Add fallback for missing http.route in API Security

[jandro996]

What Does This Do

A fallback is added in case the http.route tag is missing. This is necessary because there are several frameworks where the tag is either not set in time or has not yet been implemented.

This currently causes API Security to skip all requests when the tag is unavailable.
To avoid that, we now insert an empty string as a fallback when the tag is missing.

This is not the intended long-term behavior — these gaps will be addressed progressively.

In future PRs, a metric (appsec.api_security.missing_route) will be introduced to track how often this fallback is used.

Motivation

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, move, or deletion
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-security-sampling-fallback
git_commit_date	1750058704	1750058578
git_commit_sha	2885767	8333ddf
release_version	1.50.0-SNAPSHOT~2885767d12	1.50.0-SNAPSHOT~8333ddf364

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1750060812	1750060812
ci_job_id	982811687	982811687
ci_pipeline_id	67806127	67806127
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-pcisq8qe-project-304-concurrent-0-5yb08fx5 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-pcisq8qe-project-304-concurrent-0-5yb08fx5 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 10 unstable metrics.

scenario	Δ mean execution_time	candidate mean execution_time	baseline mean execution_time
scenario:startup:petclinic:profiling:AppSec	better [-3.702ms; -2.023ms] or [-5.736%; -3.134%]	61.676ms	64.538ms

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~2885767d12

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.026 s) : 0, 1025840
Total [baseline] (8.571 s) : 0, 8570543
Agent [candidate] (1.03 s) : 0, 1030473
Total [candidate] (8.585 s) : 0, 8584669
section iast
Agent [baseline] (1.158 s) : 0, 1157966
Total [baseline] (9.262 s) : 0, 9261670
Agent [candidate] (1.15 s) : 0, 1149720
Total [candidate] (9.203 s) : 0, 9202784
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.153 s) : 0, 1152536
Total [baseline] (9.179 s) : 0, 9178547
Agent [candidate] (1.158 s) : 0, 1158185
Total [candidate] (9.153 s) : 0, 9152559
section iast_TELEMETRY_OFF
Agent [baseline] (1.156 s) : 0, 1155931
Total [baseline] (9.197 s) : 0, 9196556
Agent [candidate] (1.146 s) : 0, 1146051
Total [candidate] (9.263 s) : 0, 9263491

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.026 s	-
Agent	iast	1.158 s	132.126 ms (12.9%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.153 s	126.695 ms (12.4%)
Agent	iast_TELEMETRY_OFF	1.156 s	130.091 ms (12.7%)
Total	tracing	8.571 s	-
Total	iast	9.262 s	691.126 ms (8.1%)
Total	iast_HARDCODED_SECRET_DISABLED	9.179 s	608.004 ms (7.1%)
Total	iast_TELEMETRY_OFF	9.197 s	626.012 ms (7.3%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.03 s	-
Agent	iast	1.15 s	119.246 ms (11.6%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.158 s	127.712 ms (12.4%)
Agent	iast_TELEMETRY_OFF	1.146 s	115.578 ms (11.2%)
Total	tracing	8.585 s	-
Total	iast	9.203 s	618.114 ms (7.2%)
Total	iast_HARDCODED_SECRET_DISABLED	9.153 s	567.889 ms (6.6%)
Total	iast_TELEMETRY_OFF	9.263 s	678.821 ms (7.9%)

gantt
    title insecure-bank - break down per module: candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~2885767d12

