Skip to content

Fix AWS API Gateway endpoints correlation HTTP span tags - Inferred Proxy Spans #10561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jandro996 wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Fix AWS API Gateway endpoints correlation HTTP span tags - Inferred Proxy Spans #10561

jandro996 wants to merge 12 commits into from
+561 −8

Conversation

@jandro996
Copy link
Member

@jandro996 jandro996 commented Feb 10, 2026
edited by atlassian bot
Loading

What Does This Do

This PR implements standardized tags for inferred proxy spans produced by the Java tracer when instrumenting AWS API Gateway (v1 REST and v2 HTTP APIs). The changes align proxy spans with the cross-platform contract defined in RFC-1081 for endpoint discovery and correlation.

Mandatory tags implemented:

  • Span naming: Support for aws.httpapi (v2 HTTP API) in addition to aws.apigateway (v1 REST API)
  • span.kind: Set to server for all proxy spans
  • span.type: Already web, maintained for consistency
  • http.url: Fixed to include https:// scheme (prevents backend parsing issues)
  • http.route: New tag populated from x-dd-proxy-resource-path header (resource template path)
  • resource.name: Updated to prefer <Method> <Route> when route available, fallback to <Method> <Path>
  • AppSec integration: Copy _dd.appsec.enabled metric and _dd.appsec.json tag from root span to proxy span in distributed tracing scenarios

Optional tags implemented:

  • account_id: From x-dd-proxy-account-id header
  • apiid: From x-dd-proxy-api-id header
  • region: From x-dd-proxy-region header
  • dd_resource_key: Computed ARN in format arn:aws:apigateway:{region}::/restapis|apis/{api-id}

Motivation

This implementation is required by RFC-1081: Endpoint Discovery & Correlation from Inferred Spans

This PR covers the Inferred Proxy Spans portion of the RFC. The Inferred Lambda Spans portion will be addressed in a separate PR.

Additional Notes

aws_user exclusion: The optional aws_user tag was intentionally excluded per RFC guidance due to PII concerns (assumed-role session names may contain user identifiers). Implementation requires explicit approval.

Contributor Checklist

Jira ticket: APPSEC-61198

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@jandro996 jandro996 added this to the 1.60.0 milestone Feb 10, 2026
@jandro996 jandro996 added tag: do not merge Do not merge changes comp: asm waf Application Security Management (WAF) labels Feb 10, 2026
@jandro996 jandro996 force-pushed the alejandro.gonzalez/RFC-1081 branch from 7163ef9 to 85a368c Compare February 10, 2026 12:22
@jandro996 jandro996 force-pushed the alejandro.gonzalez/RFC-1081 branch from c681b6c to c8a926f Compare February 10, 2026 13:38
@pr-commenter
Copy link

