diff --git a/.circleci/collect_muzzle_deps.sh b/.circleci/collect_muzzle_deps.sh
new file mode 100755
index 00000000000..6f80484f97c
--- /dev/null
+++ b/.circleci/collect_muzzle_deps.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -e
+#Enable '**' support
+shopt -s globstar
+
+REPORTS_DIR=./reports
+mkdir -p $REPORTS_DIR >/dev/null 2>&1
+
+echo "saving muzzle dependency reports"
+
+find workspace/**/build/muzzle-deps-results -type f -name 'dd-java-agent_instrumentation.csv' -exec cp {} $REPORTS_DIR/ \;
diff --git a/.circleci/config.continue.yml.j2 b/.circleci/config.continue.yml.j2
new file mode 100644
index 00000000000..026026ea390
--- /dev/null
+++ b/.circleci/config.continue.yml.j2
@@ -0,0 +1,1341 @@
+version: 2.1
+
+defaults: &defaults
+  working_directory: ~/dd-trace-java
+  docker:
+    - image: &default_container << pipeline.parameters.docker_image >>:<< pipeline.parameters.docker_image_tag >>
+
+test_matrix: &test_matrix
+  parameters:
+    testJvm:
+{% for jdk in nocov_jdks %}
+      - "{{ jdk }}"
+{% endfor %}
+
+profiling_test_matrix: &profiling_test_matrix
+  parameters:
+    testJvm:
+{% for jdk in all_jdks %}
+      - "{{ jdk }}"
+{% endfor %}
+
+debugger_test_matrix: &debugger_test_matrix
+  parameters:
+    testJvm:
+{% for jdk in all_debugger_jdks %}
+      - "{{ jdk }}"
+{% endfor %}
+
+system_test_matrix: &system_test_matrix
+  parameters:
+    weblog-variant: [ 'spring-boot', 'spring-boot-jetty', 'spring-boot-openliberty', 'spring-boot-3-native', 'jersey-grizzly2', 'resteasy-netty3','ratpack', 'vertx3' ]
+
+agent_integration_tests_modules: &agent_integration_tests_modules "dd-trace-core|communication|internal-api|utils"
+core_modules: &core_modules "dd-java-agent|dd-trace-core|communication|internal-api|telemetry|utils|dd-java-agent/agent-bootstrap|dd-java-agent/agent-installer|dd-java-agent/agent-tooling|dd-java-agent/agent-builder|dd-java-agent/appsec|dd-java-agent/agent-crashtracking"
+instrumentation_modules: &instrumentation_modules "dd-java-agent/instrumentation|dd-java-agent/agent-tooling|dd-java-agent/agent-installer|dd-java-agent/agent-builder|dd-java-agent/agent-bootstrap|dd-java-agent/appsec|dd-java-agent/testing|dd-trace-core|dd-trace-api|internal-api"
+debugger_modules: &debugger_modules "dd-java-agent/agent-debugger|dd-java-agent/agent-bootstrap|dd-java-agent/agent-builder|internal-api|communication|dd-trace-core"
+profiling_modules: &profiling_modules "dd-java-agent/agent-profiling"
+
+default_system_tests_commit: &default_system_tests_commit 2487cea5160a398549743d2cfd927a863792e3bd
+
+parameters:
+  nightly:
+    type: boolean
+    default: false
+  weekly:
+    type: boolean
+    default: false
+
+  gradle_flags:
+    # Using no-daemon is important for the caches to be in a consistent state
+    type: string
+    default: "--stacktrace --no-daemon"
+
+  global_pattern:
+    # Pattern for files that should always trigger a test jobs
+    type: string
+    default: "^build.gradle$|^settings.gradle$|^gradle.properties$|^buildSrc/|^gradle/|.circleci"
+
+  docker_image:
+    type: string
+    default: ghcr.io/datadog/dd-trace-java-docker-build
+
+  docker_image_tag:
+    type: string
+    default: {{ docker_image_prefix }}base
+
+commands:
+  check_for_leftover_files:
+    steps:
+      - run:
+          name: Check for leftover files
+          command: |
+            LEFTOVER_FILES=$(find . -type f -regex '.*\.orig$')
+            if [[ "$LEFTOVER_FILES" != "" ]]
+            then
+              echo -e "Found leftover files in the commit:\n$LEFTOVER_FILES"
+              exit 1
+            fi
+
+  generate_cache_ids:
+    steps:
+      - run:
+          name: Generate cache ids
+          command: |
+            # Everything falls back to the main cache
+            BASE_CACHE_ID="main"
+            if [ "$CIRCLE_BRANCH" == "master" ];
+            then
+              # If we're on a the main branch, then they are the same
+              echo "${BASE_CACHE_ID}" >| _circle_ci_cache_id
+            else
+              # If we're on a PR branch, then we use the name of the branch and the
+              # PR number as a stable identifier for the branch cache
+              echo "${CIRCLE_BRANCH}-${CIRCLE_PULL_REQUEST##*/}" >| _circle_ci_cache_id
+            fi
+            # Have new branches start from the main cache
+            echo "${BASE_CACHE_ID}" >| _circle_ci_cache_base_id
+
+  setup_code:
+    steps:
+      - checkout
+      - run:
+          name: Checkout merge commit
+          command: |
+            CCI_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"
+
+            if [[ "$CIRCLE_BRANCH" != "master" && -n "${CCI_PR_NUMBER}" ]]
+            then
+              FETCH_REFS="${FETCH_REFS} +refs/pull/${CCI_PR_NUMBER}/merge:refs/pull/${CCI_PR_NUMBER}/merge +refs/pull/${CCI_PR_NUMBER}/head:refs/pull/${CCI_PR_NUMBER}/head"
+              git fetch -u origin ${FETCH_REFS}
+
+              if git merge-base --is-ancestor $(git show-ref --hash refs/pull/${CCI_PR_NUMBER}/head) $(git show-ref --hash refs/pull/${CCI_PR_NUMBER}/merge); then
+                git checkout "pull/${CCI_PR_NUMBER}/merge"
+              else
+                echo "[WARN] There is a merge conflict between master and PR ${CCI_PR_NUMBER}, merge branch cannot be checked out."
+                git checkout "pull/${CCI_PR_NUMBER}/head"
+              fi
+            fi
+
+      - check_for_leftover_files
+
+      - generate_cache_ids
+
+  setup_testcontainers:
+    description: >-
+      Sets up remote docker and automatic port forwarding needed for docker on docker
+      version of Testcontainers.
+    steps:
+      - setup_remote_docker:
+          version: 20.10.18
+          # DLC shares Docker layers across jobs (at an extra cost).
+          # But its time to setup (~1min) exceeds the time required to prefetch all images we use.
+          docker_layer_caching: false
+
+      - run:
+          name: Prepare testcontainers environment
+          command: .circleci/prepare_docker_env.sh
+
+      - run:
+          name: Testcontainers tunnels
+          background: true
+          command: .circleci/start_docker_autoforward.sh
+
+      - run:
+          name: Prefetch Docker images
+          background: true
+          command: .circleci/fetch_docker_images.sh
+
+  early_return_for_forked_pull_requests:
+    description: >-
+      If this build is from a fork, stop executing the current job and return success.
+      This is useful to avoid steps that will fail due to missing credentials.
+    steps:
+      - run:
+          name: Early return if this build is from a forked PR
+          command: |
+            if [[ "$CIRCLE_BRANCH" != "master" && -n "$CIRCLE_PR_NUMBER" ]]; then
+              echo "Nothing to do for forked PRs, so marking this step successful"
+              circleci step halt
+            fi
+
+  skip_unless_matching_files_changed:
+    description: >-
+      If files matching the regular expression haven't changed in the commit, then skip the job
+    parameters:
+      pattern:
+        type: string
+    steps:
+      - run:
+          name: "Check if files relevant to job have changed"
+          command: |
+            CCI_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"
+
+            if [[ "$CIRCLE_BRANCH" != "master" && -n "$CCI_PR_NUMBER" ]]; then
+              BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+              if [[ "$BRANCH" != "master" ]] && [[ "$BRANCH" != "release/*" ]]; then
+                # We know that we have checked out the PR merge branch, so the HEAD commit is a merge
+                # As a backup, if anything goes wrong with the diff, the build will fail
+                CHANGED_FILES=$(git show HEAD | grep -e "^Merge:" | cut -d ' ' -f 2- | sed 's/ /.../' | xargs git diff --name-only)
+                # Count the number of matches, and ignore if the grep doesn't match anything
+                MATCH_COUNT=$(echo "$CHANGED_FILES" | grep -c -E "<< pipeline.parameters.global_pattern >>|<< parameters.pattern >>") || true
+                if [[ "$MATCH_COUNT" -eq "0" ]]; then
+                  circleci step halt
+                fi
+              fi
+            fi
+
+  display_memory_usage:
+    steps:
+      - run:
+          name: Max Memory Used
+          # The file does not seem to exist when DLC is disabled
+          command: cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes || true
+          when: always
+
+
+  # The caching setup of the build dependencies is somewhat involved because of how CircleCI works.
+  # 1) Caches are immutable, so you can not reuse a cache key (the save will simply be ignored)
+  # 2) Cache keys are prefix matched, and the most recently updated cache that matches will be picked
+  #
+  # There is a weekly job that runs on Monday mornings that builds a new cache from scratch.
+  {% raw %}
+  restore_dependency_cache:
+    parameters:
+      cacheType:
+        type: string
+    steps:
+      - restore_cache:
+          keys:
+            # Dependent steps will find this cache
+            - dd-trace-java-dep<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
+            # New branch commits will find this cache
+            - dd-trace-java-dep<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-
+            # New branches fall back on main build caches
+            - dd-trace-java-dep<< parameters.cacheType >>-v4-master-{{ checksum "_circle_ci_cache_base_id" }}-
+            # Fallback to the previous cache during transition
+            - dd-trace-java-dep<< parameters.cacheType >>-v3-master-{{ checksum "_circle_ci_cache_base_id" }}-
+
+  save_dependency_cache:
+    parameters:
+      cacheType:
+        type: string
+    steps:
+      - save_cache:
+          key: dd-trace-java-dep<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
+          paths:
+            # Cached dependencies and wrappers for gradle
+            - ~/.gradle/caches
+            - ~/.gradle/wrapper
+            # Cached dependencies for maven
+            - ~/.m2
+            # Cached launchers and compilers for sbt
+            - ~/.sbt
+            # Cached dependencies for sbt handled by ivy
+            - ~/.ivy2
+            # Cached dependencies for sbt handled by coursier
+            - ~/.cache/coursier
+
+  restore_build_cache:
+    parameters:
+      cacheType:
+        type: string
+    steps:
+      - restore_cache:
+          keys:
+            # Dependent steps will find this cache
+            - dd-trace-java-build<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
+
+  save_build_cache:
+    parameters:
+      cacheType:
+        type: string
+    steps:
+      - save_cache:
+          key: dd-trace-java-build<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
+          paths:
+            # Gradle version specific cache for incremental builds. Needs to match version in
+            # gradle/wrapper/gradle-wrapper.properties
+            - ~/.gradle/caches/8.3
+            # Workspace
+            - ~/dd-trace-java/.gradle
+            - ~/dd-trace-java/workspace
+{% endraw %}
+
+  setup_system_tests:
+    parameters:
+      systemTestsCommit:
+        type: string
+        default: *default_system_tests_commit
+    steps:
+      - generate_cache_ids
+
+      - restore_build_cache:
+          cacheType: lib
+
+      - run:
+          name: Install python 3.9
+          command: |
+            sudo apt-get install python3.9-full python3.9-dev python3.9-venv
+            echo 'export PATH="$HOME/.local/bin:$PATH"' >>"$BASH_ENV"
+
+      - run:
+          name: Clone system-tests
+          command: |
+            git init system-tests
+            cd system-tests
+            git remote add origin https://github.com/DataDog/system-tests.git
+            git fetch origin << parameters.systemTestsCommit >>
+            git reset --hard FETCH_HEAD
+
+jobs:
+  build:
+    <<: *defaults
+    resource_class: xlarge
+
+    parameters:
+      gradleTarget:
+        type: string
+      cacheType:
+        type: string
+      collectLibs:
+        type: boolean
+        default: false
+
+    steps:
+      - setup_code
+
+      - restore_dependency_cache:
+          cacheType: << parameters.cacheType >>
+
+      - run:
+          name: Build Project
+          command: >-
+            MAVEN_OPTS="-Xms64M -Xmx256M"
+            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
+            ./gradlew clean
+            << parameters.gradleTarget >>
+            -PskipTests
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=8
+            --rerun-tasks
+
+      - when:
+          condition:
+            equal: [ true, << parameters.collectLibs >> ]
+          steps:
+            - run:
+                name: Collect Libs
+                when: always
+                command: .circleci/collect_libs.sh
+            - store_artifacts:
+                path: ./libs
+
+      - run:
+          name: Collect reports
+          when: on_fail
+          command: .circleci/collect_reports.sh --destination ./check_reports --move
+
+      - run:
+          name: Delete reports
+          when: on_success
+          command: .circleci/collect_reports.sh --destination ./check_reports --delete
+
+      - store_artifacts:
+          path: ./check_reports
+
+      # Save a full dependency cache when building on master or a base project branch.
+      # We used to do this on the first build of each PR, but now it's skipped at the
+      # cost of downloading new dependencies a few more times.
+      - when:
+          condition:
+            matches:
+              pattern: "^(master|project/.+)$"
+              value: << pipeline.git.branch >>
+          steps:
+            - save_dependency_cache:
+                cacheType: << parameters.cacheType >>
+
+      # Save the small build cache
+      - save_build_cache:
+          cacheType: << parameters.cacheType >>
+
+      - display_memory_usage
+
+  spotless:
+    <<: *defaults
+    resource_class: medium+
+
+    steps:
+      - setup_code
+
+      - run:
+          name: Run spotless
+          command: >-
+            JAVA_HOME=$JAVA_11_HOME
+            ./gradlew spotlessCheck
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=8
+
+  check:
+    <<: *defaults
+
+    parameters:
+      parallelism:
+        type: integer
+        default: 1
+      gradleTarget:
+        type: string
+      cacheType:
+        type: string
+
+    resource_class: medium+
+
+    parallelism: << parameters.parallelism >>
+
+    steps:
+      - setup_code
+      - restore_dependency_cache:
+          cacheType: << parameters.cacheType >>
+      - restore_build_cache:
+          cacheType: << parameters.cacheType >>
+
+      - run:
+          name: Check Project
+          command: >-
+            MAVEN_OPTS="-Xms64M -Xmx256M"
+            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
+            ./gradlew
+            << parameters.gradleTarget >>
+            -PskipTests
+            -PrunBuildSrcTests
+            -PtaskPartitionCount=${CIRCLE_NODE_TOTAL} -PtaskPartition=${CIRCLE_NODE_INDEX}
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=8
+
+      - run:
+          name: Collect reports
+          when: on_fail
+          command: .circleci/collect_reports.sh --destination ./check_reports --move
+
+      - run:
+          name: Delete reports
+          when: on_success
+          command: .circleci/collect_reports.sh --destination ./check_reports --delete
+
+      - store_artifacts:
+          path: ./check_reports
+
+      - run:
+          name: Cancel workflow
+          when: on_fail
+          command: .circleci/cancel_workflow.sh
+
+  build_clean_cache:
+    <<: *defaults
+
+    parameters:
+      gradleTarget:
+        type: string
+      cacheType:
+        type: string
+      collectLibs:
+        type: boolean
+        default: false
+
+    resource_class: xlarge
+
+    steps:
+      - setup_code
+
+      - run:
+          name: Build Project
+          command: >-
+            MAVEN_OPTS="-Xms64M -Xmx256M"
+            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
+            ./gradlew clean
+            << parameters.gradleTarget >>
+            -PskipTests
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=8
+            --rerun-tasks
+
+      - when:
+          condition:
+            not:
+              equal: [true, << parameters.collectLibs >>]
+          steps:
+          - run:
+              name: Collect Libs
+              when: always
+              command: .circleci/collect_libs.sh
+          - store_artifacts:
+              path: ./libs
+
+      - save_dependency_cache:
+          cacheType: << parameters.cacheType >>
+
+      - display_memory_usage
+
+  tests: &tests
+    <<: *defaults
+    # since tests use test containers, they will use a Linux VM / Remote Docker executor, so there is no medium+ size
+    resource_class: large
+
+    docker:
+      - image: << pipeline.parameters.docker_image >>:{{ docker_image_prefix }}<< parameters.testJvm >>
+
+    parameters:
+      testJvm:
+        type: string
+        default: ""
+      maxDaemonHeapSize:
+        type: string
+        default: "2G"
+      gradleParameters:
+        type: string
+        default: ""
+      gradleTarget:
+        type: string
+      triggeredBy:
+        type: string
+        default: ".*"
+      stage:
+        type: string
+        default: ""
+      parallelism:
+        type: integer
+        default: 1
+      maxWorkers:
+        type: integer
+        default: 2
+      profile:
+        type: boolean
+        default: false
+      continueOnFailure:
+        type: boolean
+        default: false
+      cacheType:
+        type: string
+
+    parallelism: << parameters.parallelism >>
+
+    steps:
+      - setup_code
+
+      - skip_unless_matching_files_changed:
+          pattern: << parameters.triggeredBy >>
+
+      - restore_dependency_cache:
+          cacheType: << parameters.cacheType >>
+      - restore_build_cache:
+          cacheType: << parameters.cacheType >>
+
+      - when:
+          condition:
+            or:
+              - equal: ["core", << parameters.stage >>]
+              - equal: ["instrumentation", << parameters.stage >>]
+              - equal: ["smoke", << parameters.stage >>]
+          steps:
+            - setup_testcontainers
+
+      - run:
+          name: Run tests
+          command: >-
+            if [[ << parameters.profile >> ]] && [[ << parameters.testJvm >> != "ibm8" ]] && [[ << parameters.testJvm >> != "oracle8" ]];
+            then
+              PROFILER_COMMAND="-XX:StartFlightRecording=settings=profile,filename=/tmp/<< parameters.stage >>-<< parameters.testJvm >>.jfr,dumponexit=true"
+            fi
+            
+            MAVEN_OPTS="-Xms64M -Xmx512M"
+            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xms<< parameters.maxDaemonHeapSize >> -Xmx<< parameters.maxDaemonHeapSize >> $PROFILER_COMMAND -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp' -Ddatadog.forkedMaxHeapSize=768M -Ddatadog.forkedMinHeapSize=128M"
+            ./gradlew
+            << parameters.gradleTarget >>
+            << parameters.gradleParameters >>
+            -PtaskPartitionCount=${CIRCLE_NODE_TOTAL} -PtaskPartition=${CIRCLE_NODE_INDEX}
+            <<# parameters.testJvm >>-PtestJvm=<< parameters.testJvm >><</ parameters.testJvm >>
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=<< parameters.maxWorkers >>
+            --continue
+            <<# parameters.continueOnFailure >> || true <</ parameters.continueOnFailure >>
+
+      - run:
+          name: Collect reports
+          when: on_fail
+          command: .circleci/collect_reports.sh
+
+      - store_artifacts:
+          path: ./reports.tar
+
+      - when:
+          condition:
+            equal: [true, << parameters.profile >>]
+          steps:
+            - run:
+                name: Collect profiles
+                when: always
+                command: .circleci/collect_profiles.sh
+
+            - store_artifacts:
+                path: ./profiles.tar
+
+      - run:
+          name: Collect test results
+          when: always
+          command: .circleci/collect_results.sh
+
+      - store_test_results:
+          path: ./results
+
+      - display_memory_usage
+
+      - early_return_for_forked_pull_requests
+
+      - run:
+          name: Upload test results to Datadog
+          when: always
+          command: .circleci/upload_ciapp.sh << parameters.stage >> << parameters.testJvm >> || true
+
+      - run:
+          name: Get APM Test Agent Trace Check Results
+          when: always
+          command: |
+            set +e  # Disable exiting from testagent response failure
+            SUMMARY_RESPONSE=$(curl -s -w "\n%{http_code}" -o summary_response.txt http://localhost:8126/test/trace_check/summary)
+            set -e
+            SUMMARY_RESPONSE_CODE=$(echo "$SUMMARY_RESPONSE" | awk 'END {print $NF}')
+
+            if [[ SUMMARY_RESPONSE_CODE -eq 200 ]]; then
+              echo "APM Test Agent is running. (HTTP 200)"
+            else
+              echo "APM Test Agent is not running and was not used for testing. No checks failed."
+              exit 0
+            fi
+            
+            RESPONSE=$(curl -s -w "\n%{http_code}" -o response.txt http://localhost:8126/test/trace_check/failures)
+            RESPONSE_CODE=$(echo "$RESPONSE" | awk 'END {print $NF}')
+               
+            if [[ $RESPONSE_CODE -eq 200 ]]; then
+              echo "All APM Test Agent Check Traces returned successful! (HTTP 200)"
+              echo "APM Test Agent Check Traces Summary Results:"
+              cat summary_response.txt | jq '.'
+            elif [[ $RESPONSE_CODE -eq 404 ]]; then
+              echo "Real APM Agent running in place of TestAgent, no checks to validate!"
+            else
+              echo "APM Test Agent Check Traces failed with response code: $RESPONSE_CODE"
+              echo "Failures:"
+              cat response.txt
+              echo "APM Test Agent Check Traces Summary Results:"
+              cat summary_response.txt | jq '.'
+              exit 1
+            fi
+
+  xlarge_tests:
+    <<: *tests
+
+    docker:
+      - image: << pipeline.parameters.docker_image >>:{{ docker_image_prefix }}<< parameters.testJvm >>
+        environment:
+          - CI_USE_TEST_AGENT=true
+      - image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:v1.11.0
+        environment:
+          - LOG_LEVEL=DEBUG
+          - TRACE_LANGUAGE=java
+          - DD_SUPPRESS_TRACE_PARSE_ERRORS=true
+          - DD_POOL_TRACE_CHECK_FAILURES=true
+          - DD_DISABLE_ERROR_RESPONSES=true
+          - ENABLED_CHECKS=trace_content_length,trace_stall,meta_tracer_version_header,trace_count_header,trace_peer_service,trace_dd_service
+    resource_class: xlarge
+
+
+  # The only way to do fan-in in CircleCI seems to have a proper job, so let's have one that
+  # doesn't consume so many resources. The execution time for this including spin up seems to
+  # be around 6 seconds.
+  fan_in:
+    resource_class: small
+
+    docker:
+      - image: alpine
+
+    parameters:
+      testJvm:
+        type: string
+        default: "all configured JVMs"
+      stage:
+        type: string
+
+    steps:
+      - run:
+          name: Completed stage << parameters.stage >> on << parameters.testJvm >> passed!
+          command: echo '<< parameters.stage >> completed!'
+
+  agent_integration_tests:
+    <<: *tests
+
+    resource_class: medium
+
+    docker:
+      - image: << pipeline.parameters.docker_image >>:{{ docker_image_prefix }}8
+      - image: datadog/agent:7.34.0
+        environment:
+          - DD_APM_ENABLED=true
+          - DD_BIND_HOST=0.0.0.0
+          - DD_API_KEY=invalid_key_but_this_is_fine
+
+  test_published_artifacts:
+    <<: *defaults
+    resource_class: medium
+    docker:
+      - image: << pipeline.parameters.docker_image >>:{{ docker_image_prefix }}7
+
+    steps:
+      - setup_code
+      - restore_dependency_cache:
+          cacheType: lib
+      - restore_build_cache:
+          cacheType: lib
+
+      - run:
+          name: Publish Artifacts Locally
+          command: |
+            mvn_local_repo=$(./mvnw help:evaluate -Dexpression=settings.localRepository -q -DforceStdout)
+            rm -rf "${mvn_local_repo}/com/datadoghq"
+            export GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
+            ./gradlew publishToMavenLocal << pipeline.parameters.gradle_flags >> --max-workers=3
+
+      - run:
+          name: Test Published Artifacts
+          command: |
+            cd test-published-dependencies
+            export GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx512M -Xms512M -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
+            ./gradlew check --info --max-workers=3
+
+      - run:
+          name: Collect Reports
+          when: on_fail
+          command: .circleci/collect_reports.sh
+
+      - store_artifacts:
+          path: ./reports
+
+      - display_memory_usage
+  muzzle-dep-report:
+    <<: *defaults
+    resource_class: medium
+    steps:
+      - setup_code
+      - skip_unless_matching_files_changed:
+          pattern: "dd-java-agent/instrumentation"
+      - restore_dependency_cache:
+          cacheType: inst
+      - restore_build_cache:
+          cacheType: inst
+      - run:
+          name: Generate muzzle dep report
+          command: >-
+            SKIP_BUILDSCAN="true"
+            ./gradlew generateMuzzleReport muzzleInstrumentationReport
+      - run:
+          name: Collect Reports
+          command: .circleci/collect_muzzle_deps.sh
+      - store_artifacts:
+          path: ./reports
+
+  muzzle:
+    <<: *defaults
+    resource_class: medium
+    parallelism: 3
+    steps:
+      - setup_code
+
+      - skip_unless_matching_files_changed:
+          pattern: "dd-java-agent/instrumentation"
+
+      # We are not running with a separate cache of all muzzle artifacts here because it gets very big and
+      # ends up taking more time restoring/saving than the actual increase in time it takes just
+      # downloading the artifacts each time.
+      #
+      # Let's at least restore the build cache to have something to start from.
+      - restore_dependency_cache:
+          cacheType: inst
+      - restore_build_cache:
+          cacheType: inst
+
+      - run:
+          name: Gather muzzle tasks
+          command: >-
+            SKIP_BUILDSCAN="true"
+            ./gradlew writeMuzzleTasksToFile
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=3
+
+      - run:
+          name: Verify Muzzle
+          command: >-
+            SKIP_BUILDSCAN="true"
+            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
+            ./gradlew `circleci tests split --split-by=timings workspace/build/muzzleTasks | xargs`
+            << pipeline.parameters.gradle_flags >>
+            --max-workers=4
+
+      - run:
+          name: Collect Reports
+          when: on_fail
+          command: .circleci/collect_reports.sh
+
+      - store_artifacts:
+          path: ./reports
+
+      - store_test_results:
+          path: workspace/build/muzzle-test-results
+
+      - display_memory_usage
+
+  system-tests:
+    machine:
+      # https://support.circleci.com/hc/en-us/articles/360007324514-How-can-I-use-Docker-volume-mounting-on-CircleCI-
+      image: ubuntu-2004:current
+    resource_class: medium
+    parameters:
+      weblog-variant:
+        type: string
+    steps:
+      - setup_system_tests
+
+      - run:
+          name: Copy jar file to system test binaries folder
+          command: |
+            ls -la ~/dd-trace-java/workspace/dd-java-agent/build/libs
+            cp ~/dd-trace-java/workspace/dd-java-agent/build/libs/*.jar system-tests/binaries/
+
+      - run:
+          name: Build
+          command: |
+            cd system-tests
+            ./build.sh java --weblog-variant << parameters.weblog-variant >> 
+
+      - run:
+          name: Run
+          command: |
+            cd system-tests
+            DD_API_KEY=$SYSTEM_TESTS_DD_API_KEY ./run.sh
+
+      - run:
+          name: Run APM E2E default tests
+          # Stop the job after 5m to avoid excessive overhead. Will need adjustment as more tests are added.
+          no_output_timeout: 5m
+          command: |
+            cd system-tests
+            DD_SITE=datadoghq.com DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY ./run.sh APM_TRACING_E2E
+
+      - run:
+          name: Run APM E2E Single Span tests
+          # Stop the job after 5m to avoid excessive overhead. Will need adjustment as more tests are added.
+          no_output_timeout: 5m
+          command: |
+            cd system-tests
+            DD_SITE=datadoghq.com DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY ./run.sh APM_TRACING_E2E_SINGLE_SPAN
+
+      - run:
+          name: Upload data to CI Visibility
+          command: |
+            cd system-tests
+            export DD_API_KEY=$SYSTEM_TESTS_CI_API_KEY
+            export DD_APP_KEY=$SYSTEM_TESTS_CI_APP_KEY
+
+            # Causes conflicts with DD_API_KEY and datadog-ci tool
+            unset DATADOG_API_KEY
+            
+            echo "Uploading tests results to CI Visibility"  
+            utils/scripts/upload_results_CI_visibility.sh dev java-tracer << pipeline.id >>-<< pipeline.number >>
+
+            if [[ $CIRCLE_BRANCH == "master" ]]; then
+              echo "Updating dashboard from dd-trace-java main branch"
+              utils/scripts/update_dashboard_CI_visibility.sh java-tracer << pipeline.id >>-<< pipeline.number >>
+            else
+              echo "Skipping CI Visibility dashboard update due to it is not a main branch"
+            fi
+
+      - run:
+          name: Collect artifacts
+          command: tar -cvzf logs_java_<< parameters.weblog-variant >>_dev.tar.gz -C system-tests logs logs_apm_tracing_e2e logs_apm_tracing_e2e_single_span
+
+      - store_artifacts:
+          path: logs_java_<< parameters.weblog-variant >>_dev.tar.gz
+
+  integrations-system-tests:
+    machine:
+      # https://support.circleci.com/hc/en-us/articles/360007324514-How-can-I-use-Docker-volume-mounting-on-CircleCI-
+      image: ubuntu-2004:current
+    resource_class: medium
+    steps:
+      - setup_system_tests
+
+      - run:
+          name: Copy jar file to system test binaries folder
+          command: |
+            ls -la ~/dd-trace-java/workspace/dd-java-agent/build/libs
+            cp ~/dd-trace-java/workspace/dd-java-agent/build/libs/*.jar system-tests/binaries/
+
+      - run:
+          name: Build
+          # Build the default framework, which is springboot
+          command: |
+            cd system-tests
+            ./build.sh java
+
+      - run:
+          name: Run APM Integrations tests
+          # Stop the job after 5m to avoid excessive overhead. Will need adjustment as more tests are added.
+          no_output_timeout: 5m
+          command: |
+            cd system-tests
+            DD_SITE=datadoghq.com DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY ./run.sh INTEGRATIONS
+
+      - store_test_results:
+          path: system-tests/logs_integrations
+
+      - store_artifacts:
+          path: system-tests/logs_integrations
+
+  parametric-tests:
+    machine:
+      # https://support.circleci.com/hc/en-us/articles/360007324514-How-can-I-use-Docker-volume-mounting-on-CircleCI-
+      image: ubuntu-2004:current
+    resource_class: large
+    steps:
+      - setup_system_tests
+
+      - run:
+          name: Copy jar files to system test binaries folder
+          command: |
+            ls -la ~/dd-trace-java/workspace/dd-trace-api/build/libs
+            ls -la ~/dd-trace-java/workspace/dd-java-agent/build/libs
+            cp ~/dd-trace-java/workspace/dd-trace-api/build/libs/*.jar system-tests/binaries/
+            cp ~/dd-trace-java/workspace/dd-java-agent/build/libs/*.jar system-tests/binaries/
+
+      - run:
+          name: Install requirements
+          command: |
+            cd system-tests
+            pyenv local system
+            python3.9 --version
+            python3.9 -m pip install wheel
+            python3.9 -m pip install -r requirements.txt
+            sudo ln -sf /usr/bin/python3.9 /usr/bin/python
+
+      - run:
+          name: Run
+          command: |
+            set -e
+            cd system-tests
+            export TEST_LIBRARY=java
+            export PYTEST_WORKER_COUNT=8
+            ./build.sh -i runner
+            ./run.sh PARAMETRIC --log-cli-level=DEBUG --durations=30 -vv
+
+      - store_test_results:
+          path: system-tests/logs_parametric
+
+      - run:
+          name: Collect artifacts
+          command: tar -cvzf logs_java_parametric_dev.tar.gz -C system-tests logs_parametric
+
+      - store_artifacts:
+          path: logs_java_parametric_dev.tar.gz
+
+
+build_test_jobs: &build_test_jobs
+  - build:
+      name: build_lib
+      gradleTarget: shadowJar
+      cacheType: lib
+      collectLibs: true
+  - build:
+      name: build_base
+      gradleTarget: :baseTest
+      cacheType: base
+  - build:
+      name: build_inst
+      gradleTarget: :instrumentationTest
+      cacheType: inst
+  - build:
+      name: build_latestdep
+      gradleTarget: :instrumentationLatestDepTest
+      cacheType: latestdep
+  - build:
+      name: build_smoke
+      gradleTarget: :smokeTest
+      cacheType: smoke
+  - build:
+      name: build_profiling
+      gradleTarget: :profilingTest
+      cacheType: profiling
+  - spotless
+
+  - fan_in:
+      requires:
+        - build_lib
+        - build_base
+        - build_inst
+        - build_smoke
+        - build_profiling
+        - spotless
+      name: ok_to_test
+      stage: ok_to_test
+
+  - check:
+      requires:
+        - ok_to_test
+      name: check_base
+      gradleTarget: ":baseCheck"
+      cacheType: base
+
+  - check:
+      requires:
+        - ok_to_test
+      name: check_inst
+      parallelism: 4
+      gradleTarget: ":instrumentationCheck"
+      cacheType: inst
+
+  - check:
+      requires:
+        - ok_to_test
+      name: check_smoke
+      gradleTarget: ":smokeCheck"
+      cacheType: smoke
+
+  - check:
+      requires:
+        - ok_to_test
+      name: check_profiling
+      gradleTarget: ":profilingCheck"
+      cacheType: profiling
+
+  - fan_in:
+      requires:
+        - check_base
+        - check_inst
+        - check_smoke
+        - check_profiling
+      name: check
+      stage: check
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: z_test_<< matrix.testJvm >>_base
+      triggeredBy: *core_modules
+      gradleTarget: ":baseTest"
+      gradleParameters: "-PskipFlakyTests -PskipInstTests -PskipSmokeTests -PskipProfilingTests"
+      stage: core
+      cacheType: base
+      parallelism: 4
+      maxWorkers: 4
+      matrix:
+        <<: *test_matrix
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: z_test_8_base
+      triggeredBy: *core_modules
+      gradleTarget: :baseTest jacocoTestReport jacocoTestCoverageVerification
+      gradleParameters: "-PskipFlakyTests -PskipInstTests -PskipSmokeTests -PskipProfilingTests"
+      stage: core
+      cacheType: base
+      parallelism: 4
+      maxWorkers: 4
+      testJvm: "8"
+
+  - xlarge_tests:
+      requires:
+        - ok_to_test
+      name: z_test_<< matrix.testJvm >>_inst
+      gradleTarget: ":instrumentationTest"
+      gradleParameters: "-PskipFlakyTests"
+      triggeredBy: *instrumentation_modules
+      stage: instrumentation
+      cacheType: inst
+      parallelism: 4
+      maxWorkers: 4
+      matrix:
+        <<: *test_matrix
+
+  - xlarge_tests:
+      requires:
+        - ok_to_test
+      name: z_test_8_inst
+      gradleTarget: ":instrumentationTest"
+      gradleParameters: "-PskipFlakyTests"
+      triggeredBy: *instrumentation_modules
+      stage: instrumentation
+      cacheType: inst
+      parallelism: 4
+      maxWorkers: 4
+      testJvm: "8"
+
+  - xlarge_tests:
+      requires:
+        - ok_to_test
+        - build_latestdep
+      name: test_8_inst_latest
+      gradleTarget: ":instrumentationLatestDepTest"
+      gradleParameters: "-PskipFlakyTests"
+      triggeredBy: *instrumentation_modules
+      stage: instrumentation
+      cacheType: latestdep
+      parallelism: 4
+      maxWorkers: 4
+      testJvm: "8"
+
+{% if flaky %}
+  - tests:
+      requires:
+        - ok_to_test
+      name: z_test_8_flaky_base
+      gradleTarget: ":baseTest"
+      gradleParameters: "-PrunFlakyTests"
+      continueOnFailure: true
+      triggeredBy: *core_modules
+      stage: core
+      cacheType: base
+      parallelism: 4
+      maxWorkers: 4
+      testJvm: "8"
+
+  - xlarge_tests:
+      requires:
+        - ok_to_test
+      name: z_test_8_flaky_inst
+      gradleTarget: ":instrumentationTest"
+      gradleParameters: "-PrunFlakyTests"
+      continueOnFailure: true
+      triggeredBy: *instrumentation_modules
+      stage: instrumentation
+      cacheType: inst
+      parallelism: 2
+      maxWorkers: 4
+      testJvm: "8"
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: z_test_8_flaky_smoke
+      gradleTarget: ":smokeTest"
+      gradleParameters: "-PrunFlakyTests"
+      continueOnFailure: true
+      stage: smoke
+      cacheType: smoke
+      parallelism: 4
+      maxWorkers: 4
+      testJvm: "8"
+{% endif %}
+
+  - tests:
+      requires:
+        - ok_to_test
+      maxWorkers: 4
+      gradleTarget: ":profilingTest"
+      gradleParameters: "-PskipFlakyTests"
+      triggeredBy: *profiling_modules
+      stage: profiling
+      cacheType: profiling
+      name: test_<< matrix.testJvm >>_profiling
+      matrix:
+        <<: *profiling_test_matrix
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: test_<< matrix.testJvm >>_debugger
+      maxWorkers: 4
+      gradleTarget: ":debuggerTest"
+      gradleParameters: "-PskipFlakyTests"
+      triggeredBy: *debugger_modules
+      stage: debugger
+      cacheType: base
+      matrix:
+        <<: *debugger_test_matrix
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: z_test_<< matrix.testJvm >>_smoke
+      gradleTarget: "stageMainDist :smokeTest"
+      gradleParameters: "-PskipFlakyTests"
+      stage: smoke
+      cacheType: smoke
+      parallelism: 4
+      maxWorkers: 3
+      matrix:
+        <<: *test_matrix
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: test_semeru8_debugger_smoke
+      maxWorkers: 4
+      gradleTarget: "stageMainDist dd-smoke-tests:debugger-integration-tests:test"
+      gradleParameters: "-PskipFlakyTests"
+      triggeredBy: *debugger_modules
+      stage: debugger
+      cacheType: smoke
+      testJvm: "semeru8"
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: test_graalvm17_smoke
+      gradleTarget: "stageMainDist :dd-smoke-test:spring-boot-3.0-native:test"
+      stage: smoke
+      cacheType: smoke
+      testJvm: "graalvm17"
+
+  - tests:
+      requires:
+        - ok_to_test
+      name: z_test_8_smoke
+      gradleTarget: "stageMainDist :smokeTest"
+      gradleParameters: "-PskipFlakyTests"
+      stage: smoke
+      cacheType: smoke
+      parallelism: 4
+      maxWorkers: 3
+      testJvm: "8"
+
+  - fan_in:
+      requires:
+        - z_test_<< matrix.testJvm >>_base
+        - z_test_<< matrix.testJvm >>_inst
+        - z_test_<< matrix.testJvm >>_smoke
+      name: test_<< matrix.testJvm >>
+      stage: tracing
+      matrix:
+        <<: *test_matrix
+
+  - fan_in:
+      requires:
+        - z_test_8_base
+        - z_test_8_inst
+        - z_test_8_smoke
+      name: test_8
+      stage: tracing
+      testJvm: "8"
+
+  - agent_integration_tests:
+      requires:
+        - ok_to_test
+      triggeredBy: *agent_integration_tests_modules
+      gradleTarget: traceAgentTest
+      cacheType: base
+      testJvm: "8"
+
+  - test_published_artifacts:
+      requires:
+        - ok_to_test
+
+  - muzzle:
+      requires:
+        - ok_to_test
+      filters:
+        branches:
+          ignore:
+            - master
+            - project/*
+            - release/*
+
+  - muzzle-dep-report:
+      requires:
+        - ok_to_test
+
+  - system-tests:
+      requires:
+        - ok_to_test
+      matrix:
+          <<: *system_test_matrix
+
+  - integrations-system-tests:
+      requires:
+        - ok_to_test
+
+  - parametric-tests:
+      requires:
+        - ok_to_test
+
+  - fan_in:
+      requires:
+        - test_published_artifacts
+{% for jdk in all_jdks %}
+        - "test_{{ jdk }}_profiling"
+{% endfor %}
+      name: profiling
+      stage: profiling
+
+  - fan_in:
+      requires:
+        - test_published_artifacts
+{% for jdk in all_jdks %}
+        - "test_{{ jdk }}_debugger"
+{% endfor %}
+      name: debugger
+      stage: debugger
+
+  # This job requires all the jobs needed for a successful build, so GitHub only needs to enforce this one,
+  # and it will be simpler to require different JVM versions for different branches and old releases
+  - fan_in:
+      requires:
+        - check
+        - test_published_artifacts
+        - agent_integration_tests
+{% for jdk in all_jdks %}
+        - "test_{{ jdk }}"
+{% endfor %}
+        - profiling
+        - debugger
+      name: required
+      stage: required
+
+workflows:
+{% if is_regular %}
+  build_test:
+    jobs:
+      *build_test_jobs
+{% endif %}
+{% if is_nightly %}
+  nightly:
+    jobs:
+      *build_test_jobs
+{% endif %}
+{% if is_weekly %}
+  weekly:
+    jobs:
+      # This will rebuild a main caches with a new timestamp from a clean slate
+      - build_clean_cache:
+          name: build_cache_lib
+          gradleTarget: shadowJar
+          cacheType: lib
+          collectLibs: false
+      - build_clean_cache:
+          name: build_cache_base
+          gradleTarget: :baseTest
+          cacheType: base
+      - build_clean_cache:
+          name: build_cache_inst
+          gradleTarget: :instrumentationTest
+          cacheType: inst
+      - build_clean_cache:
+          name: build_cache_latestdep
+          gradleTarget: :instrumentationLatestDepTest
+          cacheType: latestdep
+      - build_clean_cache:
+          name: build_cache_smoke
+          gradleTarget: :smokeTest
+          cacheType: smoke
+      - build_clean_cache:
+          name: build_cache_profiling
+          gradleTarget: :profilingTest
+          cacheType: profiling
+{% endif %}
diff --git a/.circleci/config.yml b/.circleci/config.yml
index f37f89f7d33..ba038c80090 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,1340 +1,37 @@
 version: 2.1
-
-defaults: &defaults
-  working_directory: ~/dd-trace-java
-  docker:
-    - image: &default_container << pipeline.parameters.docker_image >>:<< pipeline.parameters.docker_image_tag >>
-
-test_matrix: &test_matrix
-  parameters:
-    testJvm: [ "ibm8", "semeru8", "zulu8", "oracle8", "11", "zulu11", "17", "ubuntu17" ]
-
-profiling_test_matrix: &profiling_test_matrix
-  parameters:
-    testJvm: [ "8", "zulu8", "oracle8", "11", "zulu11", "17", "ubuntu17" ]
-
-system_test_matrix: &system_test_matrix
-  parameters:
-    weblog-variant: [ 'spring-boot', 'spring-boot-jetty', 'spring-boot-openliberty', 'spring-boot-3-native', 'jersey-grizzly2', 'resteasy-netty3','ratpack', 'vertx3' ]
-
-agent_integration_tests_modules: &agent_integration_tests_modules "dd-trace-core|communication|internal-api|utils"
-core_modules: &core_modules "dd-java-agent|dd-trace-core|communication|internal-api|telemetry|utils|dd-java-agent/agent-bootstrap|dd-java-agent/agent-installer|dd-java-agent/agent-tooling|dd-java-agent/agent-builder|dd-java-agent/appsec|dd-java-agent/agent-crashtracking"
-instrumentation_modules: &instrumentation_modules "dd-java-agent/instrumentation|dd-java-agent/agent-tooling|dd-java-agent/agent-installer|dd-java-agent/agent-builder|dd-java-agent/agent-bootstrap|dd-java-agent/appsec|dd-java-agent/testing|dd-trace-core|dd-trace-api|internal-api"
-debugger_modules: &debugger_modules "dd-java-agent/agent-debugger|dd-java-agent/agent-bootstrap|dd-java-agent/agent-builder|internal-api|communication|dd-trace-core"
-profiling_modules: &profiling_modules "dd-java-agent/agent-profiling"
-
-default_system_tests_commit: &default_system_tests_commit 18afda441d6e92fe3befeddd4dd20ff558ca4f0c
-
+setup: true
+python310_image: &python310_image cimg/python:3.10
 parameters:
-  gradle_flags:
-    # Using no-daemon is important for the caches to be in a consistent state
-    type: string
-    default: "--stacktrace --no-daemon"
-
-  global_pattern:
-    # Pattern for files that should always trigger a test jobs
-    type: string
-    default: "^build.gradle$|^settings.gradle$|^gradle.properties$|^buildSrc/|^gradle/|.circleci"
-
-  docker_image:
-    type: string
-    default: ghcr.io/datadog/dd-trace-java-docker-build
-
-  docker_image_tag:
-    type: string
-    default: base
-
-commands:
-  check_for_leftover_files:
-    steps:
-      - run:
-          name: Check for leftover files
-          command: |
-            LEFTOVER_FILES=$(find . -type f -regex '.*\.orig$')
-            if [[ "$LEFTOVER_FILES" != "" ]]
-            then
-              echo -e "Found leftover files in the commit:\n$LEFTOVER_FILES"
-              exit 1
-            fi
-
-  generate_cache_ids:
-    steps:
-      - run:
-          name: Generate cache ids
-          command: |
-            # Everything falls back to the main cache
-            BASE_CACHE_ID="main"
-            if [ "$CIRCLE_BRANCH" == "master" ];
-            then
-              # If we're on a the main branch, then they are the same
-              echo "${BASE_CACHE_ID}" >| _circle_ci_cache_id
-            else
-              # If we're on a PR branch, then we use the name of the branch and the
-              # PR number as a stable identifier for the branch cache
-              echo "${CIRCLE_BRANCH}-${CIRCLE_PULL_REQUEST##*/}" >| _circle_ci_cache_id
-            fi
-            # Have new branches start from the main cache
-            echo "${BASE_CACHE_ID}" >| _circle_ci_cache_base_id
-
-  setup_code:
-    steps:
-      - checkout
-      - run:
-          name: Checkout merge commit
-          command: |
-            CCI_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"
-
-            if [[ "$CIRCLE_BRANCH" != "master" && -n "${CCI_PR_NUMBER}" ]]
-            then
-              FETCH_REFS="${FETCH_REFS} +refs/pull/${CCI_PR_NUMBER}/merge:refs/pull/${CCI_PR_NUMBER}/merge +refs/pull/${CCI_PR_NUMBER}/head:refs/pull/${CCI_PR_NUMBER}/head"
-              git fetch -u origin ${FETCH_REFS}
-
-              if git merge-base --is-ancestor $(git show-ref --hash refs/pull/${CCI_PR_NUMBER}/head) $(git show-ref --hash refs/pull/${CCI_PR_NUMBER}/merge); then
-                git checkout "pull/${CCI_PR_NUMBER}/merge"
-              else
-                echo "[WARN] There is a merge conflict between master and PR ${CCI_PR_NUMBER}, merge branch cannot be checked out."
-                git checkout "pull/${CCI_PR_NUMBER}/head"
-              fi
-            fi
-
-      - check_for_leftover_files
-
-      - generate_cache_ids
-
-  setup_testcontainers:
-    description: >-
-      Sets up remote docker and automatic port forwarding needed for docker on docker
-      version of Testcontainers.
-    steps:
-      - setup_remote_docker:
-          version: 20.10.18
-          # DLC shares Docker layers across jobs (at an extra cost).
-          # But its time to setup (~1min) exceeds the time required to prefetch all images we use.
-          docker_layer_caching: false
-
-      - run:
-          name: Prepare testcontainers environment
-          command: .circleci/prepare_docker_env.sh
-
-      - run:
-          name: Testcontainers tunnels
-          background: true
-          command: .circleci/start_docker_autoforward.sh
-
-      - run:
-          name: Prefetch Docker images
-          background: true
-          command: .circleci/fetch_docker_images.sh
-
-  early_return_for_forked_pull_requests:
-    description: >-
-      If this build is from a fork, stop executing the current job and return success.
-      This is useful to avoid steps that will fail due to missing credentials.
-    steps:
-      - run:
-          name: Early return if this build is from a forked PR
-          command: |
-            if [[ "$CIRCLE_BRANCH" != "master" && -n "$CIRCLE_PR_NUMBER" ]]; then
-              echo "Nothing to do for forked PRs, so marking this step successful"
-              circleci step halt
-            fi
-
-  skip_unless_matching_files_changed:
-    description: >-
-      If files matching the regular expression haven't changed in the commit, then skip the job
-    parameters:
-      pattern:
-        type: string
-    steps:
-      - run:
-          name: "Check if files relevant to job have changed"
-          command: |
-            CCI_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"
-
-            if [[ "$CIRCLE_BRANCH" != "master" && -n "$CCI_PR_NUMBER" ]]; then
-              BRANCH="$(git rev-parse --abbrev-ref HEAD)"
-              if [[ "$BRANCH" != "master" ]] && [[ "$BRANCH" != "release/*" ]]; then
-                # We know that we have checked out the PR merge branch, so the HEAD commit is a merge
-                # As a backup, if anything goes wrong with the diff, the build will fail
-                CHANGED_FILES=$(git show HEAD | grep -e "^Merge:" | cut -d ' ' -f 2- | sed 's/ /.../' | xargs git diff --name-only)
-                # Count the number of matches, and ignore if the grep doesn't match anything
-                MATCH_COUNT=$(echo "$CHANGED_FILES" | grep -c -E "<< pipeline.parameters.global_pattern >>|<< parameters.pattern >>") || true
-                if [[ "$MATCH_COUNT" -eq "0" ]]; then
-                  circleci step halt
-                fi
-              fi
-            fi
-
-  display_memory_usage:
-    steps:
-      - run:
-          name: Max Memory Used
-          # The file does not seem to exist when DLC is disabled
-          command: cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes || true
-          when: always
-
-
-  # The caching setup of the build dependencies is somewhat involved because of how CircleCI works.
-  # 1) Caches are immutable, so you can not reuse a cache key (the save will simply be ignored)
-  # 2) Cache keys are prefix matched, and the most recently updated cache that matches will be picked
-  #
-  # There is a weekly job that runs on Monday mornings that builds a new cache from scratch.
-  restore_dependency_cache:
-    parameters:
-      cacheType:
-        type: string
-    steps:
-      - restore_cache:
-          keys:
-            # Dependent steps will find this cache
-            - dd-trace-java-dep<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
-            # New branch commits will find this cache
-            - dd-trace-java-dep<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-
-            # New branches fall back on main build caches
-            - dd-trace-java-dep<< parameters.cacheType >>-v4-master-{{ checksum "_circle_ci_cache_base_id" }}-
-            # Fallback to the previous cache during transition
-            - dd-trace-java-dep<< parameters.cacheType >>-v3-master-{{ checksum "_circle_ci_cache_base_id" }}-
-
-  save_dependency_cache:
-    parameters:
-      cacheType:
-        type: string
-    steps:
-      - save_cache:
-          key: dd-trace-java-dep<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
-          paths:
-            # Cached dependencies and wrappers for gradle
-            - ~/.gradle/caches
-            - ~/.gradle/wrapper
-            # Cached dependencies for maven
-            - ~/.m2
-            # Cached launchers and compilers for sbt
-            - ~/.sbt
-            # Cached dependencies for sbt handled by ivy
-            - ~/.ivy2
-            # Cached dependencies for sbt handled by coursier
-            - ~/.cache/coursier
-
-  restore_build_cache:
-    parameters:
-      cacheType:
-        type: string
-    steps:
-      - restore_cache:
-          keys:
-            # Dependent steps will find this cache
-            - dd-trace-java-build<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
-
-  save_build_cache:
-    parameters:
-      cacheType:
-        type: string
-    steps:
-      - save_cache:
-          key: dd-trace-java-build<< parameters.cacheType >>-v4-{{ .Branch }}-{{ checksum "_circle_ci_cache_id" }}-{{ .Revision }}
-          paths:
-            # Gradle version specific cache for incremental builds. Needs to match version in
-            # gradle/wrapper/gradle-wrapper.properties
-            - ~/.gradle/caches/8.2
-            # Workspace
-            - ~/dd-trace-java/.gradle
-            - ~/dd-trace-java/workspace
-
-  setup_system_tests:
-    parameters:
-      systemTestsCommit:
-        type: string
-        default: *default_system_tests_commit
-    steps:
-      - generate_cache_ids
-
-      - restore_build_cache:
-          cacheType: lib
-
-      - run:
-          # TODO: removes this step once host-in-runner is merged on system tests
-          name: Install good version of docker-compose
-          command: |
-            sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-            sudo chmod +x /usr/local/bin/docker-compose
-
-      - run:
-          name: Install python 3.9
-          command: |
-            sudo apt-get install python3.9-full python3.9-dev python3.9-venv
-            echo 'export PATH="$HOME/.local/bin:$PATH"' >>"$BASH_ENV"
-
-      - run:
-          name: versions
-          command: |
-            docker --version
-            docker-compose --version
-
-      - run:
-          name: Clone system-tests
-          command: |
-            git init system-tests
-            cd system-tests
-            git remote add origin https://github.com/DataDog/system-tests.git
-            git fetch origin << parameters.systemTestsCommit >>
-            git reset --hard FETCH_HEAD
-
-jobs:
-  build:
-    <<: *defaults
-    resource_class: xlarge
-
-    parameters:
-      gradleTarget:
-        type: string
-      cacheType:
-        type: string
-      collectLibs:
-        type: boolean
-        default: false
-
-    steps:
-      - setup_code
-
-      - restore_dependency_cache:
-          cacheType: << parameters.cacheType >>
-
-      - run:
-          name: Build Project
-          command: >-
-            MAVEN_OPTS="-Xms64M -Xmx256M"
-            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
-            ./gradlew clean
-            << parameters.gradleTarget >>
-            -PskipTests
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=8
-            --rerun-tasks
-
-      - when:
-          condition:
-            equal: [ true, << parameters.collectLibs >> ]
-          steps:
-            - run:
-                name: Collect Libs
-                when: always
-                command: .circleci/collect_libs.sh
-            - store_artifacts:
-                path: ./libs
-
-      - run:
-          name: Collect reports
-          when: on_fail
-          command: .circleci/collect_reports.sh --destination ./check_reports --move
-
-      - run:
-          name: Delete reports
-          when: on_success
-          command: .circleci/collect_reports.sh --destination ./check_reports --delete
-
-      - store_artifacts:
-          path: ./check_reports
-
-      # Save a full dependency cache when building on master or a base project branch.
-      # We used to do this on the first build of each PR, but now it's skipped at the
-      # cost of downloading new dependencies a few more times.
-      - when:
-          condition:
-            matches:
-              pattern: "^(master|project/.+)$"
-              value: << pipeline.git.branch >>
-          steps:
-            - save_dependency_cache:
-                cacheType: << parameters.cacheType >>
-
-      # Save the small build cache
-      - save_build_cache:
-          cacheType: << parameters.cacheType >>
-
-      - display_memory_usage
-
-  spotless:
-    <<: *defaults
-    resource_class: medium+
-
-    steps:
-      - setup_code
-
-      - run:
-          name: Run spotless
-          command: >-
-            JAVA_HOME=$JAVA_11_HOME
-            ./gradlew spotlessCheck
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=8
-
-  check:
-    <<: *defaults
-
-    parameters:
-      parallelism:
-        type: integer
-        default: 1
-      gradleTarget:
-        type: string
-      cacheType:
-        type: string
-
-    resource_class: medium+
-
-    parallelism: << parameters.parallelism >>
-
-    steps:
-      - setup_code
-      - restore_dependency_cache:
-          cacheType: << parameters.cacheType >>
-      - restore_build_cache:
-          cacheType: << parameters.cacheType >>
-
-      - run:
-          name: Check Project
-          command: >-
-            MAVEN_OPTS="-Xms64M -Xmx256M"
-            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
-            ./gradlew
-            << parameters.gradleTarget >>
-            -PskipTests
-            -PrunBuildSrcTests
-            -PtaskPartitionCount=${CIRCLE_NODE_TOTAL} -PtaskPartition=${CIRCLE_NODE_INDEX}
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=8
-
-      - run:
-          name: Collect reports
-          when: on_fail
-          command: .circleci/collect_reports.sh --destination ./check_reports --move
-
-      - run:
-          name: Delete reports
-          when: on_success
-          command: .circleci/collect_reports.sh --destination ./check_reports --delete
-
-      - store_artifacts:
-          path: ./check_reports
-
-      - run:
-          name: Cancel workflow
-          when: on_fail
-          command: .circleci/cancel_workflow.sh
-
-  build_clean_cache:
-    <<: *defaults
-
-    parameters:
-      gradleTarget:
-        type: string
-      cacheType:
-        type: string
-      collectLibs:
-        type: boolean
-        default: false
-
-    resource_class: xlarge
-
-    steps:
-      - setup_code
-
-      - run:
-          name: Build Project
-          command: >-
-            MAVEN_OPTS="-Xms64M -Xmx256M"
-            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
-            ./gradlew clean
-            << parameters.gradleTarget >>
-            -PskipTests
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=8
-            --rerun-tasks
-
-      - when:
-          condition:
-            not:
-              equal: [true, << parameters.collectLibs >>]
-          steps:
-          - run:
-              name: Collect Libs
-              when: always
-              command: .circleci/collect_libs.sh
-          - store_artifacts:
-              path: ./libs
-
-      - save_dependency_cache:
-          cacheType: << parameters.cacheType >>
-
-      - display_memory_usage
-
-  tests: &tests
-    <<: *defaults
-    # since tests use test containers, they will use a Linux VM / Remote Docker executor, so there is no medium+ size
-    resource_class: large
-
-    docker:
-      - image: << pipeline.parameters.docker_image >>:<< parameters.testJvm >>
-
-    parameters:
-      testJvm:
-        type: string
-        default: ""
-      maxDaemonHeapSize:
-        type: string
-        default: "2G"
-      gradleParameters:
-        type: string
-        default: ""
-      gradleTarget:
-        type: string
-      triggeredBy:
-        type: string
-        default: ".*"
-      stage:
-        type: string
-        default: ""
-      parallelism:
-        type: integer
-        default: 1
-      maxWorkers:
-        type: integer
-        default: 2
-      profile:
-        type: boolean
-        default: false
-      continueOnFailure:
-        type: boolean
-        default: false
-      cacheType:
-        type: string
-
-    parallelism: << parameters.parallelism >>
-
-    steps:
-      - setup_code
-
-      - skip_unless_matching_files_changed:
-          pattern: << parameters.triggeredBy >>
-
-      - restore_dependency_cache:
-          cacheType: << parameters.cacheType >>
-      - restore_build_cache:
-          cacheType: << parameters.cacheType >>
-
-      - when:
-          condition:
-            or:
-              - equal: ["core", << parameters.stage >>]
-              - equal: ["instrumentation", << parameters.stage >>]
-              - equal: ["smoke", << parameters.stage >>]
-          steps:
-            - setup_testcontainers
-
-      - run:
-          name: Run tests
-          command: >-
-            if [[ << parameters.profile >> ]] && [[ << parameters.testJvm >> != "ibm8" ]] && [[ << parameters.testJvm >> != "oracle8" ]];
-            then
-              PROFILER_COMMAND="-XX:StartFlightRecording=settings=profile,filename=/tmp/<< parameters.stage >>-<< parameters.testJvm >>.jfr,dumponexit=true"
-            fi
-            
-            MAVEN_OPTS="-Xms64M -Xmx512M"
-            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xms<< parameters.maxDaemonHeapSize >> -Xmx<< parameters.maxDaemonHeapSize >> $PROFILER_COMMAND -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp' -Ddatadog.forkedMaxHeapSize=768M -Ddatadog.forkedMinHeapSize=128M"
-            ./gradlew
-            << parameters.gradleTarget >>
-            << parameters.gradleParameters >>
-            -PtaskPartitionCount=${CIRCLE_NODE_TOTAL} -PtaskPartition=${CIRCLE_NODE_INDEX}
-            <<# parameters.testJvm >>-PtestJvm=<< parameters.testJvm >><</ parameters.testJvm >>
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=<< parameters.maxWorkers >>
-            --continue
-            <<# parameters.continueOnFailure >> || true <</ parameters.continueOnFailure >>
-
-      - run:
-          name: Collect reports
-          when: on_fail
-          command: .circleci/collect_reports.sh
-
-      - store_artifacts:
-          path: ./reports.tar
-
-      - when:
-          condition:
-            equal: [true, << parameters.profile >>]
-          steps:
-            - run:
-                name: Collect profiles
-                when: always
-                command: .circleci/collect_profiles.sh
-
-            - store_artifacts:
-                path: ./profiles.tar
-
-      - run:
-          name: Collect test results
-          when: always
-          command: .circleci/collect_results.sh
-
-      - store_test_results:
-          path: ./results
-
-      - display_memory_usage
-
-      - early_return_for_forked_pull_requests
-
-      - run:
-          name: Upload test results to Datadog
-          when: always
-          command: .circleci/upload_ciapp.sh << parameters.stage >> << parameters.testJvm >> || true
-
-      - run:
-          name: Get APM Test Agent Trace Check Results
-          when: always
-          command: |
-            set +e  # Disable exiting from testagent response failure
-            SUMMARY_RESPONSE=$(curl -s -w "\n%{http_code}" -o summary_response.txt http://localhost:8126/test/trace_check/summary)
-            set -e
-            SUMMARY_RESPONSE_CODE=$(echo "$SUMMARY_RESPONSE" | awk 'END {print $NF}')
-
-            if [[ SUMMARY_RESPONSE_CODE -eq 200 ]]; then
-              echo "APM Test Agent is running. (HTTP 200)"
-            else
-              echo "APM Test Agent is not running and was not used for testing. No checks failed."
-              exit 0
-            fi
-            
-            RESPONSE=$(curl -s -w "\n%{http_code}" -o response.txt http://localhost:8126/test/trace_check/failures)
-            RESPONSE_CODE=$(echo "$RESPONSE" | awk 'END {print $NF}')
-               
-            if [[ $RESPONSE_CODE -eq 200 ]]; then
-              echo "All APM Test Agent Check Traces returned successful! (HTTP 200)"
-              echo "APM Test Agent Check Traces Summary Results:"
-              cat summary_response.txt | jq '.'
-            elif [[ $RESPONSE_CODE -eq 404 ]]; then
-              echo "Real APM Agent running in place of TestAgent, no checks to validate!"
-            else
-              echo "APM Test Agent Check Traces failed with response code: $RESPONSE_CODE"
-              echo "Failures:"
-              cat response.txt
-              echo "APM Test Agent Check Traces Summary Results:"
-              cat summary_response.txt | jq '.'
-              exit 1
-            fi
-
-  xlarge_tests:
-    <<: *tests
-
+  nightly:
+    type: boolean
+    default: false
+  weekly:
+    type: boolean
+    default: false
+orbs:
+  continuation: circleci/continuation@0.1.2
+executors:
+  python310:
     docker:
-      - image: << pipeline.parameters.docker_image >>:<< parameters.testJvm >>
-        environment:
-          - CI_USE_TEST_AGENT=true
-      - image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:v1.11.0
-        environment:
-          - LOG_LEVEL=DEBUG
-          - TRACE_LANGUAGE=java
-          - DD_SUPPRESS_TRACE_PARSE_ERRORS=true
-          - DD_POOL_TRACE_CHECK_FAILURES=true
-          - DD_DISABLE_ERROR_RESPONSES=true
-          - ENABLED_CHECKS=trace_content_length,trace_stall,meta_tracer_version_header,trace_count_header,trace_peer_service,trace_dd_service
-    resource_class: xlarge
-
-
-  # The only way to do fan-in in CircleCI seems to have a proper job, so let's have one that
-  # doesn't consume so many resources. The execution time for this including spin up seems to
-  # be around 6 seconds.
-  fan_in:
+      - image: *python310_image
     resource_class: small
-
-    docker:
-      - image: alpine
-
-    parameters:
-      testJvm:
-        type: string
-        default: "all configured JVMs"
-      stage:
-        type: string
-
-    steps:
-      - run:
-          name: Completed stage << parameters.stage >> on << parameters.testJvm >> passed!
-          command: echo '<< parameters.stage >> completed!'
-
-  agent_integration_tests:
-    <<: *tests
-
-    resource_class: medium
-
-    docker:
-      - image: << pipeline.parameters.docker_image >>:7
-      - image: datadog/agent:7.34.0
-        environment:
-          - DD_APM_ENABLED=true
-          - DD_BIND_HOST=0.0.0.0
-          - DD_API_KEY=invalid_key_but_this_is_fine
-
-  test_published_artifacts:
-    <<: *defaults
-    resource_class: medium
-    docker:
-      - image: << pipeline.parameters.docker_image >>:7
-
-    steps:
-      - setup_code
-      - restore_dependency_cache:
-          cacheType: lib
-      - restore_build_cache:
-          cacheType: lib
-
-      - run:
-          name: Publish Artifacts Locally
-          command: |
-            mvn_local_repo=$(./mvnw help:evaluate -Dexpression=settings.localRepository -q -DforceStdout)
-            rm -rf "${mvn_local_repo}/com/datadoghq"
-            export GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
-            ./gradlew publishToMavenLocal << pipeline.parameters.gradle_flags >> --max-workers=3
-
-      - run:
-          name: Test Published Artifacts
-          command: |
-            cd test-published-dependencies
-            export GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx512M -Xms512M -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
-            ./gradlew check --info --max-workers=3
-
-      - run:
-          name: Collect Reports
-          when: on_fail
-          command: .circleci/collect_reports.sh
-
-      - store_artifacts:
-          path: ./reports
-
-      - display_memory_usage
-
-  muzzle:
-    <<: *defaults
-    resource_class: medium
-    parallelism: 3
+jobs:
+  setup:
+    executor: python310
     steps:
-      - setup_code
-
-      - skip_unless_matching_files_changed:
-          pattern: "dd-java-agent/instrumentation"
-
-      # We are not running with a separate cache of all muzzle artifacts here because it gets very big and
-      # ends up taking more time restoring/saving than the actual increase in time it takes just
-      # downloading the artifacts each time.
-      #
-      # Let's at least restore the build cache to have something to start from.
-      - restore_dependency_cache:
-          cacheType: inst
-      - restore_build_cache:
-          cacheType: inst
-
+      - checkout
       - run:
-          name: Gather muzzle tasks
-          command: >-
-            SKIP_BUILDSCAN="true"
-            ./gradlew writeMuzzleTasksToFile
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=3
-
+          name: Install dependencies
+          command: pip3 install jinja2 requests
       - run:
-          name: Verify Muzzle
+          name: Generate config
           command: >-
-            SKIP_BUILDSCAN="true"
-            GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G -XX:ErrorFile=/tmp/hs_err_pid%p.log -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp'"
-            ./gradlew `circleci tests split --split-by=timings workspace/build/muzzleTasks | xargs`
-            << pipeline.parameters.gradle_flags >>
-            --max-workers=4
-
-      - run:
-          name: Collect Reports
-          when: on_fail
-          command: .circleci/collect_reports.sh
-
-      - store_artifacts:
-          path: ./reports
-
-      - store_test_results:
-          path: workspace/build/muzzle-test-results
-
-      - display_memory_usage
-
-  system-tests:
-    machine:
-      # https://support.circleci.com/hc/en-us/articles/360007324514-How-can-I-use-Docker-volume-mounting-on-CircleCI-
-      image: ubuntu-2004:current
-    resource_class: medium
-    parameters:
-      weblog-variant:
-        type: string
-    steps:
-      - setup_system_tests
-
-      - run:
-          name: Copy jar file to system test binaries folder
-          command: |
-            ls -la ~/dd-trace-java/workspace/dd-java-agent/build/libs
-            cp ~/dd-trace-java/workspace/dd-java-agent/build/libs/*.jar system-tests/binaries/
-
-      - run:
-          name: Build
-          command: |
-            cd system-tests
-            ./build.sh java --weblog-variant << parameters.weblog-variant >> 
-
-      - run:
-          name: Run
-          command: |
-            cd system-tests
-            DD_API_KEY=$SYSTEM_TESTS_DD_API_KEY ./run.sh
-
-      - run:
-          name: Run APM E2E default tests
-          # Stop the job after 5m to avoid excessive overhead. Will need adjustment as more tests are added.
-          no_output_timeout: 5m
-          command: |
-            cd system-tests
-            DD_SITE=datadoghq.com DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY ./run.sh APM_TRACING_E2E
-
-      - run:
-          name: Run APM E2E Single Span tests
-          # Stop the job after 5m to avoid excessive overhead. Will need adjustment as more tests are added.
-          no_output_timeout: 5m
-          command: |
-            cd system-tests
-            DD_SITE=datadoghq.com DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY ./run.sh APM_TRACING_E2E_SINGLE_SPAN
-
-      - run:
-          name: Upload data to CI Visibility
-          command: |
-            cd system-tests
-            export DD_API_KEY=$SYSTEM_TESTS_CI_API_KEY
-            export DD_APP_KEY=$SYSTEM_TESTS_CI_APP_KEY
-
-            # Causes conflicts with DD_API_KEY and datadog-ci tool
-            unset DATADOG_API_KEY
-            
-            echo "Uploading tests results to CI Visibility"  
-            utils/scripts/upload_results_CI_visibility.sh dev java-tracer << pipeline.id >>-<< pipeline.number >>
-
-            if [[ $CIRCLE_BRANCH == "master" ]]; then
-              echo "Updating dashboard from dd-trace-java main branch"
-              utils/scripts/update_dashboard_CI_visibility.sh java-tracer << pipeline.id >>-<< pipeline.number >>
-            else
-              echo "Skipping CI Visibility dashboard update due to it is not a main branch"
-            fi
-
-      - run:
-          name: Collect artifacts
-          command: tar -cvzf logs_java_<< parameters.weblog-variant >>_dev.tar.gz -C system-tests logs logs_apm_tracing_e2e logs_apm_tracing_e2e_single_span
-
-      - store_artifacts:
-          path: logs_java_<< parameters.weblog-variant >>_dev.tar.gz
-
-  integrations-system-tests:
-    machine:
-      # https://support.circleci.com/hc/en-us/articles/360007324514-How-can-I-use-Docker-volume-mounting-on-CircleCI-
-      image: ubuntu-2004:current
-    resource_class: medium
-    steps:
-      - setup_system_tests
-
-      - run:
-          name: Copy jar file to system test binaries folder
-          command: |
-            ls -la ~/dd-trace-java/workspace/dd-java-agent/build/libs
-            cp ~/dd-trace-java/workspace/dd-java-agent/build/libs/*.jar system-tests/binaries/
-
-      - run:
-          name: Build
-          # Build the default framework, which is springboot
-          command: |
-            cd system-tests
-            ./build.sh java
-
-      - run:
-          name: Run APM Integrations tests
-          # Stop the job after 5m to avoid excessive overhead. Will need adjustment as more tests are added.
-          no_output_timeout: 5m
-          command: |
-            cd system-tests
-            DD_SITE=datadoghq.com DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY ./run.sh INTEGRATIONS
-
-      - store_test_results:
-          path: system-tests/logs_integrations
-
-      - store_artifacts:
-          path: system-tests/logs_integrations
-
-  parametric-tests:
-    machine:
-      # https://support.circleci.com/hc/en-us/articles/360007324514-How-can-I-use-Docker-volume-mounting-on-CircleCI-
-      image: ubuntu-2004:current
-    resource_class: large
-    steps:
-      - setup_system_tests
-
-      - run:
-          name: Copy jar files to system test binaries folder
-          command: |
-            ls -la ~/dd-trace-java/workspace/dd-trace-api/build/libs
-            ls -la ~/dd-trace-java/workspace/dd-java-agent/build/libs
-            cp ~/dd-trace-java/workspace/dd-trace-api/build/libs/*.jar system-tests/binaries/
-            cp ~/dd-trace-java/workspace/dd-java-agent/build/libs/*.jar system-tests/binaries/
-
-      - run:
-          name: Install requirements
-          command: |
-            cd system-tests
-            pyenv local system
-            python3.9 --version
-            python3.9 -m pip install wheel
-            python3.9 -m pip install -r requirements.txt
-            sudo ln -sf /usr/bin/python3.9 /usr/bin/python
-
-      - run:
-          name: Run
-          command: |
-            set -e
-            cd system-tests
-            export TEST_LIBRARY=java
-            export PYTEST_WORKER_COUNT=8
-            ./build.sh -i runner
-            ./run.sh PARAMETRIC --log-cli-level=DEBUG --durations=30 -vv
-
-      - store_test_results:
-          path: system-tests/logs_parametric
-
-      - run:
-          name: Collect artifacts
-          command: tar -cvzf logs_java_parametric_dev.tar.gz -C system-tests logs_parametric
-
-      - store_artifacts:
-          path: logs_java_parametric_dev.tar.gz
-
-
-build_test_jobs: &build_test_jobs
-  - build:
-      name: build_lib
-      gradleTarget: shadowJar
-      cacheType: lib
-      collectLibs: true
-  - build:
-      name: build_base
-      gradleTarget: :baseTest
-      cacheType: base
-  - build:
-      name: build_inst
-      gradleTarget: :instrumentationTest
-      cacheType: inst
-  - build:
-      name: build_latestdep
-      gradleTarget: :instrumentationLatestDepTest
-      cacheType: latestdep
-  - build:
-      name: build_smoke
-      gradleTarget: :smokeTest
-      cacheType: smoke
-  - build:
-      name: build_profiling
-      gradleTarget: :profilingTest
-      cacheType: profiling
-  - spotless
-
-  - fan_in:
-      requires:
-        - build_lib
-        - build_base
-        - build_inst
-        - build_smoke
-        - build_profiling
-        - spotless
-      name: ok_to_test
-      stage: ok_to_test
-
-  - check:
-      requires:
-        - ok_to_test
-      name: check_base
-      gradleTarget: ":baseCheck"
-      cacheType: base
-
-  - check:
-      requires:
-        - ok_to_test
-      name: check_inst
-      parallelism: 4
-      gradleTarget: ":instrumentationCheck"
-      cacheType: inst
-
-  - check:
-      requires:
-        - ok_to_test
-      name: check_smoke
-      gradleTarget: ":smokeCheck"
-      cacheType: smoke
-
-  - check:
-      requires:
-        - ok_to_test
-      name: check_profiling
-      gradleTarget: ":profilingCheck"
-      cacheType: profiling
-
-  - fan_in:
-      requires:
-        - check_base
-        - check_inst
-        - check_smoke
-        - check_profiling
-      name: check
-      stage: check
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: z_test_<< matrix.testJvm >>_base
-      triggeredBy: *core_modules
-      gradleTarget: ":baseTest"
-      gradleParameters: "-PskipFlakyTests -PskipInstTests -PskipSmokeTests -PskipProfilingTests"
-      stage: core
-      cacheType: base
-      parallelism: 4
-      maxWorkers: 4
-      matrix:
-        <<: *test_matrix
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: z_test_8_base
-      triggeredBy: *core_modules
-      gradleTarget: :baseTest jacocoTestReport jacocoTestCoverageVerification
-      gradleParameters: "-PskipFlakyTests -PskipInstTests -PskipSmokeTests -PskipProfilingTests"
-      stage: core
-      cacheType: base
-      parallelism: 4
-      maxWorkers: 4
-      testJvm: "8"
-
-  - xlarge_tests:
-      requires:
-        - ok_to_test
-      name: z_test_<< matrix.testJvm >>_inst
-      gradleTarget: ":instrumentationTest"
-      gradleParameters: "-PskipFlakyTests"
-      triggeredBy: *instrumentation_modules
-      stage: instrumentation
-      cacheType: inst
-      parallelism: 4
-      maxWorkers: 4
-      matrix:
-        <<: *test_matrix
-
-  - xlarge_tests:
-      requires:
-        - ok_to_test
-      name: z_test_8_inst
-      gradleTarget: ":instrumentationTest"
-      gradleParameters: "-PskipFlakyTests"
-      triggeredBy: *instrumentation_modules
-      stage: instrumentation
-      cacheType: inst
-      parallelism: 4
-      maxWorkers: 4
-      testJvm: "8"
-
-  - xlarge_tests:
-      requires:
-        - ok_to_test
-        - build_latestdep
-      name: test_8_inst_latest
-      gradleTarget: ":instrumentationLatestDepTest"
-      gradleParameters: "-PskipFlakyTests"
-      triggeredBy: *instrumentation_modules
-      stage: instrumentation
-      cacheType: latestdep
-      parallelism: 4
-      maxWorkers: 4
-      testJvm: "8"
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: z_test_8_flaky_base
-      gradleTarget: ":baseTest"
-      gradleParameters: "-PrunFlakyTests"
-      continueOnFailure: true
-      triggeredBy: *core_modules
-      stage: core
-      cacheType: base
-      parallelism: 4
-      maxWorkers: 4
-      testJvm: "8"
-
-  - xlarge_tests:
-      requires:
-        - ok_to_test
-      name: z_test_8_flaky_inst
-      gradleTarget: ":instrumentationTest"
-      gradleParameters: "-PrunFlakyTests"
-      continueOnFailure: true
-      triggeredBy: *instrumentation_modules
-      stage: instrumentation
-      cacheType: inst
-      parallelism: 2
-      maxWorkers: 4
-      testJvm: "8"
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: z_test_8_flaky_smoke
-      gradleTarget: ":smokeTest"
-      gradleParameters: "-PrunFlakyTests"
-      continueOnFailure: true
-      stage: smoke
-      cacheType: smoke
-      parallelism: 4
-      maxWorkers: 4
-      testJvm: "8"
-
-  - tests:
-      requires:
-        - ok_to_test
-      maxWorkers: 4
-      gradleTarget: ":profilingTest"
-      gradleParameters: "-PskipFlakyTests"
-      triggeredBy: *profiling_modules
-      stage: profiling
-      cacheType: profiling
-      name: test_<< matrix.testJvm >>_profiling
-      matrix:
-        <<: *profiling_test_matrix
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: test_<< matrix.testJvm >>_debugger
-      maxWorkers: 4
-      gradleTarget: ":debuggerTest"
-      gradleParameters: "-PskipFlakyTests"
-      triggeredBy: *debugger_modules
-      stage: debugger
-      cacheType: base
-      matrix:
-        <<: *profiling_test_matrix
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: z_test_<< matrix.testJvm >>_smoke
-      gradleTarget: "stageMainDist :smokeTest"
-      gradleParameters: "-PskipFlakyTests"
-      stage: smoke
-      cacheType: smoke
-      parallelism: 4
-      maxWorkers: 3
-      matrix:
-        <<: *test_matrix
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: test_semeru11_smoke
-      gradleTarget: "stageMainDist :smokeTest"
-      gradleParameters: "-PskipFlakyTests"
-      stage: smoke
-      cacheType: smoke
-      parallelism: 4
-      maxWorkers: 3
-      testJvm: "semeru11"
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: test_semeru17_smoke
-      gradleTarget: "stageMainDist :smokeTest"
-      gradleParameters: "-PskipFlakyTests"
-      stage: smoke
-      cacheType: smoke
-      parallelism: 4
-      maxWorkers: 3
-      testJvm: "semeru17"
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: test_graalvm17_smoke
-      gradleTarget: "stageMainDist :dd-smoke-test:spring-boot-3.0-native:test"
-      stage: smoke
-      cacheType: smoke
-      testJvm: "graalvm17"
-
-  - tests:
-      requires:
-        - ok_to_test
-      name: z_test_8_smoke
-      gradleTarget: "stageMainDist :smokeTest"
-      gradleParameters: "-PskipFlakyTests"
-      stage: smoke
-      cacheType: smoke
-      parallelism: 4
-      maxWorkers: 3
-      testJvm: "8"
-
-  - fan_in:
-      requires:
-        - z_test_<< matrix.testJvm >>_base
-        - z_test_<< matrix.testJvm >>_inst
-        - z_test_<< matrix.testJvm >>_smoke
-      name: test_<< matrix.testJvm >>
-      stage: tracing
-      matrix:
-        <<: *test_matrix
-
-  - fan_in:
-      requires:
-        - z_test_8_base
-        - z_test_8_inst
-        - z_test_8_smoke
-      name: test_8
-      stage: tracing
-      testJvm: "8"
-
-  - agent_integration_tests:
-      requires:
-        - ok_to_test
-      triggeredBy: *agent_integration_tests_modules
-      gradleTarget: traceAgentTest
-      cacheType: base
-      testJvm: "8"
-
-  - test_published_artifacts:
-      requires:
-        - ok_to_test
-
-  - muzzle:
-      requires:
-        - ok_to_test
-      filters:
-        branches:
-          ignore:
-            - master
-            - project/*
-            - release/*
-
-  - system-tests:
-      requires:
-        - ok_to_test
-      matrix:
-          <<: *system_test_matrix
-
-  - integrations-system-tests:
-      requires:
-        - ok_to_test
-
-  - parametric-tests:
-      requires:
-        - ok_to_test
-
-  - fan_in:
-      requires:
-        - test_published_artifacts
-        - test_8_profiling
-        - test_oracle8_profiling
-        - test_zulu8_profiling
-        - test_zulu11_profiling
-        - test_11_profiling
-        - test_17_profiling
-      name: profiling
-      stage: profiling
-
-  - fan_in:
-      requires:
-        - test_published_artifacts
-        - test_8_debugger
-        - test_oracle8_debugger
-        - test_zulu8_debugger
-        - test_zulu11_debugger
-        - test_11_debugger
-        - test_17_debugger
-      name: debugger
-      stage: debugger
-
-  # This job requires all the jobs needed for a successful build, so GitHub only needs to enforce this one,
-  # and it will be simpler to require different JVM versions for different branches and old releases
-  - fan_in:
-      requires:
-        - check
-        - test_published_artifacts
-        - agent_integration_tests
-        - test_8
-        - test_ibm8
-        - test_11
-        - test_semeru11_smoke
-        - test_17
-        - test_semeru17_smoke
-        - test_zulu8
-        - profiling
-        - debugger
-      name: required
-      stage: required
-
+            CIRCLE_IS_NIGHTLY="<< pipeline.parameters.nightly >>"
+            CIRCLE_IS_WEEKLY="<< pipeline.parameters.weekly >>"
+            .circleci/render_config.py
+      - continuation/continue:
+          configuration_path: .circleci/config.continue.yml
 workflows:
-  build_test:
-    jobs:
-      *build_test_jobs
-
-  nightly:
-    triggers:
-      - schedule:
-          # Run this job at 00:35 UTC every day
-          # The 30 minutes will allow weekly to finish before nightly is triggered on Mondays
-          cron: "35 0 * * *"
-          filters:
-            branches:
-              only:
-                - master
-    jobs:
-      *build_test_jobs
-
-  weekly:
-    triggers:
-      - schedule:
-          # Run this job at 00:05 UTC every Monday
-          cron: "5 0 * * 1"
-          filters:
-            branches:
-              only:
-                - master
+  setup:
     jobs:
-      # This will rebuild a main caches with a new timestamp from a clean slate
-      - build_clean_cache:
-          name: build_cache_lib
-          gradleTarget: shadowJar
-          cacheType: lib
-          collectLibs: false
-      - build_clean_cache:
-          name: build_cache_base
-          gradleTarget: :baseTest
-          cacheType: base
-      - build_clean_cache:
-          name: build_cache_inst
-          gradleTarget: :instrumentationTest
-          cacheType: inst
-      - build_clean_cache:
-          name: build_cache_latestdep
-          gradleTarget: :instrumentationLatestDepTest
-          cacheType: latestdep
-      - build_clean_cache:
-          name: build_cache_smoke
-          gradleTarget: :smokeTest
-          cacheType: smoke
-      - build_clean_cache:
-          name: build_cache_profiling
-          gradleTarget: :profilingTest
-          cacheType: profiling
+      - setup
diff --git a/.circleci/render_config.py b/.circleci/render_config.py
new file mode 100755
index 00000000000..51cd43d413d
--- /dev/null
+++ b/.circleci/render_config.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python3
+
+import os
+import os.path
+import time
+
+import jinja2
+import requests
+
+SCRIPT_DIR = os.path.dirname(__file__)
+
+TPL_FILENAME = "config.continue.yml.j2"
+OUT_FILENAME = "config.continue.yml"
+GENERATED_CONFIG_PATH = os.path.join(SCRIPT_DIR, OUT_FILENAME)
+
+# JDKs that will run on every pipeline.
+ALWAYS_ON_JDKS = {"8", "11", "17"}
+# And these will run only in master and release/ branches.
+MASTER_ONLY_JDKS = {
+    "ibm8",
+    "oracle8",
+    "semeru8",
+    "zulu8",
+    "semeru11",
+    "zulu11",
+    "semeru17",
+    "ubuntu17",
+}
+# Version to use for all the base Docker images, see
+# https://github.com/DataDog/dd-trace-java-docker-build/pkgs/container/dd-trace-java-docker-build
+DOCKER_IMAGE_VERSION="v23.09"
+
+# Get labels from pull requests to override some defaults for jobs to run.
+# `run-tests: all` will run all tests.
+# `run-tests: ibm8` will run the IBM 8 tests.
+# `run-tests: flaky` for flaky tests jobs.
+pr_url = os.environ.get("CIRCLE_PULL_REQUEST")
+if pr_url:
+    pr_num = int(pr_url.split("/")[-1])
+    headers = {}
+    gh_token = os.environ.get("GH_TOKEN")
+    if gh_token:
+        headers["Authorization"] = gh_token
+    else:
+        print("Missing GH_TOKEN, trying anonymously")
+    for _ in range(20):
+        try:
+            resp = requests.get(
+                f"https://api.github.com/repos/DataDog/dd-trace-java/pulls/{pr_num}",
+                timeout=1,
+                headers=headers,
+            )
+            resp.raise_for_status()
+        except Exception as e:
+            print(f"Request filed: {e}")
+            time.sleep(1)
+            continue
+        data = resp.json()
+        break
+
+    labels = data.get("labels", [])
+    labels = [l["name"] for l in labels]
+    labels = {
+        l.replace("run-tests: ", "") for l in labels if l.startswith("run-tests: ")
+    }
+else:
+    labels = set()
+
+
+branch = os.environ.get("CIRCLE_BRANCH", "")
+if branch == "master" or branch.startswith("release/v") or "all" in labels:
+    all_jdks = ALWAYS_ON_JDKS | MASTER_ONLY_JDKS
+else:
+    all_jdks = ALWAYS_ON_JDKS | (MASTER_ONLY_JDKS & labels)
+nocov_jdks = [j for j in all_jdks if j != "8"]
+# specific list for debugger project because J9-based JVM have issues with local vars
+# so need to test at least against one J9-based JVM
+all_debugger_jdks = all_jdks | {"semeru8"}
+
+# Is this a nightly or weekly build? These environment variables are set in
+# config.yml based on pipeline parameters.
+is_nightly = os.environ.get("CIRCLE_IS_NIGHTLY", "false") == "true"
+is_weekly = os.environ.get("CIRCLE_IS_WEEKLY", "false") == "true"
+is_regular = not is_nightly and not is_weekly
+
+vars = {
+    "is_nightly": is_nightly,
+    "is_weekly": is_weekly,
+    "is_regular": is_regular,
+    "all_jdks": all_jdks,
+    "all_debugger_jdks": all_debugger_jdks,
+    "nocov_jdks": nocov_jdks,
+    "flaky": branch == "master" or "flaky" in labels or "all" in labels,
+    "docker_image_prefix": "" if is_nightly else f"{DOCKER_IMAGE_VERSION}-",
+}
+
+print(f"Variables for this build: {vars}")
+
+loader = jinja2.FileSystemLoader(searchpath=SCRIPT_DIR)
+env = jinja2.Environment(loader=loader)
+tpl = env.get_template(TPL_FILENAME)
+out = tpl.render(**vars)
+
+with open(GENERATED_CONFIG_PATH, "w", encoding="utf-8") as f:
+    f.write(out)
diff --git a/.circleci/update_pinned_system_tests.sh b/.circleci/update_pinned_system_tests.sh
index 9263b234256..cb28661574c 100755
--- a/.circleci/update_pinned_system_tests.sh
+++ b/.circleci/update_pinned_system_tests.sh
@@ -8,7 +8,7 @@ if [[ -n $(git diff --stat) ]]; then
     exit 1
 fi
 
