 10408331
Agent [candidate] (1.053 s) : 0, 1053399
Total [candidate] (10.425 s) : 0, 10425209
section appsec
Agent [baseline] (1.189 s) : 0, 1189133
Total [baseline] (10.749 s) : 0, 10749360
Agent [candidate] (1.19 s) : 0, 1189548
Total [candidate] (10.755 s) : 0, 10754755
section iast
Agent [baseline] (1.18 s) : 0, 1180077
Total [baseline] (11.013 s) : 0, 11013436
Agent [candidate] (1.178 s) : 0, 1178153
Total [candidate] (11.045 s) : 0, 11044978
section profiling
Agent [baseline] (1.276 s) : 0, 1276494
Total [baseline] (10.901 s) : 0, 10900797
Agent [candidate] (1.277 s) : 0, 1277441
Total [candidate] (10.793 s) : 0, 10793043

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.051 s	-
Agent	appsec	1.189 s	137.73 ms (13.1%)
Agent	iast	1.18 s	128.675 ms (12.2%)
Agent	profiling	1.276 s	225.092 ms (21.4%)
Total	tracing	10.408 s	-
Total	appsec	10.749 s	341.029 ms (3.3%)
Total	iast	11.013 s	605.106 ms (5.8%)
Total	profiling	10.901 s	492.466 ms (4.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	appsec	1.19 s	136.149 ms (12.9%)
Agent	iast	1.178 s	124.754 ms (11.8%)
Agent	profiling	1.277 s	224.042 ms (21.3%)
Total	tracing	10.425 s	-
Total	appsec	10.755 s	329.546 ms (3.2%)
Total	iast	11.045 s	619.769 ms (5.9%)
Total	profiling	10.793 s	367.833 ms (3.5%)

gantt
    title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (711.029 ms) : 0, 711029
BytebuddyAgent [candidate] (711.355 ms) : 0, 711355
GlobalTracer [baseline] (255.293 ms) : 0, 255293
GlobalTracer [candidate] (255.558 ms) : 0, 255558
AppSec [baseline] (55.174 ms) : 0, 55174
AppSec [candidate] (57.17 ms) : 0, 57170
Remote Config [baseline] (727.637 µs) : 0, 728
Remote Config [candidate] (719.029 µs) : 0, 719
Telemetry [baseline] (14.296 ms) : 0, 14296
Telemetry [candidate] (13.678 ms) : 0, 13678
section appsec
BytebuddyAgent [baseline] (730.843 ms) : 0, 730843
BytebuddyAgent [candidate] (731.977 ms) : 0, 731977
GlobalTracer [baseline] (253.993 ms) : 0, 253993
GlobalTracer [candidate] (252.53 ms) : 0, 252530
AppSec [baseline] (170.781 ms) : 0, 170781
AppSec [candidate] (171.389 ms) : 0, 171389
Remote Config [baseline] (662.853 µs) : 0, 663
Remote Config [candidate] (666.035 µs) : 0, 666
Telemetry [baseline] (8.149 ms) : 0, 8149
Telemetry [candidate] (8.193 ms) : 0, 8193
IAST [baseline] (19.459 ms) : 0, 19459
IAST [candidate] (19.572 ms) : 0, 19572
section iast
BytebuddyAgent [baseline] (830.055 ms) : 0, 830055
BytebuddyAgent [candidate] (828.946 ms) : 0, 828946
GlobalTracer [baseline] (246.566 ms) : 0, 246566
GlobalTracer [candidate] (246.005 ms) : 0, 246005
AppSec [baseline] (58.047 ms) : 0, 58047
AppSec [candidate] (57.788 ms) : 0, 57788
Remote Config [baseline] (662.333 µs) : 0, 662
Remote Config [candidate] (648.147 µs) : 0, 648
Telemetry [baseline] (8.751 ms) : 0, 8751
Telemetry [candidate] (8.704 ms) : 0, 8704
IAST [baseline] (21.018 ms) : 0, 21018
IAST [candidate] (21.057 ms) : 0, 21057
section profiling
BytebuddyAgent [baseline] (705.523 ms) : 0, 705523