pr-commenter bot commented Feb 10, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/RFC-1081
git_commit_date 1770883769 1770883799
git_commit_sha f3e5e5b 06ba1cf
release_version 1.60.0-SNAPSHOT~f3e5e5b89b 1.60.0-SNAPSHOT~06ba1cf584
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770885648 1770885648
ci_job_id 1420081003 1420081003
ci_pipeline_id 96023439 96023439
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-t1izmgul 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-t1izmgul 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 63 metrics, 8 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1069573
Total [baseline] (8.787 s) : 0, 8786767
Agent [candidate] (1.069 s) : 0, 1069159
Total [candidate] (8.767 s) : 0, 8766727
section iast
Agent [baseline] (1.233 s) : 0, 1232581
Total [baseline] (9.393 s) : 0, 9392974
Agent [candidate] (1.239 s) : 0, 1238521
Total [candidate] (9.392 s) : 0, 9392116
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent iast 1.233 s 163.009 ms (15.2%)
Total tracing 8.787 s -
Total iast 9.393 s 606.207 ms (6.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.069 s -
Agent iast 1.239 s 169.362 ms (15.8%)
Total tracing 8.767 s -
Total iast 9.392 s 625.389 ms (7.1%) 
gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (633.278 ms) : 0, 633278
BytebuddyAgent [candidate] (632.52 ms) : 0, 632520
AgentMeter [baseline] (29.127 ms) : 0, 29127
AgentMeter [candidate] (28.991 ms) : 0, 28991
GlobalTracer [baseline] (258.776 ms) : 0, 258776
GlobalTracer [candidate] (257.821 ms) : 0, 257821
AppSec [baseline] (33.167 ms) : 0, 33167
AppSec [candidate] (32.782 ms) : 0, 32782
Debugger [baseline] (61.767 ms) : 0, 61767
Debugger [candidate] (63.026 ms) : 0, 63026
Remote Config [baseline] (712.741 µs) : 0, 713
Remote Config [candidate] (683.898 µs) : 0, 684
Telemetry [baseline] (10.717 ms) : 0, 10717
Telemetry [candidate] (9.89 ms) : 0, 9890
Flare Poller [baseline] (5.343 ms) : 0, 5343
Flare Poller [candidate] (6.842 ms) : 0, 6842
section iast
crashtracking [baseline] (1.189 ms) : 0, 1189
crashtracking [candidate] (1.191 ms) : 0, 1191
BytebuddyAgent [baseline] (796.737 ms) : 0, 796737
BytebuddyAgent [candidate] (801.246 ms) : 0, 801246
AgentMeter [baseline] (11.253 ms) : 0, 11253
AgentMeter [candidate] (11.511 ms) : 0, 11511
GlobalTracer [baseline] (248.312 ms) : 0, 248312
GlobalTracer [candidate] (249.513 ms) : 0, 249513
AppSec [baseline] (34.959 ms) : 0, 34959
AppSec [candidate] (35.978 ms) : 0, 35978
Debugger [baseline] (65.023 ms) : 0, 65023
Debugger [candidate] (64.135 ms) : 0, 64135
Remote Config [baseline] (533.004 µs) : 0, 533
Remote Config [candidate] (534.076 µs) : 0, 534
Telemetry [baseline] (8.688 ms) : 0, 8688
Telemetry [candidate] (8.497 ms) : 0, 8497
Flare Poller [baseline] (3.524 ms) : 0, 3524
Flare Poller [candidate] (3.444 ms) : 0, 3444
IAST [baseline] (27.0 ms) : 0, 27000
IAST [candidate] (27.033 ms) : 0, 27033
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065417
Total [baseline] (10.913 s) : 0, 10912712
Agent [candidate] (1.075 s) : 0, 1075184
Total [candidate] (10.971 s) : 0, 10970869
section appsec
Agent [baseline] (1.248 s) : 0, 1247772
Total [baseline] (11.027 s) : 0, 11026583
Agent [candidate] (1.241 s) : 0, 1240764
Total [candidate] (11.205 s) : 0, 11205240
section iast
Agent [baseline] (1.242 s) : 0, 1241511
Total [baseline] (11.245 s) : 0, 11245270
Agent [candidate] (1.241 s) : 0, 1240602
Total [candidate] (11.154 s) : 0, 11153576
section profiling
Agent [baseline] (1.192 s) : 0, 1192038
Total [baseline] (11.052 s) : 0, 11052147
Agent [candidate] (1.191 s) : 0, 1191421
Total [candidate] (11.049 s) : 0, 11048673
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.065 s -
Agent appsec 1.248 s 182.355 ms (17.1%)
Agent iast 1.242 s 176.094 ms (16.5%)
Agent profiling 1.192 s 126.621 ms (11.9%)
Total tracing 10.913 s -
Total appsec 11.027 s 113.871 ms (1.0%)
Total iast 11.245 s 332.558 ms (3.0%)
Total profiling 11.052 s 139.436 ms (1.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.241 s 165.581 ms (15.4%)
