Skip to content

Add Security Response ID #10133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jandro996 merged 13 commits into from
Dec 19, 2025
Merged

Add Security Response ID #10133

jandro996 merged 13 commits into from
Dec 19, 2025

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Dec 9, 2025
edited
Loading

What Does This Do

This PR adds support for extracting and emitting a unique security_response_id (UUIDv4 format) in AppSec blocking responses, generated by libddwaf v17.3.0

Implementation flow:

  1. Extraction (WAFModule.java): When libddwaf triggers a blocking action, extract the security_response_id from actionInfo.parameters and pass it to RequestBlockingAction constructor
  2. Propagation (Flow.java): Add securityResponseId field to RequestBlockingAction class with getter method and update all constructors (including forRedirect() factory method)
  3. Servlet Integration: Update all blocking helper implementations to pass securityResponseId through to template rendering
  4. Template Rendering (BlockingActionHelper.java):
    - Add blockId parameter to getTemplate() method
    - Replace {security_response_id} placeholder in HTML template
    - Add security_response_id field in JSON template
    - Append ?security_response_id=<uuid> to redirect URLs

Result: Blocking responses now include the unique identifier in all response types (JSON, HTML, redirect), enabling customers to track and debug specific blocking events.

Motivation

Per RFC-1070, libddwaf v17.3.0 generates a UUIDv4 as security_response_id in action parameters to provide unique identifiers for each blocking event. This PR implements the required changes:

  • Extract: Retrieve security_response_id from libddwaf action parameters in WAFModule.java
  • Propagate: Add blockId field to Flow.Action.RequestBlockingAction and pass it through all servlet blocking helpers
  • Emit:
    • JSON responses: Include as "security_response_id": "" field
    • HTML responses: Replace {security_response_id} placeholder with actual UUID
    • Redirect responses: Append as URL query parameter ?security_response_id=

This enables customers to uniquely identify and track specific blocking events for debugging and analysis.

Additional Notes

Contributor Checklist

Jira ticket: [APPSEC-60242]

@jandro996 jandro996 added type: enhancement Enhancements and improvements comp: asm waf Application Security Management (WAF) labels Dec 9, 2025
@pr-commenter
Copy link

