Skip to content

Fix pattern matching in dd-octo-sts policy#10174

Merged
sarahchen6 merged 2 commits intomasterfrom
sarahchen6/fix-policy
Dec 11, 2025
Merged

Fix pattern matching in dd-octo-sts policy#10174
sarahchen6 merged 2 commits intomasterfrom
sarahchen6/fix-policy

Conversation

@sarahchen6
Copy link
Contributor

@sarahchen6 sarahchen6 commented Dec 11, 2025

What Does This Do

Fix dd-octo-sts trust policy's pattern-matching

Motivation

Address the failure here. I confirmed with the following local output:

sarah.chen@COMP-GHXRH1QQ7F dd-trace-java % DDOCTOSTS_ID_TOKEN='{"actor":"sarahchen6","actor_id":"68485867","aud":"dd-octo-sts","base_ref":"","check_run_id":"57816563539","enterprise":"datadog-inc","enterprise_id":"42","event_name":"push","exp":1765477852,"head_ref":"","iat":1765477552,"iss":"https://token.actions.githubusercontent.com","job_workflow_ref":"DataDog/dd-trace-java/.github/workflows/pin-system-tests.yaml@refs/heads/sarahchen6/pin-system-tests-workflow","job_workflow_sha":"c4421ba5a6647bbd8615a995babea998c4c7f5b6","jti":"954e5dda-a50f-4183-9ccb-a7cb8c44e3fe","nbf":1765477252,"ref":"refs/heads/sarahchen6/pin-system-tests-workflow","ref_protected":"false","ref_type":"branch","repository":"DataDog/dd-trace-java","repository_id":"89221572","repository_owner":"DataDog","repository_owner_id":"365230","repository_visibility":"public","run_attempt":"1","run_id":"20143266074","run_number":"2","runner_environment":"github-hosted","sha":"c4421ba5a6647bbd8615a995babea998c4c7f5b6","sub":"repo:DataDog/dd-trace-java:ref:refs/heads/sarahchen6/pin-system-tests-workflow","workflow":"Pin system tests","workflow_ref":"DataDog/dd-trace-java/.github/workflows/pin-system-tests.yaml@refs/heads/sarahchen6/pin-system-tests-workflow","workflow_sha":"c4421ba5a6647bbd8615a995babea998c4c7f5b6"}' \
dd-octo-sts check -s DataDog/dd-trace-java -p self.pin-system-tests.create-pr
🔍 Checking repository and policy location...
Assuming repository path "/Users/sarah.chen/Source/github.com/DataDog/dd-trace-java"
  Tip: Use --repo/-r to override.
✅ Policy is in a valid location.
   Location: .github/chainguard/self.pin-system-tests.create-pr.sts.yaml

🔍 Checking policy file...
✅ Policy is valid
   Permissions:
   - pull_requests: write
✅ Policy is valid
   Permissions:
   - contents: write

🔍 Checking token...
⚠️ Fabricating a token out of claims.
   This token will not work in production, but is suitable for testing.
⚠️ Token is invalid: oidc: token is expired (Token Expiry: 2025-12-11 13:30:52 -0500 EST)
   Note that in real usage, this token would not be useable.
✅ Supplied token is valid for policy
   Matching claims:
   - job_workflow_ref: DataDog/dd-trace-java/.github/workflows/pin-system-tests.yaml@refs/heads/sarahchen6/pin-system-tests-workflow
   - ref: refs/heads/sarahchen6/pin-system-tests-workflow
   - event_name: push

