Send RASP LFI capability only when AppSec is statically enabled #8573

jandro996 · 2025-03-17T13:40:23Z

What Does This Do

Only send RASP LFI capability if appsec is fully enabled

Motivation

Some RASP features have been implemented using callsite instrumentation, specifically LFI and partially SSRF.

Since callsite instrumentation requires activation at application startup to function correctly, it will not work properly when RASP is dynamically enabled via 1-click activation.

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-57025

pr-commenter · 2025-03-17T14:16:34Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/conditional-lfi-capability
git_commit_date	1742221809	1742221930
git_commit_sha	`5fb00dc`	`22799cb`
release_version	1.48.0-SNAPSHOT~5fb00dc125	1.48.0-SNAPSHOT~22799cbf16

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742224273	1742224273
ci_job_id	850777491	850777491
ci_pipeline_id	59036424	59036424
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-xgmmukrd-project-304-concurrent-0-0q121vuk 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-xgmmukrd-project-304-concurrent-0-0q121vuk 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 3 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:petclinic:iast:Remote Config	better [-65.346µs; -13.112µs] or [-10.417%; -2.090%]	588.062µs	627.291µs

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.049 s) : 0, 1048901
Total [baseline] (8.717 s) : 0, 8717149
Agent [candidate] (1.042 s) : 0, 1041513
Total [candidate] (8.704 s) : 0, 8703984
section iast
Agent [baseline] (1.177 s) : 0, 1177258
Total [baseline] (9.273 s) : 0, 9273011
Agent [candidate] (1.186 s) : 0, 1186142
Total [candidate] (9.258 s) : 0, 9258102
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.174 s) : 0, 1173999
Total [baseline] (9.202 s) : 0, 9201780
Agent [candidate] (1.175 s) : 0, 1174784
Total [candidate] (9.208 s) : 0, 9208141
section iast_TELEMETRY_OFF
Agent [baseline] (1.171 s) : 0, 1171416
Total [baseline] (9.262 s) : 0, 9262300
Agent [candidate] (1.177 s) : 0, 1177462
Total [candidate] (9.268 s) : 0, 9267686

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.049 s	-
Agent	iast	1.177 s	128.357 ms (12.2%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.174 s	125.098 ms (11.9%)
Agent	iast_TELEMETRY_OFF	1.171 s	122.516 ms (11.7%)
Total	tracing	8.717 s	-
Total	iast	9.273 s	555.862 ms (6.4%)
Total	iast_HARDCODED_SECRET_DISABLED	9.202 s	484.631 ms (5.6%)
Total	iast_TELEMETRY_OFF	9.262 s	545.151 ms (6.3%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.042 s	-
Agent	iast	1.186 s	144.629 ms (13.9%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.175 s	133.271 ms (12.8%)
Agent	iast_TELEMETRY_OFF	1.177 s	135.949 ms (13.1%)
Total	tracing	8.704 s	-
Total	iast	9.258 s	554.118 ms (6.4%)
Total	iast_HARDCODED_SECRET_DISABLED	9.208 s	504.157 ms (5.8%)
Total	iast_TELEMETRY_OFF	9.268 s	563.702 ms (6.5%)

gantt
    title insecure-bank - break down per module: candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (724.049 ms) : 0, 724049
BytebuddyAgent [candidate] (717.673 ms) : 0, 717673
GlobalTracer [baseline] (241.282 ms) : 0, 241282
GlobalTracer [candidate] (239.767 ms) : 0, 239767
AppSec [baseline] (54.626 ms) : 0, 54626
AppSec [candidate] (54.662 ms) : 0, 54662
Remote Config [baseline] (685.487 µs) : 0, 685
Remote Config [candidate] (697.779 µs) : 0, 698
Telemetry [baseline] (13.031 ms) : 0, 13031
Telemetry [candidate] (13.564 ms) : 0, 13564
section iast
BytebuddyAgent [baseline] (842.216 ms) : 0, 842216
BytebuddyAgent [candidate] (849.528 ms) : 0, 849528
GlobalTracer [baseline] (230.98 ms) : 0, 230980
GlobalTracer [candidate] (232.303 ms) : 0, 232303
IAST [baseline] (23.032 ms) : 0, 23032
IAST [candidate] (23.965 ms) : 0, 23965
AppSec [baseline] (56.392 ms) : 0, 56392
AppSec [candidate] (55.49 ms) : 0, 55490
Remote Config [baseline] (619.577 µs) : 0, 620
Remote Config [candidate] (610.332 µs) : 0, 610
Telemetry [baseline] (8.797 ms) : 0, 8797
Telemetry [candidate] (8.815 ms) : 0, 8815
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (839.441 ms) : 0, 839441
BytebuddyAgent [candidate] (840.685 ms) : 0, 840685
GlobalTracer [baseline] (230.746 ms) : 0, 230746
GlobalTracer [candidate] (231.136 ms) : 0, 231136
IAST [baseline] (22.99 ms) : 0, 22990
IAST [candidate] (22.775 ms) : 0, 22775
AppSec [baseline] (56.218 ms) : 0, 56218
AppSec [candidate] (55.527 ms) : 0, 55527
Remote Config [baseline] (601.196 µs) : 0, 601
Remote Config [candidate] (594.323 µs) : 0, 594
Telemetry [baseline] (8.757 ms) : 0, 8757
Telemetry [candidate] (8.747 ms) : 0, 8747
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (837.685 ms) : 0, 837685
BytebuddyAgent [candidate] (842.096 ms) : 0, 842096
GlobalTracer [baseline] (230.456 ms) : 0, 230456
GlobalTracer [candidate] (231.584 ms) : 0, 231584
IAST [baseline] (22.458 ms) : 0, 22458
IAST [candidate] (22.602 ms) : 0, 22602
AppSec [baseline] (56.306 ms) : 0, 56306
AppSec [candidate] (56.491 ms) : 0, 56491
Remote Config [baseline] (611.93 µs) : 0, 612
Remote Config [candidate] (608.422 µs) : 0, 608
Telemetry [baseline] (8.667 ms) : 0, 8667
Telemetry [candidate] (8.728 ms) : 0, 8728

