Bump the gh-actions-packages group with 5 updates

[dependabot]

Bumps the gh-actions-packages group with 5 updates:

Package	From	To
planetscale/ghcommit-action	0.2.7	0.2.10
DataDog/datadog-static-analyzer-github-action	1.2.2	1.2.3
actions/cache	4.2.2	4.2.3
github/codeql-action	3.28.10	3.28.13
aquasecurity/trivy-action	0.29.0	0.30.0

Updates planetscale/ghcommit-action from 0.2.7 to 0.2.10

Release notes

Sourced from planetscale/ghcommit-action's releases.

v0.2.10

What's Changed

🏕 Changes

• chore(deps): update planetscale/ghcommit-action action to v0.2.9 by @​felix-renovate in planetscale/ghcommit-action#103
• chore(deps): update ghcr.io/planetscale/ghcommit docker tag to v0.1.65 by @​felix-renovate in planetscale/ghcommit-action#104

Full Changelog: planetscale/ghcommit-action@v0.2.9...v0.2.10

v0.2.9

What's Changed

🏕 Changes

• chore(deps): update planetscale/ghcommit-action action to v0.2.8 by @​felix-renovate in planetscale/ghcommit-action#101
• chore(deps): update all non-major dependencies by @​felix-renovate in planetscale/ghcommit-action#102

Full Changelog: planetscale/ghcommit-action@v0.2.8...v0.2.9

v0.2.8

What's Changed

🏕 Changes

• chore(deps): update all non-major dependencies by @​felix-renovate in planetscale/ghcommit-action#100

Full Changelog: planetscale/ghcommit-action@v0.2.7...v0.2.8

Commits

• b1cac81 🤖 Bump version in Dockerfile
• cd95bbf Merge pull request #104 from planetscale/renovate/all-minor-patch-digest
• 485897a chore(deps): update ghcr.io/planetscale/ghcommit docker tag to v0.1.65
• d7536a2 chore(deps): update planetscale/ghcommit-action action to v0.2.9 (#103)
• c6125de 🤖 Bump version in Dockerfile
• c0a7347 Merge pull request #102 from planetscale/renovate/all-minor-patch-digest
• 0804173 chore(deps): update all non-major dependencies
• f035dd9 chore(deps): update planetscale/ghcommit-action action to v0.2.8 (#101)
• 86434b0 🤖 Bump version in Dockerfile
• ece8ea1 Merge pull request #100 from planetscale/renovate/all-minor-patch-digest
• Additional commits viewable in compare view

Updates DataDog/datadog-static-analyzer-github-action from 1.2.2 to 1.2.3

Release notes

Sourced from DataDog/datadog-static-analyzer-github-action's releases.

v1.2.3

This release ensures that the latest version of datadog-ci is used.

Commits

• 2707598 Merge pull request #51 from DataDog/jf/K9VULN-4306
• 62eb52d Add shim Docker image to update @​datadog/datadog-ci
• See full diff in compare view

Updates actions/cache from 4.2.2 to 4.2.3

Release notes

Sourced from actions/cache's releases.

v4.2.3

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

4.2.1

• Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

• Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
• Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

• Restore original behavior of cache-hit output - #1467

4.1.0

• Ensure cache-hit output is set when a cache is missed - #1404
• Deprecate save-always input - #1452

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

... (truncated)

Commits

• 5a3ec84 Merge pull request #1577 from salmanmkc/salmanmkc/4-test
• 7de2102 Update releases.md
• 76d40dd Update to use the latest version of the cache package to obfuscate the SAS
• 76dd5eb update cache with main
• 8c80c27 new package
• 45cfd0e updates
• edd449b updated cache with latest changes
• 0576707 latest test before pr
• 3105dc9 update
• 9450d42 mask
• Additional commits viewable in compare view

Updates github/codeql-action from 3.28.10 to 3.28.13

Release notes

Sourced from github/codeql-action's releases.

v3.28.13

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.13 - 24 Mar 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.12

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.12 - 19 Mar 2025

• Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
• Update default CodeQL bundle version to 2.20.7. #2810

See the full CHANGELOG.md for more information.

v3.28.11

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #2793

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

• Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
• Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