-current_commit="$(grep ^default_system_tests_commit: config.yml | sed -e 's~^.* ~~g')"
+current_commit="$(grep ^default_system_tests_commit: config.continue.yml.j2 | sed -e 's~^.* ~~g')"
 latest_commit="$(git ls-remote git@github.com:DataDog/system-tests.git refs/heads/main | cut -f 1)"
 
 echo "Current commit: $current_commit"
@@ -19,6 +19,6 @@ if [[ "$current_commit" = "$latest_commit" ]]; then
 fi
 
 echo "Updating config.yml"
-sed -i -e "s~${current_commit?}~${latest_commit?}~g" config.yml
-git diff config.yml | cat
-git commit -m "Update system-tests to $latest_commit" config.yml
+sed -i -e "s~${current_commit?}~${latest_commit?}~g" config.continue.yml.j2
+git diff config.continue.yml.j2 | cat
+git commit -m "Update system-tests to $latest_commit" config.continue.yml.j2
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index bb7ba140484..658580cf016 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,8 +1,10 @@
 # Automatically assign the team as a reviewer.
 # https://help.github.com/en/articles/about-code-owners
 
+# Default owners, overridden by file/directory specific owners below
 * @DataDog/apm-java
 
+# @DataDog/profiling-java
 dd-java-agent/agent-profiling/                                                             @DataDog/profiling-java
 dd-java-agent/agent-crashtracking/                                                         @DataDog/profiling-java
 dd-java-agent/instrumentation/exception-profiling/                                         @DataDog/profiling-java
@@ -11,8 +13,6 @@ dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentat
 dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/ @DataDog/profiling-java
 dd-smoke-tests/profiling-integration-tests/                                                @DataDog/profiling-java
 
-dd-java-agent/appsec/  @DataDog/appsec-java
-
 # @DataDog/ci-app-libraries-java
 dd-java-agent/agent-ci-visibility/         @DataDog/ci-app-libraries-java
 dd-java-agent/instrumentation/cucumber/    @DataDog/ci-app-libraries-java
@@ -32,9 +32,11 @@ dd-smoke-tests/maven/                      @DataDog/ci-app-libraries-java
 dd-java-agent/agent-debugger/ @DataDog/debugger-java
 dd-smoke-tests/debugger-integration-tests/ @DataDog/debugger-java
 
-# @DataDog/iast-java
-dd-java-agent/agent-iast/   @DataDog/iast-java
-dd-java-agent/instrumentation/iast-instrumenter @DataDog/iast-java
-**/iast/                    @DataDog/iast-java
-**/Iast*.java               @DataDog/iast-java
-**/Iast*.groovy             @DataDog/iast-java
+# @DataDog/asm-java (AppSec/IAST)
+dd-java-agent/agent-iast/              @DataDog/asm-java
+dd-java-agent/instrumentation/*iast*   @DataDog/asm-java
+dd-java-agent/instrumentation/*appsec* @DataDog/asm-java
+**/appsec/                             @DataDog/asm-java
+**/iast/                               @DataDog/asm-java
+**/Iast*.java                          @DataDog/asm-java
+**/Iast*.groovy                        @DataDog/asm-java
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 330b3a1c54e..a952e2a36dc 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -3,3 +3,14 @@
 # Motivation
 
 # Additional Notes
+
+Jira ticket: [PROJ-IDENT]
+
+<!--
+# Opening vs Drafting a PR:
+When opening a pull request, please open it as a draft to not auto assign reviewers before you feel the pull request is in a reviewable state.
+
+# Linking a JIRA ticket:
+Please link your JIRA ticket by adding its identifier between brackets (ex [PROJ-IDENT]) in the PR description, not the title.
+This requirement only applies to Datadog employees.
+-->
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
index b7a80bccc5c..69460820818 100644
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -76,7 +76,7 @@ _Action:_
 
 _Recovery:_ Check at the milestone for the related issues and update them manually.
 
-## Code Quality
+## Code Quality and Security
 
 ### codeql-analysis [🔗](codeql-analysis.yml)
 
@@ -84,12 +84,20 @@ _Trigger:_ When pushing commits to `master` or any pull request to `master`
 
 _Action:_ Run GitHub CodeQL action and upload result to GitHub security tab.
 
+### trivy-analysis [🔗](trivy-analysis.yml)
+
+_Trigger:_ When pushing commits to `master` or any pull request to `master`
+
+_Action:_ Run Trivy security scanner on built artifacts and upload result to GitHub security tab.
+
 ### gradle-wrapper-validation [🔗](gradle-wrapper-validation.yaml.disabled)
 
 **DISABLED** - GitHub provides a way to disable actions rather than changing their extensions.
 
 _Comment:_ To delete?
 
+## Lib Injection
+
 ### lib-injection [🔗](lib-injection.yaml)
 
 _Trigger:_ When pushing commits to `master`, release branches or any PR targetting `master`, and when creating tags
diff --git a/.github/workflows/draft-release-notes-on-tag.yaml b/.github/workflows/draft-release-notes-on-tag.yaml
index 69d753b6afa..1b2384a4723 100644
--- a/.github/workflows/draft-release-notes-on-tag.yaml
+++ b/.github/workflows/draft-release-notes-on-tag.yaml
@@ -117,17 +117,21 @@ jobs:
               }
               return line
             }
+            function cleanUpTitle(title) {
+              // Remove tags between brackets
+              return title.replace(/\[[^\]]+\]/g, '')
+            }
             function format(pullRequest) {
-              var line = `${decorate(pullRequest)}${pullRequest.title} (#${pullRequest.number}`
-              // Add author if community labeled
+              var line = `${decorate(pullRequest)}${cleanUpTitle(pullRequest.title)} (#${pullRequest.number} - @${pullRequest.user.login}`
+              // Add special thanks if community labeled
               if (pullRequest.labels.some(label => label.name == "tag: community")) {
-                line += ` - thanks @${pull.user.login} for the contribution!`
+                line += ` - thanks for the contribution!`
               }
               line += ')'
               return line;
             }
 
-            var changelog = '';
+            var changelog = ''
             if (prByComponents.size > 0) {
               changelog += '# Components\n\n';
               for (let pair of prByComponents) {
diff --git a/.github/workflows/lib-injection.yaml b/.github/workflows/lib-injection.yaml
index 01bc880f43f..079b5fc9627 100644
--- a/.github/workflows/lib-injection.yaml
+++ b/.github/workflows/lib-injection.yaml
@@ -33,7 +33,7 @@ jobs:
     - name: Set up Docker platforms
       id: buildx-platforms
       run:  |
-        BUILDX_PLATFORMS=`docker buildx imagetools inspect --raw busybox:latest | jq -r 'reduce (.manifests[] | [ .platform.os, .platform.architecture, .platform.variant ] | join("/") | sub("\\/$"; "")) as $item (""; . + "," + $item)' | sed 's/,//'`
+        BUILDX_PLATFORMS=`docker buildx imagetools inspect --raw alpine:3.18.3 | jq -r 'reduce (.manifests[] | [ .platform.os, .platform.architecture, .platform.variant ] | join("/") | sub("\\/$"; "")) as $item (""; . + "," + $item)' | sed 's/,//'`
         echo "$BUILDX_PLATFORMS"
         echo "platforms=$BUILDX_PLATFORMS" >> $GITHUB_OUTPUT
 
diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml
new file mode 100644
index 00000000000..f7bc4d80fb2
--- /dev/null
+++ b/.github/workflows/trivy-analysis.yml
@@ -0,0 +1,59 @@
+name: "Trivy Security Analysis"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
+
+      - name: Remove old artifacts
+        run: |
+          MVN_LOCAL_REPO=$(./mvnw help:evaluate -Dexpression=settings.localRepository -q -DforceStdout)
+          echo "MVN_LOCAL_REPO=${MVN_LOCAL_REPO}" >> "$GITHUB_ENV"
+          rm -rf "${MVN_LOCAL_REPO}/com/datadoghq"
+
+      - name: Build and publish artifacts locally
+        run: |
+          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G'" JAVA_HOME=$JAVA_HOME_8_X64 JAVA_8_HOME=$JAVA_HOME_8_X64 JAVA_11_HOME=$JAVA_HOME_11_X64 JAVA_17_HOME=$JAVA_HOME_17_X64 ./gradlew clean publishToMavenLocal --build-cache --parallel --stacktrace --no-daemon --max-workers=4
+
+      - name: Copy published artifacts
+        run: |
+          mkdir -p ./workspace/.trivy
+          cp -RP "${MVN_LOCAL_REPO}/com/datadoghq" ./workspace/.trivy/
+
+      - name: List copied artifacts
+        run: |
+          ls -laR "./workspace/.trivy"
+
+      - name: Run Trivy security scanner
+        uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # v0.11.2
+        with:
+          scan-type: rootfs
+          scan-ref: './workspace/.trivy/'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+          limit-severities-for-sarif: true
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # 2.15
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
diff --git a/.gitignore b/.gitignore
index 2e975650fca..fcedfdbdb4d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,6 +68,7 @@ replay_pid*
 ############
 _circle_ci_cache_*
 upstream.env
+/.circleci/config.continue.yml
 
 # Benchmarks #
 benchmark/reports
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9e9b60a0af8..3be67d8c675 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -57,10 +57,13 @@ build: &build
   script:
     - GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1900M -Xms512M' -Ddatadog.forkedMaxHeapSize=512M -Ddatadog.forkedMinHeapSize=128M" ./gradlew clean :dd-java-agent:shadowJar --build-cache --parallel --stacktrace --no-daemon --max-workers=8
     - echo UPSTREAM_TRACER_VERSION=$(java -jar workspace/dd-java-agent/build/libs/*.jar) >> upstream.env
+    - echo "BUILD_JOB_NAME=$CI_JOB_NAME" >> build.env
   artifacts:
     paths:
       - 'workspace/dd-java-agent/build/libs/*.jar'
       - 'upstream.env'
+    reports:
+      dotenv: build.env
 
 build_with_cache:
   <<: *build
@@ -75,7 +78,7 @@ build_with_cache:
 
 package:
   extends: .package
-  needs: [ build ]
+  when: on_success # this can't use 'needs: [build]', since build is not available in the scheduled pipeline
   script:
     - ../.gitlab/build_java_package.sh
 
@@ -95,7 +98,7 @@ deploy_to_reliability_env:
     project: DataDog/apm-reliability/datadog-reliability-env
     branch: $DOWNSTREAM_BRANCH
   variables:
-    UPSTREAM_PACKAGE_JOB: build
+    UPSTREAM_PACKAGE_JOB: $BUILD_JOB_NAME
     UPSTREAM_PROJECT_ID: $CI_PROJECT_ID
     UPSTREAM_PROJECT_NAME: $CI_PROJECT_NAME
     UPSTREAM_PIPELINE_ID: $CI_PIPELINE_ID
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 82ea9628ce6..7c903bdffab 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,6 +3,8 @@
 Pull requests for bug fixes are welcome, but before submitting new features or changes to current functionality [open an issue](https://github.com/DataDog/dd-trace-java/issues/new)
 and discuss your ideas or propose the changes you wish to make. After a resolution is reached a PR can be submitted for review.
 
+When opening a pull request, please open it as a [draft](https://github.blog/2019-02-14-introducing-draft-pull-requests/) to not auto assign reviewers before you feel the pull request is in a reviewable state.
+
 ## Requirements
 
 To build the full project:
@@ -198,8 +200,6 @@ Suggested plugins and settings:
   * With java use the following import layout (groovy should still use the default) to ensure consistency with google-java-format:
     ![import layout](https://user-images.githubusercontent.com/734411/43430811-28442636-94ae-11e8-86f1-f270ddcba023.png)
 * [Google Java Format](https://plugins.jetbrains.com/plugin/8527-google-java-format)
-* [Save Actions](https://plugins.jetbrains.com/plugin/7642-save-actions)
-  ![Recommended Settings](https://user-images.githubusercontent.com/35850765/124003079-838f4280-d9a4-11eb-9250-5c517631e362.png)
 
 ## Troubleshooting
 
diff --git a/benchmark/load/insecure-bank/benchmark.json b/benchmark/load/insecure-bank/benchmark.json
index 80a8a9b5639..422a0cda7d9 100644
--- a/benchmark/load/insecure-bank/benchmark.json
+++ b/benchmark/load/insecure-bank/benchmark.json
@@ -18,18 +18,6 @@
         "JAVA_OPTS": "-javaagent:${TRACER}"
       }
     },
-    "profiling": {
-      "env": {
-        "VARIANT": "profiling",
-        "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.profiling.enabled=true"
-      }
-    },
-    "appsec": {
-      "env": {
-        "VARIANT": "appsec",
-        "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.appsec.enabled=true"
-      }
-    },
     "iast": {
       "env": {
         "VARIANT": "iast",
@@ -47,6 +35,12 @@
         "VARIANT": "iast_INACTIVE",
         "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.iast.enabled=inactive"
       }
+    },
+    "iast_TELEMETRY_OFF": {
+      "env": {
+        "VARIANT": "iast_TELEMETRY_OFF",
+        "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.iast.enabled=true -Ddd.iast.telemetry.verbosity=OFF"
+      }
     }
   }
 }
diff --git a/benchmark/startup/insecure-bank/benchmark.json b/benchmark/startup/insecure-bank/benchmark.json
index b4f40c5c3ac..e3d325b5d06 100644
--- a/benchmark/startup/insecure-bank/benchmark.json
+++ b/benchmark/startup/insecure-bank/benchmark.json
@@ -12,23 +12,17 @@
         "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.benchmark.enabled=true -Ddd.benchmark.output.dir=${OUTPUT_DIR}/tracing"
       }
     },
-    "profiling": {
-      "env": {
-        "VARIANT": "profiling",
-        "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.benchmark.enabled=true -Ddd.benchmark.output.dir=${OUTPUT_DIR}/profiling -Ddd.profiling.enabled=true"
-      }
-    },
-    "appsec": {
-      "env": {
-        "VARIANT": "appsec",
-        "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.benchmark.enabled=true -Ddd.benchmark.output.dir=${OUTPUT_DIR}/appsec -Ddd.appsec.enabled=true"
-      }
-    },
     "iast": {
       "env": {
         "VARIANT": "iast",
         "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.benchmark.enabled=true -Ddd.benchmark.output.dir=${OUTPUT_DIR}/iast -Ddd.iast.enabled=true"
       }
+    },
+    "iast_TELEMETRY_OFF": {
+      "env": {
+        "VARIANT": "iast_TELEMETRY_OFF",
+        "JAVA_OPTS": "-javaagent:${TRACER} -Ddd.benchmark.enabled=true -Ddd.benchmark.output.dir=${OUTPUT_DIR}/iast_TELEMETRY_OFF -Ddd.iast.enabled=true -Ddd.iast.telemetry.verbosity=OFF"
+      }
     }
   }
 }
diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts
index 8fc22d7e9d5..f1178c340ab 100644
--- a/buildSrc/build.gradle.kts
+++ b/buildSrc/build.gradle.kts
@@ -31,17 +31,17 @@ dependencies {
   implementation(gradleApi())
   implementation(localGroovy())
 
-  implementation("net.bytebuddy", "byte-buddy-gradle-plugin", "1.14.5")
+  implementation("net.bytebuddy", "byte-buddy-gradle-plugin", "1.14.8")
 
   implementation("org.eclipse.aether", "aether-connector-basic", "1.1.0")
   implementation("org.eclipse.aether", "aether-transport-http", "1.1.0")
   implementation("org.apache.maven", "maven-aether-provider", "3.3.9")
 
   implementation("com.google.guava", "guava", "20.0")
-  implementation("org.ow2.asm", "asm", "9.5")
-  implementation("org.ow2.asm", "asm-tree", "9.5")
+  implementation("org.ow2.asm", "asm", "9.6")
+  implementation("org.ow2.asm", "asm-tree", "9.6")
 
-  testImplementation("org.spockframework", "spock-core", "2.0-groovy-3.0")
+  testImplementation("org.spockframework", "spock-core", "2.2-groovy-3.0")
   testImplementation("org.codehaus.groovy", "groovy-all", "3.0.17")
 }
 
diff --git a/buildSrc/call-site-instrumentation-plugin/src/main/java/datadog/trace/plugin/csi/impl/ext/IastExtension.java b/buildSrc/call-site-instrumentation-plugin/src/main/java/datadog/trace/plugin/csi/impl/ext/IastExtension.java
index 8d6d1175fca..582f4a535b3 100644
--- a/buildSrc/call-site-instrumentation-plugin/src/main/java/datadog/trace/plugin/csi/impl/ext/IastExtension.java
+++ b/buildSrc/call-site-instrumentation-plugin/src/main/java/datadog/trace/plugin/csi/impl/ext/IastExtension.java
@@ -16,8 +16,10 @@
 import com.github.javaparser.ast.expr.AnnotationExpr;
 import com.github.javaparser.ast.expr.AssignExpr;
 import com.github.javaparser.ast.expr.BooleanLiteralExpr;
+import com.github.javaparser.ast.expr.CastExpr;
 import com.github.javaparser.ast.expr.Expression;
 import com.github.javaparser.ast.expr.FieldAccessExpr;
+import com.github.javaparser.ast.expr.IntegerLiteralExpr;
 import com.github.javaparser.ast.expr.LambdaExpr;
 import com.github.javaparser.ast.expr.MemberValuePair;
 import com.github.javaparser.ast.expr.MethodCallExpr;
@@ -172,7 +174,7 @@ private void addTelemetryToAdvice(
       final TypeResolver resolver, final LambdaExpr adviceLambda, final AdviceMetadata metaData) {
     final BlockStmt lambdaBody = adviceLambda.getBody().asBlockStmt();
     final String metric = getMetricName(metaData);
-    final String tagValue = getMetricTagValue(resolver, metaData);
+    final Byte tagValue = getMetricTagValue(resolver, metaData);
     final String instrumentedMetric = "INSTRUMENTED_" + metric;
     final IfStmt instrumentedStatement =
         new IfStmt()
@@ -197,7 +199,7 @@ private static Expression isEnabledCondition(final String metric) {
   }
 
   private static MethodCallExpr addTelemetryCollectorMethod(
-      final String metric, final String tagValue) {
+      final String metric, final Byte tagValue) {
     final MethodCallExpr method =
         new MethodCallExpr()
             .setScope(new NameExpr(IAST_METRIC_COLLECTOR_CLASS))
@@ -205,14 +207,16 @@ private static MethodCallExpr addTelemetryCollectorMethod(
             .addArgument(
                 new FieldAccessExpr().setScope(new NameExpr(IAST_METRIC_CLASS)).setName(metric));
     if (tagValue != null) {
-      method.addArgument(new StringLiteralExpr(tagValue));
+      method.addArgument(
+          new CastExpr()
+              .setExpression(new IntegerLiteralExpr(Byte.toString(tagValue)))
+              .setType(byte.class));
     }
     method.addArgument(intLiteral(1));
     return method;
   }
 
-  private static BlockStmt addTelemetryCollectorByteCode(
-      final String metric, final String tagValue) {
+  private static BlockStmt addTelemetryCollectorByteCode(final String metric, final Byte tagValue) {
     final BlockStmt stmt = new BlockStmt();
     // this code generates the java source code needed to provide the bytecode for the statement
     // IastTelemetryCollector.add(${metric}, 1); or IastTelemetryCollector.add(${metric}, ${tag},
@@ -227,11 +231,7 @@ private static BlockStmt addTelemetryCollectorByteCode(
             .addArgument(new StringLiteralExpr(metric))
             .addArgument(new StringLiteralExpr("L" + IAST_METRIC_INTERNAL_NAME + ";")));
     if (tagValue != null) {
-      stmt.addStatement(
-          new MethodCallExpr()
-              .setScope(new NameExpr("handler"))
-              .setName("loadConstant")
-              .addArgument(new StringLiteralExpr(tagValue)));
+      stmt.addStatement(pushByteExpression(tagValue));
     }
     stmt.addStatement(
         new MethodCallExpr()
@@ -241,7 +241,7 @@ private static BlockStmt addTelemetryCollectorByteCode(
                 new FieldAccessExpr().setScope(new NameExpr(OPCODES_FQDN)).setName("ICONST_1")));
     final String descriptor =
         tagValue != null
-            ? "(L" + IAST_METRIC_INTERNAL_NAME + ";Ljava/lang/String;I)V"
+            ? "(L" + IAST_METRIC_INTERNAL_NAME + ";BI)V"
             : "(L" + IAST_METRIC_INTERNAL_NAME + ";I)V";
     stmt.addStatement(
         new MethodCallExpr()
@@ -261,26 +261,26 @@ private static String getMetricName(final AdviceMetadata metaData) {
     return kind.getName().getId().toUpperCase();
   }
 
-  private static String getMetricTagValue(
+  private static Byte getMetricTagValue(
       final TypeResolver resolver, final AdviceMetadata metadata) {
     if (metadata.getTag() == null) {
       return null;
     }
     final Expression tag = metadata.getTag();
-    if (tag.isStringLiteralExpr()) {
-      return tag.asStringLiteralExpr().getValue();
+    if (tag.isIntegerLiteralExpr()) {
+      return tag.asIntegerLiteralExpr().asNumber().byteValue();
     } else {
       return getFieldValue(resolver, tag.asFieldAccessExpr());
     }
   }
 
-  private static String getFieldValue(final TypeResolver resolver, final FieldAccessExpr tag) {
+  private static Byte getFieldValue(final TypeResolver resolver, final FieldAccessExpr tag) {
     final FieldAccessExpr fieldAccessExpr = tag.asFieldAccessExpr();
     final ResolvedFieldDeclaration value = fieldAccessExpr.resolve().asField();
     try {
       final Field field = getField(value);
       field.setAccessible(true);
-      return (String) field.get(field.getDeclaringClass());
+      return (Byte) field.get(field.getDeclaringClass());
     } catch (Exception e) {
       throw new RuntimeException(e);
     }
@@ -420,6 +420,31 @@ private static Expression getAnnotationExpression(final AnnotationExpr expr) {
     }
   }
 
+  public static Expression pushByteExpression(final byte value) {
+    final FieldAccessExpr opCodes = new FieldAccessExpr().setScope(new NameExpr(OPCODES_FQDN));
+    final MethodCallExpr result =
+        new MethodCallExpr().setScope(new NameExpr("handler")).setName("instruction");
+    switch (value) {
+      case -1:
+        result.addArgument(opCodes.setName("ICONST_M1"));
+        break;
+      case 0:
+      case 1:
+      case 2:
+      case 3:
+      case 4:
+      case 5:
+        result.addArgument(opCodes.setName("ICONST_" + value));
+        break;
+      default:
+        result
+            .addArgument(opCodes.setName("BIPUSH"))
+            .addArgument(new IntegerLiteralExpr(Integer.toString(value)));
+        break;
+    }
+    return result;
+  }
+
   private static class AdviceMetadata {
     private final AnnotationExpr kind;
     private final Expression tag;
diff --git a/buildSrc/call-site-instrumentation-plugin/src/test/groovy/datadog/trace/plugin/csi/impl/ext/IastExtensionTest.groovy b/buildSrc/call-site-instrumentation-plugin/src/test/groovy/datadog/trace/plugin/csi/impl/ext/IastExtensionTest.groovy
index ad53446e866..e9789179140 100644
--- a/buildSrc/call-site-instrumentation-plugin/src/test/groovy/datadog/trace/plugin/csi/impl/ext/IastExtensionTest.groovy
+++ b/buildSrc/call-site-instrumentation-plugin/src/test/groovy/datadog/trace/plugin/csi/impl/ext/IastExtensionTest.groovy
@@ -13,6 +13,7 @@ import datadog.trace.plugin.csi.impl.assertion.AdviceAssert
 import datadog.trace.plugin.csi.impl.assertion.AssertBuilder
 import datadog.trace.plugin.csi.impl.assertion.CallSiteAssert
 import datadog.trace.plugin.csi.impl.ext.tests.IastExtensionCallSite
+import datadog.trace.plugin.csi.impl.ext.tests.SourceTypes
 import groovy.transform.CompileDynamic
 import spock.lang.TempDir
 
@@ -85,18 +86,32 @@ class IastExtensionTest extends BaseCsiPluginTest {
       advices(0) {
         pointcut('javax/servlet/http/HttpServletRequest', 'getHeader', '(Ljava/lang/String;)Ljava/lang/String;')
         instrumentedMetric('IastMetric.INSTRUMENTED_SOURCE') {
-          metricStatements('IastMetricCollector.add(IastMetric.INSTRUMENTED_SOURCE, "http.request.header.name", 1);')
+          metricStatements('IastMetricCollector.add(IastMetric.INSTRUMENTED_SOURCE, (byte) 3, 1);')
         }
         executedMetric('IastMetric.EXECUTED_SOURCE') {
           metricStatements(
             'handler.field(net.bytebuddy.jar.asm.Opcodes.GETSTATIC, "datadog/trace/api/iast/telemetry/IastMetric", "EXECUTED_SOURCE", "Ldatadog/trace/api/iast/telemetry/IastMetric;");',
-            'handler.loadConstant("http.request.header.name");',
+            'handler.instruction(net.bytebuddy.jar.asm.Opcodes.ICONST_3);',
             'handler.instruction(net.bytebuddy.jar.asm.Opcodes.ICONST_1);',
-            'handler.method(net.bytebuddy.jar.asm.Opcodes.INVOKESTATIC, "datadog/trace/api/iast/telemetry/IastMetricCollector", "add", "(Ldatadog/trace/api/iast/telemetry/IastMetric;Ljava/lang/String;I)V", false);'
+            'handler.method(net.bytebuddy.jar.asm.Opcodes.INVOKESTATIC, "datadog/trace/api/iast/telemetry/IastMetricCollector", "add", "(Ldatadog/trace/api/iast/telemetry/IastMetric;BI)V", false);'
           )
         }
       }
       advices(1) {
+        pointcut('javax/servlet/http/HttpServletRequest', 'getInputStream', '()Ljavax/servlet/ServletInputStream;')
+        instrumentedMetric('IastMetric.INSTRUMENTED_SOURCE') {
+          metricStatements('IastMetricCollector.add(IastMetric.INSTRUMENTED_SOURCE, (byte) 127, 1);')
+        }
+        executedMetric('IastMetric.EXECUTED_SOURCE') {
+          metricStatements(
+            'handler.field(net.bytebuddy.jar.asm.Opcodes.GETSTATIC, "datadog/trace/api/iast/telemetry/IastMetric", "EXECUTED_SOURCE", "Ldatadog/trace/api/iast/telemetry/IastMetric;");',
+            'handler.instruction(net.bytebuddy.jar.asm.Opcodes.BIPUSH, 127);',
+            'handler.instruction(net.bytebuddy.jar.asm.Opcodes.ICONST_1);',
+            'handler.method(net.bytebuddy.jar.asm.Opcodes.INVOKESTATIC, "datadog/trace/api/iast/telemetry/IastMetricCollector", "add", "(Ldatadog/trace/api/iast/telemetry/IastMetric;BI)V", false);'
+          )
+        }
+      }
+      advices(2) {
         pointcut('javax/servlet/ServletRequest', 'getReader', '()Ljava/io/BufferedReader;')
         instrumentedMetric('IastMetric.INSTRUMENTED_PROPAGATION') {
           metricStatements('IastMetricCollector.add(IastMetric.INSTRUMENTED_PROPAGATION, 1);')
diff --git a/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/IastExtensionCallSite.java b/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/IastExtensionCallSite.java
index 6c3c133a7c1..34bc4a5be9d 100644
--- a/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/IastExtensionCallSite.java
+++ b/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/IastExtensionCallSite.java
@@ -2,13 +2,14 @@
 
 import datadog.trace.agent.tooling.csi.CallSite;
 import java.io.BufferedReader;
+import javax.servlet.ServletInputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 
 @CallSite(spi = IastCallSites.class)
 public class IastExtensionCallSite {
 
-  @Source(SourceTypes.REQUEST_HEADER_NAME_STRING)
+  @Source(SourceTypes.REQUEST_HEADER_NAME)
   @CallSite.After(
       "java.lang.String javax.servlet.http.HttpServletRequest.getHeader(java.lang.String)")
   public static String afterGetHeader(
@@ -18,6 +19,15 @@ public static String afterGetHeader(
     return headerValue;
   }
 
+  @Source(SourceTypes.REQUEST_BODY)
+  @CallSite.After(
+      "javax.servlet.ServletInputStream javax.servlet.http.HttpServletRequest.getInputStream()")
+  public static ServletInputStream afterGetInputStream(
+      @CallSite.This final HttpServletRequest self,
+      @CallSite.Return final ServletInputStream stream) {
+    return stream;
+  }
+
   @Propagation
   @CallSite.After("java.io.BufferedReader javax.servlet.ServletRequest.getReader()")
   public static BufferedReader afterGetReader(
diff --git a/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/Source.java b/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/Source.java
index 9a9a977ae30..5cb5503fd9a 100644
--- a/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/Source.java
+++ b/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/Source.java
@@ -9,5 +9,5 @@
 @Retention(RetentionPolicy.RUNTIME)
 public @interface Source {
   /** Source type */
-  String value();
+  byte value();
 }
diff --git a/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/SourceTypes.java b/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/SourceTypes.java
index 0f5fae0cb85..e5e2d68f773 100644
--- a/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/SourceTypes.java
+++ b/buildSrc/call-site-instrumentation-plugin/src/test/java/datadog/trace/plugin/csi/impl/ext/tests/SourceTypes.java
@@ -2,5 +2,7 @@
 
 public class SourceTypes {
 
-  public static final String REQUEST_HEADER_NAME_STRING = "http.request.header.name";
+  public static final byte REQUEST_HEADER_NAME = 3;
+
+  public static final byte REQUEST_BODY = 127;
 }
diff --git a/buildSrc/src/main/groovy/InstrumentPlugin.groovy b/buildSrc/src/main/groovy/InstrumentPlugin.groovy
index d19514e6543..34e41e48faa 100644
--- a/buildSrc/src/main/groovy/InstrumentPlugin.groovy
+++ b/buildSrc/src/main/groovy/InstrumentPlugin.groovy
@@ -116,7 +116,9 @@ abstract class InstrumentTask extends DefaultTask {
       parameters.buildStartedTime.set(invocationDetails.buildStartedTime)
       parameters.pluginClassPath.setFrom(project.configurations.findByName('instrumentPluginClasspath') ?: [])
       parameters.plugins.set(extension.plugins)
-      parameters.instrumentingClassPath.setFrom(project.configurations.compileClasspath.findAll {
+      def matcher = instrumentTask.name =~ /instrument([A-Z].+)Java/
+      def cfgName = matcher.matches() ? "${matcher.group(1).uncapitalize()}CompileClasspath" : 'compileClasspath'
+      parameters.instrumentingClassPath.setFrom(project.configurations[cfgName].findAll {
         it.name != 'previous-compilation-data.bin' && !it.name.endsWith(".gz")
       } + sourceDirectory + (extension.additionalClasspath[instrumentTask.name] ?: [])*.get())
       parameters.sourceDirectory.set(sourceDirectory.asFile)
diff --git a/buildSrc/src/main/groovy/MuzzlePlugin.groovy b/buildSrc/src/main/groovy/MuzzlePlugin.groovy
index ebbc701a669..51f92feaa4f 100644
--- a/buildSrc/src/main/groovy/MuzzlePlugin.groovy
+++ b/buildSrc/src/main/groovy/MuzzlePlugin.groovy
@@ -1,3 +1,5 @@
+import static MuzzleAction.createClassLoader
+
 import org.apache.maven.repository.internal.MavenRepositorySystemUtils
 import org.eclipse.aether.DefaultRepositorySystemSession
 import org.eclipse.aether.RepositorySystem
@@ -13,6 +15,7 @@ import org.eclipse.aether.resolution.VersionRangeResult
 import org.eclipse.aether.spi.connector.RepositoryConnectorFactory
 import org.eclipse.aether.spi.connector.transport.TransporterFactory
 import org.eclipse.aether.transport.http.HttpTransporterFactory
+import org.eclipse.aether.util.version.GenericVersionScheme
 import org.eclipse.aether.version.Version
 import org.gradle.api.Action
 import org.gradle.api.DefaultTask
@@ -34,6 +37,7 @@ import org.gradle.workers.WorkParameters
 import org.gradle.workers.WorkerExecutor
 
 import java.lang.reflect.Method
+import java.util.function.BiFunction
 import java.util.regex.Pattern
 
 /**
@@ -58,6 +62,26 @@ class MuzzlePlugin implements Plugin<Project> {
     MUZZLE_REPOS = Collections.unmodifiableList(Arrays.asList(central, restlet, typesafe))
   }
 
+  static class TestedArtifact {
+    final String instrumentation
+    final String group
+    final String module
+    final Version lowVersion
+    final Version highVersion
+
+    TestedArtifact(String instrumentation, String group, String module, Version lowVersion, Version highVersion) {
+      this.instrumentation = instrumentation
+      this.group = group
+      this.module = module
+      this.lowVersion = lowVersion
+      this.highVersion = highVersion
+    }
+
+    String key() {
+      "$instrumentation:$group:$module"
+    }
+  }
+
   @Override
   void apply(Project project) {
     def childProjects = project.rootProject.getChildProjects().get('dd-java-agent').getChildProjects()
@@ -105,13 +129,28 @@ class MuzzlePlugin implements Plugin<Project> {
       dependsOn compileMuzzle
     }
 
-    project.task(['type': MuzzleTask],'printReferences') {
+    project.task(['type': MuzzleTask], 'printReferences') {
       description = "Print references created by instrumentation muzzle"
       doLast {
         printMuzzle(project)
       }
       dependsOn compileMuzzle
     }
+    project.task(['type': MuzzleTask], 'generateMuzzleReport') {
+      description = "Print instrumentation version report"
+      doLast {
+        dumpVersionRanges(project)
+      }
+      dependsOn compileMuzzle
+    }
+
+
+    project.task(['type': MuzzleTask], 'mergeMuzzleReports') {
+      description = "Merge generated version reports in one unique csv"
+      doLast {
+        mergeReports(project)
+      }
+    }
 
     def hasRelevantTask = project.gradle.startParameter.taskNames.any { taskName ->
       // removing leading ':' if present
@@ -129,25 +168,24 @@ class MuzzlePlugin implements Plugin<Project> {
 
     final RepositorySystem system = newRepositorySystem()
     final RepositorySystemSession session = newRepositorySystemSession(system)
-
     project.afterEvaluate {
       // use runAfter to set up task finalizers in version order
       Task runAfter = project.tasks.muzzle
       // runLast is the last task to finish, so we can time the execution
       Task runLast = runAfter
-
       for (MuzzleDirective muzzleDirective : project.muzzle.directives) {
         project.getLogger().info("configured $muzzleDirective")
 
         if (muzzleDirective.coreJdk) {
           runLast = runAfter = addMuzzleTask(muzzleDirective, null, project, runAfter, muzzleBootstrap, muzzleTooling)
         } else {
-          runLast = muzzleDirectiveToArtifacts(muzzleDirective, system, session).inject(runLast) { last, Artifact singleVersion ->
+          def range = resolveVersionRange(muzzleDirective, system, session)
+          runLast = muzzleDirectiveToArtifacts(muzzleDirective, range).inject(runLast) { last, Artifact singleVersion ->
             runAfter = addMuzzleTask(muzzleDirective, singleVersion, project, runAfter, muzzleBootstrap, muzzleTooling)
           }
           if (muzzleDirective.assertInverse) {
             runLast = inverseOf(muzzleDirective, system, session).inject(runLast) { last1, MuzzleDirective inverseDirective ->
-              muzzleDirectiveToArtifacts(inverseDirective, system, session).inject(last1) { last2, Artifact singleVersion ->
+              muzzleDirectiveToArtifacts(inverseDirective, resolveVersionRange(inverseDirective, system, session)).inject(last1) { last2, Artifact singleVersion ->
                 runAfter = addMuzzleTask(inverseDirective, singleVersion, project, runAfter, muzzleBootstrap, muzzleTooling)
               }
             }
@@ -164,6 +202,85 @@ class MuzzlePlugin implements Plugin<Project> {
     }
   }
 
+  static Version highest(Version a, Version b) {
+    (a <=> b) > 0 ? a : b
+  }
+
+  static Version lowest(Version a, Version b) {
+    (a <=> b) < 0 ? a : b
+  }
+
+  static Map resolveInstrumentationAndJarVersions(MuzzleDirective directive, ClassLoader cl,
+                                                  Version lowVersion, Version highVersion) {
+
+    Method listMethod = cl.loadClass('datadog.trace.agent.tooling.muzzle.MuzzleVersionScanPlugin')
+      .getMethod('listInstrumentationNames', ClassLoader.class, String.class)
+
+    Set<String> names = (Set<String>) listMethod.invoke(null, cl, directive.getName())
+    Map<String, TestedArtifact> ret = [:]
+    for (String n : names) {
+      def testedArtifact = new TestedArtifact(n, directive.group, directive.module, lowVersion, highVersion)
+      def value = ret.get(testedArtifact.key(), testedArtifact)
+      ret.put(testedArtifact.key(), new TestedArtifact(value.instrumentation, value.group, value.module, lowest(lowVersion, value.lowVersion),
+        highest(highVersion, value.highVersion)))
+    }
+    return ret
+  }
+
+  private static void mergeReports(Project project) {
+    def dir = project.file("${project.rootProject.buildDir}/muzzle-deps-results")
+    Map<String, TestedArtifact> map = new TreeMap<>()
+    def versionScheme = new GenericVersionScheme()
+    dir.eachFileMatch(~/.*\.csv/) { file ->
+      file.eachLine  { line, nb ->
+        if (nb == 1) {
+          // skip header
+          return
+        }
+        def split = line.split(",")
+        def parsed = new TestedArtifact(split[0], split[1], split[2], versionScheme.parseVersion(split[3]),
+          versionScheme.parseVersion(split[4]))
+        map.merge(parsed.key(), parsed, [
+          apply: { TestedArtifact x, TestedArtifact y ->
+            return new TestedArtifact(x.instrumentation, x.group, x.module, lowest(x.lowVersion, y.lowVersion), highest(x.highVersion, y.highVersion))
+          }
+        ] as BiFunction)
+      }
+    }
+    dumpVersionsToCsv(project, map)
+  }
+
+
+  private static void dumpVersionRanges(Project project) {
+    final RepositorySystem system = newRepositorySystem()
+    final RepositorySystemSession session = newRepositorySystemSession(system)
+    def versions = new TreeMap<String, TestedArtifact>()
+    project.muzzle.directives.findAll { !((MuzzleDirective) it).isCoreJdk() }.each {
+      def range = resolveVersionRange(it as MuzzleDirective, system, session)
+      def cp = project.sourceSets.main.runtimeClasspath
+      def cl = new URLClassLoader(cp*.toURI()*.toURL() as URL[], null as ClassLoader)
+      def partials = resolveInstrumentationAndJarVersions(it as MuzzleDirective, cl,
+        range.lowestVersion, range.highestVersion)
+      partials.each {
+        versions.merge(it.getKey(), it.getValue(), [
+          apply: { TestedArtifact x, TestedArtifact y ->
+            return new TestedArtifact(x.instrumentation, x.group, x.module, lowest(x.lowVersion, y.lowVersion), highest(x.highVersion, y.highVersion))
+          }
+        ] as BiFunction)
+      }
+    }
+    dumpVersionsToCsv(project, versions)
+  }
+
+  private static void dumpVersionsToCsv(Project project, SortedMap<String, TestedArtifact> versions) {
+    def filename = project.path.replaceFirst('^:', '').replace(':', '_')
+    def dir = project.file("${project.rootProject.buildDir}/muzzle-deps-results")
+    dir.mkdirs()
+    def file = project.file("${dir}/${filename}.csv")
+    file.write "instrumentation,jarGroupId,jarArtifactId,lowestVersion,highestVersion\n"
+    file << versions.values().collect { [it.instrumentation, it.group, it.module, it.lowVersion.toString(), it.highVersion.toString()].join(",") }.join("\n")
+  }
+
   private static void generateResultsXML(Project project, long millis) {
     def seconds = (millis * 1.0) / 1000
     def name = "${project.path}:muzzle"
@@ -206,27 +323,28 @@ class MuzzlePlugin implements Plugin<Project> {
     return cp
   }
 
-  /**
-   * Convert a muzzle directive to a list of artifacts
-   */
-  private static Set<Artifact> muzzleDirectiveToArtifacts(MuzzleDirective muzzleDirective, RepositorySystem system, RepositorySystemSession session) {
-    final Artifact directiveArtifact = new DefaultArtifact(muzzleDirective.group, muzzleDirective.module, "jar", muzzleDirective.versions)
+  static VersionRangeResult resolveVersionRange(MuzzleDirective muzzleDirective, RepositorySystem system, RepositorySystemSession session) {
+    final Artifact directiveArtifact = new DefaultArtifact(muzzleDirective.group, muzzleDirective.module, muzzleDirective.classifier ?: "", "jar", muzzleDirective.versions)
 
     final VersionRangeRequest rangeRequest = new VersionRangeRequest()
     rangeRequest.setRepositories(muzzleDirective.getRepositories(MUZZLE_REPOS))
     rangeRequest.setArtifact(directiveArtifact)
-    final VersionRangeResult rangeResult = system.resolveVersionRange(session, rangeRequest)
-    final Set<Version> versions = filterAndLimitVersions(rangeResult, muzzleDirective.skipVersions)
+    return system.resolveVersionRange(session, rangeRequest)
+  }
+
+  /**
+   * Convert a muzzle directive to a list of artifacts
+   */
+  private static Set<Artifact> muzzleDirectiveToArtifacts(MuzzleDirective muzzleDirective, VersionRangeResult rangeResult) {
 
-//    println "Range Request: " + rangeRequest
-//    println "Range Result: " + rangeResult
+    final Set<Version> versions = filterAndLimitVersions(rangeResult, muzzleDirective.skipVersions)
 
     final Set<Artifact> allVersionArtifacts = versions.collect { version ->
       new DefaultArtifact(muzzleDirective.group, muzzleDirective.module, muzzleDirective.classifier ?: "", "jar", version.toString())
     }.toSet()
 
     if (allVersionArtifacts.isEmpty()) {
-      throw new GradleException("No muzzle artifacts found for $muzzleDirective.group:$muzzleDirective.module $muzzleDirective.versions")
+      throw new GradleException("No muzzle artifacts found for $muzzleDirective.group:$muzzleDirective.module $muzzleDirective.versions $muzzleDirective.classifier")
     }
 
     return allVersionArtifacts
@@ -317,7 +435,11 @@ class MuzzlePlugin implements Plugin<Project> {
     def config = instrumentationProject.configurations.create(taskName)
 
     if (!muzzleDirective.coreJdk) {
-      def dep = instrumentationProject.dependencies.create("$versionArtifact.groupId:$versionArtifact.artifactId:$versionArtifact.version") {
+      def depId = "$versionArtifact.groupId:$versionArtifact.artifactId:$versionArtifact.version"
+      if (versionArtifact.classifier) {
+        depId += ":" + versionArtifact.classifier
+      }
+      def dep = instrumentationProject.dependencies.create(depId) {
         transitive = true
       }
       // The following optional transitive dependencies are brought in by some legacy module such as log4j 1.x but are no
@@ -575,8 +697,7 @@ abstract class MuzzleTask extends DefaultTask {
   void assertMuzzle(Configuration muzzleBootstrap,
                     Configuration muzzleTooling,
                     Project instrumentationProject,
-                    MuzzleDirective muzzleDirective = null)
-  {
+                    MuzzleDirective muzzleDirective = null) {
     def workQueue
     String javaVersion = muzzleDirective?.javaVersion
     if (javaVersion) {
@@ -617,11 +738,17 @@ abstract class MuzzleTask extends DefaultTask {
 
 interface MuzzleWorkParameters extends WorkParameters {
   Property<Long> getBuildStartedTime()
+
   ConfigurableFileCollection getBootstrapClassPath()
+
   ConfigurableFileCollection getToolingClassPath()
+
   ConfigurableFileCollection getInstrumentationClassPath()
+
   ConfigurableFileCollection getTestApplicationClassPath()
+
   Property<Boolean> getAssertPass()
+
   Property<String> getMuzzleDirective()
 }
 
diff --git a/buildSrc/src/test/groovy/InstrumentPluginTest.groovy b/buildSrc/src/test/groovy/InstrumentPluginTest.groovy
index 668eefb77e6..a1a3ec6b1eb 100644
--- a/buildSrc/src/test/groovy/InstrumentPluginTest.groovy
+++ b/buildSrc/src/test/groovy/InstrumentPluginTest.groovy
@@ -23,7 +23,7 @@ class InstrumentPluginTest extends Specification {
     }
 
     dependencies {
-      compileOnly group: 'net.bytebuddy', name: 'byte-buddy', version: '1.14.5' // just to build TestPlugin
+      compileOnly group: 'net.bytebuddy', name: 'byte-buddy', version: '1.14.8' // just to build TestPlugin
     }
 
     apply plugin: 'instrument'
diff --git a/communication/build.gradle b/communication/build.gradle
index 5d3cf618546..9c4ce6011f3 100644
--- a/communication/build.gradle
+++ b/communication/build.gradle
@@ -9,6 +9,7 @@ dependencies {
   implementation project(':utils:socket-utils')
   implementation project(':utils:version-utils')
 
+  api deps.okio
   api deps.okhttp
   api group: 'com.squareup.moshi', name: 'moshi', version: versions.moshi
   implementation group: 'com.datadoghq', name: 'java-dogstatsd-client', version: "${versions.dogstatsd}"
diff --git a/communication/src/main/java/datadog/communication/ddagent/DDAgentFeaturesDiscovery.java b/communication/src/main/java/datadog/communication/ddagent/DDAgentFeaturesDiscovery.java
index 6c00b734bef..ae3c375875e 100644
--- a/communication/src/main/java/datadog/communication/ddagent/DDAgentFeaturesDiscovery.java
+++ b/communication/src/main/java/datadog/communication/ddagent/DDAgentFeaturesDiscovery.java
@@ -47,6 +47,8 @@ public class DDAgentFeaturesDiscovery implements DroppingPolicy {
 
   public static final String DEBUGGER_ENDPOINT = "debugger/v1/input";
 
+  public static final String TELEMETRY_PROXY_ENDPOINT = "telemetry/proxy/";
+
   private static final long MIN_FEATURE_DISCOVERY_INTERVAL_MILLIS = 60 * 1000;
 
   private final OkHttpClient client;
@@ -58,6 +60,7 @@ public class DDAgentFeaturesDiscovery implements DroppingPolicy {
   private final boolean metricsEnabled;
   private final String[] dataStreamsEndpoints = {V01_DATASTREAMS_ENDPOINT};
   private final String[] evpProxyEndpoints = {V2_EVP_PROXY_ENDPOINT};
+  private final String[] telemetryProxyEndpoints = {TELEMETRY_PROXY_ENDPOINT};
 
   private volatile String traceEndpoint;
   private volatile String metricsEndpoint;
@@ -69,6 +72,7 @@ public class DDAgentFeaturesDiscovery implements DroppingPolicy {
   private volatile String debuggerEndpoint;
   private volatile String evpProxyEndpoint;
   private volatile String version;
+  private volatile String telemetryProxyEndpoint;
 
   private long lastTimeDiscovered;
 
@@ -100,6 +104,7 @@ private void reset() {
     evpProxyEndpoint = null;
     version = null;
     lastTimeDiscovered = 0;
+    telemetryProxyEndpoint = null;
   }
 
   /** Run feature discovery, unconditionally. */
@@ -162,14 +167,15 @@ private void doDiscovery() {
 
     if (log.isDebugEnabled()) {
       log.debug(
-          "discovered traceEndpoint={}, metricsEndpoint={}, supportsDropping={}, supportsLongRunning={}, dataStreamsEndpoint={}, configEndpoint={}, evpProxyEndpoint={}",
+          "discovered traceEndpoint={}, metricsEndpoint={}, supportsDropping={}, supportsLongRunning={}, dataStreamsEndpoint={}, configEndpoint={}, evpProxyEndpoint={}, telemetryProxyEndpoint={}",
           traceEndpoint,
           metricsEndpoint,
           supportsDropping,
           supportsLongRunning,
           dataStreamsEndpoint,
+          configEndpoint,
           evpProxyEndpoint,
-          configEndpoint);
+          telemetryProxyEndpoint);
     }
   }
 
@@ -247,6 +253,13 @@ private boolean processInfoResponse(String response) {
         }
       }
 
+      for (String endpoint : telemetryProxyEndpoints) {
+        if (endpoints.contains(endpoint) || endpoints.contains("/" + endpoint)) {
+          telemetryProxyEndpoint = endpoint;
+          break;
+        }
+      }
+
       supportsLongRunning = Boolean.TRUE.equals(map.getOrDefault("long_running_spans", false));
 
       if (metricsEnabled) {
@@ -272,6 +285,10 @@ private boolean processInfoResponse(String response) {
   private static void discoverStatsDPort(final Map<String, Object> info) {
     try {
       Map<String, ?> config = (Map<String, ?>) info.get("config");
+      if (config == null) {
+        log.debug("config missing from trace agent /info response");
+        return;
+      }
       final Object statsdPortObj = config.get("statsd_port");
       if (statsdPortObj == null) {
         log.debug("statsd_port missing from trace agent /info response");
@@ -279,8 +296,8 @@ private static void discoverStatsDPort(final Map<String, Object> info) {
       }
       int statsdPort = ((Number) statsdPortObj).intValue();
       DDAgentStatsDClientManager.setDefaultStatsDPort(statsdPort);
-    } catch (Throwable ignore) {
-      log.debug("statsd_port missing from trace agent /info response", ignore);
+    } catch (Exception ex) {
+      log.debug("statsd_port missing from trace agent /info response", ex);
     }
   }
 
@@ -348,4 +365,8 @@ public String state() {
   public boolean active() {
     return supportsMetrics() && supportsDropping;
   }
+
+  public boolean supportsTelemetryProxy() {
+    return telemetryProxyEndpoint != null;
+  }
 }
diff --git a/communication/src/main/java/datadog/communication/monitor/DDAgentStatsDConnection.java b/communication/src/main/java/datadog/communication/monitor/DDAgentStatsDConnection.java
index 4a9e5113d1d..0455e2ec3ad 100644
--- a/communication/src/main/java/datadog/communication/monitor/DDAgentStatsDConnection.java
+++ b/communication/src/main/java/datadog/communication/monitor/DDAgentStatsDConnection.java
@@ -101,9 +101,7 @@ private void doConnect() {
         if (log.isDebugEnabled()) {
           log.debug("Creating StatsD client - {}", statsDAddress());
         }
-        // when using UDS, set "entity-id" to "none" to avoid having the DogStatsD
-        // server add origin tags (see https://github.com/DataDog/jmxfetch/pull/264)
-        String entityID = port == 0 ? "none" : null;
+
         NonBlockingStatsDClientBuilder clientBuilder =
             new NonBlockingStatsDClientBuilder()
                 .threadFactory(STATSD_CLIENT_THREAD_FACTORY)
@@ -112,12 +110,53 @@ private void doConnect() {
                 .hostname(host)
                 .port(port)
                 .namedPipe(namedPipe)
-                .errorHandler(this)
-                .entityID(entityID);
+                .errorHandler(this);
+
+        // when using UDS, set "entity-id" to "none" to avoid having the DogStatsD
+        // server add origin tags (see https://github.com/DataDog/jmxfetch/pull/264)
+        if (this.port == 0) {
+          clientBuilder.constantTags("dd.internal.card:none");
+          clientBuilder.entityID("none");
+        } else {
+          clientBuilder.entityID(null);
+        }
+
+        Integer queueSize = Config.get().getStatsDClientQueueSize();
+        if (queueSize != null) {
+          clientBuilder.queueSize(queueSize);
+        }
+
         // when using UDS set the datagram size to 8k (2k on Mac due to lower OS default)
+        // but also make sure packet size isn't larger than the configured socket buffer
         if (this.port == 0) {
-          clientBuilder.maxPacketSizeBytes(Platform.isMac() ? 2048 : 8192);
+          Integer timeout = Config.get().getStatsDClientSocketTimeout();
+          if (timeout != null) {
+            clientBuilder.timeout(timeout);
+          }
+          Integer bufferSize = Config.get().getStatsDClientSocketBuffer();
+          if (bufferSize != null) {
+            clientBuilder.socketBufferSize(bufferSize);
+          }
+          int packetSize = Platform.isMac() ? 2048 : 8192;
+          if (bufferSize != null && bufferSize < packetSize) {
+            packetSize = bufferSize;
+          }
+          clientBuilder.maxPacketSizeBytes(packetSize);
+        }
+
+        if (log.isDebugEnabled()) {
+          if (this.port == 0) {
+            log.debug(
+                "Configured StatsD client - queueSize={}, maxPacketSize={}, socketBuffer={}, socketTimeout={}",
+                clientBuilder.queueSize,
+                clientBuilder.maxPacketSizeBytes,
+                clientBuilder.socketBufferSize,
+                clientBuilder.timeout);
+          } else {
+            log.debug("Configured StatsD client - queueSize={}", clientBuilder.queueSize);
+          }
         }
+
         try {
           statsd = clientBuilder.build();
           if (log.isDebugEnabled()) {
diff --git a/communication/src/test/groovy/datadog/communication/ddagent/DDAgentFeaturesDiscoveryTest.groovy b/communication/src/test/groovy/datadog/communication/ddagent/DDAgentFeaturesDiscoveryTest.groovy
index af9b865d1b4..70b5519d355 100644
--- a/communication/src/test/groovy/datadog/communication/ddagent/DDAgentFeaturesDiscoveryTest.groovy
+++ b/communication/src/test/groovy/datadog/communication/ddagent/DDAgentFeaturesDiscoveryTest.groovy
@@ -15,7 +15,6 @@ import spock.lang.Shared
 
 import java.nio.file.Files
 import java.nio.file.Paths
-import java.util.concurrent.CountDownLatch
 
 import static datadog.communication.ddagent.DDAgentFeaturesDiscovery.V01_DATASTREAMS_ENDPOINT
 import static datadog.communication.ddagent.DDAgentFeaturesDiscovery.V6_METRICS_ENDPOINT
@@ -38,6 +37,7 @@ class DDAgentFeaturesDiscoveryTest extends DDSpecification {
   static final String INFO_WITHOUT_DATA_STREAMS_RESPONSE = loadJsonFile("agent-info-without-data-streams.json")
   static final String INFO_WITHOUT_DATA_STREAMS_STATE = Strings.sha256(INFO_WITHOUT_DATA_STREAMS_RESPONSE)
   static final String INFO_WITH_LONG_RUNNING_SPANS = loadJsonFile("agent-info-with-long-running-spans.json")
+  static final String INFO_WITH_TELEMETRY_PROXY_RESPONSE = loadJsonFile("agent-info-with-telemetry-proxy.json")
   static final String PROBE_STATE = "probestate"
 
   def "test parse /info response"() {
@@ -62,6 +62,7 @@ class DDAgentFeaturesDiscoveryTest extends DDSpecification {
     features.supportsEvpProxy()
     features.getVersion() == "0.99.0"
     !features.supportsLongRunning()
+    !features.supportsTelemetryProxy()
     0 * _
   }
 
@@ -89,6 +90,7 @@ class DDAgentFeaturesDiscoveryTest extends DDSpecification {
     features.supportsEvpProxy()
     features.getVersion() == "0.99.0"
     !features.supportsLongRunning()
+    !features.supportsTelemetryProxy()
     0 * _
   }
 
@@ -384,17 +386,22 @@ class DDAgentFeaturesDiscoveryTest extends DDSpecification {
     // but we don't permit dropping anyway
     !(features as DroppingPolicy).active()
     features.state() == INFO_WITHOUT_METRICS_STATE
+    !features.supportsTelemetryProxy()
     0 * _
   }
 
-  def countingNotFound(Request request, CountDownLatch latch) {
-    latch.countDown()
-    return notFound(request)
-  }
+  def "test parse /info response with telemetry proxy"() {
+    setup:
+    OkHttpClient client = Mock(OkHttpClient)
+    DDAgentFeaturesDiscovery features = new DDAgentFeaturesDiscovery(client, monitoring, agentUrl, true, true)
 
-  def countingInfoResponse(Request request, String json, CountDownLatch latch) {
-    latch.countDown()
-    return infoResponse(request, json)
+    when: "/info available"
+    features.discover()
+
+    then:
+    1 * client.newCall(_) >> { Request request -> infoResponse(request, INFO_WITH_TELEMETRY_PROXY_RESPONSE) }
+    features.supportsTelemetryProxy()
+    0 * _
   }
 
   def infoResponse(Request request, String json) {
diff --git a/communication/src/test/resources/agent-features/agent-info-with-telemetry-proxy.json b/communication/src/test/resources/agent-features/agent-info-with-telemetry-proxy.json
new file mode 100644
index 00000000000..55e493e8316
--- /dev/null
+++ b/communication/src/test/resources/agent-features/agent-info-with-telemetry-proxy.json
@@ -0,0 +1,62 @@
+{
+  "version": "0.99.0",
+  "git_commit": "fab047e10",
+  "build_date": "2020-12-04 15:57:06.74187 +0200 EET m=+0.029001792",
+  "endpoints": [
+    "/v0.3/traces",
+    "/v0.3/services",
+    "/v0.4/traces",
+    "/v0.4/services",
+    "/v0.5/traces",
+    "/v0.6/stats",
+    "/profiling/v1/input",
+    "/telemetry/proxy/",
+    "/v0.1/pipeline_stats",
+    "/evp_proxy/v1/",
+    "/evp_proxy/v2/",
+    "/debugger/v1/input",
+    "/v0.7/config"
+  ],
+  "feature_flags": [
+    "feature_flag"
+  ],
+  "config": {
+    "default_env": "prod",
+    "bucket_interval": 1000000000,
+    "extra_aggregators": [
+      "agg:val"
+    ],
+    "extra_sample_rate": 2.4,
+    "target_tps": 11,
+    "max_eps": 12,
+    "receiver_port": 8111,
+    "receiver_socket": "/sock/path",
+    "connection_limit": 12,
+    "receiver_timeout": 100,
+    "max_request_bytes": 123,
+    "statsd_port": 123,
+    "max_memory": 1000000,
+    "max_cpu": 12345,
+    "analyzed_rate_by_service_legacy": {
+      "X": 1.2
+    },
+    "analyzed_spans_by_service": {
+      "X": {
+        "Y": 2.4
+      }
+    },
+    "obfuscation": {
+      "elastic_search": true,
+      "mongo": true,
+      "sql_exec_plan": true,
+      "sql_exec_plan_normalize": true,
+      "http": {
+        "remove_query_string": true,
+        "remove_path_digits": true
+      },
+      "remove_stack_traces": false,
+      "redis": true,
+      "memcached": false
+    }
+  }
+}
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java
index b45f2f655d5..a2343f12474 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java
@@ -150,7 +150,13 @@ public static void start(final Instrumentation inst, final URL agentJarURL, Stri
     createAgentClassloader(agentJarURL);
 
     if (Platform.isNativeImageBuilder()) {
+      // these default services are not used during native-image builds
+      jmxFetchEnabled = false;
+      remoteConfigEnabled = false;
+      telemetryEnabled = false;
+      // apply trace instrumentation, but skip starting other services
       startDatadogAgent(inst);
+      StaticEventLogger.end("Agent.start");
       return;
     }
 
@@ -335,6 +341,9 @@ public static void shutdown(final boolean sync) {
     if (profilingEnabled) {
       shutdownProfilingAgent(sync);
     }
+    if (telemetryEnabled) {
+      stopTelemetry();
+    }
   }
 
   public static synchronized Class<?> installAgentCLI() throws Exception {
@@ -640,7 +649,7 @@ private static synchronized void registerDeadlockDetectionEvent() {
   private static synchronized void initializeJmxSystemAccessProvider(
       final ClassLoader classLoader) {
     if (log.isDebugEnabled()) {
-      log.debug("Initializing JMX system access provider for " + classLoader.toString());
+      log.debug("Initializing JMX system access provider for {}", classLoader);
     }
     try {
       final Class<?> tracerInstallerClass =
@@ -781,6 +790,21 @@ private static void startTelemetry(Instrumentation inst, Class<?> scoClass, Obje
     StaticEventLogger.end("Telemetry");
   }
 
+  private static void stopTelemetry() {
+    if (AGENT_CLASSLOADER == null) {
+      return;
+    }
+
+    try {
+      final Class<?> telemetrySystem =
+          AGENT_CLASSLOADER.loadClass("datadog.telemetry.TelemetrySystem");
+      final Method stopTelemetry = telemetrySystem.getMethod("stop");
+      stopTelemetry.invoke(null);
+    } catch (final Throwable ex) {
+      log.error("Error encountered while stopping telemetry", ex);
+    }
+  }
+
   private static void initializeCrashUploader() {
     if (Platform.isJ9()) {
       // TODO currently crash tracking is supported only for HotSpot based JVMs
@@ -846,6 +870,11 @@ private static ProfilingContextIntegration createProfilingContextIntegration() {
   private static void startProfilingAgent(final boolean isStartingFirst) {
     StaticEventLogger.begin("ProfilingAgent");
 
+    if (isAwsLambdaRuntime()) {
+      log.info("Profiling not supported in AWS Lambda runtimes");
+      return;
+    }
+
     final ClassLoader contextLoader = Thread.currentThread().getContextClassLoader();
     try {
       Thread.currentThread().setContextClassLoader(AGENT_CLASSLOADER);
@@ -911,6 +940,11 @@ public void withTracer(TracerAPI tracer) {
     StaticEventLogger.end("ProfilingAgent");
   }
 
+  private static boolean isAwsLambdaRuntime() {
+    String val = System.getenv("AWS_LAMBDA_FUNCTION_NAME");
+    return val != null && !val.isEmpty();
+  }
+
   private static ScopeListener createScopeListener(String className) throws Throwable {
     return (ScopeListener)
         AGENT_CLASSLOADER.loadClass(className).getDeclaredConstructor().newInstance();
@@ -1036,7 +1070,7 @@ private static boolean isFeatureEnabled(AgentFeature feature) {
     }
   }
 
-  /** @see datadog.trace.api.ProductActivationConfig#fromString(String) */
+  /** @see datadog.trace.api.ProductActivation#fromString(String) */
   private static boolean isAppSecFullyDisabled() {
     // must be kept in sync with logic from Config!
     final String featureEnabledSysprop = AgentFeature.APPSEC.systemProp;
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/AgentJarIndex.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/AgentJarIndex.java
index 0186fd56bdd..382f8708ac6 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/AgentJarIndex.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/AgentJarIndex.java
@@ -81,7 +81,7 @@ public static AgentJarIndex readIndex(JarFile agentJar) {
         return new AgentJarIndex(prefixes, ClassNameTrie.readFrom(in));
       }
     } catch (Throwable e) {
-      log.error("Unable to read " + AGENT_INDEX_FILE_NAME, e);
+      log.error("Unable to read {}", AGENT_INDEX_FILE_NAME, e);
       return null;
     }
   }
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/blocking/BlockingActionHelper.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/blocking/BlockingActionHelper.java
index de05e3d3619..fbcb1062eb1 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/blocking/BlockingActionHelper.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/blocking/BlockingActionHelper.java
@@ -211,27 +211,25 @@ public static void reset(Config config) {
   }
 
   private static byte[] readDefaultTemplate(String ext) {
-    InputStream is =
+    try (InputStream is =
         getSystemClassLoader()
-            .getResourceAsStream("datadog/trace/bootstrap/blocking/template." + ext);
-    if (is == null) {
-      log.error("Could not open default {} template", ext);
-      return new byte[] {'e', 'r', 'r', 'o', 'r'};
-    }
+            .getResourceAsStream("datadog/trace/bootstrap/blocking/template." + ext)) {
+      if (is == null) {
+        log.error("Could not open default {} template", ext);
+        return new byte[] {'e', 'r', 'r', 'o', 'r'};
+      }
 