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.047 s) : 0, 1046656
Total [baseline] (10.498 s) : 0, 10498038
Agent [candidate] (1.042 s) : 0, 1041694
Total [candidate] (10.452 s) : 0, 10451813
section appsec
Agent [baseline] (1.195 s) : 0, 1194614
Total [baseline] (10.805 s) : 0, 10805309
Agent [candidate] (1.188 s) : 0, 1188166
Total [candidate] (10.83 s) : 0, 10830095
section iast
Agent [baseline] (1.199 s) : 0, 1198740
Total [baseline] (11.027 s) : 0, 11026604
Agent [candidate] (1.174 s) : 0, 1173821
Total [candidate] (11.031 s) : 0, 11031306
section profiling
Agent [baseline] (1.261 s) : 0, 1260998
Total [baseline] (10.829 s) : 0, 10828931
Agent [candidate] (1.259 s) : 0, 1258831
Total [candidate] (10.902 s) : 0, 10901833

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.047 s	-
Agent	appsec	1.195 s	147.957 ms (14.1%)
Agent	iast	1.199 s	152.084 ms (14.5%)
Agent	profiling	1.261 s	214.342 ms (20.5%)
Total	tracing	10.498 s	-
Total	appsec	10.805 s	307.271 ms (2.9%)
Total	iast	11.027 s	528.565 ms (5.0%)
Total	profiling	10.829 s	330.893 ms (3.2%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.042 s	-
Agent	appsec	1.188 s	146.472 ms (14.1%)
Agent	iast	1.174 s	132.127 ms (12.7%)
Agent	profiling	1.259 s	217.137 ms (20.8%)
Total	tracing	10.452 s	-
Total	appsec	10.83 s	378.282 ms (3.6%)
Total	iast	11.031 s	579.494 ms (5.5%)
Total	profiling	10.902 s	450.021 ms (4.3%)