... (truncated)

Commits

• 1b549b9 Merge pull request #2819 from github/update-v3.28.13-e0ea14102
• 82630c8 Update changelog for v3.28.13
• e0ea141 Merge pull request #2818 from github/cklin/empty-pr-diff-range
• b361a91 Diff-informed analysis: fix empty PR handling
• bd1d9ab Merge pull request #2816 from github/cklin/overlay-file-list
• b98ae6c Add overlay-database-utils tests
• 9825184 Add getFileOidsUnderPath() tests
• ac67cff Merge pull request #2817 from github/cklin/default-setup-diff-informed
• 9c674ba build: refresh js files
• d109dd5 Detect PR branches for Default Setup
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.29.0 to 0.30.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.30.0

What's Changed

• fix: Update default trivy version in README by @​derrix060 in aquasecurity/trivy-action#444
• fix: typo in description of an input for action.yaml by @​yutatokoi in aquasecurity/trivy-action#452
• Improve README/SBOM by @​AB-xdev in aquasecurity/trivy-action#439
• chore: bump trivy to v0.60.0 by @​nikpivkin in aquasecurity/trivy-action#453

New Contributors

• @​derrix060 made their first contribution in aquasecurity/trivy-action#444
• @​yutatokoi made their first contribution in aquasecurity/trivy-action#452
• @​AB-xdev made their first contribution in aquasecurity/trivy-action#439

Full Changelog: aquasecurity/trivy-action@0.29.0...0.30.0

Commits

• 6c175e9 chore: bump trivy to v0.60.0 (#453)
• 53e8848 Improve README/SBOM (#439)
• ef1b561 fix: typo in description of an input for action.yaml (#452)
• a11da62 fix: Update default trivy version in README (#444)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

• Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-4939d26006
git_commit_date	1743528797	1743531013
git_commit_sha	d8de104	e9417e4
release_version	1.48.0-SNAPSHOT~d8de1044d6	1.48.0-SNAPSHOT~e9417e4d5c

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1743534349	1743534349
ci_job_id	875605644	875605644
ci_pipeline_id	60698947	60698947
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-fsgpech5-project-304-concurrent-0-8d6e3eq9 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-fsgpech5-project-304-concurrent-0-8d6e3eq9 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 67 metrics, 4 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.06 s) : 0, 1059583
Total [baseline] (8.675 s) : 0, 8674522
Agent [candidate] (1.053 s) : 0, 1052979
Total [candidate] (8.658 s) : 0, 8658253
section iast
Agent [baseline] (1.179 s) : 0, 1179116
Total [baseline] (9.244 s) : 0, 9243981
Agent [candidate] (1.183 s) : 0, 1183148
Total [candidate] (9.278 s) : 0, 9277635
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.183 s) : 0, 1182872
Total [baseline] (9.184 s) : 0, 9184125
Agent [candidate] (1.181 s) : 0, 1181344
Total [candidate] (9.211 s) : 0, 9210869
section iast_TELEMETRY_OFF
Agent [baseline] (1.211 s) : 0, 1210693
Total [baseline] (9.282 s) : 0, 9282288
Agent [candidate] (1.177 s) : 0, 1176653
Total [candidate] (9.291 s) : 0, 9291280

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	iast	1.179 s	119.533 ms (11.3%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.183 s	123.29 ms (11.6%)
Agent	iast_TELEMETRY_OFF	1.211 s	151.11 ms (14.3%)
Total	tracing	8.675 s	-
Total	iast	9.244 s	569.459 ms (6.6%)
Total	iast_HARDCODED_SECRET_DISABLED	9.184 s	509.604 ms (5.9%)
Total	iast_TELEMETRY_OFF	9.282 s	607.766 ms (7.0%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	iast	1.183 s	130.169 ms (12.4%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.181 s	128.365 ms (12.2%)
Agent	iast_TELEMETRY_OFF	1.177 s	123.674 ms (11.7%)
Total	tracing	8.658 s	-
Total	iast	9.278 s	619.383 ms (7.2%)
Total	iast_HARDCODED_SECRET_DISABLED	9.211 s	552.617 ms (6.4%)
Total	iast_TELEMETRY_OFF	9.291 s	633.027 ms (7.3%)

