Update lib-injection docker image tags

[andrewlock]

What Does This Do

Adds vMAJOR and vMAJOR.MINOR lib-injection images (in addition to vMAJOR.MINOR.PATCH and latest)

Motivation

We want to enable customers to be able to pin to a major version. We were also incorrectly tagging images as latest when they weren't (only would have happened on hotfixes, so hasn't actually occurred).

We are following (this doc's suggestions), but in summary:

• Prerelease versions are not tagged
• Every non-prerelease release gets the vMajor.Minor.Patch version tag
  • 2.5.0 gets v2.5.0
  • 2.2.3 gets v2.2.3
  • 1.2.1 gets v1.2.1
• Every non-prerelease release gets the vMajor.Minor version tag initially (which assumes we never "go back" in release values)
  • 2.5.0 gets v2.5
  • 2.2.3 gets v2.2
  • 1.2.1 gets v1.2
• Some releases get the vMajor version tag. Only releases for which this is the highest version in the major get the tag.
  • 2.5.0 gets v2 (if there's no higher 2.x.x release)
  • 1.2.1 gets v1 (if there's no higher 1.x.x release)
• Some releases get the latest tag. Only releases for which this is the highest version ever get the tag.
  • 2.5.0 gets latest if it's the highest release so far
  • 1.2.1 will not get latest if there's already 2.x.x releases

The logic is now more complicated and requires knowing the state of the git repository. The script shown here mirrors the one added for .NET.

Note we're taking advantage of the Datadog/public-images support for passing multiple csv values in the IMG_DESTINATIONS variable. You can see an example of this used in "the wild" here.

Additional Notes

The generation stage is quite verbose about printing out all the variables, but overall this is obviously very hard to test so I set up a dummy GitHub repository and GitLab YAML, which just echoes the values it receives, to confirm they're sent across to the child pipeline correctly.

If it is safe to do so, we can test this by reverting the revert "TESTING" commit

I don't know how backporting or the extra -rc commit tags work, so hopefully someone else could pick that up 😅

[PerfectSlayer]

Hey @andrewlock 👋

Thanks for taking care of this.
As you could guess, our CI is somewhat messy but we will try to get it working.

I left a bunch of comments in your PRs and I still have few quick questions for you though:

The docker image is build on GitHub using this action.
This means the tracer that is inside the docker image is not signed built by our GitLab CI, but rather a dev build for the system tests to run.
EDIT: We don't sign our build, but the artifact built in GitHub than shipped in the Docker image will still be different from the one in the Maven Central repository (and our GitHub release attachment).
Don't we want to have the right agent release binary (the one built on GitLab) to be distributed to our customers instead?

By the way, how to do expect the CI to coordinate themselves? (that GitHub will have built and published GitHub the docker image to GHCR before your publishing task to be executed)?

I also wonder if we will end up duplicating the build-lib-init.sh script in every repository or if we should communalise it (and if it is not something that could be related to the existing script that builds the original image/tag).

Pinging @randomanderson if he has more context about it 🙏

[PerfectSlayer]

Why split generate-lib-init-tag-values and deploy-lib-init-trigger into two separate jobs?

[randomanderson]

Trigger jobs can't have any script blocks

[andrewlock]

Because I think we have to due to the way GitLab works with trigger jobs I think. I could be wrong though, I suck at gitlab 😅 FWIW, other languages are using this script, so it works even if it's not optimal

[PerfectSlayer]

About RC, I don't know who are using them, and where they are getting them from?
@am312 Can you provide more info about them?

[andrewlock]

The docker image is build on GitHub using this action.
This means the tracer that is inside the docker image is not signed built by our GitLab CI, but rather a dev build for the system tests to run.
EDIT: We don't sign our build, but the artifact built in GitHub than shipped in the Docker image will still be different from the one in the Maven Central repository (and our GitHub release attachment).
Don't we want to have the right agent release binary (the one built on GitLab) to be distributed to our customers instead?

@PerfectSlayer Probably, yes, but to be clear, you're already shipping that build. All this PR does is add a couple of extra tags to it.

By the way, how to do expect the CI to coordinate themselves? (that GitHub will have built and published GitHub the docker image to GHCR before your publishing task to be executed)?