Agent iast 1.241 s 165.418 ms (15.4%)
Agent profiling 1.191 s 116.237 ms (10.8%)
Total tracing 10.971 s -
Total appsec 11.205 s 234.37 ms (2.1%)
Total iast 11.154 s 182.706 ms (1.7%)
Total profiling 11.049 s 77.803 ms (0.7%) 
gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.176 ms) : 0, 1176
crashtracking [candidate] (1.218 ms) : 0, 1218
BytebuddyAgent [baseline] (628.562 ms) : 0, 628562
BytebuddyAgent [candidate] (634.861 ms) : 0, 634861
AgentMeter [baseline] (28.992 ms) : 0, 28992
AgentMeter [candidate] (29.264 ms) : 0, 29264
GlobalTracer [baseline] (257.72 ms) : 0, 257720
GlobalTracer [candidate] (260.332 ms) : 0, 260332
AppSec [baseline] (32.616 ms) : 0, 32616
AppSec [candidate] (32.969 ms) : 0, 32969
Debugger [baseline] (63.518 ms) : 0, 63518
Debugger [candidate] (62.623 ms) : 0, 62623
Remote Config [baseline] (619.389 µs) : 0, 619
Remote Config [candidate] (643.601 µs) : 0, 644
Telemetry [baseline] (11.491 ms) : 0, 11491
Telemetry [candidate] (12.298 ms) : 0, 12298
Flare Poller [baseline] (5.373 ms) : 0, 5373
Flare Poller [candidate] (5.37 ms) : 0, 5370
section appsec
crashtracking [baseline] (1.217 ms) : 0, 1217
crashtracking [candidate] (1.189 ms) : 0, 1189
BytebuddyAgent [baseline] (662.918 ms) : 0, 662918
BytebuddyAgent [candidate] (658.721 ms) : 0, 658721
AgentMeter [baseline] (12.028 ms) : 0, 12028
AgentMeter [candidate] (11.974 ms) : 0, 11974
GlobalTracer [baseline] (259.878 ms) : 0, 259878
GlobalTracer [candidate] (258.744 ms) : 0, 258744
AppSec [baseline] (168.927 ms) : 0, 168927
AppSec [candidate] (168.067 ms) : 0, 168067
Debugger [baseline] (67.819 ms) : 0, 67819
Debugger [candidate] (67.03 ms) : 0, 67030
Remote Config [baseline] (662.977 µs) : 0, 663
Remote Config [candidate] (660.278 µs) : 0, 660
Telemetry [baseline] (9.605 ms) : 0, 9605
Telemetry [candidate] (9.806 ms) : 0, 9806
Flare Poller [baseline] (3.748 ms) : 0, 3748
Flare Poller [candidate] (3.862 ms) : 0, 3862
IAST [baseline] (25.441 ms) : 0, 25441
IAST [candidate] (25.259 ms) : 0, 25259
section iast
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (802.518 ms) : 0, 802518
BytebuddyAgent [candidate] (802.449 ms) : 0, 802449
AgentMeter [baseline] (11.397 ms) : 0, 11397
AgentMeter [candidate] (11.543 ms) : 0, 11543
GlobalTracer [baseline] (249.947 ms) : 0, 249947
GlobalTracer [candidate] (249.807 ms) : 0, 249807
AppSec [baseline] (34.828 ms) : 0, 34828
AppSec [candidate] (33.981 ms) : 0, 33981
Debugger [baseline] (66.113 ms) : 0, 66113
Debugger [candidate] (66.612 ms) : 0, 66612
Remote Config [baseline] (540.544 µs) : 0, 541
Remote Config [candidate] (533.011 µs) : 0, 533
Telemetry [baseline] (8.607 ms) : 0, 8607
Telemetry [candidate] (8.502 ms) : 0, 8502
Flare Poller [baseline] (3.503 ms) : 0, 3503
Flare Poller [candidate] (3.4 ms) : 0, 3400
IAST [baseline] (27.159 ms) : 0, 27159
IAST [candidate] (27.104 ms) : 0, 27104
section profiling
crashtracking [baseline] (1.215 ms) : 0, 1215
crashtracking [candidate] (1.216 ms) : 0, 1216
BytebuddyAgent [baseline] (683.037 ms) : 0, 683037
BytebuddyAgent [candidate] (682.615 ms) : 0, 682615
AgentMeter [baseline] (8.59 ms) : 0, 8590
AgentMeter [candidate] (8.62 ms) : 0, 8620
GlobalTracer [baseline] (215.727 ms) : 0, 215727
GlobalTracer [candidate] (216.042 ms) : 0, 216042
AppSec [baseline] (32.478 ms) : 0, 32478
AppSec [candidate] (32.681 ms) : 0, 32681
Debugger [baseline] (67.669 ms) : 0, 67669
Debugger [candidate] (67.202 ms) : 0, 67202
Remote Config [baseline] (621.782 µs) : 0, 622
Remote Config [candidate] (625.636 µs) : 0, 626
Telemetry [baseline] (8.951 ms) : 0, 8951
Telemetry [candidate] (8.995 ms) : 0, 8995
Flare Poller [baseline] (3.692 ms) : 0, 3692
Flare Poller [candidate] (3.735 ms) : 0, 3735
ProfilingAgent [baseline] (100.08 ms) : 0, 100080
ProfilingAgent [candidate] (99.799 ms) : 0, 99799
Profiling [baseline] (100.665 ms) : 0, 100665
Profiling [candidate] (100.362 ms) : 0, 100362
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/RFC-1081
git_commit_date 1770883769 1770883799
git_commit_sha f3e5e5b 06ba1cf
release_version 1.60.0-SNAPSHOT~f3e5e5b89b 1.60.0-SNAPSHOT~06ba1cf584