-    ByteArrayOutputStream baos = new ByteArrayOutputStream();
-    byte[] b = new byte[8192];
-    int read;
-    try {
+      ByteArrayOutputStream baos = new ByteArrayOutputStream();
+      byte[] b = new byte[8192];
+      int read;
       while ((read = is.read(b)) != -1) {
         baos.write(b, 0, read);
       }
+      return baos.toByteArray();
     } catch (IOException e) {
       log.error("Could not read default {} template", ext, e);
       return new byte[] {'e', 'r', 'r', 'o', 'r'};
     }
-
-    return baos.toByteArray();
   }
 
   private static byte[] readIntoByteArray(File f) {
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AsyncResultDecorator.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AsyncResultDecorator.java
new file mode 100644
index 00000000000..7bebcf8fdae
--- /dev/null
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AsyncResultDecorator.java
@@ -0,0 +1,125 @@
+package datadog.trace.bootstrap.instrumentation.decorator;
+
+import static java.util.Collections.singletonList;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.ExecutionException;
+import java.util.function.BiConsumer;
+
+/**
+ * This decorator handles asynchronous result types, finishing spans only when the async calls are
+ * complete. The different async types are supported using {@link AsyncResultSupportExtension} that
+ * should be registered using {@link #registerExtension(AsyncResultSupportExtension)} first.
+ */
+public abstract class AsyncResultDecorator extends BaseDecorator {
+  private static final CopyOnWriteArrayList<AsyncResultSupportExtension> EXTENSIONS =
+      new CopyOnWriteArrayList<>(
+          singletonList(new JavaUtilConcurrentAsyncResultSupportExtension()));
+
+  private static final ClassValue<AsyncResultSupportExtension> EXTENSION_CLASS_VALUE =
+      new ClassValue<AsyncResultSupportExtension>() {
+        @Override
+        protected AsyncResultSupportExtension computeValue(Class<?> type) {
+          return EXTENSIONS.stream()
+              .filter(extension -> extension.supports(type))
+              .findFirst()
+              .orElse(null);
+        }
+      };
+
+  /**
+   * Registers an extension to add supported async types.
+   *
+   * @param extension The extension to register.
+   */
+  public static void registerExtension(AsyncResultSupportExtension extension) {
+    if (extension != null) {
+      EXTENSIONS.add(extension);
+    }
+  }
+
+  /**
+   * Look for asynchronous result and decorate it with span finisher. If the result is not
+   * asynchronous, it will be return unmodified and span will be finished.
+   *
+   * @param result The result to check type.
+   * @param span The related span to finish.
+   * @return An asynchronous result that will finish the span if the result is asynchronous, the
+   *     original result otherwise.
+   */
+  public Object wrapAsyncResultOrFinishSpan(final Object result, final AgentSpan span) {
+    AsyncResultSupportExtension extension;
+    if (result != null && (extension = EXTENSION_CLASS_VALUE.get(result.getClass())) != null) {
+      Object applied = extension.apply(result, span);
+      if (applied != null) {
+        return applied;
+      }
+    }
+    // If no extension was applied, immediately finish the span and return the original result
+    span.finish();
+    return result;
+  }
+
+  /**
+   * This interface defines asynchronous result type support extension. It allows deferring the
+   * support implementations where types are available on classpath.
+   */
+  public interface AsyncResultSupportExtension {
+    /**
+     * Checks whether this extensions support a result type.
+     *
+     * @param result The result type to check.
+     * @return {@code true} if the type is supported by this extension, {@code false} otherwise.
+     */
+    boolean supports(Class<?> result);
+
+    /**
+     * Applies the extension to the async result.
+     *
+     * @param result The async result.
+     * @param span The related span.
+     * @return The result object to return (can be the original result if not modified), or {@code
+     *     null} if the extension could not be applied.
+     */
+    Object apply(Object result, AgentSpan span);
+  }
+
+  private static class JavaUtilConcurrentAsyncResultSupportExtension
+      implements AsyncResultSupportExtension {
+    @Override
+    public boolean supports(Class<?> result) {
+      return CompletableFuture.class.isAssignableFrom(result)
+          || CompletionStage.class.isAssignableFrom(result);
+    }
+
+    @Override
+    public Object apply(Object result, AgentSpan span) {
+      if (result instanceof CompletableFuture<?>) {
+        CompletableFuture<?> completableFuture = (CompletableFuture<?>) result;
+        if (!completableFuture.isDone() && !completableFuture.isCancelled()) {
+          return completableFuture.whenComplete(finishSpan(span));
+        }
+      } else if (result instanceof CompletionStage<?>) {
+        CompletionStage<?> completionStage = (CompletionStage<?>) result;
+        return completionStage.whenComplete(finishSpan(span));
+      }
+      return null;
+    }
+
+    private <T> BiConsumer<T, Throwable> finishSpan(AgentSpan span) {
+      return (o, throwable) -> {
+        if (throwable != null) {
+          span.addThrowable(
+              throwable instanceof ExecutionException || throwable instanceof CompletionException
+                  ? throwable.getCause()
+                  : throwable);
+        }
+        span.finish();
+      };
+    }
+  }
+}
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecorator.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecorator.java
index 6f967d1cfb4..03a8af08e5d 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecorator.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecorator.java
@@ -21,7 +21,7 @@ protected static class NamingEntry {
     private NamingEntry(String rawDbType) {
       final NamingSchema.ForDatabase schema = SpanNaming.instance().namingSchema().database();
       this.dbType = schema.normalizedName(rawDbType);
-      this.service = schema.service(Config.get().getServiceName(), dbType);
+      this.service = schema.service(dbType);
       this.operation = UTF8BytesString.create(schema.operation(dbType));
     }
 
@@ -72,6 +72,10 @@ public AgentSpan onConnection(final AgentSpan span, final CONNECTION connection)
       CharSequence hostName = dbHostname(connection);
       if (hostName != null) {
         span.setTag(Tags.PEER_HOSTNAME, hostName);
+
+        if (Config.get().isDbClientSplitByHost()) {
+          span.setServiceName(hostName.toString());
+        }
       }
     }
     return span;
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecorator.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecorator.java
index 3991a262c25..334b2d665ba 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecorator.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecorator.java
@@ -143,7 +143,7 @@ public AgentSpan startSpan(
     }
     AgentPropagation.ContextVisitor<REQUEST_CARRIER> getter = getter();
     if (null != carrier && null != getter) {
-      tracer().setDataStreamCheckpoint(span, SERVER_PATHWAY_EDGE_TAGS, 0);
+      tracer().getDataStreamsMonitoring().setCheckpoint(span, SERVER_PATHWAY_EDGE_TAGS, 0, 0);
     }
     return span;
   }
@@ -250,7 +250,7 @@ public AgentSpan onRequest(
     }
 
     String inferredAddressStr = null;
-    if (clientIpResolverEnabled) {
+    if (clientIpResolverEnabled && context != null) {
       InetAddress inferredAddress = ClientIpAddressResolver.resolve(context, span);
       // the peer address should be used if:
       // 1. the headers yield nothing, regardless of whether it is public or not
@@ -269,6 +269,17 @@ public AgentSpan onRequest(
         inferredAddressStr = inferredAddress.getHostAddress();
         span.setTag(Tags.HTTP_CLIENT_IP, inferredAddressStr);
       }
+    } else if (clientIpResolverEnabled && span.getLocalRootSpan() != span) {
+      // in this case context == null
+      // If there is no context we can't do anything but use the peer addr.
+      // Additionally, context == null arises on subspans for which the resolution
+      // likely already happened on the top span, so we don't need to do the resolution
+      // again. Instead, copy from the top span, should it exist
+      AgentSpan localRootSpan = span.getLocalRootSpan();
+      Object clientIp = localRootSpan.getTag(Tags.HTTP_CLIENT_IP);
+      if (clientIp != null) {
+        span.setTag(Tags.HTTP_CLIENT_IP, clientIp);
+      }
     }
 
     if (peerIp != null) {
@@ -401,20 +412,22 @@ public AgentSpan onError(final AgentSpan span, final Throwable throwable) {
   }
 
   private Flow<Void> callIGCallbackRequestHeaders(AgentSpan span, REQUEST_CARRIER carrier) {
-    CallbackProvider cbp = tracer().getCallbackProvider(RequestContextSlot.APPSEC);
+    CallbackProvider cbp = tracer().getUniversalCallbackProvider();
     RequestContext requestContext = span.getRequestContext();
     AgentPropagation.ContextVisitor<REQUEST_CARRIER> getter = getter();
-    if (requestContext == null || cbp == null || getter == null) {
+    if (requestContext == null || getter == null) {
       return Flow.ResultFlow.empty();
     }
-    IGKeyClassifier igKeyClassifier =
-        IGKeyClassifier.create(
-            requestContext,
-            cbp.getCallback(EVENTS.requestHeader()),
-            cbp.getCallback(EVENTS.requestHeaderDone()));
-    if (null != igKeyClassifier) {
-      getter.forEachKey(carrier, igKeyClassifier);
-      return igKeyClassifier.done();
+    if (cbp != null) {
+      IGKeyClassifier igKeyClassifier =
+          IGKeyClassifier.create(
+              requestContext,
+              cbp.getCallback(EVENTS.requestHeader()),
+              cbp.getCallback(EVENTS.requestHeaderDone()));
+      if (null != igKeyClassifier) {
+        getter.forEachKey(carrier, igKeyClassifier);
+        return igKeyClassifier.done();
+      }
     }
     return Flow.ResultFlow.empty();
   }
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/java/concurrent/QueueTimerHelper.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/java/concurrent/QueueTimerHelper.java
index 2e56354b1e2..2123ba369d4 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/java/concurrent/QueueTimerHelper.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/java/concurrent/QueueTimerHelper.java
@@ -1,36 +1,26 @@
 package datadog.trace.bootstrap.instrumentation.java.concurrent;
 
-import static datadog.trace.bootstrap.TaskWrapper.getUnwrappedType;
-
 import datadog.trace.api.profiling.QueueTiming;
 import datadog.trace.api.profiling.Timer;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.jfr.InstrumentationBasedProfiling;
 
 public class QueueTimerHelper {
 
   public static <T> void startQueuingTimer(
       ContextStore<T, State> taskContextStore, Class<?> schedulerClass, T task) {
     State state = taskContextStore.get(task);
-    if (task != null && state != null) {
-      QueueTiming timing =
-          (QueueTiming) AgentTracer.get().getTimer().start(Timer.TimerType.QUEUEING);
-      timing.setTask(getUnwrappedType(task));
-      timing.setScheduler(schedulerClass);
-      state.setTiming(timing);
-    }
-  }
-
-  public static <T> Class<?> unwrap(T task) {
-    return getUnwrappedType(task);
+    startQueuingTimer(state, schedulerClass, task);
   }
 
-  public static <T> void startQueuingTimer(
-      State state, Class<?> schedulerClass, Class<?> unwrappedTaskClass, T task) {
-    if (task != null) {
+  public static void startQueuingTimer(State state, Class<?> schedulerClass, Object task) {
+    // avoid calling this before JFR is initialised because it will lead to reading the wrong
+    // TSC frequency before JFR has set it up properly
+    if (task != null && state != null && InstrumentationBasedProfiling.isJFRReady()) {
       QueueTiming timing =
           (QueueTiming) AgentTracer.get().getTimer().start(Timer.TimerType.QUEUEING);
-      timing.setTask(unwrappedTaskClass);
+      timing.setTask(task);
       timing.setScheduler(schedulerClass);
       state.setTiming(timing);
     }
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/jdbc/JDBCConnectionUrlParser.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/jdbc/JDBCConnectionUrlParser.java
index 9013329c6d6..e27b268fbcf 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/jdbc/JDBCConnectionUrlParser.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/jdbc/JDBCConnectionUrlParser.java
@@ -747,6 +747,21 @@ DBInfo.Builder doParse(final String jdbcUrl, final DBInfo.Builder builder) {
 
       builder.host(details.substring(0, hostEndLoc));
 
+      return builder;
+    }
+  },
+
+  REDSHIFT("redshift") {
+    @Override
+    DBInfo.Builder doParse(String jdbcUrl, DBInfo.Builder builder) {
+      builder = GENERIC_URL_LIKE.doParse(jdbcUrl, builder);
+      final DBInfo dbInfo = builder.build();
+      if (dbInfo.getHost() != null) {
+        int firstDotLoc = dbInfo.getHost().indexOf('.');
+        if (firstDotLoc > 0) {
+          builder.instance(dbInfo.getHost().substring(0, firstDotLoc));
+        }
+      }
       return builder;
     }
   };
@@ -868,7 +883,7 @@ private static void populateStandardProperties(
         try {
           builder.port(Integer.parseInt(portNumber));
         } catch (final NumberFormatException e) {
-          ExceptionLogger.LOGGER.debug("Error parsing portnumber property: " + portNumber, e);
+          ExceptionLogger.LOGGER.debug("Error parsing portnumber property: {}", portNumber, e);
         }
       }
 
@@ -877,7 +892,7 @@ private static void populateStandardProperties(
         try {
           builder.port(Integer.parseInt(portNumber));
         } catch (final NumberFormatException e) {
-          ExceptionLogger.LOGGER.debug("Error parsing portNumber property: " + portNumber, e);
+          ExceptionLogger.LOGGER.debug("Error parsing portNumber property: {}", portNumber, e);
         }
       }
     }
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/messaging/DatadogAttributeParser.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/messaging/DatadogAttributeParser.java
new file mode 100644
index 00000000000..37c6b6e868b
--- /dev/null
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/messaging/DatadogAttributeParser.java
@@ -0,0 +1,66 @@
+package datadog.trace.bootstrap.instrumentation.messaging;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import datadog.trace.api.Config;
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import java.nio.ByteBuffer;
+import java.util.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** Parses trace context from an embedded '_datadog' message attribute. */
+public final class DatadogAttributeParser {
+  private static final Logger log = LoggerFactory.getLogger(DatadogAttributeParser.class);
+
+  private static final Base64.Decoder BASE_64 = Base64.getDecoder();
+
+  /** Parses trace context properties from the given JSON and passes them to the classifier. */
+  public static void forEachProperty(AgentPropagation.KeyClassifier classifier, String json) {
+    if (null == json) {
+      return;
+    }
+    try {
+      if (acceptJsonProperty(classifier, json, "x-datadog-trace-id")) {
+        acceptJsonProperty(classifier, json, "x-datadog-parent-id");
+        acceptJsonProperty(classifier, json, "x-datadog-sampling-priority");
+      }
+      if (Config.get().isDataStreamsEnabled()) {
+        acceptJsonProperty(classifier, json, "dd-pathway-ctx-base64");
+      }
+    } catch (Exception e) {
+      log.debug("Problem extracting _datadog context", e);
+    }
+  }
+
+  /** Parses trace context properties from the given JSON and passes them to the classifier. */
+  public static void forEachProperty(AgentPropagation.KeyClassifier classifier, ByteBuffer json) {
+    if (null == json) {
+      return;
+    }
+    try {
+      forEachProperty(classifier, UTF_8.decode(BASE_64.decode(json)).toString());
+    } catch (Exception e) {
+      log.debug("Problem decoding _datadog context", e);
+    }
+  }
+
+  // Simple parser that assumes values are JSON strings that don't contain escaped quotes
+  private static boolean acceptJsonProperty(
+      AgentPropagation.KeyClassifier classifier, String json, String key) {
+    int keyStart = json.indexOf(key);
+    if (keyStart > 0) {
+      int separator = json.indexOf(':', keyStart + key.length());
+      if (separator > 0) {
+        int valueStart = json.indexOf('"', separator + 1);
+        if (valueStart > 0) {
+          int valueEnd = json.indexOf('"', valueStart + 1);
+          if (valueEnd > 0) {
+            return classifier.accept(key, json.substring(valueStart + 1, valueEnd));
+          }
+        }
+      }
+    }
+    return false;
+  }
+}
diff --git a/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/WindowSampler.java b/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/WindowSampler.java
index f48afc17856..f6489a29c2f 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/WindowSampler.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/WindowSampler.java
@@ -13,10 +13,14 @@ public class WindowSampler<E extends Event> {
 
   protected WindowSampler(
       Duration windowDuration, int samplesPerWindow, int lookback, Class<E> eventType) {
-    sampler = new AdaptiveSampler(windowDuration, samplesPerWindow, lookback, 16);
+    sampler = new AdaptiveSampler(windowDuration, samplesPerWindow, lookback, 16, false);
     sampleType = EventType.getEventType(eventType);
   }
 
+  public void start() {
+    sampler.start();
+  }
+
   public boolean sample() {
     return sampleType.isEnabled() && sampler.sample();
   }
diff --git a/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionProfiling.java b/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionProfiling.java
index 0cabe247278..d147017aedd 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionProfiling.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionProfiling.java
@@ -42,13 +42,17 @@ private ExceptionProfiling(final Config config) {
     this.recordExceptionMessage = recordExceptionMessage;
   }
 
-  public ExceptionSampleEvent process(final Throwable t, final int stackDepth) {
+  public void start() {
+    sampler.start();
+  }
+
+  public ExceptionSampleEvent process(final Throwable t) {
     // always record the exception in histogram
     final boolean firstHit = histogram.record(t);
 
     final boolean sampled = sampler.sample();
     if (firstHit || sampled) {
-      return new ExceptionSampleEvent(t, stackDepth, sampled, firstHit);
+      return new ExceptionSampleEvent(t, sampled, firstHit);
     }
     return null;
   }
diff --git a/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionSampleEvent.java b/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionSampleEvent.java
index 57de3176207..7dfbeaedb01 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionSampleEvent.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java11/datadog/trace/bootstrap/instrumentation/jfr/exceptions/ExceptionSampleEvent.java
@@ -18,10 +18,6 @@ public class ExceptionSampleEvent extends Event implements ContextualEvent {
   @Label("Exception message")
   private final String message;
 
-  /** JFR may truncate the stack trace - so store original length as well. */
-  @Label("Exception stackdepth")
-  private final int stackDepth;
-
   @Label("Sampled")
   private final boolean sampled;
 
@@ -34,8 +30,7 @@ public class ExceptionSampleEvent extends Event implements ContextualEvent {
   @Label("Span Id")
   private long spanId;
 
-  public ExceptionSampleEvent(
-      Throwable e, final int stackDepth, boolean sampled, boolean firstOccurrence) {
+  public ExceptionSampleEvent(Throwable e, boolean sampled, boolean firstOccurrence) {
     /*
      * TODO: we should have some tests for this class.
      * Unfortunately at the moment this is not easily possible because we cannot build tests with groovy that
@@ -44,7 +39,6 @@ public ExceptionSampleEvent(
      */
     this.type = e.getClass().getName();
     this.message = getMessage(e);
-    this.stackDepth = stackDepth;
     this.sampled = sampled;
     this.firstOccurrence = firstOccurrence;
     captureContext();
diff --git a/dd-java-agent/agent-bootstrap/src/main/resources/META-INF/native-image/com.datadoghq/dd-java-agent/reflect-config.json b/dd-java-agent/agent-bootstrap/src/main/resources/META-INF/native-image/com.datadoghq/dd-java-agent/reflect-config.json
index dc208ba30b5..bf4992ce635 100644
--- a/dd-java-agent/agent-bootstrap/src/main/resources/META-INF/native-image/com.datadoghq/dd-java-agent/reflect-config.json
+++ b/dd-java-agent/agent-bootstrap/src/main/resources/META-INF/native-image/com.datadoghq/dd-java-agent/reflect-config.json
@@ -29,6 +29,12 @@
       {"name": "valueOf", "parameterTypes": ["java.lang.String"]}
     ]
   },
+  {
+    "name" : "java.util.concurrent.ConcurrentHashMap",
+    "methods": [
+      {"name": "<init>", "parameterTypes": []}
+    ]
+  },
   {
     "name" : "datadog.trace.agent.common.sampling.SpanSamplingRules$RuleAdapter",
     "methods": [
@@ -83,5 +89,17 @@
       {"name": "consumerIndex", "allowUnsafeAccess": true},
       {"name": "blocked", "allowUnsafeAccess": true}
     ]
+  },
+  {
+    "name" : "org.jctools.queues.SpscArrayQueueProducerIndexFields",
+    "fields": [
+      {"name": "producerIndex", "allowUnsafeAccess": true}
+    ]
+  },
+  {
+    "name" : "org.jctools.queues.SpscArrayQueueConsumerIndexField",
+    "fields": [
+      {"name": "consumerIndex", "allowUnsafeAccess": true}
+    ]
   }
 ]
diff --git a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecoratorTest.groovy b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecoratorTest.groovy
index de3d8f0291d..0269f51d5a8 100644
--- a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecoratorTest.groovy
+++ b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/DatabaseClientDecoratorTest.groovy
@@ -4,6 +4,7 @@ import datadog.trace.api.DDTags
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.bootstrap.instrumentation.api.Tags
 
+import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_HOST
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_INSTANCE
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX
 
@@ -35,8 +36,9 @@ class DatabaseClientDecoratorTest extends ClientDecoratorTest {
 
   def "test onConnection"() {
     setup:
-    injectSysConfig(DB_CLIENT_HOST_SPLIT_BY_INSTANCE, "$renameService")
-    injectSysConfig(DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX, "$typeSuffix")
+    injectSysConfig(DB_CLIENT_HOST_SPLIT_BY_INSTANCE, "$renameByInstance")
+    injectSysConfig(DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX, "$instanceTypeSuffix")
+    injectSysConfig(DB_CLIENT_HOST_SPLIT_BY_HOST, "$renameByHost")
     def decorator = newDecorator()
 
     when:
@@ -49,24 +51,34 @@ class DatabaseClientDecoratorTest extends ClientDecoratorTest {
       if (session.hostname != null) {
         1 * span.setTag(Tags.PEER_HOSTNAME, session.hostname)
       }
-      if (typeSuffix && renameService && session.instance) {
+      if (instanceTypeSuffix && renameByInstance && session.instance) {
         1 * span.setServiceName(session.instance + "-" + decorator.dbType())
-      } else if (renameService && session.instance) {
+      } else if (renameByInstance && session.instance) {
         1 * span.setServiceName(session.instance)
+      } else if (renameByHost) {
+        1 * span.setServiceName(session.hostname)
       }
     }
     0 * _
 
     where:
-    renameService | typeSuffix | session
-    false         | false      | null
-    true          | false      | [user: "test-user", hostname: "test-hostname"]
-    false         | false      | [instance: "test-instance", hostname: "test-hostname"]
-    true          | false      | [user: "test-user", instance: "test-instance"]
-    false         | true       | null
-    true          | true       | [user: "test-user", hostname: "test-hostname"]
-    false         | true       | [instance: "test-instance", hostname: "test-hostname"]
-    true          | true       | [user: "test-user", instance: "test-instance"]
+    renameByInstance | instanceTypeSuffix | renameByHost  | session
+    false            | false              | false         | null
+    true             | false              | false         | [user: "test-user", hostname: "test-hostname"]
+    false            | false              | false         | [instance: "test-instance", hostname: "test-hostname"]
+    true             | false              | false         | [user: "test-user", instance: "test-instance"]
+    false            | true               | false         | null
+    true             | true               | false         | [user: "test-user", hostname: "test-hostname"]
+    false            | true               | false         | [instance: "test-instance", hostname: "test-hostname"]
+    true             | true               | false         | [user: "test-user", instance: "test-instance"]
+    false            | false              | true          | null
+    true             | false              | true          | [user: "test-user", hostname: "test-hostname"]
+    false            | false              | true          | [instance: "test-instance", hostname: "test-hostname"]
+    true             | false              | true          | [user: "test-user", instance: "test-instance"]
+    false            | true               | true          | null
+    true             | true               | true          | [user: "test-user", hostname: "test-hostname"]
+    false            | true               | true          | [instance: "test-instance", hostname: "test-hostname"]
+    true             | true               | true          | [user: "test-user", instance: "test-instance"]
   }
 
   def "test onStatement"() {
diff --git a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecoratorTest.groovy b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecoratorTest.groovy
index 5bb4828a985..fcbba105a5a 100644
--- a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecoratorTest.groovy
+++ b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecoratorTest.groovy
@@ -18,10 +18,12 @@ import datadog.trace.bootstrap.instrumentation.api.ResourceNamePriorities
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter
 import datadog.trace.bootstrap.instrumentation.api.URIDefaultDataAdapter
+import datadog.trace.core.datastreams.DataStreamsMonitoring
 
 import java.util.function.Function
 import java.util.function.Supplier
 
+import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_DECODED_RESOURCE_PRESERVE_SPACES
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_RAW_QUERY_STRING
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_RAW_RESOURCE
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_TAG_QUERY_STRING
@@ -62,6 +64,7 @@ class HttpServerDecoratorTest extends ServerDecoratorTest {
     } else {
       1 * this.span.getRequestContext()
     }
+    _ * this.span.getLocalRootSpan() >> this.span
     0 * _
 
     where:
@@ -101,6 +104,7 @@ class HttpServerDecoratorTest extends ServerDecoratorTest {
       1 * this.span.setResourceName({ it as String == expectedPath })
     }
     1 * this.span.setTag(Tags.HTTP_METHOD, null)
+    _ * this.span.getLocalRootSpan() >> this.span
     0 * _
 
     where:
@@ -140,18 +144,34 @@ class HttpServerDecoratorTest extends ServerDecoratorTest {
     2 * this.span.getRequestContext()
     1 * this.span.setResourceName({ it as String == expectedResource }, ResourceNamePriorities.HTTP_PATH_NORMALIZER)
     1 * this.span.setTag(Tags.HTTP_METHOD, null)
+    _ * this.span.getLocalRootSpan() >> this.span
     0 * _
 
     where:
     rawQuery | rawResource | url                             | expectedUrl           | expectedQuery | expectedResource
-    false    | false       | "http://host/p%20ath?query%3F?" | "http://host/p ath"   | "query??"     | "/path"
+    false    | false       | "http://host/p%20ath?query%3F?" | "http://host/p ath"   | "query??"     | "/p ath"
     false    | true        | "http://host/p%20ath?query%3F?" | "http://host/p%20ath" | "query??"     | "/p%20ath"
-    true     | false       | "http://host/p%20ath?query%3F?" | "http://host/p ath"   | "query%3F?"   | "/path"
+    true     | false       | "http://host/p%20ath?query%3F?" | "http://host/p ath"   | "query%3F?"   | "/p ath"
     true     | true        | "http://host/p%20ath?query%3F?" | "http://host/p%20ath" | "query%3F?"   | "/p%20ath"
 
     req = [url: url == null ? null : new URI(url)]
   }
 
+  void 'url handling without space preservation'() {
+    setup:
+    injectSysConfig(HTTP_SERVER_RAW_RESOURCE, 'false')
+    injectSysConfig(HTTP_SERVER_DECODED_RESOURCE_PRESERVE_SPACES, 'false')
+    def decorator = newDecorator()
+
+    when:
+    decorator.onRequest(this.span, null, [url: new URI('http://host/p%20ath')], null)
+
+    then:
+    1 * this.span.setResourceName({ it as String == '/path' }, ResourceNamePriorities.HTTP_PATH_NORMALIZER)
+    _ * this.span.getLocalRootSpan() >> this.span
+    _ * _
+  }
+
   def "test onConnection"() {
     setup:
     def ctx = Mock(AgentSpan.Context.Extracted)
@@ -268,6 +288,7 @@ class HttpServerDecoratorTest extends ServerDecoratorTest {
     when:
     decorator.onRequest(this.span, [peerIp: '4.4.4.4'], null, ctx)
 
+    _ * this.span.getLocalRootSpan() >> this.span
     then:
     2 * ctx.getXForwardedFor() >> '2.3.4.5'
     1 * this.span.setTag(Tags.HTTP_CLIENT_IP, '2.3.4.5')
@@ -418,10 +439,13 @@ class HttpServerDecoratorTest extends ServerDecoratorTest {
     def mSpan = Mock(AgentSpan) {
       getRequestContext() >> reqCtxt
     }
+
     def mTracer = Mock(TracerAPI) {
       startSpan(_, _, _) >> mSpan
       getCallbackProvider(RequestContextSlot.APPSEC) >> cbpAppSec
       getCallbackProvider(RequestContextSlot.IAST) >> CallbackProvider.CallbackProviderNoop.INSTANCE
+      getUniversalCallbackProvider() >> cbpAppSec // no iast callbacks, so this is equivalent
+      getDataStreamsMonitoring() >> Mock(DataStreamsMonitoring)
     }
     def decorator = newDecorator(mTracer)
 
diff --git a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentInstaller.java b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentInstaller.java
index 9d5b176949c..fe4673541e3 100644
--- a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentInstaller.java
+++ b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentInstaller.java
@@ -3,11 +3,11 @@
 import static datadog.trace.agent.tooling.bytebuddy.matcher.GlobalIgnoresMatcher.globalIgnoresMatcher;
 import static net.bytebuddy.matcher.ElementMatchers.isDefaultFinalizer;
 
-import datadog.trace.agent.tooling.bytebuddy.DDCachingPoolStrategy;
-import datadog.trace.agent.tooling.bytebuddy.DDOutlinePoolStrategy;
 import datadog.trace.agent.tooling.bytebuddy.SharedTypePools;
+import datadog.trace.agent.tooling.bytebuddy.iast.TaintableRedefinitionStrategyListener;
 import datadog.trace.agent.tooling.bytebuddy.matcher.DDElementMatchers;
 import datadog.trace.agent.tooling.bytebuddy.memoize.MemoizedMatchers;
+import datadog.trace.agent.tooling.bytebuddy.outline.TypePoolFacade;
 import datadog.trace.agent.tooling.usm.UsmExtractorImpl;
 import datadog.trace.agent.tooling.usm.UsmMessageFactoryImpl;
 import datadog.trace.api.InstrumenterConfig;
@@ -96,11 +96,7 @@ public static ClassFileTransformer installBytebuddyAgent(
       final AgentBuilder.Listener... listeners) {
     Utils.setInstrumentation(inst);
 
-    if (InstrumenterConfig.get().isResolverOutliningEnabled()) {
-      DDOutlinePoolStrategy.registerTypePoolFacade();
-    } else {
-      DDCachingPoolStrategy.registerAsSupplier();
-    }
+    TypePoolFacade.registerAsSupplier();
 
     if (InstrumenterConfig.get().isResolverMemoizingEnabled()) {
       MemoizedMatchers.registerAsSupplier();
@@ -124,6 +120,7 @@ public static ClassFileTransformer installBytebuddyAgent(
             .with(AgentStrategies.transformerDecorator())
             .with(AgentBuilder.RedefinitionStrategy.RETRANSFORMATION)
             .with(AgentStrategies.rediscoveryStrategy())
+            .with(redefinitionStrategyListener(enabledSystems))
             .with(AgentStrategies.locationStrategy())
             .with(AgentStrategies.poolStrategy())
             .with(AgentBuilder.DescriptionStrategy.Default.POOL_ONLY)
@@ -140,6 +137,7 @@ public static ClassFileTransformer installBytebuddyAgent(
           agentBuilder
               .with(AgentBuilder.RedefinitionStrategy.RETRANSFORMATION)
               .with(AgentStrategies.rediscoveryStrategy())
+              .with(redefinitionStrategyListener(enabledSystems))
               .with(new RedefinitionLoggingListener())
               .with(new TransformLoggingListener());
     }
@@ -260,6 +258,15 @@ private static void addByteBuddyRawSetting() {
     }
   }
 
+  private static AgentBuilder.RedefinitionStrategy.Listener redefinitionStrategyListener(
+      final Set<Instrumenter.TargetSystem> enabledSystems) {
+    if (enabledSystems.contains(Instrumenter.TargetSystem.IAST)) {
+      return TaintableRedefinitionStrategyListener.INSTANCE;
+    } else {
+      return AgentBuilder.RedefinitionStrategy.Listener.NoOp.INSTANCE;
+    }
+  }
+
   static class RedefinitionLoggingListener implements AgentBuilder.RedefinitionStrategy.Listener {
 
     private static final Logger log = LoggerFactory.getLogger(RedefinitionLoggingListener.class);
diff --git a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentStrategies.java b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentStrategies.java
index 124fcf3434c..23309b282a6 100644
--- a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentStrategies.java
+++ b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/AgentStrategies.java
@@ -1,12 +1,10 @@
 package datadog.trace.agent.tooling;
 
-import datadog.trace.agent.tooling.bytebuddy.DDCachingPoolStrategy;
 import datadog.trace.agent.tooling.bytebuddy.DDClassFileTransformer;
 import datadog.trace.agent.tooling.bytebuddy.DDLocationStrategy;
 import datadog.trace.agent.tooling.bytebuddy.DDOutlinePoolStrategy;
 import datadog.trace.agent.tooling.bytebuddy.DDOutlineTypeStrategy;
 import datadog.trace.agent.tooling.bytebuddy.DDRediscoveryStrategy;
-import datadog.trace.api.InstrumenterConfig;
 import datadog.trace.api.Platform;
 import net.bytebuddy.agent.builder.AgentBuilder.ClassFileBufferStrategy;
 import net.bytebuddy.agent.builder.AgentBuilder.LocationStrategy;
@@ -45,21 +43,9 @@ private static TransformerDecorator loadTransformerDecorator() {
   private static final DiscoveryStrategy REDISCOVERY_STRATEGY = new DDRediscoveryStrategy();
   private static final LocationStrategy LOCATION_STRATEGY = new DDLocationStrategy();
 
-  private static final PoolStrategy POOL_STRATEGY;
-  private static final ClassFileBufferStrategy BUFFER_STRATEGY;
-  private static final TypeStrategy TYPE_STRATEGY;
-
-  static {
-    if (InstrumenterConfig.get().isResolverOutliningEnabled()) {
-      POOL_STRATEGY = DDOutlinePoolStrategy.INSTANCE;
-      BUFFER_STRATEGY = DDOutlineTypeStrategy.INSTANCE;
-      TYPE_STRATEGY = DDOutlineTypeStrategy.INSTANCE;
-    } else {
-      POOL_STRATEGY = DDCachingPoolStrategy.INSTANCE;
-      BUFFER_STRATEGY = ClassFileBufferStrategy.Default.RETAINING;
-      TYPE_STRATEGY = TypeStrategy.Default.REDEFINE_FROZEN;
-    }
-  }
+  private static final PoolStrategy POOL_STRATEGY = DDOutlinePoolStrategy.INSTANCE;
+  private static final ClassFileBufferStrategy BUFFER_STRATEGY = DDOutlineTypeStrategy.INSTANCE;
+  private static final TypeStrategy TYPE_STRATEGY = DDOutlineTypeStrategy.INSTANCE;
 
   public static TransformerDecorator transformerDecorator() {
     return TRANSFORMER_DECORATOR;
diff --git a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/CombiningTransformerBuilder.java b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/CombiningTransformerBuilder.java
index e4aa7004a1d..e1cb97d7c14 100644
--- a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/CombiningTransformerBuilder.java
+++ b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/CombiningTransformerBuilder.java
@@ -7,6 +7,7 @@
 import static net.bytebuddy.matcher.ElementMatchers.isSynthetic;
 import static net.bytebuddy.matcher.ElementMatchers.not;
 
+import datadog.trace.agent.tooling.Instrumenter.WithPostProcessor;
 import datadog.trace.agent.tooling.bytebuddy.ExceptionHandlers;
 import datadog.trace.agent.tooling.context.FieldBackedContextInjector;
 import datadog.trace.agent.tooling.context.FieldBackedContextMatcher;
@@ -22,6 +23,7 @@
 import java.util.List;
 import java.util.Map;
 import net.bytebuddy.agent.builder.AgentBuilder;
+import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.method.MethodDescription;
 import net.bytebuddy.matcher.ElementMatcher;
 
@@ -38,6 +40,12 @@ public final class CombiningTransformerBuilder extends AbstractTransformerBuilde
   private final List<AgentBuilder.Transformer> advice = new ArrayList<>();
   private ElementMatcher<? super MethodDescription> ignoredMethods;
 
+  /**
+   * Post processor to be applied to instrumenter advices if they implement {@link
+   * WithPostProcessor}
+   */
+  private Advice.PostProcessor.Factory postProcessor;
+
   public CombiningTransformerBuilder(AgentBuilder agentBuilder, int maxInstrumentationId) {
     this.agentBuilder = agentBuilder;
     int maxInstrumentationCount = maxInstrumentationId + 1;
@@ -108,6 +116,11 @@ private void buildInstrumentationMatcher(Instrumenter.Default instrumenter, int
 
   private void buildInstrumentationAdvice(Instrumenter.Default instrumenter, int id) {
 
+    postProcessor =
+        instrumenter instanceof WithPostProcessor
+            ? ((WithPostProcessor) instrumenter).postProcessor()
+            : null;
+
     String[] helperClassNames = instrumenter.helperClassNames();
     if (instrumenter.injectHelperDependencies()) {
       helperClassNames = HelperScanner.withClassDependencies(helperClassNames);
@@ -159,8 +172,12 @@ protected void buildSingleAdvice(Instrumenter.ForSingleType instrumenter) {
 
   @Override
   public void applyAdvice(ElementMatcher<? super MethodDescription> matcher, String name) {
+    Advice.WithCustomMapping customMapping = Advice.withCustomMapping();
+    if (postProcessor != null) {
+      customMapping = customMapping.with(postProcessor);
+    }
     advice.add(
-        new AgentBuilder.Transformer.ForAdvice()
+        new AgentBuilder.Transformer.ForAdvice(customMapping)
             .include(Utils.getBootstrapProxy(), Utils.getAgentClassLoader())
             .withExceptionHandler(ExceptionHandlers.defaultExceptionHandler())
             .advice(not(ignoredMethods).and(matcher), name));
diff --git a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDCachingPoolStrategy.java b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDCachingPoolStrategy.java
deleted file mode 100644
index f990030aa72..00000000000
--- a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDCachingPoolStrategy.java
+++ /dev/null
@@ -1,452 +0,0 @@
-package datadog.trace.agent.tooling.bytebuddy;
-
-import static datadog.trace.agent.tooling.bytebuddy.ClassFileLocators.classFileLocator;
-import static datadog.trace.bootstrap.AgentClassLoading.LOCATING_CLASS;
-
-import com.googlecode.concurrentlinkedhashmap.ConcurrentLinkedHashMap;
-import datadog.trace.api.InstrumenterConfig;
-import datadog.trace.api.cache.DDCache;
-import datadog.trace.api.cache.DDCaches;
-import java.lang.ref.WeakReference;
-import java.util.concurrent.ConcurrentMap;
-import java.util.function.Function;
-import net.bytebuddy.agent.builder.AgentBuilder;
-import net.bytebuddy.description.annotation.AnnotationList;
-import net.bytebuddy.description.method.MethodDescription;
-import net.bytebuddy.description.method.MethodList;
-import net.bytebuddy.description.type.TypeDescription;
-import net.bytebuddy.description.type.TypeList;
-import net.bytebuddy.dynamic.ClassFileLocator;
-import net.bytebuddy.pool.TypePool;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * NEW (Jan 2020) Custom Pool strategy.
- *
- * <ul>
- *   Uses a Guava Cache directly...
- *   <li>better control over locking than WeakMap.Provider
- *   <li>provides direct control over concurrency level
- *   <li>initial and maximum capacity
- * </ul>
- *
- * <ul>
- *   There two core parts to the cache...
- *   <li>a cache of ClassLoader to WeakReference&lt;ClassLoader&gt;
- *   <li>a single cache of TypeResolutions for all ClassLoaders - keyed by a custom composite key of
- *       ClassLoader & class name
- * </ul>
- *
- * <p>This design was chosen to create a single limited size cache that can be adjusted for the
- * entire application -- without having to create a large number of WeakReference objects.
- *
- * <p>Eviction is handled almost entirely through a size restriction; however, softValues are still
- * used as a further safeguard.
- */
-public final class DDCachingPoolStrategy
-    implements AgentBuilder.PoolStrategy, SharedTypePools.Supplier {
-  private static final Logger log = LoggerFactory.getLogger(DDCachingPoolStrategy.class);
-  // Many things are package visible for testing purposes --
-  // others to avoid creation of synthetic accessors
-
-  static final int CONCURRENCY_LEVEL = 8;
-  static final int LOADER_CAPACITY = 64;
-  static final int TYPE_CAPACITY = InstrumenterConfig.get().getResolverTypePoolSize();
-
-  static final int BOOTSTRAP_HASH = 7236344; // Just a random number
-
-  private static final Function<ClassLoader, WeakReference<ClassLoader>> WEAK_REF =
-      WeakReference::new;
-
-  public static final DDCachingPoolStrategy INSTANCE =
-      new DDCachingPoolStrategy(InstrumenterConfig.get().isResolverUseLoadClass());
-
-  public static void registerAsSupplier() {
-    SharedTypePools.registerIfAbsent(INSTANCE);
-  }
-
-  /**
-   * Cache of recent ClassLoader WeakReferences; used to...
-   *
-   * <ul>
-   *   <li>Reduced number of WeakReferences created
-   *   <li>Allow for quick fast path equivalence check of composite keys
-   * </ul>
-   */
-  final DDCache<ClassLoader, WeakReference<ClassLoader>> loaderRefCache =
-      DDCaches.newFixedSizeWeakKeyCache(LOADER_CAPACITY);
-
-  /**
-   * Single shared Type.Resolution cache -- uses a composite key -- conceptually of loader & name
-   */
-  final ConcurrentMap<TypeCacheKey, TypePool.Resolution> sharedResolutionCache =
-      new ConcurrentLinkedHashMap.Builder<TypeCacheKey, TypePool.Resolution>()
-          .maximumWeightedCapacity(TYPE_CAPACITY)
-          .concurrencyLevel(CONCURRENCY_LEVEL)
-          .build();
-
-  /** Fast path for bootstrap */
-  final SharedResolutionCacheAdapter bootstrapCacheProvider;
-
-  private final boolean fallBackToLoadClass;
-
-  // visible for testing
-  DDCachingPoolStrategy() {
-    this(true);
-  }
-
-  private DDCachingPoolStrategy(boolean fallBackToLoadClass) {
-    this.fallBackToLoadClass = fallBackToLoadClass;
-    bootstrapCacheProvider =
-        new SharedResolutionCacheAdapter(
-            BOOTSTRAP_HASH, null, sharedResolutionCache, fallBackToLoadClass);
-  }
-
-  @Override
-  public TypePool typePool(ClassFileLocator classFileLocator, ClassLoader classLoader) {
-    if (classLoader == null) {
-      return createCachingTypePool(bootstrapCacheProvider, classFileLocator);
-    }
-
-    WeakReference<ClassLoader> loaderRef = loaderRefCache.computeIfAbsent(classLoader, WEAK_REF);
-
-    final int loaderHash = classLoader.hashCode();
-    return createCachingTypePool(loaderHash, loaderRef, classFileLocator);
-  }
-
-  @Override
-  public TypePool typePool(
-      ClassFileLocator classFileLocator, ClassLoader classLoader, String name) {
-    // FIXME satisfy interface constraint that currently instrumented type is not cached
-    return typePool(classFileLocator, classLoader);
-  }
-
-  @Override
-  public TypePool typePool(ClassLoader classLoader) {
-    return typePool(classFileLocator(classLoader), classLoader);
-  }
-
-  @Override
-  public void annotationOfInterest(String name) {}
-
-  @Override
-  public void endInstall() {}
-
-  @Override
-  public void endTransform() {}
-
-  @Override
-  public void clear() {
-    sharedResolutionCache.clear();
-  }
-
-  private TypePool.CacheProvider createCacheProvider(
-      final int loaderHash, final WeakReference<ClassLoader> loaderRef) {
-    return new SharedResolutionCacheAdapter(
-        loaderHash, loaderRef, sharedResolutionCache, fallBackToLoadClass);
-  }
-
-  private TypePool createCachingTypePool(
-      final int loaderHash,
-      final WeakReference<ClassLoader> loaderRef,
-      final ClassFileLocator classFileLocator) {
-    return new TypePool.Default.WithLazyResolution(
-        createCacheProvider(loaderHash, loaderRef),
-        classFileLocator,
-        TypePool.Default.ReaderMode.FAST);
-  }
-
-  private TypePool createCachingTypePool(
-      final TypePool.CacheProvider cacheProvider, final ClassFileLocator classFileLocator) {
-    return new TypePool.Default.WithLazyResolution(
-        cacheProvider, classFileLocator, TypePool.Default.ReaderMode.FAST);
-  }
-
-  final long approximateSize() {
-    return sharedResolutionCache.size();
-  }
-
-  /**
-   * TypeCacheKey is key for the sharedResolutionCache. Conceptually, it is a mix of ClassLoader &
-   * class name.
-   *
-   * <p>For efficiency & GC purposes, it is actually composed of loaderHash &
-   * WeakReference&lt;ClassLoader&gt;
-   *
-   * <p>The loaderHash exists to avoid calling get & strengthening the Reference.
-   */
-  static final class TypeCacheKey {
-    private final int loaderHash;
-    private final WeakReference<ClassLoader> loaderRef;
-    private final String className;
-
-    private final int hashCode;
-
-    TypeCacheKey(
-        final int loaderHash, final WeakReference<ClassLoader> loaderRef, final String className) {
-      this.loaderHash = loaderHash;
-      this.loaderRef = loaderRef;
-      this.className = className;
-
-      hashCode = 31 * this.loaderHash + className.hashCode();
-    }
-
-    @Override
-    public final int hashCode() {
-      return hashCode;
-    }
-
-    @Override
-    public boolean equals(final Object obj) {
-      if (!(obj instanceof TypeCacheKey)) {
-        return false;
-      }
-
-      final TypeCacheKey that = (TypeCacheKey) obj;
-
-      if (loaderHash != that.loaderHash) {
-        return false;
-      }
-
-      if (className.equals(that.className)) {
-        // Fastpath loaderRef equivalence -- works because of WeakReference cache used
-        // Also covers the bootstrap null loaderRef case
-        if (loaderRef == that.loaderRef) {
-          return true;
-        }
-
-        // need to perform a deeper loader check -- requires calling Reference.get
-        // which can strengthen the Reference, so deliberately done last
-
-        // If either reference has gone null, they aren't considered equivalent
-        // Technically, this is a bit of violation of equals semantics, since
-        // two equivalent references can become not equivalent.
-
-        // In this case, it is fine because that means the ClassLoader is no
-        // longer live, so the entries will never match anyway and will fall
-        // out of the cache.
-        final ClassLoader thisLoader = loaderRef.get();
-        if (thisLoader == null) {
-          return false;
-        }
-
-        final ClassLoader thatLoader = that.loaderRef.get();
-        if (thatLoader == null) {
-          return false;
-        }
-
-        return (thisLoader == thatLoader);
-      } else {
-        return false;
-      }
-    }
-  }
-
-  static final class SharedResolutionCacheAdapter implements TypePool.CacheProvider {
-    private static final String OBJECT_NAME = "java.lang.Object";
-    private static final TypePool.Resolution OBJECT_RESOLUTION =
-        new TypePool.Resolution.Simple(
-            new CachingTypeDescription(TypeDescription.ForLoadedType.of(Object.class)));
-
-    private final int loaderHash;
-    private final WeakReference<ClassLoader> loaderRef;
-    private final ConcurrentMap<TypeCacheKey, TypePool.Resolution> sharedResolutionCache;
-    private final boolean fallBackToLoadClass;
-
-    SharedResolutionCacheAdapter(
-        final int loaderHash,
-        final WeakReference<ClassLoader> loaderRef,
-        final ConcurrentMap<TypeCacheKey, TypePool.Resolution> sharedResolutionCache,
-        final boolean fallBackToLoadClass) {
-      this.loaderHash = loaderHash;
-      this.loaderRef = loaderRef;
-      this.sharedResolutionCache = sharedResolutionCache;
-      this.fallBackToLoadClass = fallBackToLoadClass;
-    }
-
-    @Override
-    public TypePool.Resolution find(final String className) {
-      final TypePool.Resolution existingResolution =
-          sharedResolutionCache.get(new TypeCacheKey(loaderHash, loaderRef, className));
-      if (existingResolution != null) {
-        return existingResolution;
-      }
-
-      if (OBJECT_NAME.equals(className)) {
-        return OBJECT_RESOLUTION;
-      }
-
-      return null;
-    }
-
-    @Override
-    public TypePool.Resolution register(final String className, TypePool.Resolution resolution) {
-      if (OBJECT_NAME.equals(className)) {
-        return resolution;
-      }
-
-      if (fallBackToLoadClass && resolution instanceof TypePool.Resolution.Illegal) {
-        // If the normal pool only resolution have failed then fall back to creating the type
-        // description from a loaded type by trying to load the class. This case is very rare and is
-        // here to handle classes that are injected directly via calls to defineClass without
-        // providing a way to get the class bytes.
-        resolution = new CachingResolutionForMaybeLoadableType(loaderRef, className);
-      } else {
-        resolution = new CachingResolution(resolution);
-      }
-
-      sharedResolutionCache.put(new TypeCacheKey(loaderHash, loaderRef, className), resolution);
-      return resolution;
-    }
-
-    @Override
-    public void clear() {
-      // Allowing the high-level eviction policy make the clearing decisions
-    }
-  }
-
-  private static class CachingResolutionForMaybeLoadableType implements TypePool.Resolution {
-    private final WeakReference<ClassLoader> loaderRef;
-    private final String className;
-    private volatile TypeDescription typeDescription = null;
-    private volatile boolean isResolved = false;
-
-    public CachingResolutionForMaybeLoadableType(
-        WeakReference<ClassLoader> loaderRef, String className) {
-      this.loaderRef = loaderRef;
-      this.className = className;
-    }
-
-    @Override
-    public boolean isResolved() {
-      return isResolved;
-    }
-
-    @Override
-    public TypeDescription resolve() {
-      // Intentionally not "thread safe". Duplicate work deemed an acceptable trade-off.
-      if (!isResolved) {
-        Class<?> klass = null;
-        ClassLoader classLoader = null;
-        LOCATING_CLASS.begin();
-        try {
-          // Please note that by doing a loadClass, the type we are resolving will bypass
-          // transformation since we are in the middle of a transformation. This should
-          // be a very rare occurrence and not affect any classes we want to instrument.
-          if (loaderRef != null) {
-            classLoader = loaderRef.get();
-            if (classLoader != null) {
-              klass = classLoader.loadClass(className);
-            } else {
-              // classloader has been unloaded
-            }
-          } else { // bootstrap type resolution
-            klass = Class.forName(className, false, null);
-          }
-        } catch (Throwable ignored) {
-        } finally {
-          LOCATING_CLASS.end();
-        }
-        if (klass != null) {
-          // We managed to load the class
-          typeDescription = TypeDescription.ForLoadedType.of(klass);
-          log.debug(
-              "Direct loadClass type resolution of {} from class loader {} bypass transformation",
-              className,
-              classLoader);
-        }
-        isResolved = true;
-      }
-      if (typeDescription == null) {
-        throw new IllegalStateException("Cannot resolve type description for " + className);
-      }
-      return typeDescription;
-    }
-  }
-
-  private static class CachingResolution implements TypePool.Resolution {
-    private final TypePool.Resolution delegate;
-    private TypeDescription cachedResolution;
-
-    public CachingResolution(final TypePool.Resolution delegate) {
-      this.delegate = delegate;
-    }
-
-    @Override
-    public boolean isResolved() {
-      return delegate.isResolved();
-    }
-
-    @Override
-    public TypeDescription resolve() {
-      // Intentionally not "thread safe". Duplicate work deemed an acceptable trade-off.
-      if (cachedResolution == null) {
-        cachedResolution = new CachingTypeDescription(delegate.resolve());
-      }
-      return cachedResolution;
-    }
-  }
-
-  /**
-   * TypeDescription implementation that delegates and caches the results for the expensive calls
-   * commonly used by our instrumentation.
-   */
-  private static class CachingTypeDescription
-      extends TypeDescription.AbstractBase.OfSimpleType.WithDelegation {
-    private final TypeDescription delegate;
-
-    // These fields are intentionally not "thread safe".
-    // Duplicate work deemed an acceptable trade-off.
-    private Generic superClass;
-    private TypeList.Generic interfaces;
-    private AnnotationList annotations;
-    private MethodList<MethodDescription.InDefinedShape> methods;
-
-    public CachingTypeDescription(final TypeDescription delegate) {
-      this.delegate = delegate;
-    }
-
-    @Override
-    protected TypeDescription delegate() {
-      return delegate;
-    }
-
-    @Override
-    public Generic getSuperClass() {
-      if (superClass == null) {
-        superClass = delegate.getSuperClass();
-      }
-      return superClass;
-    }
-
-    @Override
-    public TypeList.Generic getInterfaces() {
-      if (interfaces == null) {
-        interfaces = delegate.getInterfaces();
-      }
-      return interfaces;
-    }
-
-    @Override
-    public AnnotationList getDeclaredAnnotations() {
-      if (annotations == null) {
-        annotations = delegate.getDeclaredAnnotations();
-      }
-      return annotations;
-    }
-
-    @Override
-    public MethodList<MethodDescription.InDefinedShape> getDeclaredMethods() {
-      if (methods == null) {
-        methods = delegate.getDeclaredMethods();
-      }
-      return methods;
-    }
-
-    @Override
-    public String getName() {
-      return delegate.getName();
-    }
-  }
-}
diff --git a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDOutlinePoolStrategy.java b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDOutlinePoolStrategy.java
index 5317a97a359..c8ddb34f915 100644
--- a/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDOutlinePoolStrategy.java
+++ b/dd-java-agent/agent-builder/src/main/java/datadog/trace/agent/tooling/bytebuddy/DDOutlinePoolStrategy.java
@@ -18,10 +18,6 @@
 public final class DDOutlinePoolStrategy implements AgentBuilder.PoolStrategy {
   public static final AgentBuilder.PoolStrategy INSTANCE = new DDOutlinePoolStrategy();
 
-  public static void registerTypePoolFacade() {
-    TypePoolFacade.registerAsSupplier();
-  }
-
   @Override
   public TypePool typePool(ClassFileLocator ignored, ClassLoader classLoader) {
     // it's safe to ignore this ClassFileLocator because we capture the target bytecode
diff --git a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/test/DefaultInstrumenterForkedTest.groovy b/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/test/DefaultInstrumenterForkedTest.groovy
index f79ead320e3..555abcb5860 100644
--- a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/test/DefaultInstrumenterForkedTest.groovy
+++ b/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/test/DefaultInstrumenterForkedTest.groovy
@@ -1,8 +1,8 @@
 package datadog.trace.agent.test
 
 import datadog.trace.agent.tooling.Instrumenter
-import datadog.trace.agent.tooling.bytebuddy.DDCachingPoolStrategy
 import datadog.trace.agent.tooling.bytebuddy.matcher.DDElementMatchers
+import datadog.trace.agent.tooling.bytebuddy.outline.TypePoolFacade
 import datadog.trace.test.util.DDSpecification
 import spock.lang.Shared
 
@@ -11,7 +11,7 @@ import java.lang.instrument.Instrumentation
 
 class DefaultInstrumenterForkedTest extends DDSpecification {
   static {
-    DDCachingPoolStrategy.registerAsSupplier()
+    TypePoolFacade.registerAsSupplier()
     DDElementMatchers.registerAsSupplier()
   }
 
diff --git a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/CacheProviderTest.groovy b/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/CacheProviderTest.groovy
deleted file mode 100644
index 7f4d81883fb..00000000000
--- a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/CacheProviderTest.groovy
+++ /dev/null
@@ -1,222 +0,0 @@
-package datadog.trace.agent.tooling.bytebuddy
-
-import datadog.trace.test.util.DDSpecification
-import net.bytebuddy.description.type.TypeDescription
-import net.bytebuddy.dynamic.ClassFileLocator
-import net.bytebuddy.pool.TypePool
-import spock.lang.Timeout
-
-import java.lang.ref.WeakReference
-
-@Timeout(5)
-class CacheProviderTest extends DDSpecification {
-  def "key bootstrap equivalence"() {
-    // def loader = null
-    def loaderHash = DDCachingPoolStrategy.BOOTSTRAP_HASH
-    def loaderRef = null
-
-    def key1 = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef, "foo")
-    def key2 = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef, "foo")
-
-    expect:
-    key1.hashCode() == key2.hashCode()
-    key1.equals(key2)
-  }
-
-  def "key same ref equivalence"() {
-    setup:
-    def loader = newClassLoader()
-    def loaderHash = loader.hashCode()
-    def loaderRef = new WeakReference<ClassLoader>(loader)
-
-    def key1 = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef, "foo")
-    def key2 = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef, "foo")
-
-    expect:
-    key1.hashCode() == key2.hashCode()
-    key1.equals(key2)
-  }
-
-  def "key different ref equivalence"() {
-    setup:
-    def loader = newClassLoader()
-    def loaderHash = loader.hashCode()
-    def loaderRef1 = new WeakReference<ClassLoader>(loader)
-    def loaderRef2 = new WeakReference<ClassLoader>(loader)
-
-    def key1 = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef1, "foo")
-    def key2 = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef2, "foo")
-
-    expect:
-    loaderRef1 != loaderRef2
-
-    key1.hashCode() == key2.hashCode()
-    key1.equals(key2)
-  }
-
-  def "key mismatch -- same loader - diff name"() {
-    setup:
-    def loader = newClassLoader()
-    def loaderHash = loader.hashCode()
-    def loaderRef = new WeakReference<ClassLoader>(loader)
-    def fooKey = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef, "foo")
-    def barKey = new DDCachingPoolStrategy.TypeCacheKey(loaderHash, loaderRef, "bar")
-
-    expect:
-    // not strictly guaranteed -- but important for performance
-    fooKey.hashCode() != barKey.hashCode()
-    !fooKey.equals(barKey)
-  }
-
-  def "key mismatch -- same name - diff loader"() {
-    setup:
-    def loader1 = newClassLoader()
-    def loader1Hash = loader1.hashCode()
-    def loaderRef1 = new WeakReference<ClassLoader>(loader1)
-
-    def loader2 = newClassLoader()
-    def loader2Hash = loader2.hashCode()
-    def loaderRef2 = new WeakReference<ClassLoader>(loader2)
-
-    def fooKey1 = new DDCachingPoolStrategy.TypeCacheKey(loader1Hash, loaderRef1, "foo")
-    def fooKey2 = new DDCachingPoolStrategy.TypeCacheKey(loader2Hash, loaderRef2, "foo")
-
-    expect:
-    // not strictly guaranteed -- but important for performance
-    fooKey1.hashCode() != fooKey2.hashCode()
-    !fooKey1.equals(fooKey2)
-  }
-
-  def "test basic caching"() {
-    setup:
-    def poolStrat = new DDCachingPoolStrategy()
-
-    def loader = newClassLoader()
-    def loaderHash = loader.hashCode()
-    def loaderRef = new WeakReference<ClassLoader>(loader)
-
-    def cacheProvider = poolStrat.createCacheProvider(loaderHash, loaderRef)
-
-    when:
-    cacheProvider.register("foo", new TypePool.Resolution.Simple(TypeDescription.ForLoadedType.of(void.class)))
-
-    then:
-    // not strictly guaranteed, but fine for this test
-    cacheProvider.find("foo") != null
-    poolStrat.approximateSize() == 1
-  }
-
-  def "test loader equivalence"() {
-    setup:
-    def poolStrat = new DDCachingPoolStrategy()
-
-    def loader1 = newClassLoader()
-    def loaderHash1 = loader1.hashCode()
-    def loaderRef1A = new WeakReference<ClassLoader>(loader1)
-    def loaderRef1B = new WeakReference<ClassLoader>(loader1)
-
-    def cacheProvider1A = poolStrat.createCacheProvider(loaderHash1, loaderRef1A)
-    def cacheProvider1B = poolStrat.createCacheProvider(loaderHash1, loaderRef1B)
-
-    when:
-    cacheProvider1A.register("foo", newVoid())
-
-    then:
-    // not strictly guaranteed, but fine for this test
-    cacheProvider1A.find("foo") != null
-    cacheProvider1B.find("foo") != null
-
-    cacheProvider1A.find("foo").is(cacheProvider1B.find("foo"))
-    poolStrat.approximateSize() == 1
-  }
-
-  def "test loader separation"() {
-    setup:
-    def poolStrat = new DDCachingPoolStrategy()
-
-    def loader1 = newClassLoader()
-    def loaderHash1 = loader1.hashCode()
-    def loaderRef1 = new WeakReference<ClassLoader>(loader1)
-
-    def loader2 = newClassLoader()
-    def loaderHash2 = loader2.hashCode()
-    def loaderRef2 = new WeakReference<ClassLoader>(loader2)
-
-    def cacheProvider1 = poolStrat.createCacheProvider(loaderHash1, loaderRef1)
-    def cacheProvider2 = poolStrat.createCacheProvider(loaderHash2, loaderRef2)
-
-    when:
-    cacheProvider1.register("foo", newVoid())
-    cacheProvider2.register("foo", newVoid())
-
-    then:
-    // not strictly guaranteed, but fine for this test
-    cacheProvider1.find("foo") != null
-    cacheProvider2.find("foo") != null
-
-    !cacheProvider1.find("foo").is(cacheProvider2.find("foo"))
-    poolStrat.approximateSize() == 2
-  }
-
-  def "test capacity"() {
-    setup:
-    def poolStrat = new DDCachingPoolStrategy()
-    def capacity = DDCachingPoolStrategy.TYPE_CAPACITY
-
-    def loader1 = newClassLoader()
-    def loaderHash1 = loader1.hashCode()
-    def loaderRef1 = new WeakReference<ClassLoader>(loader1)
-
-    def loader2 = newClassLoader()
-    def loaderHash2 = loader2.hashCode()
-    def loaderRef2 = new WeakReference<ClassLoader>(loader2)
-
-    def cacheProvider1 = poolStrat.createCacheProvider(loaderHash1, loaderRef1)
-    def cacheProvider2 = poolStrat.createCacheProvider(loaderHash2, loaderRef2)
-
-    def id = 0
-
-    when:
-    (capacity / 2).times {
-      id += 1
-      cacheProvider1.register("foo${id}", newVoid())
-      cacheProvider2.register("foo${id}", newVoid())
-    }
-
-    then:
-    // cache will start to proactively free slots & size calc is approximate
-    poolStrat.approximateSize() >= 0.75 * capacity
-
-    when:
-    10.times {
-      id += 1
-      cacheProvider1.register("foo${id}", newVoid())
-      cacheProvider2.register("foo${id}", newVoid())
-    }
-
-    then:
-    // cache will start to proactively free slots & size calc is approximate
-    poolStrat.approximateSize() > 0.8 * capacity
-  }
-
-  static newVoid() {
-    return new TypePool.Resolution.Simple(TypeDescription.ForLoadedType.of(void.class))
-  }
-
-  static newClassLoader() {
-    return new URLClassLoader([] as URL[], (ClassLoader) null)
-  }
-
-  static newLocator() {
-    return new ClassFileLocator() {
-        @Override
-        ClassFileLocator.Resolution locate(String name) throws IOException {
-          return null
-        }
-
-        @Override
-        void close() throws IOException {
-        }
-      }
-  }
-}
diff --git a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/DDCachingPoolStrategyTest.groovy b/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/DDCachingPoolStrategyTest.groovy
deleted file mode 100644
index 814ac481453..00000000000
--- a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/DDCachingPoolStrategyTest.groovy
+++ /dev/null
@@ -1,27 +0,0 @@
-package datadog.trace.agent.tooling.bytebuddy
-
-import datadog.trace.agent.tooling.bytebuddy.matcher.DDElementMatchers
-import datadog.trace.test.util.DDSpecification
-
-import java.util.concurrent.ForkJoinTask
-import java.util.concurrent.Future
-
-import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface
-import static net.bytebuddy.matcher.ElementMatchers.named
-
-class DDCachingPoolStrategyTest extends DDSpecification {
-  static {
-    DDCachingPoolStrategy.registerAsSupplier()
-    DDElementMatchers.registerAsSupplier()
-  }
-
-  def "bootstrap classes can be loaded by our caching type pool"() {
-    setup:
-    def pool = SharedTypePools.typePool(null)
-    def description = pool.describe(ForkJoinTask.name).resolve()
-
-    expect:
-    description.name == ForkJoinTask.name
-    implementsInterface(named(Future.name)).matches(description)
-  }
-}
diff --git a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/matcher/AbstractHierarchyMatcherTest.groovy b/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/matcher/AbstractHierarchyMatcherTest.groovy
index 0f17ee41507..0dcdabfc7a8 100644
--- a/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/matcher/AbstractHierarchyMatcherTest.groovy
+++ b/dd-java-agent/agent-builder/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/matcher/AbstractHierarchyMatcherTest.groovy
@@ -1,13 +1,13 @@
 package datadog.trace.agent.tooling.bytebuddy.matcher
 
-import datadog.trace.agent.tooling.bytebuddy.DDCachingPoolStrategy
 import datadog.trace.agent.tooling.bytebuddy.SharedTypePools
+import datadog.trace.agent.tooling.bytebuddy.outline.TypePoolFacade
 import datadog.trace.test.util.DDSpecification
 import spock.lang.Shared
 
 abstract class AbstractHierarchyMatcherTest extends DDSpecification {
   static {
-    DDCachingPoolStrategy.registerAsSupplier()
+    TypePoolFacade.registerAsSupplier()
     DDElementMatchers.registerAsSupplier()
   }
 
diff --git a/dd-java-agent/agent-ci-visibility/build.gradle b/dd-java-agent/agent-ci-visibility/build.gradle
index 8b68cc7cc48..9917f17cbdb 100644
--- a/dd-java-agent/agent-ci-visibility/build.gradle
+++ b/dd-java-agent/agent-ci-visibility/build.gradle
@@ -12,12 +12,15 @@ minimumInstructionCoverage = 0.8
 excludedClassesCoverage += [
   "datadog.trace.civisibility.CiVisibilitySystem",
   "datadog.trace.civisibility.CiVisibilitySystem.1",
-  "datadog.trace.civisibility.DDTestModuleChild",
+  "datadog.trace.civisibility.DDBuildSystemModuleImpl",
+  "datadog.trace.civisibility.DDBuildSystemSessionImpl",
+  "datadog.trace.civisibility.DDTestFrameworkModuleImpl",
+  "datadog.trace.civisibility.DDTestFrameworkModuleProxy",
+  "datadog.trace.civisibility.DDTestFrameworkModuleProxy.TestFrameworkData",
+  "datadog.trace.civisibility.DDTestFrameworkSessionImpl",
+  "datadog.trace.civisibility.DDTestFrameworkSessionProxy",
   "datadog.trace.civisibility.DDTestModuleImpl",
-  "datadog.trace.civisibility.DDTestModuleParent",
-  "datadog.trace.civisibility.DDTestSessionChild",
   "datadog.trace.civisibility.DDTestSessionImpl",
-  "datadog.trace.civisibility.DDTestSessionParent",
   "datadog.trace.civisibility.DDTestSuiteImpl",
   "datadog.trace.civisibility.DDTestImpl",
   "datadog.trace.civisibility.TestModuleRegistry",
@@ -27,6 +30,7 @@ excludedClassesCoverage += [
   "datadog.trace.civisibility.config.JvmInfoFactory",
   "datadog.trace.civisibility.config.ConfigurationApi",
   "datadog.trace.civisibility.config.ModuleExecutionSettingsFactory",
+  "datadog.trace.civisibility.config.JvmInfo",
   "datadog.trace.civisibility.config.JvmInfoFactory.JvmVersionOutputParser",
   "datadog.trace.civisibility.config.CachingModuleExecutionSettingsFactory",
   "datadog.trace.civisibility.config.CachingModuleExecutionSettingsFactory.Key",
@@ -35,11 +39,8 @@ excludedClassesCoverage += [
   "datadog.trace.civisibility.config.ConfigurationApi.1",
   "datadog.trace.civisibility.config.ModuleExecutionSettingsFactoryImpl",
   "datadog.trace.civisibility.config.SkippableTestsSerializer",
-  "datadog.trace.civisibility.context.AbstractTestContext",
-  "datadog.trace.civisibility.context.EmptyTestContext",
-  "datadog.trace.civisibility.context.ParentProcessTestContext",
-  "datadog.trace.civisibility.context.SpanTestContext",
-  "datadog.trace.civisibility.coverage.TestProbes.TestProbesFactory",
+  "datadog.trace.civisibility.coverage.CoverageUtils",
+  "datadog.trace.civisibility.coverage.CoverageUtils.RepoIndexFileLocator",
   "datadog.trace.civisibility.coverage.ExecutionDataAdapter",
   "datadog.trace.civisibility.coverage.NoopCoverageProbeStore",
   "datadog.trace.civisibility.coverage.NoopCoverageProbeStore.NoopCoverageProbeStoreFactory",
@@ -47,11 +48,14 @@ excludedClassesCoverage += [
   "datadog.trace.civisibility.coverage.SegmentlessTestProbes.SegmentlessTestProbesFactory",
   "datadog.trace.civisibility.coverage.SourceAnalyzer",
   "datadog.trace.civisibility.coverage.TestProbes",
+  "datadog.trace.civisibility.coverage.TestProbes.TestProbesFactory",
   "datadog.trace.civisibility.events.BuildEventsHandlerImpl",
   "datadog.trace.civisibility.events.TestEventsHandlerImpl",
   "datadog.trace.civisibility.events.TestDescriptor",
   "datadog.trace.civisibility.events.TestModuleDescriptor",
   "datadog.trace.civisibility.events.TestSuiteDescriptor",
+  "datadog.trace.civisibility.git.CILocalGitInfoBuilder",
+  "datadog.trace.civisibility.git.GitClientGitInfoBuilder",
   "datadog.trace.civisibility.git.GitObject",
   "datadog.trace.civisibility.git.tree.*",
   "datadog.trace.civisibility.ipc.ModuleExecutionResult",
@@ -60,13 +64,18 @@ excludedClassesCoverage += [
   "datadog.trace.civisibility.ipc.SignalServer",
   "datadog.trace.civisibility.ipc.SignalType",
   "datadog.trace.civisibility.ipc.SignalClient",
+  "datadog.trace.civisibility.ipc.SignalClient.Factory",
   "datadog.trace.civisibility.ipc.SkippableTestsResponse",
+  "datadog.trace.civisibility.ipc.TestFramework",
   "datadog.trace.civisibility.source.MethodLinesResolver.MethodLines",
+  "datadog.trace.civisibility.source.index.PackageTree.Node",
+  "datadog.trace.civisibility.source.index.RepoIndex",
   "datadog.trace.civisibility.source.index.RepoIndexBuilder.RepoIndexingFileVisitor",
   "datadog.trace.civisibility.source.index.RepoIndexFetcher",
   "datadog.trace.civisibility.source.index.RepoIndexSourcePathResolver",
   "datadog.trace.civisibility.utils.ShellCommandExecutor",
   "datadog.trace.civisibility.utils.ShellCommandExecutor.OutputParser",
+  "datadog.trace.civisibility.utils.SpanUtils"
 ]
 
 dependencies {
@@ -75,6 +84,7 @@ dependencies {
   implementation deps.asm
   implementation deps.asmcommons
   implementation group: 'org.jacoco', name: 'org.jacoco.core', version: '0.8.9'
+  implementation group: 'org.jacoco', name: 'org.jacoco.report', version: '0.8.9'
 
   implementation project(':communication')
   implementation project(':internal-api')
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/CiVisibilitySystem.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/CiVisibilitySystem.java
index 3a6d75d876e..7f0c82c9304 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/CiVisibilitySystem.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/CiVisibilitySystem.java
@@ -4,10 +4,9 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.civisibility.CIVisibility;
 import datadog.trace.api.civisibility.InstrumentationBridge;
-import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
+import datadog.trace.api.civisibility.coverage.CoverageDataSupplier;
 import datadog.trace.api.civisibility.events.BuildEventsHandler;
 import datadog.trace.api.civisibility.events.TestEventsHandler;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
 import datadog.trace.api.config.CiVisibilityConfig;
 import datadog.trace.api.git.GitInfoProvider;
 import datadog.trace.civisibility.ci.CIInfo;
@@ -24,6 +23,7 @@
 import datadog.trace.civisibility.config.JvmInfoFactory;
 import datadog.trace.civisibility.config.ModuleExecutionSettingsFactory;
 import datadog.trace.civisibility.config.ModuleExecutionSettingsFactoryImpl;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
 import datadog.trace.civisibility.coverage.NoopCoverageProbeStore;
 import datadog.trace.civisibility.coverage.SegmentlessTestProbes;
 import datadog.trace.civisibility.coverage.TestProbes;
@@ -33,29 +33,31 @@
 import datadog.trace.civisibility.events.TestEventsHandlerImpl;
 import datadog.trace.civisibility.git.CILocalGitInfoBuilder;
 import datadog.trace.civisibility.git.CIProviderGitInfoBuilder;
+import datadog.trace.civisibility.git.GitClientGitInfoBuilder;
 import datadog.trace.civisibility.git.tree.GitClient;
 import datadog.trace.civisibility.git.tree.GitDataApi;
 import datadog.trace.civisibility.git.tree.GitDataUploader;
 import datadog.trace.civisibility.git.tree.GitDataUploaderImpl;
 import datadog.trace.civisibility.ipc.SignalClient;
 import datadog.trace.civisibility.ipc.SignalServer;
-import datadog.trace.civisibility.source.BestEfforSourcePathResolver;
+import datadog.trace.civisibility.source.BestEffortMethodLinesResolver;
+import datadog.trace.civisibility.source.BestEffortSourcePathResolver;
+import datadog.trace.civisibility.source.ByteCodeMethodLinesResolver;
+import datadog.trace.civisibility.source.CompilerAidedMethodLinesResolver;
 import datadog.trace.civisibility.source.CompilerAidedSourcePathResolver;
 import datadog.trace.civisibility.source.MethodLinesResolver;
-import datadog.trace.civisibility.source.MethodLinesResolverImpl;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import datadog.trace.civisibility.source.index.RepoIndexBuilder;
 import datadog.trace.civisibility.source.index.RepoIndexFetcher;
 import datadog.trace.civisibility.source.index.RepoIndexProvider;
 import datadog.trace.civisibility.source.index.RepoIndexSourcePathResolver;
 import datadog.trace.util.Strings;
-import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.nio.file.FileSystems;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
-import java.util.function.Supplier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -72,20 +74,31 @@ public static void start(SharedCommunicationObjects sco) {
       return;
     }
 
-    GitInfoProvider.INSTANCE.registerGitInfoBuilder(new CIProviderGitInfoBuilder());
-    GitInfoProvider.INSTANCE.registerGitInfoBuilder(new CILocalGitInfoBuilder(GIT_FOLDER_NAME));
+    GitClient.Factory gitClientFactory = buildGitClientFactory(config);
+    CoverageProbeStoreFactory coverageProbeStoreFactory = buildTestProbesFactory(config);
 
-    DDTestSessionImpl.SessionImplFactory sessionFactory = sessionFactory(config, sco);
-    CIVisibility.registerSessionFactory(sessionFactory);
+    GitInfoProvider gitInfoProvider = GitInfoProvider.INSTANCE;
+    gitInfoProvider.registerGitInfoBuilder(new CIProviderGitInfoBuilder());
+    gitInfoProvider.registerGitInfoBuilder(
+        new CILocalGitInfoBuilder(gitClientFactory, GIT_FOLDER_NAME));
+    gitInfoProvider.registerGitInfoBuilder(new GitClientGitInfoBuilder(config, gitClientFactory));
 
-    InstrumentationBridge.registerTestEventsHandlerFactory(
-        testEventsHandlerFactory(config, sessionFactory));
     InstrumentationBridge.registerBuildEventsHandlerFactory(
-        buildEventsHandlerFactory(sessionFactory));
-    InstrumentationBridge.registerCoverageProbeStoreFactory(buildTestProbesFactory(config));
+        buildEventsHandlerFactory(
+            config, sco, gitInfoProvider, coverageProbeStoreFactory, gitClientFactory));
+    InstrumentationBridge.registerTestEventsHandlerFactory(
+        testEventsHandlerFactory(
+            config, sco, gitInfoProvider, coverageProbeStoreFactory, gitClientFactory));
+    InstrumentationBridge.registerCoverageProbeStoreRegistry(coverageProbeStoreFactory);
+
+    CIVisibility.registerSessionFactory(apiSessionFactory(config, coverageProbeStoreFactory));
+  }
+
+  private static GitClient.Factory buildGitClientFactory(Config config) {
+    return new GitClient.Factory(config);
   }
 
-  private static CoverageProbeStore.Factory buildTestProbesFactory(Config config) {
+  private static CoverageProbeStoreFactory buildTestProbesFactory(Config config) {
     if (!config.isCiVisibilityCodeCoverageEnabled()) {
       return new NoopCoverageProbeStore.NoopCoverageProbeStoreFactory();
     }
@@ -95,33 +108,140 @@ private static CoverageProbeStore.Factory buildTestProbesFactory(Config config)
     return new TestProbes.TestProbesFactory();
   }
 