gantt
    title petclinic - break down per module: candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (722.964 ms) : 0, 722964
BytebuddyAgent [candidate] (718.42 ms) : 0, 718420
GlobalTracer [baseline] (240.93 ms) : 0, 240930
GlobalTracer [candidate] (240.01 ms) : 0, 240010
AppSec [baseline] (55.27 ms) : 0, 55270
AppSec [candidate] (55.042 ms) : 0, 55042
Remote Config [baseline] (712.896 µs) : 0, 713
Remote Config [candidate] (690.546 µs) : 0, 691
Telemetry [baseline] (11.538 ms) : 0, 11538
Telemetry [candidate] (12.266 ms) : 0, 12266
section appsec
BytebuddyAgent [baseline] (743.41 ms) : 0, 743410
BytebuddyAgent [candidate] (740.156 ms) : 0, 740156
GlobalTracer [baseline] (238.577 ms) : 0, 238577
GlobalTracer [candidate] (237.386 ms) : 0, 237386
AppSec [baseline] (177.491 ms) : 0, 177491
AppSec [candidate] (175.46 ms) : 0, 175460
Remote Config [baseline] (668.037 µs) : 0, 668
Remote Config [candidate] (666.069 µs) : 0, 666
Telemetry [baseline] (8.311 ms) : 0, 8311
Telemetry [candidate] (8.302 ms) : 0, 8302
IAST [baseline] (21.684 ms) : 0, 21684
IAST [candidate] (21.898 ms) : 0, 21898
section iast
BytebuddyAgent [baseline] (859.756 ms) : 0, 859756
BytebuddyAgent [candidate] (840.0 ms) : 0, 840000
GlobalTracer [baseline] (233.859 ms) : 0, 233859
GlobalTracer [candidate] (230.692 ms) : 0, 230692
AppSec [baseline] (56.75 ms) : 0, 56750
AppSec [candidate] (56.014 ms) : 0, 56014
Remote Config [baseline] (627.291 µs) : 0, 627
Remote Config [candidate] (588.062 µs) : 0, 588
Telemetry [baseline] (8.867 ms) : 0, 8867
Telemetry [candidate] (8.615 ms) : 0, 8615
IAST [baseline] (23.33 ms) : 0, 23330
IAST [candidate] (22.768 ms) : 0, 22768
section profiling
ProfilingAgent [baseline] (96.725 ms) : 0, 96725
ProfilingAgent [candidate] (96.026 ms) : 0, 96026
BytebuddyAgent [baseline] (709.44 ms) : 0, 709440
BytebuddyAgent [candidate] (709.04 ms) : 0, 709040
GlobalTracer [baseline] (350.153 ms) : 0, 350153
GlobalTracer [candidate] (350.078 ms) : 0, 350078
AppSec [baseline] (54.354 ms) : 0, 54354
AppSec [candidate] (53.441 ms) : 0, 53441
Remote Config [baseline] (690.379 µs) : 0, 690
Remote Config [candidate] (669.978 µs) : 0, 670
Telemetry [baseline] (8.943 ms) : 0, 8943
Telemetry [candidate] (8.844 ms) : 0, 8844
Profiling [baseline] (96.749 ms) : 0, 96749
Profiling [candidate] (96.049 ms) : 0, 96049

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-03-17T14:41:19	2025-03-17T14:49:02
git_branch	master	alejandro.gonzalez/conditional-lfi-capability
git_commit_date	1742221809	1742221930
git_commit_sha	`5fb00dc`	`22799cb`
release_version	1.48.0-SNAPSHOT~5fb00dc125	1.48.0-SNAPSHOT~22799cbf16
start_time	2025-03-17T14:41:05	2025-03-17T14:48:48