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@sarahchen6 sarahchen6 added tag: no release notes Changes to exclude from release notes comp: tooling Build & Tooling labels Dec 11, 2025
@sarahchen6 sarahchen6 marked this pull request as ready for review December 11, 2025 18:39
@sarahchen6 sarahchen6 requested a review from a team as a code owner December 11, 2025 18:39
@sarahchen6 sarahchen6 requested review from AlexeyKuznetsov-DD and PerfectSlayer and removed request for a team December 11, 2025 18:39
@pr-commenter
Copy link

pr-commenter bot commented Dec 11, 2025

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sarahchen6/fix-policy
git_commit_date 1765477337 1765478036
git_commit_sha 1cf6a7b ad54eea
release_version 1.57.0-SNAPSHOT~1cf6a7b04e 1.57.0-SNAPSHOT~ad54eea7ab
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1765479800 1765479800
ci_job_id 1288485632 1288485632
ci_pipeline_id 86299226 86299226
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-znhtxzrr 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-znhtxzrr 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 7 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080178
Total [baseline] (10.814 s) : 0, 10814401
Agent [candidate] (1.085 s) : 0, 1085320
Total [candidate] (10.932 s) : 0, 10932089
section appsec
Agent [baseline] (1.27 s) : 0, 1270463
Total [baseline] (11.217 s) : 0, 11216593
Agent [candidate] (1.265 s) : 0, 1264676
Total [candidate] (11.141 s) : 0, 11140578
section iast
Agent [baseline] (1.22 s) : 0, 1220381
Total [baseline] (11.248 s) : 0, 11248167
Agent [candidate] (1.222 s) : 0, 1221733
Total [candidate] (11.133 s) : 0, 11133139
section profiling
Agent [baseline] (1.207 s) : 0, 1207012
Total [baseline] (11.137 s) : 0, 11137389
Agent [candidate] (1.219 s) : 0, 1219117
Total [candidate] (11.125 s) : 0, 11125455
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.08 s -
Agent appsec 1.27 s 190.285 ms (17.6%)
Agent iast 1.22 s 140.202 ms (13.0%)
Agent profiling 1.207 s 126.833 ms (11.7%)
Total tracing 10.814 s -
Total appsec 11.217 s 402.193 ms (3.7%)
Total iast 11.248 s 433.766 ms (4.0%)
Total profiling 11.137 s 322.988 ms (3.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent appsec 1.265 s 179.356 ms (16.5%)
Agent iast 1.222 s 136.412 ms (12.6%)
Agent profiling 1.219 s 133.796 ms (12.3%)
Total tracing 10.932 s -
Total appsec 11.141 s 208.489 ms (1.9%)
Total iast 11.133 s 201.05 ms (1.8%)
Total profiling 11.125 s 193.366 ms (1.8%) 
gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.198 ms) : 0, 1198
crashtracking [candidate] (1.216 ms) : 0, 1216
BytebuddyAgent [baseline] (647.695 ms) : 0, 647695
BytebuddyAgent [candidate] (651.562 ms) : 0, 651562
GlobalTracer [baseline] (281.808 ms) : 0, 281808
GlobalTracer [candidate] (282.882 ms) : 0, 282882
AppSec [baseline] (32.351 ms) : 0, 32351
AppSec [candidate] (32.406 ms) : 0, 32406
Debugger [baseline] (68.159 ms) : 0, 68159
Debugger [candidate] (68.274 ms) : 0, 68274
Remote Config [baseline] (634.281 µs) : 0, 634
Remote Config [candidate] (637.048 µs) : 0, 637
Telemetry [baseline] (9.025 ms) : 0, 9025
Telemetry [candidate] (8.981 ms) : 0, 8981
Flare Poller [baseline] (3.765 ms) : 0, 3765
Flare Poller [candidate] (3.734 ms) : 0, 3734