pr-commenter bot commented Dec 9, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/security-response-id
git_commit_date 1766134964 1766136430
git_commit_sha cce064e b9fe46c
release_version 1.58.0-SNAPSHOT~cce064ecfd 1.58.0-SNAPSHOT~b9fe46cf4d
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1766138244 1766138244
ci_job_id 1308816315 1308816315
ci_pipeline_id 87738495 87738495
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-gt33fzbn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-gt33fzbn 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 56 metrics, 9 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.082 s) : 0, 1082438
Total [baseline] (8.741 s) : 0, 8741023
Agent [candidate] (1.1 s) : 0, 1099992
Total [candidate] (8.74 s) : 0, 8739597
section iast
Agent [baseline] (1.228 s) : 0, 1227642
Total [baseline] (9.35 s) : 0, 9350055
Agent [candidate] (1.222 s) : 0, 1221644
Total [candidate] (9.321 s) : 0, 9320561
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.082 s -
Agent iast 1.228 s 145.203 ms (13.4%)
Total tracing 8.741 s -
Total iast 9.35 s 609.031 ms (7.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.1 s -
Agent iast 1.222 s 121.652 ms (11.1%)
Total tracing 8.74 s -
Total iast 9.321 s 580.964 ms (6.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.191 ms) : 0, 1191
crashtracking [candidate] (1.211 ms) : 0, 1211
BytebuddyAgent [baseline] (650.54 ms) : 0, 650540
BytebuddyAgent [candidate] (661.273 ms) : 0, 661273
GlobalTracer [baseline] (282.337 ms) : 0, 282337
GlobalTracer [candidate] (286.892 ms) : 0, 286892
AppSec [baseline] (32.289 ms) : 0, 32289
AppSec [candidate] (33.05 ms) : 0, 33050
Debugger [baseline] (67.055 ms) : 0, 67055
Debugger [candidate] (68.367 ms) : 0, 68367
Remote Config [baseline] (636.519 µs) : 0, 637
Remote Config [candidate] (603.746 µs) : 0, 604
Telemetry [baseline] (9.081 ms) : 0, 9081
Telemetry [candidate] (8.955 ms) : 0, 8955
Flare Poller [baseline] (3.766 ms) : 0, 3766
Flare Poller [candidate] (3.748 ms) : 0, 3748
section iast
crashtracking [baseline] (1.214 ms) : 0, 1214
crashtracking [candidate] (1.192 ms) : 0, 1192
BytebuddyAgent [baseline] (793.736 ms) : 0, 793736
BytebuddyAgent [candidate] (790.648 ms) : 0, 790648
GlobalTracer [baseline] (256.876 ms) : 0, 256876
GlobalTracer [candidate] (255.046 ms) : 0, 255046
IAST [baseline] (27.257 ms) : 0, 27257
IAST [candidate] (27.053 ms) : 0, 27053
AppSec [baseline] (33.707 ms) : 0, 33707
AppSec [candidate] (32.582 ms) : 0, 32582
Debugger [baseline] (66.666 ms) : 0, 66666
Debugger [candidate] (67.232 ms) : 0, 67232
Remote Config [baseline] (608.979 µs) : 0, 609
Remote Config [candidate] (584.858 µs) : 0, 585
Telemetry [baseline] (8.62 ms) : 0, 8620
Telemetry [candidate] (8.469 ms) : 0, 8469
Flare Poller [baseline] (3.574 ms) : 0, 3574
Flare Poller [candidate] (3.524 ms) : 0, 3524
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.096 s) : 0, 1095537
Total [baseline] (10.866 s) : 0, 10866046
Agent [candidate] (1.084 s) : 0, 1084429
Total [candidate] (10.847 s) : 0, 10846775
section appsec
Agent [baseline] (1.271 s) : 0, 1271376
Total [baseline] (10.963 s) : 0, 10963111
Agent [candidate] (1.268 s) : 0, 1267752
Total [candidate] (10.902 s) : 0, 10902311
section iast
Agent [baseline] (1.232 s) : 0, 1231920
Total [baseline] (11.23 s) : 0, 11230156
Agent [candidate] (1.243 s) : 0, 1242922
Total [candidate] (11.286 s) : 0, 11286047
section profiling
Agent [baseline] (1.206 s) : 0, 1206143
Total [baseline] (10.894 s) : 0, 10894395
Agent [candidate] (1.214 s) : 0, 1213673
Total [candidate] (11.001 s) : 0, 11000626
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.096 s -
Agent appsec 1.271 s 175.839 ms (16.1%)
Agent iast 1.232 s 136.383 ms (12.4%)
Agent profiling 1.206 s 110.606 ms (10.1%)
Total tracing 10.866 s -
Total appsec 10.963 s 97.064 ms (0.9%)
Total iast 11.23 s 364.11 ms (3.4%)
Total profiling 10.894 s 28.348 ms (0.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent appsec 1.268 s 183.323 ms (16.9%)
Agent iast 1.243 s 158.493 ms (14.6%)
Agent profiling 1.214 s 129.244 ms (11.9%)
