Skip to content

fix(iast): update no vulnerabilities assertion#10850

Open
manuel-alvarez-alvarez wants to merge 1 commit intoalejandro.gonzalez/fix-iast-freemarkerfrom
malvarez/fix-no-vulnerabilities-check
Open

fix(iast): update no vulnerabilities assertion#10850
manuel-alvarez-alvarez wants to merge 1 commit intoalejandro.gonzalez/fix-iast-freemarkerfrom
malvarez/fix-no-vulnerabilities-check

Conversation

@manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Mar 16, 2026
edited
Loading

What Does This Do

Fixes the noVulnerability assertion helper in AbstractIastServerSmokeTest so that it correctly collects vulnerabilities before asserting none match.

Motivation

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@manuel-alvarez-alvarez manuel-alvarez-alvarez added comp: asm iast Application Security Management (IAST) comp: testing Testing tag: flaky test Flaky tests tag: no release notes Changes to exclude from release notes and removed comp: testing Testing labels Mar 16, 2026
@pr-commenter
Copy link

pr-commenter bot commented Mar 16, 2026
edited
Loading

Benchmarks

⚠️ Warning: Baseline build not found for merge-base commit. Comparing against the latest commit on master instead.

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/fix-no-vulnerabilities-check
git_commit_date 1773668847 1773670492
git_commit_sha c8e410d f8fbe2e
release_version 1.61.0-SNAPSHOT~c8e410d922 1.61.0-SNAPSHOT~f8fbe2ebae
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1773672238 1773672238
ci_job_id 1508644415 1508644415
ci_pipeline_id 102672378 102672378
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-4-y40fweh1 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-4-y40fweh1 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 63 metrics, 8 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1055033
Total [baseline] (8.863 s) : 0, 8862827
Agent [candidate] (1.055 s) : 0, 1055080
Total [candidate] (8.84 s) : 0, 8839606
section iast
Agent [baseline] (1.227 s) : 0, 1227163
Total [baseline] (9.574 s) : 0, 9574276
Agent [candidate] (1.225 s) : 0, 1224877
Total [candidate] (9.546 s) : 0, 9546429
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.055 s -
Agent iast 1.227 s 172.129 ms (16.3%)
Total tracing 8.863 s -
Total iast 9.574 s 711.449 ms (8.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.055 s -
Agent iast 1.225 s 169.798 ms (16.1%)
Total tracing 8.84 s -
Total iast 9.546 s 706.823 ms (8.0%) 
gantt
    title insecure-bank - break down per module: candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.199 ms) : 0, 1199
BytebuddyAgent [baseline] (625.561 ms) : 0, 625561
BytebuddyAgent [candidate] (628.64 ms) : 0, 628640
AgentMeter [baseline] (29.082 ms) : 0, 29082
AgentMeter [candidate] (29.025 ms) : 0, 29025
GlobalTracer [baseline] (255.868 ms) : 0, 255868
GlobalTracer [candidate] (256.48 ms) : 0, 256480
AppSec [baseline] (31.411 ms) : 0, 31411
AppSec [candidate] (31.512 ms) : 0, 31512
Debugger [baseline] (58.48 ms) : 0, 58480
Debugger [candidate] (58.803 ms) : 0, 58803
Remote Config [baseline] (617.45 µs) : 0, 617
Remote Config [candidate] (623.975 µs) : 0, 624
Telemetry [baseline] (8.685 ms) : 0, 8685