gantt
    title insecure-bank - break down per module: candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (722.963 ms) : 0, 722963
BytebuddyAgent [candidate] (717.983 ms) : 0, 717983
GlobalTracer [baseline] (241.262 ms) : 0, 241262
GlobalTracer [candidate] (239.401 ms) : 0, 239401
AppSec [baseline] (55.427 ms) : 0, 55427
AppSec [candidate] (54.21 ms) : 0, 54210
Debugger [baseline] (4.476 ms) : 0, 4476
Debugger [candidate] (4.426 ms) : 0, 4426
Remote Config [baseline] (692.403 µs) : 0, 692
Remote Config [candidate] (680.207 µs) : 0, 680
Telemetry [baseline] (14.179 ms) : 0, 14179
Telemetry [candidate] (15.81 ms) : 0, 15810
section iast
BytebuddyAgent [baseline] (836.732 ms) : 0, 836732
BytebuddyAgent [candidate] (839.894 ms) : 0, 839894
GlobalTracer [baseline] (229.889 ms) : 0, 229889
GlobalTracer [candidate] (230.036 ms) : 0, 230036
AppSec [baseline] (55.957 ms) : 0, 55957
AppSec [candidate] (56.19 ms) : 0, 56190
Debugger [baseline] (4.121 ms) : 0, 4121
Debugger [candidate] (4.227 ms) : 0, 4227
Remote Config [baseline] (612.676 µs) : 0, 613
Remote Config [candidate] (630.272 µs) : 0, 630
Telemetry [baseline] (8.726 ms) : 0, 8726
Telemetry [candidate] (8.823 ms) : 0, 8823
IAST [baseline] (22.662 ms) : 0, 22662
IAST [candidate] (22.845 ms) : 0, 22845
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (838.123 ms) : 0, 838123
BytebuddyAgent [candidate] (838.267 ms) : 0, 838267
GlobalTracer [baseline] (231.576 ms) : 0, 231576
GlobalTracer [candidate] (229.732 ms) : 0, 229732
AppSec [baseline] (56.083 ms) : 0, 56083
AppSec [candidate] (56.283 ms) : 0, 56283
Debugger [baseline] (4.154 ms) : 0, 4154
Debugger [candidate] (4.179 ms) : 0, 4179
Remote Config [baseline] (626.588 µs) : 0, 627
Remote Config [candidate] (621.335 µs) : 0, 621
Telemetry [baseline] (8.817 ms) : 0, 8817
Telemetry [candidate] (8.819 ms) : 0, 8819
IAST [baseline] (22.998 ms) : 0, 22998
IAST [candidate] (22.892 ms) : 0, 22892
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (861.509 ms) : 0, 861509
BytebuddyAgent [candidate] (834.769 ms) : 0, 834769
GlobalTracer [baseline] (234.433 ms) : 0, 234433
GlobalTracer [candidate] (229.8 ms) : 0, 229800
AppSec [baseline] (56.871 ms) : 0, 56871
AppSec [candidate] (55.891 ms) : 0, 55891
Debugger [baseline] (4.251 ms) : 0, 4251
Debugger [candidate] (4.146 ms) : 0, 4146
Remote Config [baseline] (630.877 µs) : 0, 631
Remote Config [candidate] (610.716 µs) : 0, 611
Telemetry [baseline] (8.908 ms) : 0, 8908
Telemetry [candidate] (8.708 ms) : 0, 8708
IAST [baseline] (23.108 ms) : 0, 23108
IAST [candidate] (22.344 ms) : 0, 22344

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1054566
Total [baseline] (10.428 s) : 0, 10428256
Agent [candidate] (1.063 s) : 0, 1063083
Total [candidate] (10.524 s) : 0, 10523543
section appsec
Agent [baseline] (1.193 s) : 0, 1192642
Total [baseline] (10.731 s) : 0, 10731280
Agent [candidate] (1.194 s) : 0, 1193906
Total [candidate] (10.74 s) : 0, 10739822
section iast
Agent [baseline] (1.181 s) : 0, 1180663
Total [baseline] (11.034 s) : 0, 11033640
Agent [candidate] (1.18 s) : 0, 1179571
Total [candidate] (11.089 s) : 0, 11088819
section profiling
Agent [baseline] (1.287 s) : 0, 1286535
Total [baseline] (10.952 s) : 0, 10951837
Agent [candidate] (1.282 s) : 0, 1282142
Total [candidate] (10.893 s) : 0, 10892934