Total tracing 10.847 s -
Total appsec 10.902 s 55.536 ms (0.5%)
Total iast 11.286 s 439.271 ms (4.0%)
Total profiling 11.001 s 153.851 ms (1.4%) 
gantt
    title petclinic - break down per module: candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.211 ms) : 0, 1211
crashtracking [candidate] (1.175 ms) : 0, 1175
BytebuddyAgent [baseline] (658.224 ms) : 0, 658224
BytebuddyAgent [candidate] (650.781 ms) : 0, 650781
GlobalTracer [baseline] (285.659 ms) : 0, 285659
GlobalTracer [candidate] (283.391 ms) : 0, 283391
AppSec [baseline] (32.814 ms) : 0, 32814
AppSec [candidate] (32.293 ms) : 0, 32293
Debugger [baseline] (68.314 ms) : 0, 68314
Debugger [candidate] (68.065 ms) : 0, 68065
Remote Config [baseline] (616.882 µs) : 0, 617
Remote Config [candidate] (604.442 µs) : 0, 604
Telemetry [baseline] (9.186 ms) : 0, 9186
Telemetry [candidate] (9.042 ms) : 0, 9042
Flare Poller [baseline] (3.725 ms) : 0, 3725
Flare Poller [candidate] (3.692 ms) : 0, 3692
section appsec
crashtracking [baseline] (1.195 ms) : 0, 1195
crashtracking [candidate] (1.176 ms) : 0, 1176
BytebuddyAgent [baseline] (693.869 ms) : 0, 693869
BytebuddyAgent [candidate] (692.604 ms) : 0, 692604
GlobalTracer [baseline] (259.892 ms) : 0, 259892
GlobalTracer [candidate] (259.183 ms) : 0, 259183
IAST [baseline] (24.765 ms) : 0, 24765
IAST [candidate] (24.652 ms) : 0, 24652
AppSec [baseline] (173.93 ms) : 0, 173930
AppSec [candidate] (173.024 ms) : 0, 173024
Debugger [baseline] (68.545 ms) : 0, 68545
Debugger [candidate] (67.947 ms) : 0, 67947
Remote Config [baseline] (736.919 µs) : 0, 737
Remote Config [candidate] (724.617 µs) : 0, 725
Telemetry [baseline] (8.991 ms) : 0, 8991
Telemetry [candidate] (8.916 ms) : 0, 8916
Flare Poller [baseline] (3.756 ms) : 0, 3756
Flare Poller [candidate] (3.941 ms) : 0, 3941
section iast
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.199 ms) : 0, 1199
BytebuddyAgent [baseline] (797.3 ms) : 0, 797300
BytebuddyAgent [candidate] (804.582 ms) : 0, 804582
GlobalTracer [baseline] (257.375 ms) : 0, 257375
GlobalTracer [candidate] (259.269 ms) : 0, 259269
IAST [baseline] (27.29 ms) : 0, 27290
IAST [candidate] (27.559 ms) : 0, 27559
AppSec [baseline] (35.511 ms) : 0, 35511
AppSec [candidate] (32.566 ms) : 0, 32566
Debugger [baseline] (65.022 ms) : 0, 65022
Debugger [candidate] (69.328 ms) : 0, 69328
Remote Config [baseline] (578.982 µs) : 0, 579
Remote Config [candidate] (601.981 µs) : 0, 602
Telemetry [baseline] (8.54 ms) : 0, 8540
Telemetry [candidate] (8.618 ms) : 0, 8618
Flare Poller [baseline] (3.602 ms) : 0, 3602
Flare Poller [candidate] (3.543 ms) : 0, 3543
section profiling
crashtracking [baseline] (1.216 ms) : 0, 1216
crashtracking [candidate] (1.245 ms) : 0, 1245
BytebuddyAgent [baseline] (703.397 ms) : 0, 703397
BytebuddyAgent [candidate] (707.876 ms) : 0, 707876
GlobalTracer [baseline] (220.994 ms) : 0, 220994
GlobalTracer [candidate] (222.338 ms) : 0, 222338
AppSec [baseline] (32.115 ms) : 0, 32115
AppSec [candidate] (32.367 ms) : 0, 32367
Debugger [baseline] (68.158 ms) : 0, 68158
Debugger [candidate] (68.974 ms) : 0, 68974
Remote Config [baseline] (671.091 µs) : 0, 671
Remote Config [candidate] (673.732 µs) : 0, 674
Telemetry [baseline] (8.879 ms) : 0, 8879
Telemetry [candidate] (8.735 ms) : 0, 8735
Flare Poller [baseline] (3.753 ms) : 0, 3753
Flare Poller [candidate] (3.748 ms) : 0, 3748
ProfilingAgent [baseline] (97.174 ms) : 0, 97174
ProfilingAgent [candidate] (97.567 ms) : 0, 97567
Profiling [baseline] (97.753 ms) : 0, 97753
Profiling [candidate] (98.141 ms) : 0, 98141
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/security-response-id
git_commit_date 1766134964 1766136430
git_commit_sha cce064e b9fe46c
release_version 1.58.0-SNAPSHOT~cce064ecfd 1.58.0-SNAPSHOT~b9fe46cf4d
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1766138739 1766138739
ci_job_id 1308816317 1308816317
ci_pipeline_id 87738495 87738495
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-r9y3qkre 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-r9y3qkre 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 6 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load better