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.732 ms) : 0, 683732
BytebuddyAgent [candidate] (687.614 ms) : 0, 687614
GlobalTracer [baseline] (240.172 ms) : 0, 240172
GlobalTracer [candidate] (241.739 ms) : 0, 241739
AppSec [baseline] (58.408 ms) : 0, 58408
AppSec [candidate] (55.906 ms) : 0, 55906
Debugger [baseline] (6.184 ms) : 0, 6184
Debugger [candidate] (6.268 ms) : 0, 6268
Remote Config [baseline] (733.575 µs) : 0, 734
Remote Config [candidate] (741.378 µs) : 0, 741
Telemetry [baseline] (13.01 ms) : 0, 13010
Telemetry [candidate] (14.549 ms) : 0, 14549
section iast
BytebuddyAgent [baseline] (805.637 ms) : 0, 805637
BytebuddyAgent [candidate] (801.334 ms) : 0, 801334
GlobalTracer [baseline] (231.486 ms) : 0, 231486
GlobalTracer [candidate] (230.624 ms) : 0, 230624
IAST [baseline] (27.709 ms) : 0, 27709
IAST [candidate] (27.062 ms) : 0, 27062
AppSec [baseline] (54.866 ms) : 0, 54866
AppSec [candidate] (52.711 ms) : 0, 52711
Debugger [baseline] (6.059 ms) : 0, 6059
Debugger [candidate] (5.944 ms) : 0, 5944
Remote Config [baseline] (613.096 µs) : 0, 613
Remote Config [candidate] (608.771 µs) : 0, 609
Telemetry [baseline] (8.04 ms) : 0, 8040
Telemetry [candidate] (7.904 ms) : 0, 7904
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (801.861 ms) : 0, 801861
BytebuddyAgent [candidate] (807.766 ms) : 0, 807766
GlobalTracer [baseline] (230.34 ms) : 0, 230340
GlobalTracer [candidate] (232.003 ms) : 0, 232003
IAST [baseline] (26.112 ms) : 0, 26112
IAST [candidate] (25.842 ms) : 0, 25842
AppSec [baseline] (56.203 ms) : 0, 56203
AppSec [candidate] (54.296 ms) : 0, 54296
Debugger [baseline] (5.994 ms) : 0, 5994
Debugger [candidate] (6.057 ms) : 0, 6057
Remote Config [baseline] (585.151 µs) : 0, 585
Remote Config [candidate] (584.35 µs) : 0, 584
Telemetry [baseline] (7.896 ms) : 0, 7896
Telemetry [candidate] (7.933 ms) : 0, 7933
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (804.027 ms) : 0, 804027
BytebuddyAgent [candidate] (798.045 ms) : 0, 798045
GlobalTracer [baseline] (231.986 ms) : 0, 231986
GlobalTracer [candidate] (230.711 ms) : 0, 230711
IAST [baseline] (28.84 ms) : 0, 28840
IAST [candidate] (26.68 ms) : 0, 26680
AppSec [baseline] (52.896 ms) : 0, 52896
AppSec [candidate] (52.616 ms) : 0, 52616
Debugger [baseline] (5.991 ms) : 0, 5991
Debugger [candidate] (6.037 ms) : 0, 6037
Remote Config [baseline] (598.342 µs) : 0, 598
Remote Config [candidate] (613.778 µs) : 0, 614
Telemetry [baseline] (7.902 ms) : 0, 7902
Telemetry [candidate] (7.862 ms) : 0, 7862

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~2885767d12

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.026 s) : 0, 1025640
Total [baseline] (10.509 s) : 0, 10509387
Agent [candidate] (1.023 s) : 0, 1022894
Total [candidate] (10.441 s) : 0, 10440878
section appsec
Agent [baseline] (1.182 s) : 0, 1182129
Total [baseline] (10.687 s) : 0, 10686983
Agent [candidate] (1.173 s) : 0, 1173073
Total [candidate] (10.703 s) : 0, 10702523
section iast
Agent [baseline] (1.161 s) : 0, 1161443
Total [baseline] (10.897 s) : 0, 10896869
Agent [candidate] (1.147 s) : 0, 1147129
Total [candidate] (10.821 s) : 0, 10820514
section profiling
Agent [baseline] (1.281 s) : 0, 1281324
Total [baseline] (10.893 s) : 0, 10893139
Agent [candidate] (1.266 s) : 0, 1266295
Total [candidate] (10.865 s) : 0, 10864804