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.055 s	-
Agent	appsec	1.193 s	138.076 ms (13.1%)
Agent	iast	1.181 s	126.096 ms (12.0%)
Agent	profiling	1.287 s	231.969 ms (22.0%)
Total	tracing	10.428 s	-
Total	appsec	10.731 s	303.024 ms (2.9%)
Total	iast	11.034 s	605.384 ms (5.8%)
Total	profiling	10.952 s	523.581 ms (5.0%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.063 s	-
Agent	appsec	1.194 s	130.823 ms (12.3%)
Agent	iast	1.18 s	116.488 ms (11.0%)
Agent	profiling	1.282 s	219.059 ms (20.6%)
Total	tracing	10.524 s	-
Total	appsec	10.74 s	216.278 ms (2.1%)
Total	iast	11.089 s	565.275 ms (5.4%)
Total	profiling	10.893 s	369.391 ms (3.5%)

gantt
    title petclinic - break down per module: candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (719.564 ms) : 0, 719564
BytebuddyAgent [candidate] (725.145 ms) : 0, 725145
GlobalTracer [baseline] (239.976 ms) : 0, 239976
GlobalTracer [candidate] (241.348 ms) : 0, 241348
AppSec [baseline] (54.427 ms) : 0, 54427
AppSec [candidate] (54.807 ms) : 0, 54807
Debugger [baseline] (4.432 ms) : 0, 4432
Debugger [candidate] (4.474 ms) : 0, 4474
Remote Config [baseline] (680.264 µs) : 0, 680
Remote Config [candidate] (691.501 µs) : 0, 692
Telemetry [baseline] (14.997 ms) : 0, 14997
Telemetry [candidate] (15.971 ms) : 0, 15971
section appsec
BytebuddyAgent [baseline] (736.666 ms) : 0, 736666
BytebuddyAgent [candidate] (737.779 ms) : 0, 737779
GlobalTracer [baseline] (235.902 ms) : 0, 235902
GlobalTracer [candidate] (236.274 ms) : 0, 236274
AppSec [baseline] (175.449 ms) : 0, 175449
AppSec [candidate] (175.584 ms) : 0, 175584
Debugger [baseline] (4.275 ms) : 0, 4275
Debugger [candidate] (4.275 ms) : 0, 4275
Remote Config [baseline] (628.02 µs) : 0, 628
Remote Config [candidate] (633.772 µs) : 0, 634
Telemetry [baseline] (8.533 ms) : 0, 8533
Telemetry [candidate] (8.165 ms) : 0, 8165
IAST [baseline] (21.558 ms) : 0, 21558
IAST [candidate] (21.534 ms) : 0, 21534
section iast
BytebuddyAgent [baseline] (837.475 ms) : 0, 837475
BytebuddyAgent [candidate] (837.096 ms) : 0, 837096
GlobalTracer [baseline] (230.256 ms) : 0, 230256
GlobalTracer [candidate] (229.602 ms) : 0, 229602
AppSec [baseline] (55.975 ms) : 0, 55975
AppSec [candidate] (56.07 ms) : 0, 56070
Debugger [baseline] (4.147 ms) : 0, 4147
Debugger [candidate] (4.166 ms) : 0, 4166
Remote Config [baseline] (613.707 µs) : 0, 614
Remote Config [candidate] (625.663 µs) : 0, 626
Telemetry [baseline] (8.803 ms) : 0, 8803
Telemetry [candidate] (8.801 ms) : 0, 8801
IAST [baseline] (22.844 ms) : 0, 22844
IAST [candidate] (22.737 ms) : 0, 22737
section profiling
BytebuddyAgent [baseline] (716.341 ms) : 0, 716341
BytebuddyAgent [candidate] (714.744 ms) : 0, 714744
GlobalTracer [baseline] (352.616 ms) : 0, 352616
GlobalTracer [candidate] (350.637 ms) : 0, 350637
AppSec [baseline] (54.25 ms) : 0, 54250
AppSec [candidate] (53.279 ms) : 0, 53279
Debugger [baseline] (4.337 ms) : 0, 4337
Debugger [candidate] (4.293 ms) : 0, 4293
Remote Config [baseline] (729.888 µs) : 0, 730
Remote Config [candidate] (726.992 µs) : 0, 727
Telemetry [baseline] (9.088 ms) : 0, 9088
Telemetry [candidate] (9.008 ms) : 0, 9008
ProfilingAgent [baseline] (103.336 ms) : 0, 103336
ProfilingAgent [candidate] (103.577 ms) : 0, 103577
Profiling [baseline] (103.363 ms) : 0, 103363
Profiling [candidate] (103.604 ms) : 0, 103604