However it's currently doing it, I haven't changed anything about that, and they're already being shipped, this just changes the image tagging a bit 😄

I also wonder if we will end up duplicating the build-lib-init.sh script in every repository or if we should communalise it

Yep, it's currently copied around (like the other scripts that are also currently copied around for this stuff). I agree, we will likely consolidate all this once we have a central place for creating these artifacts, but right now we just need to get the extra tags added, and the original script doesn't handle that (nor should it IMO).

[PerfectSlayer]

Thanks for the comments @andrewlock 🙏
I understand you're not the one to blame for the current design / implementation of our delivery pipeline and you are just trying to get the SSI working as expected.

I will approve the PR but in the mean time, I want to make sure we start address all the pipeline issues as we keep adding complexity and features without addressing the root issues.

I hope it went better with the other languages 😅

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	andrew/lib-injection-images
git_commit_date	1717113140	1717134077
git_commit_sha	489de24	2f8aad7
release_version	1.35.0-SNAPSHOT~489de243b6	1.35.0-SNAPSHOT~2f8aad75a5

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1717136810	1717136810
ci_job_id	528258104	528258104
ci_pipeline_id	35544861	35544861
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.061 s) : 0, 1061219
Total [baseline] (8.535 s) : 0, 8535309
Agent [candidate] (1.055 s) : 0, 1055204
Total [candidate] (8.552 s) : 0, 8551532
section iast
Agent [baseline] (1.162 s) : 0, 1162153
Total [baseline] (8.961 s) : 0, 8961307
Agent [candidate] (1.162 s) : 0, 1162435
Total [candidate] (8.97 s) : 0, 8970229
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.172 s) : 0, 1171732
Total [baseline] (8.969 s) : 0, 8969100
Agent [candidate] (1.167 s) : 0, 1166677
Total [candidate] (8.993 s) : 0, 8992676
section iast_TELEMETRY_OFF
Agent [baseline] (1.168 s) : 0, 1167862
Total [baseline] (8.976 s) : 0, 8976042
Agent [candidate] (1.156 s) : 0, 1156337
Total [candidate] (8.989 s) : 0, 8988676

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.061 s	-
Agent	iast	1.162 s	100.933 ms (9.5%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.172 s	110.513 ms (10.4%)
Agent	iast_TELEMETRY_OFF	1.168 s	106.643 ms (10.0%)
Total	tracing	8.535 s	-
Total	iast	8.961 s	425.998 ms (5.0%)
Total	iast_HARDCODED_SECRET_DISABLED	8.969 s	433.792 ms (5.1%)
Total	iast_TELEMETRY_OFF	8.976 s	440.734 ms (5.2%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	iast	1.162 s	107.231 ms (10.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.167 s	111.473 ms (10.6%)
Agent	iast_TELEMETRY_OFF	1.156 s	101.133 ms (9.6%)
Total	tracing	8.552 s	-
Total	iast	8.97 s	418.697 ms (4.9%)
Total	iast_HARDCODED_SECRET_DISABLED	8.993 s	441.144 ms (5.2%)
Total	iast_TELEMETRY_OFF	8.989 s	437.144 ms (5.1%)