[-441.358µs; -162.966µs] or [-14.870%; -5.491%]		 unstable
[-1268.312µs; -295.581µs] or [-15.321%; -3.571%]		 unstable
[-118.132op/s; +185.319op/s] or [-9.565%; +15.005%]		 2.666ms 7.496ms 1268.656op/s 2.968ms 8.278ms 1235.062op/s
scenario:load:insecure-bank:iast:high_load better
[-151.928µs; -79.458µs] or [-5.960%; -3.117%]		 same
[-366.151µs; +29.208µs] or [-4.961%; +0.396%]		 unstable
[-89.919op/s; +187.044op/s] or [-6.394%; +13.300%]		 2.434ms 7.213ms 1454.906op/s 2.549ms 7.381ms 1406.344op/s
scenario:load:insecure-bank:iast_FULL:high_load better
[-740.454µs; -422.848µs] or [-13.497%; -7.708%]		 better
[-1.705ms; -0.971ms] or [-13.071%; -7.447%]		 unstable
[+4.539op/s; +154.086op/s] or [+0.601%; +20.417%]		 4.904ms 11.705ms 834.000op/s 5.486ms 13.044ms 754.688op/s
scenario:load:petclinic:profiling:high_load better
[-1447.800µs; -403.868µs] or [-7.480%; -2.087%]		 unsure
[-1757.801µs; -61.690µs] or [-5.666%; -0.199%]		 unstable
[-16.534op/s; +35.221op/s] or [-6.933%; +14.770%]		 18.430ms 30.112ms 247.812op/s 19.356ms 31.022ms 238.469op/s
scenario:load:petclinic:no_agent:high_load better
[-1.916ms; -0.699ms] or [-10.275%; -3.746%]		 unsure
[-2.706ms; -0.285ms] or [-8.791%; -0.925%]		 unstable
[-10.832op/s; +44.270op/s] or [-4.434%; +18.120%]		 17.338ms 29.289ms 261.031op/s 18.646ms 30.784ms 244.312op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.179 ms) : 1167, 1191
.   : milestone, 1179,
iast (3.253 ms) : 3215, 3291
.   : milestone, 3253,
iast_FULL (6.128 ms) : 6065, 6191
.   : milestone, 6128,
iast_GLOBAL (3.713 ms) : 3665, 3760
.   : milestone, 3713,
profiling (2.001 ms) : 1983, 2019
.   : milestone, 2001,
tracing (1.813 ms) : 1797, 1830
.   : milestone, 1813,
section candidate
no_agent (1.2 ms) : 1187, 1212
.   : milestone, 1200,
iast (3.145 ms) : 3103, 3187
.   : milestone, 3145,
iast_FULL (5.541 ms) : 5488, 5594
.   : milestone, 5541,
iast_GLOBAL (3.48 ms) : 3428, 3531
.   : milestone, 3480,
profiling (2.054 ms) : 2034, 2074
.   : milestone, 2054,
tracing (1.811 ms) : 1795, 1827
.   : milestone, 1811,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.179 ms [1.167 ms, 1.191 ms] -
iast 3.253 ms [3.215 ms, 3.291 ms] 2.074 ms (175.9%)
iast_FULL 6.128 ms [6.065 ms, 6.191 ms] 4.949 ms (419.8%)
iast_GLOBAL 3.713 ms [3.665 ms, 3.76 ms] 2.534 ms (214.9%)
profiling 2.001 ms [1.983 ms, 2.019 ms] 821.994 µs (69.7%)
tracing 1.813 ms [1.797 ms, 1.83 ms] 634.345 µs (53.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.2 ms [1.187 ms, 1.212 ms] -
iast 3.145 ms [3.103 ms, 3.187 ms] 1.945 ms (162.1%)
iast_FULL 5.541 ms [5.488 ms, 5.594 ms] 4.341 ms (361.9%)
iast_GLOBAL 3.48 ms [3.428 ms, 3.531 ms] 2.28 ms (190.0%)
profiling 2.054 ms [2.034 ms, 2.074 ms] 854.02 µs (71.2%)
tracing 1.811 ms [1.795 ms, 1.827 ms] 611.642 µs (51.0%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.101 ms) : 18908, 19295
.   : milestone, 19101,
appsec (18.641 ms) : 18454, 18827
.   : milestone, 18641,
code_origins (17.631 ms) : 17458, 17803
.   : milestone, 17631,
iast (17.783 ms) : 17601, 17964
.   : milestone, 17783,
profiling (19.578 ms) : 19380, 19777
.   : milestone, 19578,
tracing (17.894 ms) : 17714, 18074
.   : milestone, 17894,
section candidate
no_agent (17.873 ms) : 17693, 18053
.   : milestone, 17873,
appsec (18.698 ms) : 18508, 18887
.   : milestone, 18698,
code_origins (17.899 ms) : 17720, 18079
.   : milestone, 17899,
iast (17.761 ms) : 17582, 17939
.   : milestone, 17761,
profiling (18.833 ms) : 18644, 19023
.   : milestone, 18833,
tracing (17.806 ms) : 17630, 17982
.   : milestone, 17806,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.101 ms [18.908 ms, 19.295 ms] -
appsec 18.641 ms [18.454 ms, 18.827 ms] -460.671 µs (-2.4%)
code_origins 17.631 ms [17.458 ms, 17.803 ms] -1.471 ms (-7.7%)
iast 17.783 ms [17.601 ms, 17.964 ms] -1.319 ms (-6.9%)
profiling 19.578 ms [19.38 ms, 19.777 ms] 477.016 µs (2.5%)
tracing 17.894 ms [17.714 ms, 18.074 ms] -1.207 ms (-6.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.873 ms [17.693 ms, 18.053 ms] -