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742223339	1742223339
ci_job_id	850777492	850777492
ci_pipeline_id	59036424	59036424
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-skryryjy-project-304-concurrent-0-mqwy8k9t 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-skryryjy-project-304-concurrent-0-mqwy8k9t 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 16 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125
    dateFormat X
    axisFormat %s
section baseline
no_agent (377.681 µs) : 358, 398
.   : milestone, 378,
iast (505.423 µs) : 483, 527
.   : milestone, 505,
iast_FULL (726.9 µs) : 705, 749
.   : milestone, 727,
iast_GLOBAL (552.424 µs) : 531, 574
.   : milestone, 552,
iast_HARDCODED_SECRET_DISABLED (504.082 µs) : 483, 526
.   : milestone, 504,
iast_INACTIVE (466.246 µs) : 444, 488
.   : milestone, 466,
iast_TELEMETRY_OFF (494.145 µs) : 473, 516
.   : milestone, 494,
tracing (458.686 µs) : 437, 480
.   : milestone, 459,
section candidate
no_agent (379.811 µs) : 360, 399
.   : milestone, 380,
iast (517.617 µs) : 495, 540
.   : milestone, 518,
iast_FULL (723.662 µs) : 702, 745
.   : milestone, 724,
iast_GLOBAL (552.203 µs) : 531, 574
.   : milestone, 552,
iast_HARDCODED_SECRET_DISABLED (515.251 µs) : 493, 537
.   : milestone, 515,
iast_INACTIVE (461.502 µs) : 441, 482
.   : milestone, 462,
iast_TELEMETRY_OFF (500.657 µs) : 479, 523
.   : milestone, 501,
tracing (457.519 µs) : 436, 479
.   : milestone, 458,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	377.681 µs [357.554 µs, 397.808 µs]	-
iast	505.423 µs [483.487 µs, 527.36 µs]	127.742 µs (33.8%)
iast_FULL	726.9 µs [704.7 µs, 749.101 µs]	349.219 µs (92.5%)
iast_GLOBAL	552.424 µs [530.969 µs, 573.879 µs]	174.743 µs (46.3%)
iast_HARDCODED_SECRET_DISABLED	504.082 µs [482.53 µs, 525.634 µs]	126.401 µs (33.5%)
iast_INACTIVE	466.246 µs [444.309 µs, 488.183 µs]	88.565 µs (23.4%)
iast_TELEMETRY_OFF	494.145 µs [472.589 µs, 515.701 µs]	116.463 µs (30.8%)
tracing	458.686 µs [437.304 µs, 480.068 µs]	81.005 µs (21.4%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	379.811 µs [360.252 µs, 399.369 µs]	-
iast	517.617 µs [495.435 µs, 539.798 µs]	137.806 µs (36.3%)
iast_FULL	723.662 µs [701.896 µs, 745.427 µs]	343.851 µs (90.5%)
iast_GLOBAL	552.203 µs [530.506 µs, 573.901 µs]	172.393 µs (45.4%)
iast_HARDCODED_SECRET_DISABLED	515.251 µs [493.481 µs, 537.021 µs]	135.44 µs (35.7%)
iast_INACTIVE	461.502 µs [440.574 µs, 482.429 µs]	81.691 µs (21.5%)
iast_TELEMETRY_OFF	500.657 µs [478.542 µs, 522.772 µs]	120.846 µs (31.8%)
tracing	457.519 µs [436.353 µs, 478.685 µs]	77.708 µs (20.5%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.355 ms) : 1335, 1375
.   : milestone, 1355,
appsec (1.715 ms) : 1692, 1739
.   : milestone, 1715,
appsec_no_iast (1.739 ms) : 1714, 1764
.   : milestone, 1739,
code_origins (1.671 ms) : 1643, 1698
.   : milestone, 1671,
iast (1.503 ms) : 1478, 1528
.   : milestone, 1503,
profiling (1.51 ms) : 1487, 1534
.   : milestone, 1510,
tracing (1.5 ms) : 1475, 1524
.   : milestone, 1500,
section candidate
no_agent (1.349 ms) : 1329, 1369
.   : milestone, 1349,
appsec (1.735 ms) : 1712, 1757
.   : milestone, 1735,
appsec_no_iast (1.729 ms) : 1704, 1755
.   : milestone, 1729,
code_origins (1.661 ms) : 1634, 1688
.   : milestone, 1661,
iast (1.514 ms) : 1489, 1540
.   : milestone, 1514,
profiling (1.544 ms) : 1520, 1568
.   : milestone, 1544,
tracing (1.501 ms) : 1477, 1526
.   : milestone, 1501,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.355 ms [1.335 ms, 1.375 ms]	-
appsec	1.715 ms [1.692 ms, 1.739 ms]	360.015 µs (26.6%)
appsec_no_iast	1.739 ms [1.714 ms, 1.764 ms]	383.407 µs (28.3%)
code_origins	1.671 ms [1.643 ms, 1.698 ms]	315.416 µs (23.3%)
iast	1.503 ms [1.478 ms, 1.528 ms]	147.761 µs (10.9%)
profiling	1.51 ms [1.487 ms, 1.534 ms]	155.075 µs (11.4%)
tracing	1.5 ms [1.475 ms, 1.524 ms]	144.274 µs (10.6%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.349 ms [1.329 ms, 1.369 ms]	-
appsec	1.735 ms [1.712 ms, 1.757 ms]	385.952 µs (28.6%)
appsec_no_iast	1.729 ms [1.704 ms, 1.755 ms]	380.833 µs (28.2%)
code_origins	1.661 ms [1.634 ms, 1.688 ms]	312.373 µs (23.2%)
iast	1.514 ms [1.489 ms, 1.54 ms]	165.688 µs (12.3%)
profiling	1.544 ms [1.52 ms, 1.568 ms]	195.825 µs (14.5%)
tracing	1.501 ms [1.477 ms, 1.526 ms]	152.71 µs (11.3%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/conditional-lfi-capability
git_commit_date	1742221809	1742221930
git_commit_sha	`5fb00dc`	`22799cb`
release_version	1.48.0-SNAPSHOT~5fb00dc125	1.48.0-SNAPSHOT~22799cbf16