gantt
    title insecure-bank - break down per module: candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (655.164 ms) : 0, 655164
BytebuddyAgent [candidate] (650.979 ms) : 0, 650979
GlobalTracer [baseline] (313.508 ms) : 0, 313508
GlobalTracer [candidate] (311.92 ms) : 0, 311920
AppSec [baseline] (49.801 ms) : 0, 49801
AppSec [candidate] (49.697 ms) : 0, 49697
Remote Config [baseline] (663.966 µs) : 0, 664
Remote Config [candidate] (654.179 µs) : 0, 654
Telemetry [baseline] (7.491 ms) : 0, 7491
Telemetry [candidate] (7.477 ms) : 0, 7477
section iast
BytebuddyAgent [baseline] (776.107 ms) : 0, 776107
BytebuddyAgent [candidate] (776.227 ms) : 0, 776227
GlobalTracer [baseline] (290.726 ms) : 0, 290726
GlobalTracer [candidate] (290.982 ms) : 0, 290982
AppSec [baseline] (51.498 ms) : 0, 51498
AppSec [candidate] (50.854 ms) : 0, 50854
IAST [baseline] (22.353 ms) : 0, 22353
IAST [candidate] (22.951 ms) : 0, 22951
Remote Config [baseline] (591.446 µs) : 0, 591
Remote Config [candidate] (579.427 µs) : 0, 579
Telemetry [baseline] (7.665 ms) : 0, 7665
Telemetry [candidate] (7.608 ms) : 0, 7608
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (784.166 ms) : 0, 784166
BytebuddyAgent [candidate] (777.919 ms) : 0, 777919
GlobalTracer [baseline] (293.779 ms) : 0, 293779
GlobalTracer [candidate] (292.407 ms) : 0, 292407
AppSec [baseline] (47.74 ms) : 0, 47740
AppSec [candidate] (48.204 ms) : 0, 48204
IAST [baseline] (25.104 ms) : 0, 25104
IAST [candidate] (25.778 ms) : 0, 25778
Remote Config [baseline] (607.992 µs) : 0, 608
Remote Config [candidate] (599.688 µs) : 0, 600
Telemetry [baseline] (6.958 ms) : 0, 6958
Telemetry [candidate] (8.455 ms) : 0, 8455
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (781.101 ms) : 0, 781101
BytebuddyAgent [candidate] (771.138 ms) : 0, 771138
GlobalTracer [baseline] (293.007 ms) : 0, 293007
GlobalTracer [candidate] (290.615 ms) : 0, 290615
AppSec [baseline] (52.277 ms) : 0, 52277
AppSec [candidate] (49.299 ms) : 0, 49299
IAST [baseline] (20.634 ms) : 0, 20634
IAST [candidate] (23.233 ms) : 0, 23233
Remote Config [baseline] (604.4 µs) : 0, 604
Remote Config [candidate] (598.181 µs) : 0, 598
Telemetry [baseline] (6.865 ms) : 0, 6865
Telemetry [candidate] (8.197 ms) : 0, 8197

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.053 s) : 0, 1053401
Total [baseline] (10.297 s) : 0, 10297250
Agent [candidate] (1.054 s) : 0, 1054222
Total [candidate] (10.25 s) : 0, 10250412
section appsec
Agent [baseline] (1.173 s) : 0, 1172819
Total [baseline] (10.438 s) : 0, 10437658
Agent [candidate] (1.175 s) : 0, 1175075
Total [candidate] (10.476 s) : 0, 10476039
section iast
Agent [baseline] (1.164 s) : 0, 1163980
Total [baseline] (10.705 s) : 0, 10704602
Agent [candidate] (1.162 s) : 0, 1162476
Total [candidate] (10.731 s) : 0, 10731364
section profiling
Agent [baseline] (1.253 s) : 0, 1252707
Total [baseline] (10.575 s) : 0, 10574571
Agent [candidate] (1.255 s) : 0, 1254518
Total [candidate] (10.566 s) : 0, 10565655

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	appsec	1.173 s	119.418 ms (11.3%)
Agent	iast	1.164 s	110.579 ms (10.5%)
Agent	profiling	1.253 s	199.306 ms (18.9%)
Total	tracing	10.297 s	-
Total	appsec	10.438 s	140.408 ms (1.4%)
Total	iast	10.705 s	407.352 ms (4.0%)
Total	profiling	10.575 s	277.321 ms (2.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.054 s	-
Agent	appsec	1.175 s	120.853 ms (11.5%)
Agent	iast	1.162 s	108.253 ms (10.3%)
Agent	profiling	1.255 s	200.296 ms (19.0%)
Total	tracing	10.25 s	-
Total	appsec	10.476 s	225.627 ms (2.2%)
Total	iast	10.731 s	480.952 ms (4.7%)
Total	profiling	10.566 s	315.243 ms (3.1%)