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1770886263 1770886263
ci_job_id 1420081004 1420081004
ci_pipeline_id 96023439 96023439
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-y5ycp1rf 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-y5ycp1rf 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 7 performance regressions! Performance is the same for 12 metrics, 17 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast:high_load worse
[+132.756µs; +226.067µs] or [+5.802%; +9.880%]		 worse
[+169.636µs; +643.873µs] or [+2.458%; +9.330%]		 unstable
[-255.408op/s; +106.908op/s] or [-16.885%; +7.068%]		 2.468ms 7.308ms 1438.406op/s 2.288ms 6.901ms 1512.656op/s
scenario:load:insecure-bank:iast_FULL:high_load worse
[+165.777µs; +479.088µs] or [+3.317%; +9.586%]		 same
[-174.086µs; +952.677µs] or [-1.406%; +7.697%]		 unstable
[-140.141op/s; +24.623op/s] or [-16.678%; +2.930%]		 5.320ms 12.767ms 782.531op/s 4.998ms 12.378ms 840.290op/s
scenario:load:petclinic:iast:high_load worse
[+0.995ms; +1.575ms] or [+5.685%; +8.999%]		 worse
[+0.650ms; +2.095ms] or [+2.277%; +7.335%]		 unstable
[-43.719op/s; +13.406op/s] or [-16.773%; +5.143%]		 18.785ms 29.938ms 245.500op/s 17.501ms 28.565ms 260.656op/s
scenario:load:petclinic:tracing:high_load worse
[+0.952ms; +1.863ms] or [+5.253%; +10.278%]		 worse
[+0.864ms; +2.474ms] or [+2.914%; +8.343%]		 unstable
[-47.527op/s; +8.714op/s] or [-18.638%; +3.417%]		 19.530ms 31.315ms 235.594op/s 18.122ms 29.646ms 255.000op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.223 ms) : 19024, 19422
.   : milestone, 19223,
appsec (18.412 ms) : 18226, 18599
.   : milestone, 18412,
code_origins (17.649 ms) : 17477, 17821
.   : milestone, 17649,
iast (17.9 ms) : 17723, 18076
.   : milestone, 17900,
profiling (18.741 ms) : 18558, 18923
.   : milestone, 18741,
tracing (18.302 ms) : 18116, 18487
.   : milestone, 18302,
section candidate
no_agent (18.026 ms) : 17839, 18213
.   : milestone, 18026,
appsec (18.564 ms) : 18374, 18754
.   : milestone, 18564,
code_origins (17.694 ms) : 17516, 17871
.   : milestone, 17694,
iast (19.012 ms) : 18823, 19201
.   : milestone, 19012,
profiling (18.813 ms) : 18624, 19001
.   : milestone, 18813,
tracing (19.81 ms) : 19609, 20011
.   : milestone, 19810,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.223 ms [19.024 ms, 19.422 ms] -
appsec 18.412 ms [18.226 ms, 18.599 ms] -810.485 µs (-4.2%)
code_origins 17.649 ms [17.477 ms, 17.821 ms] -1.574 ms (-8.2%)
iast 17.9 ms [17.723 ms, 18.076 ms] -1.323 ms (-6.9%)
profiling 18.741 ms [18.558 ms, 18.923 ms] -482.217 µs (-2.5%)
tracing 18.302 ms [18.116 ms, 18.487 ms] -921.413 µs (-4.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.026 ms [17.839 ms, 18.213 ms] -
appsec 18.564 ms [18.374 ms, 18.754 ms] 537.613 µs (3.0%)
code_origins 17.694 ms [17.516 ms, 17.871 ms] -332.447 µs (-1.8%)
iast 19.012 ms [18.823 ms, 19.201 ms] 986.076 µs (5.5%)
profiling 18.813 ms [18.624 ms, 19.001 ms] 786.501 µs (4.4%)
tracing 19.81 ms [19.609 ms, 20.011 ms] 1.784 ms (9.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.182 ms) : 1171, 1194
.   : milestone, 1182,
iast (3.02 ms) : 2982, 3059
.   : milestone, 3020,
iast_FULL (5.679 ms) : 5622, 5735
.   : milestone, 5679,
iast_GLOBAL (3.52 ms) : 3459, 3581
.   : milestone, 3520,
profiling (2.326 ms) : 2302, 2350
.   : milestone, 2326,
tracing (1.742 ms) : 1728, 1756
.   : milestone, 1742,
section candidate
no_agent (1.252 ms) : 1238, 1266
.   : milestone, 1252,
iast (3.179 ms) : 3138, 3220
.   : milestone, 3179,
iast_FULL (5.909 ms) : 5850, 5968
.   : milestone, 5909,
iast_GLOBAL (3.51 ms) : 3455, 3565
.   : milestone, 3510,
profiling (2.43 ms) : 2404, 2456
.   : milestone, 2430,
tracing (1.814 ms) : 1798, 1830
.   : milestone, 1814,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.182 ms [1.171 ms, 1.194 ms] -
iast 3.02 ms [2.982 ms, 3.059 ms] 1.838 ms (155.5%)
iast_FULL 5.679 ms [5.622 ms, 5.735 ms] 4.496 ms (380.3%)
iast_GLOBAL 3.52 ms [3.459 ms, 3.581 ms] 2.338 ms (197.7%)
profiling 2.326 ms [2.302 ms, 2.35 ms] 1.144 ms (96.7%)