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.026 s	-
Agent	appsec	1.182 s	156.489 ms (15.3%)
Agent	iast	1.161 s	135.803 ms (13.2%)
Agent	profiling	1.281 s	255.685 ms (24.9%)
Total	tracing	10.509 s	-
Total	appsec	10.687 s	177.596 ms (1.7%)
Total	iast	10.897 s	387.482 ms (3.7%)
Total	profiling	10.893 s	383.752 ms (3.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.023 s	-
Agent	appsec	1.173 s	150.178 ms (14.7%)
Agent	iast	1.147 s	124.235 ms (12.1%)
Agent	profiling	1.266 s	243.401 ms (23.8%)
Total	tracing	10.441 s	-
Total	appsec	10.703 s	261.645 ms (2.5%)
Total	iast	10.821 s	379.636 ms (3.6%)
Total	profiling	10.865 s	423.926 ms (4.1%)

gantt
    title petclinic - break down per module: candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~2885767d12

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (682.283 ms) : 0, 682283
BytebuddyAgent [candidate] (682.594 ms) : 0, 682594
GlobalTracer [baseline] (240.403 ms) : 0, 240403
GlobalTracer [candidate] (240.137 ms) : 0, 240137
AppSec [baseline] (59.399 ms) : 0, 59399
AppSec [candidate] (57.614 ms) : 0, 57614
Debugger [baseline] (6.153 ms) : 0, 6153
Debugger [candidate] (6.126 ms) : 0, 6126
Remote Config [baseline] (727.073 µs) : 0, 727
Remote Config [candidate] (722.247 µs) : 0, 722
Telemetry [baseline] (13.049 ms) : 0, 13049
Telemetry [candidate] (12.12 ms) : 0, 12120
section appsec
BytebuddyAgent [baseline] (708.461 ms) : 0, 708461
BytebuddyAgent [candidate] (704.132 ms) : 0, 704132
GlobalTracer [baseline] (235.058 ms) : 0, 235058
GlobalTracer [candidate] (233.83 ms) : 0, 233830
IAST [baseline] (21.933 ms) : 0, 21933
IAST [candidate] (21.706 ms) : 0, 21706
AppSec [baseline] (179.26 ms) : 0, 179260
AppSec [candidate] (176.012 ms) : 0, 176012
Debugger [baseline] (5.893 ms) : 0, 5893
Debugger [candidate] (5.905 ms) : 0, 5905
Remote Config [baseline] (615.823 µs) : 0, 616
Remote Config [candidate] (615.817 µs) : 0, 616
Telemetry [baseline] (7.268 ms) : 0, 7268
Telemetry [candidate] (7.31 ms) : 0, 7310
section iast
BytebuddyAgent [baseline] (807.043 ms) : 0, 807043
BytebuddyAgent [candidate] (800.225 ms) : 0, 800225
GlobalTracer [baseline] (233.034 ms) : 0, 233034
GlobalTracer [candidate] (229.676 ms) : 0, 229676
IAST [baseline] (27.245 ms) : 0, 27245
IAST [candidate] (26.831 ms) : 0, 26831
AppSec [baseline] (55.059 ms) : 0, 55059
AppSec [candidate] (52.568 ms) : 0, 52568
Debugger [baseline] (6.058 ms) : 0, 6058
Debugger [candidate] (5.893 ms) : 0, 5893
Remote Config [baseline] (596.213 µs) : 0, 596
Remote Config [candidate] (591.151 µs) : 0, 591
Telemetry [baseline] (8.126 ms) : 0, 8126
Telemetry [candidate] (7.85 ms) : 0, 7850
section profiling
BytebuddyAgent [baseline] (680.865 ms) : 0, 680865
BytebuddyAgent [candidate] (674.965 ms) : 0, 674965
GlobalTracer [baseline] (362.495 ms) : 0, 362495
GlobalTracer [candidate] (359.77 ms) : 0, 359770
AppSec [baseline] (64.538 ms) : 0, 64538
AppSec [candidate] (61.676 ms) : 0, 61676
Debugger [baseline] (6.19 ms) : 0, 6190
Debugger [candidate] (6.111 ms) : 0, 6111
Remote Config [baseline] (656.728 µs) : 0, 657
Remote Config [candidate] (652.197 µs) : 0, 652
Telemetry [baseline] (8.35 ms) : 0, 8350
Telemetry [candidate] (8.196 ms) : 0, 8196
ProfilingAgent [baseline] (107.076 ms) : 0, 107076
ProfilingAgent [candidate] (104.167 ms) : 0, 104167
Profiling [baseline] (107.101 ms) : 0, 107101
Profiling [candidate] (104.191 ms) : 0, 104191