gantt
    title petclinic - break down per module: candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (649.821 ms) : 0, 649821
BytebuddyAgent [candidate] (650.297 ms) : 0, 650297
GlobalTracer [baseline] (311.422 ms) : 0, 311422
GlobalTracer [candidate] (311.932 ms) : 0, 311932
AppSec [baseline] (49.744 ms) : 0, 49744
AppSec [candidate] (49.481 ms) : 0, 49481
Remote Config [baseline] (660.696 µs) : 0, 661
Remote Config [candidate] (664.413 µs) : 0, 664
Telemetry [baseline] (7.457 ms) : 0, 7457
Telemetry [candidate] (7.475 ms) : 0, 7475
section appsec
BytebuddyAgent [baseline] (673.695 ms) : 0, 673695
BytebuddyAgent [candidate] (674.501 ms) : 0, 674501
GlobalTracer [baseline] (294.658 ms) : 0, 294658
GlobalTracer [candidate] (295.461 ms) : 0, 295461
AppSec [baseline] (152.058 ms) : 0, 152058
AppSec [candidate] (152.501 ms) : 0, 152501
Remote Config [baseline] (617.488 µs) : 0, 617
Remote Config [candidate] (619.225 µs) : 0, 619
Telemetry [baseline] (8.146 ms) : 0, 8146
Telemetry [candidate] (8.13 ms) : 0, 8130
IAST [baseline] (18.597 ms) : 0, 18597
IAST [candidate] (18.714 ms) : 0, 18714
section iast
BytebuddyAgent [baseline] (777.698 ms) : 0, 777698
BytebuddyAgent [candidate] (776.352 ms) : 0, 776352
GlobalTracer [baseline] (291.459 ms) : 0, 291459
GlobalTracer [candidate] (291.792 ms) : 0, 291792
AppSec [baseline] (48.542 ms) : 0, 48542
AppSec [candidate] (49.573 ms) : 0, 49573
Remote Config [baseline] (593.235 µs) : 0, 593
Remote Config [candidate] (589.551 µs) : 0, 590
Telemetry [baseline] (7.59 ms) : 0, 7590
Telemetry [candidate] (6.915 ms) : 0, 6915
IAST [baseline] (24.877 ms) : 0, 24877
IAST [candidate] (23.98 ms) : 0, 23980
section profiling
ProfilingAgent [baseline] (94.442 ms) : 0, 94442
ProfilingAgent [candidate] (96.067 ms) : 0, 96067
BytebuddyAgent [baseline] (658.991 ms) : 0, 658991
BytebuddyAgent [candidate] (659.676 ms) : 0, 659676
GlobalTracer [baseline] (384.179 ms) : 0, 384179
GlobalTracer [candidate] (383.975 ms) : 0, 383975
AppSec [baseline] (50.486 ms) : 0, 50486
AppSec [candidate] (50.166 ms) : 0, 50166
Remote Config [baseline] (817.081 µs) : 0, 817
Remote Config [candidate] (829.96 µs) : 0, 830
Telemetry [baseline] (7.409 ms) : 0, 7409
Telemetry [candidate] (7.466 ms) : 0, 7466
Profiling [baseline] (94.466 ms) : 0, 94466
Profiling [candidate] (96.092 ms) : 0, 96092

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-05-31T06:01:32	2024-05-31T06:10:35
git_branch	master	andrew/lib-injection-images
git_commit_date	1717113140	1717134077
git_commit_sha	489de24	2f8aad7
release_version	1.35.0-SNAPSHOT~489de243b6	1.35.0-SNAPSHOT~2f8aad75a5
start_time	2024-05-31T06:01:15	2024-05-31T06:10:18