Telemetry [candidate] (8.626 ms) : 0, 8626
Flare Poller [baseline] (8.018 ms) : 0, 8018
Flare Poller [candidate] (4.197 ms) : 0, 4197
section iast
crashtracking [baseline] (1.218 ms) : 0, 1218
crashtracking [candidate] (1.196 ms) : 0, 1196
BytebuddyAgent [baseline] (796.061 ms) : 0, 796061
BytebuddyAgent [candidate] (795.359 ms) : 0, 795359
AgentMeter [baseline] (11.337 ms) : 0, 11337
AgentMeter [candidate] (11.333 ms) : 0, 11333
GlobalTracer [baseline] (247.937 ms) : 0, 247937
GlobalTracer [candidate] (247.044 ms) : 0, 247044
IAST [baseline] (25.206 ms) : 0, 25206
IAST [candidate] (25.105 ms) : 0, 25105
AppSec [baseline] (26.424 ms) : 0, 26424
AppSec [candidate] (26.345 ms) : 0, 26345
Debugger [baseline] (62.685 ms) : 0, 62685
Debugger [candidate] (62.577 ms) : 0, 62577
Remote Config [baseline] (514.178 µs) : 0, 514
Remote Config [candidate] (509.881 µs) : 0, 510
Telemetry [baseline] (14.824 ms) : 0, 14824
Telemetry [candidate] (14.586 ms) : 0, 14586
Flare Poller [baseline] (4.904 ms) : 0, 4904
Flare Poller [candidate] (4.847 ms) : 0, 4847
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.063 s) : 0, 1062789
Total [baseline] (11.003 s) : 0, 11002836
Agent [candidate] (1.067 s) : 0, 1066810
Total [candidate] (11.088 s) : 0, 11087571
section appsec
Agent [baseline] (1.245 s) : 0, 1244806
Total [baseline] (11.14 s) : 0, 11140129
Agent [candidate] (1.25 s) : 0, 1250443
Total [candidate] (11.202 s) : 0, 11201681
section iast
Agent [baseline] (1.236 s) : 0, 1236271
Total [baseline] (11.341 s) : 0, 11340880
Agent [candidate] (1.233 s) : 0, 1233059
Total [candidate] (11.306 s) : 0, 11306043
section profiling
Agent [baseline] (1.182 s) : 0, 1182052
Total [baseline] (10.966 s) : 0, 10965509
Agent [candidate] (1.187 s) : 0, 1187383
Total [candidate] (10.984 s) : 0, 10984224
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.063 s -
Agent appsec 1.245 s 182.017 ms (17.1%)
Agent iast 1.236 s 173.482 ms (16.3%)
Agent profiling 1.182 s 119.263 ms (11.2%)
Total tracing 11.003 s -
Total appsec 11.14 s 137.293 ms (1.2%)
Total iast 11.341 s 338.044 ms (3.1%)
Total profiling 10.966 s -37.327 ms (-0.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.067 s -
Agent appsec 1.25 s 183.633 ms (17.2%)
Agent iast 1.233 s 166.25 ms (15.6%)
Agent profiling 1.187 s 120.573 ms (11.3%)
Total tracing 11.088 s -
Total appsec 11.202 s 114.11 ms (1.0%)
Total iast 11.306 s 218.472 ms (2.0%)
Total profiling 10.984 s -103.347 ms (-0.9%) 
gantt
    title petclinic - break down per module: candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.196 ms) : 0, 1196
BytebuddyAgent [baseline] (629.389 ms) : 0, 629389
BytebuddyAgent [candidate] (632.621 ms) : 0, 632621
AgentMeter [baseline] (29.183 ms) : 0, 29183
AgentMeter [candidate] (29.283 ms) : 0, 29283
GlobalTracer [baseline] (257.758 ms) : 0, 257758
GlobalTracer [candidate] (258.226 ms) : 0, 258226
AppSec [baseline] (31.538 ms) : 0, 31538
AppSec [candidate] (31.74 ms) : 0, 31740
Debugger [baseline] (59.505 ms) : 0, 59505
Debugger [candidate] (59.718 ms) : 0, 59718
Remote Config [baseline] (619.707 µs) : 0, 620
Remote Config [candidate] (625.343 µs) : 0, 625
Telemetry [baseline] (8.74 ms) : 0, 8740