tracing 1.742 ms [1.728 ms, 1.756 ms] 559.748 µs (47.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.252 ms [1.238 ms, 1.266 ms] -
iast 3.179 ms [3.138 ms, 3.22 ms] 1.927 ms (154.0%)
iast_FULL 5.909 ms [5.85 ms, 5.968 ms] 4.657 ms (372.1%)
iast_GLOBAL 3.51 ms [3.455 ms, 3.565 ms] 2.259 ms (180.4%)
profiling 2.43 ms [2.404 ms, 2.456 ms] 1.178 ms (94.2%)
tracing 1.814 ms [1.798 ms, 1.83 ms] 562.624 µs (45.0%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master alejandro.gonzalez/RFC-1081
git_commit_date 1770883769 1770883799
git_commit_sha f3e5e5b 06ba1cf
release_version 1.60.0-SNAPSHOT~f3e5e5b89b 1.60.0-SNAPSHOT~06ba1cf584
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1770885969 1770885969
ci_job_id 1420081005 1420081005
ci_pipeline_id 96023439 96023439
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-5jlll51h 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-5jlll51h 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.806 s) : 14806000, 14806000
.   : milestone, 14806000,
appsec (14.853 s) : 14853000, 14853000
.   : milestone, 14853000,
iast (18.364 s) : 18364000, 18364000
.   : milestone, 18364000,
iast_GLOBAL (17.932 s) : 17932000, 17932000
.   : milestone, 17932000,
profiling (14.722 s) : 14722000, 14722000
.   : milestone, 14722000,
tracing (14.661 s) : 14661000, 14661000
.   : milestone, 14661000,
section candidate
no_agent (14.829 s) : 14829000, 14829000
.   : milestone, 14829000,
appsec (14.971 s) : 14971000, 14971000
.   : milestone, 14971000,
iast (17.933 s) : 17933000, 17933000
.   : milestone, 17933000,
iast_GLOBAL (17.822 s) : 17822000, 17822000
.   : milestone, 17822000,
profiling (15.043 s) : 15043000, 15043000
.   : milestone, 15043000,
tracing (15.09 s) : 15090000, 15090000
.   : milestone, 15090000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.806 s [14.806 s, 14.806 s] -
appsec 14.853 s [14.853 s, 14.853 s] 47.0 ms (0.3%)
iast 18.364 s [18.364 s, 18.364 s] 3.558 s (24.0%)
iast_GLOBAL 17.932 s [17.932 s, 17.932 s] 3.126 s (21.1%)
profiling 14.722 s [14.722 s, 14.722 s] -84.0 ms (-0.6%)
tracing 14.661 s [14.661 s, 14.661 s] -145.0 ms (-1.0%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.829 s [14.829 s, 14.829 s] -
appsec 14.971 s [14.971 s, 14.971 s] 142.0 ms (1.0%)
iast 17.933 s [17.933 s, 17.933 s] 3.104 s (20.9%)
iast_GLOBAL 17.822 s [17.822 s, 17.822 s] 2.993 s (20.2%)
profiling 15.043 s [15.043 s, 15.043 s] 214.0 ms (1.4%)
tracing 15.09 s [15.09 s, 15.09 s] 261.0 ms (1.8%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~06ba1cf584, baseline=1.60.0-SNAPSHOT~f3e5e5b89b
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.478 ms) : 1466, 1489
.   : milestone, 1478,
appsec (3.739 ms) : 3520, 3957
.   : milestone, 3739,
iast (2.257 ms) : 2188, 2326
.   : milestone, 2257,
iast_GLOBAL (2.308 ms) : 2238, 2377
.   : milestone, 2308,
profiling (2.079 ms) : 2024, 2133
.   : milestone, 2079,
tracing (2.067 ms) : 2013, 2120
.   : milestone, 2067,
section candidate
no_agent (1.48 ms) : 1469, 1492
.   : milestone, 1480,
appsec (3.772 ms) : 3551, 3993
.   : milestone, 3772,
iast (2.257 ms) : 2188, 2325
.   : milestone, 2257,
iast_GLOBAL (2.299 ms) : 2230, 2368
.   : milestone, 2299,
profiling (2.088 ms) : 2033, 2143
.   : milestone, 2088,
tracing (2.077 ms) : 2023, 2130
.   : milestone, 2077,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.478 ms [1.466 ms, 1.489 ms] -
appsec 3.739 ms [3.52 ms, 3.957 ms] 2.261 ms (153.0%)
iast 2.257 ms [2.188 ms, 2.326 ms] 778.799 µs (52.7%)
iast_GLOBAL 2.308 ms [2.238 ms, 2.377 ms] 829.625 µs (56.1%)
profiling 2.079 ms [2.024 ms, 2.133 ms] 600.705 µs (40.6%)
tracing 2.067 ms [2.013 ms, 2.12 ms] 588.712 µs (39.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.48 ms [1.469 ms, 1.492 ms] -
appsec 3.772 ms [3.551 ms, 3.993 ms] 2.292 ms (154.8%)
iast 2.257 ms [2.188 ms, 2.325 ms] 776.162 µs (52.4%)
iast_GLOBAL 2.299 ms [2.23 ms, 2.368 ms] 818.485 µs (55.3%)
profiling 2.088 ms [2.033 ms, 2.143 ms] 607.591 µs (41.0%)
tracing 2.077 ms [2.023 ms, 2.13 ms] 596.314 µs (40.3%)