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1717136291	1717136291
ci_job_id	528258105	528258105
ci_pipeline_id	35544861	35544861
cpu_model	Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 7 metrics, 21 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6
    dateFormat X
    axisFormat %s
section baseline
no_agent (459.085 µs) : 430, 488
.   : milestone, 459,
iast (586.579 µs) : 555, 618
.   : milestone, 587,
iast_FULL (692.255 µs) : 660, 724
.   : milestone, 692,
iast_GLOBAL (617.178 µs) : 585, 649
.   : milestone, 617,
iast_HARDCODED_SECRET_DISABLED (584.854 µs) : 553, 616
.   : milestone, 585,
iast_INACTIVE (551.977 µs) : 521, 583
.   : milestone, 552,
iast_TELEMETRY_OFF (574.782 µs) : 542, 607
.   : milestone, 575,
tracing (542.765 µs) : 513, 572
.   : milestone, 543,
section candidate
no_agent (452.718 µs) : 424, 482
.   : milestone, 453,
iast (588.85 µs) : 557, 621
.   : milestone, 589,
iast_FULL (682.169 µs) : 650, 714
.   : milestone, 682,
iast_GLOBAL (616.053 µs) : 585, 647
.   : milestone, 616,
iast_HARDCODED_SECRET_DISABLED (586.147 µs) : 554, 618
.   : milestone, 586,
iast_INACTIVE (557.185 µs) : 526, 588
.   : milestone, 557,
iast_TELEMETRY_OFF (576.301 µs) : 544, 608
.   : milestone, 576,
tracing (537.487 µs) : 508, 567
.   : milestone, 537,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	459.085 µs [430.316 µs, 487.854 µs]	-
iast	586.579 µs [554.919 µs, 618.239 µs]	127.494 µs (27.8%)
iast_FULL	692.255 µs [660.148 µs, 724.363 µs]	233.17 µs (50.8%)
iast_GLOBAL	617.178 µs [585.176 µs, 649.18 µs]	158.094 µs (34.4%)
iast_HARDCODED_SECRET_DISABLED	584.854 µs [553.44 µs, 616.268 µs]	125.769 µs (27.4%)
iast_INACTIVE	551.977 µs [521.031 µs, 582.924 µs]	92.893 µs (20.2%)
iast_TELEMETRY_OFF	574.782 µs [542.271 µs, 607.294 µs]	115.697 µs (25.2%)
tracing	542.765 µs [513.162 µs, 572.368 µs]	83.68 µs (18.2%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	452.718 µs [423.92 µs, 481.515 µs]	-
iast	588.85 µs [556.998 µs, 620.703 µs]	136.132 µs (30.1%)
iast_FULL	682.169 µs [650.137 µs, 714.202 µs]	229.452 µs (50.7%)
iast_GLOBAL	616.053 µs [584.913 µs, 647.193 µs]	163.335 µs (36.1%)
iast_HARDCODED_SECRET_DISABLED	586.147 µs [554.235 µs, 618.059 µs]	133.429 µs (29.5%)
iast_INACTIVE	557.185 µs [526.361 µs, 588.008 µs]	104.467 µs (23.1%)
iast_TELEMETRY_OFF	576.301 µs [544.497 µs, 608.104 µs]	123.583 µs (27.3%)
tracing	537.487 µs [507.732 µs, 567.242 µs]	84.769 µs (18.7%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.729 ms) : 1703, 1755
.   : milestone, 1729,
appsec (2.192 ms) : 2160, 2224
.   : milestone, 2192,
appsec_no_iast (2.208 ms) : 2175, 2242
.   : milestone, 2208,
iast (1.902 ms) : 1872, 1931
.   : milestone, 1902,
profiling (1.907 ms) : 1876, 1939
.   : milestone, 1907,
tracing (1.893 ms) : 1860, 1926
.   : milestone, 1893,
section candidate
no_agent (1.713 ms) : 1688, 1739
.   : milestone, 1713,
appsec (2.178 ms) : 2146, 2209
.   : milestone, 2178,
appsec_no_iast (2.184 ms) : 2150, 2218
.   : milestone, 2184,
iast (1.895 ms) : 1864, 1925
.   : milestone, 1895,
profiling (1.921 ms) : 1885, 1957
.   : milestone, 1921,
tracing (1.884 ms) : 1852, 1917
.   : milestone, 1884,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.729 ms [1.703 ms, 1.755 ms]	-
appsec	2.192 ms [2.16 ms, 2.224 ms]	463.179 µs (26.8%)
appsec_no_iast	2.208 ms [2.175 ms, 2.242 ms]	479.309 µs (27.7%)
iast	1.902 ms [1.872 ms, 1.931 ms]	172.529 µs (10.0%)
profiling	1.907 ms [1.876 ms, 1.939 ms]	178.107 µs (10.3%)
tracing	1.893 ms [1.86 ms, 1.926 ms]	164.035 µs (9.5%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.713 ms [1.688 ms, 1.739 ms]	-
appsec	2.178 ms [2.146 ms, 2.209 ms]	464.136 µs (27.1%)
appsec_no_iast	2.184 ms [2.15 ms, 2.218 ms]	470.608 µs (27.5%)
iast	1.895 ms [1.864 ms, 1.925 ms]	181.186 µs (10.6%)
profiling	1.921 ms [1.885 ms, 1.957 ms]	207.421 µs (12.1%)
tracing	1.884 ms [1.852 ms, 1.917 ms]	170.915 µs (10.0%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	andrew/lib-injection-images
git_commit_date	1717113140	1717134077
git_commit_sha	489de24	2f8aad7
release_version	1.35.0-SNAPSHOT~489de243b6	1.35.0-SNAPSHOT~2f8aad75a5