Telemetry [candidate] (8.651 ms) : 0, 8651
Flare Poller [baseline] (8.769 ms) : 0, 8769
Flare Poller [candidate] (8.62 ms) : 0, 8620
section appsec
crashtracking [baseline] (1.201 ms) : 0, 1201
crashtracking [candidate] (1.192 ms) : 0, 1192
BytebuddyAgent [baseline] (657.586 ms) : 0, 657586
BytebuddyAgent [candidate] (660.687 ms) : 0, 660687
AgentMeter [baseline] (12.114 ms) : 0, 12114
AgentMeter [candidate] (12.179 ms) : 0, 12179
GlobalTracer [baseline] (258.007 ms) : 0, 258007
GlobalTracer [candidate] (258.897 ms) : 0, 258897
IAST [baseline] (23.916 ms) : 0, 23916
IAST [candidate] (24.126 ms) : 0, 24126
AppSec [baseline] (177.005 ms) : 0, 177005
AppSec [candidate] (177.618 ms) : 0, 177618
Debugger [baseline] (65.652 ms) : 0, 65652
Debugger [candidate] (66.156 ms) : 0, 66156
Remote Config [baseline] (571.015 µs) : 0, 571
Remote Config [candidate] (573.474 µs) : 0, 573
Telemetry [baseline] (9.032 ms) : 0, 9032
Telemetry [candidate] (8.997 ms) : 0, 8997
Flare Poller [baseline] (3.617 ms) : 0, 3617
Flare Poller [candidate] (3.657 ms) : 0, 3657
section iast
crashtracking [baseline] (1.205 ms) : 0, 1205
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (801.914 ms) : 0, 801914
BytebuddyAgent [candidate] (801.368 ms) : 0, 801368
AgentMeter [baseline] (11.613 ms) : 0, 11613
AgentMeter [candidate] (11.635 ms) : 0, 11635
GlobalTracer [baseline] (248.673 ms) : 0, 248673
GlobalTracer [candidate] (247.739 ms) : 0, 247739
IAST [baseline] (25.376 ms) : 0, 25376
IAST [candidate] (25.129 ms) : 0, 25129
AppSec [baseline] (26.678 ms) : 0, 26678
AppSec [candidate] (26.529 ms) : 0, 26529
Debugger [baseline] (64.888 ms) : 0, 64888
Debugger [candidate] (64.557 ms) : 0, 64557
Remote Config [baseline] (523.029 µs) : 0, 523
Remote Config [candidate] (516.389 µs) : 0, 516
Telemetry [baseline] (14.464 ms) : 0, 14464
Telemetry [candidate] (13.712 ms) : 0, 13712
Flare Poller [baseline] (4.775 ms) : 0, 4775
Flare Poller [candidate] (4.548 ms) : 0, 4548
section profiling
crashtracking [baseline] (1.181 ms) : 0, 1181
crashtracking [candidate] (1.179 ms) : 0, 1179
BytebuddyAgent [baseline] (682.303 ms) : 0, 682303
BytebuddyAgent [candidate] (686.792 ms) : 0, 686792
AgentMeter [baseline] (8.672 ms) : 0, 8672
AgentMeter [candidate] (8.697 ms) : 0, 8697
GlobalTracer [baseline] (215.631 ms) : 0, 215631
GlobalTracer [candidate] (216.083 ms) : 0, 216083
AppSec [baseline] (31.985 ms) : 0, 31985
AppSec [candidate] (32.062 ms) : 0, 32062
Debugger [baseline] (63.776 ms) : 0, 63776
Debugger [candidate] (63.233 ms) : 0, 63233
Remote Config [baseline] (603.609 µs) : 0, 604
Remote Config [candidate] (576.071 µs) : 0, 576
Telemetry [baseline] (9.618 ms) : 0, 9618
Telemetry [candidate] (9.69 ms) : 0, 9690
Flare Poller [baseline] (3.474 ms) : 0, 3474
Flare Poller [candidate] (4.281 ms) : 0, 4281
ProfilingAgent [baseline] (94.009 ms) : 0, 94009
ProfilingAgent [candidate] (93.688 ms) : 0, 93688
Profiling [baseline] (94.574 ms) : 0, 94574
Profiling [candidate] (94.248 ms) : 0, 94248
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/fix-no-vulnerabilities-check
git_commit_date 1773668847 1773670492
git_commit_sha c8e410d f8fbe2e