BytebuddyAgent [candidate] (705.177 ms) : 0, 705177
GlobalTracer [baseline] (368.721 ms) : 0, 368721
GlobalTracer [candidate] (369.553 ms) : 0, 369553
AppSec [baseline] (54.791 ms) : 0, 54791
AppSec [candidate] (54.438 ms) : 0, 54438
Remote Config [baseline] (689.336 µs) : 0, 689
Remote Config [candidate] (709.416 µs) : 0, 709
Telemetry [baseline] (8.801 ms) : 0, 8801
Telemetry [candidate] (8.948 ms) : 0, 8948
ProfilingAgent [baseline] (95.897 ms) : 0, 95897
ProfilingAgent [candidate] (96.492 ms) : 0, 96492
Profiling [baseline] (95.921 ms) : 0, 95921
Profiling [candidate] (96.517 ms) : 0, 96517

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.06 s) : 0, 1059711
Total [baseline] (8.62 s) : 0, 8620326
Agent [candidate] (1.055 s) : 0, 1054963
Total [candidate] (8.624 s) : 0, 8623786
section iast
Agent [baseline] (1.179 s) : 0, 1178785
Total [baseline] (9.181 s) : 0, 9181094
Agent [candidate] (1.181 s) : 0, 1181307
Total [candidate] (9.194 s) : 0, 9194145
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.187 s) : 0, 1186815
Total [baseline] (9.199 s) : 0, 9198514
Agent [candidate] (1.178 s) : 0, 1178399
Total [candidate] (9.155 s) : 0, 9155193
section iast_TELEMETRY_OFF
Agent [baseline] (1.176 s) : 0, 1176456
Total [baseline] (9.233 s) : 0, 9232921
Agent [candidate] (1.179 s) : 0, 1178891
Total [candidate] (9.223 s) : 0, 9223028

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	iast	1.179 s	119.074 ms (11.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.187 s	127.104 ms (12.0%)
Agent	iast_TELEMETRY_OFF	1.176 s	116.745 ms (11.0%)
Total	tracing	8.62 s	-
Total	iast	9.181 s	560.767 ms (6.5%)
Total	iast_HARDCODED_SECRET_DISABLED	9.199 s	578.187 ms (6.7%)
Total	iast_TELEMETRY_OFF	9.233 s	612.595 ms (7.1%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	iast	1.181 s	126.343 ms (12.0%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.178 s	123.436 ms (11.7%)
Agent	iast_TELEMETRY_OFF	1.179 s	123.928 ms (11.7%)
Total	tracing	8.624 s	-
Total	iast	9.194 s	570.359 ms (6.6%)
Total	iast_HARDCODED_SECRET_DISABLED	9.155 s	531.407 ms (6.2%)
Total	iast_TELEMETRY_OFF	9.223 s	599.242 ms (6.9%)

gantt
    title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.368 ms) : 0, 714368
BytebuddyAgent [candidate] (712.326 ms) : 0, 712326
GlobalTracer [baseline] (257.273 ms) : 0, 257273
GlobalTracer [candidate] (257.156 ms) : 0, 257156
AppSec [baseline] (56.402 ms) : 0, 56402
AppSec [candidate] (56.171 ms) : 0, 56171
Remote Config [baseline] (730.176 µs) : 0, 730
Remote Config [candidate] (716.859 µs) : 0, 717
Telemetry [baseline] (15.882 ms) : 0, 15882
Telemetry [candidate] (13.649 ms) : 0, 13649
section iast
BytebuddyAgent [baseline] (829.205 ms) : 0, 829205
BytebuddyAgent [candidate] (830.412 ms) : 0, 830412
GlobalTracer [baseline] (245.909 ms) : 0, 245909
GlobalTracer [candidate] (246.931 ms) : 0, 246931
AppSec [baseline] (58.008 ms) : 0, 58008
AppSec [candidate] (58.258 ms) : 0, 58258
Remote Config [baseline] (667.369 µs) : 0, 667
Remote Config [candidate] (664.597 µs) : 0, 665
