-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Single Step Instrumentation Guardrails #7568
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PerfectSlayer
changed the title
Bbujon/ssi guardrails
Enable Single Step Instrumentation Guardrails
Sep 5, 2024
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 1 performance regressions! Performance is the same for 50 metrics, 12 unstable metrics.
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.071 s) : 0, 1070773
Total [baseline] (8.553 s) : 0, 8552855
Agent [candidate] (1.078 s) : 0, 1078336
Total [candidate] (8.572 s) : 0, 8572433
section iast
Agent [baseline] (1.213 s) : 0, 1213113
Total [baseline] (9.122 s) : 0, 9121737
Agent [candidate] (1.197 s) : 0, 1197441
Total [candidate] (9.076 s) : 0, 9076034
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.205 s) : 0, 1204647
Total [baseline] (9.119 s) : 0, 9119486
Agent [candidate] (1.216 s) : 0, 1216269
Total [candidate] (9.09 s) : 0, 9089937
section iast_TELEMETRY_OFF
Agent [baseline] (1.203 s) : 0, 1203330
Total [baseline] (9.123 s) : 0, 9122500
Agent [candidate] (1.19 s) : 0, 1190025
Total [candidate] (9.065 s) : 0, 9065208
gantt
title insecure-bank - break down per module: candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.663 ms) : 0, 683663
BytebuddyAgent [candidate] (688.225 ms) : 0, 688225
GlobalTracer [baseline] (310.891 ms) : 0, 310891
GlobalTracer [candidate] (313.26 ms) : 0, 313260
AppSec [baseline] (54.144 ms) : 0, 54144
AppSec [candidate] (54.497 ms) : 0, 54497
Remote Config [baseline] (655.87 µs) : 0, 656
Remote Config [candidate] (673.904 µs) : 0, 674
Telemetry [baseline] (7.685 ms) : 0, 7685
Telemetry [candidate] (7.835 ms) : 0, 7835
section iast
BytebuddyAgent [baseline] (809.424 ms) : 0, 809424
BytebuddyAgent [candidate] (797.506 ms) : 0, 797506
GlobalTracer [baseline] (302.818 ms) : 0, 302818
GlobalTracer [candidate] (299.903 ms) : 0, 299903
AppSec [baseline] (55.962 ms) : 0, 55962
AppSec [candidate] (54.09 ms) : 0, 54090
IAST [baseline] (23.191 ms) : 0, 23191
IAST [candidate] (24.552 ms) : 0, 24552
Remote Config [baseline] (605.088 µs) : 0, 605
Remote Config [candidate] (600.416 µs) : 0, 600
Telemetry [baseline] (7.169 ms) : 0, 7169
Telemetry [candidate] (7.032 ms) : 0, 7032
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (802.669 ms) : 0, 802669
BytebuddyAgent [candidate] (810.602 ms) : 0, 810602
GlobalTracer [baseline] (301.289 ms) : 0, 301289
GlobalTracer [candidate] (304.089 ms) : 0, 304089
AppSec [baseline] (55.887 ms) : 0, 55887
AppSec [candidate] (53.423 ms) : 0, 53423
IAST [baseline] (23.113 ms) : 0, 23113
IAST [candidate] (26.434 ms) : 0, 26434
Remote Config [baseline] (616.959 µs) : 0, 617
Remote Config [candidate] (602.567 µs) : 0, 603
Telemetry [baseline] (7.162 ms) : 0, 7162
Telemetry [candidate] (7.1 ms) : 0, 7100
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (801.525 ms) : 0, 801525
BytebuddyAgent [candidate] (791.362 ms) : 0, 791362
GlobalTracer [baseline] (300.85 ms) : 0, 300850
GlobalTracer [candidate] (298.863 ms) : 0, 298863
AppSec [baseline] (54.765 ms) : 0, 54765
AppSec [candidate] (55.913 ms) : 0, 55913
IAST [baseline] (24.56 ms) : 0, 24560
IAST [candidate] (22.513 ms) : 0, 22513
Remote Config [baseline] (651.624 µs) : 0, 652
Remote Config [candidate] (606.483 µs) : 0, 606
Telemetry [baseline] (7.059 ms) : 0, 7059
Telemetry [candidate] (6.966 ms) : 0, 6966
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1070127
Total [baseline] (10.395 s) : 0, 10395070
Agent [candidate] (1.082 s) : 0, 1081638
Total [candidate] (10.384 s) : 0, 10383541
section appsec
Agent [baseline] (1.201 s) : 0, 1201152