-  private static DDTestSessionImpl.SessionImplFactory sessionFactory(
-      Config config, SharedCommunicationObjects sco) {
+  private static BuildEventsHandler.Factory buildEventsHandlerFactory(
+      Config config,
+      SharedCommunicationObjects sco,
+      GitInfoProvider gitInfoProvider,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      GitClient.Factory gitClientFactory) {
+    DDBuildSystemSession.Factory sessionFactory =
+        buildSystemSessionFactory(
+            config, sco, gitInfoProvider, coverageProbeStoreFactory, gitClientFactory);
+    return new BuildEventsHandler.Factory() {
+      @Override
+      public <U> BuildEventsHandler<U> create() {
+        return new BuildEventsHandlerImpl<>(sessionFactory, new JvmInfoFactory());
+      }
+    };
+  }
+
+  private static DDBuildSystemSession.Factory buildSystemSessionFactory(
+      Config config,
+      SharedCommunicationObjects sco,
+      GitInfoProvider gitInfoProvider,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      GitClient.Factory gitClientFactory) {
     BackendApiFactory backendApiFactory = new BackendApiFactory(config, sco);
     BackendApi backendApi = backendApiFactory.createBackendApi();
 
-    return (String projectName, Path projectRoot, String component, Long startTime) -> {
+    return (String projectName,
+        Path projectRoot,
+        String startCommand,
+        String buildSystemName,
+        Long startTime) -> {
+      // Session needs to see the most recent commit in a repo.
+      // Cache shouldn't be a problem normally,
+      // but it can get stale if we're inside a long-running Gradle daemon
+      // and repo that we're using gets updated
+      gitInfoProvider.invalidateCache();
+
       CIProviderInfoFactory ciProviderInfoFactory = new CIProviderInfoFactory(config);
       CIProviderInfo ciProviderInfo = ciProviderInfoFactory.createCIProviderInfo(projectRoot);
       CIInfo ciInfo = ciProviderInfo.buildCIInfo();
       String repoRoot = ciInfo.getCiWorkspace();
 
-      RepoIndexProvider indexProvider = getRepoIndexProvider(config, repoRoot);
+      RepoIndexProvider indexProvider =
+          new RepoIndexBuilder(projectRoot.toString(), FileSystems.getDefault());
       SourcePathResolver sourcePathResolver = getSourcePathResolver(repoRoot, indexProvider);
       Codeowners codeowners = getCodeowners(repoRoot);
-      MethodLinesResolver methodLinesResolver = new MethodLinesResolverImpl();
+
+      MethodLinesResolver methodLinesResolver =
+          new BestEffortMethodLinesResolver(
+              new CompilerAidedMethodLinesResolver(), new ByteCodeMethodLinesResolver());
+
       Map<String, String> ciTags = new CITagsProvider().getCiTags(ciInfo);
-      TestDecorator testDecorator = new TestDecoratorImpl(component, ciTags);
+      TestDecorator testDecorator = new TestDecoratorImpl(buildSystemName, ciTags);
       TestModuleRegistry testModuleRegistry = new TestModuleRegistry();
 
-      GitDataUploader gitDataUploader = buildGitDataUploader(config, backendApi, repoRoot);
+      GitDataUploader gitDataUploader =
+          buildGitDataUploader(config, gitInfoProvider, gitClientFactory, backendApi, repoRoot);
       ModuleExecutionSettingsFactory moduleExecutionSettingsFactory =
-          buildModuleExecutionSettingsFactory(config, backendApi, gitDataUploader, repoRoot);
+          buildModuleExecutionSettingsFactory(
+              config, backendApi, gitDataUploader, indexProvider, repoRoot);
 
       String signalServerHost = config.getCiVisibilitySignalServerHost();
       int signalServerPort = config.getCiVisibilitySignalServerPort();
       SignalServer signalServer = new SignalServer(signalServerHost, signalServerPort);
 
+      // only start Git data upload in parent process
+      gitDataUploader.startOrObserveGitDataUpload();
+
+      RepoIndexBuilder indexBuilder = new RepoIndexBuilder(repoRoot, FileSystems.getDefault());
+      return new DDBuildSystemSessionImpl(
+          projectName,
+          repoRoot,
+          startCommand,
+          startTime,
+          config,
+          testModuleRegistry,
+          testDecorator,
+          sourcePathResolver,
+          codeowners,
+          methodLinesResolver,
+          moduleExecutionSettingsFactory,
+          coverageProbeStoreFactory,
+          signalServer,
+          indexBuilder);
+    };
+  }
+
+  private static TestEventsHandler.Factory testEventsHandlerFactory(
+      Config config,
+      SharedCommunicationObjects sco,
+      GitInfoProvider gitInfoProvider,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      GitClient.Factory gitClientFactory) {
+    DDTestFrameworkSession.Factory sessionFactory =
+        testFrameworkSessionFactory(
+            config, sco, gitInfoProvider, coverageProbeStoreFactory, gitClientFactory);
+    return (String component, Path path) -> {
+      CIProviderInfoFactory ciProviderInfoFactory = new CIProviderInfoFactory(config);
+      CIProviderInfo ciProviderInfo = ciProviderInfoFactory.createCIProviderInfo(path);
+      CIInfo ciInfo = ciProviderInfo.buildCIInfo();
+      String repoRoot = ciInfo.getCiWorkspace();
+      String moduleName =
+          (repoRoot != null) ? Paths.get(repoRoot).relativize(path).toString() : path.toString();
+
+      DDTestFrameworkSession testSession =
+          sessionFactory.startSession(moduleName, path, component, null);
+      DDTestFrameworkModule testModule = testSession.testModuleStart(moduleName, null);
+      return new TestEventsHandlerImpl(testSession, testModule);
+    };
+  }
+
+  private static DDTestFrameworkSession.Factory testFrameworkSessionFactory(
+      Config config,
+      SharedCommunicationObjects sco,
+      GitInfoProvider gitInfoProvider,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      GitClient.Factory gitClientFactory) {
+    BackendApiFactory backendApiFactory = new BackendApiFactory(config, sco);
+    BackendApi backendApi = backendApiFactory.createBackendApi();
+
+    return (String projectName, Path projectRoot, String component, Long startTime) -> {
+      CIProviderInfoFactory ciProviderInfoFactory = new CIProviderInfoFactory(config);
+      CIProviderInfo ciProviderInfo = ciProviderInfoFactory.createCIProviderInfo(projectRoot);
+      CIInfo ciInfo = ciProviderInfo.buildCIInfo();
+      String repoRoot = ciInfo.getCiWorkspace();
+
+      Codeowners codeowners = getCodeowners(repoRoot);
+      MethodLinesResolver methodLinesResolver =
+          new BestEffortMethodLinesResolver(
+              new CompilerAidedMethodLinesResolver(), new ByteCodeMethodLinesResolver());
+
+      Map<String, String> ciTags = new CITagsProvider().getCiTags(ciInfo);
+      TestDecorator testDecorator = new TestDecoratorImpl(component, ciTags);
+
       // fallbacks to System.getProperty below are needed for cases when
       // system variables are set after config was initialized
       Long parentProcessSessionId = config.getCiVisibilitySessionId();
@@ -153,38 +273,35 @@ private static DDTestSessionImpl.SessionImplFactory sessionFactory(
       // either we are in the build system
       // or we are in the tests JVM and the build system is not instrumented
       if (parentProcessSessionId == null || parentProcessModuleId == null) {
+        GitDataUploader gitDataUploader =
+            buildGitDataUploader(config, gitInfoProvider, gitClientFactory, backendApi, repoRoot);
+        RepoIndexProvider indexProvider = new RepoIndexBuilder(repoRoot, FileSystems.getDefault());
+        ModuleExecutionSettingsFactory moduleExecutionSettingsFactory =
+            buildModuleExecutionSettingsFactory(
+                config, backendApi, gitDataUploader, indexProvider, repoRoot);
+        SourcePathResolver sourcePathResolver = getSourcePathResolver(repoRoot, indexProvider);
+
         // only start Git data upload in parent process
         gitDataUploader.startOrObserveGitDataUpload();
 
-        RepoIndexBuilder indexBuilder = new RepoIndexBuilder(repoRoot, FileSystems.getDefault());
-        return new DDTestSessionParent(
+        return new DDTestFrameworkSessionImpl(
             projectName,
             startTime,
             config,
-            testModuleRegistry,
             testDecorator,
             sourcePathResolver,
             codeowners,
             methodLinesResolver,
-            moduleExecutionSettingsFactory,
-            signalServer,
-            indexBuilder);
-      }
-
-      InetSocketAddress signalServerAddress = null;
-      String host =
-          System.getProperty(
-              Strings.propertyNameToSystemPropertyName(
-                  CiVisibilityConfig.CIVISIBILITY_SIGNAL_SERVER_HOST));
-      String port =
-          System.getProperty(
-              Strings.propertyNameToSystemPropertyName(
-                  CiVisibilityConfig.CIVISIBILITY_SIGNAL_SERVER_PORT));
-      if (host != null && port != null) {
-        signalServerAddress = new InetSocketAddress(host, Integer.parseInt(port));
+            coverageProbeStoreFactory,
+            moduleExecutionSettingsFactory);
       }
 
-      return new DDTestSessionChild(
+      InetSocketAddress signalServerAddress = getSignalServerAddress();
+      SignalClient.Factory signalClientFactory = new SignalClient.Factory(signalServerAddress);
+      RepoIndexProvider indexProvider = new RepoIndexFetcher(signalClientFactory);
+      SourcePathResolver sourcePathResolver = getSourcePathResolver(repoRoot, indexProvider);
+      CoverageDataSupplier coverageDataSupplier = InstrumentationBridge::getCoverageData;
+      return new DDTestFrameworkSessionProxy(
           parentProcessSessionId,
           parentProcessModuleId,
           config,
@@ -192,12 +309,64 @@ private static DDTestSessionImpl.SessionImplFactory sessionFactory(
           sourcePathResolver,
           codeowners,
           methodLinesResolver,
+          coverageProbeStoreFactory,
+          coverageDataSupplier,
           signalServerAddress);
     };
   }
 
+  private static InetSocketAddress getSignalServerAddress() {
+    String host =
+        System.getProperty(
+            Strings.propertyNameToSystemPropertyName(
+                CiVisibilityConfig.CIVISIBILITY_SIGNAL_SERVER_HOST));
+    String port =
+        System.getProperty(
+            Strings.propertyNameToSystemPropertyName(
+                CiVisibilityConfig.CIVISIBILITY_SIGNAL_SERVER_PORT));
+    if (host != null && port != null) {
+      return new InetSocketAddress(host, Integer.parseInt(port));
+    } else {
+      return null;
+    }
+  }
+
+  private static CIVisibility.SessionFactory apiSessionFactory(
+      Config config, CoverageProbeStoreFactory coverageProbeStoreFactory) {
+    return (String projectName, Path projectRoot, String component, Long startTime) -> {
+      CIProviderInfoFactory ciProviderInfoFactory = new CIProviderInfoFactory(config);
+      CIProviderInfo ciProviderInfo = ciProviderInfoFactory.createCIProviderInfo(projectRoot);
+      CIInfo ciInfo = ciProviderInfo.buildCIInfo();
+      String repoRoot = ciInfo.getCiWorkspace();
+
+      Codeowners codeowners = getCodeowners(repoRoot);
+      MethodLinesResolver methodLinesResolver =
+          new BestEffortMethodLinesResolver(
+              new CompilerAidedMethodLinesResolver(), new ByteCodeMethodLinesResolver());
+
+      Map<String, String> ciTags = new CITagsProvider().getCiTags(ciInfo);
+      TestDecorator testDecorator = new TestDecoratorImpl(component, ciTags);
+      RepoIndexProvider indexProvider = new RepoIndexBuilder(repoRoot, FileSystems.getDefault());
+      SourcePathResolver sourcePathResolver = getSourcePathResolver(repoRoot, indexProvider);
+
+      return new DDTestSessionImpl(
+          projectName,
+          startTime,
+          config,
+          testDecorator,
+          sourcePathResolver,
+          codeowners,
+          methodLinesResolver,
+          coverageProbeStoreFactory);
+    };
+  }
+
   private static GitDataUploader buildGitDataUploader(
-      Config config, BackendApi backendApi, String repoRoot) {
+      Config config,
+      GitInfoProvider gitInfoProvider,
+      GitClient.Factory gitClientFactory,
+      BackendApi backendApi,
+      String repoRoot) {
     if (!config.isCiVisibilityGitUploadEnabled()) {
       return () -> CompletableFuture.completedFuture(null);
     }
@@ -214,18 +383,18 @@ private static GitDataUploader buildGitDataUploader(
       return () -> CompletableFuture.completedFuture(null);
     }
 
-    long commandTimeoutMillis = config.getCiVisibilityGitCommandTimeoutMillis();
     String remoteName = config.getCiVisibilityGitRemoteName();
-
     GitDataApi gitDataApi = new GitDataApi(backendApi);
-    GitClient gitClient = new GitClient(repoRoot, "1 month ago", 1000, commandTimeoutMillis);
-    return new GitDataUploaderImpl(config, gitDataApi, gitClient, remoteName);
+    GitClient gitClient = gitClientFactory.create(repoRoot);
+    return new GitDataUploaderImpl(
+        config, gitDataApi, gitClient, gitInfoProvider, repoRoot, remoteName);
   }
 
   private static ModuleExecutionSettingsFactory buildModuleExecutionSettingsFactory(
       Config config,
       BackendApi backendApi,
       GitDataUploader gitDataUploader,
+      RepoIndexProvider repoIndexProvider,
       String repositoryRoot) {
     ConfigurationApi configurationApi;
     if (backendApi == null) {
@@ -238,27 +407,7 @@ private static ModuleExecutionSettingsFactory buildModuleExecutionSettingsFactor
     return new CachingModuleExecutionSettingsFactory(
         config,
         new ModuleExecutionSettingsFactoryImpl(
-            config, configurationApi, gitDataUploader, repositoryRoot));
-  }
-
-  private static RepoIndexProvider getRepoIndexProvider(Config config, String repoRoot) {
-    String host = config.getCiVisibilitySignalServerHost();
-    int port = config.getCiVisibilitySignalServerPort();
-    if (host != null && port > 0 && config.isCiVisibilityRepoIndexSharingEnabled()) {
-      InetSocketAddress serverAddress = new InetSocketAddress(host, port);
-      Supplier<SignalClient> signalClientFactory =
-          () -> {
-            try {
-              return new SignalClient(serverAddress);
-            } catch (IOException e) {
-              throw new RuntimeException(
-                  "Could not instantiate signal client. " + "Host: " + host + ", port: " + port, e);
-            }
-          };
-      return new RepoIndexFetcher(signalClientFactory);
-    } else {
-      return new RepoIndexBuilder(repoRoot, FileSystems.getDefault());
-    }
+            config, configurationApi, gitDataUploader, repoIndexProvider, repositoryRoot));
   }
 
   private static SourcePathResolver getSourcePathResolver(
@@ -266,7 +415,7 @@ private static SourcePathResolver getSourcePathResolver(
     if (repoRoot != null) {
       RepoIndexSourcePathResolver indexSourcePathResolver =
           new RepoIndexSourcePathResolver(repoRoot, indexProvider);
-      return new BestEfforSourcePathResolver(
+      return new BestEffortSourcePathResolver(
           new CompilerAidedSourcePathResolver(repoRoot), indexSourcePathResolver);
     } else {
       return clazz -> null;
@@ -280,31 +429,4 @@ private static Codeowners getCodeowners(String repoRoot) {
       return path -> null;
     }
   }
-
-  private static TestEventsHandler.Factory testEventsHandlerFactory(
-      Config config, DDTestSessionImpl.SessionImplFactory sessionFactory) {
-    return (String component, Path path) -> {
-      CIProviderInfoFactory ciProviderInfoFactory = new CIProviderInfoFactory(config);
-      CIProviderInfo ciProviderInfo = ciProviderInfoFactory.createCIProviderInfo(path);
-      CIInfo ciInfo = ciProviderInfo.buildCIInfo();
-      String repoRoot = ciInfo.getCiWorkspace();
-      String moduleName =
-          (repoRoot != null) ? Paths.get(repoRoot).relativize(path).toString() : path.toString();
-
-      DDTestSessionImpl testSession =
-          sessionFactory.startSession(moduleName, path, component, null);
-      DDTestModuleImpl testModule = testSession.testModuleStart(moduleName, null);
-      return new TestEventsHandlerImpl(testSession, testModule);
-    };
-  }
-
-  private static BuildEventsHandler.Factory buildEventsHandlerFactory(
-      DDTestSessionImpl.SessionImplFactory sessionFactory) {
-    return new BuildEventsHandler.Factory() {
-      @Override
-      public <U> BuildEventsHandler<U> create() {
-        return new BuildEventsHandlerImpl<>(sessionFactory, new JvmInfoFactory());
-      }
-    };
-  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemModule.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemModule.java
new file mode 100644
index 00000000000..fc428da6ffd
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemModule.java
@@ -0,0 +1,14 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.civisibility.DDTestModule;
+import datadog.trace.api.civisibility.events.BuildEventsHandler;
+import datadog.trace.civisibility.ipc.ModuleExecutionResult;
+
+/** Test module abstraction that is used by build system instrumentations (e.g. Maven, Gradle) */
+public interface DDBuildSystemModule extends DDTestModule {
+  long getId();
+
+  BuildEventsHandler.ModuleInfo getModuleInfo();
+
+  void onModuleExecutionResultReceived(ModuleExecutionResult result);
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemModuleImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemModuleImpl.java
new file mode 100644
index 00000000000..e1c2a0714a5
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemModuleImpl.java
@@ -0,0 +1,215 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.DDTags;
+import datadog.trace.api.civisibility.events.BuildEventsHandler;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
+import datadog.trace.civisibility.coverage.CoverageUtils;
+import datadog.trace.civisibility.decorator.TestDecorator;
+import datadog.trace.civisibility.ipc.ModuleExecutionResult;
+import datadog.trace.civisibility.ipc.TestFramework;
+import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.source.index.RepoIndexProvider;
+import datadog.trace.civisibility.utils.SpanUtils;
+import java.io.File;
+import java.net.InetSocketAddress;
+import java.nio.file.Paths;
+import java.util.Collection;
+import java.util.concurrent.atomic.LongAdder;
+import java.util.function.Consumer;
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import org.jacoco.core.analysis.IBundleCoverage;
+import org.jacoco.core.analysis.ICounter;
+import org.jacoco.core.data.ExecutionDataStore;
+
+public class DDBuildSystemModuleImpl extends DDTestModuleImpl implements DDBuildSystemModule {
+
+  private final String repoRoot;
+  private final InetSocketAddress signalServerAddress;
+  private final Collection<File> outputClassesDirs;
+  private final RepoIndexProvider repoIndexProvider;
+  private final TestModuleRegistry testModuleRegistry;
+  private final LongAdder testsSkipped = new LongAdder();
+  private volatile boolean codeCoverageEnabled;
+  private volatile boolean itrEnabled;
+  private final Object coverageDataLock = new Object();
+
+  @GuardedBy("coverageDataLock")
+  private ExecutionDataStore coverageData;
+
+  public DDBuildSystemModuleImpl(
+      AgentSpan.Context sessionSpanContext,
+      long sessionId,
+      String moduleName,
+      String repoRoot,
+      String startCommand,
+      @Nullable Long startTime,
+      InetSocketAddress signalServerAddress,
+      Collection<File> outputClassesDirs,
+      Config config,
+      TestDecorator testDecorator,
+      SourcePathResolver sourcePathResolver,
+      Codeowners codeowners,
+      MethodLinesResolver methodLinesResolver,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      RepoIndexProvider repoIndexProvider,
+      TestModuleRegistry testModuleRegistry,
+      Consumer<AgentSpan> onSpanFinish) {
+    super(
+        sessionSpanContext,
+        sessionId,
+        moduleName,
+        startTime,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory,
+        onSpanFinish);
+    this.repoRoot = repoRoot;
+    this.signalServerAddress = signalServerAddress;
+    this.outputClassesDirs = outputClassesDirs;
+    this.repoIndexProvider = repoIndexProvider;
+    this.testModuleRegistry = testModuleRegistry;
+
+    setTag(Tags.TEST_COMMAND, startCommand);
+  }
+
+  @Override
+  public long getId() {
+    return span.getSpanId();
+  }
+
+  @Override
+  public BuildEventsHandler.ModuleInfo getModuleInfo() {
+    long moduleId = span.getSpanId();
+    String signalServerHost =
+        signalServerAddress != null ? signalServerAddress.getHostName() : null;
+    int signalServerPort = signalServerAddress != null ? signalServerAddress.getPort() : 0;
+    return new BuildEventsHandler.ModuleInfo(
+        moduleId, sessionId, signalServerHost, signalServerPort);
+  }
+
+  /**
+   * Handles module execution results received from a forked JVM.
+   *
+   * <p>Depending on the build configuration it is possible to have multiple forks created for the
+   * same module: in Gradle this is achieved with {@code maxParallelForks} or {@code forkEvery}
+   * properties of the Test task, in Maven - with {@code forkCount>} property of the Surefire
+   * plugin. The forks can execute either concurrently or sequentially.
+   *
+   * <p>Taking this into account, the method should merge execution results rather than overwrite
+   * them.
+   *
+   * <p>This method is called by the {@link
+   * datadog.trace.util.AgentThreadFactory.AgentThread#CI_SIGNAL_SERVER} thread.
+   *
+   * @param result Module execution results received from a forked JVM.
+   */
+  @Override
+  public void onModuleExecutionResultReceived(ModuleExecutionResult result) {
+    if (result.isCoverageEnabled()) {
+      codeCoverageEnabled = true;
+    }
+    if (result.isItrEnabled()) {
+      itrEnabled = true;
+    }
+
+    testsSkipped.add(result.getTestsSkippedTotal());
+
+    // it is important that modules parse their own instances of ExecutionDataStore
+    // and not share them with the session:
+    // ExecutionData instances that reside inside the store are mutable,
+    // and modifying an ExecutionData in one module is going
+    // to be visible in another module
+    // (see internal implementation of org.jacoco.core.data.ExecutionDataStore.accept)
+    ExecutionDataStore coverageData = CoverageUtils.parse(result.getCoverageData());
+    if (coverageData != null) {
+      synchronized (coverageDataLock) {
+        if (this.coverageData == null) {
+          this.coverageData = coverageData;
+        } else {
+          // merge module coverage data from multiple VMs
+          coverageData.accept(this.coverageData);
+        }
+      }
+    }
+
+    for (TestFramework testFramework : result.getTestFrameworks()) {
+      SpanUtils.mergeTag(span, Tags.TEST_FRAMEWORK, testFramework.getName());
+      SpanUtils.mergeTag(span, Tags.TEST_FRAMEWORK_VERSION, testFramework.getVersion());
+    }
+  }
+
+  @Override
+  public void end(@Nullable Long endTime) {
+    if (codeCoverageEnabled) {
+      setTag(Tags.TEST_CODE_COVERAGE_ENABLED, true);
+    }
+
+    if (itrEnabled) {
+      setTag(Tags.TEST_ITR_TESTS_SKIPPING_ENABLED, true);
+      setTag(Tags.TEST_ITR_TESTS_SKIPPING_TYPE, "test");
+
+      long testsSkippedTotal = testsSkipped.sum();
+      setTag(Tags.TEST_ITR_TESTS_SKIPPING_COUNT, testsSkippedTotal);
+      if (testsSkippedTotal > 0) {
+        setTag(DDTags.CI_ITR_TESTS_SKIPPED, true);
+      }
+    }
+
+    synchronized (coverageDataLock) {
+      if (coverageData != null && !coverageData.getContents().isEmpty()) {
+        processCoverageData(coverageData);
+      }
+    }
+
+    testModuleRegistry.removeModule(this);
+
+    super.end(endTime);
+  }
+
+  private void processCoverageData(ExecutionDataStore coverageData) {
+    if (coverageData == null) {
+      return;
+    }
+    IBundleCoverage coverageBundle =
+        CoverageUtils.createCoverageBundle(coverageData, outputClassesDirs);
+    if (coverageBundle == null) {
+      return;
+    }
+
+    long coveragePercentage = getCoveragePercentage(coverageBundle);
+    setTag(Tags.TEST_CODE_COVERAGE_LINES_PERCENTAGE, coveragePercentage);
+
+    File coverageReportFolder = getCoverageReportFolder();
+    if (coverageReportFolder != null) {
+      CoverageUtils.dumpCoverageReport(
+          coverageBundle, repoIndexProvider.getIndex(), repoRoot, coverageReportFolder);
+    }
+  }
+
+  private static long getCoveragePercentage(IBundleCoverage coverageBundle) {
+    ICounter instructionCounter = coverageBundle.getInstructionCounter();
+    int totalInstructionsCount = instructionCounter.getTotalCount();
+    int coveredInstructionsCount = instructionCounter.getCoveredCount();
+    return Math.round((100d * coveredInstructionsCount) / totalInstructionsCount);
+  }
+
+  private File getCoverageReportFolder() {
+    String coverageReportDumpDir = config.getCiVisibilityCodeCoverageReportDumpDir();
+    if (coverageReportDumpDir != null) {
+      return Paths.get(coverageReportDumpDir, "session-" + sessionId, moduleName)
+          .toAbsolutePath()
+          .toFile();
+    } else {
+      return null;
+    }
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemSession.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemSession.java
new file mode 100644
index 00000000000..09727d30536
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemSession.java
@@ -0,0 +1,27 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.civisibility.DDTestSession;
+import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
+import datadog.trace.civisibility.config.JvmInfo;
+import java.io.File;
+import java.nio.file.Path;
+import java.util.Collection;
+import javax.annotation.Nullable;
+
+/** Test session abstraction that is used by build system instrumentations (e.g. Maven, Gradle) */
+public interface DDBuildSystemSession extends DDTestSession {
+
+  DDBuildSystemModule testModuleStart(
+      String moduleName, @Nullable Long startTime, Collection<File> outputClassesDirs);
+
+  ModuleExecutionSettings getModuleExecutionSettings(JvmInfo jvmInfo);
+
+  interface Factory {
+    DDBuildSystemSession startSession(
+        String projectName,
+        Path projectRoot,
+        String startCommand,
+        String buildSystemName,
+        Long startTime);
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionParent.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemSessionImpl.java
similarity index 55%
rename from dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionParent.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemSessionImpl.java
index c91d558dee1..200b7a6c570 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionParent.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDBuildSystemSessionImpl.java
@@ -1,21 +1,15 @@
 package datadog.trace.civisibility;
 
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
-
 import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
-import datadog.trace.api.civisibility.CIConstants;
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
 import datadog.trace.api.civisibility.config.SkippableTest;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.config.JvmInfo;
 import datadog.trace.civisibility.config.ModuleExecutionSettingsFactory;
-import datadog.trace.civisibility.context.SpanTestContext;
-import datadog.trace.civisibility.context.TestContext;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
+import datadog.trace.civisibility.coverage.CoverageUtils;
 import datadog.trace.civisibility.decorator.TestDecorator;
 import datadog.trace.civisibility.ipc.ErrorResponse;
 import datadog.trace.civisibility.ipc.ModuleExecutionResult;
@@ -27,31 +21,44 @@
 import datadog.trace.civisibility.ipc.SkippableTestsRequest;
 import datadog.trace.civisibility.ipc.SkippableTestsResponse;
 import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import datadog.trace.civisibility.source.index.RepoIndex;
 import datadog.trace.civisibility.source.index.RepoIndexBuilder;
+import datadog.trace.civisibility.utils.SpanUtils;
+import java.io.File;
+import java.nio.file.Paths;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.concurrent.atomic.LongAdder;
 import javax.annotation.Nullable;
-
-public class DDTestSessionParent extends DDTestSessionImpl {
-
-  private final AgentSpan span;
-  private final TestContext context;
+import javax.annotation.concurrent.GuardedBy;
+import org.jacoco.core.analysis.IBundleCoverage;
+import org.jacoco.core.analysis.ICounter;
+import org.jacoco.core.data.ExecutionDataStore;
+
+public class DDBuildSystemSessionImpl extends DDTestSessionImpl implements DDBuildSystemSession {
+  private final String repoRoot;
+  private final String startCommand;
   private final TestModuleRegistry testModuleRegistry;
-  private final Config config;
-  private final TestDecorator testDecorator;
-  private final SourcePathResolver sourcePathResolver;
-  private final Codeowners codeowners;
-  private final MethodLinesResolver methodLinesResolver;
   private final ModuleExecutionSettingsFactory moduleExecutionSettingsFactory;
   private final SignalServer signalServer;
   private final RepoIndexBuilder repoIndexBuilder;
   protected final LongAdder testsSkipped = new LongAdder();
   private volatile boolean codeCoverageEnabled;
   private volatile boolean itrEnabled;
+  private final Object coverageDataLock = new Object();
+
+  @GuardedBy("coverageDataLock")
+  private final ExecutionDataStore coverageData = new ExecutionDataStore();
 
-  public DDTestSessionParent(
+  @GuardedBy("coverageDataLock")
+  private final Collection<File> outputClassesDirs = new HashSet<>();
+
+  public DDBuildSystemSessionImpl(
       String projectName,
+      String repoRoot,
+      String startCommand,
       @Nullable Long startTime,
       Config config,
       TestModuleRegistry testModuleRegistry,
@@ -60,34 +67,25 @@ public DDTestSessionParent(
       Codeowners codeowners,
       MethodLinesResolver methodLinesResolver,
       ModuleExecutionSettingsFactory moduleExecutionSettingsFactory,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
       SignalServer signalServer,
       RepoIndexBuilder repoIndexBuilder) {
-    this.config = config;
+    super(
+        projectName,
+        startTime,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory);
+    this.repoRoot = repoRoot;
+    this.startCommand = startCommand;
     this.testModuleRegistry = testModuleRegistry;
-    this.testDecorator = testDecorator;
-    this.sourcePathResolver = sourcePathResolver;
-    this.codeowners = codeowners;
-    this.methodLinesResolver = methodLinesResolver;
     this.moduleExecutionSettingsFactory = moduleExecutionSettingsFactory;
     this.signalServer = signalServer;
     this.repoIndexBuilder = repoIndexBuilder;
 
-    if (startTime != null) {
-      span = startSpan(testDecorator.component() + ".test_session", startTime);
-    } else {
-      span = startSpan(testDecorator.component() + ".test_session");
-    }
-
-    context = new SpanTestContext(span, null);
-
-    span.setSpanType(InternalSpanTypes.TEST_SESSION_END);
-    span.setTag(Tags.SPAN_KIND, Tags.SPAN_KIND_TEST_SESSION);
-    span.setTag(Tags.TEST_SESSION_ID, context.getId());
-
-    span.setResourceName(projectName);
-
-    testDecorator.afterStart(span);
-
     signalServer.registerSignalHandler(
         SignalType.MODULE_EXECUTION_RESULT, this::onModuleExecutionResultReceived);
     signalServer.registerSignalHandler(
@@ -95,6 +93,8 @@ public DDTestSessionParent(
     signalServer.registerSignalHandler(
         SignalType.SKIPPABLE_TESTS_REQUEST, this::onSkippableTestsRequestReceived);
     signalServer.start();
+
+    setTag(Tags.TEST_COMMAND, startCommand);
   }
 
   private SignalResponse onModuleExecutionResultReceived(ModuleExecutionResult result) {
@@ -104,16 +104,17 @@ private SignalResponse onModuleExecutionResultReceived(ModuleExecutionResult res
     if (result.isItrEnabled()) {
       itrEnabled = true;
     }
-    String testFramework = result.getTestFramework();
-    if (testFramework != null) {
-      setTag(Tags.TEST_FRAMEWORK, testFramework);
-    }
-    String testFrameworkVersion = result.getTestFrameworkVersion();
-    if (testFrameworkVersion != null) {
-      setTag(Tags.TEST_FRAMEWORK_VERSION, testFrameworkVersion);
-    }
 
     testsSkipped.add(result.getTestsSkippedTotal());
+
+    ExecutionDataStore moduleCoverageData = CoverageUtils.parse(result.getCoverageData());
+    if (moduleCoverageData != null) {
+      synchronized (coverageDataLock) {
+        // add module coverage data to session coverage data
+        moduleCoverageData.accept(coverageData);
+      }
+    }
+
     return testModuleRegistry.onModuleExecutionResultReceived(result);
   }
 
@@ -140,37 +141,14 @@ private SignalResponse onSkippableTestsRequestReceived(
     }
   }
 
-  @Override
-  public void setTag(String key, Object value) {
-    span.setTag(key, value);
-  }
-
-  @Override
-  public void setErrorInfo(Throwable error) {
-    span.setError(true);
-    span.addThrowable(error);
-    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_FAIL);
-  }
-
-  @Override
-  public void setSkipReason(String skipReason) {
-    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
-    if (skipReason != null) {
-      span.setTag(Tags.TEST_SKIP_REASON, skipReason);
-    }
-  }
-
   @Override
   public void end(@Nullable Long endTime) {
     signalServer.stop();
 
-    String status = context.getStatus();
-    span.setTag(Tags.TEST_STATUS, status != null ? status : CIConstants.TEST_SKIP);
-    testDecorator.beforeFinish(span);
-
     if (codeCoverageEnabled) {
       setTag(Tags.TEST_CODE_COVERAGE_ENABLED, true);
     }
+
     if (itrEnabled) {
       setTag(Tags.TEST_ITR_TESTS_SKIPPING_ENABLED, true);
       setTag(Tags.TEST_ITR_TESTS_SKIPPING_TYPE, "test");
@@ -182,28 +160,81 @@ public void end(@Nullable Long endTime) {
       }
     }
 
-    if (endTime != null) {
-      span.finish(endTime);
+    synchronized (coverageDataLock) {
+      if (!coverageData.getContents().isEmpty()) {
+        processCoverageData(coverageData);
+      }
+    }
+
+    super.end(endTime);
+  }
+
+  private void processCoverageData(ExecutionDataStore coverageData) {
+    IBundleCoverage coverageBundle =
+        CoverageUtils.createCoverageBundle(coverageData, outputClassesDirs);
+    if (coverageBundle == null) {
+      return;
+    }
+
+    long coveragePercentage = getCoveragePercentage(coverageBundle);
+    setTag(Tags.TEST_CODE_COVERAGE_LINES_PERCENTAGE, coveragePercentage);
+
+    File coverageReportFolder = getCoverageReportFolder();
+    if (coverageReportFolder != null) {
+      CoverageUtils.dumpCoverageReport(
+          coverageBundle, repoIndexBuilder.getIndex(), repoRoot, coverageReportFolder);
+    }
+  }
+
+  private static long getCoveragePercentage(IBundleCoverage coverageBundle) {
+    ICounter instructionCounter = coverageBundle.getInstructionCounter();
+    int totalInstructionsCount = instructionCounter.getTotalCount();
+    int coveredInstructionsCount = instructionCounter.getCoveredCount();
+    return Math.round((100d * coveredInstructionsCount) / totalInstructionsCount);
+  }
+
+  private File getCoverageReportFolder() {
+    String coverageReportDumpDir = config.getCiVisibilityCodeCoverageReportDumpDir();
+    if (coverageReportDumpDir != null) {
+      return Paths.get(coverageReportDumpDir, "session-" + span.getSpanId(), "aggregated")
+          .toAbsolutePath()
+          .toFile();
     } else {
-      span.finish();
+      return null;
     }
   }
 
   @Override
-  public DDTestModuleImpl testModuleStart(String moduleName, @Nullable Long startTime) {
-    DDTestModuleParent module =
-        new DDTestModuleParent(
-            context,
+  public DDBuildSystemModuleImpl testModuleStart(String moduleName, @Nullable Long startTime) {
+    return testModuleStart(moduleName, startTime, Collections.emptySet());
+  }
+
+  @Override
+  public DDBuildSystemModuleImpl testModuleStart(
+      String moduleName, @Nullable Long startTime, Collection<File> outputClassesDirs) {
+    synchronized (coverageDataLock) {
+      this.outputClassesDirs.addAll(outputClassesDirs);
+    }
+
+    DDBuildSystemModuleImpl module =
+        new DDBuildSystemModuleImpl(
+            span.context(),
+            span.getSpanId(),
             moduleName,
+            repoRoot,
+            startCommand,
             startTime,
+            signalServer.getAddress(),
+            outputClassesDirs,
             config,
-            testModuleRegistry,
             testDecorator,
             sourcePathResolver,
             codeowners,
             methodLinesResolver,
-            moduleExecutionSettingsFactory,
-            signalServer.getAddress());
+            coverageProbeStoreFactory,
+            repoIndexBuilder,
+            testModuleRegistry,
+            SpanUtils.propagateCiVisibilityTagsTo(span));
     testModuleRegistry.addModule(module);
     return module;
   }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModule.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModule.java
new file mode 100644
index 00000000000..6e2cf4687a3
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModule.java
@@ -0,0 +1,32 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.civisibility.config.SkippableTest;
+import javax.annotation.Nullable;
+
+/** Test module abstraction that is used by test framework instrumentations (e.g. JUnit, TestNG) */
+public interface DDTestFrameworkModule {
+  DDTestSuiteImpl testSuiteStart(
+      String testSuiteName,
+      @Nullable Class<?> testClass,
+      @Nullable Long startTime,
+      boolean parallelized);
+
+  /**
+   * Checks if a given test can be skipped with Intelligent Test Runner or not
+   *
+   * @param test Test to be checked
+   * @return {@code true} if the test can be skipped, {@code false} otherwise
+   */
+  boolean isSkippable(SkippableTest test);
+
+  /**
+   * Checks if a given test can be skipped with Intelligent Test Runner or not. It the test is
+   * considered skippable, the count of skippable tests is incremented.
+   *
+   * @param test Test to be checked
+   * @return {@code true} if the test can be skipped, {@code false} otherwise
+   */
+  boolean skip(SkippableTest test);
+
+  void end(Long startTime);
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModuleImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModuleImpl.java
new file mode 100644
index 00000000000..bd827180c72
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModuleImpl.java
@@ -0,0 +1,107 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.DDTags;
+import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.config.JvmInfo;
+import datadog.trace.civisibility.config.ModuleExecutionSettingsFactory;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
+import datadog.trace.civisibility.decorator.TestDecorator;
+import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.concurrent.atomic.LongAdder;
+import java.util.function.Consumer;
+import javax.annotation.Nullable;
+
+/**
+ * Test module implementation that is used by test framework instrumentations only in cases when the
+ * build system is NOT instrumented: This class manages the module span since there is no build
+ * system instrumentation to do it
+ */
+public class DDTestFrameworkModuleImpl extends DDTestModuleImpl implements DDTestFrameworkModule {
+
+  private final LongAdder testsSkipped = new LongAdder();
+  private final Collection<SkippableTest> skippableTests;
+  private final boolean codeCoverageEnabled;
+  private final boolean itrEnabled;
+
+  public DDTestFrameworkModuleImpl(
+      AgentSpan.Context sessionSpanContext,
+      long sessionId,
+      String moduleName,
+      @Nullable Long startTime,
+      Config config,
+      TestDecorator testDecorator,
+      SourcePathResolver sourcePathResolver,
+      Codeowners codeowners,
+      MethodLinesResolver methodLinesResolver,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      ModuleExecutionSettingsFactory moduleExecutionSettingsFactory,
+      Consumer<AgentSpan> onSpanFinish) {
+    super(
+        sessionSpanContext,
+        sessionId,
+        moduleName,
+        startTime,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory,
+        onSpanFinish);
+
+    ModuleExecutionSettings moduleExecutionSettings =
+        moduleExecutionSettingsFactory.create(JvmInfo.CURRENT_JVM, moduleName);
+    codeCoverageEnabled = moduleExecutionSettings.isCodeCoverageEnabled();
+    itrEnabled = moduleExecutionSettings.isItrEnabled();
+    Collection<SkippableTest> moduleSkippableTests =
+        moduleExecutionSettings.getSkippableTests(moduleName);
+    skippableTests =
+        moduleSkippableTests.size() > 100
+            ? new HashSet<>(moduleSkippableTests)
+            : new ArrayList<>(moduleSkippableTests);
+  }
+
+  @Override
+  public boolean isSkippable(SkippableTest test) {
+    return test != null && skippableTests.contains(test);
+  }
+
+  @Override
+  public boolean skip(SkippableTest test) {
+    if (isSkippable(test)) {
+      testsSkipped.increment();
+      return true;
+    } else {
+      return false;
+    }
+  }
+
+  @Override
+  public void end(@Nullable Long endTime) {
+    if (codeCoverageEnabled) {
+      setTag(Tags.TEST_CODE_COVERAGE_ENABLED, true);
+    }
+
+    if (itrEnabled) {
+      setTag(Tags.TEST_ITR_TESTS_SKIPPING_ENABLED, true);
+      setTag(Tags.TEST_ITR_TESTS_SKIPPING_TYPE, "test");
+
+      long testsSkippedTotal = testsSkipped.sum();
+      setTag(Tags.TEST_ITR_TESTS_SKIPPING_COUNT, testsSkippedTotal);
+      if (testsSkippedTotal > 0) {
+        setTag(DDTags.CI_ITR_TESTS_SKIPPED, true);
+      }
+    }
+
+    super.end(endTime);
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModuleProxy.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModuleProxy.java
new file mode 100644
index 00000000000..f6cf2224685
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkModuleProxy.java
@@ -0,0 +1,175 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import datadog.trace.api.civisibility.coverage.CoverageDataSupplier;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.config.JvmInfo;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
+import datadog.trace.civisibility.decorator.TestDecorator;
+import datadog.trace.civisibility.ipc.ModuleExecutionResult;
+import datadog.trace.civisibility.ipc.SignalClient;
+import datadog.trace.civisibility.ipc.SkippableTestsRequest;
+import datadog.trace.civisibility.ipc.SkippableTestsResponse;
+import datadog.trace.civisibility.ipc.TestFramework;
+import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.LongAdder;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Test module implementation that is used by test framework instrumentations in those cases when
+ * the build system IS instrumented: since build system instrumentation manages module spans, this
+ * class does not do it. Instead, it accumulates module execution data and forwards it to the parent
+ * process (build system) using the signal server
+ */
+public class DDTestFrameworkModuleProxy implements DDTestFrameworkModule {
+  private static final Logger log = LoggerFactory.getLogger(DDTestFrameworkModuleProxy.class);
+
+  private final long parentProcessSessionId;
+  private final long parentProcessModuleId;
+  private final String moduleName;
+  private final InetSocketAddress signalServerAddress;
+  private final CoverageDataSupplier coverageDataSupplier;
+  private final Config config;
+  private final TestDecorator testDecorator;
+  private final SourcePathResolver sourcePathResolver;
+  private final Codeowners codeowners;
+  private final MethodLinesResolver methodLinesResolver;
+  private final CoverageProbeStoreFactory coverageProbeStoreFactory;
+  private final LongAdder testsSkipped = new LongAdder();
+  private final Collection<SkippableTest> skippableTests;
+  private final Collection<TestFramework> testFrameworks = ConcurrentHashMap.newKeySet();
+
+  public DDTestFrameworkModuleProxy(
+      long parentProcessSessionId,
+      long parentProcessModuleId,
+      String moduleName,
+      Config config,
+      TestDecorator testDecorator,
+      SourcePathResolver sourcePathResolver,
+      Codeowners codeowners,
+      MethodLinesResolver methodLinesResolver,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      CoverageDataSupplier coverageDataSupplier,
+      @Nullable InetSocketAddress signalServerAddress) {
+    this.parentProcessSessionId = parentProcessSessionId;
+    this.parentProcessModuleId = parentProcessModuleId;
+    this.moduleName = moduleName;
+    this.signalServerAddress = signalServerAddress;
+    this.coverageDataSupplier = coverageDataSupplier;
+    this.config = config;
+    this.testDecorator = testDecorator;
+    this.sourcePathResolver = sourcePathResolver;
+    this.codeowners = codeowners;
+    this.methodLinesResolver = methodLinesResolver;
+    this.coverageProbeStoreFactory = coverageProbeStoreFactory;
+    this.skippableTests = fetchSkippableTests(moduleName, signalServerAddress);
+  }
+
+  private Collection<SkippableTest> fetchSkippableTests(
+      String moduleName, InetSocketAddress signalServerAddress) {
+    if (!config.isCiVisibilityItrEnabled()) {
+      return Collections.emptyList();
+    }
+
+    SkippableTestsRequest request = new SkippableTestsRequest(moduleName, JvmInfo.CURRENT_JVM);
+    try (SignalClient signalClient = new SignalClient(signalServerAddress)) {
+      SkippableTestsResponse response = (SkippableTestsResponse) signalClient.send(request);
+      Collection<SkippableTest> moduleSkippableTests = response.getTests();
+      log.debug("Received {} skippable tests", moduleSkippableTests.size());
+      return moduleSkippableTests.size() > 100
+          ? new HashSet<>(moduleSkippableTests)
+          : new ArrayList<>(moduleSkippableTests);
+    } catch (Exception e) {
+      log.error("Error while requesting skippable tests", e);
+      return Collections.emptySet();
+    }
+  }
+
+  @Override
+  public boolean isSkippable(SkippableTest test) {
+    return test != null && skippableTests.contains(test);
+  }
+
+  @Override
+  public boolean skip(SkippableTest test) {
+    if (isSkippable(test)) {
+      testsSkipped.increment();
+      return true;
+    } else {
+      return false;
+    }
+  }
+
+  @Override
+  public void end(@Nullable Long endTime) {
+    // we have no span locally,
+    // send execution result to parent process that manages the span
+    sendModuleExecutionResult();
+  }
+
+  private void sendModuleExecutionResult() {
+    boolean coverageEnabled = config.isCiVisibilityCodeCoverageEnabled();
+    boolean itrEnabled = config.isCiVisibilityItrEnabled();
+    long testsSkippedTotal = testsSkipped.sum();
+    byte[] coverageData = coverageDataSupplier.get();
+
+    ModuleExecutionResult moduleExecutionResult =
+        new ModuleExecutionResult(
+            parentProcessSessionId,
+            parentProcessModuleId,
+            coverageEnabled,
+            itrEnabled,
+            testsSkippedTotal,
+            testFrameworks,
+            coverageData);
+
+    try (SignalClient signalClient = new SignalClient(signalServerAddress)) {
+      signalClient.send(moduleExecutionResult);
+    } catch (Exception e) {
+      log.error("Error while reporting module execution result", e);
+    }
+  }
+
+  @Override
+  public DDTestSuiteImpl testSuiteStart(
+      String testSuiteName,
+      @Nullable Class<?> testClass,
+      @Nullable Long startTime,
+      boolean parallelized) {
+    return new DDTestSuiteImpl(
+        null,
+        parentProcessSessionId,
+        parentProcessModuleId,
+        moduleName,
+        testSuiteName,
+        testClass,
+        startTime,
+        parallelized,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory,
+        this::propagateTestFrameworkData);
+  }
+
+  private void propagateTestFrameworkData(AgentSpan childSpan) {
+    testFrameworks.add(
+        new TestFramework(
+            (String) childSpan.getTag(Tags.TEST_FRAMEWORK),
+            (String) childSpan.getTag(Tags.TEST_FRAMEWORK_VERSION)));
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSession.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSession.java
new file mode 100644
index 00000000000..d41bce5d2dd
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSession.java
@@ -0,0 +1,16 @@
+package datadog.trace.civisibility;
+
+import java.nio.file.Path;
+import javax.annotation.Nullable;
+
+/** Test session abstraction that is used by test framework instrumentations (e.g. JUnit, TestNG) */
+public interface DDTestFrameworkSession {
+  void end(Long startTime);
+
+  DDTestFrameworkModule testModuleStart(String moduleName, @Nullable Long startTime);
+
+  interface Factory {
+    DDTestFrameworkSession startSession(
+        String projectName, Path projectRoot, String component, Long startTime);
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSessionImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSessionImpl.java
new file mode 100644
index 00000000000..237c6ea2fb3
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSessionImpl.java
@@ -0,0 +1,61 @@
+package datadog.trace.civisibility;
+
+import datadog.trace.api.Config;
+import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.config.ModuleExecutionSettingsFactory;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
+import datadog.trace.civisibility.decorator.TestDecorator;
+import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.utils.SpanUtils;
+import javax.annotation.Nullable;
+
+/**
+ * Test session implementation that is used by test framework instrumentations only in cases when
+ * the build system is NOT instrumented. This class manages the session span since there is no build
+ * system instrumentation to do it
+ */
+public class DDTestFrameworkSessionImpl extends DDTestSessionImpl
+    implements DDTestFrameworkSession {
+
+  private final ModuleExecutionSettingsFactory moduleExecutionSettingsFactory;
+
+  public DDTestFrameworkSessionImpl(
+      String projectName,
+      @Nullable Long startTime,
+      Config config,
+      TestDecorator testDecorator,
+      SourcePathResolver sourcePathResolver,
+      Codeowners codeowners,
+      MethodLinesResolver methodLinesResolver,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      ModuleExecutionSettingsFactory moduleExecutionSettingsFactory) {
+    super(
+        projectName,
+        startTime,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory);
+    this.moduleExecutionSettingsFactory = moduleExecutionSettingsFactory;
+  }
+
+  @Override
+  public DDTestFrameworkModuleImpl testModuleStart(String moduleName, @Nullable Long startTime) {
+    return new DDTestFrameworkModuleImpl(
+        span.context(),
+        span.getSpanId(),
+        moduleName,
+        startTime,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory,
+        moduleExecutionSettingsFactory,
+        SpanUtils.propagateCiVisibilityTagsTo(span));
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionChild.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSessionProxy.java
similarity index 53%
rename from dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionChild.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSessionProxy.java
index 409c658d409..efbfa55f377 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionChild.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestFrameworkSessionProxy.java
@@ -1,34 +1,43 @@
 package datadog.trace.civisibility;
 
 import datadog.trace.api.Config;
-import datadog.trace.api.civisibility.config.JvmInfo;
-import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
+import datadog.trace.api.civisibility.coverage.CoverageDataSupplier;
 import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
 import datadog.trace.civisibility.decorator.TestDecorator;
 import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import java.net.InetSocketAddress;
 import javax.annotation.Nullable;
 
-public class DDTestSessionChild extends DDTestSessionImpl {
+/**
+ * Test session implementation that is used by test framework instrumentations in those cases when
+ * the build system IS instrumented: since build system instrumentation manages the session span,
+ * this class does not do it
+ */
+public class DDTestFrameworkSessionProxy implements DDTestFrameworkSession {
 
-  private final Long parentProcessSessionId;
-  private final Long parentProcessModuleId;
+  private final long parentProcessSessionId;
+  private final long parentProcessModuleId;
   private final Config config;
   private final TestDecorator testDecorator;
   private final SourcePathResolver sourcePathResolver;
   private final Codeowners codeowners;
   private final MethodLinesResolver methodLinesResolver;
+  private final CoverageProbeStoreFactory coverageProbeStoreFactory;
+  private final CoverageDataSupplier coverageDataSupplier;
   @Nullable private final InetSocketAddress signalServerAddress;
 
-  public DDTestSessionChild(
-      Long parentProcessSessionId,
-      Long parentProcessModuleId,
+  public DDTestFrameworkSessionProxy(
+      long parentProcessSessionId,
+      long parentProcessModuleId,
       Config config,
       TestDecorator testDecorator,
       SourcePathResolver sourcePathResolver,
       Codeowners codeowners,
       MethodLinesResolver methodLinesResolver,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      CoverageDataSupplier coverageDataSupplier,
       @Nullable InetSocketAddress signalServerAddress) {
     this.parentProcessSessionId = parentProcessSessionId;
     this.parentProcessModuleId = parentProcessModuleId;
@@ -37,32 +46,19 @@ public DDTestSessionChild(
     this.sourcePathResolver = sourcePathResolver;
     this.codeowners = codeowners;
     this.methodLinesResolver = methodLinesResolver;
+    this.coverageProbeStoreFactory = coverageProbeStoreFactory;
+    this.coverageDataSupplier = coverageDataSupplier;
     this.signalServerAddress = signalServerAddress;
   }
 
   @Override
-  public void setTag(String key, Object value) {
-    throw new UnsupportedOperationException("Setting tags is not supported: " + key + ", " + value);
-  }
-
-  @Override
-  public void setErrorInfo(Throwable error) {
-    throw new UnsupportedOperationException("Setting error info is not supported: " + error);
-  }
-
-  @Override
-  public void setSkipReason(String skipReason) {
-    throw new UnsupportedOperationException("Setting skip reason is not supported: " + skipReason);
-  }
-
-  @Override
-  public void end(@Nullable Long endTime) {
+  public void end(Long startTime) {
     // no op
   }
 
   @Override
-  public DDTestModuleImpl testModuleStart(String moduleName, @Nullable Long startTime) {
-    return new DDTestModuleChild(
+  public DDTestFrameworkModule testModuleStart(String moduleName, @Nullable Long startTime) {
+    return new DDTestFrameworkModuleProxy(
         parentProcessSessionId,
         parentProcessModuleId,
         moduleName,
@@ -71,12 +67,8 @@ public DDTestModuleImpl testModuleStart(String moduleName, @Nullable Long startT
         sourcePathResolver,
         codeowners,
         methodLinesResolver,
+        coverageProbeStoreFactory,
+        coverageDataSupplier,
         signalServerAddress);
   }
-
-  @Override
-  public ModuleExecutionSettings getModuleExecutionSettings(JvmInfo jvmInfo) {
-    throw new UnsupportedOperationException(
-        "Getting module execution settings is not supported: " + jvmInfo);
-  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestImpl.java
index d3e85423008..567e40f23c4 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestImpl.java
@@ -8,7 +8,6 @@
 import datadog.trace.api.civisibility.DDTest;
 import datadog.trace.api.civisibility.InstrumentationBridge;
 import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
 import datadog.trace.api.gateway.RequestContextSlot;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
@@ -16,13 +15,14 @@
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.civisibility.codeowners.Codeowners;
-import datadog.trace.civisibility.context.TestContext;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
 import datadog.trace.civisibility.decorator.TestDecorator;
 import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import java.lang.reflect.Method;
 import java.util.Collection;
+import java.util.function.Consumer;
 import javax.annotation.Nullable;
-import org.objectweb.asm.Type;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,27 +31,30 @@ public class DDTestImpl implements DDTest {
   private static final Logger log = LoggerFactory.getLogger(DDTestImpl.class);
 
   private final AgentSpan span;
-  private final TestContext suiteContext;
-  private final TestContext moduleContext;
-  private final TestDecorator testDecorator;
+  private final long sessionId;
+  private final long suiteId;
+  private final Consumer<AgentSpan> onSpanFinish;
 
   public DDTestImpl(
-      TestContext suiteContext,
-      TestContext moduleContext,
+      long sessionId,
+      long moduleId,
+      long suiteId,
       String moduleName,
       String testSuiteName,
       String testName,
       @Nullable Long startTime,
       @Nullable Class<?> testClass,
-      @Nullable String testMethodName,
       @Nullable Method testMethod,
       Config config,
       TestDecorator testDecorator,
       SourcePathResolver sourcePathResolver,
       MethodLinesResolver methodLinesResolver,
-      Codeowners codeowners) {
-    this.suiteContext = suiteContext;
-    this.moduleContext = moduleContext;
+      Codeowners codeowners,
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      Consumer<AgentSpan> onSpanFinish) {
+    this.sessionId = sessionId;
+    this.suiteId = suiteId;
+    this.onSpanFinish = onSpanFinish;
 
     AgentTracer.SpanBuilder spanBuilder =
         AgentTracer.get()
@@ -60,7 +63,7 @@ public DDTestImpl(
             .asChildOf(null)
             .withRequestContextData(
                 RequestContextSlot.CI_VISIBILITY,
-                InstrumentationBridge.createCoverageProbeStore(sourcePathResolver));
+                coverageProbeStoreFactory.create(sourcePathResolver));
 
     if (startTime != null) {
       spanBuilder = spanBuilder.withStartTimestamp(startTime);
@@ -79,10 +82,6 @@ public DDTestImpl(
     span.setTag(Tags.TEST_SUITE, testSuiteName);
     span.setTag(Tags.TEST_MODULE, moduleName);
 
-    Long suiteId = suiteContext.getId();
-    Long moduleId = moduleContext.getId();
-    Long sessionId = moduleContext.getParentId();
-
     span.setTag(Tags.TEST_SUITE_ID, suiteId);
     span.setTag(Tags.TEST_MODULE_ID, moduleId);
     span.setTag(Tags.TEST_SESSION_ID, sessionId);
@@ -92,17 +91,13 @@ public DDTestImpl(
     if (testClass != null && !testClass.getName().equals(testSuiteName)) {
       span.setTag(Tags.TEST_SOURCE_CLASS, testClass.getName());
     }
-    if (testMethodName != null && testMethod != null) {
-      span.setTag(Tags.TEST_SOURCE_METHOD, testMethodName + Type.getMethodDescriptor(testMethod));
-    }
 
     if (config.isCiVisibilitySourceDataEnabled()) {
       populateSourceDataTags(
           span, testClass, testMethod, sourcePathResolver, methodLinesResolver, codeowners);
     }
 
-    this.testDecorator = testDecorator;
-    this.testDecorator.afterStart(span);
+    testDecorator.afterStart(span);
   }
 
   private void populateSourceDataTags(
@@ -184,14 +179,11 @@ public void end(@Nullable Long endTime) {
     }
 
     CoverageProbeStore probes = span.getRequestContext().getData(RequestContextSlot.CI_VISIBILITY);
-    probes.report(moduleContext.getParentId(), suiteContext.getId(), span.getSpanId());
+    probes.report(sessionId, suiteId, span.getSpanId());
 
     scope.close();
 
-    String status = (String) span.getTag(Tags.TEST_STATUS);
-    suiteContext.reportChildStatus(status);
-
-    testDecorator.beforeFinish(span);
+    onSpanFinish.accept(span);
 
     if (endTime != null) {
       span.finish(endTime);
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleChild.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleChild.java
deleted file mode 100644
index f0c57d27db1..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleChild.java
+++ /dev/null
@@ -1,120 +0,0 @@
-package datadog.trace.civisibility;
-
-import datadog.trace.api.Config;
-import datadog.trace.api.civisibility.config.JvmInfo;
-import datadog.trace.api.civisibility.config.SkippableTest;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
-import datadog.trace.bootstrap.instrumentation.api.Tags;
-import datadog.trace.civisibility.codeowners.Codeowners;
-import datadog.trace.civisibility.context.ParentProcessTestContext;
-import datadog.trace.civisibility.decorator.TestDecorator;
-import datadog.trace.civisibility.ipc.ModuleExecutionResult;
-import datadog.trace.civisibility.ipc.SignalClient;
-import datadog.trace.civisibility.ipc.SkippableTestsRequest;
-import datadog.trace.civisibility.ipc.SkippableTestsResponse;
-import datadog.trace.civisibility.source.MethodLinesResolver;
-import java.net.InetSocketAddress;
-import java.util.Collection;
-import java.util.Collections;
-import javax.annotation.Nullable;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Representation of a test module in a child process (JVM that is forked by build system to run the
- * tests)
- */
-public class DDTestModuleChild extends DDTestModuleImpl {
-
-  private static final Logger log = LoggerFactory.getLogger(DDTestModuleChild.class);
-
-  private final ParentProcessTestContext context;
-
-  public DDTestModuleChild(
-      Long parentProcessSessionId,
-      Long parentProcessModuleId,
-      String moduleName,
-      Config config,
-      TestDecorator testDecorator,
-      SourcePathResolver sourcePathResolver,
-      Codeowners codeowners,
-      MethodLinesResolver methodLinesResolver,
-      @Nullable InetSocketAddress signalServerAddress) {
-    super(
-        moduleName,
-        config,
-        testDecorator,
-        sourcePathResolver,
-        codeowners,
-        methodLinesResolver,
-        signalServerAddress);
-    context = new ParentProcessTestContext(parentProcessSessionId, parentProcessModuleId);
-  }
-
-  @Override
-  protected ParentProcessTestContext getContext() {
-    return context;
-  }
-
-  @Override
-  public void setTag(String key, Object value) {
-    throw new UnsupportedOperationException("Setting tags is not supported: " + key + ", " + value);
-  }
-
-  @Override
-  public void setErrorInfo(Throwable error) {
-    throw new UnsupportedOperationException("Setting error info is not supported: " + error);
-  }
-
-  @Override
-  public void setSkipReason(String skipReason) {
-    throw new UnsupportedOperationException("Setting skip reason is not supported: " + skipReason);
-  }
-
-  @Override
-  public void end(@Nullable Long endTime) {
-    // we have no span locally,
-    // send execution result to parent process that has the span
-    sendModuleExecutionResult();
-  }
-
-  private void sendModuleExecutionResult() {
-    long moduleId = context.getId();
-    long sessionId = context.getParentId();
-    boolean coverageEnabled = config.isCiVisibilityCodeCoverageEnabled();
-    boolean itrEnabled = config.isCiVisibilityItrEnabled();
-    long testsSkippedTotal = testsSkipped.sum();
-    String testFramework = String.valueOf(context.getChildTag(Tags.TEST_FRAMEWORK));
-    String testFrameworkVersion = String.valueOf(context.getChildTag(Tags.TEST_FRAMEWORK_VERSION));
-
-    ModuleExecutionResult moduleExecutionResult =
-        new ModuleExecutionResult(
-            sessionId,
-            moduleId,
-            coverageEnabled,
-            itrEnabled,
-            testsSkippedTotal,
-            testFramework,
-            testFrameworkVersion);
-
-    try (SignalClient signalClient = new SignalClient(signalServerAddress)) {
-      signalClient.send(moduleExecutionResult);
-    } catch (Exception e) {
-      log.error("Error while reporting module execution result", e);
-    }
-  }
-
-  @Override
-  protected Collection<SkippableTest> fetchSkippableTests() {
-    SkippableTestsRequest request = new SkippableTestsRequest(moduleName, JvmInfo.CURRENT_JVM);
-    try (SignalClient signalClient = new SignalClient(signalServerAddress)) {
-      SkippableTestsResponse response = (SkippableTestsResponse) signalClient.send(request);
-      Collection<SkippableTest> tests = response.getTests();
-      log.debug("Received {} skippable tests", tests.size());
-      return tests;
-    } catch (Exception e) {
-      log.error("Error while requesting skippable tests", e);
-      return Collections.emptySet();
-    }
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleImpl.java
index 5f61248efd7..371f0d8a211 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleImpl.java
@@ -1,51 +1,109 @@
 package datadog.trace.civisibility;
 
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+
 import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.CIConstants;
 import datadog.trace.api.civisibility.DDTestModule;
-import datadog.trace.api.civisibility.config.SkippableTest;
-import datadog.trace.api.civisibility.events.BuildEventsHandler;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.civisibility.codeowners.Codeowners;
-import datadog.trace.civisibility.context.TestContext;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
 import datadog.trace.civisibility.decorator.TestDecorator;
 import datadog.trace.civisibility.source.MethodLinesResolver;
-import java.net.InetSocketAddress;
-import java.util.Collection;
-import java.util.concurrent.atomic.LongAdder;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.utils.SpanUtils;
+import java.util.function.Consumer;
 import javax.annotation.Nullable;
 
-public abstract class DDTestModuleImpl implements DDTestModule {
+public class DDTestModuleImpl implements DDTestModule {
 
+  protected final AgentSpan span;
+  protected final long sessionId;
   protected final String moduleName;
   protected final Config config;
   protected final TestDecorator testDecorator;
   protected final SourcePathResolver sourcePathResolver;
   protected final Codeowners codeowners;
   protected final MethodLinesResolver methodLinesResolver;
-  @Nullable protected final InetSocketAddress signalServerAddress;
-
-  protected final LongAdder testsSkipped = new LongAdder();
-  private volatile Collection<SkippableTest> skippableTests;
-  private final Object skippableTestsInitLock = new Object();
+  protected final CoverageProbeStoreFactory coverageProbeStoreFactory;
+  private final Consumer<AgentSpan> onSpanFinish;
 
-  protected DDTestModuleImpl(
+  public DDTestModuleImpl(
+      AgentSpan.Context sessionSpanContext,
+      long sessionId,
       String moduleName,
+      @Nullable Long startTime,
       Config config,
       TestDecorator testDecorator,
       SourcePathResolver sourcePathResolver,
       Codeowners codeowners,
       MethodLinesResolver methodLinesResolver,
-      InetSocketAddress signalServerAddress) {
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      Consumer<AgentSpan> onSpanFinish) {
+    this.sessionId = sessionId;
     this.moduleName = moduleName;
     this.config = config;
     this.testDecorator = testDecorator;
     this.sourcePathResolver = sourcePathResolver;
     this.codeowners = codeowners;
     this.methodLinesResolver = methodLinesResolver;
-    this.signalServerAddress = signalServerAddress;
+    this.coverageProbeStoreFactory = coverageProbeStoreFactory;
+    this.onSpanFinish = onSpanFinish;
+
+    if (startTime != null) {
+      span = startSpan(testDecorator.component() + ".test_module", sessionSpanContext, startTime);
+    } else {
+      span = startSpan(testDecorator.component() + ".test_module", sessionSpanContext);
+    }
+
+    span.setSpanType(InternalSpanTypes.TEST_MODULE_END);
+    span.setTag(Tags.SPAN_KIND, Tags.SPAN_KIND_TEST_MODULE);
+
+    span.setResourceName(moduleName);
+    span.setTag(Tags.TEST_MODULE, moduleName);
+
+    span.setTag(Tags.TEST_MODULE_ID, span.getSpanId());
+    span.setTag(Tags.TEST_SESSION_ID, sessionId);
+
+    // setting status to skip initially,
+    // as we do not know in advance whether the module will have any children
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
+
+    testDecorator.afterStart(span);
+  }
+
+  @Override
+  public void setTag(String key, Object value) {
+    span.setTag(key, value);
+  }
+
+  @Override
+  public void setErrorInfo(Throwable error) {
+    span.setError(true);
+    span.addThrowable(error);
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_FAIL);
   }
 
-  protected abstract TestContext getContext();
+  @Override
+  public void setSkipReason(String skipReason) {
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
+    if (skipReason != null) {
+      span.setTag(Tags.TEST_SKIP_REASON, skipReason);
+    }
+  }
+
+  @Override
+  public void end(@Nullable Long endTime) {
+    onSpanFinish.accept(span);
+
+    if (endTime != null) {
+      span.finish(endTime);
+    } else {
+      span.finish();
+    }
+  }
 
   @Override
   public DDTestSuiteImpl testSuiteStart(
@@ -54,55 +112,20 @@ public DDTestSuiteImpl testSuiteStart(
       @Nullable Long startTime,
       boolean parallelized) {
     return new DDTestSuiteImpl(
-        getContext(),
+        span.context(),
+        sessionId,
+        span.getSpanId(),
         moduleName,
         testSuiteName,
         testClass,
         startTime,
+        parallelized,
         config,
         testDecorator,
         sourcePathResolver,
         codeowners,
         methodLinesResolver,
-        parallelized);
-  }
-
-  @Override
-  public boolean skip(SkippableTest test) {
-    if (test == null) {
-      return false;
-    }
-
-    if (skippableTests == null) {
-      synchronized (skippableTestsInitLock) {
-        if (skippableTests == null) {
-          skippableTests = fetchSkippableTests();
-        }
-      }
-    }
-
-    if (skippableTests.contains(test)) {
-      testsSkipped.increment();
-      return true;
-    } else {
-      return false;
-    }
-  }
-
-  protected abstract Collection<SkippableTest> fetchSkippableTests();
-
-  public BuildEventsHandler.ModuleInfo getModuleInfo() {
-    TestContext context = getContext();
-    Long moduleId = context.getId();
-    Long sessionId = context.getParentId();
-    String signalServerHost =
-        signalServerAddress != null ? signalServerAddress.getHostName() : null;
-    int signalServerPort = signalServerAddress != null ? signalServerAddress.getPort() : 0;
-    return new BuildEventsHandler.ModuleInfo(
-        moduleId, sessionId, signalServerHost, signalServerPort);
-  }
-
-  public long getId() {
-    return getContext().getId();
+        coverageProbeStoreFactory,
+        SpanUtils.propagateCiVisibilityTagsTo(span));
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleParent.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleParent.java
deleted file mode 100644
index b82d63bcf29..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestModuleParent.java
+++ /dev/null
@@ -1,180 +0,0 @@
-package datadog.trace.civisibility;
-
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
-
-import datadog.trace.api.Config;
-import datadog.trace.api.DDTags;
-import datadog.trace.api.civisibility.CIConstants;
-import datadog.trace.api.civisibility.config.JvmInfo;
-import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
-import datadog.trace.api.civisibility.config.SkippableTest;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
-import datadog.trace.api.config.CiVisibilityConfig;
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
-import datadog.trace.bootstrap.instrumentation.api.Tags;
-import datadog.trace.civisibility.codeowners.Codeowners;
-import datadog.trace.civisibility.config.ModuleExecutionSettingsFactory;
-import datadog.trace.civisibility.context.SpanTestContext;
-import datadog.trace.civisibility.context.TestContext;
-import datadog.trace.civisibility.decorator.TestDecorator;
-import datadog.trace.civisibility.ipc.ModuleExecutionResult;
-import datadog.trace.civisibility.source.MethodLinesResolver;
-import java.net.InetSocketAddress;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import javax.annotation.Nullable;
-
-/**
- * Representation of a test module in a parent process:
- *
- * <ul>
- *   <li>JVM that runs the build system, if build system is instrumented
- *   <li>JVM that runs the tests, if build system is not instrumented
- * </ul>
- */
-public class DDTestModuleParent extends DDTestModuleImpl {
-
-  private final AgentSpan span;
-  private final SpanTestContext context;
-  private final TestContext sessionContext;
-  private final TestModuleRegistry testModuleRegistry;
-  private final ModuleExecutionSettingsFactory moduleExecutionSettingsFactory;
-  private volatile boolean codeCoverageEnabled;
-  private volatile boolean itrEnabled;
-
-  public DDTestModuleParent(
-      TestContext sessionContext,
-      String moduleName,
-      @Nullable Long startTime,
-      Config config,
-      TestModuleRegistry testModuleRegistry,
-      TestDecorator testDecorator,
-      SourcePathResolver sourcePathResolver,
-      Codeowners codeowners,
-      MethodLinesResolver methodLinesResolver,
-      ModuleExecutionSettingsFactory moduleExecutionSettingsFactory,
-      @Nullable InetSocketAddress signalServerAddress) {
-    super(
-        moduleName,
-        config,
-        testDecorator,
-        sourcePathResolver,
-        codeowners,
-        methodLinesResolver,
-        signalServerAddress);
-    this.sessionContext = sessionContext;
-    this.testModuleRegistry = testModuleRegistry;
-    this.moduleExecutionSettingsFactory = moduleExecutionSettingsFactory;
-
-    AgentSpan sessionSpan = sessionContext.getSpan();
-    AgentSpan.Context sessionSpanContext = sessionSpan != null ? sessionSpan.context() : null;
-
-    if (startTime != null) {
-      span = startSpan(testDecorator.component() + ".test_module", sessionSpanContext, startTime);
-    } else {
-      span = startSpan(testDecorator.component() + ".test_module", sessionSpanContext);
-    }
-
-    context = new SpanTestContext(span, sessionContext);
-
-    span.setSpanType(InternalSpanTypes.TEST_MODULE_END);
-    span.setTag(Tags.SPAN_KIND, Tags.SPAN_KIND_TEST_MODULE);
-
-    span.setResourceName(moduleName);
-    span.setTag(Tags.TEST_MODULE, moduleName);
-
-    span.setTag(Tags.TEST_MODULE_ID, context.getId());
-    span.setTag(Tags.TEST_SESSION_ID, sessionContext.getId());
-
-    testDecorator.afterStart(span);
-  }
-
-  @Override
-  protected SpanTestContext getContext() {
-    return context;
-  }
-
-  @Override
-  public void setTag(String key, Object value) {
-    span.setTag(key, value);
-  }
-
-  @Override
-  public void setErrorInfo(Throwable error) {
-    span.setError(true);
-    span.addThrowable(error);
-    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_FAIL);
-  }
-
-  @Override
-  public void setSkipReason(String skipReason) {
-    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
-    if (skipReason != null) {
-      span.setTag(Tags.TEST_SKIP_REASON, skipReason);
-    }
-  }
-
-  @Override
-  public void end(@Nullable Long endTime) {
-    testModuleRegistry.removeModule(this);
-
-    span.setTag(Tags.TEST_STATUS, context.getStatus());
-    sessionContext.reportChildStatus(context.getStatus());
-
-    if (codeCoverageEnabled) {
-      setTag(Tags.TEST_CODE_COVERAGE_ENABLED, true);
-    }
-    if (itrEnabled) {
-      setTag(Tags.TEST_ITR_TESTS_SKIPPING_ENABLED, true);
-      setTag(Tags.TEST_ITR_TESTS_SKIPPING_TYPE, "test");
-
-      long testsSkippedTotal = testsSkipped.sum();
-      setTag(Tags.TEST_ITR_TESTS_SKIPPING_COUNT, testsSkippedTotal);
-      if (testsSkippedTotal > 0) {
-        setTag(DDTags.CI_ITR_TESTS_SKIPPED, true);
-      }
-    }
-
-    testDecorator.beforeFinish(span);
-
-    if (endTime != null) {
-      span.finish(endTime);
-    } else {
-      span.finish();
-    }
-  }
-
-  @Override
-  protected Collection<SkippableTest> fetchSkippableTests() {
-    ModuleExecutionSettings moduleExecutionSettings =
-        moduleExecutionSettingsFactory.create(JvmInfo.CURRENT_JVM, moduleName);
-    Map<String, String> systemProperties = moduleExecutionSettings.getSystemProperties();
-    codeCoverageEnabled =
-        propertyEnabled(systemProperties, CiVisibilityConfig.CIVISIBILITY_CODE_COVERAGE_ENABLED);
-    itrEnabled = propertyEnabled(systemProperties, CiVisibilityConfig.CIVISIBILITY_ITR_ENABLED);
-    return new HashSet<>(moduleExecutionSettings.getSkippableTests(moduleName));
-  }
-
-  private boolean propertyEnabled(Map<String, String> systemProperties, String propertyName) {
-    String property = systemProperties.get(propertyName);
-    return Boolean.parseBoolean(property);
-  }
-
-  public void onModuleExecutionResultReceived(ModuleExecutionResult result) {
-    codeCoverageEnabled = result.isCoverageEnabled();
-    itrEnabled = result.isItrEnabled();
-    testsSkipped.add(result.getTestsSkippedTotal());
-
-    String testFramework = result.getTestFramework();
-    if (testFramework != null) {
-      span.setTag(Tags.TEST_FRAMEWORK, testFramework);
-    }
-
-    String testFrameworkVersion = result.getTestFrameworkVersion();
-    if (testFrameworkVersion != null) {
-      span.setTag(Tags.TEST_FRAMEWORK_VERSION, testFrameworkVersion);
-    }
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionImpl.java
index ca0a2558342..874234b86b6 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSessionImpl.java
@@ -1,20 +1,115 @@
 package datadog.trace.civisibility;
 
-import datadog.trace.api.civisibility.CIVisibility;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.CIConstants;
 import datadog.trace.api.civisibility.DDTestSession;
-import datadog.trace.api.civisibility.config.JvmInfo;
-import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
-import java.nio.file.Path;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.civisibility.codeowners.Codeowners;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
+import datadog.trace.civisibility.decorator.TestDecorator;
+import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.utils.SpanUtils;
 import javax.annotation.Nullable;
 