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-04-01T18:36:02	2025-04-01T18:43:46
git_branch	master	dependabot/github_actions/gh-actions-packages-4939d26006
git_commit_date	1743528797	1743531013
git_commit_sha	d8de104	e9417e4
release_version	1.48.0-SNAPSHOT~d8de1044d6	1.48.0-SNAPSHOT~e9417e4d5c
start_time	2025-04-01T18:35:48	2025-04-01T18:43:32

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1743533424	1743533424
ci_job_id	875605645	875605645
ci_pipeline_id	60698947	60698947
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-fsgpech5-project-304-concurrent-1-zjtae9y9 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-fsgpech5-project-304-concurrent-1-zjtae9y9 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 16 unstable metrics.

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6
    dateFormat X
    axisFormat %s
section baseline
no_agent (394.446 µs) : 374, 414
.   : milestone, 394,
iast (516.543 µs) : 494, 539
.   : milestone, 517,
iast_FULL (734.736 µs) : 713, 757
.   : milestone, 735,
iast_GLOBAL (572.699 µs) : 549, 596
.   : milestone, 573,
iast_HARDCODED_SECRET_DISABLED (515.6 µs) : 494, 537
.   : milestone, 516,
iast_INACTIVE (469.768 µs) : 449, 491
.   : milestone, 470,
iast_TELEMETRY_OFF (503.9 µs) : 482, 526
.   : milestone, 504,
tracing (461.399 µs) : 440, 482
.   : milestone, 461,
section candidate
no_agent (380.481 µs) : 361, 400
.   : milestone, 380,
iast (510.642 µs) : 489, 532
.   : milestone, 511,
iast_FULL (733.625 µs) : 712, 756
.   : milestone, 734,
iast_GLOBAL (563.752 µs) : 542, 586
.   : milestone, 564,
iast_HARDCODED_SECRET_DISABLED (524.189 µs) : 502, 546
.   : milestone, 524,
iast_INACTIVE (468.153 µs) : 447, 489
.   : milestone, 468,
iast_TELEMETRY_OFF (510.276 µs) : 488, 533
.   : milestone, 510,
tracing (463.925 µs) : 443, 485
.   : milestone, 464,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	394.446 µs [374.447 µs, 414.445 µs]	-
iast	516.543 µs [494.484 µs, 538.602 µs]	122.097 µs (31.0%)
iast_FULL	734.736 µs [712.69 µs, 756.783 µs]	340.291 µs (86.3%)
iast_GLOBAL	572.699 µs [549.48 µs, 595.917 µs]	178.253 µs (45.2%)
iast_HARDCODED_SECRET_DISABLED	515.6 µs [493.992 µs, 537.208 µs]	121.154 µs (30.7%)
iast_INACTIVE	469.768 µs [448.718 µs, 490.818 µs]	75.322 µs (19.1%)
iast_TELEMETRY_OFF	503.9 µs [482.111 µs, 525.689 µs]	109.454 µs (27.7%)
tracing	461.399 µs [440.36 µs, 482.437 µs]	66.953 µs (17.0%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.481 µs [360.92 µs, 400.042 µs]	-
iast	510.642 µs [488.966 µs, 532.319 µs]	130.161 µs (34.2%)
iast_FULL	733.625 µs [711.61 µs, 755.639 µs]	353.143 µs (92.8%)
iast_GLOBAL	563.752 µs [541.69 µs, 585.814 µs]	183.27 µs (48.2%)
iast_HARDCODED_SECRET_DISABLED	524.189 µs [502.309 µs, 546.069 µs]	143.707 µs (37.8%)
iast_INACTIVE	468.153 µs [446.893 µs, 489.413 µs]	87.672 µs (23.0%)
iast_TELEMETRY_OFF	510.276 µs [488.013 µs, 532.538 µs]	129.794 µs (34.1%)
tracing	463.925 µs [442.61 µs, 485.241 µs]	83.444 µs (21.9%)