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1742223823	1742223823
ci_job_id	850777493	850777493
ci_pipeline_id	59036424	59036424
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-xgmmukrd-project-304-concurrent-1-fqwt3ag5 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-xgmmukrd-project-304-concurrent-1-fqwt3ag5 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.274 s) : 15274000, 15274000
.   : milestone, 15274000,
appsec (14.782 s) : 14782000, 14782000
.   : milestone, 14782000,
iast (18.988 s) : 18988000, 18988000
.   : milestone, 18988000,
iast_GLOBAL (18.225 s) : 18225000, 18225000
.   : milestone, 18225000,
profiling (15.628 s) : 15628000, 15628000
.   : milestone, 15628000,
tracing (14.68 s) : 14680000, 14680000
.   : milestone, 14680000,
section candidate
no_agent (15.114 s) : 15114000, 15114000
.   : milestone, 15114000,
appsec (14.76 s) : 14760000, 14760000
.   : milestone, 14760000,
iast (18.694 s) : 18694000, 18694000
.   : milestone, 18694000,
iast_GLOBAL (18.055 s) : 18055000, 18055000
.   : milestone, 18055000,
profiling (15.788 s) : 15788000, 15788000
.   : milestone, 15788000,
tracing (14.8 s) : 14800000, 14800000
.   : milestone, 14800000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.274 s [15.274 s, 15.274 s]	-
appsec	14.782 s [14.782 s, 14.782 s]	-492.0 ms (-3.2%)
iast	18.988 s [18.988 s, 18.988 s]	3.714 s (24.3%)
iast_GLOBAL	18.225 s [18.225 s, 18.225 s]	2.951 s (19.3%)
profiling	15.628 s [15.628 s, 15.628 s]	354.0 ms (2.3%)
tracing	14.68 s [14.68 s, 14.68 s]	-594.0 ms (-3.9%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.114 s [15.114 s, 15.114 s]	-
appsec	14.76 s [14.76 s, 14.76 s]	-354.0 ms (-2.3%)
iast	18.694 s [18.694 s, 18.694 s]	3.58 s (23.7%)
iast_GLOBAL	18.055 s [18.055 s, 18.055 s]	2.941 s (19.5%)
profiling	15.788 s [15.788 s, 15.788 s]	674.0 ms (4.5%)
tracing	14.8 s [14.8 s, 14.8 s]	-314.0 ms (-2.1%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~22799cbf16, baseline=1.48.0-SNAPSHOT~5fb00dc125
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (2.347 ms) : 2302, 2391
.   : milestone, 2347,
iast (2.125 ms) : 2069, 2181
.   : milestone, 2125,
iast_GLOBAL (2.182 ms) : 2124, 2240
.   : milestone, 2182,
profiling (1.987 ms) : 1942, 2033
.   : milestone, 1987,
tracing (1.937 ms) : 1894, 1979
.   : milestone, 1937,
section candidate
no_agent (1.47 ms) : 1459, 1482
.   : milestone, 1470,
appsec (2.328 ms) : 2284, 2372
.   : milestone, 2328,
iast (2.132 ms) : 2075, 2189
.   : milestone, 2132,
iast_GLOBAL (2.155 ms) : 2099, 2211
.   : milestone, 2155,
profiling (1.97 ms) : 1926, 2014
.   : milestone, 1970,
tracing (1.955 ms) : 1912, 1999
.   : milestone, 1955,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.457 ms, 1.48 ms]	-
appsec	2.347 ms [2.302 ms, 2.391 ms]	878.125 µs (59.8%)
iast	2.125 ms [2.069 ms, 2.181 ms]	656.365 µs (44.7%)
iast_GLOBAL	2.182 ms [2.124 ms, 2.24 ms]	713.481 µs (48.6%)
profiling	1.987 ms [1.942 ms, 2.033 ms]	518.735 µs (35.3%)
tracing	1.937 ms [1.894 ms, 1.979 ms]	468.06 µs (31.9%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.47 ms [1.459 ms, 1.482 ms]	-
appsec	2.328 ms [2.284 ms, 2.372 ms]	857.787 µs (58.3%)
iast	2.132 ms [2.075 ms, 2.189 ms]	661.18 µs (45.0%)
iast_GLOBAL	2.155 ms [2.099 ms, 2.211 ms]	684.442 µs (46.5%)
profiling	1.97 ms [1.926 ms, 2.014 ms]	499.542 µs (34.0%)
tracing	1.955 ms [1.912 ms, 1.999 ms]	484.933 µs (33.0%)

…8573) What Does This Do Only send RASP LFI capability if appsec is fully enabled Motivation Some RASP features have been implemented using callsite instrumentation, specifically LFI and partially SSRF. Since callsite instrumentation requires activation at application startup to function correctly, it will not work properly when RASP is dynamically enabled via 1-click activation.