appsec 18.698 ms [18.508 ms, 18.887 ms] 824.524 µs (4.6%)
code_origins 17.899 ms [17.72 ms, 18.079 ms] 26.446 µs (0.1%)
iast 17.761 ms [17.582 ms, 17.939 ms] -112.392 µs (-0.6%)
profiling 18.833 ms [18.644 ms, 19.023 ms] 960.367 µs (5.4%)
tracing 17.806 ms [17.63 ms, 17.982 ms] -67.507 µs (-0.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/security-response-id
git_commit_date 1766134964 1766136430
git_commit_sha cce064e b9fe46c
release_version 1.58.0-SNAPSHOT~cce064ecfd 1.58.0-SNAPSHOT~b9fe46cf4d
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1766138476 1766138476
ci_job_id 1308816318 1308816318
ci_pipeline_id 87738495 87738495
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-dfeuxejh 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-dfeuxejh 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 0 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:appsec better
[-1.399ms; -1.056ms] or [-37.897%; -28.585%]		 2.465ms 3.693ms
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.039 s) : 15039000, 15039000
.   : milestone, 15039000,
appsec (14.652 s) : 14652000, 14652000
.   : milestone, 14652000,
iast (18.194 s) : 18194000, 18194000
.   : milestone, 18194000,
iast_GLOBAL (17.883 s) : 17883000, 17883000
.   : milestone, 17883000,
profiling (14.502 s) : 14502000, 14502000
.   : milestone, 14502000,
tracing (14.867 s) : 14867000, 14867000
.   : milestone, 14867000,
section candidate
no_agent (15.059 s) : 15059000, 15059000
.   : milestone, 15059000,
appsec (14.587 s) : 14587000, 14587000
.   : milestone, 14587000,
iast (18.064 s) : 18064000, 18064000
.   : milestone, 18064000,
iast_GLOBAL (18.014 s) : 18014000, 18014000
.   : milestone, 18014000,
profiling (14.823 s) : 14823000, 14823000
.   : milestone, 14823000,
tracing (14.504 s) : 14504000, 14504000
.   : milestone, 14504000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.039 s [15.039 s, 15.039 s] -
appsec 14.652 s [14.652 s, 14.652 s] -387.0 ms (-2.6%)
iast 18.194 s [18.194 s, 18.194 s] 3.155 s (21.0%)
iast_GLOBAL 17.883 s [17.883 s, 17.883 s] 2.844 s (18.9%)
profiling 14.502 s [14.502 s, 14.502 s] -537.0 ms (-3.6%)
tracing 14.867 s [14.867 s, 14.867 s] -172.0 ms (-1.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.059 s [15.059 s, 15.059 s] -
appsec 14.587 s [14.587 s, 14.587 s] -472.0 ms (-3.1%)
iast 18.064 s [18.064 s, 18.064 s] 3.005 s (20.0%)
iast_GLOBAL 18.014 s [18.014 s, 18.014 s] 2.955 s (19.6%)
profiling 14.823 s [14.823 s, 14.823 s] -236.0 ms (-1.6%)
tracing 14.504 s [14.504 s, 14.504 s] -555.0 ms (-3.7%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.58.0-SNAPSHOT~b9fe46cf4d, baseline=1.58.0-SNAPSHOT~cce064ecfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1463, 1486
.   : milestone, 1475,
appsec (3.693 ms) : 3473, 3913
.   : milestone, 3693,
iast (2.209 ms) : 2144, 2273
.   : milestone, 2209,
iast_GLOBAL (2.261 ms) : 2196, 2326
.   : milestone, 2261,
profiling (2.048 ms) : 1996, 2101
.   : milestone, 2048,
tracing (2.048 ms) : 1997, 2100
.   : milestone, 2048,
section candidate
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (2.465 ms) : 2413, 2518
.   : milestone, 2465,
iast (2.209 ms) : 2144, 2273
.   : milestone, 2209,
iast_GLOBAL (2.255 ms) : 2189, 2320
.   : milestone, 2255,
profiling (2.067 ms) : 2015, 2120
.   : milestone, 2067,
tracing (2.039 ms) : 1988, 2090
.   : milestone, 2039,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.475 ms [1.463 ms, 1.486 ms] -
appsec 3.693 ms [3.473 ms, 3.913 ms] 2.218 ms (150.4%)
iast 2.209 ms [2.144 ms, 2.273 ms] 734.215 µs (49.8%)
iast_GLOBAL 2.261 ms [2.196 ms, 2.326 ms] 786.154 µs (53.3%)
profiling 2.048 ms [1.996 ms, 2.101 ms] 573.7 µs (38.9%)
tracing 2.048 ms [1.997 ms, 2.1 ms] 573.731 µs (38.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.473 ms [1.462 ms, 1.485 ms] -
appsec 2.465 ms [2.413 ms, 2.518 ms] 992.197 µs (67.4%)
iast 2.209 ms [2.144 ms, 2.273 ms] 735.612 µs (49.9%)
iast_GLOBAL 2.255 ms [2.189 ms, 2.32 ms] 781.515 µs (53.1%)
profiling 2.067 ms [2.015 ms, 2.12 ms] 594.18 µs (40.3%)
tracing 2.039 ms [1.988 ms, 2.09 ms] 566.2 µs (38.4%)