-public abstract class DDTestSessionImpl implements DDTestSession {
+public class DDTestSessionImpl implements DDTestSession {
+  protected final AgentSpan span;
+  protected final Config config;
+  protected final TestDecorator testDecorator;
+  protected final SourcePathResolver sourcePathResolver;
+  protected final Codeowners codeowners;
+  protected final MethodLinesResolver methodLinesResolver;
+  protected final CoverageProbeStoreFactory coverageProbeStoreFactory;
+
+  public DDTestSessionImpl(
+      String projectName,
+      @Nullable Long startTime,
+      Config config,
+      TestDecorator testDecorator,
+      SourcePathResolver sourcePathResolver,
+      Codeowners codeowners,
+      MethodLinesResolver methodLinesResolver,
+      CoverageProbeStoreFactory coverageProbeStoreFactory) {
+    this.config = config;
+    this.testDecorator = testDecorator;
+    this.sourcePathResolver = sourcePathResolver;
+    this.codeowners = codeowners;
+    this.methodLinesResolver = methodLinesResolver;
+    this.coverageProbeStoreFactory = coverageProbeStoreFactory;
+
+    if (startTime != null) {
+      span = startSpan(testDecorator.component() + ".test_session", startTime);
+    } else {
+      span = startSpan(testDecorator.component() + ".test_session");
+    }
+
+    span.setSpanType(InternalSpanTypes.TEST_SESSION_END);
+    span.setTag(Tags.SPAN_KIND, Tags.SPAN_KIND_TEST_SESSION);
+    span.setTag(Tags.TEST_SESSION_ID, span.getSpanId());
 
-  public abstract DDTestModuleImpl testModuleStart(String moduleName, @Nullable Long startTime);
+    // setting status to skip initially,
+    // as we do not know in advance whether the session will have any children
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
+
+    span.setResourceName(projectName);
+
+    // The backend requires all session spans to have the test command tag
+    // because it is used for session fingerprint calculation.
+    // We're setting it here to project name as a default that works
+    // reasonably well (although this is not the real command).
+    // In those cases where proper command can be determined,
+    // this tag will be overridden
+    span.setTag(Tags.TEST_COMMAND, projectName);
+
+    testDecorator.afterStart(span);
+  }
 
-  public abstract ModuleExecutionSettings getModuleExecutionSettings(JvmInfo jvmInfo);
+  @Override
+  public void setTag(String key, Object value) {
+    span.setTag(key, value);
+  }
+
+  @Override
+  public void setErrorInfo(Throwable error) {
+    span.setError(true);
+    span.addThrowable(error);
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_FAIL);
+  }
+
+  @Override
+  public void setSkipReason(String skipReason) {
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
+    if (skipReason != null) {
+      span.setTag(Tags.TEST_SKIP_REASON, skipReason);
+    }
+  }
+
+  @Override
+  public void end(@Nullable Long endTime) {
+    if (endTime != null) {
+      span.finish(endTime);
+    } else {
+      span.finish();
+    }
+  }
 
-  public interface SessionImplFactory extends CIVisibility.SessionFactory {
-    DDTestSessionImpl startSession(
-        String projectName, Path projectRoot, String component, Long startTime);
+  @Override
+  public DDTestModuleImpl testModuleStart(String moduleName, @Nullable Long startTime) {
+    return new DDTestModuleImpl(
+        span.context(),
+        span.getSpanId(),
+        moduleName,
+        startTime,
+        config,
+        testDecorator,
+        sourcePathResolver,
+        codeowners,
+        methodLinesResolver,
+        coverageProbeStoreFactory,
+        SpanUtils.propagateCiVisibilityTagsTo(span));
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSuiteImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSuiteImpl.java
index d0d693d0a16..b170d976dfb 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSuiteImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/DDTestSuiteImpl.java
@@ -6,59 +6,66 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.civisibility.CIConstants;
 import datadog.trace.api.civisibility.DDTestSuite;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.civisibility.codeowners.Codeowners;
-import datadog.trace.civisibility.context.SpanTestContext;
-import datadog.trace.civisibility.context.TestContext;
+import datadog.trace.civisibility.coverage.CoverageProbeStoreFactory;
 import datadog.trace.civisibility.decorator.TestDecorator;
 import datadog.trace.civisibility.source.MethodLinesResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.utils.SpanUtils;
 import java.lang.reflect.Method;
+import java.util.function.Consumer;
 import javax.annotation.Nullable;
 
 public class DDTestSuiteImpl implements DDTestSuite {
 
+  private final AgentSpan span;
+  private final long sessionId;
+  private final long moduleId;
   private final String moduleName;
   private final String testSuiteName;
   private final Class<?> testClass;
-  private final AgentSpan span;
-  private final TestContext context;
-  private final TestContext moduleContext;
   private final Config config;
   private final TestDecorator testDecorator;
   private final SourcePathResolver sourcePathResolver;
   private final Codeowners codeowners;
   private final MethodLinesResolver methodLinesResolver;
+  private final CoverageProbeStoreFactory coverageProbeStoreFactory;
   private final boolean parallelized;
+  private final Consumer<AgentSpan> onSpanFinish;
 
   public DDTestSuiteImpl(
-      TestContext moduleContext,
+      @Nullable AgentSpan.Context moduleSpanContext,
+      long sessionId,
+      long moduleId,
       String moduleName,
       String testSuiteName,
       @Nullable Class<?> testClass,
       @Nullable Long startTime,
+      boolean parallelized,
       Config config,
       TestDecorator testDecorator,
       SourcePathResolver sourcePathResolver,
       Codeowners codeowners,
       MethodLinesResolver methodLinesResolver,
-      boolean parallelized) {
+      CoverageProbeStoreFactory coverageProbeStoreFactory,
+      Consumer<AgentSpan> onSpanFinish) {
+    this.sessionId = sessionId;
+    this.moduleId = moduleId;
     this.moduleName = moduleName;
-    this.moduleContext = moduleContext;
     this.testSuiteName = testSuiteName;
+    this.parallelized = parallelized;
     this.config = config;
     this.testDecorator = testDecorator;
     this.sourcePathResolver = sourcePathResolver;
     this.codeowners = codeowners;
     this.methodLinesResolver = methodLinesResolver;
-    this.parallelized = parallelized;
-
-    AgentSpan moduleSpan = this.moduleContext.getSpan();
-    AgentSpan.Context moduleSpanContext = moduleSpan != null ? moduleSpan.context() : null;
+    this.coverageProbeStoreFactory = coverageProbeStoreFactory;
+    this.onSpanFinish = onSpanFinish;
 
     if (startTime != null) {
       span = startSpan(testDecorator.component() + ".test_suite", moduleSpanContext, startTime);
@@ -66,8 +73,6 @@ public DDTestSuiteImpl(
       span = startSpan(testDecorator.component() + ".test_suite", moduleSpanContext);
     }
 
-    context = new SpanTestContext(span, moduleContext);
-
     span.setSpanType(InternalSpanTypes.TEST_SUITE_END);
     span.setTag(Tags.SPAN_KIND, Tags.SPAN_KIND_TEST_SUITE);
 
@@ -75,9 +80,13 @@ public DDTestSuiteImpl(
     span.setTag(Tags.TEST_SUITE, testSuiteName);
     span.setTag(Tags.TEST_MODULE, moduleName);
 
-    span.setTag(Tags.TEST_SUITE_ID, context.getId());
-    span.setTag(Tags.TEST_MODULE_ID, moduleContext.getId());
-    span.setTag(Tags.TEST_SESSION_ID, moduleContext.getParentId());
+    span.setTag(Tags.TEST_SUITE_ID, span.getSpanId());
+    span.setTag(Tags.TEST_MODULE_ID, moduleId);
+    span.setTag(Tags.TEST_SESSION_ID, sessionId);
+
+    // setting status to skip initially,
+    // as we do not know in advance whether the suite will have any children
+    span.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
 
     this.testClass = testClass;
     if (this.testClass != null) {
@@ -139,52 +148,34 @@ public void end(@Nullable Long endTime) {
       scope.close();
     }
 
-    testDecorator.beforeFinish(span);
+    onSpanFinish.accept(span);
 
-    String status = context.getStatus();
-    if (status != null) {
-      // do not report test suite if no execution took place
-      span.setTag(Tags.TEST_STATUS, status);
-      moduleContext.reportChildStatus(status);
-
-      if (endTime != null) {
-        span.finish(endTime);
-      } else {
-        span.finish();
-      }
+    if (endTime != null) {
+      span.finish(endTime);
+    } else {
+      span.finish();
     }
-
-    moduleContext.reportChildTag(Tags.TEST_FRAMEWORK, span.getTag(Tags.TEST_FRAMEWORK));
-    moduleContext.reportChildTag(
-        Tags.TEST_FRAMEWORK_VERSION, span.getTag(Tags.TEST_FRAMEWORK_VERSION));
   }
 
   @Override
   public DDTestImpl testStart(
       String testName, @Nullable Method testMethod, @Nullable Long startTime) {
-    return testStart(
-        testName, testMethod != null ? testMethod.getName() : null, testMethod, startTime);
-  }
-
-  public DDTestImpl testStart(
-      String testName,
-      @Nullable String methodName,
-      @Nullable Method testMethod,
-      @Nullable Long startTime) {
     return new DDTestImpl(
-        context,
-        moduleContext,
+        sessionId,
+        moduleId,
+        span.getSpanId(),
         moduleName,
         testSuiteName,
         testName,
         startTime,
         testClass,
-        methodName,
         testMethod,
         config,
         testDecorator,
         sourcePathResolver,
         methodLinesResolver,
-        codeowners);
+        codeowners,
+        coverageProbeStoreFactory,
+        SpanUtils.propagateCiVisibilityTagsTo(span));
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/TestModuleRegistry.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/TestModuleRegistry.java
index f9876b6900d..a609c93bddf 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/TestModuleRegistry.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/TestModuleRegistry.java
@@ -13,23 +13,23 @@ public class TestModuleRegistry {
 
   private static final Logger LOGGER = LoggerFactory.getLogger(TestModuleRegistry.class);
 
-  private final Map<Long, DDTestModuleParent> testModuleById;
+  private final Map<Long, DDBuildSystemModule> testModuleById;
 
   public TestModuleRegistry() {
     this.testModuleById = new ConcurrentHashMap<>();
   }
 
-  public void addModule(DDTestModuleParent module) {
+  public void addModule(DDBuildSystemModule module) {
     testModuleById.put(module.getId(), module);
   }
 
-  public void removeModule(DDTestModuleParent module) {
+  public void removeModule(DDBuildSystemModule module) {
     testModuleById.remove(module.getId());
   }
 
   public SignalResponse onModuleExecutionResultReceived(ModuleExecutionResult result) {
     long moduleId = result.getModuleId();
-    DDTestModuleParent module = testModuleById.get(moduleId);
+    DDBuildSystemModule module = testModuleById.get(moduleId);
     if (module == null) {
       String message =
           String.format(
@@ -38,6 +38,7 @@ public SignalResponse onModuleExecutionResultReceived(ModuleExecutionResult resu
       LOGGER.warn(message);
       return new ErrorResponse(message);
     }
+
     module.onModuleExecutionResultReceived(result);
     return AckResponse.INSTANCE;
   }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AppVeyorInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AppVeyorInfo.java
index 5170d93337f..5b98050f7a2 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AppVeyorInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AppVeyorInfo.java
@@ -2,7 +2,7 @@
 
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AwsCodePipelineInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AwsCodePipelineInfo.java
new file mode 100644
index 00000000000..4a0a9d299e6
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AwsCodePipelineInfo.java
@@ -0,0 +1,29 @@
+package datadog.trace.civisibility.ci;
+
+import datadog.trace.api.git.GitInfo;
+
+class AwsCodePipelineInfo implements CIProviderInfo {
+
+  public static final String AWS_CODEPIPELINE = "CODEBUILD_INITIATOR";
+  public static final String AWS_CODEPIPELINE_PROVIDER_NAME = "awscodepipeline";
+  public static final String AWS_CODEPIPELINE_EXECUTION_ID = "DD_PIPELINE_EXECUTION_ID";
+  public static final String AWS_CODEPIPELINE_ACTION_EXECUTION_ID = "DD_ACTION_EXECUTION_ID";
+  public static final String AWS_CODEPIPELINE_ARN = "CODEBUILD_BUILD_ARN";
+
+  @Override
+  public GitInfo buildCIGitInfo() {
+    return GitInfo.NOOP;
+  }
+
+  @Override
+  public CIInfo buildCIInfo() {
+    return CIInfo.builder()
+        .ciProviderName(AWS_CODEPIPELINE_PROVIDER_NAME)
+        .ciPipelineId(System.getenv(AWS_CODEPIPELINE_EXECUTION_ID))
+        .ciEnvVars(
+            AWS_CODEPIPELINE_EXECUTION_ID,
+            AWS_CODEPIPELINE_ACTION_EXECUTION_ID,
+            AWS_CODEPIPELINE_ARN)
+        .build();
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AzurePipelinesInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AzurePipelinesInfo.java
index d24634e0d36..7e2a454411a 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AzurePipelinesInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/AzurePipelinesInfo.java
@@ -4,7 +4,7 @@
 import static datadog.trace.api.git.GitUtils.isTagReference;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitBucketInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitBucketInfo.java
index 9a8737ddc9a..544ea1f951c 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitBucketInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitBucketInfo.java
@@ -3,7 +3,7 @@
 import static datadog.trace.api.git.GitUtils.filterSensitiveInfo;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
@@ -19,6 +19,7 @@ class BitBucketInfo implements CIProviderInfo {
   public static final String BITBUCKET_BUILD_NUMBER = "BITBUCKET_BUILD_NUMBER";
   public static final String BITBUCKET_WORKSPACE_PATH = "BITBUCKET_CLONE_DIR";
   public static final String BITBUCKET_GIT_REPOSITORY_URL = "BITBUCKET_GIT_SSH_ORIGIN";
+  public static final String BITBUCKET_HTTPS_REPOSITORY_URL = "BITBUCKET_GIT_HTTP_ORIGIN";
   public static final String BITBUCKET_GIT_COMMIT = "BITBUCKET_COMMIT";
   public static final String BITBUCKET_GIT_BRANCH = "BITBUCKET_BRANCH";
   public static final String BITBUCKET_GIT_TAG = "BITBUCKET_TAG";
@@ -26,12 +27,24 @@ class BitBucketInfo implements CIProviderInfo {
   @Override
   public GitInfo buildCIGitInfo() {
     return new GitInfo(
-        filterSensitiveInfo(System.getenv(BITBUCKET_GIT_REPOSITORY_URL)),
+        getRepositoryURL(),
         normalizeBranch(System.getenv(BITBUCKET_GIT_BRANCH)),
         normalizeTag(System.getenv(BITBUCKET_GIT_TAG)),
         new CommitInfo(System.getenv(BITBUCKET_GIT_COMMIT)));
   }
 
+  private static String getRepositoryURL() {
+    String gitRepoUrl = System.getenv(BITBUCKET_GIT_REPOSITORY_URL);
+    if (Strings.isNotBlank(gitRepoUrl)) {
+      return filterSensitiveInfo(gitRepoUrl);
+    }
+    String httpsRepoUrl = System.getenv(BITBUCKET_HTTPS_REPOSITORY_URL);
+    if (Strings.isNotBlank(httpsRepoUrl)) {
+      return filterSensitiveInfo(httpsRepoUrl);
+    }
+    return null;
+  }
+
   @Override
   public CIInfo buildCIInfo() {
     final String repo = System.getenv(BITBUCKET_REPO_FULL_NAME);
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitriseInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitriseInfo.java
index 7e46258e057..230ac389db1 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitriseInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BitriseInfo.java
@@ -3,7 +3,7 @@
 import static datadog.trace.api.git.GitUtils.filterSensitiveInfo;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BuildkiteInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BuildkiteInfo.java
index 748d4805773..86bd3b5d5d4 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BuildkiteInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/BuildkiteInfo.java
@@ -3,7 +3,7 @@
 import static datadog.trace.api.git.GitUtils.filterSensitiveInfo;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 import static datadog.trace.util.Strings.toJson;
 
 import datadog.trace.api.git.CommitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CIProviderInfoFactory.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CIProviderInfoFactory.java
index f8356d57a02..37a651678b7 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CIProviderInfoFactory.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CIProviderInfoFactory.java
@@ -51,6 +51,9 @@ public CIProviderInfo createCIProviderInfo(Path currentPath) {
       return new CodefreshInfo();
     } else if (System.getenv(TeamcityInfo.TEAMCITY) != null) {
       return new TeamcityInfo();
+    } else if (System.getenv(AwsCodePipelineInfo.AWS_CODEPIPELINE) != null
+        && System.getenv(AwsCodePipelineInfo.AWS_CODEPIPELINE).startsWith("codepipeline")) {
+      return new AwsCodePipelineInfo();
     } else {
       return new UnknownCIInfo(targetFolder, currentPath);
     }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CircleCIInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CircleCIInfo.java
index d009db0df52..cf3234ac9ae 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CircleCIInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/CircleCIInfo.java
@@ -3,7 +3,7 @@
 import static datadog.trace.api.git.GitUtils.filterSensitiveInfo;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GitLabInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GitLabInfo.java
index d7cbdcce657..40a69ac5a56 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GitLabInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GitLabInfo.java
@@ -3,7 +3,7 @@
 import static datadog.trace.api.git.GitUtils.filterSensitiveInfo;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GithubActionsInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GithubActionsInfo.java
index 945ecdf3059..2dabe00a5e4 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GithubActionsInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/GithubActionsInfo.java
@@ -3,7 +3,7 @@
 import static datadog.trace.api.git.GitUtils.isTagReference;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/JenkinsInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/JenkinsInfo.java
index f2d1ee5c0ee..9d0aea215fe 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/JenkinsInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/JenkinsInfo.java
@@ -4,7 +4,7 @@
 import static datadog.trace.api.git.GitUtils.isTagReference;
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/TravisInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/TravisInfo.java
index 9c9b4af0e8e..3d311e5ea85 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/TravisInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/TravisInfo.java
@@ -2,7 +2,7 @@
 
 import static datadog.trace.api.git.GitUtils.normalizeBranch;
 import static datadog.trace.api.git.GitUtils.normalizeTag;
-import static datadog.trace.civisibility.utils.PathUtils.expandTilde;
+import static datadog.trace.civisibility.utils.FileUtils.expandTilde;
 
 import datadog.trace.api.git.CommitInfo;
 import datadog.trace.api.git.GitInfo;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/UnknownCIInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/UnknownCIInfo.java
index b30bdfd1e47..1e16adcad00 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/UnknownCIInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ci/UnknownCIInfo.java
@@ -1,6 +1,6 @@
 package datadog.trace.civisibility.ci;
 
-import static datadog.trace.civisibility.utils.CIUtils.findParentPathBackwards;
+import static datadog.trace.civisibility.utils.FileUtils.findParentPathBackwards;
 
 import datadog.trace.api.git.GitInfo;
 import java.nio.file.Path;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/BackendApiFactory.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/BackendApiFactory.java
index 8f79c5b0a3a..c79fb8d65ab 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/BackendApiFactory.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/BackendApiFactory.java
@@ -33,12 +33,7 @@ public BackendApiFactory(Config config, SharedCommunicationObjects sharedCommuni
         throw new FatalAgentMisconfigurationError(
             "Agentless mode is enabled and api key is not set. Please set application key");
       }
-      String applicationKey = config.getApplicationKey();
-      if (applicationKey == null || applicationKey.isEmpty()) {
-        log.warn(
-            "Agentless mode is enabled and application key is not set. Some CI Visibility features will be unavailable");
-      }
-      return new IntakeApi(site, apiKey, applicationKey, timeoutMillis, retryPolicyFactory);
+      return new IntakeApi(site, apiKey, timeoutMillis, retryPolicyFactory);
     }
 
     DDAgentFeaturesDiscovery featuresDiscovery =
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/IntakeApi.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/IntakeApi.java
index d40a50b78b4..d8617376b9c 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/IntakeApi.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/communication/IntakeApi.java
@@ -20,22 +20,15 @@ public class IntakeApi implements BackendApi {
 
   private static final String API_VERSION = "v2";
   private static final String DD_API_KEY_HEADER = "dd-api-key";
-  private static final String DD_APPLICATION_KEY_HEADER = "dd-application-key";
 
   private final String apiKey;
-  private final String applicationKey;
   private final HttpRetryPolicy.Factory retryPolicyFactory;
   private final HttpUrl hostUrl;
   private final OkHttpClient httpClient;
 
   public IntakeApi(
-      String site,
-      String apiKey,
-      String applicationKey,
-      long timeoutMillis,
-      HttpRetryPolicy.Factory retryPolicyFactory) {
+      String site, String apiKey, long timeoutMillis, HttpRetryPolicy.Factory retryPolicyFactory) {
     this.apiKey = apiKey;
-    this.applicationKey = applicationKey;
     this.retryPolicyFactory = retryPolicyFactory;
 
     final String ciVisibilityAgentlessUrlStr = Config.get().getCiVisibilityAgentlessUrl();
@@ -56,10 +49,6 @@ public <T> T post(
     Request.Builder requestBuilder =
         new Request.Builder().url(url).post(requestBody).addHeader(DD_API_KEY_HEADER, apiKey);
 
-    if (applicationKey != null) {
-      requestBuilder.addHeader(DD_APPLICATION_KEY_HEADER, applicationKey);
-    }
-
     Request request = requestBuilder.build();
     HttpRetryPolicy retryPolicy = retryPolicyFactory.create();
     try (okhttp3.Response response =
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/CachingModuleExecutionSettingsFactory.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/CachingModuleExecutionSettingsFactory.java
index de79f4e3fd6..85eb5f24b97 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/CachingModuleExecutionSettingsFactory.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/CachingModuleExecutionSettingsFactory.java
@@ -3,7 +3,6 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.cache.DDCache;
 import datadog.trace.api.cache.DDCaches;
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
 import java.util.Objects;
 import javax.annotation.Nullable;
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/config/JvmInfo.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfo.java
similarity index 96%
rename from internal-api/src/main/java/datadog/trace/api/civisibility/config/JvmInfo.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfo.java
index 0736a6d0be2..0f7ca5ca7fd 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/config/JvmInfo.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfo.java
@@ -1,4 +1,4 @@
-package datadog.trace.api.civisibility.config;
+package datadog.trace.civisibility.config;
 
 import java.util.Objects;
 
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfoFactory.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfoFactory.java
index 88acf3f1227..6a62ce3927d 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfoFactory.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/JvmInfoFactory.java
@@ -1,6 +1,5 @@
 package datadog.trace.civisibility.config;
 
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.civisibility.utils.ShellCommandExecutor;
 import datadog.trace.util.ProcessUtils;
 import java.io.BufferedReader;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactory.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactory.java
index a29e9195124..829c9d34e14 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactory.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactory.java
@@ -1,6 +1,5 @@
 package datadog.trace.civisibility.config;
 
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
 import javax.annotation.Nullable;
 
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactoryImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactoryImpl.java
index 4e91447b2c6..6122ac1aabe 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactoryImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/config/ModuleExecutionSettingsFactoryImpl.java
@@ -2,19 +2,22 @@
 
 import datadog.trace.api.Config;
 import datadog.trace.api.civisibility.config.Configurations;
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
 import datadog.trace.api.civisibility.config.SkippableTest;
 import datadog.trace.api.config.CiVisibilityConfig;
 import datadog.trace.api.git.GitInfo;
 import datadog.trace.api.git.GitInfoProvider;
 import datadog.trace.civisibility.git.tree.GitDataUploader;
+import datadog.trace.civisibility.source.index.RepoIndex;
+import datadog.trace.civisibility.source.index.RepoIndexProvider;
 import datadog.trace.util.Strings;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -32,16 +35,19 @@ public class ModuleExecutionSettingsFactoryImpl implements ModuleExecutionSettin
   private final Config config;
   private final ConfigurationApi configurationApi;
   private final GitDataUploader gitDataUploader;
+  private final RepoIndexProvider repoIndexProvider;
   private final String repositoryRoot;
 
   public ModuleExecutionSettingsFactoryImpl(
       Config config,
       ConfigurationApi configurationApi,
       GitDataUploader gitDataUploader,
+      RepoIndexProvider repoIndexProvider,
       String repositoryRoot) {
     this.config = config;
     this.configurationApi = configurationApi;
     this.gitDataUploader = gitDataUploader;
+    this.repoIndexProvider = repoIndexProvider;
     this.repositoryRoot = repositoryRoot;
   }
 
@@ -68,7 +74,13 @@ public ModuleExecutionSettings create(JvmInfo jvmInfo, @Nullable String moduleNa
             ? getSkippableTestsByModulePath(Paths.get(repositoryRoot), tracerEnvironment)
             : Collections.emptyMap();
 
-    return new ModuleExecutionSettings(systemProperties, skippableTestsByModulePath);
+    List<String> coverageEnabledPackages = getCoverageEnabledPackages(codeCoverageEnabled);
+    return new ModuleExecutionSettings(
+        codeCoverageEnabled,
+        itrEnabled,
+        systemProperties,
+        skippableTestsByModulePath,
+        coverageEnabledPackages);
   }
 
   private TracerEnvironment buildTracerEnvironment(
@@ -181,4 +193,46 @@ private Map<String, List<SkippableTest>> getSkippableTestsByModulePath(
       return Collections.emptyMap();
     }
   }
+
+  private List<String> getCoverageEnabledPackages(boolean codeCoverageEnabled) {
+    if (!codeCoverageEnabled) {
+      return Collections.emptyList();
+    }
+
+    List<String> includedPackages = config.getCiVisibilityJacocoPluginIncludes();
+    if (includedPackages != null && !includedPackages.isEmpty()) {
+      return includedPackages;
+    }
+
+    RepoIndex repoIndex = repoIndexProvider.getIndex();
+    List<String> packages = new ArrayList<>(repoIndex.getRootPackages());
+    List<String> excludedPackages = config.getCiVisibilityJacocoPluginExcludes();
+    if (excludedPackages != null && !excludedPackages.isEmpty()) {
+      removeMatchingPackages(packages, excludedPackages);
+    }
+    return packages;
+  }
+
+  private static void removeMatchingPackages(List<String> packages, List<String> excludedPackages) {
+    List<String> excludedPrefixes =
+        excludedPackages.stream()
+            .map(ModuleExecutionSettingsFactoryImpl::trimTrailingAsterisk)
+            .collect(Collectors.toList());
+
+    Iterator<String> packagesIterator = packages.iterator();
+    while (packagesIterator.hasNext()) {
+      String p = packagesIterator.next();
+
+      for (String excludedPrefix : excludedPrefixes) {
+        if (p.startsWith(excludedPrefix)) {
+          packagesIterator.remove();
+          break;
+        }
+      }
+    }
+  }
+
+  private static String trimTrailingAsterisk(String s) {
+    return s.endsWith("*") ? s.substring(0, s.length() - 1) : s;
+  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/AbstractTestContext.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/AbstractTestContext.java
deleted file mode 100644
index 3e4ecad02f9..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/AbstractTestContext.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package datadog.trace.civisibility.context;
-
-import datadog.trace.api.civisibility.CIConstants;
-
-abstract class AbstractTestContext implements TestContext {
-
-  private String status;
-
-  @Override
-  public synchronized void reportChildStatus(String childStatus) {
-    if (childStatus == null) {
-      return;
-    }
-    switch (childStatus) {
-      case CIConstants.TEST_PASS:
-        if (status == null || CIConstants.TEST_SKIP.equals(status)) {
-          status = CIConstants.TEST_PASS;
-        }
-        break;
-      case CIConstants.TEST_FAIL:
-        status = CIConstants.TEST_FAIL;
-        break;
-      case CIConstants.TEST_SKIP:
-        if (status == null) {
-          status = CIConstants.TEST_SKIP;
-        }
-        break;
-      default:
-        break;
-    }
-  }
-
-  @Override
-  public synchronized String getStatus() {
-    return status;
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/EmptyTestContext.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/EmptyTestContext.java
deleted file mode 100644
index e4e9e2595ed..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/EmptyTestContext.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package datadog.trace.civisibility.context;
-
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import javax.annotation.Nullable;
-
-public final class EmptyTestContext implements TestContext {
-
-  public static final TestContext INSTANCE = new EmptyTestContext();
-
-  private EmptyTestContext() {}
-
-  @Override
-  public Long getId() {
-    return null;
-  }
-
-  @Nullable
-  @Override
-  public Long getParentId() {
-    return null;
-  }
-
-  @Override
-  public void reportChildStatus(String status) {}
-
-  @Override
-  public String getStatus() {
-    return null;
-  }
-
-  @Override
-  public void reportChildTag(String key, Object value) {}
-
-  @Nullable
-  @Override
-  public AgentSpan getSpan() {
-    return null;
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/ParentProcessTestContext.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/ParentProcessTestContext.java
deleted file mode 100644
index bd1e4f14eae..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/ParentProcessTestContext.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package datadog.trace.civisibility.context;
-
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.Tags;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
-public class ParentProcessTestContext extends AbstractTestContext implements TestContext {
-
-  private volatile String testFramework;
-  private volatile String testFrameworkVersion;
-  private final long sessionId;
-  private final long moduleId;
-
-  public ParentProcessTestContext(long sessionId, long moduleId) {
-    this.sessionId = sessionId;
-    this.moduleId = moduleId;
-  }
-
-  @Override
-  public Long getId() {
-    return moduleId;
-  }
-
-  @Nonnull
-  @Override
-  public Long getParentId() {
-    return sessionId;
-  }
-
-  @Nullable
-  @Override
-  public AgentSpan getSpan() {
-    return null;
-  }
-
-  @Override
-  public void reportChildTag(String key, Object value) {
-    // the method leaves room for a
-    // proper implementation using a thread-safe map,
-    // but for now it's just this,
-    // to save some performance costs
-    switch (key) {
-      case Tags.TEST_FRAMEWORK:
-        testFramework = String.valueOf(value);
-        break;
-      case Tags.TEST_FRAMEWORK_VERSION:
-        testFrameworkVersion = String.valueOf(value);
-        break;
-      default:
-        throw new IllegalArgumentException("Unexpected child tag reported: " + key);
-    }
-  }
-
-  @Nullable
-  public Object getChildTag(String key) {
-    switch (key) {
-      case Tags.TEST_FRAMEWORK:
-        return testFramework;
-      case Tags.TEST_FRAMEWORK_VERSION:
-        return testFrameworkVersion;
-      default:
-        return null;
-    }
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/SpanTestContext.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/SpanTestContext.java
deleted file mode 100644
index b0fea0acfa3..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/SpanTestContext.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package datadog.trace.civisibility.context;
-
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.Tags;
-
-public class SpanTestContext extends AbstractTestContext implements TestContext {
-  private final AgentSpan span;
-  private final TestContext parent;
-
-  public SpanTestContext(AgentSpan span, TestContext parent) {
-    this.span = span;
-    this.parent = parent;
-  }
-
-  @Override
-  public Long getId() {
-    return span.getSpanId();
-  }
-
-  @Override
-  public Long getParentId() {
-    return parent != null ? parent.getId() : null;
-  }
-
-  @Override
-  public String getStatus() {
-    String status = (String) span.getTag(Tags.TEST_STATUS);
-    if (status != null) {
-      // status was set explicitly for container span
-      // (e.g. set up or tear down have failed)
-      // in this case we ignore children statuses
-      return status;
-    } else {
-      return super.getStatus();
-    }
-  }
-
-  @Override
-  public AgentSpan getSpan() {
-    return span;
-  }
-
-  @Override
-  public void reportChildTag(String key, Object value) {
-    span.setTag(key, value);
-    if (parent != null) {
-      parent.reportChildTag(key, value);
-    }
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/TestContext.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/TestContext.java
deleted file mode 100644
index 32aa29647d7..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/context/TestContext.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package datadog.trace.civisibility.context;
-
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import javax.annotation.Nullable;
-
-public interface TestContext {
-
-  Long getId();
-
-  @Nullable
-  Long getParentId();
-
-  void reportChildStatus(String status);
-
-  String getStatus();
-
-  void reportChildTag(String key, Object value);
-
-  @Nullable
-  AgentSpan getSpan();
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/CoverageProbeStoreFactory.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/CoverageProbeStoreFactory.java
new file mode 100644
index 00000000000..3c9b4f7fb95
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/CoverageProbeStoreFactory.java
@@ -0,0 +1,8 @@
+package datadog.trace.civisibility.coverage;
+
+import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
+import datadog.trace.civisibility.source.SourcePathResolver;
+
+public interface CoverageProbeStoreFactory extends CoverageProbeStore.Registry {
+  CoverageProbeStore create(SourcePathResolver sourcePathResolver);
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/CoverageUtils.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/CoverageUtils.java
new file mode 100644
index 00000000000..a427811cf4d
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/CoverageUtils.java
@@ -0,0 +1,110 @@
+package datadog.trace.civisibility.coverage;
+
+import datadog.trace.civisibility.source.index.RepoIndex;
+import java.io.BufferedInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Collection;
+import java.util.Collections;
+import javax.annotation.Nullable;
+import org.jacoco.core.analysis.Analyzer;
+import org.jacoco.core.analysis.CoverageBuilder;
+import org.jacoco.core.analysis.IBundleCoverage;
+import org.jacoco.core.data.ExecutionDataReader;
+import org.jacoco.core.data.ExecutionDataStore;
+import org.jacoco.core.data.SessionInfoStore;
+import org.jacoco.report.FileMultiReportOutput;
+import org.jacoco.report.IReportVisitor;
+import org.jacoco.report.InputStreamSourceFileLocator;
+import org.jacoco.report.html.HTMLFormatter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public abstract class CoverageUtils {
+  private static final Logger LOGGER = LoggerFactory.getLogger(CoverageUtils.class);
+
+  public static ExecutionDataStore parse(byte[] rawCoverageData) {
+    if (rawCoverageData == null) {
+      return null;
+    }
+
+    try {
+      SessionInfoStore sessionInfoStore = new SessionInfoStore();
+      ExecutionDataStore executionDataStore = new ExecutionDataStore();
+
+      ByteArrayInputStream input = new ByteArrayInputStream(rawCoverageData);
+      ExecutionDataReader dataReader = new ExecutionDataReader(input);
+      dataReader.setSessionInfoVisitor(sessionInfoStore);
+      dataReader.setExecutionDataVisitor(executionDataStore);
+      dataReader.read();
+
+      return executionDataStore;
+    } catch (Exception e) {
+      LOGGER.error("Error while parsing coverage data", e);
+      return null;
+    }
+  }
+
+  @Nullable
+  public static IBundleCoverage createCoverageBundle(
+      ExecutionDataStore coverageData, Collection<File> classesDirs) {
+    try {
+      CoverageBuilder coverageBuilder = new CoverageBuilder();
+      Analyzer analyzer = new Analyzer(coverageData, coverageBuilder);
+      for (File outputClassesDir : classesDirs) {
+        if (outputClassesDir.exists()) {
+          analyzer.analyzeAll(outputClassesDir);
+        }
+      }
+
+      return coverageBuilder.getBundle("Module coverage data");
+    } catch (Exception e) {
+      LOGGER.error("Error while creating coverage bundle", e);
+      return null;
+    }
+  }
+
+  public static void dumpCoverageReport(
+      IBundleCoverage coverageBundle, RepoIndex repoIndex, String repoRoot, File reportFolder) {
+    if (!reportFolder.exists() && !reportFolder.mkdirs()) {
+      LOGGER.info("Skipping report generation, could not create report dir: {}", reportFolder);
+      return;
+    }
+    try {
+      final HTMLFormatter htmlFormatter = new HTMLFormatter();
+      final IReportVisitor visitor =
+          htmlFormatter.createVisitor(new FileMultiReportOutput(reportFolder));
+      visitor.visitInfo(Collections.emptyList(), Collections.emptyList());
+      visitor.visitBundle(coverageBundle, new RepoIndexFileLocator(repoIndex, repoRoot));
+      visitor.visitEnd();
+    } catch (Exception e) {
+      LOGGER.error("Error while creating report in {}", reportFolder, e);
+    }
+  }
+
+  private static final class RepoIndexFileLocator extends InputStreamSourceFileLocator {
+    private final RepoIndex repoIndex;
+    private final String repoRoot;
+
+    private RepoIndexFileLocator(RepoIndex repoIndex, String repoRoot) {
+      super("utf-8", 4);
+      this.repoIndex = repoIndex;
+      this.repoRoot = repoRoot;
+    }
+
+    @Override
+    protected InputStream getSourceStream(String path) throws IOException {
+      String relativePath = repoIndex.getSourcePath(path);
+      if (relativePath == null) {
+        return null;
+      }
+      String absolutePath =
+          repoRoot + (!repoRoot.endsWith(File.separator) ? File.separator : "") + relativePath;
+      return new BufferedInputStream(Files.newInputStream(Paths.get(absolutePath)));
+    }
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/NoopCoverageProbeStore.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/NoopCoverageProbeStore.java
index e2827084f37..111cf8eff35 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/NoopCoverageProbeStore.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/NoopCoverageProbeStore.java
@@ -2,7 +2,7 @@
 
 import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
 import datadog.trace.api.civisibility.coverage.TestReport;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import javax.annotation.Nullable;
 
 public class NoopCoverageProbeStore implements CoverageProbeStore {
@@ -20,7 +20,7 @@ public TestReport getReport() {
     return null;
   }
 
-  public static final class NoopCoverageProbeStoreFactory implements CoverageProbeStore.Factory {
+  public static final class NoopCoverageProbeStoreFactory implements CoverageProbeStoreFactory {
     @Override
     public void setTotalProbeCount(String className, int totalProbeCount) {}
 
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/SegmentlessTestProbes.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/SegmentlessTestProbes.java
index fa3fbeaa6a5..cb133bd1e55 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/SegmentlessTestProbes.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/SegmentlessTestProbes.java
@@ -3,7 +3,7 @@
 import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
 import datadog.trace.api.civisibility.coverage.TestReport;
 import datadog.trace.api.civisibility.coverage.TestReportFileEntry;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -56,7 +56,7 @@ public TestReport getReport() {
     return testReport;
   }
 
-  public static class SegmentlessTestProbesFactory implements Factory {
+  public static class SegmentlessTestProbesFactory implements CoverageProbeStoreFactory {
 
     @Override
     public void setTotalProbeCount(String className, int totalProbeCount) {
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/TestProbes.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/TestProbes.java
index 26da3f25988..d0fa5a731f4 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/TestProbes.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/coverage/TestProbes.java
@@ -3,7 +3,7 @@
 import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
 import datadog.trace.api.civisibility.coverage.TestReport;
 import datadog.trace.api.civisibility.coverage.TestReportFileEntry;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import datadog.trace.civisibility.source.Utils;
 import java.io.InputStream;
 import java.util.ArrayList;
@@ -128,7 +128,7 @@ public TestReport getReport() {
     return testReport;
   }
 
-  public static class TestProbesFactory implements CoverageProbeStore.Factory {
+  public static class TestProbesFactory implements CoverageProbeStoreFactory {
 
     @Override
     public void setTotalProbeCount(String className, int totalProbeCount) {
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecorator.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecorator.java
index a8bdeab3407..91f3c5e8101 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecorator.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecorator.java
@@ -8,6 +8,4 @@ public interface TestDecorator {
   AgentSpan afterStart(final AgentSpan span);
 
   CharSequence component();
-
-  AgentSpan beforeFinish(final AgentSpan span);
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecoratorImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecoratorImpl.java
index 02daf4f66c6..0337e183d8e 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecoratorImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecoratorImpl.java
@@ -1,11 +1,11 @@
 package datadog.trace.civisibility.decorator;
 
 import datadog.trace.api.DDTags;
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.civisibility.config.JvmInfo;
 import java.util.Map;
 
 public class TestDecoratorImpl implements TestDecorator {
@@ -84,9 +84,4 @@ public AgentSpan afterStart(final AgentSpan span) {
 
     return span;
   }
-
-  @Override
-  public AgentSpan beforeFinish(AgentSpan span) {
-    return span;
-  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/BuildEventsHandlerImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/BuildEventsHandlerImpl.java
index f775ac8bd76..8cd2afcd20d 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/BuildEventsHandlerImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/BuildEventsHandlerImpl.java
@@ -1,31 +1,34 @@
 package datadog.trace.civisibility.events;
 
 import datadog.trace.api.civisibility.CIConstants;
-import datadog.trace.api.civisibility.config.JvmInfo;
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
 import datadog.trace.api.civisibility.events.BuildEventsHandler;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
-import datadog.trace.civisibility.DDTestModuleImpl;
-import datadog.trace.civisibility.DDTestSessionImpl;
+import datadog.trace.civisibility.DDBuildSystemModule;
+import datadog.trace.civisibility.DDBuildSystemSession;
+import datadog.trace.civisibility.config.JvmInfo;
 import datadog.trace.civisibility.config.JvmInfoFactory;
+import java.io.File;
 import java.nio.file.Path;
+import java.util.Collection;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
+import javax.annotation.Nullable;
 
 public class BuildEventsHandlerImpl<T> implements BuildEventsHandler<T> {
 
-  private final ConcurrentMap<T, DDTestSessionImpl> inProgressTestSessions =
+  private final ConcurrentMap<T, DDBuildSystemSession> inProgressTestSessions =
       new ConcurrentHashMap<>();
 
-  private final ConcurrentMap<TestModuleDescriptor<T>, DDTestModuleImpl> inProgressTestModules =
+  private final ConcurrentMap<TestModuleDescriptor<T>, DDBuildSystemModule> inProgressTestModules =
       new ConcurrentHashMap<>();
 
-  private final DDTestSessionImpl.SessionImplFactory sessionFactory;
+  private final DDBuildSystemSession.Factory sessionFactory;
   private final JvmInfoFactory jvmInfoFactory;
 
   public BuildEventsHandlerImpl(
-      DDTestSessionImpl.SessionImplFactory sessionFactory, JvmInfoFactory jvmInfoFactory) {
+      DDBuildSystemSession.Factory sessionFactory, JvmInfoFactory jvmInfoFactory) {
     this.sessionFactory = sessionFactory;
     this.jvmInfoFactory = jvmInfoFactory;
   }
@@ -38,21 +41,20 @@ public void onTestSessionStart(
       final String startCommand,
       final String buildSystemName,
       final String buildSystemVersion) {
-    DDTestSessionImpl testSession =
-        sessionFactory.startSession(projectName, projectRoot, buildSystemName, null);
-    testSession.setTag(Tags.TEST_COMMAND, startCommand);
+    DDBuildSystemSession testSession =
+        sessionFactory.startSession(projectName, projectRoot, startCommand, buildSystemName, null);
     testSession.setTag(Tags.TEST_TOOLCHAIN, buildSystemName + ":" + buildSystemVersion);
     inProgressTestSessions.put(sessionKey, testSession);
   }
 
   @Override
   public void onTestSessionFail(final T sessionKey, final Throwable throwable) {
-    DDTestSessionImpl testSession = getTestSession(sessionKey);
+    DDBuildSystemSession testSession = getTestSession(sessionKey);
     testSession.setErrorInfo(throwable);
   }
 
-  private DDTestSessionImpl getTestSession(T sessionKey) {
-    DDTestSessionImpl testSession = inProgressTestSessions.get(sessionKey);
+  private DDBuildSystemSession getTestSession(T sessionKey) {
+    DDBuildSystemSession testSession = inProgressTestSessions.get(sessionKey);
     if (testSession == null) {
       throw new IllegalStateException("Could not find session span for key: " + sessionKey);
     }
@@ -61,7 +63,7 @@ private DDTestSessionImpl getTestSession(T sessionKey) {
 
   @Override
   public void onTestSessionFinish(final T sessionKey) {
-    DDTestSessionImpl testSession = inProgressTestSessions.remove(sessionKey);
+    DDBuildSystemSession testSession = inProgressTestSessions.remove(sessionKey);
     testSession.end(null);
   }
 
@@ -69,13 +71,13 @@ public void onTestSessionFinish(final T sessionKey) {
   public ModuleInfo onTestModuleStart(
       final T sessionKey,
       final String moduleName,
-      String startCommand,
-      Map<String, Object> additionalTags) {
+      Collection<File> outputClassesDirs,
+      @Nullable Map<String, Object> additionalTags) {
 
-    DDTestSessionImpl testSession = inProgressTestSessions.get(sessionKey);
-    DDTestModuleImpl testModule = testSession.testModuleStart(moduleName, null);
+    DDBuildSystemSession testSession = inProgressTestSessions.get(sessionKey);
+    DDBuildSystemModule testModule =
+        testSession.testModuleStart(moduleName, null, outputClassesDirs);
     testModule.setTag(Tags.TEST_STATUS, CIConstants.TEST_PASS);
-    testModule.setTag(Tags.TEST_COMMAND, startCommand);
 
     if (additionalTags != null) {
       for (Map.Entry<String, Object> e : additionalTags.entrySet()) {
@@ -94,21 +96,21 @@ public ModuleInfo onTestModuleStart(
 
   @Override
   public void onTestModuleSkip(final T sessionKey, final String moduleName, final String reason) {
-    DDTestModuleImpl testModule = getTestModule(sessionKey, moduleName);
+    DDBuildSystemModule testModule = getTestModule(sessionKey, moduleName);
     testModule.setSkipReason(reason);
   }
 
   @Override
   public void onTestModuleFail(
       final T sessionKey, final String moduleName, final Throwable throwable) {
-    DDTestModuleImpl testModule = getTestModule(sessionKey, moduleName);
+    DDBuildSystemModule testModule = getTestModule(sessionKey, moduleName);
     testModule.setErrorInfo(throwable);
   }
 
-  private DDTestModuleImpl getTestModule(final T sessionKey, final String moduleName) {
+  private DDBuildSystemModule getTestModule(final T sessionKey, final String moduleName) {
     TestModuleDescriptor<T> testModuleDescriptor =
         new TestModuleDescriptor<>(sessionKey, moduleName);
-    DDTestModuleImpl testModule = inProgressTestModules.get(testModuleDescriptor);
+    DDBuildSystemModule testModule = inProgressTestModules.get(testModuleDescriptor);
     if (testModule == null) {
       throw new IllegalStateException(
           "Could not find module for session key " + sessionKey + " and module name " + moduleName);
@@ -120,7 +122,7 @@ private DDTestModuleImpl getTestModule(final T sessionKey, final String moduleNa
   public void onTestModuleFinish(T sessionKey, String moduleName) {
     TestModuleDescriptor<T> testModuleDescriptor =
         new TestModuleDescriptor<>(sessionKey, moduleName);
-    DDTestModuleImpl testModule = inProgressTestModules.remove(testModuleDescriptor);
+    DDBuildSystemModule testModule = inProgressTestModules.remove(testModuleDescriptor);
     if (testModule == null) {
       throw new IllegalStateException(
           "Could not find module span for session key "
@@ -133,7 +135,7 @@ public void onTestModuleFinish(T sessionKey, String moduleName) {
 
   @Override
   public ModuleExecutionSettings getModuleExecutionSettings(T sessionKey, Path jvmExecutablePath) {
-    DDTestSessionImpl testSession = getTestSession(sessionKey);
+    DDBuildSystemSession testSession = getTestSession(sessionKey);
     JvmInfo jvmInfo = jvmInfoFactory.getJvmInfo(jvmExecutablePath);
     return testSession.getModuleExecutionSettings(jvmInfo);
   }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/TestEventsHandlerImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/TestEventsHandlerImpl.java
index aea15f15377..022f7d0882e 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/TestEventsHandlerImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/events/TestEventsHandlerImpl.java
@@ -3,20 +3,21 @@
 import static datadog.trace.util.Strings.toJson;
 
 import datadog.trace.api.DisableTestTrace;
+import datadog.trace.api.civisibility.InstrumentationBridge;
 import datadog.trace.api.civisibility.config.SkippableTest;
 import datadog.trace.api.civisibility.events.TestEventsHandler;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.civisibility.DDTestFrameworkModule;
+import datadog.trace.civisibility.DDTestFrameworkSession;
 import datadog.trace.civisibility.DDTestImpl;
-import datadog.trace.civisibility.DDTestModuleImpl;
-import datadog.trace.civisibility.DDTestSessionImpl;
 import datadog.trace.civisibility.DDTestSuiteImpl;
 import java.lang.reflect.Method;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import javax.annotation.Nullable;
+import org.objectweb.asm.Type;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -24,8 +25,8 @@ public class TestEventsHandlerImpl implements TestEventsHandler {
 
   private static final Logger log = LoggerFactory.getLogger(TestEventsHandlerImpl.class);
 
-  private final DDTestSessionImpl testSession;
-  private final DDTestModuleImpl testModule;
+  private final DDTestFrameworkSession testSession;
+  private final DDTestFrameworkModule testModule;
 
   private final ConcurrentMap<TestSuiteDescriptor, Integer> testSuiteNestedCallCounters =
       new ConcurrentHashMap<>();
@@ -36,7 +37,8 @@ public class TestEventsHandlerImpl implements TestEventsHandler {
   private final ConcurrentMap<TestDescriptor, DDTestImpl> inProgressTests =
       new ConcurrentHashMap<>();
 
-  public TestEventsHandlerImpl(DDTestSessionImpl testSession, DDTestModuleImpl testModule) {
+  public TestEventsHandlerImpl(
+      DDTestFrameworkSession testSession, DDTestFrameworkModule testModule) {
     this.testSession = testSession;
     this.testModule = testModule;
   }
@@ -146,7 +148,7 @@ public void onTestStart(
 
     TestSuiteDescriptor suiteDescriptor = new TestSuiteDescriptor(testSuiteName, testClass);
     DDTestSuiteImpl testSuite = inProgressTestSuites.get(suiteDescriptor);
-    DDTestImpl test = testSuite.testStart(testName, testMethodName, testMethod, null);
+    DDTestImpl test = testSuite.testStart(testName, testMethod, null);
 
     if (testFramework != null) {
       test.setTag(Tags.TEST_FRAMEWORK, testFramework);
@@ -157,9 +159,24 @@ public void onTestStart(
     if (testParameters != null) {
       test.setTag(Tags.TEST_PARAMETERS, testParameters);
     }
+    if (testMethodName != null && testMethod != null) {
+      test.setTag(Tags.TEST_SOURCE_METHOD, testMethodName + Type.getMethodDescriptor(testMethod));
+    }
     if (categories != null && !categories.isEmpty()) {
       String json = toJson(Collections.singletonMap("category", toJson(categories)), true);
       test.setTag(Tags.TEST_TRAITS, json);
+
+      for (String category : categories) {
+        if (category.endsWith(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)) {
+          test.setTag(Tags.TEST_ITR_UNSKIPPABLE, true);
+
+          SkippableTest thisTest = new SkippableTest(testSuiteName, testName, testParameters, null);
+          if (testModule.isSkippable(thisTest)) {
+            test.setTag(Tags.TEST_ITR_FORCED_RUN, true);
+          }
+          break;
+        }
+      }
     }
 
     TestDescriptor descriptor =
@@ -240,7 +257,7 @@ public void onTestIgnore(
       final @Nullable String testFramework,
       final @Nullable String testFrameworkVersion,
       final @Nullable String testParameters,
-      final @Nullable List<String> categories,
+      final @Nullable Collection<String> categories,
       final @Nullable Class<?> testClass,
       final @Nullable String testMethodName,
       final @Nullable Method testMethod,
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/CILocalGitInfoBuilder.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/CILocalGitInfoBuilder.java
index 36e748cc302..3b5bb103e2d 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/CILocalGitInfoBuilder.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/CILocalGitInfoBuilder.java
@@ -2,14 +2,24 @@
 
 import datadog.trace.api.git.GitInfo;
 import datadog.trace.api.git.GitInfoBuilder;
+import datadog.trace.civisibility.git.tree.GitClient;
+import datadog.trace.util.Strings;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class CILocalGitInfoBuilder implements GitInfoBuilder {
 
+  private static final Logger LOGGER = LoggerFactory.getLogger(CILocalGitInfoBuilder.class);
+
+  private final GitClient.Factory gitClientFactory;
   private final String gitFolderName;
 
-  public CILocalGitInfoBuilder(String gitFolderName) {
+  public CILocalGitInfoBuilder(GitClient.Factory gitClientFactory, String gitFolderName) {
+    this.gitClientFactory = gitClientFactory;
     this.gitFolderName = gitFolderName;
   }
 
@@ -18,8 +28,25 @@ public GitInfo build(@Nullable String repositoryPath) {
     if (repositoryPath == null) {
       return GitInfo.NOOP;
     }
-    return new LocalFSGitInfoExtractor()
-        .headCommit(Paths.get(repositoryPath, gitFolderName).toFile().getAbsolutePath());
+
+    Path gitPath = getGitPath(repositoryPath);
+    return new LocalFSGitInfoExtractor().headCommit(gitPath.toFile().getAbsolutePath());
+  }
+
+  private Path getGitPath(String repositoryPath) {
+    try {
+      GitClient gitClient = gitClientFactory.create(repositoryPath);
+      String gitFolder = gitClient.getGitFolder();
+      if (Strings.isNotBlank(gitFolder)) {
+        Path gitFolderPath = Paths.get(gitFolder);
+        if (Files.exists(gitFolderPath)) {
+          return gitFolderPath;
+        }
+      }
+    } catch (Exception e) {
+      LOGGER.debug("Error while getting Git folder in " + repositoryPath, e);
+    }
+    return Paths.get(repositoryPath, gitFolderName);
   }
 
   @Override
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/GitClientGitInfoBuilder.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/GitClientGitInfoBuilder.java
new file mode 100644
index 00000000000..fa5d2eac2fe
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/GitClientGitInfoBuilder.java
@@ -0,0 +1,66 @@
+package datadog.trace.civisibility.git;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.git.CommitInfo;
+import datadog.trace.api.git.GitInfo;
+import datadog.trace.api.git.GitInfoBuilder;
+import datadog.trace.api.git.PersonInfo;
+import datadog.trace.civisibility.git.tree.GitClient;
+import java.util.List;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class GitClientGitInfoBuilder implements GitInfoBuilder {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(GitClientGitInfoBuilder.class);
+
+  private final Config config;
+  private final GitClient.Factory gitClientFactory;
+
+  public GitClientGitInfoBuilder(Config config, GitClient.Factory gitClientFactory) {
+    this.config = config;
+    this.gitClientFactory = gitClientFactory;
+  }
+
+  @Override
+  public GitInfo build(@Nullable String repositoryPath) {
+    if (repositoryPath == null) {
+      return GitInfo.NOOP;
+    }
+
+    GitClient gitClient = gitClientFactory.create(repositoryPath);
+    try {
+      String remoteName = config.getCiVisibilityGitRemoteName();
+      String remoteUrl = gitClient.getRemoteUrl(remoteName);
+      String branch = gitClient.getCurrentBranch();
+      List<String> tags = gitClient.getTags(GitClient.HEAD);
+      String tag = !tags.isEmpty() ? tags.iterator().next() : null;
+
+      String currentCommitSha = gitClient.getSha(GitClient.HEAD);
+      String fullMessage = gitClient.getFullMessage(GitClient.HEAD);
+
+      String authorName = gitClient.getAuthorName(GitClient.HEAD);
+      String authorEmail = gitClient.getAuthorEmail(GitClient.HEAD);
+      String authorDate = gitClient.getAuthorDate(GitClient.HEAD);
+      PersonInfo author = new PersonInfo(authorName, authorEmail, authorDate);
+
+      String committerName = gitClient.getCommitterName(GitClient.HEAD);
+      String committerEmail = gitClient.getCommitterEmail(GitClient.HEAD);
+      String committerDate = gitClient.getCommitterDate(GitClient.HEAD);
+      PersonInfo committer = new PersonInfo(committerName, committerEmail, committerDate);
+
+      CommitInfo commitInfo = new CommitInfo(currentCommitSha, author, committer, fullMessage);
+      return new GitInfo(remoteUrl, branch, tag, commitInfo);
+
+    } catch (Exception e) {
+      LOGGER.debug("Error while getting Git data from " + repositoryPath, e);
+      return GitInfo.NOOP;
+    }
+  }
+
+  @Override
+  public int order() {
+    return 3;
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitClient.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitClient.java
index 2d33add5525..c42ee432e89 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitClient.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitClient.java
@@ -1,8 +1,10 @@
 package datadog.trace.civisibility.git.tree;
 
+import datadog.trace.api.Config;
 import datadog.trace.civisibility.utils.IOUtils;
 import datadog.trace.civisibility.utils.ShellCommandExecutor;
 import datadog.trace.util.Strings;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import java.io.File;
 import java.io.IOException;
 import java.nio.charset.Charset;
@@ -11,13 +13,17 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.concurrent.TimeoutException;
+import javax.annotation.Nullable;
 
 /** Client for fetching data and performing operations on a local Git repository. */
 public class GitClient {
 
+  public static final String HEAD = "HEAD";
+
   private static final String DD_TEMP_DIRECTORY_PREFIX = "dd-ci-vis-";
 
   private final String repoRoot;
@@ -60,18 +66,38 @@ public boolean isShallow() throws IOException, TimeoutException, InterruptedExce
     return Boolean.parseBoolean(output);
   }
 
+  /**
+   * Returns the SHA of the head commit of the upstream (remote tracking) branch for the currently
+   * checked-out local branch. If the local branch is not tracking any remote branches, a {@link
+   * datadog.trace.civisibility.utils.ShellCommandExecutor.ShellCommandFailedException} exception
+   * will be thrown.
+   *
+   * @return The name of the upstream branch if the current local branch is tracking any.
+   * @throws ShellCommandExecutor.ShellCommandFailedException If the Git command fails with an error
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public String getUpstreamBranchSha() throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "rev-parse", "@{upstream}")
+        .trim();
+  }
+
   /**
    * "Unshallows" the repo that the client is associated with by fetching missing commit data from
    * the server.
    *
+   * @param remoteCommitReference The commit to fetch from the remote repository, so local repo will
+   *     be updated with this commit and its ancestors. If {@code null}, everything will be fetched.
    * @throws IOException If an error was encountered while writing command input or reading output
    * @throws TimeoutException If timeout was reached while waiting for Git command to finish
    * @throws InterruptedException If current thread was interrupted while waiting for Git command to
    *     finish
    */
-  public void unshallow() throws IOException, TimeoutException, InterruptedException {
-    String headSha =
-        commandExecutor.executeCommand(IOUtils::readFully, "git", "rev-parse", "HEAD").trim();
+  public void unshallow(@Nullable String remoteCommitReference)
+      throws IOException, TimeoutException, InterruptedException {
     String remote =
         commandExecutor
             .executeCommand(
@@ -85,16 +111,44 @@ public void unshallow() throws IOException, TimeoutException, InterruptedExcepti
             .trim();
 
     // refetch data from the server for the given period of time
-    commandExecutor.executeCommand(
-        ShellCommandExecutor.OutputParser.IGNORE,
-        "git",
-        "fetch",
-        String.format("--shallow-since=='%s'", latestCommitsSince),
-        "--update-shallow",
-        "--filter=blob:none",
-        "--recurse-submodules=no",
-        remote,
-        headSha);
+    if (remoteCommitReference != null) {
+      String headSha = getSha(remoteCommitReference);
+      commandExecutor.executeCommand(
+          ShellCommandExecutor.OutputParser.IGNORE,
+          "git",
+          "fetch",
+          String.format("--shallow-since=='%s'", latestCommitsSince),
+          "--update-shallow",
+          "--filter=blob:none",
+          "--recurse-submodules=no",
+          remote,
+          headSha);
+    } else {
+      commandExecutor.executeCommand(
+          ShellCommandExecutor.OutputParser.IGNORE,
+          "git",
+          "fetch",
+          String.format("--shallow-since=='%s'", latestCommitsSince),
+          "--update-shallow",
+          "--filter=blob:none",
+          "--recurse-submodules=no",
+          remote);
+    }
+  }
+
+  /**
+   * Returns the absolute path of the .git directory.
+   *
+   * @return absolute path
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getGitFolder() throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "rev-parse", "--absolute-git-dir")
+        .trim();
   }
 
   /**
@@ -115,6 +169,178 @@ public String getRemoteUrl(String remoteName)
         .trim();
   }
 
+  /**
+   * Returns current branch, or an empty string if HEAD is not pointing to a branch
+   *
+   * @return current branch, or an empty string if HEAD is not pointing to a branch
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getCurrentBranch()
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "branch", "--show-current")
+        .trim();
+  }
+
+  /**
+   * Returns list of tags that provided commit points to
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return list of tags that the commit is pointing to, or empty list if there are no such tags
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull List<String> getTags(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    try {
+      return commandExecutor.executeCommand(
+          IOUtils::readLines, "git", "describe", "--tags", "--exact-match", commit);
+    } catch (ShellCommandExecutor.ShellCommandFailedException e) {
+      // if provided commit is not tagged,
+      // command will fail because "--exact-match" is specified
+      return Collections.emptyList();
+    }
+  }
+
+  /**
+   * Returns SHA of the provided reference
+   *
+   * @param reference Reference (HEAD, branch name, etc) to check
+   * @return full SHA of the provided reference
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getSha(String reference)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor.executeCommand(IOUtils::readFully, "git", "rev-parse", reference).trim();
+  }
+
+  /**
+   * Returns full message of the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return full message of the provided commit
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getFullMessage(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%B", commit)
+        .trim();
+  }
+
+  /**
+   * Returns author name for the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return author name for the provided commit
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getAuthorName(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%an", commit)
+        .trim();
+  }
+
+  /**
+   * Returns author email for the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return author email for the provided commit
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getAuthorEmail(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%ae", commit)
+        .trim();
+  }
+
+  /**
+   * Returns author date in strict ISO 8601 format for the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return author date in strict ISO 8601 format
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getAuthorDate(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%aI", commit)
+        .trim();
+  }
+
+  /**
+   * Returns committer name for the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return committer name for the provided commit
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getCommitterName(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%cn", commit)
+        .trim();
+  }
+
+  /**
+   * Returns committer email for the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return committer email for the provided commit
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getCommitterEmail(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%ce", commit)
+        .trim();
+  }
+
+  /**
+   * Returns committer date in strict ISO 8601 format for the provided commit
+   *
+   * @param commit Commit SHA or reference (HEAD, branch name, etc) to check
+   * @return committer date in strict ISO 8601 format
+   * @throws IOException If an error was encountered while writing command input or reading output
+   * @throws TimeoutException If timeout was reached while waiting for Git command to finish
+   * @throws InterruptedException If current thread was interrupted while waiting for Git command to
+   *     finish
+   */
+  public @NonNull String getCommitterDate(String commit)
+      throws IOException, TimeoutException, InterruptedException {
+    return commandExecutor
+        .executeCommand(IOUtils::readFully, "git", "log", "-n", "1", "--format=%cI", commit)
+        .trim();
+  }
+
   /**
    * Returns SHAs of the latest commits in the current branch. Maximum number of commits and how far
    * into the past to look are configured when the client is created.
@@ -223,4 +449,17 @@ private Path createTempDirectory() throws IOException {
   public String toString() {
     return "GitClient{" + repoRoot + "}";
   }
+
+  public static class Factory {
+    private final Config config;
+
+    public Factory(Config config) {
+      this.config = config;
+    }
+
+    public GitClient create(String repoRoot) {
+      long commandTimeoutMillis = config.getCiVisibilityGitCommandTimeoutMillis();
+      return new GitClient(repoRoot, "1 month ago", 1000, commandTimeoutMillis);
+    }
+  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitDataUploaderImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitDataUploaderImpl.java
index 88281cb722a..ca142328102 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitDataUploaderImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/GitDataUploaderImpl.java
@@ -1,8 +1,12 @@
 package datadog.trace.civisibility.git.tree;
 
 import datadog.trace.api.Config;
+import datadog.trace.api.git.GitInfo;
+import datadog.trace.api.git.GitInfoProvider;
 import datadog.trace.civisibility.utils.FileUtils;
+import datadog.trace.civisibility.utils.ShellCommandExecutor;
 import datadog.trace.util.AgentThreadFactory;
+import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.ArrayList;
@@ -23,15 +27,24 @@ public class GitDataUploaderImpl implements GitDataUploader {
   private final Config config;
   private final GitDataApi gitDataApi;
   private final GitClient gitClient;
+  private final GitInfoProvider gitInfoProvider;
+  private final String repoRoot;
   private final String remoteName;
   private final Thread uploadFinishedShutdownHook;
   private volatile CompletableFuture<Void> callback;
 
   public GitDataUploaderImpl(
-      Config config, GitDataApi gitDataApi, GitClient gitClient, String remoteName) {
+      Config config,
+      GitDataApi gitDataApi,
+      GitClient gitClient,
+      GitInfoProvider gitInfoProvider,
+      String repoRoot,
+      String remoteName) {
     this.config = config;
     this.gitDataApi = gitDataApi;
     this.gitClient = gitClient;
+    this.gitInfoProvider = gitInfoProvider;
+    this.repoRoot = repoRoot;
     this.remoteName = remoteName;
 
     // maven has a way of calling System.exit() when the build is done.
@@ -69,10 +82,11 @@ public Future<Void> startOrObserveGitDataUpload() {
   private void uploadGitData() {
     try {
       if (config.isCiVisibilityGitUnshallowEnabled() && gitClient.isShallow()) {
-        gitClient.unshallow();
+        unshallowRepository();
       }
 
-      String remoteUrl = gitClient.getRemoteUrl(remoteName);
+      GitInfo gitInfo = gitInfoProvider.getGitInfo(repoRoot);
+      String remoteUrl = gitInfo.getRepositoryURL();
       List<String> latestCommits = gitClient.getLatestCommits();
       if (latestCommits.isEmpty()) {
         LOGGER.debug("No commits in the last month");
@@ -125,6 +139,27 @@ private void uploadGitData() {
     }
   }
 
+  private void unshallowRepository() throws IOException, TimeoutException, InterruptedException {
+    try {
+      gitClient.unshallow(GitClient.HEAD);
+      return;
+    } catch (ShellCommandExecutor.ShellCommandFailedException e) {
+      LOGGER.debug(
+          "Could not unshallow using HEAD - assuming HEAD points to a local commit that does not exist in the remote repo",
+          e);
+    }
+
+    try {
+      String upstreamBranch = gitClient.getUpstreamBranchSha();
+      gitClient.unshallow(upstreamBranch);
+    } catch (ShellCommandExecutor.ShellCommandFailedException e) {
+      LOGGER.debug(
+          "Could not unshallow using upstream branch - assuming currently checked out local branch does not track any remote branch",
+          e);
+      gitClient.unshallow(null);
+    }
+  }
+
   private void waitForUploadToFinish() {
     try {
       long uploadTimeoutMillis = config.getCiVisibilityGitUploadTimeoutMillis();
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/ModuleExecutionResult.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/ModuleExecutionResult.java
index eb9b9ece616..be122f0e763 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/ModuleExecutionResult.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/ModuleExecutionResult.java
@@ -1,6 +1,11 @@
 package datadog.trace.civisibility.ipc;
 
 import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
 import java.util.Objects;
 import javax.annotation.Nullable;
 
@@ -15,8 +20,8 @@ public class ModuleExecutionResult implements Signal {
   private final boolean coverageEnabled;
   private final boolean itrEnabled;
   private final long testsSkippedTotal;
-  @Nullable private final String testFramework;
-  @Nullable private final String testFrameworkVersion;
+  private final Collection<TestFramework> testFrameworks;
+  @Nullable private final byte[] coverageData;
 
   public ModuleExecutionResult(
       long sessionId,
@@ -24,15 +29,15 @@ public ModuleExecutionResult(
       boolean coverageEnabled,
       boolean itrEnabled,
       long testsSkippedTotal,
-      @Nullable String testFramework,
-      @Nullable String testFrameworkVersion) {
+      Collection<TestFramework> testFrameworks,
+      @Nullable byte[] coverageData) {
     this.sessionId = sessionId;
     this.moduleId = moduleId;
     this.coverageEnabled = coverageEnabled;
     this.itrEnabled = itrEnabled;
     this.testsSkippedTotal = testsSkippedTotal;
-    this.testFramework = testFramework;
-    this.testFrameworkVersion = testFrameworkVersion;
+    this.testFrameworks = testFrameworks;
+    this.coverageData = coverageData;
   }
 
   public long getSessionId() {
@@ -55,14 +60,13 @@ public long getTestsSkippedTotal() {
     return testsSkippedTotal;
   }
 
-  @Nullable
-  public String getTestFramework() {
-    return testFramework;
+  public Collection<TestFramework> getTestFrameworks() {
+    return testFrameworks;
   }
 
   @Nullable
-  public String getTestFrameworkVersion() {
-    return testFrameworkVersion;
+  public byte[] getCoverageData() {
+    return coverageData;
   }
 
   @Override
@@ -79,8 +83,8 @@ public boolean equals(Object o) {
         && coverageEnabled == that.coverageEnabled
         && itrEnabled == that.itrEnabled
         && testsSkippedTotal == that.testsSkippedTotal
-        && Objects.equals(testFramework, that.testFramework)
-        && Objects.equals(testFrameworkVersion, that.testFrameworkVersion);
+        && Objects.equals(testFrameworks, that.testFrameworks)
+        && Arrays.equals(coverageData, that.coverageData);
   }
 
   @Override
@@ -91,8 +95,8 @@ public int hashCode() {
         coverageEnabled,
         itrEnabled,
         testsSkippedTotal,
-        testFramework,
-        testFrameworkVersion);
+        testFrameworks,
+        Arrays.hashCode(coverageData));
   }
 
   @Override
@@ -118,14 +122,20 @@ public SignalType getType() {
 
   @Override
   public ByteBuffer serialize() {
-    byte[] testFrameworkBytes = testFramework != null ? testFramework.getBytes() : null;
-    byte[] testFrameworkVersionBytes =
-        testFrameworkVersion != null ? testFrameworkVersion.getBytes() : null;
-
-    int testFrameworkLength = testFrameworkBytes != null ? testFrameworkBytes.length : 0;
-    int testFrameworkVersionLength =
-        testFrameworkVersionBytes != null ? testFrameworkVersionBytes.length : 0;
-    int variableLength = Integer.BYTES * 2 + testFrameworkLength + testFrameworkVersionLength;
+    int coverageDataLength = coverageData != null ? coverageData.length : 0;
+    int variableLength = Integer.BYTES * 2 + coverageDataLength;
+
+    for (TestFramework testFramework : testFrameworks) {
+      String testFrameworkName = testFramework.getName();
+      String testFrameworkVersion = testFramework.getVersion();
+      int testFrameworkNameBytes =
+          testFrameworkName != null ? testFrameworkName.getBytes(StandardCharsets.UTF_8).length : 0;
+      int testFrameworkVersionBytes =
+          testFrameworkVersion != null
+              ? testFrameworkVersion.getBytes(StandardCharsets.UTF_8).length
+              : 0;
+      variableLength += Integer.BYTES * 2 + testFrameworkNameBytes + testFrameworkVersionBytes;
+    }
 
     ByteBuffer buffer = ByteBuffer.allocate(FIXED_LENGTH + variableLength);
     buffer.putLong(sessionId);
@@ -141,14 +151,30 @@ public ByteBuffer serialize() {
     }
     buffer.put(flags);
 
-    buffer.putInt(testFrameworkLength);
-    if (testFrameworkLength != 0) {
-      buffer.put(testFrameworkBytes);
+    buffer.putInt(testFrameworks.size());
+    for (TestFramework testFramework : testFrameworks) {
+      String testFrameworkName = testFramework.getName();
+      if (testFrameworkName != null) {
+        byte[] testFrameworkNameBytes = testFrameworkName.getBytes(StandardCharsets.UTF_8);
+        buffer.putInt(testFrameworkNameBytes.length);
+        buffer.put(testFrameworkNameBytes);
+      } else {
+        buffer.putInt(0);
+      }
+
+      String testFrameworkVersion = testFramework.getVersion();
+      if (testFrameworkVersion != null) {
+        byte[] testFrameworkVersionBytes = testFrameworkVersion.getBytes(StandardCharsets.UTF_8);
+        buffer.putInt(testFrameworkVersionBytes.length);
+        buffer.put(testFrameworkVersionBytes);
+      } else {
+        buffer.putInt(0);
+      }
     }
 
-    buffer.putInt(testFrameworkVersionLength);
-    if (testFrameworkVersionLength != 0) {
-      buffer.put(testFrameworkVersionBytes);
+    buffer.putInt(coverageDataLength);
+    if (coverageDataLength != 0) {
+      buffer.put(coverageData);
     }
 
     buffer.flip();
@@ -172,24 +198,39 @@ public static ModuleExecutionResult deserialize(ByteBuffer buffer) {
     boolean coverageEnabled = (flags & COVERAGE_ENABLED_FLAG) != 0;
     boolean itrEnabled = (flags & ITR_ENABLED_FLAG) != 0;
 
-    String testFramework;
-    int testFrameworkLength = buffer.getInt();
-    if (testFrameworkLength != 0) {
-      byte[] testFrameworkBytes = new byte[testFrameworkLength];
-      buffer.get(testFrameworkBytes);
-      testFramework = new String(testFrameworkBytes);
-    } else {
-      testFramework = null;
+    int testFrameworksSize = buffer.getInt();
+    List<TestFramework> testFrameworks = new ArrayList<>(testFrameworksSize);
+    for (int i = 0; i < testFrameworksSize; i++) {
+      int testFrameworkNameLength = buffer.getInt();
+      String testFrameworkName;
+      if (testFrameworkNameLength != 0) {
+        byte[] testFrameworkNameBytes = new byte[testFrameworkNameLength];
+        buffer.get(testFrameworkNameBytes);
+        testFrameworkName = new String(testFrameworkNameBytes, StandardCharsets.UTF_8);
+      } else {
+        testFrameworkName = null;
+      }
+
+      int testFrameworkVersionLength = buffer.getInt();
+      String testFrameworkVersion;
+      if (testFrameworkVersionLength != 0) {
+        byte[] testFrameworkVersionBytes = new byte[testFrameworkVersionLength];
+        buffer.get(testFrameworkVersionBytes);
+        testFrameworkVersion = new String(testFrameworkVersionBytes, StandardCharsets.UTF_8);
+      } else {
+        testFrameworkVersion = null;
+      }
+
+      testFrameworks.add(new TestFramework(testFrameworkName, testFrameworkVersion));
     }
 
-    String testFrameworkVersion;
-    int testFrameworkVersionLength = buffer.getInt();
-    if (testFrameworkVersionLength != 0) {
-      byte[] testFrameworkVersionBytes = new byte[testFrameworkVersionLength];
-      buffer.get(testFrameworkVersionBytes);
-      testFrameworkVersion = new String(testFrameworkVersionBytes);
+    byte[] coverageData;
+    int coverageDataLength = buffer.getInt();
+    if (coverageDataLength != 0) {
+      coverageData = new byte[coverageDataLength];
+      buffer.get(coverageData);
     } else {
-      testFrameworkVersion = null;
+      coverageData = null;
     }
 
     return new ModuleExecutionResult(
@@ -198,7 +239,7 @@ public static ModuleExecutionResult deserialize(ByteBuffer buffer) {
         coverageEnabled,
         itrEnabled,
         testsSkippedTotal,
-        testFramework,
-        testFrameworkVersion);
+        testFrameworks,
+        coverageData);
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalClient.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalClient.java
index aae3926be88..013dbbb9bc4 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalClient.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalClient.java
@@ -112,4 +112,21 @@ public SignalResponse send(Signal signal) throws IOException {
   static String getErrorMessage(ErrorResponse response) {
     return "Server returned an error: " + response.getMessage();
   }
+
+  public static final class Factory {
+    private final InetSocketAddress signalServerAddress;
+
+    public Factory(InetSocketAddress signalServerAddress) {
+      this.signalServerAddress = signalServerAddress;
+    }
+
+    public SignalClient create() {
+      try {
+        return new SignalClient(signalServerAddress);
+      } catch (IOException e) {
+        throw new RuntimeException(
+            "Could not instantiate signal client. Address: " + signalServerAddress, e);
+      }
+    }
+  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalServerRunnable.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalServerRunnable.java
index 9d8752beb45..6168cecf019 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalServerRunnable.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SignalServerRunnable.java
@@ -9,6 +9,7 @@
 import java.util.EnumMap;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -16,7 +17,7 @@
 class SignalServerRunnable implements Runnable {
 
   private static final Logger LOGGER = LoggerFactory.getLogger(SignalServerRunnable.class);
-
+  private static final long SELECT_TIMEOUT = TimeUnit.SECONDS.toMillis(5);
   private static final Map<SignalType, Function<ByteBuffer, Signal>> DESERIALIZERS =
       new EnumMap<>(SignalType.class);
 
@@ -51,7 +52,7 @@ public void run() {
   }
 
   private void processSelectableKeys() throws IOException {
-    selector.select();
+    selector.select(SELECT_TIMEOUT);
 