release_version 1.61.0-SNAPSHOT~c8e410d922 1.61.0-SNAPSHOT~f8fbe2ebae
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1773672714 1773672714
ci_job_id 1508644417 1508644417
ci_pipeline_id 102672378 102672378
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-2ogv2238 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-2ogv2238 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 4 performance improvements and 2 performance regressions! Performance is the same for 15 metrics, 15 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast:high_load better
[-146.658µs; -52.321µs] or [-5.644%; -2.014%]		 better
[-561.297µs; -215.278µs] or [-7.278%; -2.791%]		 unstable
[-87.141op/s; +201.516op/s] or [-6.359%; +14.705%]		 2.499ms 7.324ms 1427.625op/s 2.598ms 7.712ms 1370.438op/s
scenario:load:petclinic:appsec:high_load unsure
[+197.136µs; +809.182µs] or [+1.095%; +4.496%]		 worse
[+0.597ms; +1.670ms] or [+2.019%; +5.650%]		 unstable
[-32.188op/s; +21.000op/s] or [-12.729%; +8.305%]		 18.501ms 30.694ms 247.281op/s 17.997ms 29.561ms 252.875op/s
scenario:load:petclinic:profiling:high_load worse
[+0.474ms; +1.668ms] or [+2.563%; +9.016%]		 unsure
[+0.147ms; +2.436ms] or [+0.492%; +8.130%]		 unstable
[-35.928op/s; +17.178op/s] or [-14.561%; +6.962%]		 19.571ms 31.259ms 237.375op/s 18.500ms 29.967ms 246.750op/s
scenario:load:petclinic:iast:high_load better
[-1.849ms; -0.879ms] or [-9.982%; -4.743%]		 unsure
[-2.573ms; -0.584ms] or [-8.593%; -1.951%]		 unstable
[-11.697op/s; +43.260op/s] or [-4.698%; +17.376%]		 17.163ms 28.362ms 264.750op/s 18.527ms 29.940ms 248.969op/s
scenario:load:petclinic:no_agent:high_load better
[-2.294ms; -0.688ms] or [-12.046%; -3.613%]		 unsure
[-3.184ms; -0.341ms] or [-10.262%; -1.100%]		 unstable
[-8.361op/s; +47.423op/s] or [-3.493%; +19.811%]		 17.549ms 29.266ms 258.906op/s 19.040ms 31.029ms 239.375op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.503 ms) : 19304, 19703
.   : milestone, 19503,
appsec (18.455 ms) : 18269, 18642
.   : milestone, 18455,
code_origins (17.802 ms) : 17624, 17980
.   : milestone, 17802,
iast (18.746 ms) : 18554, 18939
.   : milestone, 18746,
profiling (18.918 ms) : 18731, 19106
.   : milestone, 18918,
tracing (17.617 ms) : 17441, 17793
.   : milestone, 17617,
section candidate
no_agent (18.023 ms) : 17842, 18204
.   : milestone, 18023,
appsec (18.874 ms) : 18682, 19067
.   : milestone, 18874,
code_origins (17.908 ms) : 17731, 18085
.   : milestone, 17908,
iast (17.622 ms) : 17446, 17797
.   : milestone, 17622,
profiling (19.667 ms) : 19465, 19869
.   : milestone, 19667,
tracing (17.679 ms) : 17505, 17853
.   : milestone, 17679,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.503 ms [19.304 ms, 19.703 ms] -
appsec 18.455 ms [18.269 ms, 18.642 ms] -1.048 ms (-5.4%)
code_origins 17.802 ms [17.624 ms, 17.98 ms] -1.701 ms (-8.7%)
iast 18.746 ms [18.554 ms, 18.939 ms] -757.34 µs (-3.9%)
profiling 18.918 ms [18.731 ms, 19.106 ms] -585.242 µs (-3.0%)
tracing 17.617 ms [17.441 ms, 17.793 ms] -1.886 ms (-9.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.023 ms [17.842 ms, 18.204 ms] -
appsec 18.874 ms [18.682 ms, 19.067 ms] 851.186 µs (4.7%)
code_origins 17.908 ms [17.731 ms, 18.085 ms] -115.01 µs (-0.6%)