Total [baseline] (10.606 s) : 0, 10606302
Agent [candidate] (1.203 s) : 0, 1203295
Total [candidate] (10.571 s) : 0, 10570969
section iast
Agent [baseline] (1.197 s) : 0, 1197169
Total [baseline] (10.87 s) : 0, 10870416
Agent [candidate] (1.198 s) : 0, 1198230
Total [candidate] (10.851 s) : 0, 10850789
section profiling
Agent [baseline] (1.277 s) : 0, 1276626
Total [baseline] (10.6 s) : 0, 10599846
Agent [candidate] (1.269 s) : 0, 1268770
Total [candidate] (10.686 s) : 0, 10686349
gantt
title petclinic - break down per module: candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.084 ms) : 0, 683084
BytebuddyAgent [candidate] (690.926 ms) : 0, 690926
GlobalTracer [baseline] (310.74 ms) : 0, 310740
GlobalTracer [candidate] (314.071 ms) : 0, 314071
AppSec [baseline] (54.233 ms) : 0, 54233
AppSec [candidate] (54.402 ms) : 0, 54402
Remote Config [baseline] (679.77 µs) : 0, 680
Remote Config [candidate] (685.661 µs) : 0, 686
Telemetry [baseline] (7.675 ms) : 0, 7675
Telemetry [candidate] (7.674 ms) : 0, 7674
section appsec
BytebuddyAgent [baseline] (698.588 ms) : 0, 698588
BytebuddyAgent [candidate] (699.264 ms) : 0, 699264
GlobalTracer [baseline] (306.889 ms) : 0, 306889
GlobalTracer [candidate] (306.899 ms) : 0, 306899
AppSec [baseline] (162.757 ms) : 0, 162757
AppSec [candidate] (163.298 ms) : 0, 163298
Remote Config [baseline] (639.732 µs) : 0, 640
Remote Config [candidate] (640.299 µs) : 0, 640
Telemetry [baseline] (8.194 ms) : 0, 8194
Telemetry [candidate] (8.449 ms) : 0, 8449
IAST [baseline] (20.803 ms) : 0, 20803
IAST [candidate] (22.089 ms) : 0, 22089
section iast
BytebuddyAgent [baseline] (796.287 ms) : 0, 796287
BytebuddyAgent [candidate] (798.432 ms) : 0, 798432
GlobalTracer [baseline] (299.892 ms) : 0, 299892
GlobalTracer [candidate] (299.968 ms) : 0, 299968
AppSec [baseline] (52.265 ms) : 0, 52265
AppSec [candidate] (57.108 ms) : 0, 57108
Remote Config [baseline] (620.082 µs) : 0, 620
Remote Config [candidate] (606.08 µs) : 0, 606
Telemetry [baseline] (7.02 ms) : 0, 7020
Telemetry [candidate] (7.093 ms) : 0, 7093
IAST [baseline] (27.4 ms) : 0, 27400
IAST [candidate] (21.226 ms) : 0, 21226
section profiling
BytebuddyAgent [baseline] (680.497 ms) : 0, 680497
BytebuddyAgent [candidate] (675.906 ms) : 0, 675906
GlobalTracer [baseline] (395.878 ms) : 0, 395878
GlobalTracer [candidate] (394.43 ms) : 0, 394430
AppSec [baseline] (55.183 ms) : 0, 55183
AppSec [candidate] (54.861 ms) : 0, 54861
Remote Config [baseline] (666.063 µs) : 0, 666
Remote Config [candidate] (661.791 µs) : 0, 662
Telemetry [baseline] (7.583 ms) : 0, 7583
Telemetry [candidate] (7.505 ms) : 0, 7505
ProfilingAgent [baseline] (97.852 ms) : 0, 97852
ProfilingAgent [candidate] (96.69 ms) : 0, 96690
Profiling [baseline] (97.876 ms) : 0, 97876
Profiling [candidate] (96.713 ms) : 0, 96713
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (1.337 ms) : 1318, 1357
. : milestone, 1337,
appsec (1.728 ms) : 1704, 1751
. : milestone, 1728,
appsec_no_iast (1.731 ms) : 1708, 1755
. : milestone, 1731,
iast (1.482 ms) : 1460, 1504
. : milestone, 1482,
profiling (1.467 ms) : 1443, 1492
. : milestone, 1467,
tracing (1.482 ms) : 1457, 1507
. : milestone, 1482,
section candidate
no_agent (1.345 ms) : 1326, 1364
. : milestone, 1345,
appsec (1.733 ms) : 1709, 1756
. : milestone, 1733,
appsec_no_iast (1.734 ms) : 1709, 1758
. : milestone, 1734,
iast (1.489 ms) : 1466, 1512
. : milestone, 1489,
profiling (1.462 ms) : 1438, 1487
. : milestone, 1462,
tracing (1.466 ms) : 1441, 1491
. : milestone, 1466,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (368.856 µs) : 349, 389
. : milestone, 369,
iast (480.952 µs) : 460, 502