section appsec
crashtracking [baseline] (1.2 ms) : 0, 1200
crashtracking [candidate] (1.189 ms) : 0, 1189
BytebuddyAgent [baseline] (692.826 ms) : 0, 692826
BytebuddyAgent [candidate] (689.023 ms) : 0, 689023
GlobalTracer [baseline] (260.224 ms) : 0, 260224
GlobalTracer [candidate] (258.7 ms) : 0, 258700
AppSec [baseline] (175.237 ms) : 0, 175237
AppSec [candidate] (175.166 ms) : 0, 175166
Debugger [baseline] (66.823 ms) : 0, 66823
Debugger [candidate] (66.859 ms) : 0, 66859
Remote Config [baseline] (690.25 µs) : 0, 690
Remote Config [candidate] (736.616 µs) : 0, 737
Telemetry [baseline] (9.027 ms) : 0, 9027
Telemetry [candidate] (8.982 ms) : 0, 8982
Flare Poller [baseline] (3.891 ms) : 0, 3891
Flare Poller [candidate] (3.921 ms) : 0, 3921
IAST [baseline] (24.78 ms) : 0, 24780
IAST [candidate] (24.578 ms) : 0, 24578
section iast
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.194 ms) : 0, 1194
BytebuddyAgent [baseline] (788.869 ms) : 0, 788869
BytebuddyAgent [candidate] (790.065 ms) : 0, 790065
GlobalTracer [baseline] (254.716 ms) : 0, 254716
GlobalTracer [candidate] (255.721 ms) : 0, 255721
AppSec [baseline] (35.441 ms) : 0, 35441
AppSec [candidate] (34.289 ms) : 0, 34289
Debugger [baseline] (65.456 ms) : 0, 65456
Debugger [candidate] (65.86 ms) : 0, 65860
Remote Config [baseline] (545.872 µs) : 0, 546
Remote Config [candidate] (541.648 µs) : 0, 542
Telemetry [baseline] (8.436 ms) : 0, 8436
Telemetry [candidate] (8.421 ms) : 0, 8421
Flare Poller [baseline] (3.47 ms) : 0, 3470
Flare Poller [candidate] (3.4 ms) : 0, 3400
IAST [baseline] (26.804 ms) : 0, 26804
IAST [candidate] (26.858 ms) : 0, 26858
section profiling
ProfilingAgent [baseline] (99.766 ms) : 0, 99766
ProfilingAgent [candidate] (98.191 ms) : 0, 98191
crashtracking [baseline] (1.19 ms) : 0, 1190
crashtracking [candidate] (1.219 ms) : 0, 1219
BytebuddyAgent [baseline] (701.199 ms) : 0, 701199
BytebuddyAgent [candidate] (710.99 ms) : 0, 710990
GlobalTracer [baseline] (221.033 ms) : 0, 221033
GlobalTracer [candidate] (222.953 ms) : 0, 222953
AppSec [baseline] (32.318 ms) : 0, 32318
AppSec [candidate] (32.934 ms) : 0, 32934
Debugger [baseline] (68.505 ms) : 0, 68505
Debugger [candidate] (68.821 ms) : 0, 68821
Remote Config [baseline] (661.392 µs) : 0, 661
Remote Config [candidate] (619.819 µs) : 0, 620
Telemetry [baseline] (8.981 ms) : 0, 8981
Telemetry [candidate] (9.09 ms) : 0, 9090
Flare Poller [baseline] (3.729 ms) : 0, 3729
Flare Poller [candidate] (3.795 ms) : 0, 3795
Profiling [baseline] (100.375 ms) : 0, 100375
Profiling [candidate] (98.787 ms) : 0, 98787
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.079 s) : 0, 1079173
Total [baseline] (8.764 s) : 0, 8764027
Agent [candidate] (1.084 s) : 0, 1084022
Total [candidate] (8.78 s) : 0, 8779790
section iast
Agent [baseline] (1.229 s) : 0, 1228666
Total [baseline] (9.517 s) : 0, 9516907
Agent [candidate] (1.23 s) : 0, 1230229
Total [candidate] (9.496 s) : 0, 9495849
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.079 s -
Agent iast 1.229 s 149.493 ms (13.9%)
Total tracing 8.764 s -
Total iast 9.517 s 752.88 ms (8.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent iast 1.23 s 146.207 ms (13.5%)
Total tracing 8.78 s -