Telemetry [baseline] (8.795 ms) : 0, 8795
Telemetry [candidate] (8.76 ms) : 0, 8760
IAST [baseline] (21.236 ms) : 0, 21236
IAST [candidate] (21.319 ms) : 0, 21319
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (835.316 ms) : 0, 835316
BytebuddyAgent [candidate] (828.804 ms) : 0, 828804
GlobalTracer [baseline] (247.594 ms) : 0, 247594
GlobalTracer [candidate] (246.06 ms) : 0, 246060
AppSec [baseline] (58.12 ms) : 0, 58120
AppSec [candidate] (58.102 ms) : 0, 58102
Remote Config [baseline] (662.98 µs) : 0, 663
Remote Config [candidate] (648.457 µs) : 0, 648
Telemetry [baseline] (8.796 ms) : 0, 8796
Telemetry [candidate] (8.682 ms) : 0, 8682
IAST [baseline] (21.23 ms) : 0, 21230
IAST [candidate] (21.097 ms) : 0, 21097
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (827.539 ms) : 0, 827539
BytebuddyAgent [candidate] (828.586 ms) : 0, 828586
GlobalTracer [baseline] (246.36 ms) : 0, 246360
GlobalTracer [candidate] (247.163 ms) : 0, 247163
AppSec [baseline] (57.848 ms) : 0, 57848
AppSec [candidate] (57.932 ms) : 0, 57932
Remote Config [baseline] (631.997 µs) : 0, 632
Remote Config [candidate] (664.4 µs) : 0, 664
Telemetry [baseline] (8.522 ms) : 0, 8522
Telemetry [candidate] (8.682 ms) : 0, 8682
IAST [baseline] (20.559 ms) : 0, 20559
IAST [candidate] (20.909 ms) : 0, 20909

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-01-10T14:01:47	2025-01-10T14:08:46
git_branch	master	alejandro.gonzalez/security-controls-metrics
git_commit_date	1736503404	1736516961
git_commit_sha	22458b3	e17c56a
release_version	1.46.0-SNAPSHOT~22458b3367	1.46.0-SNAPSHOT~e17c56a0a4
start_time	2025-01-10T14:01:33	2025-01-10T14:08:33

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1736518480	1736518480
ci_job_id	761824799	761824799
ci_pipeline_id	52664829	52664829
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367
    dateFormat X
    axisFormat %s
section baseline
no_agent (378.855 µs) : 358, 399
.   : milestone, 379,
iast (491.268 µs) : 470, 513
.   : milestone, 491,
iast_FULL (659.207 µs) : 637, 681
.   : milestone, 659,
iast_GLOBAL (518.358 µs) : 497, 540
.   : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (494.125 µs) : 473, 516
.   : milestone, 494,
iast_INACTIVE (448.718 µs) : 428, 469
.   : milestone, 449,
iast_TELEMETRY_OFF (488.828 µs) : 467, 511
.   : milestone, 489,
tracing (452.135 µs) : 431, 473
.   : milestone, 452,
section candidate
no_agent (381.061 µs) : 361, 401
.   : milestone, 381,
iast (497.004 µs) : 475, 519
.   : milestone, 497,
iast_FULL (657.277 µs) : 636, 679
.   : milestone, 657,
iast_GLOBAL (522.929 µs) : 501, 545
.   : milestone, 523,
iast_HARDCODED_SECRET_DISABLED (492.864 µs) : 471, 515
.   : milestone, 493,
iast_INACTIVE (458.658 µs) : 437, 480
.   : milestone, 459,
iast_TELEMETRY_OFF (484.235 µs) : 463, 506
.   : milestone, 484,
tracing (452.584 µs) : 432, 473
.   : milestone, 453,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	378.855 µs [358.484 µs, 399.227 µs]	-