     Iterator<SelectionKey> keyIterator = selector.selectedKeys().iterator();
     while (keyIterator.hasNext()) {
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SkippableTestsRequest.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SkippableTestsRequest.java
index 737d634f474..8f4f3f9c56e 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SkippableTestsRequest.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/SkippableTestsRequest.java
@@ -1,6 +1,6 @@
 package datadog.trace.civisibility.ipc;
 
-import datadog.trace.api.civisibility.config.JvmInfo;
+import datadog.trace.civisibility.config.JvmInfo;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.Objects;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/TestFramework.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/TestFramework.java
new file mode 100644
index 00000000000..7130c3cdac5
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/ipc/TestFramework.java
@@ -0,0 +1,38 @@
+package datadog.trace.civisibility.ipc;
+
+import java.util.Objects;
+
+public final class TestFramework {
+  private final String name;
+  private final String version;
+
+  public TestFramework(String name, String version) {
+    this.name = name;
+    this.version = version;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public String getVersion() {
+    return version;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    TestFramework that = (TestFramework) o;
+    return Objects.equals(name, that.name) && Objects.equals(version, that.version);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(name, version);
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEffortMethodLinesResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEffortMethodLinesResolver.java
new file mode 100644
index 00000000000..7a7f3b7be71
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEffortMethodLinesResolver.java
@@ -0,0 +1,25 @@
+package datadog.trace.civisibility.source;
+
+import java.lang.reflect.Method;
+import javax.annotation.Nonnull;
+
+public class BestEffortMethodLinesResolver implements MethodLinesResolver {
+
+  private final MethodLinesResolver[] delegates;
+
+  public BestEffortMethodLinesResolver(MethodLinesResolver... delegates) {
+    this.delegates = delegates;
+  }
+
+  @Nonnull
+  @Override
+  public MethodLines getLines(@Nonnull Method method) {
+    for (MethodLinesResolver delegate : delegates) {
+      MethodLines lines = delegate.getLines(method);
+      if (lines.isValid()) {
+        return lines;
+      }
+    }
+    return MethodLines.EMPTY;
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEfforSourcePathResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEffortSourcePathResolver.java
similarity index 69%
rename from dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEfforSourcePathResolver.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEffortSourcePathResolver.java
index bb1b73192d2..9d83ddc2cbf 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEfforSourcePathResolver.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/BestEffortSourcePathResolver.java
@@ -1,14 +1,13 @@
 package datadog.trace.civisibility.source;
 
-import datadog.trace.api.civisibility.source.SourcePathResolver;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
-public class BestEfforSourcePathResolver implements SourcePathResolver {
+public class BestEffortSourcePathResolver implements SourcePathResolver {
 
   private final SourcePathResolver[] delegates;
 
-  public BestEfforSourcePathResolver(SourcePathResolver... delegates) {
+  public BestEffortSourcePathResolver(SourcePathResolver... delegates) {
     this.delegates = delegates;
   }
 
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolverImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/ByteCodeMethodLinesResolver.java
similarity index 95%
rename from dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolverImpl.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/ByteCodeMethodLinesResolver.java
index 944a28cb765..8d5d3d26411 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolverImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/ByteCodeMethodLinesResolver.java
@@ -16,9 +16,9 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-public class MethodLinesResolverImpl implements MethodLinesResolver {
+public class ByteCodeMethodLinesResolver implements MethodLinesResolver {
 
-  private static final Logger log = LoggerFactory.getLogger(MethodLinesResolverImpl.class);
+  private static final Logger log = LoggerFactory.getLogger(ByteCodeMethodLinesResolver.class);
 
   private final DDCache<Class<?>, ClassMethodLines> methodLinesCache =
       DDCaches.newFixedSizeIdentityCache(16);
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedMethodLinesResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedMethodLinesResolver.java
new file mode 100644
index 00000000000..15bdaae5b01
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedMethodLinesResolver.java
@@ -0,0 +1,21 @@
+package datadog.trace.civisibility.source;
+
+import datadog.compiler.utils.CompilerUtils;
+import java.lang.reflect.Method;
+import javax.annotation.Nonnull;
+
+public class CompilerAidedMethodLinesResolver implements MethodLinesResolver {
+  @Nonnull
+  @Override
+  public MethodLines getLines(@Nonnull Method method) {
+    int startLine = CompilerUtils.getStartLine(method);
+    if (startLine <= 0) {
+      return MethodLines.EMPTY;
+    }
+    int endLine = CompilerUtils.getEndLine(method);
+    if (endLine <= 0) {
+      return MethodLines.EMPTY;
+    }
+    return new MethodLines(startLine, endLine);
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedSourcePathResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedSourcePathResolver.java
index 18d77fe96a2..c8000a10ce8 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedSourcePathResolver.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/CompilerAidedSourcePathResolver.java
@@ -1,7 +1,6 @@
 package datadog.trace.civisibility.source;
 
 import datadog.compiler.utils.CompilerUtils;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
 import java.io.File;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolver.java
index 99cd72c5b2f..0c046927f10 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolver.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/MethodLinesResolver.java
@@ -1,6 +1,7 @@
 package datadog.trace.civisibility.source;
 
 import java.lang.reflect.Method;
+import java.util.Objects;
 import javax.annotation.Nonnull;
 
 public interface MethodLinesResolver {
@@ -30,5 +31,22 @@ public int getFinishLineNumber() {
     public boolean isValid() {
       return startLineNumber <= finishLineNumber;
     }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) {
+        return true;
+      }
+      if (o == null || getClass() != o.getClass()) {
+        return false;
+      }
+      MethodLines that = (MethodLines) o;
+      return startLineNumber == that.startLineNumber && finishLineNumber == that.finishLineNumber;
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(startLineNumber, finishLineNumber);
+    }
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/source/SourcePathResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/SourcePathResolver.java
similarity index 88%
rename from internal-api/src/main/java/datadog/trace/api/civisibility/source/SourcePathResolver.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/SourcePathResolver.java
index 97adfbe7fc6..23c0f2682c8 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/source/SourcePathResolver.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/SourcePathResolver.java
@@ -1,4 +1,4 @@
-package datadog.trace.api.civisibility.source;
+package datadog.trace.civisibility.source;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceRootResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageResolver.java
similarity index 52%
rename from dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceRootResolver.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageResolver.java
index 1a257b8fa5a..e409f2cba71 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceRootResolver.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageResolver.java
@@ -3,6 +3,6 @@
 import java.io.IOException;
 import java.nio.file.Path;
 
-public interface SourceRootResolver {
-  Path getSourceRoot(Path sourceFile) throws IOException;
+public interface PackageResolver {
+  Path getPackage(Path sourceFile) throws IOException;
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceRootResolverImpl.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageResolverImpl.java
similarity index 67%
rename from dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceRootResolverImpl.java
rename to dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageResolverImpl.java
index 315729a0ffc..6aedf77370a 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceRootResolverImpl.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageResolverImpl.java
@@ -8,34 +8,28 @@
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 
-class SourceRootResolverImpl implements SourceRootResolver {
+class PackageResolverImpl implements PackageResolver {
 
   private static final String PACKAGE_KEYWORD = "package";
   private final FileSystem fileSystem;
 
-  SourceRootResolverImpl(FileSystem fileSystem) {
+  PackageResolverImpl(FileSystem fileSystem) {
     this.fileSystem = fileSystem;
   }
 
   /**
-   * Given a path to a Java source file, returns its source root (i.e. path without the filename and
-   * package folders).
-   *
-   * <p>For example, a class <code>foo.bar.MyClass</code> located at <code>
-   * /repo/src/foo/bar/MyClass.java</code> will have the source root <code>/repo/src</code>
+   * Given a path to a source file, returns its package path.
    *
    * <p>The implementation of this method is rather naive: it does not actually parse the file, nor
    * does it build an AST.
    *
-   * <p>It simply looks for a line, that contains the <code>package</code> keyword, extracts the
+   * <p>It simply looks for a line, that contains the <code>package</code> keyword and extracts the
    * part that goes after it and until the nearest <code>;</code> character, then verifies that the
-   * extracted part looks plausible by checking the actual file path (package path is the suffix
-   * that is stripped from the full path in order to get the source root).
+   * extracted part looks plausible by checking the actual file path.
    */
   @Override
-  public Path getSourceRoot(Path sourceFile) throws IOException {
+  public Path getPackage(Path sourceFile) throws IOException {
     Path folder = sourceFile.getParent();
-
     try (BufferedReader br = Files.newBufferedReader(sourceFile)) {
       String line;
       while ((line = br.readLine()) != null) {
@@ -53,7 +47,7 @@ public Path getSourceRoot(Path sourceFile) throws IOException {
 
         int packageNameEnd = line.indexOf(';', packageNameStart);
         if (packageNameEnd == -1) {
-          packageNameEnd = lineLength; // no ';' is possible if this is a groovy file
+          packageNameEnd = lineLength; // no ';' is possible if this is a Groovy file
         }
 
         String packageName = line.substring(packageNameStart, packageNameEnd);
@@ -64,18 +58,13 @@ public Path getSourceRoot(Path sourceFile) throws IOException {
           continue;
         }
 
-        if (!folder.endsWith(packagePath)) {
-          continue;
+        if (folder.endsWith(packagePath)) {
+          return packagePath;
         }
-
-        // remove package path suffix from folder path to get source root
-        return folder
-            .getRoot()
-            .resolve(folder.subpath(0, folder.getNameCount() - packagePath.getNameCount()));
       }
     }
 
     // apparently there is no package declaration - class is located in the default package
-    return folder;
+    return fileSystem.getPath("");
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageTree.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageTree.java
new file mode 100644
index 00000000000..d7a9f5d35db
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/PackageTree.java
@@ -0,0 +1,148 @@
+package datadog.trace.civisibility.source.index;
+
+import java.nio.file.Path;
+import java.util.ArrayDeque;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Deque;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This class maintains the list of packages present in a repository.
+ *
+ * <p>If a package includes classes, all of its children packages are ignored (that is, if there are
+ * packages a/b, a/b/c, a/b/d, all of which contain classes, only a/b will be retained - a/b/c and
+ * a/b/d will be discarded as redundant).
+ *
+ * <p>The length of the list is limited by {@link #MAX_CHILDREN_LEAVES}. If there are more packages
+ * present than the limit, coarsening will happen (for instance, if there are packages a/b/c, a/b/d,
+ * b/c/d, b/c/e/f and the limit is 2, the packages will be coarsened and a/b, b/c will be retained
+ * as the result).
+ *
+ * <p>The intent is to be as specific as possible without exceeding the limit, so coarsening applies
+ * first to the "longest" package names (not in terms of the actual string length, but in terms of
+ * the number of segments separated by "."). If there are multiple packages with the same length,
+ * those that have more children will be coarsened first.
+ */
+public class PackageTree {
+
+  private static final int MAX_CHILDREN_LEAVES = 25;
+
+  private final Node root = new Node(null, "");
+
+  void add(Path packagePath) {
+    if (packagePath.toString().isEmpty()) {
+      return;
+    }
+    root.add(packagePath.iterator());
+  }
+
+  List<String> asList() {
+    truncateIfNeeded(root);
+
+    List<String> childrenPackages = new ArrayList<>(MAX_CHILDREN_LEAVES);
+    for (Node child : root.children.values()) {
+      child.stringify(childrenPackages, "");
+    }
+    return childrenPackages;
+  }
+
+  private static void truncateIfNeeded(Node root) {
+    Deque<List<Node>> nodesByDepth = new ArrayDeque<>();
+
+    List<Node> current = Collections.singletonList(root);
+    while (!current.isEmpty()) {
+      List<Node> next = new ArrayList<>();
+      for (Node treeNode : current) {
+        next.addAll(treeNode.children.values());
+      }
+      nodesByDepth.push(current);
+      current = next;
+    }
+
+    // start truncating with the deepest nodes
+    // (i.e. most specific packages names)
+    while (!nodesByDepth.isEmpty()) {
+      List<Node> nodes = nodesByDepth.pop();
+      // sorting the nodes now as leafChildren counts might have changed
+      // if their children were truncated
+      nodes.sort(Comparator.comparingInt(node -> -node.leafChildren));
+
+      for (Node node : nodes) {
+        if (root.leafChildren <= MAX_CHILDREN_LEAVES) {
+          // stop as soon as we have truncated enough, even if it's mid-level
+          return;
+        } else {
+          node.truncate();
+        }
+      }
+    }
+  }
+
+  private static final class Node {
+    private final Node parent;
+    private final String name;
+    private Map<String, Node> children = new HashMap<>();
+    private int leafChildren;
+    private boolean leaf;
+
+    private Node(Node parent, String name) {
+      this.parent = parent;
+      this.name = name;
+    }
+
+    private int add(Iterator<Path> iterator) {
+      if (leaf) {
+        return 0;
+
+      } else if (!iterator.hasNext()) {
+        leaf = true;
+        if (leafChildren == 0) {
+          return ++leafChildren;
+        } else {
+          // what used to be a non-leaf is now a leaf,
+          // truncating children
+          int delta = 1 - leafChildren;
+          children = Collections.emptyMap();
+          leafChildren = 1;
+          return delta;
+        }
+
+      } else {
+        Path element = iterator.next();
+        Node child =
+            children.computeIfAbsent(element.toString(), nodeName -> new Node(this, nodeName));
+        int delta = child.add(iterator);
+        leafChildren += delta;
+        return delta;
+      }
+    }
+
+    private void truncate() {
+      children = Collections.emptyMap();
+      leaf = true;
+
+      int delta = leafChildren - 1;
+      Node current = this;
+      while (current != null) {
+        current.leafChildren -= delta;
+        current = current.parent;
+      }
+    }
+
+    private void stringify(List<String> childrenPackages, String currentPath) {
+      currentPath += name + ".";
+      if (leaf) {
+        childrenPackages.add(currentPath + "*");
+      } else {
+        for (Node child : children.values()) {
+          child.stringify(childrenPackages, currentPath);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndex.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndex.java
index 10a735029ec..d8010aeb072 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndex.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndex.java
@@ -27,7 +27,8 @@
 public class RepoIndex {
 
   static final RepoIndex EMPTY =
-      new RepoIndex(ClassNameTrie.Builder.EMPTY_TRIE, Collections.emptyList());
+      new RepoIndex(
+          ClassNameTrie.Builder.EMPTY_TRIE, Collections.emptyList(), Collections.emptyList());
 
   private static final Logger log = LoggerFactory.getLogger(RepoIndex.class);
   private static final int ACCESS_MODIFIERS =
@@ -35,10 +36,16 @@ public class RepoIndex {
 
   private final ClassNameTrie trie;
   private final List<String> sourceRoots;
+  private final List<String> rootPackages;
 
-  RepoIndex(ClassNameTrie trie, List<String> sourceRoots) {
+  RepoIndex(ClassNameTrie trie, List<String> sourceRoots, List<String> rootPackages) {
     this.trie = trie;
     this.sourceRoots = sourceRoots;
+    this.rootPackages = rootPackages;
+  }
+
+  public List<String> getRootPackages() {
+    return rootPackages;
   }
 
   @Nullable
@@ -66,6 +73,16 @@ public String getSourcePath(@Nonnull Class<?> c) {
     }
   }
 
+  @Nullable
+  public String getSourcePath(String pathRelativeToSourceRoot) {
+    int sourceRootIdx = trie.apply(pathRelativeToSourceRoot);
+    if (sourceRootIdx >= 0) {
+      return sourceRoots.get(sourceRootIdx) + File.separator + pathRelativeToSourceRoot;
+    } else {
+      return null;
+    }
+  }
+
   private SourceType detectSourceType(Class<?> c) {
     Class<?>[] interfaces = c.getInterfaces();
     for (Class<?> anInterface : interfaces) {
@@ -81,6 +98,9 @@ private SourceType detectSourceType(Class<?> c) {
       if ("kotlin.Metadata".equals(annotationType.getName())) {
         return SourceType.KOTLIN;
       }
+      if ("scala.reflect.ScalaSignature".equals(annotationType.getName())) {
+        return SourceType.SCALA;
+      }
     }
 
     // assuming Java
@@ -169,10 +189,10 @@ public ByteBuffer serialize() {
     byte[] serializedTrie = byteArrayOutputStream.toByteArray();
     totalLength = Integer.BYTES + serializedTrie.length;
 
-    int idx = 0;
+    int sourceRootIdx = 0;
     byte[][] sourceRootBytes = new byte[sourceRoots.size()][];
     for (String sourceRoot : sourceRoots) {
-      sourceRootBytes[idx++] = sourceRoot.getBytes(StandardCharsets.UTF_8);
+      sourceRootBytes[sourceRootIdx++] = sourceRoot.getBytes(StandardCharsets.UTF_8);
     }
 
     totalLength += Integer.BYTES;
@@ -180,6 +200,17 @@ public ByteBuffer serialize() {
       totalLength += Integer.BYTES + sourceRoot.length;
     }
 
+    int rootPackageIds = 0;
+    byte[][] rootPackageBytes = new byte[rootPackages.size()][];
+    for (String rootPackage : rootPackages) {
+      rootPackageBytes[rootPackageIds++] = rootPackage.getBytes(StandardCharsets.UTF_8);
+    }
+
+    totalLength += Integer.BYTES;
+    for (byte[] rootPackage : rootPackageBytes) {
+      totalLength += Integer.BYTES + rootPackage.length;
+    }
+
     ByteBuffer buffer = ByteBuffer.allocate(totalLength);
     buffer.putInt(serializedTrie.length);
     buffer.put(serializedTrie);
@@ -190,6 +221,12 @@ public ByteBuffer serialize() {
       buffer.put(sourceRoot);
     }
 
+    buffer.putInt(rootPackageBytes.length);
+    for (byte[] rootPackage : rootPackageBytes) {
+      buffer.putInt(rootPackage.length);
+      buffer.put(rootPackage);
+    }
+
     buffer.flip();
     return buffer;
   }
@@ -216,6 +253,16 @@ public static RepoIndex deserialize(ByteBuffer buffer) {
       buffer.get(sourceRootBytes);
       sourceRoots.add(new String(sourceRootBytes, StandardCharsets.UTF_8));
     }
-    return new RepoIndex(trie, sourceRoots);
+
+    int rootPackagesCount = buffer.getInt();
+    List<String> rootPackages = new ArrayList<>(rootPackagesCount);
+    while (rootPackagesCount-- > 0) {
+      int rootPackageLength = buffer.getInt();
+      byte[] rootPackageBytes = new byte[rootPackageLength];
+      buffer.get(rootPackageBytes);
+      rootPackages.add(new String(rootPackageBytes, StandardCharsets.UTF_8));
+    }
+
+    return new RepoIndex(trie, sourceRoots, rootPackages);
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexBuilder.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexBuilder.java
index 0904b5abb02..d0d0675e001 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexBuilder.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexBuilder.java
@@ -21,7 +21,7 @@ public class RepoIndexBuilder implements RepoIndexProvider {
   private static final Logger log = LoggerFactory.getLogger(RepoIndexBuilder.class);
 
   private final String repoRoot;
-  private final SourceRootResolver sourceRootResolver;
+  private final PackageResolver packageResolver;
   private final FileSystem fileSystem;
 
   private final Object indexInitializationLock = new Object();
@@ -29,13 +29,13 @@ public class RepoIndexBuilder implements RepoIndexProvider {
 
   public RepoIndexBuilder(String repoRoot, FileSystem fileSystem) {
     this.repoRoot = repoRoot;
-    this.sourceRootResolver = new SourceRootResolverImpl(fileSystem);
+    this.packageResolver = new PackageResolverImpl(fileSystem);
     this.fileSystem = fileSystem;
   }
 
-  RepoIndexBuilder(String repoRoot, SourceRootResolver sourceRootResolver, FileSystem fileSystem) {
+  RepoIndexBuilder(String repoRoot, PackageResolver packageResolver, FileSystem fileSystem) {
     this.repoRoot = repoRoot;
-    this.sourceRootResolver = sourceRootResolver;
+    this.packageResolver = packageResolver;
     this.fileSystem = fileSystem;
   }
 
@@ -60,7 +60,7 @@ private RepoIndex doGetIndex() {
 
     Path repoRootPath = fileSystem.getPath(repoRoot);
     RepoIndexingFileVisitor repoIndexingFileVisitor =
-        new RepoIndexingFileVisitor(sourceRootResolver, repoRootPath);
+        new RepoIndexingFileVisitor(packageResolver, repoRootPath);
 
     long startTime = System.currentTimeMillis();
     try {
@@ -75,31 +75,34 @@ private RepoIndex doGetIndex() {
 
     long duration = System.currentTimeMillis() - startTime;
     RepoIndexingStats stats = repoIndexingFileVisitor.indexingStats;
+    RepoIndex index = repoIndexingFileVisitor.getIndex();
     log.info(
-        "Indexing took {} ms. Files visited: {}, source files visited: {}, source roots found: {}",
+        "Indexing took {} ms. Files visited: {}, source files visited: {}, source roots found: {}, root packages found: {}",
         duration,
         stats.filesVisited,
         stats.sourceFilesVisited,
-        stats.sourceRoots);
-
-    return repoIndexingFileVisitor.getIndex();
+        repoIndexingFileVisitor.sourceRoots.size(),
+        index.getRootPackages());
+    return index;
   }
 
   private static final class RepoIndexingFileVisitor implements FileVisitor<Path> {
 
     private static final Logger log = LoggerFactory.getLogger(RepoIndexingFileVisitor.class);
 
-    private final SourceRootResolver sourceRootResolver;
+    private final PackageResolver packageResolver;
     private final ClassNameTrie.Builder trieBuilder;
     private final LinkedHashSet<String> sourceRoots;
+    private final PackageTree packageTree;
     private final RepoIndexingStats indexingStats;
     private final Path repoRoot;
 
-    private RepoIndexingFileVisitor(SourceRootResolver sourceRootResolver, Path repoRoot) {
-      this.sourceRootResolver = sourceRootResolver;
+    private RepoIndexingFileVisitor(PackageResolver packageResolver, Path repoRoot) {
+      this.packageResolver = packageResolver;
       this.repoRoot = repoRoot;
       trieBuilder = new ClassNameTrie.Builder();
       sourceRoots = new LinkedHashSet<>();
+      packageTree = new PackageTree();
       indexingStats = new RepoIndexingStats();
     }
 
@@ -118,9 +121,11 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
         if (sourceType != null) {
           indexingStats.sourceFilesVisited++;
 
-          Path currentSourceRoot = sourceRootResolver.getSourceRoot(file);
+          Path packagePath = packageResolver.getPackage(file);
+          packageTree.add(packagePath);
+
+          Path currentSourceRoot = getSourceRoot(file, packagePath);
           sourceRoots.add(repoRoot.relativize(currentSourceRoot).toString());
-          indexingStats.sourceRoots++;
 
           Path relativePath = currentSourceRoot.relativize(file);
           String classNameWithExtension = relativePath.toString().replace(File.separatorChar, '.');
@@ -134,6 +139,14 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
       return FileVisitResult.CONTINUE;
     }
 
+    private Path getSourceRoot(Path file, Path packagePath) {
+      Path folder = file.getParent();
+      // remove package path suffix from folder path to get source root
+      return folder
+          .getRoot()
+          .resolve(folder.subpath(0, folder.getNameCount() - packagePath.getNameCount()));
+    }
+
     @Override
     public FileVisitResult visitFileFailed(Path file, IOException exc) {
       if (exc != null) {
@@ -151,13 +164,13 @@ public FileVisitResult postVisitDirectory(Path dir, IOException exc) {
     }
 
     public RepoIndex getIndex() {
-      return new RepoIndex(trieBuilder.buildTrie(), new ArrayList<>(sourceRoots));
+      return new RepoIndex(
+          trieBuilder.buildTrie(), new ArrayList<>(sourceRoots), packageTree.asList());
     }
   }
 
   private static final class RepoIndexingStats {
     int filesVisited;
     int sourceFilesVisited;
-    int sourceRoots;
   }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexFetcher.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexFetcher.java
index e799ef1d488..98bd651e4f4 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexFetcher.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexFetcher.java
@@ -3,7 +3,6 @@
 import datadog.trace.civisibility.ipc.RepoIndexRequest;
 import datadog.trace.civisibility.ipc.RepoIndexResponse;
 import datadog.trace.civisibility.ipc.SignalClient;
-import java.util.function.Supplier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -11,11 +10,11 @@ public class RepoIndexFetcher implements RepoIndexProvider {
 
   private static final Logger log = LoggerFactory.getLogger(RepoIndexFetcher.class);
 
-  private final Supplier<SignalClient> signalClientFactory;
+  private final SignalClient.Factory signalClientFactory;
   private final Object indexInitializationLock = new Object();
   private volatile RepoIndex index;
 
-  public RepoIndexFetcher(Supplier<SignalClient> signalClientFactory) {
+  public RepoIndexFetcher(SignalClient.Factory signalClientFactory) {
     this.signalClientFactory = signalClientFactory;
   }
 
@@ -32,7 +31,7 @@ public RepoIndex getIndex() {
   }
 
   private RepoIndex doGetIndex() {
-    try (SignalClient signalClient = signalClientFactory.get()) {
+    try (SignalClient signalClient = signalClientFactory.create()) {
       RepoIndexResponse response = (RepoIndexResponse) signalClient.send(RepoIndexRequest.INSTANCE);
       return response.getIndex();
     } catch (Exception e) {
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolver.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolver.java
index 845bd76120c..5ccea333d79 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolver.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolver.java
@@ -1,7 +1,7 @@
 package datadog.trace.civisibility.source.index;
 
 import datadog.trace.api.Config;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
+import datadog.trace.civisibility.source.SourcePathResolver;
 import java.net.URL;
 import java.nio.file.FileSystem;
 import java.security.CodeSource;
@@ -20,9 +20,9 @@ public RepoIndexSourcePathResolver(String repoRoot, RepoIndexProvider indexProvi
   }
 
   RepoIndexSourcePathResolver(
-      String repoRoot, SourceRootResolver sourceRootResolver, FileSystem fileSystem) {
+      String repoRoot, PackageResolver packageResolver, FileSystem fileSystem) {
     this.repoRoot = repoRoot;
-    this.indexProvider = new RepoIndexBuilder(repoRoot, sourceRootResolver, fileSystem);
+    this.indexProvider = new RepoIndexBuilder(repoRoot, packageResolver, fileSystem);
   }
 
   @Nullable
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceType.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceType.java
index ea28658745a..792dba71118 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceType.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/source/index/SourceType.java
@@ -3,7 +3,10 @@
 enum SourceType {
   JAVA(".java"),
   GROOVY(".groovy"),
-  KOTLIN(".kt");
+  KOTLIN(".kt"),
+  SCALA(".scala");
+
+  private static final SourceType[] UNIVERSE = SourceType.values();
 
   private final String extension;
 
@@ -16,7 +19,7 @@ public String getExtension() {
   }
 
   static SourceType getByFileName(String fileName) {
-    for (SourceType sourceType : values()) {
+    for (SourceType sourceType : UNIVERSE) {
       if (fileName.endsWith(sourceType.extension)) {
         return sourceType;
       }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/CIUtils.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/CIUtils.java
deleted file mode 100644
index fcdc37cb1ee..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/CIUtils.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package datadog.trace.civisibility.utils;
-
-import java.nio.file.Files;
-import java.nio.file.Path;
-
-public final class CIUtils {
-
-  private CIUtils() {}
-
-  /**
-   * Search the parent path that contains the target file. If the current path does not have the
-   * target file, the method continues with the parent path. If the path is not found, it returns
-   * null.
-   *
-   * @param current
-   * @param target
-   * @return the parent path that contains the target file.
-   */
-  public static Path findParentPathBackwards(
-      final Path current, final String target, final boolean isTargetDirectory) {
-    if (current == null || target == null || target.isEmpty()) {
-      return null;
-    }
-
-    final Path targetPath = current.resolve(target);
-    if (Files.exists(targetPath)) {
-      if (isTargetDirectory && Files.isDirectory(targetPath)) {
-        return current;
-      } else if (!isTargetDirectory && Files.isRegularFile(targetPath)) {
-        return current;
-      } else {
-        return findParentPathBackwards(current.getParent(), target, isTargetDirectory);
-      }
-    } else {
-      return findParentPathBackwards(current.getParent(), target, isTargetDirectory);
-    }
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/FileUtils.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/FileUtils.java
index efa29999f24..9c4cffdfd4e 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/FileUtils.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/FileUtils.java
@@ -1,5 +1,6 @@
 package datadog.trace.civisibility.utils;
 
+import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.io.IOException;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
@@ -7,6 +8,7 @@
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
 
+@SuppressForbidden
 public abstract class FileUtils {
 
   private FileUtils() {}
@@ -29,4 +31,47 @@ public FileVisitResult postVisitDirectory(Path dir, IOException exc) throws IOEx
           }
         });
   }
+
+  /**
+   * Search the parent path that contains the target file. If the current path does not have the
+   * target file, the method continues with the parent path. If the path is not found, it returns
+   * null.
+   *
+   * @param current
+   * @param target
+   * @return the parent path that contains the target file.
+   */
+  public static Path findParentPathBackwards(
+      final Path current, final String target, final boolean isTargetDirectory) {
+    if (current == null || target == null || target.isEmpty()) {
+      return null;
+    }
+
+    final Path targetPath = current.resolve(target);
+    if (Files.exists(targetPath)) {
+      if (isTargetDirectory && Files.isDirectory(targetPath)) {
+        return current;
+      } else if (!isTargetDirectory && Files.isRegularFile(targetPath)) {
+        return current;
+      } else {
+        return findParentPathBackwards(current.getParent(), target, isTargetDirectory);
+      }
+    } else {
+      return findParentPathBackwards(current.getParent(), target, isTargetDirectory);
+    }
+  }
+
+  public static String expandTilde(final String path) {
+    if (path == null || !path.startsWith("~")) {
+      return path;
+    }
+
+    if (!path.equals("~") && !path.startsWith("~/")) {
+      // Home dir expansion is not supported for other user.
+      // Returning path without modifications.
+      return path;
+    }
+
+    return path.replaceFirst("^~", System.getProperty("user.home"));
+  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/IOUtils.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/IOUtils.java
index f2a2735bb0a..320a61ac5e2 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/IOUtils.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/IOUtils.java
@@ -1,5 +1,6 @@
 package datadog.trace.civisibility.utils;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -22,11 +23,11 @@ public abstract class IOUtils {
 
   private IOUtils() {}
 
-  public static String readFully(InputStream input) throws IOException {
+  public static @NonNull String readFully(InputStream input) throws IOException {
     return readFully(input, Charset.defaultCharset());
   }
 
-  public static String readFully(InputStream input, Charset charset) throws IOException {
+  public static @NonNull String readFully(InputStream input, Charset charset) throws IOException {
     ByteArrayOutputStream output = new ByteArrayOutputStream();
     readFully(input, output);
     return new String(output.toByteArray(), charset);
@@ -40,17 +41,17 @@ public static void readFully(InputStream input, OutputStream output) throws IOEx
     }
   }
 
-  public static List<String> readLines(final InputStream input) throws IOException {
+  public static @NonNull List<String> readLines(final InputStream input) throws IOException {
     return readLines(input, Charset.defaultCharset());
   }
 
-  public static List<String> readLines(final InputStream input, final Charset charset)
+  public static @NonNull List<String> readLines(final InputStream input, final Charset charset)
       throws IOException {
     final InputStreamReader reader = new InputStreamReader(input, charset);
     return readLines(reader);
   }
 
-  public static List<String> readLines(final Reader input) throws IOException {
+  public static @NonNull List<String> readLines(final Reader input) throws IOException {
     final BufferedReader reader = new BufferedReader(input, DEFAULT_BUFFER_SIZE);
     final List<String> list = new ArrayList<>();
     String line = reader.readLine();
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/PathUtils.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/PathUtils.java
deleted file mode 100644
index 30143083fbe..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/PathUtils.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package datadog.trace.civisibility.utils;
-
-import de.thetaphi.forbiddenapis.SuppressForbidden;
-
-@SuppressForbidden
-public class PathUtils {
-  public static String expandTilde(final String path) {
-    if (path == null || !path.startsWith("~")) {
-      return path;
-    }
-
-    if (!path.equals("~") && !path.startsWith("~/")) {
-      // Home dir expansion is not supported for other user.
-      // Returning path without modifications.
-      return path;
-    }
-
-    return path.replaceFirst("^~", System.getProperty("user.home"));
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/ShellCommandExecutor.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/ShellCommandExecutor.java
index e4e7af8b74a..640752096d2 100644
--- a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/ShellCommandExecutor.java
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/ShellCommandExecutor.java
@@ -115,7 +115,7 @@ private <T> T executeCommand(
       if (p.waitFor(timeoutMillis, TimeUnit.MILLISECONDS)) {
         int exitValue = p.exitValue();
         if (exitValue != 0) {
-          throw new IOException(
+          throw new ShellCommandFailedException(
               "Command '"
                   + Strings.join(" ", command)
                   + "' failed with exit code "
@@ -193,4 +193,10 @@ public interface OutputParser<T> {
 
     T parse(InputStream inputStream) throws IOException;
   }
+
+  public static final class ShellCommandFailedException extends IOException {
+    public ShellCommandFailedException(String message) {
+      super(message);
+    }
+  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/SpanUtils.java b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/SpanUtils.java
new file mode 100644
index 00000000000..479ac19a1cb
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/utils/SpanUtils.java
@@ -0,0 +1,88 @@
+package datadog.trace.civisibility.utils;
+
+import datadog.trace.api.civisibility.CIConstants;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.function.Consumer;
+
+public class SpanUtils {
+  public static final Consumer<AgentSpan> DO_NOT_PROPAGATE_CI_VISIBILITY_TAGS = span -> {};
+
+  public static Consumer<AgentSpan> propagateCiVisibilityTagsTo(AgentSpan parentSpan) {
+    return childSpan -> propagateCiVisibilityTags(parentSpan, childSpan);
+  }
+
+  public static void propagateCiVisibilityTags(AgentSpan parentSpan, AgentSpan childSpan) {
+    mergeTag(parentSpan, childSpan, Tags.TEST_FRAMEWORK);
+    mergeTag(parentSpan, childSpan, Tags.TEST_FRAMEWORK_VERSION);
+    propagateStatus(parentSpan, childSpan);
+  }
+
+  public static void mergeTag(AgentSpan parentSpan, AgentSpan childSpan, String tagName) {
+    mergeTag(parentSpan, tagName, childSpan.getTag(tagName));
+  }
+
+  public static void mergeTag(AgentSpan span, String tagName, Object tagValue) {
+    if (tagValue == null) {
+      return;
+    }
+
+    Object existingValue = span.getTag(tagName);
+    if (existingValue == null) {
+      span.setTag(tagName, tagValue);
+      return;
+    }
+
+    if (existingValue.equals(tagValue)) {
+      return;
+    }
+
+    Collection<Object> updatedValue = new ArrayList<>();
+    if (existingValue instanceof Collection) {
+      updatedValue.addAll((Collection<Object>) existingValue);
+    } else {
+      updatedValue.add(existingValue);
+    }
+
+    if (tagValue instanceof Collection) {
+      for (Object value : (Collection<Object>) tagValue) {
+        if (!updatedValue.contains(value)) {
+          updatedValue.add(value);
+        }
+      }
+    } else {
+      if (!updatedValue.contains(tagValue)) {
+        updatedValue.add(tagValue);
+      }
+    }
+    span.setTag(tagName, updatedValue);
+  }
+
+  private static void propagateStatus(AgentSpan parentSpan, AgentSpan childSpan) {
+    String childStatus = (String) childSpan.getTag(Tags.TEST_STATUS);
+    if (childStatus == null) {
+      return;
+    }
+
+    String parentStatus = (String) parentSpan.getTag(Tags.TEST_STATUS);
+    switch (childStatus) {
+      case CIConstants.TEST_PASS:
+        if (parentStatus == null || CIConstants.TEST_SKIP.equals(parentStatus)) {
+          parentSpan.setTag(Tags.TEST_STATUS, CIConstants.TEST_PASS);
+        }
+        break;
+      case CIConstants.TEST_FAIL:
+        parentSpan.setTag(Tags.TEST_STATUS, CIConstants.TEST_FAIL);
+        break;
+      case CIConstants.TEST_SKIP:
+        if (parentStatus == null) {
+          parentSpan.setTag(Tags.TEST_STATUS, CIConstants.TEST_SKIP);
+        }
+        break;
+      default:
+        break;
+    }
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/DDTestImplTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/DDTestImplTest.groovy
index f29170cf9be..a372f5c42df 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/DDTestImplTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/DDTestImplTest.groovy
@@ -1,18 +1,16 @@
 package datadog.trace.civisibility
 
-
 import datadog.trace.agent.test.asserts.ListWriterAssert
 import datadog.trace.agent.tooling.TracerInstaller
 import datadog.trace.api.Config
 import datadog.trace.api.DDSpanTypes
 import datadog.trace.api.IdGenerationStrategy
-import datadog.trace.api.civisibility.InstrumentationBridge
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
 import datadog.trace.civisibility.codeowners.CodeownersImpl
-import datadog.trace.civisibility.context.ParentProcessTestContext
 import datadog.trace.civisibility.coverage.NoopCoverageProbeStore
 import datadog.trace.civisibility.decorator.TestDecoratorImpl
 import datadog.trace.civisibility.source.MethodLinesResolver
+import datadog.trace.civisibility.utils.SpanUtils
 import datadog.trace.common.writer.ListWriter
 import datadog.trace.core.CoreTracer
 import datadog.trace.test.util.DDSpecification
@@ -42,8 +40,6 @@ class DDTestImplTest extends DDSpecification {
       def agentSpan = callRealMethod()
       agentSpan
     }
-
-    InstrumentationBridge.registerCoverageProbeStoreFactory(new NoopCoverageProbeStore.NoopCoverageProbeStoreFactory())
   }
 
   void cleanupSpec() {
@@ -109,30 +105,29 @@ class DDTestImplTest extends DDSpecification {
     def moduleId = 456
     def suiteId = 789
 
-    def moduleContext = new ParentProcessTestContext(sessionId, moduleId)
-    def suiteContext = new ParentProcessTestContext(moduleId, suiteId)
-
     def config = Config.get()
     def testDecorator = new TestDecoratorImpl("component", [:])
     def sourcePathResolver = { it -> null }
     def methodLinesResolver = { it -> MethodLinesResolver.MethodLines.EMPTY }
     def codeowners = CodeownersImpl.EMPTY
-
+    def coverageProbeStoreFactory = new NoopCoverageProbeStore.NoopCoverageProbeStoreFactory()
     new DDTestImpl(
-      suiteContext,
-      moduleContext,
+      sessionId,
+      moduleId,
+      suiteId,
       "moduleName",
       "suiteName",
       "testName",
       null,
       null,
       null,
-      null,
       config,
       testDecorator,
       sourcePathResolver,
       methodLinesResolver,
-      codeowners
+      codeowners,
+      coverageProbeStoreFactory,
+      SpanUtils.DO_NOT_PROPAGATE_CI_VISIBILITY_TAGS
       )
   }
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/AwsCodePipelineInfoTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/AwsCodePipelineInfoTest.groovy
new file mode 100644
index 00000000000..bff684f4a00
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/AwsCodePipelineInfoTest.groovy
@@ -0,0 +1,30 @@
+package datadog.trace.civisibility.ci
+
+import java.nio.file.Path
+
+class AwsCodePipelineInfoTest extends CITagsProviderTest {
+
+  @Override
+  String getProviderName() {
+    return AwsCodePipelineInfo.AWS_CODEPIPELINE_PROVIDER_NAME
+  }
+
+  @Override
+  Map<String, String> buildRemoteGitInfoEmpty() {
+    final Map<String, String> map = new HashMap<>()
+    map.put(AwsCodePipelineInfo.AWS_CODEPIPELINE, "codepipeline")
+    return map
+  }
+
+  @Override
+  Map<String, String> buildRemoteGitInfoMismatchLocalGit() {
+    final Map<String, String> map = new HashMap<>()
+    map.put(AwsCodePipelineInfo.AWS_CODEPIPELINE, "codepipeline")
+    return map
+  }
+
+  @Override
+  Path getWorkspacePath() {
+    null
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/CITagsProviderTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/CITagsProviderTest.groovy
index 776c02d9707..616f7ea18db 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/CITagsProviderTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/CITagsProviderTest.groovy
@@ -7,6 +7,7 @@ import datadog.trace.api.git.UserSuppliedGitInfoBuilder
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.git.CILocalGitInfoBuilder
 import datadog.trace.civisibility.git.CIProviderGitInfoBuilder
+import datadog.trace.civisibility.git.tree.GitClient
 import org.junit.Rule
 import org.junit.contrib.java.lang.system.EnvironmentVariables
 import org.junit.contrib.java.lang.system.RestoreSystemProperties
@@ -167,10 +168,13 @@ abstract class CITagsProviderTest extends Specification {
   }
 
   CITagsProvider ciTagsProvider() {
+    GitClient.Factory gitClientFactory = Stub(GitClient.Factory)
+    gitClientFactory.create(_) >> Stub(GitClient)
+
     GitInfoProvider gitInfoProvider = new GitInfoProvider()
     gitInfoProvider.registerGitInfoBuilder(new UserSuppliedGitInfoBuilder())
     gitInfoProvider.registerGitInfoBuilder(new CIProviderGitInfoBuilder())
-    gitInfoProvider.registerGitInfoBuilder(new CILocalGitInfoBuilder(GIT_FOLDER_FOR_TESTS))
+    gitInfoProvider.registerGitInfoBuilder(new CILocalGitInfoBuilder(gitClientFactory, GIT_FOLDER_FOR_TESTS))
     return new CITagsProvider(gitInfoProvider)
   }
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/UnknownCIInfoTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/UnknownCIInfoTest.groovy
index 761e42176c2..333f554c8d4 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/UnknownCIInfoTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ci/UnknownCIInfoTest.groovy
@@ -6,12 +6,13 @@ import datadog.trace.api.git.UserSuppliedGitInfoBuilder
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.git.CILocalGitInfoBuilder
 import datadog.trace.civisibility.git.CIProviderGitInfoBuilder
+import datadog.trace.civisibility.git.tree.GitClient
 
 import java.nio.file.Paths
 
 class UnknownCIInfoTest extends CITagsProviderTest {
 
-  def workspaceForTests = Paths.get(getClass().getClassLoader().getResource(CITagsProviderTest.CI_WORKSPACE_PATH_FOR_TESTS).toURI())
+  def workspaceForTests = Paths.get(getClass().getClassLoader().getResource(CI_WORKSPACE_PATH_FOR_TESTS).toURI())
 
   @Override
   String getProviderName() {
@@ -55,10 +56,13 @@ class UnknownCIInfoTest extends CITagsProviderTest {
 
   def "test workspace is null if target folder does not exist"() {
     when:
+    def gitClientFactory = Stub(GitClient.Factory)
+    gitClientFactory.create(_) >> Stub(GitClient)
+
     GitInfoProvider gitInfoProvider = new GitInfoProvider()
     gitInfoProvider.registerGitInfoBuilder(new UserSuppliedGitInfoBuilder())
     gitInfoProvider.registerGitInfoBuilder(new CIProviderGitInfoBuilder())
-    gitInfoProvider.registerGitInfoBuilder(new CILocalGitInfoBuilder("this-target-folder-does-not-exist"))
+    gitInfoProvider.registerGitInfoBuilder(new CILocalGitInfoBuilder(gitClientFactory, "this-target-folder-does-not-exist"))
     CIProviderInfoFactory ciProviderInfoFactory = new CIProviderInfoFactory(Config.get(), "this-target-folder-does-not-exist")
 
     def ciProviderInfo = ciProviderInfoFactory.createCIProviderInfo(workspaceForTests)
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/config/JvmInfoFactoryTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/config/JvmInfoFactoryTest.groovy
index 0bfa76e175e..db6a991d2df 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/config/JvmInfoFactoryTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/config/JvmInfoFactoryTest.groovy
@@ -1,6 +1,6 @@
 package datadog.trace.civisibility.config
 
-import datadog.trace.api.civisibility.config.JvmInfo
+
 import datadog.trace.util.ProcessUtils
 import spock.lang.Specification
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/decorator/TestDecoratorImplTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/decorator/TestDecoratorImplTest.groovy
index f343dcf44ac..48a15b6bde0 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/decorator/TestDecoratorImplTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/decorator/TestDecoratorImplTest.groovy
@@ -40,14 +40,6 @@ class TestDecoratorImplTest extends Specification {
     serviceName << ["test-service", "other-service", null]
   }
 
-  def "test beforeFinish"() {
-    when:
-    newDecorator().beforeFinish(span)
-
-    then:
-    0 * _
-  }
-
   static newDecorator() {
     new TestDecoratorImpl("test-component", ["ci-tag-1": "value", "ci-tag-2": "another value"])
   }
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/CILocalGitInfoBuilderTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/CILocalGitInfoBuilderTest.groovy
index d484f28bfdc..e040aa33af8 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/CILocalGitInfoBuilderTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/CILocalGitInfoBuilderTest.groovy
@@ -1,6 +1,6 @@
 package datadog.trace.civisibility.git
 
-
+import datadog.trace.civisibility.git.tree.GitClient
 import spock.lang.Specification
 
 import java.nio.file.Paths
@@ -9,7 +9,10 @@ class CILocalGitInfoBuilderTest extends Specification {
 
   def "returns empty git info when repository path is not specified"() {
     setup:
-    def builder = new CILocalGitInfoBuilder(".git")
+    def gitClientFactory = Stub(GitClient.Factory)
+    gitClientFactory.create(_) >> Stub(GitClient)
+
+    def builder = new CILocalGitInfoBuilder(gitClientFactory,".git")
 
     when:
     def gitInfo = builder.build(null)
@@ -21,7 +24,10 @@ class CILocalGitInfoBuilderTest extends Specification {
 
   def "parses git info"() {
     setup:
-    def builder = new CILocalGitInfoBuilder("git_folder_for_tests")
+    def gitClientFactory = Stub(GitClient.Factory)
+    gitClientFactory.create(_) >> Stub(GitClient)
+
+    def builder = new CILocalGitInfoBuilder(gitClientFactory, "git_folder_for_tests")
     def workspace = resolve("ci/ci_workspace_for_tests")
 
     when:
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/GitClientGitInfoBuilderTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/GitClientGitInfoBuilderTest.groovy
new file mode 100644
index 00000000000..d9b1cf143fa
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/GitClientGitInfoBuilderTest.groovy
@@ -0,0 +1,63 @@
+package datadog.trace.civisibility.git
+
+import datadog.trace.api.Config
+import datadog.trace.civisibility.git.tree.GitClient
+import datadog.trace.civisibility.utils.IOUtils
+import spock.lang.Specification
+import spock.lang.TempDir
+
+import java.nio.file.Files
+import java.nio.file.Path
+import java.nio.file.Paths
+
+class GitClientGitInfoBuilderTest extends Specification {
+
+  private static final int GIT_COMMAND_TIMEOUT_MILLIS = 10_000
+
+  private static final String GIT_FOLDER = ".git"
+
+  @TempDir
+  private Path tempDir
+
+  def "test git client info builder"() {
+    given:
+    givenGitRepo()
+
+    def config = Stub(Config)
+    config.getCiVisibilityGitRemoteName() >> "origin"
+    config.getCiVisibilityGitCommandTimeoutMillis() >> GIT_COMMAND_TIMEOUT_MILLIS
+
+    def gitClientFactory = new GitClient.Factory(config)
+    def infoBuilder = new GitClientGitInfoBuilder(config, gitClientFactory)
+
+    when:
+    def gitInfo = infoBuilder.build(tempDir.toAbsolutePath().toString())
+
+    then:
+    gitInfo.repositoryURL == "git@github.com:DataDog/dd-trace-dotnet.git"
+    gitInfo.branch == "master"
+    gitInfo.tag == null
+    gitInfo.commit.sha == "5b6f3a6dab5972d73a56dff737bd08d995255c08"
+    gitInfo.commit.author.name == "Tony Redondo"
+    gitInfo.commit.author.email == "tony.redondo@datadoghq.com"
+    gitInfo.commit.author.iso8601Date == "2021-02-26T19:32:13+01:00"
+    gitInfo.commit.committer.name == "GitHub"
+    gitInfo.commit.committer.email == "noreply@github.com"
+    gitInfo.commit.committer.iso8601Date == "2021-02-26T19:32:13+01:00"
+    gitInfo.commit.fullMessage == "Adding Git information to test spans (#1242)\n\n" +
+      "* Initial basic GitInfo implementation.\r\n\r\n" +
+      "* Adds Author, Committer and Message git parser.\r\n\r\n" +
+      "* Changes based on the review."
+  }
+
+  private void givenGitRepo() {
+    givenGitRepo("ci/git/with_pack/git")
+  }
+
+  private void givenGitRepo(String resourceName) {
+    def gitFolder = Paths.get(getClass().getClassLoader().getResource(resourceName).toURI())
+    def tempGitFolder = tempDir.resolve(GIT_FOLDER)
+    Files.createDirectories(tempGitFolder)
+    IOUtils.copyFolder(gitFolder, tempGitFolder)
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitClientTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitClientTest.groovy
index 5a41e389a7f..68f29205469 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitClientTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitClientTest.groovy
@@ -14,6 +14,8 @@ class GitClientTest extends Specification {
 
   private static final int GIT_COMMAND_TIMEOUT_MILLIS = 10_000
 
+  private static final String GIT_FOLDER = ".git"
+
   @TempDir
   private Path tempDir
 
@@ -41,7 +43,19 @@ class GitClientTest extends Specification {
     shallow
   }
 
-  def "test unshallow"() {
+  def "test get upstream branch SHA"() {
+    given:
+    givenGitRepo("ci/git/shallow/git")
+
+    when:
+    def gitClient = givenGitClient()
+    def upstreamBranch = gitClient.getUpstreamBranchSha()
+
+    then:
+    upstreamBranch == "98b944cc44f18bfb78e3021de2999cdcda8efdf6"
+  }
+
+  def "test unshallow: #remoteSha"() {
     given:
     givenGitRepo("ci/git/shallow/git")
 
@@ -55,13 +69,28 @@ class GitClientTest extends Specification {
     commits.size() == 1
 
     when:
-    gitClient.unshallow()
+    gitClient.unshallow(remoteSha)
     shallow = gitClient.isShallow()
     commits = gitClient.getLatestCommits()
 
     then:
     !shallow
     commits.size() == 10
+
+    where:
+    remoteSha << [GitClient.HEAD, null]
+  }
+
+  def "test get git folder"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def folder = gitClient.getGitFolder()
+
+    then:
+    folder == tempDir.resolve(GIT_FOLDER).toRealPath().toString()
   }
 
   def "test get remote url"() {
@@ -76,6 +105,129 @@ class GitClientTest extends Specification {
     remoteUrl == "git@github.com:DataDog/dd-trace-dotnet.git"
   }
 
+  def "test get current branch"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def branch = gitClient.getCurrentBranch()
+
+    then:
+    branch == "master"
+  }
+
+  def "test get tags"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def tags = gitClient.getTags(GitClient.HEAD)
+
+    then:
+    tags.empty
+  }
+
+  def "test get sha"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def sha = gitClient.getSha(GitClient.HEAD)
+
+    then:
+    sha == "5b6f3a6dab5972d73a56dff737bd08d995255c08"
+  }
+
+  def "test get full message"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def message = gitClient.getFullMessage(GitClient.HEAD)
+
+    then:
+    message == "Adding Git information to test spans (#1242)\n\n" +
+      "* Initial basic GitInfo implementation.\r\n\r\n" +
+      "* Adds Author, Committer and Message git parser.\r\n\r\n" +
+      "* Changes based on the review."
+  }
+
+  def "test get author name"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def authorName = gitClient.getAuthorName(GitClient.HEAD)
+
+    then:
+    authorName == "Tony Redondo"
+  }
+
+  def "test get author email"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def authorEmail = gitClient.getAuthorEmail(GitClient.HEAD)
+
+    then:
+    authorEmail == "tony.redondo@datadoghq.com"
+  }
+
+  def "test get author date"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def authorDate = gitClient.getAuthorDate(GitClient.HEAD)
+
+    then:
+    authorDate == "2021-02-26T19:32:13+01:00"
+  }
+
+  def "test get committer name"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def authorName = gitClient.getCommitterName(GitClient.HEAD)
+
+    then:
+    authorName == "GitHub"
+  }
+
+  def "test get committer email"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def authorEmail = gitClient.getCommitterEmail(GitClient.HEAD)
+
+    then:
+    authorEmail == "noreply@github.com"
+  }
+
+  def "test get committer date"() {
+    given:
+    givenGitRepo()
+
+    when:
+    def gitClient = givenGitClient()
+    def authorDate = gitClient.getCommitterDate(GitClient.HEAD)
+
+    then:
+    authorDate == "2021-02-26T19:32:13+01:00"
+  }
+
   def "test get latest commits"() {
     given:
     givenGitRepo()
@@ -154,7 +306,7 @@ class GitClientTest extends Specification {
 
   private void givenGitRepo(String resourceName) {
     def gitFolder = Paths.get(getClass().getClassLoader().getResource(resourceName).toURI())
-    def tempGitFolder = tempDir.resolve(".git")
+    def tempGitFolder = tempDir.resolve(GIT_FOLDER)
     Files.createDirectories(tempGitFolder)
     IOUtils.copyFolder(gitFolder, tempGitFolder)
   }
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitDataUploaderImplTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitDataUploaderImplTest.groovy
index ef664bfeca7..34685918a74 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitDataUploaderImplTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/tree/GitDataUploaderImplTest.groovy
@@ -1,6 +1,8 @@
 package datadog.trace.civisibility.git.tree
 
 import datadog.trace.api.Config
+import datadog.trace.api.git.GitInfo
+import datadog.trace.api.git.GitInfoProvider
 import datadog.trace.civisibility.utils.IOUtils
 import org.hamcrest.Description
 import org.hamcrest.Matcher
@@ -24,19 +26,25 @@ class GitDataUploaderImplTest extends Specification {
     given:
     givenGitRepo()
 
+    def repoRoot = tempDir.toString()
+    def repoUrl = "<mockRepositoryUrl>"
+
     def config = Stub(Config) {
       getCiVisibilityGitUploadTimeoutMillis() >> 15_000
     }
     def api = Mock(GitDataApi)
-    def gitClient = new GitClient(tempDir.toString(), "25 years ago", 3, TIMEOUT_MILLIS)
-    def uploader = new GitDataUploaderImpl(config, api, gitClient, "origin")
+    def gitInfoProvider = Stub(GitInfoProvider)
+    gitInfoProvider.getGitInfo(repoRoot) >> new GitInfo(repoUrl, null, null, null)
+
+    def gitClient = new GitClient(repoRoot, "25 years ago", 3, TIMEOUT_MILLIS)
+    def uploader = new GitDataUploaderImpl(config, api, gitClient, gitInfoProvider, repoRoot, "origin")
 
     when:
     def future = uploader.startOrObserveGitDataUpload()
     future.get(TIMEOUT_MILLIS, TimeUnit.MILLISECONDS)
 
     then:
-    1 * api.searchCommits("git@github.com:DataDog/dd-trace-dotnet.git", [
+    1 * api.searchCommits(repoUrl, [
       "5b6f3a6dab5972d73a56dff737bd08d995255c08",
       "98cd7c8e9cf71e02dc28bd9b13928bee0f85b74c",
       "31ca182c0474f6265e660498c4fbcf775e23bba0",
@@ -46,7 +54,7 @@ class GitDataUploaderImplTest extends Specification {
     ]
 
     1 * api.uploadPackFile(
-      "git@github.com:DataDog/dd-trace-dotnet.git",
+      repoUrl,
       "5b6f3a6dab5972d73a56dff737bd08d995255c08",
       fileWithContents(Paths.get(getClass().getClassLoader().getResource("ci/git/uploadedPackFile.pack").toURI())))
     0 * _
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ChannelContextTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ChannelContextTest.groovy
index 0f5d508380a..5281d6abae7 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ChannelContextTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ChannelContextTest.groovy
@@ -1,5 +1,6 @@
 package datadog.trace.civisibility.ipc
 
+import datadog.trace.api.Platform
 import spock.lang.IgnoreIf
 import spock.lang.Specification
 
@@ -7,8 +8,8 @@ import java.nio.ByteBuffer
 import java.nio.channels.ByteChannel
 import java.util.concurrent.ThreadLocalRandom
 
-@IgnoreIf(reason = "JVM crash with IBM JDK", value = {
-  System.getProperty("java.vendor").contains("IBM") && System.getProperty("java.version").contains("1.8.")
+@IgnoreIf(reason = "JVM crash with OpenJ9", value = {
+  Platform.isJ9()
 })
 class ChannelContextTest extends Specification {
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ModuleExecutionResultTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ModuleExecutionResultTest.groovy
index 803eee8d37e..30acccbd18d 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ModuleExecutionResultTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/ModuleExecutionResultTest.groovy
@@ -14,13 +14,23 @@ class ModuleExecutionResultTest extends Specification {
     then:
     deserialized == signal
 
+
+
     where:
     signal << [
-      new ModuleExecutionResult(12345, 67890, false, false, 0, null, null),
-      new ModuleExecutionResult(12345, 67890, true, false, 1, "junit", "4.13.2"),
-      new ModuleExecutionResult(12345, 67890, false, true, 2, null, "4.13.2"),
-      new ModuleExecutionResult(12345, 67890, false, false, 3, "junit", null),
-      new ModuleExecutionResult(12345, 67890, true, true, Integer.MAX_VALUE, "junit", "4.13.2")
+      new ModuleExecutionResult(12345, 67890, false, false, 0, Collections.emptyList(), null),
+      new ModuleExecutionResult(12345, 67890, true, false, 1, Collections.singletonList(new TestFramework("junit", "4.13.2")), new byte[] {
+        1, 2, 3
+      }),
+      new ModuleExecutionResult(12345, 67890, false, true, 2, Arrays.asList(new TestFramework("junit", "4.13.2"), new TestFramework("junit", "5.9.2")), new byte[] {
+        1, 2, 3
+      }),
+      new ModuleExecutionResult(12345, 67890, false, false, 3, Arrays.asList(new TestFramework("junit", null), new TestFramework("junit", "5.9.2")), new byte[] {
+        1, 2, 3
+      }),
+      new ModuleExecutionResult(12345, 67890, true, true, Integer.MAX_VALUE, Arrays.asList(new TestFramework("junit", "4.13.2"), new TestFramework(null, "5.9.2")), new byte[] {
+        1, 2, 3
+      })
     ]
   }
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SignalServerTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SignalServerTest.groovy
index 8842629b460..6de136b75a4 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SignalServerTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SignalServerTest.groovy
@@ -9,7 +9,9 @@ class SignalServerTest extends Specification {
   def "test message send and receive"() {
     given:
     def signalProcessed = new AtomicBoolean(false)
-    def signal = new ModuleExecutionResult(123, 456, true, true, 1, "junit", "4.13.2")
+    def signal = new ModuleExecutionResult(123, 456, true, true, 1, Collections.singletonList(new TestFramework("junit", "4.13.2")), new byte[] {
+      1, 2, 3
+    })
     def server = new SignalServer()
     def received = new ArrayList()
 
@@ -38,8 +40,10 @@ class SignalServerTest extends Specification {
 
   def "test multiple messages send and receive"() {
     given:
-    def signalA = new ModuleExecutionResult(123, 456, false, false, 0, "junit", "4.13.2")
-    def signalB = new ModuleExecutionResult(234, 567, true, true, 1, "junit", "4.13.2")
+    def signalA = new ModuleExecutionResult(123, 456, false, false, 0, Collections.singletonList(new TestFramework("junit", "4.13.2")), new byte[] {
+      1, 2, 3
+    })
+    def signalB = new ModuleExecutionResult(234, 567, true, true, 1, Collections.singletonList(new TestFramework("junit", "4.13.2")), null)
     def server = new SignalServer()
     def received = new ArrayList()
 
@@ -67,8 +71,10 @@ class SignalServerTest extends Specification {
 
   def "test multiple clients send and receive"() {
     given:
-    def signalA = new ModuleExecutionResult(123, 456, true, false, 1, "junit", "4.13.2")
-    def signalB = new ModuleExecutionResult(234, 567, false, true, 0, "junit", "4.13.2")
+    def signalA = new ModuleExecutionResult(123, 456, true, false, 1, Collections.singletonList(new TestFramework("junit", "4.13.2")), new byte[] {
+      1, 2, 3
+    })
+    def signalB = new ModuleExecutionResult(234, 567, false, true, 0, Collections.singletonList(new TestFramework("junit", "4.13.2")), null)
     def server = new SignalServer()
     def received = new ArrayList()
 
@@ -115,7 +121,9 @@ class SignalServerTest extends Specification {
     when:
     def address = server.getAddress()
     try (def client = new SignalClient(address, clientTimeoutMillis)) {
-      client.send(new ModuleExecutionResult(123, 456, false, false, 0, "junit", "4.13.2"))
+      client.send(new ModuleExecutionResult(123, 456, false, false, 0, Collections.singletonList(new TestFramework("junit", "4.13.2")), new byte[] {
+        1, 2, 3
+      }))
     }
 
     then:
@@ -127,7 +135,9 @@ class SignalServerTest extends Specification {
 
   def "test error response receipt"() {
     given:
-    def signal = new ModuleExecutionResult(123, 456, true, true, 1, "junit", "4.13.2")
+    def signal = new ModuleExecutionResult(123, 456, true, true, 1, Collections.singletonList(new TestFramework("junit", "4.13.2")), new byte[] {
+      1, 2, 3
+    })
     def server = new SignalServer()
 
     def errorResponse = new ErrorResponse("An error occurred while processing the signal")
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SkippableTestsRequestTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SkippableTestsRequestTest.groovy
index 4fd81e75e2f..0f2fb01a3c2 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SkippableTestsRequestTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SkippableTestsRequestTest.groovy
@@ -1,6 +1,6 @@
 package datadog.trace.civisibility.ipc
 
-import datadog.trace.api.civisibility.config.JvmInfo
+import datadog.trace.civisibility.config.JvmInfo
 import spock.lang.Specification
 
 import java.nio.file.Paths
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortMethodLinesResolverTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortMethodLinesResolverTest.groovy
new file mode 100644
index 00000000000..4076a076279
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortMethodLinesResolverTest.groovy
@@ -0,0 +1,67 @@
+package datadog.trace.civisibility.source
+
+
+import spock.lang.Specification
+
+class BestEffortMethodLinesResolverTest extends Specification {
+
+  def "test get source info from delegate"() {
+    setup:
+    def testMethod = TestClass.getDeclaredMethod("testMethod")
+    def expectedLines = new MethodLinesResolver.MethodLines(42, 43)
+
+    def delegate = Stub(MethodLinesResolver)
+    def secondDelegate = Stub(MethodLinesResolver)
+    def resolver = new BestEffortMethodLinesResolver(delegate, secondDelegate)
+
+    delegate.getLines(testMethod) >> expectedLines
+    secondDelegate.getLines(testMethod) >> MethodLinesResolver.MethodLines.EMPTY
+
+    when:
+    def lines = resolver.getLines(testMethod)
+
+    then:
+    lines == expectedLines
+  }
+
+  def "test get source info from second delegate"() {
+    setup:
+    def testMethod = TestClass.getDeclaredMethod("testMethod")
+    def expectedLines = new MethodLinesResolver.MethodLines(42, 43)
+
+    def delegate = Stub(MethodLinesResolver)
+    def secondDelegate = Stub(MethodLinesResolver)
+    def resolver = new BestEffortMethodLinesResolver(delegate, secondDelegate)
+
+    delegate.getLines(testMethod) >> MethodLinesResolver.MethodLines.EMPTY
+    secondDelegate.getLines(testMethod) >> expectedLines
+
+    when:
+    def lines = resolver.getLines(testMethod)
+
+    then:
+    lines == expectedLines
+  }
+
+  def "test failed to get info from both delegates"() {
+    setup:
+    def testMethod = TestClass.getDeclaredMethod("testMethod")
+
+    def delegate = Stub(MethodLinesResolver)
+    def secondDelegate = Stub(MethodLinesResolver)
+    def resolver = new BestEffortMethodLinesResolver(delegate, secondDelegate)
+
+    delegate.getLines(testMethod) >> MethodLinesResolver.MethodLines.EMPTY
+    secondDelegate.getLines(testMethod) >> MethodLinesResolver.MethodLines.EMPTY
+
+    when:
+    def lines = resolver.getLines(testMethod)
+
+    then:
+    lines == MethodLinesResolver.MethodLines.EMPTY
+  }
+
+  private static final class TestClass {
+    void testMethod() {}
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortSourcePathResolverTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortSourcePathResolverTest.groovy
index 4020037ac00..23ae4fd48e5 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortSourcePathResolverTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/BestEffortSourcePathResolverTest.groovy
@@ -1,6 +1,6 @@
 package datadog.trace.civisibility.source
 
-import datadog.trace.api.civisibility.source.SourcePathResolver
+
 import spock.lang.Specification
 
 class BestEffortSourcePathResolverTest extends Specification {
@@ -10,7 +10,7 @@ class BestEffortSourcePathResolverTest extends Specification {
     def expectedPath = "source/path/TestClass.java"
     def delegate = Stub(SourcePathResolver)
     def secondDelegate = Stub(SourcePathResolver)
-    def resolver = new BestEfforSourcePathResolver(delegate, secondDelegate)
+    def resolver = new BestEffortSourcePathResolver(delegate, secondDelegate)
 
     delegate.getSourcePath(TestClass) >> expectedPath
     secondDelegate.getSourcePath(TestClass) >> null
@@ -27,7 +27,7 @@ class BestEffortSourcePathResolverTest extends Specification {
     def expectedPath = "source/path/TestClass.java"
     def delegate = Stub(SourcePathResolver)
     def secondDelegate = Stub(SourcePathResolver)
-    def resolver = new BestEfforSourcePathResolver(delegate, secondDelegate)
+    def resolver = new BestEffortSourcePathResolver(delegate, secondDelegate)
 
     delegate.getSourcePath(TestClass) >> null
     secondDelegate.getSourcePath(TestClass) >> expectedPath
@@ -43,7 +43,7 @@ class BestEffortSourcePathResolverTest extends Specification {
     setup:
     def delegate = Stub(SourcePathResolver)
     def secondDelegate = Stub(SourcePathResolver)
-    def resolver = new BestEfforSourcePathResolver(delegate, secondDelegate)
+    def resolver = new BestEffortSourcePathResolver(delegate, secondDelegate)
 
     delegate.getSourcePath(TestClass) >> null
     secondDelegate.getSourcePath(TestClass) >> null
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/MethodLinesResolverImplTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/ByteCodeMethodLinesResolverTest.groovy
similarity index 87%
rename from dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/MethodLinesResolverImplTest.groovy
rename to dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/ByteCodeMethodLinesResolverTest.groovy
index 4e7c8862496..9efb2399ed4 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/MethodLinesResolverImplTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/ByteCodeMethodLinesResolverTest.groovy
@@ -4,14 +4,14 @@ package datadog.trace.civisibility.source
 import org.spockframework.util.IoUtil
 import spock.lang.Specification
 
-class MethodLinesResolverImplTest extends Specification {
+class ByteCodeMethodLinesResolverTest extends Specification {
 
   def "test method lines resolution"() {
     setup:
     def aTestMethod = NestedClass.getDeclaredMethod("aTestMethod")
 
     when:
-    def methodLinesResolver = new MethodLinesResolverImpl()
+    def methodLinesResolver = new ByteCodeMethodLinesResolver()
     def methodLines = methodLinesResolver.getLines(aTestMethod)
 
     then:
@@ -25,7 +25,7 @@ class MethodLinesResolverImplTest extends Specification {
     def aTestMethod = NestedClass.getDeclaredMethod("abstractMethod")
 
     when:
-    def methodLinesResolver = new MethodLinesResolverImpl()
+    def methodLinesResolver = new ByteCodeMethodLinesResolver()
     def methodLines = methodLinesResolver.getLines(aTestMethod)
 
     then:
@@ -46,7 +46,7 @@ class MethodLinesResolverImplTest extends Specification {
     def misbehavingMethod = misbehavingClass.getDeclaredMethod("aTestMethod")
 
     when:
-    def methodLinesResolver = new MethodLinesResolverImpl()
+    def methodLinesResolver = new ByteCodeMethodLinesResolver()
     def methodLines = methodLinesResolver.getLines(misbehavingMethod)
 
     then:
@@ -56,7 +56,7 @@ class MethodLinesResolverImplTest extends Specification {
   def "test returns empty method lines when unknown method is attempted to be resolved"() {
     setup:
     def aTestMethod = NestedClass.getDeclaredMethod("abstractMethod")
-    def classMethodLines = new MethodLinesResolverImpl.ClassMethodLines()
+    def classMethodLines = new ByteCodeMethodLinesResolver.ClassMethodLines()
 
     when:
     def methodLines = classMethodLines.get(aTestMethod)
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/CompilerAidedMethodLinesResolverTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/CompilerAidedMethodLinesResolverTest.groovy
new file mode 100644
index 00000000000..390f3309447
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/CompilerAidedMethodLinesResolverTest.groovy
@@ -0,0 +1,40 @@
+package datadog.trace.civisibility.source
+
+import datadog.compiler.annotations.MethodLines
+import spock.lang.Specification
+
+class CompilerAidedMethodLinesResolverTest extends Specification {
+
+  def "test source info retrieval for #methodName"() {
+    setup:
+    def resolver = new CompilerAidedMethodLinesResolver()
+    def method = TestClass.getDeclaredMethod(methodName)
+
+    when:
+    def lines = resolver.getLines(method)
+
+    then:
+    lines.valid == expectedValid
+
+    if (lines.valid) {
+      lines.startLineNumber == expectedStart
+      lines.finishLineNumber == expectedFinish
+    }
+
+    where:
+    methodName                                | expectedValid | expectedStart | expectedFinish
+    "methodWithNoLinesInfoInjected"      | false         | -1            | -1
+    "methodWithLinesInfoInjected"        | true          | 10            | 20
+    "methodWithUnknownLinesInfoInjected" | false         | -1            | -1
+  }
+
+  private static final class TestClass {
+    void methodWithNoLinesInfoInjected() {}
+
+    @MethodLines(start = 10, end = 20)
+    void methodWithLinesInfoInjected() {}
+
+    @MethodLines(start = -1, end = -1)
+    void methodWithUnknownLinesInfoInjected() {}
+  }
+}
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/SourceRootResolverImplTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/PackageResolverImplTest.groovy
similarity index 78%
rename from dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/SourceRootResolverImplTest.groovy
rename to dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/PackageResolverImplTest.groovy
index a49d8cc4729..9dae5c64903 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/SourceRootResolverImplTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/PackageResolverImplTest.groovy
@@ -6,9 +6,9 @@ import spock.lang.Specification
 
 import java.nio.file.Files
 
-class SourceRootResolverImplTest extends Specification {
+class PackageResolverImplTest extends Specification {
 
-  def "test source root resolution"() {
+  def "test source root resolution: #path"() {
     setup:
     def fileSystem = Jimfs.newFileSystem(Configuration.unix())
     def javaFilePath = fileSystem.getPath(path)
@@ -17,22 +17,22 @@ class SourceRootResolverImplTest extends Specification {
     Files.write(javaFilePath, contents.getBytes())
 
     when:
-    def sourceRootResolver = new SourceRootResolverImpl(fileSystem)
-    def sourceRoot = sourceRootResolver.getSourceRoot(javaFilePath)
+    def packageResolver = new PackageResolverImpl(fileSystem)
+    def packagePath = packageResolver.getPackage(javaFilePath)
 
     then:
-    sourceRoot == fileSystem.getPath(expectedSourceRoot)
+    packagePath == fileSystem.getPath(expectedPackageName)
 
     where:
-    path                             | contents                                      | expectedSourceRoot
-    "/root/src/MyClass.java"         | CLASS_IN_DEFAULT_PACKAGE                      | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | CLASS_IN_FOO_BAR_PACKAGE                      | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | BLANK_LINES_BEFORE_PACKAGE                    | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | SPACES_BEFORE_PACKAGE                         | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | COMMENT_BEFORE_PACKAGE                        | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | COMMENT_WITH_KEYWORD_BEFORE_PACKAGE           | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | MULTILINE_COMMENT_BEFORE_PACKAGE              | "/root/src"
-    "/root/src/foo/bar/MyClass.java" | MULTILINE_COMMENT_WITH_KEYWORD_BEFORE_PACKAGE | "/root/src"
+    path                             | contents                                      | expectedPackageName
+    "/root/src/MyClass.java"         | CLASS_IN_DEFAULT_PACKAGE                      | ""
+    "/root/src/foo/bar/MyClass.java" | CLASS_IN_FOO_BAR_PACKAGE                      | "foo/bar"
+    "/root/src/foo/bar/MyClass.java" | BLANK_LINES_BEFORE_PACKAGE                    | "foo/bar"
+    "/root/src/foo/bar/MyClass.java" | SPACES_BEFORE_PACKAGE                         | "foo/bar"
+    "/root/src/foo/bar/MyClass.java" | COMMENT_BEFORE_PACKAGE                        | "foo/bar"
+    "/root/src/foo/bar/MyClass.java" | COMMENT_WITH_KEYWORD_BEFORE_PACKAGE           | "foo/bar"
+    "/root/src/foo/bar/MyClass.java" | MULTILINE_COMMENT_BEFORE_PACKAGE              | "foo/bar"
+    "/root/src/foo/bar/MyClass.java" | MULTILINE_COMMENT_WITH_KEYWORD_BEFORE_PACKAGE | "foo/bar"
   }
 
   private static final String CLASS_IN_DEFAULT_PACKAGE =
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolverTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolverTest.groovy
index ad788bb8ca2..59a29662254 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolverTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexSourcePathResolverTest.groovy
@@ -10,7 +10,7 @@ import java.nio.file.Path
 
 class RepoIndexSourcePathResolverTest extends Specification {
 
-  def sourceRootResolver = Stub(SourceRootResolver)
+  def packageResolver = Stub(PackageResolver)
   def fileSystem = Jimfs.newFileSystem(Configuration.unix())
   def repoRoot = getRepoRoot()
 
@@ -19,7 +19,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     def expectedSourcePath = givenSourceFile(RepoIndexSourcePathResolverTest, repoRoot + "/src")
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(RepoIndexSourcePathResolverTest) == expectedSourcePath
@@ -30,7 +30,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     def expectedSourcePath = givenSourceFile(RepoIndexSourcePathResolverTest, repoRoot + "/src")
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(InnerClass) == expectedSourcePath
@@ -41,7 +41,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     def expectedSourcePath = givenSourceFile(RepoIndexSourcePathResolverTest, repoRoot + "/src")
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(InnerClass.NestedInnerClass) == expectedSourcePath
@@ -52,7 +52,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     def expectedSourcePath = givenSourceFile(RepoIndexSourcePathResolverTest, repoRoot + "/src")
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
     def r = new Runnable() {
         void run() {}
       }
@@ -66,7 +66,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     def expectedSourcePath = givenSourceFile(RepoIndexSourcePathResolverTest, repoRoot + "/src")
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(PackagePrivateClass) == expectedSourcePath
@@ -77,7 +77,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     def expectedSourcePath = givenSourceFile(RepoIndexSourcePathResolverTest, repoRoot + "/src")
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(PublicClassWhoseNameDoesNotCorrespondToFileName) == expectedSourcePath
@@ -87,7 +87,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     setup:
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(RepoIndexSourcePathResolver) == null
@@ -97,7 +97,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     setup:
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(PackagePrivateClass) == null
@@ -106,13 +106,13 @@ class RepoIndexSourcePathResolverTest extends Specification {
   def "test file-indexing failure"() {
     setup:
     def classPath = fileSystem.getPath(generateSourceFileName(RepoIndexSourcePathResolverTest, repoRoot))
-    sourceRootResolver.getSourceRoot(classPath) >> { throw new IOException() }
+    packageResolver.getPackage(classPath) >> { throw new IOException() }
 