Total iast 9.496 s 716.059 ms (8.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.187 ms) : 0, 1187
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (647.462 ms) : 0, 647462
BytebuddyAgent [candidate] (649.534 ms) : 0, 649534
GlobalTracer [baseline] (281.383 ms) : 0, 281383
GlobalTracer [candidate] (283.569 ms) : 0, 283569
AppSec [baseline] (32.435 ms) : 0, 32435
AppSec [candidate] (32.625 ms) : 0, 32625
Debugger [baseline] (67.721 ms) : 0, 67721
Debugger [candidate] (67.891 ms) : 0, 67891
Remote Config [baseline] (654.011 µs) : 0, 654
Remote Config [candidate] (658.804 µs) : 0, 659
Telemetry [baseline] (8.972 ms) : 0, 8972
Telemetry [candidate] (9.098 ms) : 0, 9098
Flare Poller [baseline] (3.749 ms) : 0, 3749
Flare Poller [candidate] (3.783 ms) : 0, 3783
section iast
crashtracking [baseline] (1.216 ms) : 0, 1216
crashtracking [candidate] (1.216 ms) : 0, 1216
BytebuddyAgent [baseline] (794.658 ms) : 0, 794658
BytebuddyAgent [candidate] (796.604 ms) : 0, 796604
GlobalTracer [baseline] (256.959 ms) : 0, 256959
GlobalTracer [candidate] (257.185 ms) : 0, 257185
AppSec [baseline] (35.746 ms) : 0, 35746
AppSec [candidate] (34.573 ms) : 0, 34573
Debugger [baseline] (64.795 ms) : 0, 64795
Debugger [candidate] (65.609 ms) : 0, 65609
Remote Config [baseline] (554.703 µs) : 0, 555
Remote Config [candidate] (551.429 µs) : 0, 551
Telemetry [baseline] (8.515 ms) : 0, 8515
Telemetry [candidate] (8.422 ms) : 0, 8422
Flare Poller [baseline] (3.454 ms) : 0, 3454
Flare Poller [candidate] (3.494 ms) : 0, 3494
IAST [baseline] (27.213 ms) : 0, 27213
IAST [candidate] (26.999 ms) : 0, 26999
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sarahchen6/fix-policy
git_commit_date 1765477337 1765478036
git_commit_sha 1cf6a7b ad54eea
release_version 1.57.0-SNAPSHOT~1cf6a7b04e 1.57.0-SNAPSHOT~ad54eea7ab
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1765480344 1765480344
ci_job_id 1288485634 1288485634
ci_pipeline_id 86299226 86299226
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-3-iemizsp4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-3-iemizsp4 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 20 metrics, 16 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.193 ms) : 1182, 1205
.   : milestone, 1193,
iast (3.154 ms) : 3116, 3192
.   : milestone, 3154,
iast_FULL (5.734 ms) : 5678, 5791
.   : milestone, 5734,
iast_GLOBAL (3.656 ms) : 3598, 3714
.   : milestone, 3656,
profiling (2.036 ms) : 2018, 2053
.   : milestone, 2036,
tracing (1.79 ms) : 1775, 1804
.   : milestone, 1790,
section candidate
no_agent (1.202 ms) : 1190, 1214
.   : milestone, 1202,
iast (3.248 ms) : 3206, 3291
.   : milestone, 3248,
iast_FULL (5.88 ms) : 5822, 5939
.   : milestone, 5880,
iast_GLOBAL (3.609 ms) : 3554, 3663
.   : milestone, 3609,
profiling (2.191 ms) : 2171, 2211
.   : milestone, 2191,
tracing (1.788 ms) : 1773, 1803
.   : milestone, 1788,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.193 ms [1.182 ms, 1.205 ms] -
iast 3.154 ms [3.116 ms, 3.192 ms] 1.96 ms (164.3%)
iast_FULL 5.734 ms [5.678 ms, 5.791 ms] 4.541 ms (380.5%)
iast_GLOBAL 3.656 ms [3.598 ms, 3.714 ms] 2.463 ms (206.3%)
profiling 2.036 ms [2.018 ms, 2.053 ms] 842.152 µs (70.6%)