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.365 ms) : 1346, 1384
.   : milestone, 1365,
appsec (1.726 ms) : 1703, 1749
.   : milestone, 1726,
appsec_no_iast (1.718 ms) : 1695, 1741
.   : milestone, 1718,
code_origins (1.685 ms) : 1657, 1712
.   : milestone, 1685,
iast (1.534 ms) : 1510, 1557
.   : milestone, 1534,
profiling (1.486 ms) : 1462, 1509
.   : milestone, 1486,
tracing (1.503 ms) : 1479, 1527
.   : milestone, 1503,
section candidate
no_agent (1.362 ms) : 1343, 1382
.   : milestone, 1362,
appsec (1.743 ms) : 1719, 1767
.   : milestone, 1743,
appsec_no_iast (1.723 ms) : 1700, 1747
.   : milestone, 1723,
code_origins (1.688 ms) : 1661, 1716
.   : milestone, 1688,
iast (1.52 ms) : 1495, 1545
.   : milestone, 1520,
profiling (1.514 ms) : 1491, 1538
.   : milestone, 1514,
tracing (1.497 ms) : 1472, 1521
.   : milestone, 1497,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.365 ms [1.346 ms, 1.384 ms]	-
appsec	1.726 ms [1.703 ms, 1.749 ms]	361.096 µs (26.5%)
appsec_no_iast	1.718 ms [1.695 ms, 1.741 ms]	352.984 µs (25.9%)
code_origins	1.685 ms [1.657 ms, 1.712 ms]	319.62 µs (23.4%)
iast	1.534 ms [1.51 ms, 1.557 ms]	168.739 µs (12.4%)
profiling	1.486 ms [1.462 ms, 1.509 ms]	120.527 µs (8.8%)
tracing	1.503 ms [1.479 ms, 1.527 ms]	138.045 µs (10.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.362 ms [1.343 ms, 1.382 ms]	-
appsec	1.743 ms [1.719 ms, 1.767 ms]	380.932 µs (28.0%)
appsec_no_iast	1.723 ms [1.7 ms, 1.747 ms]	360.84 µs (26.5%)
code_origins	1.688 ms [1.661 ms, 1.716 ms]	326.178 µs (23.9%)
iast	1.52 ms [1.495 ms, 1.545 ms]	157.917 µs (11.6%)
profiling	1.514 ms [1.491 ms, 1.538 ms]	152.001 µs (11.2%)
tracing	1.497 ms [1.472 ms, 1.521 ms]	134.216 µs (9.9%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-4939d26006
git_commit_date	1743528797	1743531013
git_commit_sha	d8de104	e9417e4
release_version	1.48.0-SNAPSHOT~d8de1044d6	1.48.0-SNAPSHOT~e9417e4d5c