iast	491.268 µs [469.835 µs, 512.702 µs]	112.413 µs (29.7%)
iast_FULL	659.207 µs [637.463 µs, 680.95 µs]	280.351 µs (74.0%)
iast_GLOBAL	518.358 µs [496.925 µs, 539.792 µs]	139.503 µs (36.8%)
iast_HARDCODED_SECRET_DISABLED	494.125 µs [472.696 µs, 515.553 µs]	115.27 µs (30.4%)
iast_INACTIVE	448.718 µs [427.986 µs, 469.449 µs]	69.862 µs (18.4%)
iast_TELEMETRY_OFF	488.828 µs [467.108 µs, 510.549 µs]	109.973 µs (29.0%)
tracing	452.135 µs [431.087 µs, 473.183 µs]	73.28 µs (19.3%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	381.061 µs [360.734 µs, 401.388 µs]	-
iast	497.004 µs [475.379 µs, 518.63 µs]	115.944 µs (30.4%)
iast_FULL	657.277 µs [635.563 µs, 678.991 µs]	276.216 µs (72.5%)
iast_GLOBAL	522.929 µs [501.035 µs, 544.822 µs]	141.868 µs (37.2%)
iast_HARDCODED_SECRET_DISABLED	492.864 µs [471.198 µs, 514.531 µs]	111.804 µs (29.3%)
iast_INACTIVE	458.658 µs [437.177 µs, 480.139 µs]	77.598 µs (20.4%)
iast_TELEMETRY_OFF	484.235 µs [462.743 µs, 505.726 µs]	103.174 µs (27.1%)
tracing	452.584 µs [431.812 µs, 473.355 µs]	71.523 µs (18.8%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.369 ms) : 1349, 1390
.   : milestone, 1369,
appsec (1.767 ms) : 1744, 1791
.   : milestone, 1767,
appsec_no_iast (1.777 ms) : 1753, 1802
.   : milestone, 1777,
iast (1.517 ms) : 1494, 1540
.   : milestone, 1517,
profiling (1.5 ms) : 1476, 1524
.   : milestone, 1500,
tracing (1.487 ms) : 1461, 1512
.   : milestone, 1487,
section candidate
no_agent (1.366 ms) : 1347, 1385
.   : milestone, 1366,
appsec (1.745 ms) : 1720, 1771
.   : milestone, 1745,
appsec_no_iast (1.778 ms) : 1754, 1803
.   : milestone, 1778,
iast (1.501 ms) : 1478, 1524
.   : milestone, 1501,
profiling (1.5 ms) : 1477, 1524
.   : milestone, 1500,
tracing (1.496 ms) : 1472, 1520
.   : milestone, 1496,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.369 ms [1.349 ms, 1.39 ms]	-
appsec	1.767 ms [1.744 ms, 1.791 ms]	397.967 µs (29.1%)
appsec_no_iast	1.777 ms [1.753 ms, 1.802 ms]	408.045 µs (29.8%)
iast	1.517 ms [1.494 ms, 1.54 ms]	148.031 µs (10.8%)
profiling	1.5 ms [1.476 ms, 1.524 ms]	130.848 µs (9.6%)
tracing	1.487 ms [1.461 ms, 1.512 ms]	117.177 µs (8.6%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.366 ms [1.347 ms, 1.385 ms]	-
appsec	1.745 ms [1.72 ms, 1.771 ms]	379.209 µs (27.8%)
appsec_no_iast	1.778 ms [1.754 ms, 1.803 ms]	412.333 µs (30.2%)
iast	1.501 ms [1.478 ms, 1.524 ms]	134.929 µs (9.9%)
profiling	1.5 ms [1.477 ms, 1.524 ms]	134.41 µs (9.8%)
tracing	1.496 ms [1.472 ms, 1.52 ms]	130.381 µs (9.5%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/security-controls-metrics
git_commit_date	1736503404	1736516961
git_commit_sha	22458b3	e17c56a
release_version	1.46.0-SNAPSHOT~22458b3367	1.46.0-SNAPSHOT~e17c56a0a4

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1736519046	1736519046
ci_job_id	761824800	761824800
ci_pipeline_id	52664829	52664829
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.465 ms) : 1454, 1477
.   : milestone, 1465,
appsec (2.345 ms) : 2302, 2388
.   : milestone, 2345,