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle | minor | `11.6.0` -> `11.7.0` | | [com.squareup.okio:okio-fakefilesystem](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.squareup.okio:okio](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.15.0` -> `2.16.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | --- ### Release Notes <details> <summary>square/okio (com.squareup.okio:okio-fakefilesystem)</summary> ### [`v3.11.0`](https://github.com/square/okio/blob/HEAD/CHANGELOG.md#Version-3110) *2025-04-09* - Fix: Clear the deflater's byte array reference - New: Faster implementation of `String.decodeHex()` on Kotlin/JS. - New: Declare `EXACTLY_ONCE` execution for blocks like `Closeable.use {}` and `FileSystem.read {}`. - Upgrade: \[Kotlin 2.1.20]\[kotlin\_2\_1\_20]. </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.16.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2160) - \[Feat]: support `com.android.test` projects. - \[Feat]: support typesafe project accessors with opt-in. ```kotlin dependencyAnalysis { useTypesafeProjectAccessors(true) // false by default } ``` </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.48.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.1): 1.48.1 ### Components #### Tracer internal logging - 🐛 Remove print line causing unnecessary logs ([#8687](DataDog/dd-trace-java#8687) - [@sarahchen6](https://github.com/sarahchen6)) ### [`v1.48.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.0): 1.48.0 ### Known Bugs > \[!NOTE] > If you are experiencing issues with spamming timeout logs, please update to the [latest version](https://github.com/DataDog/dd-trace-java/releases/latest) or set [JDK_SOCKET_ENABLED](https://github.com/DataDog/dd-trace-java/blob/33fc3c9a9b7cda3beda88b8b3e5224ae2b10764a/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java#L98) to false. ### Components #### Application Security Management (IAST) - ✨ Fix vulnerability location org.jose4j.lang.HashUtil ([#8610](DataDog/dd-trace-java#8610) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak randomness in oracle.ucp.util.OpaqueString ([#8609](DataDog/dd-trace-java#8609) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak hash false positive in oracle.security.o5logon.O5Logon ([#8608](DataDog/dd-trace-java#8608) - [@jandro996](https://github.com/jandro996)) - 🐛 Prevent before callsites targeting constructors in super calls ([#8549](DataDog/dd-trace-java#8549) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Application Security Management (WAF) - ✨ Update login events public SDK to V2 ([#8620](DataDog/dd-trace-java#8620) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#8573](DataDog/dd-trace-java#8573) - [@jandro996](https://github.com/jandro996)) - ✨ Improve detection of missing request end events ([#8510](DataDog/dd-trace-java#8510) - [@smola](https://github.com/smola)) - 🧹 Remove remote configuration for API Security sampling rate ([#8486](DataDog/dd-trace-java#8486) - [@smola](https://github.com/smola)) - ✨ Add setUser to user monitoring SDK ([#8482](DataDog/dd-trace-java#8482) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add missing address for signup event ([#8469](DataDog/dd-trace-java#8469) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Allow login events SDK to be used with appsec disabled ([#8464](DataDog/dd-trace-java#8464) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for endpoint discovery in spring mvc ([#8352](DataDog/dd-trace-java#8352) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ New API Security sampling algorithm ([#8178](DataDog/dd-trace-java#8178) - [@ValentinZakharov](https://github.com/ValentinZakharov)) #### Build & Tooling - ✨ Add buffer size customizability to JDK UDS support ([#8629](DataDog/dd-trace-java#8629) - [@sarahchen6](https://github.com/sarahchen6)) - ✨ Add JDK built-in support for UDS on Java 16+ ([#8314](DataDog/dd-trace-java#8314) - [@sarahchen6](https://github.com/sarahchen6)) #### Configuration at Runtime - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#8573](DataDog/dd-trace-java#8573) - [@jandro996](https://github.com/jandro996)) #### Continuous Integration Visibility - 🐛 Prevent double reporting of Scalatest events when using SBT with test forking ([#8682](DataDog/dd-trace-java#8682) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Shutdown CI Visibility test event handlers before tracer ([#8677](DataDog/dd-trace-java#8677) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Do not apply JUnit 4 instrumentation to MUnit runners ([#8675](DataDog/dd-trace-java#8675), [#8683](DataDog/dd-trace-java#8683) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Remove error log when source path resolution fails on isModified check ([#8663](DataDog/dd-trace-java#8663) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement tests reordering for JUnit 4 ([#8650](DataDog/dd-trace-java#8650) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Set default Attempt to Fix retries if none provided from the backend ([#8615](DataDog/dd-trace-java#8615) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Allow to manually set PR info ([#8566](DataDog/dd-trace-java#8566) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix Test Optimization init when repo root cannot be determined ([#8533](DataDog/dd-trace-java#8533) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add capabilities tagging ([#8499](DataDog/dd-trace-java#8499), [#8540](DataDog/dd-trace-java#8540) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Crash tracking - 🐛 Remove dependency on bash from crash/oome uploder scripts ([#8652](DataDog/dd-trace-java#8652) - [@jbachorik](https://github.com/jbachorik)) #### Data Streams Monitoring - ✨ e2e pipeline configuration when data jobs is enabled ([#8553](DataDog/dd-trace-java#8553) - [@kr-igor](https://github.com/kr-igor)) #### Dynamic Instrumentation - 🐛 Fix In-Product when config is empty ([#8679](DataDog/dd-trace-java#8679) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add support for filtering shaded third-party libs ([#8612](DataDog/dd-trace-java#8612) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add In-Product Enablement ([#8587](DataDog/dd-trace-java#8587) - [@jpbempel](https://github.com/jpbempel)) - ✨⚡ Reduce footprint of SourceFile tracking ([#8524](DataDog/dd-trace-java#8524) - [@jpbempel](https://github.com/jpbempel)) - ✨⚡ Optimize the SourceFile tracking ([#8520](DataDog/dd-trace-java#8520) - [@jpbempel](https://github.com/jpbempel)) #### OpenTracing - 🧹 Remove activeScope() use in OpenTracing