tracing 1.79 ms [1.775 ms, 1.804 ms] 596.064 µs (49.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.202 ms [1.19 ms, 1.214 ms] -
iast 3.248 ms [3.206 ms, 3.291 ms] 2.047 ms (170.3%)
iast_FULL 5.88 ms [5.822 ms, 5.939 ms] 4.679 ms (389.3%)
iast_GLOBAL 3.609 ms [3.554 ms, 3.663 ms] 2.407 ms (200.3%)
profiling 2.191 ms [2.171 ms, 2.211 ms] 989.197 µs (82.3%)
tracing 1.788 ms [1.773 ms, 1.803 ms] 585.906 µs (48.8%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.55 ms) : 18356, 18744
.   : milestone, 18550,
appsec (18.677 ms) : 18487, 18867
.   : milestone, 18677,
code_origins (17.74 ms) : 17563, 17916
.   : milestone, 17740,
iast (17.569 ms) : 17393, 17744
.   : milestone, 17569,
profiling (19.484 ms) : 19289, 19680
.   : milestone, 19484,
tracing (17.667 ms) : 17494, 17841
.   : milestone, 17667,
section candidate
no_agent (18.257 ms) : 18069, 18445
.   : milestone, 18257,
appsec (18.949 ms) : 18757, 19141
.   : milestone, 18949,
code_origins (17.907 ms) : 17732, 18082
.   : milestone, 17907,
iast (17.559 ms) : 17383, 17735
.   : milestone, 17559,
profiling (19.627 ms) : 19426, 19829
.   : milestone, 19627,
tracing (17.863 ms) : 17687, 18038
.   : milestone, 17863,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.55 ms [18.356 ms, 18.744 ms] -
appsec 18.677 ms [18.487 ms, 18.867 ms] 126.68 µs (0.7%)
code_origins 17.74 ms [17.563 ms, 17.916 ms] -810.886 µs (-4.4%)
iast 17.569 ms [17.393 ms, 17.744 ms] -981.737 µs (-5.3%)
profiling 19.484 ms [19.289 ms, 19.68 ms] 933.952 µs (5.0%)
tracing 17.667 ms [17.494 ms, 17.841 ms] -883.0 µs (-4.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.257 ms [18.069 ms, 18.445 ms] -
appsec 18.949 ms [18.757 ms, 19.141 ms] 691.854 µs (3.8%)
code_origins 17.907 ms [17.732 ms, 18.082 ms] -350.371 µs (-1.9%)
iast 17.559 ms [17.383 ms, 17.735 ms] -698.24 µs (-3.8%)
profiling 19.627 ms [19.426 ms, 19.829 ms] 1.37 ms (7.5%)
tracing 17.863 ms [17.687 ms, 18.038 ms] -394.737 µs (-2.2%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sarahchen6/fix-policy
git_commit_date 1765477337 1765478036
git_commit_sha 1cf6a7b ad54eea
release_version 1.57.0-SNAPSHOT~1cf6a7b04e 1.57.0-SNAPSHOT~ad54eea7ab
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1765480248 1765480248
ci_job_id 1288485635 1288485635
ci_pipeline_id 86299226 86299226
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-2-dctj10xw 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-2-dctj10xw 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.089 s) : 15089000, 15089000
.   : milestone, 15089000,
appsec (14.455 s) : 14455000, 14455000
.   : milestone, 14455000,
iast (17.972 s) : 17972000, 17972000
.   : milestone, 17972000,
iast_GLOBAL (17.957 s) : 17957000, 17957000
.   : milestone, 17957000,
profiling (14.672 s) : 14672000, 14672000
.   : milestone, 14672000,
tracing (14.582 s) : 14582000, 14582000
.   : milestone, 14582000,
section candidate
no_agent (15.583 s) : 15583000, 15583000
.   : milestone, 15583000,
appsec (14.98 s) : 14980000, 14980000
.   : milestone, 14980000,
iast (18.132 s) : 18132000, 18132000
.   : milestone, 18132000,
iast_GLOBAL (17.875 s) : 17875000, 17875000
.   : milestone, 17875000,
profiling (14.483 s) : 14483000, 14483000
.   : milestone, 14483000,
tracing (14.743 s) : 14743000, 14743000
