Add _dd.p.appsec tag to traces containing appsec event

lib/datadog/appsec/contrib/graphql/gateway/watcher.rb

@@ -43,6 +43,10 @@ def watch_multiplex(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
 

lib/datadog/appsec/contrib/rack/gateway/watcher.rb

@@ -46,6 +46,10 @@ def watch_request(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
                     end
@@ -90,6 +94,10 @@ def watch_response(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
                     end
@@ -134,6 +142,10 @@ def watch_request_body(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
                     end

lib/datadog/appsec/contrib/rails/gateway/watcher.rb

@@ -43,6 +43,10 @@ def watch_request_action(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
                     end

lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb

@@ -45,6 +45,10 @@ def watch_request_dispatch(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
                     end
@@ -89,6 +93,10 @@ def watch_request_routed(gateway = Instrumentation.gateway)
                           scope.service_entry_span.set_tag('appsec.event', 'true')
                         end
 
+                        # Propagate to downstream services the information that the current distributed trace is
+                        # containing at least one ASM security event
+                        scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                         scope.processor_context.events << event
                       end
                     end

lib/datadog/appsec/monitor/gateway/watcher.rb

@@ -40,6 +40,10 @@ def watch_user_id(gateway = Instrumentation.gateway)
                         scope.service_entry_span.set_tag('appsec.event', 'true')
                       end
 
+                      # Propagate to downstream services the information that the current distributed trace is
+                      # containing at least one ASM security event
+                      scope.trace.set_tag(Datadog::AppSec::Ext::TAG_APPSEC_EVENT, '1')
+
                       scope.processor_context.events << event
                     end
                   end

spec/datadog/appsec/contrib/support/integration/shared_examples.rb

@@ -146,6 +146,7 @@
 RSpec.shared_examples 'a trace without AppSec events' do
   it do
     expect(spans.select { |s| s.get_tag('appsec.event') }).to be_empty
+    expect(spans.select { |s| s.get_tag('_dd.p.appsec') }).to be_empty
     expect(service_span.send(:meta)['_dd.appsec.triggers']).to be_nil
   end
 end
@@ -155,6 +156,7 @@
 
   it do
     expect(spans.select { |s| s.get_tag('appsec.event') }).to_not be_empty
+    expect(spans.select { |s| s.get_tag('_dd.p.appsec') }).to_not be_empty
     expect(service_span.send(:meta)['_dd.appsec.json']).to be_a String
     expect(spans.select { |s| s.get_tag('appsec.blocked') }).to_not be_empty if blocking_request
   end