shim ([#8478](DataDog/dd-trace-java#8478) - [@mcculls](https://github.com/mcculls)) #### Profiling - ✨ Add profiler env check command to AgentCLI ([#8671](DataDog/dd-trace-java#8671) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.23.0 ([#8668](DataDog/dd-trace-java#8668) - [@jbachorik](https://github.com/jbachorik)) - Fix a crash related to ElfParser::loadSymbolTable ([#191](DataDog/dd-trace-java#191)) by [@yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#192 - Unwind String.indexOf intrinsic on AArch64 by [@MattAlp](https://github.com/MattAlp) in DataDog/java-profiler#193 - Fix Java 24 support by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#194 - A set of fixes related to clang, aarch64 and musl pecularities of vmstructs stack unwinder by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#199 - 🐛 Remove process information from JFR recording ([#8661](DataDog/dd-trace-java#8661) - [@r1viollet](https://github.com/r1viollet)) - 🐛 Make TempLocationManager USER aware ([#8605](DataDog/dd-trace-java#8605) - [@jbachorik](https://github.com/jbachorik)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#8561](DataDog/dd-trace-java#8561) - [@wmouchere](https://github.com/wmouchere)) #### Telemetry - 🐛 Fix appsec.rasp.error and appsec.waf.error telemetry metrics ([#8624](DataDog/dd-trace-java#8624) - [@jandro996](https://github.com/jandro996)) - ✨ Create metric: appsec.rasp.rule.skipped ([#8618](DataDog/dd-trace-java#8618) - [@jandro996](https://github.com/jandro996)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#8561](DataDog/dd-trace-java#8561) - [@wmouchere](https://github.com/wmouchere)) #### Testing - 🧹 Simplify ssi tests one-pipeline ([#8558](DataDog/dd-trace-java#8558) - [@robertomonteromiguel](https://github.com/robertomonteromiguel)) - ✨ Add smoke tests for java's concurrent API ([#8438](DataDog/dd-trace-java#8438) - [@sarahchen6](https://github.com/sarahchen6)) #### Trace context propagation - ✨ Adding Support for `TRACE_PROPAGATION_BEHAVIOR_EXTRACT` ([#8535](DataDog/dd-trace-java#8535) - [@mhlidd](https://github.com/mhlidd)) #### Tracer core - 🐛 Ensure shaded helpers have unique names ([#8559](DataDog/dd-trace-java#8559) - [@amarziali](https://github.com/amarziali)) - ✨ Support common config sources for user-provided git info ([#8547](DataDog/dd-trace-java#8547) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Make the default config sources more robust when a security manager is installed ([#8544](DataDog/dd-trace-java#8544) - [@mcculls](https://github.com/mcculls)) - ✨ Support targeting services with configurations in stable configuration file ([#8526](DataDog/dd-trace-java#8526) - [@mtoffl01](https://github.com/mtoffl01)) - ✨ Add new parser for `DD_TAGS` and prioritizing `DD_SERVICE` ([#8296](DataDog/dd-trace-java#8296) - [@mhlidd](https://github.com/mhlidd)) #### Tracer internal logging - 🐛 Add missing debug log for the cloudPayloadTaggingServices config ([#8600](DataDog/dd-trace-java#8600) - [@ygree](https://github.com/ygree)) - ✨ Add the possibility to output the logs of the Java tracer in JSON ([#8083](DataDog/dd-trace-java#8083) - [@cecile75](https://github.com/cecile75)) #### Tracer public API - ✨ Introducing `DD_TRACE_EXPERIMENTAL_FEATURES_ENABLED` Config ([#8536](DataDog/dd-trace-java#8536) - [@mhlidd](https://github.com/mhlidd)) - ✨ Config Consistency Round 2 ([#8489](DataDog/dd-trace-java#8489) - [@mhlidd](https://github.com/mhlidd)) ### Instrumentations #### - 🐛 Fix NPE in getMdcCopy of LoggingEventInstrumentation ([#8599](DataDog/dd-trace-java#8599) - [@ygree](https://github.com/ygree)) #### Apache Spark instrumentation - ✨ Instrument Runtime.exit() to finish spark application spans ([#8572](DataDog/dd-trace-java#8572) - [@paul-laffon-dd](https://github.com/paul-laffon-dd)) - ✨ Configure OpenLineage if present in Spark instrumentation ([#8541](DataDog/dd-trace-java#8541) - [@mobuchowski](https://github.com/mobuchowski)) #### Armeria Instrumentation - ✨ Support armeria grpc 1.32.3 ([#8606](DataDog/dd-trace-java#8606) - [@github-actions](https://github.com/github-actions)\[bot]) #### AWS DynamoDB Instrumentation - ✨ Create DynamoDB instrumentation + add span pointers for `updateItem` and `deleteItem` ([#8490](DataDog/dd-trace-java#8490) - [@nhulston](https://github.com/nhulston)) #### AWS SDK instrumentation - ✨ Add DynamoDB in DEFAULT_TRACE_CLOUD_PAYLOAD_TAGGING_SERVICES ([#8595](DataDog/dd-trace-java#8595) - [@joeyzhao2018](https://github.com/joeyzhao2018)) #### Azure Functions instrumentation - ✨ Enable tracer computed trace metrics by default for Azure Functions ([#8518](DataDog/dd-trace-java#8518) - [@duncanpharvey](https://github.com/duncanpharvey)) - 💡 Add azure-functions instrumentation ([#8432](DataDog/dd-trace-java#8432) - [@duncanpharvey](https://github.com/duncanpharvey)) #### Core Java language instrumentation - 🐛 Fix ForkJoinPool.execute() instrumentation on Java 21+ ([#8560](DataDog/dd-trace-java#8560) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Eclipse Vert.x instrumentation - ✨ Add vertx postgresql client instrumentation ([#8471](DataDog/dd-trace-java#8471) - [@vandonr](https://github.com/vandonr) - thanks for the contribution!) #### Kafka instrumentation - ✨ Support and test kafka-clients 4 ([#8581](DataDog/dd-trace-java#8581) - [@amarziali](https://github.com/amarziali)) #### Kotlin instrumentation - ✨ Avoid disconnected traces when using Kotlin flowOn ([#8651](DataDog/dd-trace-java#8651) - [@mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🧹 Migrate OtelContext wrapper to new internal Context API ([#8645](DataDog/dd-trace-java#8645) - [@mcculls](https://github.com/mcculls)) #### Spring instrumentation - 🐛 Support CompletableFuture on spring webmvc controllers ([#8659](DataDog/dd-trace-java#8659) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for endpoint discovery in spring mvc ([#8352](DataDog/dd-trace-java#8352) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### WebSocket Instrumentation - ✨ Instrument Jetty websocket pojo ([#8562](DataDog/dd-trace-java#8562) - [@amarziali](https://github.com/amarziali)) - 💡 Instrument Java Websocket API (JSR356) ([#8440](DataDog/dd-trace-java#8440) - [@amarziali](https://github.com/amarziali)) #### All other instrumentations - ✨ Introduce cache for peer.hostname lookup ([#8601](DataDog/dd-trace-java#8601) - [@mcculls](https://github.com/mcculls)) - ✨ Support pekko http 1.1 ([#8532](DataDog/dd-trace-java#8532) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 331314f71acaced3adc75ea5d7e855c248d593fc