Loading

Load

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~b1b0ab330e
    dateFormat X
    axisFormat %s
section baseline
no_agent (8.469 ms) : 8446, 8492
.   : milestone, 8469,
appsec (8.097 ms) : 8072, 8123
.   : milestone, 8097,
code_origins (8.044 ms) : 8015, 8073
.   : milestone, 8044,
iast (8.351 ms) : 8324, 8378
.   : milestone, 8351,
profiling (556.842 µs) : 520, 593
.   : milestone, 557,
tracing (9.193 ms) : 9157, 9229
.   : milestone, 9193,
section candidate
no_agent (8.072 ms) : 8049, 8095
.   : milestone, 8072,
appsec (1.48 ms) : 1400, 1560
.   : milestone, 1480,
code_origins (193.411 µs) : 156, 231
.   : milestone, 193,
iast (815.976 µs) : 752, 880
.   : milestone, 816,
profiling (2.655 ms) : 2547, 2764
.   : milestone, 2655,
tracing (10.784 ms) : 10708, 10860
.   : milestone, 10784,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	8.469 ms [8.446 ms, 8.492 ms]	-
appsec	8.097 ms [8.072 ms, 8.123 ms]	-371.727 µs (-4.4%)
code_origins	8.044 ms [8.015 ms, 8.073 ms]	-425.051 µs (-5.0%)
iast	8.351 ms [8.324 ms, 8.378 ms]	-117.571 µs (-1.4%)
profiling	556.842 µs [520.3 µs, 593.384 µs]	-7.912 ms (-93.4%)
tracing	9.193 ms [9.157 ms, 9.229 ms]	723.814 µs (8.5%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	8.072 ms [8.049 ms, 8.095 ms]	-
appsec	1.48 ms [1.4 ms, 1.56 ms]	-6.592 ms (-81.7%)
code_origins	193.411 µs [156.0 µs, 230.823 µs]	-7.879 ms (-97.6%)
iast	815.976 µs [752.268 µs, 879.683 µs]	-7.256 ms (-89.9%)
profiling	2.655 ms [2.547 ms, 2.764 ms]	-5.417 ms (-67.1%)
tracing	10.784 ms [10.708 ms, 10.86 ms]	2.712 ms (33.6%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~b1b0ab330e
    dateFormat X
    axisFormat %s
section baseline
no_agent (386.453 µs) : 366, 407
.   : milestone, 386,
iast (516.366 µs) : 494, 538
.   : milestone, 516,
iast_FULL (738.502 µs) : 715, 762
.   : milestone, 739,
iast_GLOBAL (565.791 µs) : 544, 588
.   : milestone, 566,
iast_HARDCODED_SECRET_DISABLED (524.3 µs) : 502, 546
.   : milestone, 524,
iast_INACTIVE (479.277 µs) : 457, 502