     Files.createDirectories(classPath.getParent())
     Files.write(classPath, "STUB CLASS BODY".getBytes())
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(RepoIndexSourcePathResolverTest) == null
@@ -126,7 +126,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
     givenRepoFile(fileSystem.getPath(repoRoot, "README.md"))
 
     when:
-    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, sourceRootResolver, fileSystem)
+    def sourcePathResolver = new RepoIndexSourcePathResolver(repoRoot, packageResolver, fileSystem)
 
     then:
     sourcePathResolver.getSourcePath(RepoIndexSourcePathResolverTest) == expectedSourcePathOne
@@ -136,7 +136,7 @@ class RepoIndexSourcePathResolverTest extends Specification {
 
   private String givenSourceFile(Class c, String sourceRoot, SourceType sourceType = SourceType.GROOVY) {
     def classPath = fileSystem.getPath(generateSourceFileName(c, sourceRoot, sourceType))
-    sourceRootResolver.getSourceRoot(classPath) >> fileSystem.getPath(sourceRoot)
+    packageResolver.getPackage(classPath) >> fileSystem.getPath(sourceRoot).relativize(classPath).getParent()
 
     givenRepoFile(classPath)
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexTest.groovy
index 4d3cbe45a32..47dc4e42084 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/source/index/RepoIndexTest.groovy
@@ -12,7 +12,7 @@ class RepoIndexTest extends Specification {
     trieBuilder.put(RepoIndexSourcePathResolverTest.name + SourceType.GROOVY.extension, 1)
 
     def sourceRoots = Arrays.asList("myClassSourceRoot", "myOtherClassSourceRoot")
-    def repoIndex = new RepoIndex(trieBuilder.buildTrie(), sourceRoots)
+    def repoIndex = new RepoIndex(trieBuilder.buildTrie(), sourceRoots, Collections.emptyList())
 
     when:
     def serialized = repoIndex.serialize()
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/CIUtilsTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/CIUtilsTest.groovy
deleted file mode 100644
index ecc48f7fafe..00000000000
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/CIUtilsTest.groovy
+++ /dev/null
@@ -1,42 +0,0 @@
-package datadog.trace.civisibility.utils
-
-
-import spock.lang.Specification
-
-import java.nio.file.Paths
-
-class CIUtilsTest extends Specification {
-
-  static workspace = resolve("ci/utils/workspace")
-  static innerWorkspace = resolve("ci/utils/workspace/innerworkspace")
-
-  def "test find path backwards "() {
-    when:
-    def result = CIUtils.findParentPathBackwards(path, target, isDirectory)
-
-    then:
-    result == expectedResult
-
-    where:
-    path | target | isDirectory | expectedResult
-    null | null | false | null
-    workspace | null | false | null
-    workspace | "" | false | null
-    workspace | "not-exists" | true | null
-    workspace | "targetFolder" | false | null
-    workspace | "targetFolder" | true | workspace
-    workspace | "targetFile.txt" | false | workspace
-    workspace | "targetFile.txt" | true | null
-    innerWorkspace | "targetFolder" | true | workspace
-    innerWorkspace | "targetFolder" | false | null
-    innerWorkspace | "targetFile.txt" | true |null
-    innerWorkspace | "targetFile.txt" | false | workspace
-    innerWorkspace | "otherTargetFolder" | true | workspace
-  }
-
-  static "resolve"(workspace) {
-    def resolvedWS = Paths.get(CIUtilsTest.getClassLoader().getResource(workspace).toURI())
-    println(resolvedWS.toString())
-    return resolvedWS
-  }
-}
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/FileUtilsTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/FileUtilsTest.groovy
index 2af30de033c..baf8f01cb17 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/FileUtilsTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/utils/FileUtilsTest.groovy
@@ -5,6 +5,7 @@ import spock.lang.TempDir
 
 import java.nio.file.Files
 import java.nio.file.Path
+import java.nio.file.Paths
 
 class FileUtilsTest extends Specification {
 
@@ -23,4 +24,37 @@ class FileUtilsTest extends Specification {
     then:
     !Files.exists(temporaryFolder)
   }
+
+  static workspace = resolve("ci/utils/workspace")
+  static innerWorkspace = resolve("ci/utils/workspace/innerworkspace")
+
+  def "test find path backwards "() {
+    when:
+    def result = FileUtils.findParentPathBackwards(path, target, isDirectory)
+
+    then:
+    result == expectedResult
+
+    where:
+    path | target | isDirectory | expectedResult
+    null | null | false | null
+    workspace | null | false | null
+    workspace | "" | false | null
+    workspace | "not-exists" | true | null
+    workspace | "targetFolder" | false | null
+    workspace | "targetFolder" | true | workspace
+    workspace | "targetFile.txt" | false | workspace
+    workspace | "targetFile.txt" | true | null
+    innerWorkspace | "targetFolder" | true | workspace
+    innerWorkspace | "targetFolder" | false | null
+    innerWorkspace | "targetFile.txt" | true |null
+    innerWorkspace | "targetFile.txt" | false | workspace
+    innerWorkspace | "otherTargetFolder" | true | workspace
+  }
+
+  static "resolve"(workspace) {
+    def resolvedWS = Paths.get(FileUtilsTest.getClassLoader().getResource(workspace).toURI())
+    println(resolvedWS.toString())
+    return resolvedWS
+  }
 }
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/appveyor.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/appveyor.json
index 356b75f318c..def208d7110 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/appveyor.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/appveyor.json
@@ -6,7 +6,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -26,7 +26,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -37,7 +37,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -57,7 +57,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -68,7 +68,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -88,7 +88,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -99,7 +99,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -119,7 +119,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -130,7 +130,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -152,7 +152,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -163,7 +163,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -183,7 +183,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -194,7 +194,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -216,7 +216,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -227,7 +227,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -254,7 +254,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "origin/master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -274,7 +274,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -285,7 +285,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "refs/heads/master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -305,7 +305,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -316,7 +316,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "refs/heads/feature/one",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -336,7 +336,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -348,7 +348,7 @@
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH": "origin/pr",
       "APPVEYOR_REPO_BRANCH": "origin/master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -368,7 +368,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -380,7 +380,7 @@
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH": "refs/heads/pr",
       "APPVEYOR_REPO_BRANCH": "refs/heads/master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -400,7 +400,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git"
     }
   ],
@@ -411,7 +411,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "origin/master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -432,7 +432,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git",
       "git.tag": "0.1.0"
     }
@@ -444,7 +444,7 @@
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
       "APPVEYOR_REPO_BRANCH": "refs/heads/master",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -465,7 +465,7 @@
       "git.commit.author.email": "appveyor-commit-author-email@datadoghq.com",
       "git.commit.author.name": "appveyor-commit-author-name",
       "git.commit.message": "appveyor-commit-message\nappveyor-commit-message-extended",
-      "git.commit.sha": "appveyor-repo-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/appveyor-repo-name.git",
       "git.tag": "0.1.0"
     }
@@ -475,7 +475,7 @@
       "APPVEYOR": "true",
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
@@ -516,7 +516,7 @@
       "APPVEYOR": "true",
       "APPVEYOR_BUILD_ID": "appveyor-build-id",
       "APPVEYOR_BUILD_NUMBER": "appveyor-pipeline-number",
-      "APPVEYOR_REPO_COMMIT": "appveyor-repo-commit",
+      "APPVEYOR_REPO_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "APPVEYOR_REPO_COMMIT_AUTHOR": "appveyor-commit-author-name",
       "APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL": "appveyor-commit-author-email@datadoghq.com",
       "APPVEYOR_REPO_COMMIT_MESSAGE": "appveyor-commit-message",
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/awscodepipeline.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/awscodepipeline.json
new file mode 100644
index 00000000000..6f3071331fe
--- /dev/null
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/awscodepipeline.json
@@ -0,0 +1,62 @@
+[
+  [
+    {
+      "CODEBUILD_BUILD_ARN": "arn:aws:codebuild:eu-north-1:12345678:build/codebuild-demo-project:b1e6661e-e4f2-4156-9ab9-82a19",
+      "CODEBUILD_INITIATOR": "codepipeline/test-pipeline",
+      "DD_ACTION_EXECUTION_ID": "35519dc3-7c45-493c-9ba6-cd78ea11f69d",
+      "DD_GIT_BRANCH": "user-supplied-branch",
+      "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
+      "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
+      "DD_GIT_COMMIT_AUTHOR_NAME": "usersupplied-authorname",
+      "DD_GIT_COMMIT_COMMITTER_DATE": "usersupplied-comitterdate",
+      "DD_GIT_COMMIT_COMMITTER_EMAIL": "usersupplied-comitteremail",
+      "DD_GIT_COMMIT_COMMITTER_NAME": "usersupplied-comittername",
+      "DD_GIT_COMMIT_MESSAGE": "usersupplied-message",
+      "DD_GIT_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git",
+      "DD_PIPELINE_EXECUTION_ID": "bb1f15ed-fde2-494d-8e13-88785bca9cc0"
+    },
+    {
+      "_dd.ci.env_vars": "{\"CODEBUILD_BUILD_ARN\":\"arn:aws:codebuild:eu-north-1:12345678:build/codebuild-demo-project:b1e6661e-e4f2-4156-9ab9-82a19\",\"DD_PIPELINE_EXECUTION_ID\":\"bb1f15ed-fde2-494d-8e13-88785bca9cc0\",\"DD_ACTION_EXECUTION_ID\":\"35519dc3-7c45-493c-9ba6-cd78ea11f69d\"}",
+      "ci.pipeline.id": "bb1f15ed-fde2-494d-8e13-88785bca9cc0",
+      "ci.provider.name": "awscodepipeline",
+      "git.branch": "user-supplied-branch",
+      "git.commit.author.date": "usersupplied-authordate",
+      "git.commit.author.email": "usersupplied-authoremail",
+      "git.commit.author.name": "usersupplied-authorname",
+      "git.commit.committer.date": "usersupplied-comitterdate",
+      "git.commit.committer.email": "usersupplied-comitteremail",
+      "git.commit.committer.name": "usersupplied-comittername",
+      "git.commit.message": "usersupplied-message",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "git@github.com:DataDog/userrepo.git"
+    }
+  ],
+  [
+    {
+      "CODEBUILD_INITIATOR": "lambdafunction/test-lambda",
+      "DD_GIT_BRANCH": "user-supplied-branch",
+      "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
+      "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
+      "DD_GIT_COMMIT_AUTHOR_NAME": "usersupplied-authorname",
+      "DD_GIT_COMMIT_COMMITTER_DATE": "usersupplied-comitterdate",
+      "DD_GIT_COMMIT_COMMITTER_EMAIL": "usersupplied-comitteremail",
+      "DD_GIT_COMMIT_COMMITTER_NAME": "usersupplied-comittername",
+      "DD_GIT_COMMIT_MESSAGE": "usersupplied-message",
+      "DD_GIT_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git"
+    },
+    {
+      "git.branch": "user-supplied-branch",
+      "git.commit.author.date": "usersupplied-authordate",
+      "git.commit.author.email": "usersupplied-authoremail",
+      "git.commit.author.name": "usersupplied-authorname",
+      "git.commit.committer.date": "usersupplied-comitterdate",
+      "git.commit.committer.email": "usersupplied-comitteremail",
+      "git.commit.committer.name": "usersupplied-comittername",
+      "git.commit.message": "usersupplied-message",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "git@github.com:DataDog/userrepo.git"
+    }
+  ]
+]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/azurepipelines.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/azurepipelines.json
index 6682b1a3b34..9262c329866 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/azurepipelines.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/azurepipelines.json
@@ -3,418 +3,418 @@
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
-      "SYSTEM_PULLREQUEST_SOURCEREPOSITORYURI": "sample2",
+      "SYSTEM_PULLREQUEST_SOURCEREPOSITORYURI": "https://azure-pipelines-server-uri.com/pull.git",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample2"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/pull.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar~",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "HOME": "/not-my-home",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True",
       "USERPROFILE": "/not-my-home"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "/foo/~/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "HOME": "/not-my-home",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True",
       "USERPROFILE": "/not-my-home"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "~/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "HOME": "/not-my-home",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True",
       "USERPROFILE": "/not-my-home"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "~foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "HOME": "/not-my-home",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True",
       "USERPROFILE": "/not-my-home"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "~",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "HOME": "/not-my-home",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True",
       "USERPROFILE": "/not-my-home"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "refs/heads/master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "refs/heads/feature/one",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/tags/0.1.0",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -422,33 +422,33 @@
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "refs/heads/tags/0.1.0",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -456,65 +456,65 @@
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "origin/master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_PULLREQUEST_SOURCEBRANCH": "origin/pr",
-      "SYSTEM_PULLREQUEST_SOURCECOMMITID": "commitPR",
+      "SYSTEM_PULLREQUEST_SOURCECOMMITID": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "pr",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commitPR",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "refs/heads/master",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_PULLREQUEST_SOURCEBRANCH": "refs/heads/pr",
-      "SYSTEM_PULLREQUEST_SOURCECOMMITID": "commitPR",
+      "SYSTEM_PULLREQUEST_SOURCECOMMITID": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "SYSTEM_STAGEDISPLAYNAME": "azure-pipelines-stage-name",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.stage.name": "azure-pipelines-stage-name",
       "ci.workspace_path": "/foo/bar",
@@ -522,46 +522,46 @@
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commitPR",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "sample",
+      "BUILD_REPOSITORY_URI": "https://azure-pipelines-server-uri.com/build.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEBRANCH": "refs/heads/feature/one",
       "BUILD_SOURCESDIRECTORY": "/foo/bar",
-      "BUILD_SOURCEVERSION": "commit",
+      "BUILD_SOURCEVERSION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBDISPLAYNAME": "azure-pipelines-job-name",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_PULLREQUEST_SOURCEBRANCH": "refs/heads/pr",
-      "SYSTEM_PULLREQUEST_SOURCECOMMITID": "commitPR",
+      "SYSTEM_PULLREQUEST_SOURCECOMMITID": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
       "ci.job.name": "azure-pipelines-job-name",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "pr",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.commit.sha": "commitPR",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://azure-pipelines-server-uri.com/build.git"
     }
   ],
   [
@@ -583,17 +583,17 @@
       "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
@@ -626,17 +626,17 @@
       "DD_GIT_TAG": "0.0.2",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
@@ -654,28 +654,28 @@
     {
       "BUILD_BUILDID": "azure-pipelines-build-id",
       "BUILD_DEFINITIONNAME": "azure-pipelines-name",
-      "BUILD_REPOSITORY_URI": "https://user:password@dev.azure.com/fabrikamfiber/",
+      "BUILD_REPOSITORY_URI": "https://user:password@dev.azure.com/fabrikamfiber/repo.git",
       "BUILD_REQUESTEDFOREMAIL": "azure-pipelines-commit-author-email@datadoghq.com",
       "BUILD_REQUESTEDFORID": "azure-pipelines-commit-author",
       "BUILD_SOURCEVERSIONMESSAGE": "azure-pipelines-commit-message",
       "SYSTEM_JOBID": "azure-pipelines-job-id",
       "SYSTEM_TASKINSTANCEID": "azure-pipelines-task-id",
-      "SYSTEM_TEAMFOUNDATIONSERVERURI": "azure-pipelines-server-uri/",
+      "SYSTEM_TEAMFOUNDATIONSERVERURI": "https://azure-pipelines-server-uri.com/",
       "SYSTEM_TEAMPROJECTID": "azure-pipelines-project-id",
       "TF_BUILD": "True"
     },
     {
       "_dd.ci.env_vars": "{\"SYSTEM_TEAMPROJECTID\":\"azure-pipelines-project-id\",\"BUILD_BUILDID\":\"azure-pipelines-build-id\",\"SYSTEM_JOBID\":\"azure-pipelines-job-id\"}",
-      "ci.job.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
+      "ci.job.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id&view=logs&j=azure-pipelines-job-id&t=azure-pipelines-task-id",
       "ci.pipeline.id": "azure-pipelines-build-id",
       "ci.pipeline.name": "azure-pipelines-name",
       "ci.pipeline.number": "azure-pipelines-build-id",
-      "ci.pipeline.url": "azure-pipelines-server-uri/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
+      "ci.pipeline.url": "https://azure-pipelines-server-uri.com/azure-pipelines-project-id/_build/results?buildId=azure-pipelines-build-id",
       "ci.provider.name": "azurepipelines",
       "git.commit.author.email": "azure-pipelines-commit-author-email@datadoghq.com",
       "git.commit.author.name": "azure-pipelines-commit-author",
       "git.commit.message": "azure-pipelines-commit-message",
-      "git.repository_url": "https://dev.azure.com/fabrikamfiber/"
+      "git.repository_url": "https://dev.azure.com/fabrikamfiber/repo.git"
     }
   ]
 ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitbucket.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitbucket.json
index c7171cf02e2..4b3c7e52c93 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitbucket.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitbucket.json
@@ -4,8 +4,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -18,8 +18,31 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
+    }
+  ],
+  [
+    {
+      "BITBUCKET_BRANCH": "master",
+      "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
+      "BITBUCKET_CLONE_DIR": "foo/bar",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
+      "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
+      "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
+    },
+    {
+      "ci.job.url": "https://bitbucket.org/bitbucket-repo/addon/pipelines/home#!/results/bitbucket-build-num",
+      "ci.pipeline.id": "bitbucket-uuid",
+      "ci.pipeline.name": "bitbucket-repo",
+      "ci.pipeline.number": "bitbucket-build-num",
+      "ci.pipeline.url": "https://bitbucket.org/bitbucket-repo/addon/pipelines/home#!/results/bitbucket-build-num",
+      "ci.provider.name": "bitbucket",
+      "ci.workspace_path": "foo/bar",
+      "git.branch": "master",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -27,8 +50,9 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
+      "BITBUCKET_GIT_SSH_ORIGIN": "git@github.com:DataDog/dummy-example.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -41,8 +65,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "git@github.com:DataDog/dummy-example.git"
     }
   ],
   [
@@ -50,8 +74,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar~",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -64,8 +88,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -73,8 +97,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/~/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -87,8 +111,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -96,8 +120,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "~/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo",
       "HOME": "/not-my-home",
@@ -112,8 +136,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -121,8 +145,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "~foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -135,8 +159,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -144,8 +168,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "~",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo",
       "HOME": "/not-my-home",
@@ -160,8 +184,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -169,8 +193,8 @@
       "BITBUCKET_BRANCH": "master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -183,8 +207,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -192,8 +216,8 @@
       "BITBUCKET_BRANCH": "origin/master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -206,8 +230,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -215,8 +239,8 @@
       "BITBUCKET_BRANCH": "refs/heads/master",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -229,8 +253,8 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
@@ -238,8 +262,8 @@
       "BITBUCKET_BRANCH": "refs/heads/feature/one",
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -252,16 +276,16 @@
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git"
     }
   ],
   [
     {
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo",
       "BITBUCKET_TAG": "origin/tags/0.1.0"
@@ -274,8 +298,8 @@
       "ci.pipeline.url": "https://bitbucket.org/bitbucket-repo/addon/pipelines/home#!/results/bitbucket-build-num",
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -283,8 +307,8 @@
     {
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
       "BITBUCKET_CLONE_DIR": "/foo/bar",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo",
       "BITBUCKET_TAG": "refs/heads/tags/0.1.0"
@@ -297,16 +321,16 @@
       "ci.pipeline.url": "https://bitbucket.org/bitbucket-repo/addon/pipelines/home#!/results/bitbucket-build-num",
       "ci.provider.name": "bitbucket",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "bitbucket-commit",
-      "git.repository_url": "bitbucket-repo-url",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitbucket-repo-url.com/repo.git",
       "git.tag": "0.1.0"
     }
   ],
   [
     {
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo",
       "DD_GIT_BRANCH": "user-supplied-branch",
@@ -342,8 +366,8 @@
   [
     {
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "bitbucket-repo-url",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://bitbucket-repo-url.com/repo.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
@@ -379,8 +403,8 @@
   [
     {
       "BITBUCKET_BUILD_NUMBER": "bitbucket-build-num",
-      "BITBUCKET_COMMIT": "bitbucket-commit",
-      "BITBUCKET_GIT_SSH_ORIGIN": "https://user:password@bitbucket.org/DataDog/dogweb.git",
+      "BITBUCKET_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITBUCKET_GIT_HTTP_ORIGIN": "https://user:password@bitbucket.org/DataDog/dogweb.git",
       "BITBUCKET_PIPELINE_UUID": "{bitbucket-uuid}",
       "BITBUCKET_REPO_FULL_NAME": "bitbucket-repo"
     },
@@ -391,7 +415,7 @@
       "ci.pipeline.number": "bitbucket-build-num",
       "ci.pipeline.url": "https://bitbucket.org/bitbucket-repo/addon/pipelines/home#!/results/bitbucket-build-num",
       "ci.provider.name": "bitbucket",
-      "git.commit.sha": "bitbucket-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://bitbucket.org/DataDog/dogweb.git"
     }
   ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitrise.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitrise.json
index a3ed2305ba9..5563094dc01 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitrise.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/bitrise.json
@@ -3,137 +3,161 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
-      "BITRISE_GIT_COMMIT": "gitcommit",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
+      "BITRISE_GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "gitcommit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
+    }
+  ],
+  [
+    {
+      "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
+      "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
+      "BITRISE_GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
+      "BITRISE_SOURCE_DIR": "/foo/bar",
+      "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "git@github.com:DataDog/dummy-example.git"
+    },
+    {
+      "ci.pipeline.id": "bitrise-pipeline-id",
+      "ci.pipeline.name": "bitrise-pipeline-name",
+      "ci.pipeline.number": "bitrise-pipeline-number",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
+      "ci.provider.name": "bitrise",
+      "ci.workspace_path": "/foo/bar",
+      "git.commit.message": "bitrise-git-commit-message",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "git@github.com:DataDog/dummy-example.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar~",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/~/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "~/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git",
       "HOME": "/not-my-home",
       "USERPROFILE": "/not-my-home"
     },
@@ -141,26 +165,26 @@
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "~foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git",
       "HOME": "/not-my-home",
       "USERPROFILE": "/not-my-home"
     },
@@ -168,26 +192,26 @@
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "~",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git",
       "HOME": "/not-my-home",
       "USERPROFILE": "/not-my-home"
     },
@@ -195,88 +219,88 @@
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "refs/heads/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "refs/heads/feature/one",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git"
     }
   ],
   [
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/tags/0.1.0",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_GIT_TAG": "origin/tags/0.1.0",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -284,25 +308,25 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "refs/heads/tags/0.1.0",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_GIT_TAG": "refs/heads/tags/0.1.0",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
-      "GIT_REPOSITORY_URL": "sample"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_REPOSITORY_URL": "https://bitrise-build-url.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://bitrise-build-url.com/repo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -310,24 +334,24 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_REPOSITORY_URL": "http://hostname.com/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -335,24 +359,24 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/master",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_REPOSITORY_URL": "git@hostname.com:org/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "git@hostname.com:org/repo.git"
     }
   ],
@@ -360,24 +384,24 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_BRANCH": "origin/notmaster",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_SOURCE_DIR": "/foo/bar",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_REPOSITORY_URL": "git@hostname.com:org/repo.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "notmaster",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "git@hostname.com:org/repo.git"
     }
   ],
@@ -385,7 +409,7 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
       "DD_GIT_BRANCH": "user-supplied-branch",
@@ -398,13 +422,13 @@
       "DD_GIT_COMMIT_MESSAGE": "usersupplied-message",
       "DD_GIT_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
@@ -422,7 +446,7 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
@@ -435,13 +459,13 @@
       "DD_GIT_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git",
       "DD_GIT_TAG": "0.0.2",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit"
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
@@ -459,20 +483,20 @@
     {
       "BITRISE_BUILD_NUMBER": "bitrise-pipeline-number",
       "BITRISE_BUILD_SLUG": "bitrise-pipeline-id",
-      "BITRISE_BUILD_URL": "bitrise-build-url",
+      "BITRISE_BUILD_URL": "https://bitrise-build-url.com//",
       "BITRISE_GIT_MESSAGE": "bitrise-git-commit-message",
       "BITRISE_TRIGGERED_WORKFLOW_ID": "bitrise-pipeline-name",
-      "GIT_CLONE_COMMIT_HASH": "bitrise-git-commit",
+      "GIT_CLONE_COMMIT_HASH": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_REPOSITORY_URL": "https://user:password@github.com/DataDog/dogweb.git"
     },
     {
       "ci.pipeline.id": "bitrise-pipeline-id",
       "ci.pipeline.name": "bitrise-pipeline-name",
       "ci.pipeline.number": "bitrise-pipeline-number",
-      "ci.pipeline.url": "bitrise-build-url",
+      "ci.pipeline.url": "https://bitrise-build-url.com//",
       "ci.provider.name": "bitrise",
       "git.commit.message": "bitrise-git-commit-message",
-      "git.commit.sha": "bitrise-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/DataDog/dogweb.git"
     }
   ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buddy.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buddy.json
index 57f34d10a8b..26bf616455b 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buddy.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buddy.json
@@ -4,7 +4,7 @@
       "BUDDY": "true",
       "BUDDY_EXECUTION_BRANCH": "master",
       "BUDDY_EXECUTION_ID": "buddy-execution-id",
-      "BUDDY_EXECUTION_REVISION": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
+      "BUDDY_EXECUTION_REVISION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUDDY_EXECUTION_REVISION_COMMITTER_EMAIL": "mikebenson@buddy.works",
       "BUDDY_EXECUTION_REVISION_COMMITTER_NAME": "Mike Benson",
       "BUDDY_EXECUTION_REVISION_MESSAGE": "Create buddy.yml",
@@ -12,7 +12,7 @@
       "BUDDY_EXECUTION_URL": "https://app.buddy.works/myworkspace/my-project/pipelines/pipeline/456/execution/5d9dc42c422f5a268b389d08",
       "BUDDY_PIPELINE_ID": "456",
       "BUDDY_PIPELINE_NAME": "Deploy to Production",
-      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project"
+      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project.git"
     },
     {
       "ci.pipeline.id": "456/buddy-execution-id",
@@ -24,8 +24,8 @@
       "git.commit.committer.email": "mikebenson@buddy.works",
       "git.commit.committer.name": "Mike Benson",
       "git.commit.message": "Create buddy.yml",
-      "git.commit.sha": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
-      "git.repository_url": "https://github.com/buddyworks/my-project",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://github.com/buddyworks/my-project.git",
       "git.tag": "v1.0"
     }
   ],
@@ -34,7 +34,7 @@
       "BUDDY": "true",
       "BUDDY_EXECUTION_BRANCH": "my-name-is-rotag/fix-original-bug",
       "BUDDY_EXECUTION_ID": "buddy-execution-id",
-      "BUDDY_EXECUTION_REVISION": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
+      "BUDDY_EXECUTION_REVISION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUDDY_EXECUTION_REVISION_COMMITTER_EMAIL": "mikebenson@buddy.works",
       "BUDDY_EXECUTION_REVISION_COMMITTER_NAME": "Mike Benson",
       "BUDDY_EXECUTION_REVISION_MESSAGE": "Create buddy.yml",
@@ -42,7 +42,7 @@
       "BUDDY_EXECUTION_URL": "https://app.buddy.works/myworkspace/my-project/pipelines/pipeline/456/execution/5d9dc42c422f5a268b389d08",
       "BUDDY_PIPELINE_ID": "456",
       "BUDDY_PIPELINE_NAME": "Deploy to Production",
-      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project"
+      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project.git"
     },
     {
       "ci.pipeline.id": "456/buddy-execution-id",
@@ -54,8 +54,8 @@
       "git.commit.committer.email": "mikebenson@buddy.works",
       "git.commit.committer.name": "Mike Benson",
       "git.commit.message": "Create buddy.yml",
-      "git.commit.sha": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
-      "git.repository_url": "https://github.com/buddyworks/my-project",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://github.com/buddyworks/my-project.git",
       "git.tag": "v1.0"
     }
   ],
@@ -64,7 +64,7 @@
       "BUDDY": "true",
       "BUDDY_EXECUTION_BRANCH": "refs/heads/feature/one",
       "BUDDY_EXECUTION_ID": "buddy-execution-id",
-      "BUDDY_EXECUTION_REVISION": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
+      "BUDDY_EXECUTION_REVISION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUDDY_EXECUTION_REVISION_COMMITTER_EMAIL": "mikebenson@buddy.works",
       "BUDDY_EXECUTION_REVISION_COMMITTER_NAME": "Mike Benson",
       "BUDDY_EXECUTION_REVISION_MESSAGE": "Create buddy.yml",
@@ -72,7 +72,7 @@
       "BUDDY_EXECUTION_URL": "https://app.buddy.works/myworkspace/my-project/pipelines/pipeline/456/execution/5d9dc42c422f5a268b389d08",
       "BUDDY_PIPELINE_ID": "456",
       "BUDDY_PIPELINE_NAME": "Deploy to Production",
-      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project"
+      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project.git"
     },
     {
       "ci.pipeline.id": "456/buddy-execution-id",
@@ -84,8 +84,8 @@
       "git.commit.committer.email": "mikebenson@buddy.works",
       "git.commit.committer.name": "Mike Benson",
       "git.commit.message": "Create buddy.yml",
-      "git.commit.sha": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
-      "git.repository_url": "https://github.com/buddyworks/my-project",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://github.com/buddyworks/my-project.git",
       "git.tag": "0.2.0"
     }
   ],
@@ -94,7 +94,7 @@
       "BUDDY": "true",
       "BUDDY_EXECUTION_BRANCH": "master",
       "BUDDY_EXECUTION_ID": "buddy-execution-id",
-      "BUDDY_EXECUTION_REVISION": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
+      "BUDDY_EXECUTION_REVISION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUDDY_EXECUTION_REVISION_COMMITTER_EMAIL": "mikebenson@buddy.works",
       "BUDDY_EXECUTION_REVISION_COMMITTER_NAME": "Mike Benson",
       "BUDDY_EXECUTION_REVISION_MESSAGE": "Create buddy.yml",
@@ -102,7 +102,7 @@
       "BUDDY_EXECUTION_URL": "https://app.buddy.works/myworkspace/my-project/pipelines/pipeline/456/execution/5d9dc42c422f5a268b389d08",
       "BUDDY_PIPELINE_ID": "456",
       "BUDDY_PIPELINE_NAME": "Deploy to Production",
-      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project",
+      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project.git",
       "DD_GIT_BRANCH": "user-supplied-branch",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
@@ -139,7 +139,7 @@
       "BUDDY": "true",
       "BUDDY_EXECUTION_BRANCH": "master",
       "BUDDY_EXECUTION_ID": "buddy-execution-id",
-      "BUDDY_EXECUTION_REVISION": "e5e13f8b7f8d5c6096a0501dc09b48eef05fea96",
+      "BUDDY_EXECUTION_REVISION": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUDDY_EXECUTION_REVISION_COMMITTER_EMAIL": "mikebenson@buddy.works",
       "BUDDY_EXECUTION_REVISION_COMMITTER_NAME": "Mike Benson",
       "BUDDY_EXECUTION_REVISION_MESSAGE": "Create buddy.yml",
@@ -147,7 +147,7 @@
       "BUDDY_EXECUTION_URL": "https://app.buddy.works/myworkspace/my-project/pipelines/pipeline/456/execution/5d9dc42c422f5a268b389d08",
       "BUDDY_PIPELINE_ID": "456",
       "BUDDY_PIPELINE_NAME": "Deploy to Production",
-      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project",
+      "BUDDY_SCM_URL": "https://github.com/buddyworks/my-project.git",
       "DD_GIT_BRANCH": "user-supplied-branch",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buildkite.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buildkite.json
index f70b0590916..c332fd740d7 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buildkite.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/buildkite.json
@@ -8,8 +8,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -18,18 +18,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -42,8 +42,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -52,18 +52,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -76,8 +76,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar~",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -86,18 +86,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -110,8 +110,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/~/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -120,18 +120,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -144,8 +144,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "~/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -156,18 +156,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -180,8 +180,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "~foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -192,18 +192,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -216,8 +216,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "~",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -228,18 +228,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -252,8 +252,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -262,18 +262,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -286,8 +286,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -296,18 +296,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -320,8 +320,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -330,18 +330,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -354,8 +354,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -364,18 +364,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "git@hostname.com:org/repo.git"
     }
   ],
@@ -388,8 +388,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -398,18 +398,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -422,8 +422,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -432,18 +432,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -456,8 +456,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -466,18 +466,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -490,8 +490,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -500,17 +500,17 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git",
       "git.tag": "0.1.0"
     }
@@ -524,8 +524,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -534,17 +534,17 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git",
       "git.tag": "0.1.0"
     }
@@ -558,8 +558,8 @@
       "BUILDKITE_BUILD_CHECKOUT_PATH": "/foo/bar",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -568,17 +568,17 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "ci.workspace_path": "/foo/bar",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git",
       "git.tag": "0.1.0"
     }
@@ -591,8 +591,8 @@
       "BUILDKITE_BUILD_AUTHOR_EMAIL": "buildkite-git-commit-author-email@datadoghq.com",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -610,11 +610,11 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
@@ -636,8 +636,8 @@
       "BUILDKITE_BUILD_AUTHOR_EMAIL": "buildkite-git-commit-author-email@datadoghq.com",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -655,11 +655,11 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
@@ -681,8 +681,8 @@
       "BUILDKITE_BUILD_AUTHOR_EMAIL": "buildkite-git-commit-author-email@datadoghq.com",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -691,16 +691,16 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/DataDog/dogweb.git"
     }
   ],
@@ -715,8 +715,8 @@
       "BUILDKITE_BUILD_AUTHOR_EMAIL": "buildkite-git-commit-author-email@datadoghq.com",
       "BUILDKITE_BUILD_ID": "buildkite-pipeline-id",
       "BUILDKITE_BUILD_NUMBER": "buildkite-pipeline-number",
-      "BUILDKITE_BUILD_URL": "buildkite-build-url",
-      "BUILDKITE_COMMIT": "buildkite-git-commit",
+      "BUILDKITE_BUILD_URL": "https://buildkite-build-url.com",
+      "BUILDKITE_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "BUILDKITE_JOB_ID": "buildkite-job-id",
       "BUILDKITE_MESSAGE": "buildkite-git-commit-message",
       "BUILDKITE_PIPELINE_SLUG": "buildkite-pipeline-name",
@@ -724,18 +724,18 @@
     },
     {
       "_dd.ci.env_vars": "{\"BUILDKITE_BUILD_ID\":\"buildkite-pipeline-id\",\"BUILDKITE_JOB_ID\":\"buildkite-job-id\"}",
-      "ci.job.url": "buildkite-build-url#buildkite-job-id",
+      "ci.job.url": "https://buildkite-build-url.com#buildkite-job-id",
       "ci.node.labels": "[\"mytag:my-value\",\"myothertag:my-other-value\"]",
       "ci.node.name": "1a222222-e999-3636-8ddd-802222222222",
       "ci.pipeline.id": "buildkite-pipeline-id",
       "ci.pipeline.name": "buildkite-pipeline-name",
       "ci.pipeline.number": "buildkite-pipeline-number",
-      "ci.pipeline.url": "buildkite-build-url",
+      "ci.pipeline.url": "https://buildkite-build-url.com",
       "ci.provider.name": "buildkite",
       "git.commit.author.email": "buildkite-git-commit-author-email@datadoghq.com",
       "git.commit.author.name": "buildkite-git-commit-author-name",
       "git.commit.message": "buildkite-git-commit-message",
-      "git.commit.sha": "buildkite-git-commit"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123"
     }
   ]
 ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/circleci.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/circleci.json
index 5364d69b6ca..8efa8c353f0 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/circleci.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/circleci.json
@@ -4,26 +4,26 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -31,26 +31,26 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -58,26 +58,26 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar~"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -85,26 +85,26 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/~/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -112,11 +112,11 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "~/foo/bar",
       "HOME": "/not-my-home",
@@ -125,15 +125,15 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -141,11 +141,11 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "~foo/bar",
       "HOME": "/not-my-home",
@@ -154,15 +154,15 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -170,11 +170,11 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "~",
       "HOME": "/not-my-home",
@@ -183,15 +183,15 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -199,26 +199,26 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "refs/heads/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -226,26 +226,26 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "refs/heads/feature/one",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git"
     }
   ],
   [
@@ -253,11 +253,11 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/tags/0.1.0",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_TAG": "origin/tags/0.1.0",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
@@ -265,14 +265,14 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -281,11 +281,11 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "refs/heads/tags/0.1.0",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_REPOSITORY_URL": "sample",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_REPOSITORY_URL": "https://circleci-build-url.com/repo.git",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_TAG": "refs/heads/tags/0.1.0",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
@@ -293,14 +293,14 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "circleci-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://circleci-build-url.com/repo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -309,25 +309,25 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
       "CIRCLE_REPOSITORY_URL": "http://hostname.com/repo.git",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -336,25 +336,25 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
       "CIRCLE_REPOSITORY_URL": "http://user@hostname.com/repo.git",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -363,25 +363,25 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
       "CIRCLE_REPOSITORY_URL": "http://user%E2%82%AC@hostname.com/repo.git",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -390,25 +390,25 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
       "CIRCLE_REPOSITORY_URL": "http://user:pwd@hostname.com/repo.git",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -417,25 +417,25 @@
       "CIRCLECI": "circleCI",
       "CIRCLE_BRANCH": "origin/master",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
       "CIRCLE_REPOSITORY_URL": "git@hostname.com:org/repo.git",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "CIRCLE_WORKING_DIRECTORY": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "circleci-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "git@hostname.com:org/repo.git"
     }
   ],
@@ -443,10 +443,10 @@
     {
       "CIRCLECI": "circleCI",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "DD_GIT_BRANCH": "user-supplied-branch",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
@@ -462,7 +462,7 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
@@ -483,10 +483,10 @@
     {
       "CIRCLECI": "circleCI",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
@@ -502,7 +502,7 @@
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
@@ -523,22 +523,22 @@
     {
       "CIRCLECI": "circleCI",
       "CIRCLE_BUILD_NUM": "circleci-pipeline-number",
-      "CIRCLE_BUILD_URL": "circleci-build-url",
+      "CIRCLE_BUILD_URL": "https://circleci-build-url.com/",
       "CIRCLE_JOB": "circleci-job-name",
       "CIRCLE_PROJECT_REPONAME": "circleci-pipeline-name",
       "CIRCLE_REPOSITORY_URL": "https://user:password@github.com/DataDog/dogweb.git",
-      "CIRCLE_SHA1": "circleci-git-commit",
+      "CIRCLE_SHA1": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CIRCLE_WORKFLOW_ID": "circleci-pipeline-id"
     },
     {
       "_dd.ci.env_vars": "{\"CIRCLE_WORKFLOW_ID\":\"circleci-pipeline-id\",\"CIRCLE_BUILD_NUM\":\"circleci-pipeline-number\"}",
       "ci.job.name": "circleci-job-name",
-      "ci.job.url": "circleci-build-url",
+      "ci.job.url": "https://circleci-build-url.com/",
       "ci.pipeline.id": "circleci-pipeline-id",
       "ci.pipeline.name": "circleci-pipeline-name",
       "ci.pipeline.url": "https://app.circleci.com/pipelines/workflows/circleci-pipeline-id",
       "ci.provider.name": "circleci",
-      "git.commit.sha": "circleci-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/DataDog/dogweb.git"
     }
   ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/github.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/github.json
index 918ff12a5ef..e5df52c58ba 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/github.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/github.json
@@ -8,14 +8,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://ghenterprise.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://ghenterprise.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://ghenterprise.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://ghenterprise.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -23,7 +23,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://ghenterprise.com/ghactions-repo.git"
     }
   ],
@@ -37,14 +37,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -52,7 +52,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -66,14 +66,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -81,7 +81,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -95,14 +95,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar~"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -110,7 +110,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -124,14 +124,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/~/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -139,7 +139,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -153,7 +153,7 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "~/foo/bar",
       "HOME": "/not-my-home",
@@ -162,7 +162,7 @@
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -170,7 +170,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -184,7 +184,7 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "~foo/bar",
       "HOME": "/not-my-home",
@@ -193,7 +193,7 @@
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -201,7 +201,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -215,7 +215,7 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "~",
       "HOME": "/not-my-home",
@@ -224,7 +224,7 @@
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -232,7 +232,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -246,14 +246,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -261,7 +261,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -275,14 +275,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -290,7 +290,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -304,14 +304,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -319,7 +319,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -333,21 +333,21 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
       "ci.pipeline.url": "https://github.com/ghactions-repo/actions/runs/ghactions-pipeline-id/attempts/ghactions-run-attempt",
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git",
       "git.tag": "0.1.0"
     }
@@ -362,21 +362,21 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
       "ci.pipeline.url": "https://github.com/ghactions-repo/actions/runs/ghactions-pipeline-id/attempts/ghactions-run-attempt",
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git",
       "git.tag": "0.1.0"
     }
@@ -392,14 +392,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -407,7 +407,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "other",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -422,14 +422,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -437,7 +437,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "other",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -452,14 +452,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -467,7 +467,7 @@
       "ci.provider.name": "github",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/other",
-      "git.commit.sha": "ghactions-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/ghactions-repo.git"
     }
   ],
@@ -490,14 +490,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
@@ -535,14 +535,14 @@
       "GITHUB_RUN_ID": "ghactions-pipeline-id",
       "GITHUB_RUN_NUMBER": "ghactions-pipeline-number",
       "GITHUB_SERVER_URL": "https://github.com",
-      "GITHUB_SHA": "ghactions-commit",
+      "GITHUB_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GITHUB_WORKFLOW": "ghactions-pipeline-name",
       "GITHUB_WORKSPACE": "foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"GITHUB_SERVER_URL\":\"https://github.com\",\"GITHUB_REPOSITORY\":\"ghactions-repo\",\"GITHUB_RUN_ID\":\"ghactions-pipeline-id\",\"GITHUB_RUN_ATTEMPT\":\"ghactions-run-attempt\"}",
       "ci.job.name": "github-job-name",
-      "ci.job.url": "https://github.com/ghactions-repo/commit/ghactions-commit/checks",
+      "ci.job.url": "https://github.com/ghactions-repo/commit/b9f0fb3fdbb94c9d24b2c75b49663122a529e123/checks",
       "ci.pipeline.id": "ghactions-pipeline-id",
       "ci.pipeline.name": "ghactions-pipeline-name",
       "ci.pipeline.number": "ghactions-pipeline-number",
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/gitlab.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/gitlab.json
index 2d16d31225b..c1879ed80bd 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/gitlab.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/gitlab.json
@@ -4,63 +4,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
-      "CI_PIPELINE_ID": "gitlab-pipeline-id",
-      "CI_PIPELINE_IID": "gitlab-pipeline-number",
-      "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
-      "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
-      "GITLAB_CI": "gitlab"
-    },
-    {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
-      "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
-      "ci.pipeline.id": "gitlab-pipeline-id",
-      "ci.pipeline.name": "gitlab-pipeline-name",
-      "ci.pipeline.number": "gitlab-pipeline-number",
-      "ci.pipeline.url": "https://foo/repo/-/pipelines/1234",
-      "ci.provider.name": "gitlab",
-      "ci.stage.name": "gitlab-stage-name",
-      "git.branch": "master",
-      "git.commit.author.date": "2021-07-21T11:43:07-04:00",
-      "git.commit.author.email": "john@doe.com",
-      "git.commit.author.name": "John Doe",
-      "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
-    }
-  ],
-  [
-    {
-      "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
-      "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
-      "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
-      "CI_JOB_ID": "gitlab-job-id",
-      "CI_JOB_NAME": "gitlab-job-name",
-      "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -73,8 +35,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -82,25 +44,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar~",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -113,8 +75,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -122,25 +84,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/~/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -153,8 +115,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -162,27 +124,27 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "~/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab",
       "HOME": "/not-my-home",
       "USERPROFILE": "/not-my-home"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -195,8 +157,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -204,27 +166,27 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "~foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab",
       "HOME": "/not-my-home",
       "USERPROFILE": "/not-my-home"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -237,8 +199,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -246,27 +208,27 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "~",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab",
       "HOME": "/not-my-home",
       "USERPROFILE": "/not-my-home"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -279,86 +241,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
-    }
-  ],
-  [
-    {
-      "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
-      "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
-      "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
-      "CI_JOB_ID": "gitlab-job-id",
-      "CI_JOB_NAME": "gitlab-job-name",
-      "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
-      "CI_PIPELINE_ID": "gitlab-pipeline-id",
-      "CI_PIPELINE_IID": "gitlab-pipeline-number",
-      "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
-      "CI_PROJECT_DIR": "/foo/bar",
-      "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
-      "GITLAB_CI": "gitlab"
-    },
-    {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
-      "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
-      "ci.pipeline.id": "gitlab-pipeline-id",
-      "ci.pipeline.name": "gitlab-pipeline-name",
-      "ci.pipeline.number": "gitlab-pipeline-number",
-      "ci.pipeline.url": "https://foo/repo/-/pipelines/1234",
-      "ci.provider.name": "gitlab",
-      "ci.stage.name": "gitlab-stage-name",
-      "ci.workspace_path": "/foo/bar",
-      "git.branch": "master",
-      "git.commit.author.date": "2021-07-21T11:43:07-04:00",
-      "git.commit.author.email": "john@doe.com",
-      "git.commit.author.name": "John Doe",
-      "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
-    }
-  ],
-  [
-    {
-      "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
-      "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
-      "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
-      "CI_JOB_ID": "gitlab-job-id",
-      "CI_JOB_NAME": "gitlab-job-name",
-      "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
-      "CI_PIPELINE_ID": "gitlab-pipeline-id",
-      "CI_PIPELINE_IID": "gitlab-pipeline-number",
-      "CI_PROJECT_DIR": "/foo/bar",
-      "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
-      "GITLAB_CI": "gitlab"
-    },
-    {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
-      "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
-      "ci.pipeline.id": "gitlab-pipeline-id",
-      "ci.pipeline.name": "gitlab-pipeline-name",
-      "ci.pipeline.number": "gitlab-pipeline-number",
-      "ci.provider.name": "gitlab",
-      "ci.stage.name": "gitlab-stage-name",
-      "ci.workspace_path": "/foo/bar",
-      "git.branch": "master",
-      "git.commit.author.date": "2021-07-21T11:43:07-04:00",
-      "git.commit.author.email": "john@doe.com",
-      "git.commit.author.name": "John Doe",
-      "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -366,25 +250,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "refs/heads/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -397,8 +281,8 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
@@ -406,25 +290,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "refs/heads/feature/one",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -437,34 +321,35 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ],
   [
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TAG": "origin/tags/0.1.0",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -472,12 +357,13 @@
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
       "ci.workspace_path": "/foo/bar",
+      "git.branch": "master",
       "git.commit.author.date": "2021-07-21T11:43:07-04:00",
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -485,26 +371,27 @@
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TAG": "refs/heads/tags/0.1.0",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -512,12 +399,13 @@
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
       "ci.workspace_path": "/foo/bar",
+      "git.branch": "master",
       "git.commit.author.date": "2021-07-21T11:43:07-04:00",
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -525,26 +413,27 @@
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TAG": "0.1.0",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
-      "CI_REPOSITORY_URL": "sample",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -552,12 +441,13 @@
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
       "ci.workspace_path": "/foo/bar",
+      "git.branch": "master",
       "git.commit.author.date": "2021-07-21T11:43:07-04:00",
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -566,25 +456,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
       "CI_REPOSITORY_URL": "http://hostname.com/repo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -597,7 +487,7 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -606,25 +496,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
       "CI_REPOSITORY_URL": "http://user@hostname.com/repo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -637,7 +527,7 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -646,25 +536,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
       "CI_REPOSITORY_URL": "http://user%E2%82%AC@hostname.com/repo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -677,7 +567,7 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -686,25 +576,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
       "CI_REPOSITORY_URL": "http://user:pwd@hostname.com/repo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -717,7 +607,7 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -726,25 +616,25 @@
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
       "CI_COMMIT_REF_NAME": "origin/master",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
       "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
       "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
       "CI_REPOSITORY_URL": "git@hostname.com:org/repo.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
@@ -757,7 +647,7 @@
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "git@hostname.com:org/repo.git"
     }
   ],
@@ -765,16 +655,20 @@
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
+      "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
+      "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "DD_GIT_BRANCH": "user-supplied-branch",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
@@ -788,14 +682,16 @@
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
+      "ci.pipeline.url": "https://foo/repo/-/pipelines/1234",
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
+      "ci.workspace_path": "/foo/bar",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
@@ -812,16 +708,20 @@
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
+      "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
+      "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
       "DD_GIT_COMMIT_AUTHOR_NAME": "usersupplied-authorname",
@@ -835,14 +735,17 @@
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
+      "ci.pipeline.url": "https://foo/repo/-/pipelines/1234",
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
+      "ci.workspace_path": "/foo/bar",
+      "git.branch": "master",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
       "git.commit.author.name": "usersupplied-authorname",
@@ -859,33 +762,39 @@
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
+      "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
+      "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
       "CI_REPOSITORY_URL": "https://user:password@gitlab.com/DataDog/dogweb.git",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
+      "ci.pipeline.url": "https://foo/repo/-/pipelines/1234",
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
+      "ci.workspace_path": "/foo/bar",
+      "git.branch": "master",
       "git.commit.author.date": "2021-07-21T11:43:07-04:00",
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://gitlab.com/DataDog/dogweb.git"
     }
   ],
@@ -893,36 +802,44 @@
     {
       "CI_COMMIT_AUTHOR": "John Doe <john@doe.com>",
       "CI_COMMIT_MESSAGE": "gitlab-git-commit-message",
-      "CI_COMMIT_SHA": "gitlab-git-commit",
+      "CI_COMMIT_REF_NAME": "origin/master",
+      "CI_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "CI_COMMIT_TIMESTAMP": "2021-07-21T11:43:07-04:00",
       "CI_JOB_ID": "gitlab-job-id",
       "CI_JOB_NAME": "gitlab-job-name",
       "CI_JOB_STAGE": "gitlab-stage-name",
-      "CI_JOB_URL": "gitlab-job-url",
+      "CI_JOB_URL": "https://gitlab.com/job",
       "CI_PIPELINE_ID": "gitlab-pipeline-id",
       "CI_PIPELINE_IID": "gitlab-pipeline-number",
+      "CI_PIPELINE_URL": "https://foo/repo/-/pipelines/1234",
+      "CI_PROJECT_DIR": "/foo/bar",
       "CI_PROJECT_PATH": "gitlab-pipeline-name",
-      "CI_PROJECT_URL": "gitlab-project-url",
+      "CI_PROJECT_URL": "https://gitlab.com/repo",
+      "CI_REPOSITORY_URL": "https://gitlab.com/repo/myrepo.git",
       "CI_RUNNER_ID": "9393040",
       "CI_RUNNER_TAGS": "[\"arch:arm64\",\"linux\"]",
       "GITLAB_CI": "gitlab"
     },
     {
-      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"gitlab-project-url\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
+      "_dd.ci.env_vars": "{\"CI_PROJECT_URL\":\"https://gitlab.com/repo\",\"CI_PIPELINE_ID\":\"gitlab-pipeline-id\",\"CI_JOB_ID\":\"gitlab-job-id\"}",
       "ci.job.name": "gitlab-job-name",
-      "ci.job.url": "gitlab-job-url",
+      "ci.job.url": "https://gitlab.com/job",
       "ci.node.labels": "[\"arch:arm64\",\"linux\"]",
       "ci.node.name": "9393040",
       "ci.pipeline.id": "gitlab-pipeline-id",
       "ci.pipeline.name": "gitlab-pipeline-name",
       "ci.pipeline.number": "gitlab-pipeline-number",
+      "ci.pipeline.url": "https://foo/repo/-/pipelines/1234",
       "ci.provider.name": "gitlab",
       "ci.stage.name": "gitlab-stage-name",
+      "ci.workspace_path": "/foo/bar",
+      "git.branch": "master",
       "git.commit.author.date": "2021-07-21T11:43:07-04:00",
       "git.commit.author.email": "john@doe.com",
       "git.commit.author.name": "John Doe",
       "git.commit.message": "gitlab-git-commit-message",
-      "git.commit.sha": "gitlab-git-commit"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://gitlab.com/repo/myrepo.git"
     }
   ]
 ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/jenkins.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/jenkins.json
index b9ff0a3442d..3e791b5f7ff 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/jenkins.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/jenkins.json
@@ -3,90 +3,90 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL_1": "sample",
-      "GIT_URL_2": "otherSample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL_1": "https://jenkins.com/repo/sample.git",
+      "GIT_URL_2": "https://jenkins.com/repo/otherSample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url"
+      "JOB_URL": "https://jenkins.com/job"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url"
+      "JOB_URL": "https://jenkins.com/job"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url"
+      "JOB_URL": "https://jenkins.com/job"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "foo/bar"
     },
     {
@@ -94,26 +94,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar~"
     },
     {
@@ -121,26 +121,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/~/bar"
     },
     {
@@ -148,27 +148,27 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "HOME": "/not-my-home",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "USERPROFILE": "/not-my-home",
       "WORKSPACE": "~/foo/bar"
     },
@@ -177,27 +177,27 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "HOME": "/not-my-home",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "USERPROFILE": "/not-my-home",
       "WORKSPACE": "~foo/bar"
     },
@@ -206,27 +206,27 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "HOME": "/not-my-home",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "USERPROFILE": "/not-my-home",
       "WORKSPACE": "~"
     },
@@ -235,26 +235,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -262,26 +262,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "refs/heads/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName/master",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -289,26 +289,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "refs/heads/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName/another",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -316,26 +316,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName/another",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "refs/heads/feature/one",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName/feature/one",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -343,26 +343,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "refs/heads/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName/KEY1=VALUE1,KEY2=VALUE2",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -370,26 +370,26 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "refs/heads/master",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName/KEY1=VALUE1,KEY2=VALUE2/master",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -397,36 +397,36 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git"
     }
   ],
   [
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/tags/0.1.0",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -434,24 +434,24 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "refs/heads/tags/0.1.0",
-      "GIT_COMMIT": "jenkins-git-commit",
-      "GIT_URL": "sample",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "GIT_URL": "https://jenkins.com/repo/sample.git",
       "JENKINS_URL": "jenkins",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
-      "git.commit.sha": "jenkins-git-commit",
-      "git.repository_url": "sample",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
+      "git.repository_url": "https://jenkins.com/repo/sample.git",
       "git.tag": "0.1.0"
     }
   ],
@@ -459,14 +459,14 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_URL": "http://hostname.com/repo.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -474,11 +474,11 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -486,14 +486,14 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_URL": "http://user@hostname.com/repo.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -501,11 +501,11 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -513,14 +513,14 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_URL": "http://user%E2%82%AC@hostname.com/repo.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -528,11 +528,11 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -540,14 +540,14 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_URL": "http://user:pwd@hostname.com/repo.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -555,11 +555,11 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "http://hostname.com/repo.git"
     }
   ],
@@ -567,14 +567,14 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "GIT_BRANCH": "origin/master",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_URL": "git@hostname.com:org/repo.git",
       "JENKINS_URL": "jenkins",
       "JOB_NAME": "jobName",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "WORKSPACE": "/foo/bar"
     },
     {
@@ -582,11 +582,11 @@
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.name": "jobName",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
-      "git.commit.sha": "jenkins-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "git@hostname.com:org/repo.git"
     }
   ],
@@ -594,7 +594,7 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "DD_GIT_BRANCH": "user-supplied-branch",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
@@ -606,15 +606,15 @@
       "DD_GIT_COMMIT_MESSAGE": "usersupplied-message",
       "DD_GIT_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "JENKINS_URL": "jenkins",
-      "JOB_URL": "jenkins-job-url"
+      "JOB_URL": "https://jenkins.com/job"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
@@ -632,7 +632,7 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
@@ -644,15 +644,15 @@
       "DD_GIT_COMMIT_SHA": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "DD_GIT_REPOSITORY_URL": "git@github.com:DataDog/userrepo.git",
       "DD_GIT_TAG": "0.0.2",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "JENKINS_URL": "jenkins",
-      "JOB_URL": "jenkins-job-url"
+      "JOB_URL": "https://jenkins.com/job"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
@@ -670,20 +670,20 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "GIT_URL_1": "https://user:password@github.com/DataDog/dogweb.git",
       "JENKINS_URL": "jenkins",
-      "JOB_URL": "jenkins-job-url"
+      "JOB_URL": "https://jenkins.com/job"
     },
     {
       "_dd.ci.env_vars": "{\"DD_CUSTOM_TRACE_ID\":\"jenkins-custom-trace-id\"}",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
-      "git.commit.sha": "jenkins-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/DataDog/dogweb.git"
     }
   ],
@@ -691,11 +691,11 @@
     {
       "BUILD_NUMBER": "jenkins-pipeline-number",
       "BUILD_TAG": "jenkins-pipeline-id",
-      "BUILD_URL": "jenkins-pipeline-url",
+      "BUILD_URL": "https://jenkins.com/pipeline",
       "DD_CUSTOM_TRACE_ID": "jenkins-custom-trace-id",
-      "GIT_COMMIT": "jenkins-git-commit",
+      "GIT_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "JENKINS_URL": "jenkins",
-      "JOB_URL": "jenkins-job-url",
+      "JOB_URL": "https://jenkins.com/job",
       "NODE_LABELS": "built-in linux",
       "NODE_NAME": "my-node"
     },
@@ -705,9 +705,9 @@
       "ci.node.name": "my-node",
       "ci.pipeline.id": "jenkins-pipeline-id",
       "ci.pipeline.number": "jenkins-pipeline-number",
-      "ci.pipeline.url": "jenkins-pipeline-url",
+      "ci.pipeline.url": "https://jenkins.com/pipeline",
       "ci.provider.name": "jenkins",
-      "git.commit.sha": "jenkins-git-commit"
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123"
     }
   ]
 ]
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/teamcity.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/teamcity.json
index 29191aa8e63..086c1c16de1 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/teamcity.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/teamcity.json
@@ -1,19 +1,19 @@
 [
   [
     {
-      "BUILD_URL": "the-build-url",
+      "BUILD_URL": "https://teamcity.com/repo",
       "TEAMCITY_BUILDCONF_NAME": "Test 1",
       "TEAMCITY_VERSION": "2022.10 (build 116751)"
     },
     {
       "ci.job.name": "Test 1",
-      "ci.job.url": "the-build-url",
+      "ci.job.url": "https://teamcity.com/repo",
       "ci.provider.name": "teamcity"
     }
   ],
   [
     {
-      "BUILD_URL": "the-build-url",
+      "BUILD_URL": "https://teamcity.com/repo",
       "DD_GIT_BRANCH": "user-supplied-branch",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
@@ -29,7 +29,7 @@
     },
     {
       "ci.job.name": "Test 1",
-      "ci.job.url": "the-build-url",
+      "ci.job.url": "https://teamcity.com/repo",
       "ci.provider.name": "teamcity",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
@@ -45,7 +45,7 @@
   ],
   [
     {
-      "BUILD_URL": "the-build-url",
+      "BUILD_URL": "https://teamcity.com/repo",
       "DD_GIT_COMMIT_AUTHOR_DATE": "usersupplied-authordate",
       "DD_GIT_COMMIT_AUTHOR_EMAIL": "usersupplied-authoremail",
       "DD_GIT_COMMIT_AUTHOR_NAME": "usersupplied-authorname",
@@ -61,7 +61,7 @@
     },
     {
       "ci.job.name": "Test 1",
-      "ci.job.url": "the-build-url",
+      "ci.job.url": "https://teamcity.com/repo",
       "ci.provider.name": "teamcity",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
diff --git a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/travisci.json b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/travisci.json
index a73309d2678..2131938546f 100644
--- a/dd-java-agent/agent-ci-visibility/src/test/resources/ci/travisci.json
+++ b/dd-java-agent/agent-ci-visibility/src/test/resources/ci/travisci.json
@@ -6,23 +6,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo",
       "TRAVIS_TAG": "origin/tags/0.1.0"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git",
       "git.tag": "0.1.0"
     }
@@ -34,23 +34,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo",
       "TRAVIS_TAG": "refs/heads/tags/0.1.0"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git",
       "git.tag": "0.1.0"
     }
@@ -61,22 +61,22 @@
       "TRAVIS_BRANCH": "origin/master",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -87,23 +87,23 @@
       "TRAVIS_BUILD_DIR": "foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -114,23 +114,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar~",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar~",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -141,23 +141,23 @@
       "TRAVIS_BUILD_DIR": "/foo/~/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/~/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -169,24 +169,24 @@
       "TRAVIS_BUILD_DIR": "~/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo",
       "USERPROFILE": "/not-my-home"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/not-my-home/foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -197,23 +197,23 @@
       "TRAVIS_BUILD_DIR": "~foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "~foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -225,24 +225,24 @@
       "TRAVIS_BUILD_DIR": "~",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo",
       "USERPROFILE": "/not-my-home"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/not-my-home",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -253,23 +253,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -280,23 +280,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -307,23 +307,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -334,25 +334,25 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_PULL_REQUEST_BRANCH": "origin/master",
       "TRAVIS_PULL_REQUEST_SLUG": "user/repo",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -363,25 +363,25 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_PULL_REQUEST_BRANCH": "refs/heads/master",
       "TRAVIS_PULL_REQUEST_SLUG": "user/repo",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "master",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -392,25 +392,25 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_PULL_REQUEST_BRANCH": "refs/heads/feature/one",
       "TRAVIS_PULL_REQUEST_SLUG": "user/repo",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.branch": "feature/one",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git"
     }
   ],
@@ -429,18 +429,18 @@
       "TRAVIS": "travisCI",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "git.branch": "user-supplied-branch",
       "git.commit.author.date": "usersupplied-authordate",
@@ -469,18 +469,18 @@
       "TRAVIS": "travisCI",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "git.commit.author.date": "usersupplied-authordate",
       "git.commit.author.email": "usersupplied-authoremail",
@@ -501,23 +501,23 @@
       "TRAVIS_BUILD_DIR": "/foo/bar",
       "TRAVIS_BUILD_ID": "travis-pipeline-id",
       "TRAVIS_BUILD_NUMBER": "travis-pipeline-number",
-      "TRAVIS_BUILD_WEB_URL": "travis-pipeline-url",
-      "TRAVIS_COMMIT": "travis-git-commit",
+      "TRAVIS_BUILD_WEB_URL": "https://travisci.com/pipeline",
+      "TRAVIS_COMMIT": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "TRAVIS_COMMIT_MESSAGE": "travis-commit-message",
-      "TRAVIS_JOB_WEB_URL": "travis-job-url",
+      "TRAVIS_JOB_WEB_URL": "https://travisci.com/job",
       "TRAVIS_REPO_SLUG": "user/repo",
       "TRAVIS_TAG": "origin/tags/0.1.0"
     },
     {
-      "ci.job.url": "travis-job-url",
+      "ci.job.url": "https://travisci.com/job",
       "ci.pipeline.id": "travis-pipeline-id",
       "ci.pipeline.name": "user/repo",
       "ci.pipeline.number": "travis-pipeline-number",
-      "ci.pipeline.url": "travis-pipeline-url",
+      "ci.pipeline.url": "https://travisci.com/pipeline",
       "ci.provider.name": "travisci",
       "ci.workspace_path": "/foo/bar",
       "git.commit.message": "travis-commit-message",
-      "git.commit.sha": "travis-git-commit",
+      "git.commit.sha": "b9f0fb3fdbb94c9d24b2c75b49663122a529e123",
       "git.repository_url": "https://github.com/user/repo.git",
       "git.tag": "0.1.0"
     }
diff --git a/dd-java-agent/agent-ci-visibility/src/testFixtures/groovy/datadog/trace/civisibility/CiVisibilityTest.groovy b/dd-java-agent/agent-ci-visibility/src/testFixtures/groovy/datadog/trace/civisibility/CiVisibilityTest.groovy
index 8ea5cf4c0bf..cd818861261 100644
--- a/dd-java-agent/agent-ci-visibility/src/testFixtures/groovy/datadog/trace/civisibility/CiVisibilityTest.groovy
+++ b/dd-java-agent/agent-ci-visibility/src/testFixtures/groovy/datadog/trace/civisibility/CiVisibilityTest.groovy
@@ -2,26 +2,26 @@ package datadog.trace.civisibility
 
 import datadog.trace.agent.test.AgentTestRunner
 import datadog.trace.agent.test.asserts.TraceAssert
-import datadog.trace.civisibility.coverage.NoopCoverageProbeStore
 import datadog.trace.api.Config
 import datadog.trace.api.DDSpanTypes
 import datadog.trace.api.DDTags
 import datadog.trace.api.civisibility.InstrumentationBridge
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings
 import datadog.trace.api.civisibility.config.SkippableTest
-import datadog.trace.api.civisibility.source.SourcePathResolver
 import datadog.trace.api.config.CiVisibilityConfig
 import datadog.trace.api.config.GeneralConfig
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.codeowners.Codeowners
 import datadog.trace.civisibility.config.JvmInfoFactory
 import datadog.trace.civisibility.config.ModuleExecutionSettingsFactory
+import datadog.trace.civisibility.coverage.NoopCoverageProbeStore
 import datadog.trace.civisibility.decorator.TestDecorator
 import datadog.trace.civisibility.decorator.TestDecoratorImpl
 import datadog.trace.civisibility.events.BuildEventsHandlerImpl
 import datadog.trace.civisibility.events.TestEventsHandlerImpl
 import datadog.trace.civisibility.ipc.SignalServer
 import datadog.trace.civisibility.source.MethodLinesResolver
+import datadog.trace.civisibility.source.SourcePathResolver
 import datadog.trace.civisibility.source.index.RepoIndexBuilder
 import datadog.trace.core.DDSpan
 import datadog.trace.util.Strings
@@ -30,6 +30,7 @@ import spock.lang.Unroll
 import java.nio.file.Files
 import java.nio.file.Path
 import java.nio.file.Paths
+import java.util.regex.Pattern
 
 @Unroll
 abstract class CiVisibilityTest extends AgentTestRunner {
@@ -43,10 +44,12 @@ abstract class CiVisibilityTest extends AgentTestRunner {
   static final int DUMMY_TEST_METHOD_START = 12
   static final int DUMMY_TEST_METHOD_END = 18
   static final Collection<String> DUMMY_CODE_OWNERS = ["owner1", "owner2"]
+  static final Pattern ANY_MESSAGE = Pattern.compile(".*")
 
   private static Path agentKeyFile
 
   private static final List<SkippableTest> skippableTests = new ArrayList<>()
+  private static volatile boolean itrEnabled = false
 
   def setupSpec() {
     def currentPath = Paths.get("").toAbsolutePath()
@@ -65,19 +68,45 @@ abstract class CiVisibilityTest extends AgentTestRunner {
     def moduleExecutionSettingsFactory = Stub(ModuleExecutionSettingsFactory)
     moduleExecutionSettingsFactory.create(_, _) >> {
       Map<String, String> properties = [
-        (CiVisibilityConfig.CIVISIBILITY_ITR_ENABLED) : String.valueOf(!skippableTests.isEmpty())
+        (CiVisibilityConfig.CIVISIBILITY_ITR_ENABLED): String.valueOf(itrEnabled)
       ]
-      return new ModuleExecutionSettings(properties, Collections.singletonMap(dummyModule, skippableTests))
+      return new ModuleExecutionSettings(false, itrEnabled, properties, Collections.singletonMap(dummyModule, skippableTests), Collections.emptyList())
     }
 
-    DDTestSessionImpl.SessionImplFactory sessionFactory = (String projectName, Path projectRoot, String component, Long startTime) -> {
+    def coverageProbeStoreFactory = new NoopCoverageProbeStore.NoopCoverageProbeStoreFactory()
+    DDTestFrameworkSession.Factory testFrameworkSessionFactory = (String projectName, Path projectRoot, String component, Long startTime) -> {
+      def ciTags = [(DUMMY_CI_TAG): DUMMY_CI_TAG_VALUE]
+      TestDecorator testDecorator = new TestDecoratorImpl(component, ciTags)
+      return new DDTestFrameworkSessionImpl(
+      projectName,
+      startTime,
+      Config.get(),
+      testDecorator,
+      sourcePathResolver,
+      codeowners,
+      methodLinesResolver,
+      coverageProbeStoreFactory,
+      moduleExecutionSettingsFactory,
+      )
+    }
+
+    InstrumentationBridge.registerTestEventsHandlerFactory {
+      component, path ->
+      DDTestFrameworkSession testSession = testFrameworkSessionFactory.startSession(dummyModule, path, component, null)
+      DDTestFrameworkModule testModule = testSession.testModuleStart(dummyModule, null)
+      new TestEventsHandlerImpl(testSession, testModule)
+    }
+
+    DDBuildSystemSession.Factory buildSystemSessionFactory = (String projectName, Path projectRoot, String startCommand, String component, Long startTime) -> {
       def ciTags = [(DUMMY_CI_TAG): DUMMY_CI_TAG_VALUE]
       TestDecorator testDecorator = new TestDecoratorImpl(component, ciTags)
       TestModuleRegistry testModuleRegistry = new TestModuleRegistry()
       SignalServer signalServer = new SignalServer()
       RepoIndexBuilder repoIndexBuilder = Stub(RepoIndexBuilder)
-      return new DDTestSessionParent(
+      return new DDBuildSystemSessionImpl(
       projectName,
+      rootPath.toString(),
+      startCommand,
       startTime,
       Config.get(),
       testModuleRegistry,
@@ -86,32 +115,28 @@ abstract class CiVisibilityTest extends AgentTestRunner {
       codeowners,
       methodLinesResolver,
       moduleExecutionSettingsFactory,
+      coverageProbeStoreFactory,
       signalServer,
       repoIndexBuilder
       )
     }
 
-    InstrumentationBridge.registerTestEventsHandlerFactory {
-      component, path ->
-      DDTestSessionImpl testSession = sessionFactory.startSession(dummyModule, path, component, null)
-      DDTestModuleImpl testModule = testSession.testModuleStart(dummyModule, null)
-      new TestEventsHandlerImpl(testSession, testModule)
-    }
-
     InstrumentationBridge.registerBuildEventsHandlerFactory {
-      decorator -> new BuildEventsHandlerImpl<>(sessionFactory, new JvmInfoFactory())
+      decorator -> new BuildEventsHandlerImpl<>(buildSystemSessionFactory, new JvmInfoFactory())
     }
 
-    InstrumentationBridge.registerCoverageProbeStoreFactory(new NoopCoverageProbeStore.NoopCoverageProbeStoreFactory())
+    InstrumentationBridge.registerCoverageProbeStoreRegistry(coverageProbeStoreFactory)
   }
 
   @Override
   void setup() {
     skippableTests.clear()
+    itrEnabled = false
   }
 
   def givenSkippableTests(List<SkippableTest> tests) {
     skippableTests.addAll(tests)
+    itrEnabled = true
   }
 
   @Override
@@ -137,7 +162,8 @@ abstract class CiVisibilityTest extends AgentTestRunner {
   final String resource = null,
   final String testCommand = null,
   final String testToolchain = null,
-  final Throwable exception = null) {
+  final Throwable exception = null,
+  final boolean verifyExceptionMessage = true) {
     def testFramework = expectedTestFramework()
     def testFrameworkVersion = expectedTestFrameworkVersion()
 
@@ -157,6 +183,9 @@ abstract class CiVisibilityTest extends AgentTestRunner {
         "$Tags.TEST_TYPE" TestDecorator.TEST_TYPE
         if (testCommand) {
           "$Tags.TEST_COMMAND" testCommand
+        } else {
+          // the default command for sessions that run without build system instrumentation
+          "$Tags.TEST_COMMAND" dummyModule
         }
         if (testToolchain) {
           "$Tags.TEST_TOOLCHAIN" testToolchain
@@ -171,7 +200,11 @@ abstract class CiVisibilityTest extends AgentTestRunner {
         }
 
         if (exception) {
-          errorTags(exception.class, exception.message)
+          if (verifyExceptionMessage) {
+            errorTags(exception.class, exception.message)
+          } else {
+            errorTags(exception.class, ANY_MESSAGE)
+          }
         }
 
         "$DUMMY_CI_TAG" DUMMY_CI_TAG_VALUE
@@ -199,7 +232,8 @@ abstract class CiVisibilityTest extends AgentTestRunner {
   final String testStatus,
   final Map<String, Object> testTags = null,
   final Throwable exception = null,
-  final String resource = null) {
+  final String resource = null,
+  final boolean verifyExceptionMessage = true) {
     def testFramework = expectedTestFramework()
     def testFrameworkVersion = expectedTestFrameworkVersion()
 
@@ -228,7 +262,11 @@ abstract class CiVisibilityTest extends AgentTestRunner {
         }
 
         if (exception) {
-          errorTags(exception.class, exception.message)
+          if (verifyExceptionMessage) {
+            errorTags(exception.class, exception.message)
+          } else {
+            errorTags(exception.class, ANY_MESSAGE)
+          }
         }
 
         "$DUMMY_CI_TAG" DUMMY_CI_TAG_VALUE
@@ -329,7 +367,7 @@ abstract class CiVisibilityTest extends AgentTestRunner {
     return testSuiteId
   }
 
-  void testSpan(final TraceAssert trace,
+  long testSpan(final TraceAssert trace,
   final int index,
   final Long testSessionId,
   final Long testModuleId,
@@ -342,11 +380,15 @@ abstract class CiVisibilityTest extends AgentTestRunner {
   final Throwable exception = null,
   final boolean emptyDuration = false,
   final Collection<String> categories = null,
-  final boolean sourceFilePresent = true) {
+  final boolean sourceFilePresent = true,
+  final boolean sourceMethodPresent = true) {
     def testFramework = expectedTestFramework()
     def testFrameworkVersion = expectedTestFrameworkVersion()
 
+    def testId
     trace.span(index) {
+      testId = span.getSpanId()
+
       parent()
       operationName expectedOperationPrefix() + ".test"
       resourceName "$testSuite.$testName"
@@ -376,10 +418,13 @@ abstract class CiVisibilityTest extends AgentTestRunner {
 
         if (sourceFilePresent) {
           "$Tags.TEST_SOURCE_FILE" DUMMY_SOURCE_PATH
+          "$Tags.TEST_CODEOWNERS" Strings.toJson(DUMMY_CODE_OWNERS)
+        }
+
+        if (sourceMethodPresent) {
           "$Tags.TEST_SOURCE_METHOD" testMethod
           "$Tags.TEST_SOURCE_START" DUMMY_TEST_METHOD_START
           "$Tags.TEST_SOURCE_END" DUMMY_TEST_METHOD_END
-          "$Tags.TEST_CODEOWNERS" Strings.toJson(DUMMY_CODE_OWNERS)
         }
 
         if (exception) {
@@ -404,6 +449,7 @@ abstract class CiVisibilityTest extends AgentTestRunner {
         defaultTags()
       }
     }
+    return testId
   }
 
   String component = component()
diff --git a/dd-java-agent/agent-debugger/build.gradle b/dd-java-agent/agent-debugger/build.gradle
index 91c875c8bc4..762229e19cb 100644
--- a/dd-java-agent/agent-debugger/build.gradle
+++ b/dd-java-agent/agent-debugger/build.gradle
@@ -15,7 +15,6 @@ excludedClassesCoverage += [
   'com.datadog.debugger.agent.DebuggerProbe.When.Threshold',
   'com.datadog.debugger.agent.DebuggerAgent.ShutdownHook',
   'com.datadog.debugger.agent.DebuggerAgent',
-  'com.datadog.debugger.uploader.BatchUploader',
   // too old for this coverage (JDK 1.2)
   'antlr.*',
   'com.datadog.debugger.util.MoshiSnapshotHelper' // only static classes
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/CapturedContext.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/CapturedContext.java
index 7f122fa6264..d0b062f281c 100644
--- a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/CapturedContext.java
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/CapturedContext.java
@@ -1,9 +1,12 @@
 package datadog.trace.bootstrap.debugger;
 