. : milestone, 481,
iast_FULL (558.037 µs) : 537, 579
. : milestone, 558,
iast_GLOBAL (506.125 µs) : 484, 528
. : milestone, 506,
iast_HARDCODED_SECRET_DISABLED (479.899 µs) : 459, 501
. : milestone, 480,
iast_INACTIVE (446.052 µs) : 426, 467
. : milestone, 446,
iast_TELEMETRY_OFF (472.917 µs) : 452, 494
. : milestone, 473,
tracing (452.466 µs) : 431, 474
. : milestone, 452,
section candidate
no_agent (372.796 µs) : 354, 392
. : milestone, 373,
iast (480.698 µs) : 460, 502
. : milestone, 481,
iast_FULL (559.31 µs) : 538, 580
. : milestone, 559,
iast_GLOBAL (507.483 µs) : 486, 529
. : milestone, 507,
iast_HARDCODED_SECRET_DISABLED (488.275 µs) : 467, 510
. : milestone, 488,
iast_INACTIVE (448.705 µs) : 427, 470
. : milestone, 449,
iast_TELEMETRY_OFF (473.251 µs) : 452, 495
. : milestone, 473,
tracing (445.154 µs) : 424, 466
. : milestone, 445,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (14.869 s) : 14869000, 14869000
. : milestone, 14869000,
appsec (15.359 s) : 15359000, 15359000
. : milestone, 15359000,
iast (18.662 s) : 18662000, 18662000
. : milestone, 18662000,
iast_GLOBAL (18.035 s) : 18035000, 18035000
. : milestone, 18035000,
profiling (15.522 s) : 15522000, 15522000
. : milestone, 15522000,
tracing (15.17 s) : 15170000, 15170000
. : milestone, 15170000,
section candidate
no_agent (15.464 s) : 15464000, 15464000
. : milestone, 15464000,
appsec (15.271 s) : 15271000, 15271000
. : milestone, 15271000,
iast (19.214 s) : 19214000, 19214000
. : milestone, 19214000,
iast_GLOBAL (18.122 s) : 18122000, 18122000
. : milestone, 18122000,
profiling (15.784 s) : 15784000, 15784000
. : milestone, 15784000,
tracing (15.096 s) : 15096000, 15096000
. : milestone, 15096000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~fd1538fa18, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (1.461 ms) : 1449, 1472
. : milestone, 1461,
appsec (2.311 ms) : 2271, 2352
. : milestone, 2311,
iast (2.056 ms) : 2005, 2107
. : milestone, 2056,
iast_GLOBAL (2.089 ms) : 2038, 2140
. : milestone, 2089,
profiling (1.923 ms) : 1883, 1964
. : milestone, 1923,
tracing (1.889 ms) : 1851, 1928
. : milestone, 1889,
section candidate
no_agent (1.46 ms) : 1449, 1472
. : milestone, 1460,
appsec (2.317 ms) : 2276, 2357
. : milestone, 2317,
iast (2.072 ms) : 2020, 2124
. : milestone, 2072,
iast_GLOBAL (2.102 ms) : 2050, 2153
. : milestone, 2102,
profiling (1.93 ms) : 1888, 1973
. : milestone, 1930,
tracing (1.904 ms) : 1865, 1943
. : milestone, 1904,
|
PerfectSlayer
force-pushed
the
bbujon/ssi-guardrails
branch
from
September 5, 2024 14:45
f38928c
to
99cb49a
Compare
PerfectSlayer
force-pushed
the
bbujon/ssi-guardrails
branch
3 times, most recently
from
September 18, 2024 09:18
1303caa
to
017a398
Compare
PerfectSlayer
force-pushed
the
bbujon/ssi-guardrails
branch
3 times, most recently
from
September 30, 2024 08:45
655eb7a
to
8d9ff59
Compare
PerfectSlayer
force-pushed
the
bbujon/ssi-guardrails
branch
from
October 3, 2024 06:23
8d9ff59
to
f8f14b9
Compare
andrewlock
reviewed
Oct 3, 2024
PerfectSlayer
force-pushed
the
bbujon/ssi-guardrails
branch
from
October 3, 2024 09:41
f8f14b9
to
fd1538f
Compare
dougqh
approved these changes
Oct 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
This PR enables SSI guardrails by defining auto injector requirements.
Motivation
When SSI will be enabled by default, guardrails will make sure injection does not apply every time, skipping known incompatible configurations.
Additional Notes
Additional blocking mechanism is added on injector repository: https://github.com/DataDog/auto_inject/pull/436
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APMLP-100