iast 17.622 ms [17.446 ms, 17.797 ms] -401.12 µs (-2.2%)
profiling 19.667 ms [19.465 ms, 19.869 ms] 1.644 ms (9.1%)
tracing 17.679 ms [17.505 ms, 17.853 ms] -344.259 µs (-1.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.186 ms) : 1174, 1197
.   : milestone, 1186,
iast (3.342 ms) : 3307, 3376
.   : milestone, 3342,
iast_FULL (5.7 ms) : 5644, 5756
.   : milestone, 5700,
iast_GLOBAL (3.691 ms) : 3629, 3753
.   : milestone, 3691,
profiling (2.247 ms) : 2227, 2267
.   : milestone, 2247,
tracing (1.8 ms) : 1785, 1815
.   : milestone, 1800,
section candidate
no_agent (1.169 ms) : 1158, 1181
.   : milestone, 1169,
iast (3.204 ms) : 3162, 3246
.   : milestone, 3204,
iast_FULL (5.744 ms) : 5688, 5800
.   : milestone, 5744,
iast_GLOBAL (3.713 ms) : 3643, 3783
.   : milestone, 3713,
profiling (2.344 ms) : 2320, 2367
.   : milestone, 2344,
tracing (1.776 ms) : 1761, 1790
.   : milestone, 1776,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.186 ms [1.174 ms, 1.197 ms] -
iast 3.342 ms [3.307 ms, 3.376 ms] 2.156 ms (181.8%)
iast_FULL 5.7 ms [5.644 ms, 5.756 ms] 4.514 ms (380.7%)
iast_GLOBAL 3.691 ms [3.629 ms, 3.753 ms] 2.505 ms (211.3%)
profiling 2.247 ms [2.227 ms, 2.267 ms] 1.061 ms (89.5%)
tracing 1.8 ms [1.785 ms, 1.815 ms] 614.64 µs (51.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.169 ms [1.158 ms, 1.181 ms] -
iast 3.204 ms [3.162 ms, 3.246 ms] 2.035 ms (174.1%)
iast_FULL 5.744 ms [5.688 ms, 5.8 ms] 4.575 ms (391.3%)
iast_GLOBAL 3.713 ms [3.643 ms, 3.783 ms] 2.544 ms (217.6%)
profiling 2.344 ms [2.32 ms, 2.367 ms] 1.175 ms (100.5%)
tracing 1.776 ms [1.761 ms, 1.79 ms] 606.49 µs (51.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/fix-no-vulnerabilities-check
git_commit_date 1773668847 1773670492
git_commit_sha c8e410d f8fbe2e
release_version 1.61.0-SNAPSHOT~c8e410d922 1.61.0-SNAPSHOT~f8fbe2ebae
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1773672425 1773672425
ci_job_id 1508644419 1508644419
ci_pipeline_id 102672378 102672378
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-9jmze59k 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-9jmze59k 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 2 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.466 ms) : 1454, 1477
.   : milestone, 1466,
appsec (2.547 ms) : 2490, 2604
.   : milestone, 2547,
iast (2.248 ms) : 2179, 2317
.   : milestone, 2248,
iast_GLOBAL (2.282 ms) : 2213, 2351
.   : milestone, 2282,
profiling (2.5 ms) : 2333, 2666
.   : milestone, 2500,
tracing (2.044 ms) : 1991, 2097
.   : milestone, 2044,
section candidate
no_agent (1.468 ms) : 1457, 1480
.   : milestone, 1468,
appsec (3.775 ms) : 3556, 3995
.   : milestone, 3775,
iast (2.24 ms) : 2171, 2308
.   : milestone, 2240,
iast_GLOBAL (2.286 ms) : 2217, 2355
.   : milestone, 2286,
profiling (2.09 ms) : 2034, 2147
.   : milestone, 2090,
tracing (2.056 ms) : 2003, 2109
.   : milestone, 2056,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.466 ms [1.454 ms, 1.477 ms] -
appsec 2.547 ms [2.49 ms, 2.604 ms] 1.081 ms (73.8%)
iast 2.248 ms [2.179 ms, 2.317 ms] 782.589 µs (53.4%)
iast_GLOBAL 2.282 ms [2.213 ms, 2.351 ms] 816.342 µs (55.7%)