.   : milestone, 479,
iast_TELEMETRY_OFF (519.609 µs) : 496, 543
.   : milestone, 520,
tracing (461.849 µs) : 440, 484
.   : milestone, 462,
section candidate
no_agent (382.236 µs) : 361, 403
.   : milestone, 382,
iast (528.988 µs) : 507, 551
.   : milestone, 529,
iast_FULL (741.71 µs) : 720, 764
.   : milestone, 742,
iast_GLOBAL (570.84 µs) : 549, 593
.   : milestone, 571,
iast_HARDCODED_SECRET_DISABLED (531.673 µs) : 510, 553
.   : milestone, 532,
iast_INACTIVE (464.412 µs) : 442, 487
.   : milestone, 464,
iast_TELEMETRY_OFF (516.386 µs) : 493, 539
.   : milestone, 516,
tracing (461.332 µs) : 439, 484
.   : milestone, 461,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	386.453 µs [365.855 µs, 407.05 µs]	-
iast	516.366 µs [494.433 µs, 538.3 µs]	129.914 µs (33.6%)
iast_FULL	738.502 µs [714.826 µs, 762.178 µs]	352.05 µs (91.1%)
iast_GLOBAL	565.791 µs [543.624 µs, 587.959 µs]	179.339 µs (46.4%)
iast_HARDCODED_SECRET_DISABLED	524.3 µs [502.47 µs, 546.131 µs]	137.847 µs (35.7%)
iast_INACTIVE	479.277 µs [456.708 µs, 501.847 µs]	92.825 µs (24.0%)
iast_TELEMETRY_OFF	519.609 µs [496.288 µs, 542.93 µs]	133.156 µs (34.5%)
tracing	461.849 µs [439.614 µs, 484.085 µs]	75.397 µs (19.5%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	382.236 µs [361.147 µs, 403.325 µs]	-
iast	528.988 µs [507.32 µs, 550.655 µs]	146.751 µs (38.4%)
iast_FULL	741.71 µs [719.637 µs, 763.783 µs]	359.474 µs (94.0%)
iast_GLOBAL	570.84 µs [548.578 µs, 593.101 µs]	188.603 µs (49.3%)
iast_HARDCODED_SECRET_DISABLED	531.673 µs [510.05 µs, 553.296 µs]	149.437 µs (39.1%)
iast_INACTIVE	464.412 µs [442.061 µs, 486.762 µs]	82.176 µs (21.5%)
iast_TELEMETRY_OFF	516.386 µs [493.297 µs, 539.474 µs]	134.15 µs (35.1%)
tracing	461.332 µs [438.699 µs, 483.965 µs]	79.096 µs (20.7%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/api-security-sampling-fallback
git_commit_date	1750058704	1750058578
git_commit_sha	2885767	8333ddf
release_version	1.50.0-SNAPSHOT~2885767d12	1.50.0-SNAPSHOT~8333ddf364