.   : milestone, 14743000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.089 s [15.089 s, 15.089 s] -
appsec 14.455 s [14.455 s, 14.455 s] -634.0 ms (-4.2%)
iast 17.972 s [17.972 s, 17.972 s] 2.883 s (19.1%)
iast_GLOBAL 17.957 s [17.957 s, 17.957 s] 2.868 s (19.0%)
profiling 14.672 s [14.672 s, 14.672 s] -417.0 ms (-2.8%)
tracing 14.582 s [14.582 s, 14.582 s] -507.0 ms (-3.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.583 s [15.583 s, 15.583 s] -
appsec 14.98 s [14.98 s, 14.98 s] -603.0 ms (-3.9%)
iast 18.132 s [18.132 s, 18.132 s] 2.549 s (16.4%)
iast_GLOBAL 17.875 s [17.875 s, 17.875 s] 2.292 s (14.7%)
profiling 14.483 s [14.483 s, 14.483 s] -1.1 s (-7.1%)
tracing 14.743 s [14.743 s, 14.743 s] -840.0 ms (-5.4%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~ad54eea7ab, baseline=1.57.0-SNAPSHOT~1cf6a7b04e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1464, 1487
.   : milestone, 1475,
appsec (3.617 ms) : 3402, 3831
.   : milestone, 3617,
iast (2.21 ms) : 2146, 2274
.   : milestone, 2210,
iast_GLOBAL (2.249 ms) : 2185, 2314
.   : milestone, 2249,
profiling (2.061 ms) : 2008, 2113
.   : milestone, 2061,
tracing (2.037 ms) : 1987, 2088
.   : milestone, 2037,
section candidate
no_agent (1.477 ms) : 1465, 1488
.   : milestone, 1477,
appsec (3.679 ms) : 3462, 3896
.   : milestone, 3679,
iast (2.198 ms) : 2134, 2262
.   : milestone, 2198,
iast_GLOBAL (2.243 ms) : 2179, 2308
.   : milestone, 2243,
profiling (2.088 ms) : 2034, 2142
.   : milestone, 2088,
tracing (2.037 ms) : 1987, 2088
.   : milestone, 2037,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.475 ms [1.464 ms, 1.487 ms] -
appsec 3.617 ms [3.402 ms, 3.831 ms] 2.141 ms (145.1%)
iast 2.21 ms [2.146 ms, 2.274 ms] 734.37 µs (49.8%)
iast_GLOBAL 2.249 ms [2.185 ms, 2.314 ms] 773.75 µs (52.4%)
profiling 2.061 ms [2.008 ms, 2.113 ms] 585.47 µs (39.7%)
tracing 2.037 ms [1.987 ms, 2.088 ms] 561.748 µs (38.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.477 ms [1.465 ms, 1.488 ms] -
appsec 3.679 ms [3.462 ms, 3.896 ms] 2.202 ms (149.1%)
iast 2.198 ms [2.134 ms, 2.262 ms] 721.173 µs (48.8%)
iast_GLOBAL 2.243 ms [2.179 ms, 2.308 ms] 766.772 µs (51.9%)
profiling 2.088 ms [2.034 ms, 2.142 ms] 611.386 µs (41.4%)
tracing 2.037 ms [1.987 ms, 2.088 ms] 560.471 µs (38.0%)

@sarahchen6 sarahchen6 merged commit f2a8d05 into master Dec 11, 2025
555 checks passed
@sarahchen6 sarahchen6 deleted the sarahchen6/fix-policy branch December 11, 2025 19:39
@github-actions github-actions bot added this to the 1.57.0 milestone Dec 11, 2025
This was referenced Dec 12, 2025
Merged
Closed
Merged
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mhlidd mhlidd mhlidd approved these changes

@PerfectSlayer PerfectSlayer Awaiting requested review from PerfectSlayer PerfectSlayer is a code owner automatically assigned from DataDog/apm-lang-platform-java

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD Awaiting requested review from AlexeyKuznetsov-DD

Assignees

No one assigned

Labels

comp: tooling Build & Tooling tag: no release notes Changes to exclude from release notes

Projects

None yet

Milestone

1.57.0

Development

Successfully merging this pull request may close these issues.

2 participants

@sarahchen6 @mhlidd