@jandro996 jandro996 force-pushed the alejandro.gonzalez/rfc-1076 branch from 35abdf1 to 9e4cfe6 Compare February 11, 2026 10:17
Base automatically changed from alejandro.gonzalez/rfc-1076 to master February 12, 2026 08:09
@jandro996 jandro996 marked this pull request as ready for review February 12, 2026 10:29
@jandro996 jandro996 requested review from a team as code owners February 12, 2026 10:29
@github-actions
Copy link
Contributor

github-actions bot commented Feb 12, 2026

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 12, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 06ba1cf584

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

internal-api/src/main/java/datadog/trace/api/gateway/InferredProxySpan.java
// Http.url - value of x-dd-proxy-domain-name + x-dd-proxy-path
span.setTag(HTTP_URL, domainName != null ? domainName + path : path);
// Http.url - https:// + x-dd-proxy-domain-name + x-dd-proxy-path
span.setTag(HTTP_URL, domainName != null ? "https://" + domainName + path : path);
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Handle empty proxy domain when composing http.url

This now treats any non-null x-dd-proxy-domain-name as usable, so an empty header value produces http.url like https:///path instead of a valid path-only URL. The code already treats empty domain as missing for service-name fallback, and before this change an empty domain naturally yielded just path; this regression can generate malformed URL tags and hurt endpoint correlation/parsing when gateways forward blank domain headers.

Useful? React with 👍 / 👎.

internal-api/src/main/java/datadog/trace/api/gateway/InferredProxySpan.java
Comment on lines +212 to +213
if (rootSpan != null && rootSpan != this.span) {
// Copy _dd.appsec.enabled metric (always 1 if present)
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Copy AppSec tags without excluding local-root inferred spans

The new AppSec copy path is gated on rootSpan != this.span, but inferred proxy spans are created before the framework server span in HttpServerDecorator.startSpan, so for incoming distributed requests this inferred span is typically the local root and the condition is false. In the exact distributed-tracing scenario this change targets, _dd.appsec.enabled/_dd.appsec.json therefore never get copied, making the new propagation behavior ineffective.

Useful? React with 👍 / 👎.

@jandro996 jandro996 removed the tag: do not merge Do not merge changes label Feb 12, 2026
@jandro996 jandro996 added the type: enhancement Enhancements and improvements label Feb 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

@smola smola Awaiting requested review from smola

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

comp: asm waf Application Security Management (WAF) type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.60.0

Development

Successfully merging this pull request may close these issues.

1 participant

@jandro996