Base automatically changed from alejandro.gonzalez/appsec-block-refactor to master December 11, 2025 15:52
@jandro996 jandro996 force-pushed the alejandro.gonzalez/security-response-id branch from 8911a23 to d3c9024 Compare December 11, 2025 16:26
@jandro996 jandro996 marked this pull request as ready for review December 16, 2025 10:56
@jandro996 jandro996 requested review from a team as code owners December 16, 2025 10:56
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Dec 16, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@jandro996 jandro996 requested a review from a team as a code owner December 16, 2025 15:57
@jandro996 jandro996 requested review from sarahchen6 and removed request for a team December 16, 2025 15:57
@jandro996 jandro996 requested review from Mariovido and erikayasuda and removed request for a team December 18, 2025 13:19
@jandro996 jandro996 force-pushed the alejandro.gonzalez/security-response-id branch from 2126d7a to eae929e Compare December 18, 2025 13:29
@jandro996 jandro996 enabled auto-merge (squash) December 19, 2025 10:22
@jandro996 jandro996 merged commit fbdb1cf into master Dec 19, 2025
559 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/security-response-id branch December 19, 2025 10:38
@github-actions github-actions bot added this to the 1.58.0 milestone Dec 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

@sarahchen6 sarahchen6 Awaiting requested review from sarahchen6 sarahchen6 was automatically assigned from DataDog/apm-lang-platform-java

@Mariovido Mariovido Awaiting requested review from Mariovido Mariovido was automatically assigned from DataDog/ci-app-libraries-java

@erikayasuda erikayasuda Awaiting requested review from erikayasuda erikayasuda was automatically assigned from DataDog/apm-release-platform

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.58.0

Development

Successfully merging this pull request may close these issues.

3 participants

@jandro996 @manuel-alvarez-alvarez