RASP capabilities for LFI is not sent when RASP is not fully enabled

17566b6

jandro996 added type: enhancement comp: asm waf Application Security Management (WAF) comp: remote config Configuration at Runtime type: bug and removed type: enhancement labels Mar 17, 2025

jandro996 marked this pull request as ready for review March 17, 2025 13:41

jandro996 requested a review from a team as a code owner March 17, 2025 13:41

jandro996 requested review from robertpi, manuel-alvarez-alvarez, smola and sezen-datadog March 17, 2025 13:41

smola changed the title ~~RASP LFI capability should not be sent when RASP is not fully enabled~~ Send RASP LFI capability only when AppSec is statically enabled Mar 17, 2025

Merge branch 'master' into alejandro.gonzalez/conditional-lfi-capability

22799cb

smola approved these changes Mar 17, 2025

View reviewed changes

manuel-alvarez-alvarez approved these changes Mar 17, 2025

View reviewed changes

jandro996 merged commit 1c3133b into master Mar 17, 2025
263 of 269 checks passed

jandro996 deleted the alejandro.gonzalez/conditional-lfi-capability branch March 17, 2025 18:05

github-actions bot added this to the 1.48.0 milestone Mar 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Send RASP LFI capability only when AppSec is statically enabled #8573

Send RASP LFI capability only when AppSec is statically enabled #8573

jandro996 commented Mar 17, 2025 •

edited by jira bot

Loading

pr-commenter bot commented Mar 17, 2025 •

edited

Loading

Send RASP LFI capability only when AppSec is statically enabled #8573

Send RASP LFI capability only when AppSec is statically enabled #8573

Conversation

jandro996 commented Mar 17, 2025 • edited by jira bot Loading

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Mar 17, 2025 • edited Loading

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

jandro996 commented Mar 17, 2025 •

edited by jira bot

Loading

pr-commenter bot commented Mar 17, 2025 •

edited

Loading