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1717137054	1717137054
ci_job_id	528258106	528258106
ci_pipeline_id	35544861	35544861
cpu_model	Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6
    dateFormat X
    axisFormat %s
section baseline
no_agent (20.62 s) : 20620000, 20620000
.   : milestone, 20620000,
appsec (21.338 s) : 21338000, 21338000
.   : milestone, 21338000,
iast (24.865 s) : 24865000, 24865000
.   : milestone, 24865000,
iast_GLOBAL (25.176 s) : 25176000, 25176000
.   : milestone, 25176000,
profiling (21.493 s) : 21493000, 21493000
.   : milestone, 21493000,
tracing (20.971 s) : 20971000, 20971000
.   : milestone, 20971000,
section candidate
no_agent (21.581 s) : 21581000, 21581000
.   : milestone, 21581000,
appsec (21.412 s) : 21412000, 21412000
.   : milestone, 21412000,
iast (25.177 s) : 25177000, 25177000
.   : milestone, 25177000,
iast_GLOBAL (25.22 s) : 25220000, 25220000
.   : milestone, 25220000,
profiling (21.56 s) : 21560000, 21560000
.   : milestone, 21560000,
tracing (20.735 s) : 20735000, 20735000
.   : milestone, 20735000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	20.62 s [20.62 s, 20.62 s]	-
appsec	21.338 s [21.338 s, 21.338 s]	718.0 ms (3.5%)
iast	24.865 s [24.865 s, 24.865 s]	4.245 s (20.6%)
iast_GLOBAL	25.176 s [25.176 s, 25.176 s]	4.556 s (22.1%)
profiling	21.493 s [21.493 s, 21.493 s]	873.0 ms (4.2%)
tracing	20.971 s [20.971 s, 20.971 s]	351.0 ms (1.7%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	21.581 s [21.581 s, 21.581 s]	-
appsec	21.412 s [21.412 s, 21.412 s]	-169.0 ms (-0.8%)
iast	25.177 s [25.177 s, 25.177 s]	3.596 s (16.7%)
iast_GLOBAL	25.22 s [25.22 s, 25.22 s]	3.639 s (16.9%)
profiling	21.56 s [21.56 s, 21.56 s]	-21.0 ms (-0.1%)
tracing	20.735 s [20.735 s, 20.735 s]	-846.0 ms (-3.9%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.35.0-SNAPSHOT~2f8aad75a5, baseline=1.35.0-SNAPSHOT~489de243b6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.544 ms) : 1532, 1557
.   : milestone, 1544,
appsec (2.683 ms) : 2622, 2743
.   : milestone, 2683,
iast (2.34 ms) : 2270, 2410
.   : milestone, 2340,
iast_GLOBAL (2.376 ms) : 2306, 2447
.   : milestone, 2376,
profiling (2.208 ms) : 2148, 2268
.   : milestone, 2208,
tracing (2.166 ms) : 2108, 2224
.   : milestone, 2166,
section candidate
no_agent (1.542 ms) : 1530, 1555
.   : milestone, 1542,
appsec (2.692 ms) : 2632, 2752
.   : milestone, 2692,
iast (2.345 ms) : 2275, 2416
.   : milestone, 2345,
iast_GLOBAL (2.409 ms) : 2336, 2482
.   : milestone, 2409,
profiling (2.204 ms) : 2144, 2264
.   : milestone, 2204,
tracing (2.159 ms) : 2102, 2216
.   : milestone, 2159,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.544 ms [1.532 ms, 1.557 ms]	-
appsec	2.683 ms [2.622 ms, 2.743 ms]	1.138 ms (73.7%)
iast	2.34 ms [2.27 ms, 2.41 ms]	795.954 µs (51.5%)
iast_GLOBAL	2.376 ms [2.306 ms, 2.447 ms]	832.107 µs (53.9%)
profiling	2.208 ms [2.148 ms, 2.268 ms]	663.698 µs (43.0%)
tracing	2.166 ms [2.108 ms, 2.224 ms]	621.832 µs (40.3%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.542 ms [1.53 ms, 1.555 ms]	-
appsec	2.692 ms [2.632 ms, 2.752 ms]	1.15 ms (74.6%)
iast	2.345 ms [2.275 ms, 2.416 ms]	802.857 µs (52.1%)
iast_GLOBAL	2.409 ms [2.336 ms, 2.482 ms]	866.777 µs (56.2%)
profiling	2.204 ms [2.144 ms, 2.264 ms]	661.571 µs (42.9%)
tracing	2.159 ms [2.102 ms, 2.216 ms]	617.027 µs (40.0%)