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1750060578	1750060578
ci_job_id	982811689	982811689
ci_pipeline_id	67806127	67806127
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-2oizdj4a-project-304-concurrent-0-bqi8r4dn 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-2oizdj4a-project-304-concurrent-0-bqi8r4dn 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~2885767d12
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.556 s) : 15556000, 15556000
.   : milestone, 15556000,
appsec (14.919 s) : 14919000, 14919000
.   : milestone, 14919000,
iast (18.193 s) : 18193000, 18193000
.   : milestone, 18193000,
iast_GLOBAL (18.333 s) : 18333000, 18333000
.   : milestone, 18333000,
profiling (15.602 s) : 15602000, 15602000
.   : milestone, 15602000,
tracing (15.076 s) : 15076000, 15076000
.   : milestone, 15076000,
section candidate
no_agent (14.963 s) : 14963000, 14963000
.   : milestone, 14963000,
appsec (14.881 s) : 14881000, 14881000
.   : milestone, 14881000,
iast (18.631 s) : 18631000, 18631000
.   : milestone, 18631000,
iast_GLOBAL (17.945 s) : 17945000, 17945000
.   : milestone, 17945000,
profiling (15.246 s) : 15246000, 15246000
.   : milestone, 15246000,
tracing (14.976 s) : 14976000, 14976000
.   : milestone, 14976000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.556 s [15.556 s, 15.556 s]	-
appsec	14.919 s [14.919 s, 14.919 s]	-637.0 ms (-4.1%)
iast	18.193 s [18.193 s, 18.193 s]	2.637 s (17.0%)
iast_GLOBAL	18.333 s [18.333 s, 18.333 s]	2.777 s (17.9%)
profiling	15.602 s [15.602 s, 15.602 s]	46.0 ms (0.3%)
tracing	15.076 s [15.076 s, 15.076 s]	-480.0 ms (-3.1%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.963 s [14.963 s, 14.963 s]	-
appsec	14.881 s [14.881 s, 14.881 s]	-82.0 ms (-0.5%)
iast	18.631 s [18.631 s, 18.631 s]	3.668 s (24.5%)
iast_GLOBAL	17.945 s [17.945 s, 17.945 s]	2.982 s (19.9%)
profiling	15.246 s [15.246 s, 15.246 s]	283.0 ms (1.9%)
tracing	14.976 s [14.976 s, 14.976 s]	13.0 ms (0.1%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.50.0-SNAPSHOT~8333ddf364, baseline=1.50.0-SNAPSHOT~2885767d12
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.479 ms) : 1467, 1490
.   : milestone, 1479,
appsec (2.425 ms) : 2376, 2475
.   : milestone, 2425,
iast (2.196 ms) : 2134, 2258
.   : milestone, 2196,
iast_GLOBAL (2.251 ms) : 2189, 2313
.   : milestone, 2251,
profiling (2.051 ms) : 2001, 2101
.   : milestone, 2051,
tracing (2.015 ms) : 1967, 2062
.   : milestone, 2015,
section candidate
no_agent (1.479 ms) : 1468, 1491
.   : milestone, 1479,
appsec (2.414 ms) : 2365, 2463
.   : milestone, 2414,
iast (2.208 ms) : 2146, 2270
.   : milestone, 2208,
iast_GLOBAL (2.243 ms) : 2181, 2305
.   : milestone, 2243,
profiling (2.055 ms) : 2005, 2105
.   : milestone, 2055,
tracing (2.009 ms) : 1961, 2057
.   : milestone, 2009,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.479 ms [1.467 ms, 1.49 ms]	-
appsec	2.425 ms [2.376 ms, 2.475 ms]	946.27 µs (64.0%)
iast	2.196 ms [2.134 ms, 2.258 ms]	717.184 µs (48.5%)
iast_GLOBAL	2.251 ms [2.189 ms, 2.313 ms]	771.824 µs (52.2%)
profiling	2.051 ms [2.001 ms, 2.101 ms]	572.275 µs (38.7%)
tracing	2.015 ms [1.967 ms, 2.062 ms]	535.889 µs (36.2%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.479 ms [1.468 ms, 1.491 ms]	-
appsec	2.414 ms [2.365 ms, 2.463 ms]	934.999 µs (63.2%)
iast	2.208 ms [2.146 ms, 2.27 ms]	728.864 µs (49.3%)
iast_GLOBAL	2.243 ms [2.181 ms, 2.305 ms]	763.34 µs (51.6%)
profiling	2.055 ms [2.005 ms, 2.105 ms]	575.533 µs (38.9%)
tracing	2.009 ms [1.961 ms, 2.057 ms]	529.556 µs (35.8%)

[manuel-alvarez-alvarez]

Does it really make sense?, even though we include some requests we still don´t have the http.route to link the request. What does it mean from a security perspective? e.g.: if we compute the request/response schemas how we are going to link them to the actual path? (maybe it can be done/ it's done in the backed using the path or other strategies)

[smola]

@manuel-alvarez-alvarez These can later use endpoint inference in the backend (upcoming).