iast (2.081 ms) : 2027, 2135
.   : milestone, 2081,
iast_GLOBAL (2.134 ms) : 2080, 2188
.   : milestone, 2134,
profiling (1.961 ms) : 1918, 2005
.   : milestone, 1961,
tracing (1.928 ms) : 1887, 1970
.   : milestone, 1928,
section candidate
no_agent (1.467 ms) : 1456, 1478
.   : milestone, 1467,
appsec (2.335 ms) : 2293, 2378
.   : milestone, 2335,
iast (2.098 ms) : 2044, 2152
.   : milestone, 2098,
iast_GLOBAL (2.132 ms) : 2078, 2186
.   : milestone, 2132,
profiling (1.96 ms) : 1917, 2003
.   : milestone, 1960,
tracing (1.937 ms) : 1896, 1979
.   : milestone, 1937,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.465 ms [1.454 ms, 1.477 ms]	-
appsec	2.345 ms [2.302 ms, 2.388 ms]	879.906 µs (60.1%)
iast	2.081 ms [2.027 ms, 2.135 ms]	615.743 µs (42.0%)
iast_GLOBAL	2.134 ms [2.08 ms, 2.188 ms]	668.656 µs (45.6%)
profiling	1.961 ms [1.918 ms, 2.005 ms]	496.326 µs (33.9%)
tracing	1.928 ms [1.887 ms, 1.97 ms]	463.334 µs (31.6%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.467 ms [1.456 ms, 1.478 ms]	-
appsec	2.335 ms [2.293 ms, 2.378 ms]	868.344 µs (59.2%)
iast	2.098 ms [2.044 ms, 2.152 ms]	630.761 µs (43.0%)
iast_GLOBAL	2.132 ms [2.078 ms, 2.186 ms]	664.895 µs (45.3%)
profiling	1.96 ms [1.917 ms, 2.003 ms]	492.988 µs (33.6%)
tracing	1.937 ms [1.896 ms, 1.979 ms]	470.572 µs (32.1%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~e17c56a0a4, baseline=1.46.0-SNAPSHOT~22458b3367
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.432 s) : 15432000, 15432000
.   : milestone, 15432000,
appsec (14.867 s) : 14867000, 14867000
.   : milestone, 14867000,
iast (18.758 s) : 18758000, 18758000
.   : milestone, 18758000,
iast_GLOBAL (17.748 s) : 17748000, 17748000
.   : milestone, 17748000,
profiling (15.559 s) : 15559000, 15559000
.   : milestone, 15559000,
tracing (14.888 s) : 14888000, 14888000
.   : milestone, 14888000,
section candidate
no_agent (15.458 s) : 15458000, 15458000
.   : milestone, 15458000,
appsec (15.135 s) : 15135000, 15135000
.   : milestone, 15135000,
iast (19.043 s) : 19043000, 19043000
.   : milestone, 19043000,
iast_GLOBAL (18.214 s) : 18214000, 18214000
.   : milestone, 18214000,
profiling (15.192 s) : 15192000, 15192000
.   : milestone, 15192000,
tracing (15.201 s) : 15201000, 15201000
.   : milestone, 15201000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.432 s [15.432 s, 15.432 s]	-
appsec	14.867 s [14.867 s, 14.867 s]	-565.0 ms (-3.7%)
iast	18.758 s [18.758 s, 18.758 s]	3.326 s (21.6%)
iast_GLOBAL	17.748 s [17.748 s, 17.748 s]	2.316 s (15.0%)
profiling	15.559 s [15.559 s, 15.559 s]	127.0 ms (0.8%)
tracing	14.888 s [14.888 s, 14.888 s]	-544.0 ms (-3.5%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.458 s [15.458 s, 15.458 s]	-
appsec	15.135 s [15.135 s, 15.135 s]	-323.0 ms (-2.1%)
iast	19.043 s [19.043 s, 19.043 s]	3.585 s (23.2%)
iast_GLOBAL	18.214 s [18.214 s, 18.214 s]	2.756 s (17.8%)
profiling	15.192 s [15.192 s, 15.192 s]	-266.0 ms (-1.7%)
tracing	15.201 s [15.201 s, 15.201 s]	-257.0 ms (-1.7%)