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1743533921	1743533921
ci_job_id	875605646	875605646
ci_pipeline_id	60698947	60698947
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-m1cw8fbu-project-304-concurrent-0-l2jjrue1 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-m1cw8fbu-project-304-concurrent-0-l2jjrue1 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.479 ms) : 1467, 1490
.   : milestone, 1479,
appsec (2.387 ms) : 2340, 2433
.   : milestone, 2387,
iast (2.166 ms) : 2108, 2225
.   : milestone, 2166,
iast_GLOBAL (2.204 ms) : 2145, 2263
.   : milestone, 2204,
profiling (2.04 ms) : 1991, 2088
.   : milestone, 2040,
tracing (1.99 ms) : 1944, 2035
.   : milestone, 1990,
section candidate
no_agent (1.476 ms) : 1465, 1488
.   : milestone, 1476,
appsec (2.382 ms) : 2336, 2428
.   : milestone, 2382,
iast (2.151 ms) : 2093, 2210
.   : milestone, 2151,
iast_GLOBAL (2.21 ms) : 2150, 2269
.   : milestone, 2210,
profiling (2.483 ms) : 2301, 2664
.   : milestone, 2483,
tracing (1.991 ms) : 1946, 2037
.   : milestone, 1991,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.479 ms [1.467 ms, 1.49 ms]	-
appsec	2.387 ms [2.34 ms, 2.433 ms]	908.024 µs (61.4%)
iast	2.166 ms [2.108 ms, 2.225 ms]	687.833 µs (46.5%)
iast_GLOBAL	2.204 ms [2.145 ms, 2.263 ms]	725.62 µs (49.1%)
profiling	2.04 ms [1.991 ms, 2.088 ms]	560.931 µs (37.9%)
tracing	1.99 ms [1.944 ms, 2.035 ms]	511.06 µs (34.6%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.476 ms [1.465 ms, 1.488 ms]	-
appsec	2.382 ms [2.336 ms, 2.428 ms]	905.997 µs (61.4%)
iast	2.151 ms [2.093 ms, 2.21 ms]	675.404 µs (45.8%)
iast_GLOBAL	2.21 ms [2.15 ms, 2.269 ms]	733.599 µs (49.7%)
profiling	2.483 ms [2.301 ms, 2.664 ms]	1.007 ms (68.2%)
tracing	1.991 ms [1.946 ms, 2.037 ms]	515.212 µs (34.9%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~e9417e4d5c, baseline=1.48.0-SNAPSHOT~d8de1044d6
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.368 s) : 15368000, 15368000
.   : milestone, 15368000,
appsec (14.771 s) : 14771000, 14771000
.   : milestone, 14771000,
iast (19.193 s) : 19193000, 19193000
.   : milestone, 19193000,
iast_GLOBAL (17.952 s) : 17952000, 17952000
.   : milestone, 17952000,
profiling (15.102 s) : 15102000, 15102000
.   : milestone, 15102000,
tracing (15.04 s) : 15040000, 15040000
.   : milestone, 15040000,
section candidate
no_agent (14.951 s) : 14951000, 14951000
.   : milestone, 14951000,
appsec (14.93 s) : 14930000, 14930000
.   : milestone, 14930000,
iast (18.504 s) : 18504000, 18504000
.   : milestone, 18504000,
iast_GLOBAL (18.201 s) : 18201000, 18201000
.   : milestone, 18201000,
profiling (14.798 s) : 14798000, 14798000
.   : milestone, 14798000,
tracing (15.242 s) : 15242000, 15242000
.   : milestone, 15242000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.368 s [15.368 s, 15.368 s]	-
appsec	14.771 s [14.771 s, 14.771 s]	-597.0 ms (-3.9%)
iast	19.193 s [19.193 s, 19.193 s]	3.825 s (24.9%)
iast_GLOBAL	17.952 s [17.952 s, 17.952 s]	2.584 s (16.8%)
profiling	15.102 s [15.102 s, 15.102 s]	-266.0 ms (-1.7%)
tracing	15.04 s [15.04 s, 15.04 s]	-328.0 ms (-2.1%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.951 s [14.951 s, 14.951 s]	-
appsec	14.93 s [14.93 s, 14.93 s]	-21.0 ms (-0.1%)
iast	18.504 s [18.504 s, 18.504 s]	3.553 s (23.8%)
iast_GLOBAL	18.201 s [18.201 s, 18.201 s]	3.25 s (21.7%)
profiling	14.798 s [14.798 s, 14.798 s]	-153.0 ms (-1.0%)
tracing	15.242 s [15.242 s, 15.242 s]	291.0 ms (1.9%)

[PerfectSlayer]

Looking good.
I think the CI failures came from the fact the PR was issued from the GitLab bot, as the DD_API_KEY is well still set for the action runner.

Merging it now and keeping an eye on workflow runs.