New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
appsec: remove "appsec" build tag requirement #2354
Conversation
BenchmarksBenchmark execution time: 2023-11-22 13:10:48 Comparing candidate commit 382e61c in PR branch Found 2 performance improvements and 6 performance regressions! Performance is the same for 31 metrics, 2 unstable metrics. scenario:BenchmarkOTelApiWithCustomTags/datadog_otel_api-24
scenario:BenchmarkOTelApiWithCustomTags/otel_api-24
scenario:BenchmarkPartialFlushing/Enabled-24
scenario:BenchmarkSingleSpanRetention/no-rules-24
scenario:BenchmarkSingleSpanRetention/with-rules/match-all-24
scenario:BenchmarkSingleSpanRetention/with-rules/match-half-24
scenario:BenchmarkStartSpan-24
scenario:BenchmarkTracerAddSpans-24
|
Thanks for bootstrapping this. Strong opinion here: I don't want appsec is clearer for readers (well known short name in the sec world as opposed to ASM which is a Datadog product idea to mimic APM to try to create/influence a new sec category), better referencing, aligned with DD_APPSEC_*, etc. PS: I wasn't part of the renaming of all our GH teams into |
bfa0250
to
addf14e
Compare
cac24d3
to
4b98137
Compare
b8dff8e
to
d161834
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any profiling-related changes. go.mod + CI stuff looks good to me. Please ping if you need a re-review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great news!
7d10bd1
to
1311ac9
Compare
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
d54f69b
to
382e61c
Compare
After investigating the performance loss it does not seem to be related to this PR because we are able to get back to usual performances level by removing this commit on main from our history. We believe that this PR does not impact overall performances as it does not add any code that should slow benchmarks. |
What does this PR do?
Removes the
appsec
build tag. The in-app WAF can be disabled using a build-tag defined by thegithub.com/DataDog/go-libddwaf
library (making it a no-op implementation). This build tag nameddatadog.no_waf
has been made to obtain the same result than before but this makes appsec build requirements (which does not includecgo
anymore) opt-out instead of opt-in.AppSec still is disabled by default, and can be enabled with remote activation or DD_APPSEC_ENABLED=true.
Motivation
This makes ASM available in all builds by default, while still allowing an opt-out of code-level support when necessary. ASM support can be enabled by default as it no longer requires
cgo
to build.Reviewer's Checklist
For Datadog employees:
@DataDog/security-design-and-guidance
.Unsure? Have a question? Request a review!