profiling 2.5 ms [2.333 ms, 2.666 ms] 1.034 ms (70.6%)
tracing 2.044 ms [1.991 ms, 2.097 ms] 578.269 µs (39.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.468 ms [1.457 ms, 1.48 ms] -
appsec 3.775 ms [3.556 ms, 3.995 ms] 2.307 ms (157.2%)
iast 2.24 ms [2.171 ms, 2.308 ms] 771.5 µs (52.6%)
iast_GLOBAL 2.286 ms [2.217 ms, 2.355 ms] 818.076 µs (55.7%)
profiling 2.09 ms [2.034 ms, 2.147 ms] 622.267 µs (42.4%)
tracing 2.056 ms [2.003 ms, 2.109 ms] 587.762 µs (40.0%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.61.0-SNAPSHOT~f8fbe2ebae, baseline=1.61.0-SNAPSHOT~c8e410d922
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.677 s) : 15677000, 15677000
.   : milestone, 15677000,
appsec (15.219 s) : 15219000, 15219000
.   : milestone, 15219000,
iast (17.729 s) : 17729000, 17729000
.   : milestone, 17729000,
iast_GLOBAL (17.79 s) : 17790000, 17790000
.   : milestone, 17790000,
profiling (14.91 s) : 14910000, 14910000
.   : milestone, 14910000,
tracing (15.052 s) : 15052000, 15052000
.   : milestone, 15052000,
section candidate
no_agent (15.057 s) : 15057000, 15057000
.   : milestone, 15057000,
appsec (14.984 s) : 14984000, 14984000
.   : milestone, 14984000,
iast (18.522 s) : 18522000, 18522000
.   : milestone, 18522000,
iast_GLOBAL (18.0 s) : 18000000, 18000000
.   : milestone, 18000000,
profiling (15.297 s) : 15297000, 15297000
.   : milestone, 15297000,
tracing (15.069 s) : 15069000, 15069000
.   : milestone, 15069000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.677 s [15.677 s, 15.677 s] -
appsec 15.219 s [15.219 s, 15.219 s] -458.0 ms (-2.9%)
iast 17.729 s [17.729 s, 17.729 s] 2.052 s (13.1%)
iast_GLOBAL 17.79 s [17.79 s, 17.79 s] 2.113 s (13.5%)
profiling 14.91 s [14.91 s, 14.91 s] -767.0 ms (-4.9%)
tracing 15.052 s [15.052 s, 15.052 s] -625.0 ms (-4.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.057 s [15.057 s, 15.057 s] -
appsec 14.984 s [14.984 s, 14.984 s] -73.0 ms (-0.5%)
iast 18.522 s [18.522 s, 18.522 s] 3.465 s (23.0%)
iast_GLOBAL 18.0 s [18.0 s, 18.0 s] 2.943 s (19.5%)
profiling 15.297 s [15.297 s, 15.297 s] 240.0 ms (1.6%)
tracing 15.069 s [15.069 s, 15.069 s] 12.0 ms (0.1%)

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/fix-no-vulnerabilities-check branch 2 times, most recently from 3ed8261 to f8fbe2e Compare March 16, 2026 14:15
@manuel-alvarez-alvarez manuel-alvarez-alvarez changed the base branch from master to alejandro.gonzalez/fix-iast-freemarker March 17, 2026 09:18
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/fix-no-vulnerabilities-check branch from 5d612c5 to f8fbe2e Compare March 17, 2026 09:19
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/fix-no-vulnerabilities-check branch from f8fbe2e to 551135f Compare March 17, 2026 09:20
@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review March 17, 2026 09:21
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner March 17, 2026 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jandro996 jandro996 jandro996 approved these changes

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST) tag: flaky test Flaky tests tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@manuel-alvarez-alvarez @jandro996