+import static datadog.trace.bootstrap.debugger.util.Redaction.REDACTED_VALUE;
+
 import datadog.trace.bootstrap.debugger.el.ReflectiveFieldValueResolver;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
 import datadog.trace.bootstrap.debugger.el.ValueReferences;
 import datadog.trace.bootstrap.debugger.el.Values;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import datadog.trace.bootstrap.debugger.util.TimeoutChecker;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -106,6 +109,9 @@ public Object getMember(Object target, String memberName) {
     if (target == Values.UNDEFINED_OBJECT) {
       return target;
     }
+    if (Redaction.isRedactedKeyword(memberName)) {
+      return REDACTED_VALUE;
+    }
     if (target instanceof CapturedValue) {
       Map<String, CapturedValue> fields = ((CapturedValue) target).fields;
       if (fields.containsKey(memberName)) {
@@ -318,12 +324,12 @@ public Status evaluate(
     if (methodLocation == MethodLocation.EXIT) {
       duration = System.nanoTime() - startTimestamp;
       addExtension(
-          ValueReferences.DURATION_EXTENSION_NAME, duration / 1000 / 1000); // convert to ms
+          ValueReferences.DURATION_EXTENSION_NAME, duration / 1_000_000.0); // convert to ms
     }
     this.thisClassName = thisClassName;
     boolean shouldEvaluate = resolveEvaluateAt(probeImplementation, methodLocation);
     if (shouldEvaluate) {
-      probeImplementation.evaluate(this, status);
+      probeImplementation.evaluate(this, status, methodLocation);
     }
     return status;
   }
@@ -334,11 +340,7 @@ private static boolean resolveEvaluateAt(
       // line probe, no evaluation of probe's evaluateAt
       return true;
     }
-    MethodLocation localEvaluateAt = probeImplementation.getEvaluateAt();
-    if (methodLocation == MethodLocation.ENTRY) {
-      return localEvaluateAt == MethodLocation.DEFAULT || localEvaluateAt == MethodLocation.ENTRY;
-    }
-    return localEvaluateAt == methodLocation;
+    return MethodLocation.isSame(methodLocation, probeImplementation.getEvaluateAt());
   }
 
   public Status getStatus(String probeId) {
@@ -537,6 +539,9 @@ public static CapturedValue raw(
 
     private static CapturedValue build(
         String name, String declaredType, Object value, Limits limits, String notCapturedReason) {
+      if (Redaction.isRedactedKeyword(name)) {
+        value = REDACTED_VALUE;
+      }
       CapturedValue val =
           new CapturedValue(
               name, declaredType, value, limits, Collections.emptyMap(), notCapturedReason);
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/DebuggerContext.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/DebuggerContext.java
index 56a4f6723d0..2ec97949aad 100644
--- a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/DebuggerContext.java
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/DebuggerContext.java
@@ -4,6 +4,7 @@
 import datadog.trace.bootstrap.debugger.util.TimeoutChecker;
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
+import java.util.ArrayList;
 import java.util.List;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -190,19 +191,9 @@ public static DebuggerSpan createSpan(String operationName, String[] tags) {
    *
    * @return true if can proceed to capture data
    */
-  public static boolean isReadyToCapture(String... probeIds) {
-    // TODO provide overloaded version without string array
+  public static boolean isReadyToCapture(Class<?> callingClass, String... probeIds) {
     try {
-      if (probeIds == null || probeIds.length == 0) {
-        return false;
-      }
-      boolean result = false;
-      for (String probeId : probeIds) {
-        // if all probes are rate limited, we don't capture
-        result |= ProbeRateLimiter.tryProbe(probeId);
-      }
-      result = result && checkAndSetInProbe();
-      return result;
+      return checkAndSetInProbe();
     } catch (Exception ex) {
       LOGGER.debug("Error in isReadyToCapture: ", ex);
       return false;
@@ -269,6 +260,7 @@ public static void evalContext(
   public static void evalContextAndCommit(
       CapturedContext context, Class<?> callingClass, int line, String... probeIds) {
     try {
+      List<ProbeImplementation> probeImplementations = new ArrayList<>();
       for (String probeId : probeIds) {
         ProbeImplementation probeImplementation = resolveProbe(probeId, callingClass);
         if (probeImplementation == null) {
@@ -276,6 +268,9 @@ public static void evalContextAndCommit(
         }
         context.evaluate(
             probeId, probeImplementation, callingClass.getTypeName(), -1, MethodLocation.DEFAULT);
+        probeImplementations.add(probeImplementation);
+      }
+      for (ProbeImplementation probeImplementation : probeImplementations) {
         probeImplementation.commit(context, line);
       }
     } catch (Exception ex) {
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/MethodLocation.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/MethodLocation.java
index f07868286c4..73c5fe212c0 100644
--- a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/MethodLocation.java
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/MethodLocation.java
@@ -3,5 +3,12 @@
 public enum MethodLocation {
   DEFAULT,
   ENTRY,
-  EXIT
+  EXIT;
+
+  public static boolean isSame(MethodLocation methodLocation, MethodLocation evaluateAt) {
+    if (methodLocation == MethodLocation.ENTRY) {
+      return evaluateAt == MethodLocation.DEFAULT || evaluateAt == MethodLocation.ENTRY;
+    }
+    return methodLocation == evaluateAt;
+  }
 }
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeImplementation.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeImplementation.java
index 80445b61fec..617b3aa6093 100644
--- a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeImplementation.java
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeImplementation.java
@@ -16,7 +16,8 @@ public interface ProbeImplementation {
 
   String getStrTags();
 
-  void evaluate(CapturedContext context, CapturedContext.Status status);
+  void evaluate(
+      CapturedContext context, CapturedContext.Status status, MethodLocation methodLocation);
 
   void commit(
       CapturedContext entryContext,
@@ -84,7 +85,8 @@ public String getStrTags() {
     }
 
     @Override
-    public void evaluate(CapturedContext context, CapturedContext.Status status) {}
+    public void evaluate(
+        CapturedContext context, CapturedContext.Status status, MethodLocation methodLocation) {}
 
     @Override
     public void commit(
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeRateLimiter.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeRateLimiter.java
index 55258c35ca9..e7c7aa22f8d 100644
--- a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeRateLimiter.java
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/ProbeRateLimiter.java
@@ -1,13 +1,19 @@
 package datadog.trace.bootstrap.debugger;
 
 import datadog.trace.api.sampling.AdaptiveSampler;
+import datadog.trace.api.sampling.ConstantSampler;
+import datadog.trace.api.sampling.Sampler;
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
+import java.util.function.DoubleFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /** Rate limiter for sending snapshot to backend Use a global rate limiter and one per probe */
 public class ProbeRateLimiter {
+  private static final Logger LOGGER = LoggerFactory.getLogger(ProbeRateLimiter.class);
   public static final double DEFAULT_SNAPSHOT_RATE = 1.0;
   public static final double DEFAULT_LOG_RATE = 5000.0;
   private static final Duration ONE_SECOND_WINDOW = Duration.of(1, ChronoUnit.SECONDS);
@@ -16,15 +22,14 @@ public class ProbeRateLimiter {
   private static final double DEFAULT_GLOBAL_LOG_RATE = 5000.0;
   private static final ConcurrentMap<String, RateLimitInfo> PROBE_SAMPLERS =
       new ConcurrentHashMap<>();
-  private static AdaptiveSampler GLOBAL_SNAPSHOT_SAMPLER =
-      createSampler(DEFAULT_GLOBAL_SNAPSHOT_RATE);
-  private static AdaptiveSampler GLOBAL_LOG_SAMPLER = createSampler(DEFAULT_GLOBAL_LOG_RATE);
+  private static Sampler GLOBAL_SNAPSHOT_SAMPLER = createSampler(DEFAULT_GLOBAL_SNAPSHOT_RATE);
+  private static Sampler GLOBAL_LOG_SAMPLER = createSampler(DEFAULT_GLOBAL_LOG_RATE);
+  private static DoubleFunction<Sampler> samplerSupplier = ProbeRateLimiter::createSampler;
 
   public static boolean tryProbe(String probeId) {
     RateLimitInfo rateLimitInfo =
-        PROBE_SAMPLERS.computeIfAbsent(
-            probeId, k -> new RateLimitInfo(createSampler(DEFAULT_SNAPSHOT_RATE), true));
-    AdaptiveSampler globalSampler =
+        PROBE_SAMPLERS.computeIfAbsent(probeId, ProbeRateLimiter::getDefaultRateLimitInfo);
+    Sampler globalSampler =
         rateLimitInfo.isCaptureSnapshot ? GLOBAL_SNAPSHOT_SAMPLER : GLOBAL_LOG_SAMPLER;
     if (globalSampler.sample()) {
       return rateLimitInfo.sampler.sample();
@@ -32,16 +37,21 @@ public static boolean tryProbe(String probeId) {
     return false;
   }
 
+  private static RateLimitInfo getDefaultRateLimitInfo(String probeId) {
+    LOGGER.debug("Setting sampling with default snapshot rate for probeId={}", probeId);
+    return new RateLimitInfo(samplerSupplier.apply(DEFAULT_SNAPSHOT_RATE), true);
+  }
+
   public static void setRate(String probeId, double rate, boolean isCaptureSnapshot) {
-    PROBE_SAMPLERS.put(probeId, new RateLimitInfo(createSampler(rate), isCaptureSnapshot));
+    PROBE_SAMPLERS.put(probeId, new RateLimitInfo(samplerSupplier.apply(rate), isCaptureSnapshot));
   }
 
   public static void setGlobalSnapshotRate(double rate) {
-    GLOBAL_SNAPSHOT_SAMPLER = createSampler(rate);
+    GLOBAL_SNAPSHOT_SAMPLER = samplerSupplier.apply(rate);
   }
 
   public static void setGlobalLogRate(double rate) {
-    GLOBAL_LOG_SAMPLER = createSampler(rate);
+    GLOBAL_LOG_SAMPLER = samplerSupplier.apply(rate);
   }
 
   public static void resetRate(String probeId) {
@@ -57,19 +67,27 @@ public static void resetAll() {
     resetGlobalRate();
   }
 
-  private static AdaptiveSampler createSampler(double rate) {
+  public static void setSamplerSupplier(DoubleFunction<Sampler> samplerSupplier) {
+    ProbeRateLimiter.samplerSupplier =
+        samplerSupplier != null ? samplerSupplier : ProbeRateLimiter::createSampler;
+  }
+
+  private static Sampler createSampler(double rate) {
+    if (rate < 0) {
+      return new ConstantSampler(true);
+    }
     if (rate < 1) {
       int intRate = (int) Math.round(rate * 10);
-      return new AdaptiveSampler(TEN_SECONDS_WINDOW, intRate, 180, 16);
+      return new AdaptiveSampler(TEN_SECONDS_WINDOW, intRate, 180, 16, true);
     }
-    return new AdaptiveSampler(ONE_SECOND_WINDOW, (int) Math.round(rate), 180, 16);
+    return new AdaptiveSampler(ONE_SECOND_WINDOW, (int) Math.round(rate), 180, 16, true);
   }
 
   private static class RateLimitInfo {
-    final AdaptiveSampler sampler;
+    final Sampler sampler;
     final boolean isCaptureSnapshot;
 
-    public RateLimitInfo(AdaptiveSampler sampler, boolean isCaptureSnapshot) {
+    public RateLimitInfo(Sampler sampler, boolean isCaptureSnapshot) {
       this.sampler = sampler;
       this.isCaptureSnapshot = isCaptureSnapshot;
     }
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/util/Redaction.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/util/Redaction.java
new file mode 100644
index 00000000000..41383d3c50a
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/util/Redaction.java
@@ -0,0 +1,155 @@
+package datadog.trace.bootstrap.debugger.util;
+
+import datadog.trace.api.Config;
+import datadog.trace.util.ClassNameTrie;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.regex.Pattern;
+
+public class Redaction {
+  // Need to be a unique instance (new String) for reference equality (==) and
+  // avoid internalization (intern) by the JVM because it's a string constant
+  public static final String REDACTED_VALUE = new String("redacted".toCharArray());
+
+  private static final Pattern COMMA_PATTERN = Pattern.compile(",");
+  private static final List<String> PREDEFINED_KEYWORDS =
+      Arrays.asList(
+          "password",
+          "passwd",
+          "secret",
+          "apikey",
+          "auth",
+          "credentials",
+          "mysqlpwd",
+          "privatekey",
+          "token",
+          "ipaddress",
+          "session",
+          // django
+          "csrftoken",
+          "sessionid",
+          // wsgi
+          "remoteaddr",
+          "xcsrftoken",
+          "xforwardedfor",
+          "setcookie",
+          "cookie",
+          "authorization",
+          "xapikey",
+          "xforwardedfor",
+          "xrealip");
+  private static final Set<String> KEYWORDS = ConcurrentHashMap.newKeySet();
+  private static ClassNameTrie typeTrie = ClassNameTrie.Builder.EMPTY_TRIE;
+  private static List<String> redactedClasses;
+  private static List<String> redactedPackages;
+
+  static {
+    /*
+     * based on sentry list: https://github.com/getsentry/sentry-python/blob/fefb454287b771ac31db4e30fa459d9be2f977b8/sentry_sdk/scrubber.py#L17-L58
+     */
+    KEYWORDS.addAll(PREDEFINED_KEYWORDS);
+  }
+
+  public static void addUserDefinedKeywords(Config config) {
+    String redactedIdentifiers = config.getDebuggerRedactedIdentifiers();
+    if (redactedIdentifiers == null) {
+      return;
+    }
+    String[] identifiers = COMMA_PATTERN.split(redactedIdentifiers);
+    for (String identifier : identifiers) {
+      KEYWORDS.add(normalize(identifier));
+    }
+  }
+
+  public static void addUserDefinedTypes(Config config) {
+    String redactedTypes = config.getDebuggerRedactedTypes();
+    if (redactedTypes == null) {
+      return;
+    }
+    List<String> packages = null;
+    List<String> classes = null;
+    ClassNameTrie.Builder builder = new ClassNameTrie.Builder();
+    String[] types = COMMA_PATTERN.split(redactedTypes);
+    for (String type : types) {
+      builder.put(type, 1);
+      if (type.endsWith("*")) {
+        if (packages == null) {
+          packages = new ArrayList<>();
+        }
+        type =
+            type.endsWith(".*")
+                ? type.substring(0, type.length() - 2)
+                : type.substring(0, type.length() - 1);
+        packages.add(type);
+      } else {
+        if (classes == null) {
+          classes = new ArrayList<>();
+        }
+        classes.add(type);
+      }
+    }
+    typeTrie = builder.buildTrie();
+    redactedPackages = packages;
+    redactedClasses = classes;
+  }
+
+  public static boolean isRedactedKeyword(String name) {
+    if (name == null) {
+      return false;
+    }
+    name = normalize(name);
+    return KEYWORDS.contains(name);
+  }
+
+  public static boolean isRedactedType(String className) {
+    if (className == null) {
+      return false;
+    }
+    return typeTrie.apply(className) > 0;
+  }
+
+  public static List<String> getRedactedPackages() {
+    return redactedPackages != null ? redactedPackages : Collections.emptyList();
+  }
+
+  public static List<String> getRedactedClasses() {
+    return redactedClasses != null ? redactedClasses : Collections.emptyList();
+  }
+
+  public static void clearUserDefinedTypes() {
+    typeTrie = ClassNameTrie.Builder.EMPTY_TRIE;
+  }
+
+  public static void resetUserDefinedKeywords() {
+    KEYWORDS.clear();
+    KEYWORDS.addAll(PREDEFINED_KEYWORDS);
+  }
+
+  private static String normalize(String name) {
+    StringBuilder sb = null;
+    for (int i = 0; i < name.length(); i++) {
+      char c = name.charAt(i);
+      boolean isUpper = Character.isUpperCase(c);
+      boolean isRemovable = isRemovableChar(c);
+      if (isUpper || isRemovable || sb != null) {
+        if (sb == null) {
+          sb = new StringBuilder(name.substring(0, i));
+        }
+        if (isUpper) {
+          sb.append(Character.toLowerCase(c));
+        } else if (!isRemovable) {
+          sb.append(c);
+        }
+      }
+    }
+    return sb != null ? sb.toString() : name;
+  }
+
+  private static boolean isRemovableChar(char c) {
+    return c == '_' || c == '-' || c == '$' || c == '@';
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/WellKnownClasses.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/util/WellKnownClasses.java
similarity index 68%
rename from dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/WellKnownClasses.java
rename to dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/util/WellKnownClasses.java
index 26758d40363..b5aa5a0b5fa 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/WellKnownClasses.java
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/main/java/datadog/trace/bootstrap/debugger/util/WellKnownClasses.java
@@ -1,7 +1,9 @@
-package com.datadog.debugger.util;
+package datadog.trace.bootstrap.debugger.util;
 
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 public class WellKnownClasses {
@@ -57,4 +59,30 @@ public static boolean isToStringFinalSafe(String type) {
   public static boolean isToStringSafe(String concreteType) {
     return toStringSafeClasses.contains(concreteType);
   }
+
+  /**
+   * @return true if collection is the implementation of size method is side effect free and O(1)
+   *     complexity
+   */
+  public static boolean isSizeSafe(Collection<?> collection) {
+    String className = collection.getClass().getTypeName();
+    if (className.startsWith("java.")) {
+      // All Collection implementations from JDK base module are considered as safe
+      return true;
+    }
+    return false;
+  }
+
+  /**
+   * @return true if map is the implementation of size method is side effect free and O(1)
+   *     complexity
+   */
+  public static boolean isSizeSafe(Map<?, ?> map) {
+    String className = map.getClass().getTypeName();
+    if (className.startsWith("java.")) {
+      // All Map implementations from JDK base module are considered as safe
+      return true;
+    }
+    return false;
+  }
 }
diff --git a/dd-java-agent/agent-debugger/debugger-bootstrap/src/test/java/datadog/trace/bootstrap/debugger/util/RedactionTest.java b/dd-java-agent/agent-debugger/debugger-bootstrap/src/test/java/datadog/trace/bootstrap/debugger/util/RedactionTest.java
new file mode 100644
index 00000000000..243b65f899f
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-bootstrap/src/test/java/datadog/trace/bootstrap/debugger/util/RedactionTest.java
@@ -0,0 +1,60 @@
+package datadog.trace.bootstrap.debugger.util;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import datadog.trace.api.Config;
+import java.lang.reflect.Field;
+import org.junit.jupiter.api.Test;
+
+class RedactionTest {
+
+  @Test
+  public void basic() {
+    assertFalse(Redaction.isRedactedKeyword(null));
+    assertFalse(Redaction.isRedactedKeyword(""));
+    assertFalse(Redaction.isRedactedKeyword("foobar"));
+    assertFalse(Redaction.isRedactedKeyword("@-_$"));
+    assertTrue(Redaction.isRedactedKeyword("password"));
+    assertTrue(Redaction.isRedactedKeyword("PassWord"));
+    assertTrue(Redaction.isRedactedKeyword("pass-word"));
+    assertTrue(Redaction.isRedactedKeyword("_Pass-Word_"));
+    assertTrue(Redaction.isRedactedKeyword("$pass_worD"));
+    assertTrue(Redaction.isRedactedKeyword("@passWord@"));
+  }
+
+  @Test
+  public void userDefinedKeywords() {
+    Config config = Config.get();
+    setFieldInConfig(config, "debuggerRedactedIdentifiers", "_MotDePasse,$Passwort");
+    try {
+      Redaction.addUserDefinedKeywords(config);
+      assertTrue(Redaction.isRedactedKeyword("mot-de-passe"));
+      assertTrue(Redaction.isRedactedKeyword("Passwort"));
+    } finally {
+      Redaction.resetUserDefinedKeywords();
+    }
+  }
+
+  @Test
+  public void userDefinedTypes() {
+    Config config = Config.get();
+    setFieldInConfig(config, "debuggerRedactedTypes", "java.security.Security,javax.security.*");
+    try {
+      Redaction.addUserDefinedTypes(Config.get());
+      assertTrue(Redaction.isRedactedType("java.security.Security"));
+      assertTrue(Redaction.isRedactedType("javax.security.SecurityContext"));
+    } finally {
+      Redaction.clearUserDefinedTypes();
+    }
+  }
+
+  private static void setFieldInConfig(Config config, String fieldName, Object value) {
+    try {
+      Field field = config.getClass().getDeclaredField(fieldName);
+      field.setAccessible(true);
+      field.set(config, value);
+    } catch (Throwable e) {
+      e.printStackTrace();
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/BooleanValueExpressionAdapter.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/BooleanValueExpressionAdapter.java
new file mode 100644
index 00000000000..5637e11c76c
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/BooleanValueExpressionAdapter.java
@@ -0,0 +1,30 @@
+package com.datadog.debugger.el;
+
+import com.datadog.debugger.el.expressions.BooleanExpression;
+import com.datadog.debugger.el.expressions.ValueExpression;
+import com.datadog.debugger.el.values.BooleanValue;
+import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
+
+public class BooleanValueExpressionAdapter implements ValueExpression<BooleanValue> {
+
+  private final BooleanExpression booleanExpression;
+
+  public BooleanValueExpressionAdapter(BooleanExpression booleanExpression) {
+    this.booleanExpression = booleanExpression;
+  }
+
+  @Override
+  public BooleanValue evaluate(ValueReferenceResolver valueRefResolver) {
+    Boolean result = booleanExpression.evaluate(valueRefResolver);
+    if (result == null) {
+      throw new EvaluationException(
+          "Boolean expression returning null", PrettyPrintVisitor.print(this));
+    }
+    return new BooleanValue(result);
+  }
+
+  @Override
+  public <R> R accept(Visitor<R> visitor) {
+    return visitor.visit(booleanExpression);
+  }
+}
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/DSL.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/DSL.java
index e8943e8c0e7..c23704ec325 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/DSL.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/DSL.java
@@ -16,6 +16,7 @@
 import com.datadog.debugger.el.expressions.IndexExpression;
 import com.datadog.debugger.el.expressions.IsEmptyExpression;
 import com.datadog.debugger.el.expressions.LenExpression;
+import com.datadog.debugger.el.expressions.MatchesExpression;
 import com.datadog.debugger.el.expressions.NotExpression;
 import com.datadog.debugger.el.expressions.StartsWithExpression;
 import com.datadog.debugger.el.expressions.StringPredicateExpression;
@@ -192,7 +193,16 @@ public static StringPredicateExpression contains(
     return new ContainsExpression(valueExpression, str);
   }
 
+  public static StringPredicateExpression matches(
+      ValueExpression<?> valueExpression, StringValue str) {
+    return new MatchesExpression(valueExpression, str);
+  }
+
   public static WhenExpression when(BooleanExpression expression) {
     return new WhenExpression(expression);
   }
+
+  public static BooleanValueExpressionAdapter bool(BooleanExpression expression) {
+    return new BooleanValueExpressionAdapter(expression);
+  }
 }
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/JsonToExpressionConverter.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/JsonToExpressionConverter.java
index a69a79cadef..6f6eee3b1bb 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/JsonToExpressionConverter.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/JsonToExpressionConverter.java
@@ -12,12 +12,42 @@
 import com.squareup.moshi.JsonReader;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.function.BiFunction;
 
 /** Converts json representation to object model */
 public class JsonToExpressionConverter {
 
+  private static final Set<String> PREDICATE_FUNCTIONS =
+      new HashSet<>(
+          Arrays.asList(
+              "not",
+              "==",
+              "eq",
+              "!=",
+              "neq",
+              "ne",
+              ">=",
+              "ge",
+              ">",
+              "gt",
+              "<=",
+              "le",
+              "<",
+              "lt",
+              "or",
+              "and",
+              "hasAny",
+              "hasAll",
+              "isEmpty",
+              "startsWith",
+              "endsWith",
+              "contains",
+              "matches"));
+
   @FunctionalInterface
   interface BinaryPredicateExpressionFunction<T extends Expression> {
     BooleanExpression apply(T left, T right);
@@ -31,7 +61,13 @@ interface CompositePredicateExpressionFunction<T extends Expression> {
   public static BooleanExpression createPredicate(JsonReader reader) throws IOException {
     reader.beginObject();
     String predicateType = reader.nextName();
-    BooleanExpression expr = null;
+    BooleanExpression expr = internalCreatePredicate(reader, predicateType);
+    reader.endObject();
+    return expr;
+  }
+
+  private static BooleanExpression internalCreatePredicate(JsonReader reader, String predicateType)
+      throws IOException {
     switch (predicateType) {
       case "not":
         {
@@ -40,8 +76,7 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
             throw new UnsupportedOperationException(
                 "Operation 'not' expects a predicate as its argument");
           }
-          expr = DSL.not(createPredicate(reader));
-          break;
+          return DSL.not(createPredicate(reader));
         }
       case "==":
       case "eq":
@@ -52,9 +87,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'eq' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createBinaryValuePredicate(reader, DSL::eq);
+          BooleanExpression expr = createBinaryValuePredicate(reader, DSL::eq);
           reader.endArray();
-          break;
+          return expr;
         }
       case "!=":
       case "neq":
@@ -66,9 +101,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'ne' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = DSL.not(createBinaryValuePredicate(reader, DSL::eq));
+          BooleanExpression expr = DSL.not(createBinaryValuePredicate(reader, DSL::eq));
           reader.endArray();
-          break;
+          return expr;
         }
       case ">=":
       case "ge":
@@ -79,9 +114,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'ge' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createBinaryValuePredicate(reader, DSL::ge);
+          BooleanExpression expr = createBinaryValuePredicate(reader, DSL::ge);
           reader.endArray();
-          break;
+          return expr;
         }
       case ">":
       case "gt":
@@ -92,9 +127,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'gt' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createBinaryValuePredicate(reader, DSL::gt);
+          BooleanExpression expr = createBinaryValuePredicate(reader, DSL::gt);
           reader.endArray();
-          break;
+          return expr;
         }
       case "<=":
       case "le":
@@ -105,9 +140,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'le' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createBinaryValuePredicate(reader, DSL::le);
+          BooleanExpression expr = createBinaryValuePredicate(reader, DSL::le);
           reader.endArray();
-          break;
+          return expr;
         }
       case "<":
       case "lt":
@@ -118,9 +153,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'lt' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createBinaryValuePredicate(reader, DSL::lt);
+          BooleanExpression expr = createBinaryValuePredicate(reader, DSL::lt);
           reader.endArray();
-          break;
+          return expr;
         }
       case "or":
         {
@@ -130,9 +165,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'or' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createCompositeLogicalPredicate(reader, DSL::or);
+          BooleanExpression expr = createCompositeLogicalPredicate(reader, DSL::or);
           reader.endArray();
-          break;
+          return expr;
         }
       case "and":
         {
@@ -142,9 +177,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'and' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createCompositeLogicalPredicate(reader, DSL::and);
+          BooleanExpression expr = createCompositeLogicalPredicate(reader, DSL::and);
           reader.endArray();
-          break;
+          return expr;
         }
       case "hasAny":
         {
@@ -154,9 +189,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'hasAny' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createHasAnyPredicate(reader);
+          BooleanExpression expr = createHasAnyPredicate(reader);
           reader.endArray();
-          break;
+          return expr;
         }
       case "hasAll":
         {
@@ -166,9 +201,9 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
                 "Operation 'hasAll' expects the arguments to be defined as array");
           }
           reader.beginArray();
-          expr = createHasAllPredicate(reader);
+          BooleanExpression expr = createHasAllPredicate(reader);
           reader.endArray();
-          break;
+          return expr;
         }
       case "isEmpty":
         {
@@ -177,29 +212,27 @@ public static BooleanExpression createPredicate(JsonReader reader) throws IOExce
             throw new UnsupportedOperationException(
                 "Operation 'isEmpty' expects exactly one value argument");
           }
-          expr = DSL.isEmpty(asValueExpression(reader));
-          break;
+          return DSL.isEmpty(asValueExpression(reader));
         }
       case "startsWith":
         {
-          expr = createStringPredicateExpression(reader, DSL::startsWith);
-          break;
+          return createStringPredicateExpression(reader, DSL::startsWith);
         }
       case "endsWith":
         {
-          expr = createStringPredicateExpression(reader, DSL::endsWith);
-          break;
+          return createStringPredicateExpression(reader, DSL::endsWith);
         }
       case "contains":
         {
-          expr = createStringPredicateExpression(reader, DSL::contains);
-          break;
+          return createStringPredicateExpression(reader, DSL::contains);
+        }
+      case "matches":
+        {
+          return createStringPredicateExpression(reader, DSL::matches);
         }
       default:
         throw new UnsupportedOperationException("Unsupported operation '" + predicateType + "'");
     }
-    reader.endObject();
-    return expr;
   }
 
   public static BooleanExpression createHasAnyPredicate(JsonReader reader) throws IOException {
@@ -237,8 +270,8 @@ public static BooleanExpression createCompositeLogicalPredicate(
   }
 
   public static ValueExpression<?> asValueExpression(JsonReader reader) throws IOException {
-    ValueExpression<?> value;
-    switch (reader.peek()) {
+    JsonReader.Token currentToken = reader.peek();
+    switch (currentToken) {
       case NUMBER:
         {
           // Moshi always consider numbers as decimal. need to parse it as string and detect if dot
@@ -246,23 +279,23 @@ public static ValueExpression<?> asValueExpression(JsonReader reader) throws IOE
           // or not to determine ints/longs vs doubles
           String numberStrValue = reader.nextString();
           if (numberStrValue.indexOf('.') > 0) {
-            value = DSL.value(Double.parseDouble(numberStrValue));
-          } else {
-            value = DSL.value(Long.parseLong(numberStrValue));
+            return DSL.value(Double.parseDouble(numberStrValue));
           }
-          break;
+          return DSL.value(Long.parseLong(numberStrValue));
         }
       case STRING:
         {
           String textValue = reader.nextString();
-          value = DSL.value(textValue);
-          break;
+          return DSL.value(textValue);
         }
       case BEGIN_OBJECT:
         {
           reader.beginObject();
           try {
             String fieldName = reader.nextName();
+            if (PREDICATE_FUNCTIONS.contains(fieldName)) {
+              return DSL.bool(internalCreatePredicate(reader, fieldName));
+            }
             switch (fieldName) {
               case "ref":
                 {
@@ -345,13 +378,12 @@ public static ValueExpression<?> asValueExpression(JsonReader reader) throws IOE
       case NULL:
         {
           reader.nextNull();
-          value = DSL.nullValue();
-          break;
+          return DSL.nullValue();
         }
       default:
-        throw new UnsupportedOperationException("Invalid value definition: ");
+        throw new UnsupportedOperationException(
+            "Invalid value definition, not supported token: " + currentToken);
     }
-    return value;
   }
 
   private static StringPredicateExpression createStringPredicateExpression(
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/RedactedException.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/RedactedException.java
new file mode 100644
index 00000000000..a2ec6cdb02d
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/RedactedException.java
@@ -0,0 +1,7 @@
+package com.datadog.debugger.el;
+
+public class RedactedException extends EvaluationException {
+  public RedactedException(String message, String expr) {
+    super(message, expr);
+  }
+}
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/ValueScript.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/ValueScript.java
index f35ac5f50ce..bcc940e1d5d 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/ValueScript.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/ValueScript.java
@@ -1,9 +1,11 @@
 package com.datadog.debugger.el;
 
 import com.datadog.debugger.el.expressions.GetMemberExpression;
+import com.datadog.debugger.el.expressions.IndexExpression;
 import com.datadog.debugger.el.expressions.LenExpression;
 import com.datadog.debugger.el.expressions.ValueExpression;
 import com.datadog.debugger.el.expressions.ValueRefExpression;
+import com.datadog.debugger.el.values.StringValue;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.JsonReader;
 import com.squareup.moshi.JsonWriter;
@@ -131,6 +133,14 @@ public void toJson(JsonWriter jsonWriter, ValueScript value) throws IOException
 
     private void writeValueExpression(JsonWriter jsonWriter, ValueExpression<?> expr)
         throws IOException {
+      if (expr instanceof Value) {
+        if (expr instanceof StringValue) {
+          jsonWriter.value(((StringValue) expr).getValue());
+        } else {
+          throw new IOException("Unsupported operation: " + expr.getClass().getTypeName());
+        }
+        return;
+      }
       jsonWriter.beginObject();
       if (expr instanceof ValueRefExpression) {
         ValueRefExpression valueRefExpr = (ValueRefExpression) expr;
@@ -146,6 +156,13 @@ private void writeValueExpression(JsonWriter jsonWriter, ValueExpression<?> expr
       } else if (expr instanceof LenExpression) {
         jsonWriter.name("count");
         writeValueExpression(jsonWriter, ((LenExpression) expr).getSource());
+      } else if (expr instanceof IndexExpression) {
+        IndexExpression idxExpr = (IndexExpression) expr;
+        jsonWriter.name("index");
+        jsonWriter.beginArray();
+        writeValueExpression(jsonWriter, idxExpr.getTarget());
+        writeValueExpression(jsonWriter, idxExpr.getKey());
+        jsonWriter.endArray();
       } else {
         throw new IOException("Unsupported operation: " + expr.getClass().getTypeName());
       }
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ExpressionHelper.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ExpressionHelper.java
new file mode 100644
index 00000000000..43d5930dcb6
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ExpressionHelper.java
@@ -0,0 +1,13 @@
+package com.datadog.debugger.el.expressions;
+
+import com.datadog.debugger.el.Expression;
+import com.datadog.debugger.el.PrettyPrintVisitor;
+import com.datadog.debugger.el.RedactedException;
+
+public class ExpressionHelper {
+  public static void throwRedactedException(Expression<?> expr) {
+    String strExpr = PrettyPrintVisitor.print(expr);
+    throw new RedactedException(
+        "Could not evaluate the expression because '" + strExpr + "' was redacted", strExpr);
+  }
+}
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/GetMemberExpression.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/GetMemberExpression.java
index 0ca2e3e35f4..4b4cbbedba3 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/GetMemberExpression.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/GetMemberExpression.java
@@ -2,9 +2,11 @@
 
 import com.datadog.debugger.el.EvaluationException;
 import com.datadog.debugger.el.Generated;
+import com.datadog.debugger.el.PrettyPrintVisitor;
 import com.datadog.debugger.el.Value;
 import com.datadog.debugger.el.Visitor;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import java.util.Objects;
 
 public class GetMemberExpression implements ValueExpression<Value<?>> {
@@ -22,11 +24,17 @@ public Value<?> evaluate(ValueReferenceResolver valueRefResolver) {
     if (targetValue == Value.undefined()) {
       return targetValue;
     }
+    Object member;
     try {
-      return Value.of(valueRefResolver.getMember(targetValue.getValue(), memberName));
+      member = valueRefResolver.getMember(targetValue.getValue(), memberName);
     } catch (RuntimeException ex) {
-      throw new EvaluationException(ex.getMessage(), memberName, ex);
+      throw new EvaluationException(ex.getMessage(), PrettyPrintVisitor.print(this), ex);
     }
+    if (member == Redaction.REDACTED_VALUE
+        || (member != null && Redaction.isRedactedType(member.getClass().getTypeName()))) {
+      ExpressionHelper.throwRedactedException(this);
+    }
+    return Value.of(member);
   }
 
   @Generated
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/IndexExpression.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/IndexExpression.java
index 7cd825bae50..d35be25572e 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/IndexExpression.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/IndexExpression.java
@@ -7,6 +7,7 @@
 import com.datadog.debugger.el.values.ListValue;
 import com.datadog.debugger.el.values.MapValue;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 
 public class IndexExpression implements ValueExpression<Value<?>> {
 
@@ -31,7 +32,12 @@ public Value<?> evaluate(ValueReferenceResolver valueRefResolver) {
     }
     try {
       if (targetValue instanceof MapValue) {
-        result = ((MapValue) targetValue).get(keyValue.getValue());
+        Object objKey = keyValue.getValue();
+        if (objKey instanceof String && Redaction.isRedactedKeyword((String) objKey)) {
+          ExpressionHelper.throwRedactedException(this);
+        } else {
+          result = ((MapValue) targetValue).get(objKey);
+        }
       }
       if (targetValue instanceof ListValue) {
         result = ((ListValue) targetValue).get(keyValue.getValue());
@@ -39,6 +45,10 @@ public Value<?> evaluate(ValueReferenceResolver valueRefResolver) {
     } catch (IllegalArgumentException ex) {
       throw new EvaluationException(ex.getMessage(), PrettyPrintVisitor.print(this), ex);
     }
+    Object obj = result.getValue();
+    if (obj != null && Redaction.isRedactedType(obj.getClass().getTypeName())) {
+      ExpressionHelper.throwRedactedException(this);
+    }
     return result;
   }
 
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/LenExpression.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/LenExpression.java
index e6029a9c828..669a00f5cd4 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/LenExpression.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/LenExpression.java
@@ -1,5 +1,7 @@
 package com.datadog.debugger.el.expressions;
 
+import com.datadog.debugger.el.EvaluationException;
+import com.datadog.debugger.el.PrettyPrintVisitor;
 import com.datadog.debugger.el.Value;
 import com.datadog.debugger.el.Visitor;
 import com.datadog.debugger.el.values.CollectionValue;
@@ -27,14 +29,18 @@ public LenExpression(ValueExpression<?> source) {
   @Override
   public Value<Number> evaluate(ValueReferenceResolver valueRefResolver) {
     Value<?> materialized = source == null ? Value.nullValue() : source.evaluate(valueRefResolver);
-    if (materialized.isNull()) {
-      return (NumericValue) Value.of(-1);
-    } else if (materialized.isUndefined()) {
-      return (NumericValue) Value.of(0);
-    } else if (materialized instanceof StringValue) {
-      return (NumericValue) Value.of(((StringValue) materialized).length());
-    } else if (materialized instanceof CollectionValue) {
-      return (NumericValue) Value.of(((CollectionValue) materialized).count());
+    try {
+      if (materialized.isNull()) {
+        return (NumericValue) Value.of(-1);
+      } else if (materialized.isUndefined()) {
+        return (NumericValue) Value.of(0);
+      } else if (materialized instanceof StringValue) {
+        return (NumericValue) Value.of(((StringValue) materialized).length());
+      } else if (materialized instanceof CollectionValue) {
+        return (NumericValue) Value.of(((CollectionValue) materialized).count());
+      }
+    } catch (RuntimeException ex) {
+      throw new EvaluationException(ex.getMessage(), PrettyPrintVisitor.print(this));
     }
     log.warn("Can not compute length for {}", materialized);
     return Value.undefined();
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ValueRefExpression.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ValueRefExpression.java
index 11dabc9116e..75a82b54f48 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ValueRefExpression.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/expressions/ValueRefExpression.java
@@ -2,9 +2,11 @@
 
 import com.datadog.debugger.el.EvaluationException;
 import com.datadog.debugger.el.Generated;
+import com.datadog.debugger.el.PrettyPrintVisitor;
 import com.datadog.debugger.el.Value;
 import com.datadog.debugger.el.Visitor;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import java.util.Objects;
 
 /** An expression taking a reference path and resolving to {@linkplain Value} */
@@ -17,11 +19,17 @@ public ValueRefExpression(String symbolName) {
 
   @Override
   public Value<?> evaluate(ValueReferenceResolver valueRefResolver) {
+    Object symbol;
     try {
-      return Value.of(valueRefResolver.lookup(symbolName));
+      symbol = valueRefResolver.lookup(symbolName);
     } catch (RuntimeException ex) {
-      throw new EvaluationException(ex.getMessage(), symbolName);
+      throw new EvaluationException(ex.getMessage(), PrettyPrintVisitor.print(this));
     }
+    if (symbol == Redaction.REDACTED_VALUE
+        || (symbol != null && Redaction.isRedactedType(symbol.getClass().getTypeName()))) {
+      ExpressionHelper.throwRedactedException(this);
+    }
+    return Value.of(symbol);
   }
 
   @Generated
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/ListValue.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/ListValue.java
index a2b5b032f9e..88dd5c71614 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/ListValue.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/ListValue.java
@@ -5,6 +5,7 @@
 import com.datadog.debugger.el.expressions.ValueExpression;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
 import datadog.trace.bootstrap.debugger.el.Values;
+import datadog.trace.bootstrap.debugger.util.WellKnownClasses;
 import java.lang.reflect.Array;
 import java.util.Collection;
 import java.util.List;
@@ -68,7 +69,12 @@ public boolean isEmpty() {
 
   public int count() {
     if (listHolder instanceof Collection) {
-      return ((Collection<?>) listHolder).size();
+      if (WellKnownClasses.isSizeSafe((Collection<?>) listHolder)) {
+        return ((Collection<?>) listHolder).size();
+      } else {
+        throw new RuntimeException(
+            "Unsupported Collection class: " + listHolder.getClass().getTypeName());
+      }
     } else if (listHolder == Value.nullValue()) {
       return 0;
     } else if (arrayHolder != null) {
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/MapValue.java b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/MapValue.java
index 09ea8b36a2f..614179fc4a3 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/MapValue.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/main/java/com/datadog/debugger/el/values/MapValue.java
@@ -5,6 +5,7 @@
 import com.datadog.debugger.el.expressions.ValueExpression;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
 import datadog.trace.bootstrap.debugger.el.Values;
+import datadog.trace.bootstrap.debugger.util.WellKnownClasses;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
@@ -53,7 +54,11 @@ public boolean isEmpty() {
 
   public int count() {
     if (mapHolder instanceof Map) {
-      return ((Map<?, ?>) mapHolder).size();
+      if (WellKnownClasses.isSizeSafe((Map<?, ?>) mapHolder)) {
+        return ((Map<?, ?>) mapHolder).size();
+      } else {
+        throw new RuntimeException("Unsupported Map class: " + mapHolder.getClass().getTypeName());
+      }
     } else if (mapHolder == Value.nullValue()) {
       return 0;
     }
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/BooleanValueExpressionAdapterTest.java b/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/BooleanValueExpressionAdapterTest.java
new file mode 100644
index 00000000000..3b793ecb1d6
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/BooleanValueExpressionAdapterTest.java
@@ -0,0 +1,50 @@
+package com.datadog.debugger.el;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import com.datadog.debugger.el.expressions.BooleanExpression;
+import com.datadog.debugger.el.values.BooleanValue;
+import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
+import org.junit.jupiter.api.Test;
+
+class BooleanValueExpressionAdapterTest {
+
+  @Test
+  public void testLiteral() {
+    {
+      BooleanValueExpressionAdapter booleanValueExpressionAdapter =
+          new BooleanValueExpressionAdapter(BooleanExpression.TRUE);
+      BooleanValue resultValue = booleanValueExpressionAdapter.evaluate(null);
+      assertTrue(resultValue.getValue());
+    }
+    {
+      BooleanValueExpressionAdapter booleanValueExpressionAdapter =
+          new BooleanValueExpressionAdapter(BooleanExpression.FALSE);
+      BooleanValue resultValue = booleanValueExpressionAdapter.evaluate(null);
+      assertFalse(resultValue.getValue());
+    }
+  }
+
+  @Test
+  public void testExpression() {
+    BooleanValueExpressionAdapter booleanValueExpressionAdapter =
+        new BooleanValueExpressionAdapter(DSL.eq(DSL.value(1), DSL.value(1)));
+    BooleanValue resultValue = booleanValueExpressionAdapter.evaluate(null);
+    assertTrue(resultValue.getValue());
+  }
+
+  @Test
+  public void testNull() {
+    BooleanValueExpressionAdapter booleanValueExpressionAdapter =
+        new BooleanValueExpressionAdapter(
+            new BooleanExpression() {
+              @Override
+              public Boolean evaluate(ValueReferenceResolver valueRefResolver) {
+                return null;
+              }
+            });
+    EvaluationException ex =
+        assertThrows(EvaluationException.class, () -> booleanValueExpressionAdapter.evaluate(null));
+    assertEquals("Boolean expression returning null", ex.getMessage());
+  }
+}
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/ProbeConditionTest.java b/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/ProbeConditionTest.java
index 5a54a75877a..c9dd388426e 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/ProbeConditionTest.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/ProbeConditionTest.java
@@ -180,6 +180,19 @@ void testIncorrectSyntax() {
     assertEquals("Unsupported operation 'gte'", ex.getMessage());
   }
 
+  @Test
+  void redaction() throws IOException {
+    ProbeCondition probeCondition = load("/test_conditional_09.json");
+    Map<String, Object> args = new HashMap<>();
+    args.put("password", "secret123");
+    ValueReferenceResolver ctx = RefResolverHelper.createResolver(args, null, null);
+    EvaluationException evaluationException =
+        assertThrows(EvaluationException.class, () -> probeCondition.execute(ctx));
+    assertEquals(
+        "Could not evaluate the expression because 'password' was redacted",
+        evaluationException.getMessage());
+  }
+
   private static ProbeCondition load(String resourcePath) throws IOException {
     InputStream input = ProbeConditionTest.class.getResourceAsStream(resourcePath);
     Moshi moshi =
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/expressions/ValueRefExpressionTest.java b/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/expressions/ValueRefExpressionTest.java
index 4048f3293b7..be89476be39 100644
--- a/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/expressions/ValueRefExpressionTest.java
+++ b/dd-java-agent/agent-debugger/debugger-el/src/test/java/com/datadog/debugger/el/expressions/ValueRefExpressionTest.java
@@ -5,6 +5,7 @@
 import static org.junit.jupiter.api.Assertions.*;
 
 import com.datadog.debugger.el.DSL;
+import com.datadog.debugger.el.EvaluationException;
 import com.datadog.debugger.el.RefResolverHelper;
 import com.datadog.debugger.el.Value;
 import datadog.trace.bootstrap.debugger.el.ValueReferenceResolver;
@@ -99,4 +100,24 @@ void contextRef() {
     assertEquals("Cannot find synthetic var: invalid", runtimeException.getMessage());
     assertEquals("@invalid", print(invalidExpression));
   }
+
+  @Test
+  public void redacted() {
+    ValueRefExpression valueRef = new ValueRefExpression("password");
+    class StoreSecret {
+      String password;
+
+      public StoreSecret(String password) {
+        this.password = password;
+      }
+    }
+    StoreSecret instance = new StoreSecret("secret123");
+    EvaluationException evaluationException =
+        assertThrows(
+            EvaluationException.class,
+            () -> valueRef.evaluate(RefResolverHelper.createResolver(instance)));
+    assertEquals(
+        "Could not evaluate the expression because 'password' was redacted",
+        evaluationException.getMessage());
+  }
 }
diff --git a/dd-java-agent/agent-debugger/debugger-el/src/test/resources/test_conditional_09.json b/dd-java-agent/agent-debugger/debugger-el/src/test/resources/test_conditional_09.json
new file mode 100644
index 00000000000..11946a4ee69
--- /dev/null
+++ b/dd-java-agent/agent-debugger/debugger-el/src/test/resources/test_conditional_09.json
@@ -0,0 +1,6 @@
+{
+  "dsl": "password == 'secret123'",
+  "json": {
+    "eq": [{"ref": "password"}, "secret123"]
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/ConfigurationUpdater.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/ConfigurationUpdater.java
index 98334a2764a..533d78e2a83 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/ConfigurationUpdater.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/ConfigurationUpdater.java
@@ -40,7 +40,8 @@ public interface TransformerSupplier {
     DebuggerTransformer supply(
         Config tracerConfig,
         Configuration configuration,
-        DebuggerTransformer.InstrumentationListener listener);
+        DebuggerTransformer.InstrumentationListener listener,
+        DebuggerSink debuggerSink);
   }
 
   private static final Logger LOGGER = LoggerFactory.getLogger(ConfigurationUpdater.class);
@@ -103,13 +104,14 @@ private void applyNewConfiguration(Configuration newConfiguration) {
     ConfigurationComparer changes =
         new ConfigurationComparer(currentConfiguration, newConfiguration, instrumentationResults);
     currentConfiguration = newConfiguration;
+    if (changes.hasRateLimitRelatedChanged()) {
+      // apply rate limit config first to avoid racing with execution/instrumentation of log probes
+      applyRateLimiter(changes);
+    }
     if (changes.hasProbeRelatedChanges()) {
       LOGGER.info("Applying new probe configuration, changes: {}", changes);
       handleProbesChanges(changes);
     }
-    if (changes.hasRateLimitRelatedChanged()) {
-      applyRateLimiter(changes);
-    }
   }
 
   private Configuration applyConfigurationFilters(Configuration configuration) {
@@ -175,13 +177,16 @@ private void installNewDefinitions() {
     // install new probe definitions
     currentTransformer =
         transformerSupplier.supply(
-            Config.get(), currentConfiguration, this::recordInstrumentationProgress);
+            Config.get(), currentConfiguration, this::recordInstrumentationProgress, sink);
     instrumentation.addTransformer(currentTransformer, true);
     LOGGER.debug("New transformer installed");
   }
 
   private void recordInstrumentationProgress(
       ProbeDefinition definition, InstrumentationResult instrumentationResult) {
+    if (instrumentationResult.isError()) {
+      return;
+    }
     instrumentationResults.put(definition.getId(), instrumentationResult);
     if (instrumentationResult.isInstalled()) {
       sink.addInstalled(definition.getProbeId());
@@ -241,10 +246,6 @@ public ProbeImplementation resolve(String id, Class<?> callingClass) {
   }
 
   private void applyRateLimiter(ConfigurationComparer changes) {
-    Collection<LogProbe> probes = currentConfiguration.getLogProbes();
-    if (probes == null) {
-      return;
-    }
     // ensure rate is up-to-date for all new probes
     for (ProbeDefinition addedDefinitions : changes.getAddedDefinitions()) {
       if (addedDefinitions instanceof LogProbe) {
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerAgent.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerAgent.java
index c8a4238e6ad..7d4a888805d 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerAgent.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerAgent.java
@@ -4,6 +4,7 @@
 
 import com.datadog.debugger.sink.DebuggerSink;
 import com.datadog.debugger.sink.Sink;
+import com.datadog.debugger.symbol.SymbolExtractionTransformer;
 import com.datadog.debugger.uploader.BatchUploader;
 import datadog.communication.ddagent.DDAgentFeaturesDiscovery;
 import datadog.communication.ddagent.SharedCommunicationObjects;
@@ -12,6 +13,7 @@
 import datadog.remoteconfig.SizeCheckedInputStream;
 import datadog.trace.api.Config;
 import datadog.trace.bootstrap.debugger.DebuggerContext;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -21,7 +23,6 @@
 import java.lang.ref.WeakReference;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.Objects;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -43,14 +44,11 @@ public static synchronized void run(
     log.info("Starting Dynamic Instrumentation");
     ClassesToRetransformFinder classesToRetransformFinder = new ClassesToRetransformFinder();
     setupSourceFileTracking(instrumentation, classesToRetransformFinder);
-    String finalDebuggerSnapshotUrl = config.getFinalDebuggerSnapshotUrl();
-    String agentUrl = config.getAgentUrl();
-    boolean isSnapshotUploadThroughAgent = Objects.equals(finalDebuggerSnapshotUrl, agentUrl);
-
+    Redaction.addUserDefinedKeywords(config);
+    Redaction.addUserDefinedTypes(config);
     DDAgentFeaturesDiscovery ddAgentFeaturesDiscovery = sco.featuresDiscovery(config);
     ddAgentFeaturesDiscovery.discoverIfOutdated();
     agentVersion = ddAgentFeaturesDiscovery.getVersion();
-
     DebuggerSink debuggerSink = new DebuggerSink(config);
     debuggerSink.start();
     ConfigurationUpdater configurationUpdater =
@@ -68,21 +66,18 @@ public static synchronized void run(
     DebuggerContext.initValueSerializer(snapshotSerializer);
     DebuggerContext.initTracer(new DebuggerTracer());
     if (config.isDebuggerInstrumentTheWorld()) {
-      setupInstrumentTheWorldTransformer(config, instrumentation, sink, statsdMetricForwarder);
+      setupInstrumentTheWorldTransformer(
+          config, instrumentation, debuggerSink, statsdMetricForwarder);
     }
-
     String probeFileLocation = config.getDebuggerProbeFileLocation();
-
     if (probeFileLocation != null) {
       Path probeFilePath = Paths.get(probeFileLocation);
       loadFromFile(probeFilePath, configurationUpdater, config.getDebuggerMaxPayloadSize());
       return;
     }
-
     configurationPoller = sco.configurationPoller(config);
     if (configurationPoller != null) {
       subscribeConfigurationPoller(config, configurationUpdater);
-
       try {
         /*
         Note: shutdown hooks are tricky because JVM holds reference for them forever preventing
@@ -97,6 +92,10 @@ public static synchronized void run(
     } else {
       log.debug("No configuration poller available from SharedCommunicationObjects");
     }
+    if (config.isDebuggerSymbolEnabled() && config.isDebuggerSymbolForceUpload()) {
+      instrumentation.addTransformer(
+          new SymbolExtractionTransformer(debuggerSink.getSymbolSink(), config));
+    }
   }
 
   private static void setupSourceFileTracking(
@@ -137,11 +136,11 @@ private static void subscribeConfigurationPoller(
   static ClassFileTransformer setupInstrumentTheWorldTransformer(
       Config config,
       Instrumentation instrumentation,
-      Sink sink,
+      DebuggerSink debuggerSink,
       StatsdMetricForwarder statsdMetricForwarder) {
     log.info("install Instrument-The-World transformer");
     DebuggerTransformer transformer =
-        createTransformer(config, Configuration.builder().build(), null);
+        createTransformer(config, Configuration.builder().build(), null, debuggerSink);
     DebuggerContext.init(transformer::instrumentTheWorldResolver, statsdMetricForwarder);
     instrumentation.addTransformer(transformer);
     return transformer;
@@ -158,8 +157,9 @@ public static Sink getSink() {
   private static DebuggerTransformer createTransformer(
       Config config,
       Configuration configuration,
-      DebuggerTransformer.InstrumentationListener listener) {
-    return new DebuggerTransformer(config, configuration, listener);
+      DebuggerTransformer.InstrumentationListener listener,
+      DebuggerSink debuggerSink) {
+    return new DebuggerTransformer(config, configuration, listener, debuggerSink);
   }
 
   static void stop() {
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTracer.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTracer.java
index 74c623a5726..11a18fdcaff 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTracer.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTracer.java
@@ -1,5 +1,7 @@
 package com.datadog.debugger.agent;
 
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.NOOP_TRACER;
+
 import datadog.trace.bootstrap.debugger.DebuggerContext;
 import datadog.trace.bootstrap.debugger.DebuggerSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
@@ -8,12 +10,12 @@
 import datadog.trace.bootstrap.instrumentation.api.ScopeSource;
 
 public class DebuggerTracer implements DebuggerContext.Tracer {
-  private static final String OPERATION_NAME = "dd.dynamic.span";
+  public static final String OPERATION_NAME = "dd.dynamic.span";
 
   @Override
   public DebuggerSpan createSpan(String resourceName, String[] tags) {
     AgentTracer.TracerAPI tracerAPI = AgentTracer.get();
-    if (tracerAPI == null) {
+    if (tracerAPI == null || tracerAPI == NOOP_TRACER) {
       return DebuggerSpan.NOOP_SPAN;
     }
     AgentSpan dynamicSpan =
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTransformer.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTransformer.java
index 4419a498f5b..fdf5430a19d 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTransformer.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerTransformer.java
@@ -7,12 +7,15 @@
 import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.probe.LogProbe;
 import com.datadog.debugger.probe.ProbeDefinition;
+import com.datadog.debugger.probe.SpanDecorationProbe;
 import com.datadog.debugger.probe.Where;
+import com.datadog.debugger.sink.DebuggerSink;
 import com.datadog.debugger.util.ExceptionHelper;
 import datadog.trace.agent.tooling.AgentStrategies;
 import datadog.trace.api.Config;
 import datadog.trace.bootstrap.debugger.ProbeId;
 import datadog.trace.bootstrap.debugger.ProbeImplementation;
+import datadog.trace.util.Strings;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -59,14 +62,16 @@
 public class DebuggerTransformer implements ClassFileTransformer {
   private static final Logger log = LoggerFactory.getLogger(DebuggerTransformer.class);
   private static final String CANNOT_FIND_METHOD = "Cannot find method %s::%s";
+  private static final String INSTRUMENTATION_FAILS = "Instrumentation fails for %s";
   private static final String CANNOT_FIND_LINE = "No executable code was found at %s:L%s";
   private static final Pattern COMMA_PATTERN = Pattern.compile(",");
 
   private final Config config;
-  private final TransformerDefinitionMatcher definitonMatcher;
+  private final TransformerDefinitionMatcher definitionMatcher;
   private final AllowListHelper allowListHelper;
   private final DenyListHelper denyListHelper;
   private final InstrumentationListener listener;
+  private final DebuggerSink debuggerSink;
   private final boolean instrumentTheWorld;
   private final Set<String> excludeClasses = new HashSet<>();
   private final Trie excludeTrie = new Trie();
@@ -77,12 +82,16 @@ public interface InstrumentationListener {
   }
 
   public DebuggerTransformer(
-      Config config, Configuration configuration, InstrumentationListener listener) {
+      Config config,
+      Configuration configuration,
+      InstrumentationListener listener,
+      DebuggerSink debuggerSink) {
     this.config = config;
-    this.definitonMatcher = new TransformerDefinitionMatcher(configuration);
+    this.definitionMatcher = new TransformerDefinitionMatcher(configuration);
     this.allowListHelper = new AllowListHelper(configuration.getAllowList());
     this.denyListHelper = new DenyListHelper(configuration.getDenyList());
     this.listener = listener;
+    this.debuggerSink = debuggerSink;
     this.instrumentTheWorld = config.isDebuggerInstrumentTheWorld();
     if (this.instrumentTheWorld) {
       instrumentTheWorldProbes = new ConcurrentHashMap<>();
@@ -92,8 +101,9 @@ public DebuggerTransformer(
     }
   }
 
-  public DebuggerTransformer(Config config, Configuration configuration) {
-    this(config, configuration, null);
+  // Used only for tests
+  DebuggerTransformer(Config config, Configuration configuration) {
+    this(config, configuration, null, new DebuggerSink(config));
   }
 
   private void readExcludeFiles(String commaSeparatedFileNames) {
@@ -140,10 +150,11 @@ public byte[] transform(
     if (skipInstrumentation(loader, classFilePath)) {
       return null;
     }
+    List<ProbeDefinition> definitions = Collections.emptyList();
+    String fullyQualifiedClassName = classFilePath.replace('/', '.');
     try {
-      String fullyQualifiedClassName = classFilePath.replace('/', '.');
-      List<ProbeDefinition> definitions =
-          definitonMatcher.match(
+      definitions =
+          definitionMatcher.match(
               classBeingRedefined, classFilePath, fullyQualifiedClassName, classfileBuffer);
       if (definitions.isEmpty()) {
         return null;
@@ -157,7 +168,7 @@ public byte[] transform(
       boolean transformed =
           performInstrumentation(loader, fullyQualifiedClassName, defByLocation, classNode);
       if (transformed) {
-        return writeClassFile(loader, classFilePath, classNode);
+        return writeClassFile(definitions, loader, classFilePath, classNode);
       }
       // This is an info log because in case of SourceFile definition and multiple top-level
       // classes, type may match, but there is one classfile per top-level class so source file
@@ -167,6 +178,7 @@ public byte[] transform(
           "type {} matched but no transformation for definitions: {}", classFilePath, definitions);
     } catch (Throwable ex) {
       log.warn("Cannot transform: ", ex);
+      reportInstrumentationFails(definitions, fullyQualifiedClassName);
     }
     return null;
   }
@@ -182,7 +194,7 @@ private Map<Where, List<ProbeDefinition>> mergeLocations(List<ProbeDefinition> d
   }
 
   private boolean skipInstrumentation(ClassLoader loader, String classFilePath) {
-    if (definitonMatcher.isEmpty()) {
+    if (definitionMatcher.isEmpty()) {
       log.warn("No debugger definitions present.");
       return true;
     }
@@ -246,7 +258,7 @@ private byte[] transformTheWorld(
       Map<Where, List<ProbeDefinition>> defByLocation = mergeLocations(probes);
       boolean transformed = performInstrumentation(loader, classFilePath, defByLocation, classNode);
       if (transformed) {
-        return writeClassFile(loader, classFilePath, classNode);
+        return writeClassFile(probes, loader, classFilePath, classNode);
       }
     } catch (Throwable ex) {
       log.warn("Cannot transform: ", ex);
@@ -318,17 +330,24 @@ private ClassNode parseClassFile(String classFilePath, byte[] classfileBuffer) {
     return classNode;
   }
 
-  private byte[] writeClassFile(ClassLoader loader, String classFilePath, ClassNode classNode) {
+  private byte[] writeClassFile(
+      List<ProbeDefinition> definitions,
+      ClassLoader loader,
+      String classFilePath,
+      ClassNode classNode) {
     if (classNode.version < Opcodes.V1_8) {
       // Class file version must be at least 1.8 (52)
       classNode.version = Opcodes.V1_8;
     }
     ClassWriter writer = new SafeClassWriter(loader);
-    log.debug("Generating bytecode for class: {}", classFilePath.replace('/', '.'));
+
+    log.debug("Generating bytecode for class: {}", Strings.getClassName(classFilePath));
     try {
       classNode.accept(writer);
     } catch (Throwable t) {
-      log.error("Cannot write classfile for class: {}", classFilePath, t);
+      log.error("Cannot write classfile for class: {} Exception: ", classFilePath, t);
+      reportInstrumentationFails(definitions, Strings.getClassName(classFilePath));
+      return null;
     }
     byte[] data = writer.toByteArray();
     dumpInstrumentedClassFile(classFilePath, data);
@@ -337,33 +356,34 @@ private byte[] writeClassFile(ClassLoader loader, String classFilePath, ClassNod
   }
 
   private void verifyByteCode(String classFilePath, byte[] classFile) {
-    if (config.isDebuggerVerifyByteCode()) {
-      StringWriter stringWriter = new StringWriter();
-      PrintWriter printWriter = new PrintWriter(stringWriter);
-      ClassReader classReader = new ClassReader(classFile);
-      ClassNode classNode = new ClassNode();
-      classReader.accept(
-          new CheckClassAdapter(Opcodes.ASM7, classNode, false) {}, ClassReader.SKIP_DEBUG);
-      List<MethodNode> methods = classNode.methods;
-      for (MethodNode method : methods) {
-        BasicVerifier verifier = new BasicVerifier();
-        Analyzer<BasicValue> analyzer = new Analyzer<>(verifier);
-        try {
-          analyzer.analyze(classNode.name, method);
-        } catch (AnalyzerException e) {
-          printWriter.printf(
-              "Error analyzing method '%s.%s%s':%n", classNode.name, method.name, method.desc);
-          e.printStackTrace(printWriter);
-        }
-      }
-      printWriter.flush();
-      String result = stringWriter.toString();
-      if (!result.isEmpty()) {
-        log.warn("Verification of instrumented class {} failed", classFilePath);
-        log.debug("Verify result: {}", stringWriter);
-        throw new RuntimeException("Generated bydecode is invalid for " + classFilePath);
+    if (!config.isDebuggerVerifyByteCode()) {
+      return;
+    }
+    StringWriter stringWriter = new StringWriter();
+    PrintWriter printWriter = new PrintWriter(stringWriter);
+    ClassReader classReader = new ClassReader(classFile);
+    ClassNode classNode = new ClassNode();
+    classReader.accept(
+        new CheckClassAdapter(Opcodes.ASM7, classNode, false) {}, ClassReader.SKIP_DEBUG);
+    List<MethodNode> methods = classNode.methods;
+    for (MethodNode method : methods) {
+      BasicVerifier verifier = new BasicVerifier();
+      Analyzer<BasicValue> analyzer = new Analyzer<>(verifier);
+      try {
+        analyzer.analyze(classNode.name, method);
+      } catch (AnalyzerException e) {
+        printWriter.printf(
+            "Error analyzing method '%s.%s%s':%n", classNode.name, method.name, method.desc);
+        e.printStackTrace(printWriter);
       }
     }
+    printWriter.flush();
+    String result = stringWriter.toString();
+    if (!result.isEmpty()) {
+      log.warn("Verification of instrumented class {} failed", classFilePath);
+      log.debug("Verify result: {}", stringWriter);
+      throw new RuntimeException("Generated bydecode is invalid for " + classFilePath);
+    }
   }
 
   private boolean performInstrumentation(
@@ -403,43 +423,61 @@ private boolean performInstrumentation(
         InstrumentationResult result =
             applyInstrumentation(loader, classNode, definitions, methodNode);
         transformed |= result.isInstalled();
-        for (ProbeDefinition definition : definitions) {
-          definition.buildLocation(result);
-          if (listener != null) {
-            listener.instrumentationResult(definition, result);
-          }
-          List<DiagnosticMessage> diagnosticMessages =
-              result.getDiagnostics().get(definition.getProbeId());
-          if (!result.getDiagnostics().isEmpty()) {
-            DebuggerAgent.getSink().addDiagnostics(definition.getProbeId(), diagnosticMessages);
-          }
-        }
+        handleInstrumentationResult(definitions, result);
       }
     }
     return transformed;
   }
 
+  private void handleInstrumentationResult(
+      List<ProbeDefinition> definitions, InstrumentationResult result) {
+    for (ProbeDefinition definition : definitions) {
+      definition.buildLocation(result);
+      if (listener != null) {
+        listener.instrumentationResult(definition, result);
+      }
+      List<DiagnosticMessage> diagnosticMessages =
+          result.getDiagnostics().get(definition.getProbeId());
+      if (!result.getDiagnostics().isEmpty()) {
+        addDiagnostics(definition, diagnosticMessages);
+      }
+      if (result.isInstalled()) {
+        debuggerSink.addInstalled(definition.getProbeId());
+      } else if (result.isBlocked()) {
+        debuggerSink.addBlocked(definition.getProbeId());
+      }
+    }
+  }
+
   private void reportLocationNotFound(
       List<ProbeDefinition> definitions, String className, String methodName) {
-    String format;
-    String location;
     if (methodName != null) {
-      format = CANNOT_FIND_METHOD;
-      location = methodName;
-    } else {
-      // This is a line probe, so we don't report line not found because the line may be found later
-      // on a separate class files because probe was set on an inner/top-level class
+      reportErrorForAllProbes(definitions, CANNOT_FIND_METHOD, className, methodName);
       return;
     }
+    // This is a line probe, so we don't report line not found because the line may be found later
+    // on a separate class files because probe was set on an inner/top-level class
+  }
+
+  private void reportInstrumentationFails(List<ProbeDefinition> definitions, String className) {
+    reportErrorForAllProbes(definitions, INSTRUMENTATION_FAILS, className, null);
+  }
+
+  private void reportErrorForAllProbes(
+      List<ProbeDefinition> definitions, String format, String className, String location) {
     String msg = String.format(format, className, location);
     DiagnosticMessage diagnosticMessage = new DiagnosticMessage(DiagnosticMessage.Kind.ERROR, msg);
     for (ProbeDefinition definition : definitions) {
-      DebuggerAgent.getSink()
-          .addDiagnostics(definition.getProbeId(), singletonList(diagnosticMessage));
-      log.debug("{} for definition: {}", msg, definition);
+      addDiagnostics(definition, singletonList(diagnosticMessage));
     }
   }
 
+  private void addDiagnostics(
+      ProbeDefinition definition, List<DiagnosticMessage> diagnosticMessages) {
+    debuggerSink.addDiagnostics(definition.getProbeId(), diagnosticMessages);
+    log.debug("Diagnostic messages for definition[{}]: {}", definition, diagnosticMessages);
+  }
+
   private void notifyBlockedDefinitions(
       List<ProbeDefinition> definitions, InstrumentationResult result) {
     if (listener != null) {
@@ -461,21 +499,26 @@ private InstrumentationResult applyInstrumentation(
         preCheckInstrumentation(diagnostics, classLoader, methodNode);
     if (status != InstrumentationResult.Status.ERROR) {
       try {
-        List<ProbeDefinition> logProbes = new ArrayList<>();
+        List<ProbeDefinition> capturedContextProbes = new ArrayList<>();
         for (ProbeDefinition definition : definitions) {
-          if (definition instanceof LogProbe) {
-            logProbes.add(definition);
+          // Log and span decoration probe shared the same instrumentor: CaptureContextInstrumentor
+          // and therefore need to be instrumented once
+          if (definition instanceof LogProbe || definition instanceof SpanDecorationProbe) {
+            capturedContextProbes.add(definition);
           } else {
             List<DiagnosticMessage> probeDiagnostics = diagnostics.get(definition.getProbeId());
-            definition.instrument(classLoader, classNode, methodNode, probeDiagnostics);
+            status = definition.instrument(classLoader, classNode, methodNode, probeDiagnostics);
           }
         }
-        if (logProbes.size() > 0) {
-          List<String> probesIds = logProbes.stream().map(ProbeDefinition::getId).collect(toList());
-          List<DiagnosticMessage> probeDiagnostics = diagnostics.get(logProbes.get(0).getProbeId());
-          logProbes
-              .get(0)
-              .instrument(classLoader, classNode, methodNode, probeDiagnostics, probesIds);
+        if (capturedContextProbes.size() > 0) {
+          List<String> probesIds =
+              capturedContextProbes.stream().map(ProbeDefinition::getId).collect(toList());
+          ProbeDefinition referenceDefinition = selectReferenceDefinition(capturedContextProbes);
+          List<DiagnosticMessage> probeDiagnostics =
+              diagnostics.get(referenceDefinition.getProbeId());
+          status =
+              referenceDefinition.instrument(
+                  classLoader, classNode, methodNode, probeDiagnostics, probesIds);
         }
       } catch (Throwable t) {
         log.warn("Exception during instrumentation: ", t);
@@ -487,6 +530,20 @@ private InstrumentationResult applyInstrumentation(
     return new InstrumentationResult(status, diagnostics, classNode, methodNode);
   }
 
+  // Log & Span Decoration probes share the same instrumentor so only one definition should be
+  // selected to
+  // generate the instrumentation. Log probes needs capture limits provided by the configuration
+  // so if the list of definition contains at least 1 log probe this is the log probe that need to
+  // be picked.
+  // TODO: handle the conflicting limits for log probes + mixing CaptureSnapshot or not
+  private ProbeDefinition selectReferenceDefinition(List<ProbeDefinition> capturedContextProbes) {
+    ProbeDefinition first = capturedContextProbes.get(0);
+    return capturedContextProbes.stream()
+        .filter(it -> it instanceof LogProbe)
+        .findFirst()
+        .orElse(first);
+  }
+
   private InstrumentationResult.Status preCheckInstrumentation(
       Map<ProbeId, List<DiagnosticMessage>> diagnostics,
       ClassLoader classLoader,
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DenyListHelper.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DenyListHelper.java
index daa443cbb78..030e1eae124 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DenyListHelper.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DenyListHelper.java
@@ -1,6 +1,7 @@
 package com.datadog.debugger.agent;
 
 import datadog.trace.bootstrap.debugger.DebuggerContext;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import datadog.trace.util.ClassNameTrie;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -21,6 +22,8 @@ public class DenyListHelper implements DebuggerContext.ClassFilter {
   public DenyListHelper(Configuration.FilterList denyList) {
     Collection<String> packages = new ArrayList<>(DENIED_PACKAGES);
     Collection<String> classes = new ArrayList<>(DENIED_CLASSES);
+    packages.addAll(Redaction.getRedactedPackages());
+    classes.addAll(Redaction.getRedactedClasses());
     if (denyList != null) {
       packages.addAll(denyList.getPackagePrefixes());
       classes.addAll(denyList.getClasses());
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/JsonSnapshotSerializer.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/JsonSnapshotSerializer.java
index 5708b3ceb75..f2627d581eb 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/JsonSnapshotSerializer.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/JsonSnapshotSerializer.java
@@ -45,14 +45,14 @@ private void handleDuration(Snapshot snapshot, IntakeRequest request) {
   }
 
   private void handleCorrelationFields(Snapshot snapshot, IntakeRequest request) {
+    request.traceId = snapshot.getTraceId();
+    request.spanId = snapshot.getSpanId();
     CapturedContext entry = snapshot.getCaptures().getEntry();
     if (entry != null) {
-      addTraceSpanId(entry, request);
       removeTraceSpanId(entry);
     }
     if (snapshot.getCaptures().getLines() != null) {
       for (CapturedContext context : snapshot.getCaptures().getLines().values()) {
-        addTraceSpanId(context, request);
         removeTraceSpanId(context);
       }
     }
@@ -71,11 +71,6 @@ private void removeTraceSpanId(CapturedContext context) {
     fields.remove(DD_SPAN_ID);
   }
 
-  private void addTraceSpanId(CapturedContext context, IntakeRequest request) {
-    request.traceId = context.getTraceId();
-    request.spanId = context.getSpanId();
-  }
-
   public static class IntakeRequest {
     private final String service;
     private final DebuggerIntakeRequestData debugger;
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/LogMessageTemplateBuilder.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/LogMessageTemplateBuilder.java
index 4554630e8eb..6b314725870 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/LogMessageTemplateBuilder.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/LogMessageTemplateBuilder.java
@@ -3,11 +3,13 @@
 import static com.datadog.debugger.util.ValueScriptHelper.serializeValue;
 
 import com.datadog.debugger.el.EvaluationException;
+import com.datadog.debugger.el.RedactedException;
 import com.datadog.debugger.el.Value;
 import com.datadog.debugger.el.ValueScript;
 import com.datadog.debugger.probe.LogProbe;
 import datadog.trace.bootstrap.debugger.CapturedContext;
 import datadog.trace.bootstrap.debugger.EvaluationError;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import java.util.List;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -49,7 +51,9 @@ public String evaluate(CapturedContext context, LogProbe.LogStatus status) {
             LOGGER.debug("Evaluation error: ", ex);
             status.addError(new EvaluationError(ex.getExpr(), ex.getMessage()));
             status.setLogTemplateErrors(true);
-            sb.append("{").append(ex.getMessage()).append("}");
+            String msg =
+                ex instanceof RedactedException ? Redaction.REDACTED_VALUE : ex.getMessage();
+            sb.append("{").append(msg).append("}");
           }
         }
       }
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/ASMHelper.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/ASMHelper.java
index 3edb9a464f0..eb32212e0fc 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/ASMHelper.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/ASMHelper.java
@@ -9,6 +9,7 @@
 import java.lang.reflect.Modifier;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.Comparator;
 import java.util.List;
 import java.util.stream.Collectors;
 import org.objectweb.asm.Opcodes;
@@ -20,6 +21,7 @@
 import org.objectweb.asm.tree.InsnList;
 import org.objectweb.asm.tree.InsnNode;
 import org.objectweb.asm.tree.LdcInsnNode;
+import org.objectweb.asm.tree.LocalVariableNode;
 import org.objectweb.asm.tree.MethodInsnNode;
 import org.objectweb.asm.tree.TypeInsnNode;
 
@@ -203,6 +205,43 @@ private static String getReflectiveMethodName(int sort) {
     }
   }
 
+  public static List<LocalVariableNode> sortLocalVariables(List<LocalVariableNode> localVariables) {
+    List<LocalVariableNode> sortedLocalVars = new ArrayList<>(localVariables);
+    sortedLocalVars.sort(Comparator.comparingInt(o -> o.index));
+    return sortedLocalVars;
+  }
+
+  public static LocalVariableNode[] createLocalVarNodes(List<LocalVariableNode> sortedLocalVars) {
+    int maxIndex = sortedLocalVars.get(sortedLocalVars.size() - 1).index;
+    LocalVariableNode[] localVars = new LocalVariableNode[maxIndex + 1];
+    for (LocalVariableNode localVariableNode : sortedLocalVars) {
+      localVars[localVariableNode.index] = localVariableNode;
+    }
+    return localVars;
+  }
+
+  public static void adjustLocalVarsBasedOnArgs(
+      boolean isStatic,
+      LocalVariableNode[] localVars,
+      org.objectweb.asm.Type[] argTypes,
+      List<LocalVariableNode> sortedLocalVars) {
+    // assume that first local variables matches method arguments
+    // as stated into the JVM spec:
+    // https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-2.html#jvms-2.6.1
+    // so we reassigned local var in arg slots if they are empty
+    if (argTypes.length < localVars.length) {
+      int slot = isStatic ? 0 : 1;
+      int localVarTableIdx = slot;
+      for (org.objectweb.asm.Type t : argTypes) {
+        if (localVars[slot] == null && localVarTableIdx < sortedLocalVars.size()) {
+          localVars[slot] = sortedLocalVars.get(localVarTableIdx);
+        }
+        slot += t.getSize();
+        localVarTableIdx++;
+      }
+    }
+  }
+
   /** Wraps ASM's {@link org.objectweb.asm.Type} with associated generic types */
   public static class Type {
     private final org.objectweb.asm.Type mainType;
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/CapturedContextInstrumentor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/CapturedContextInstrumentor.java
index 6b810377e25..f728e14eb30 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/CapturedContextInstrumentor.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/CapturedContextInstrumentor.java
@@ -78,17 +78,21 @@ public CapturedContextInstrumentor(
   }
 
   @Override
-  public void instrument() {
+  public InstrumentationResult.Status instrument() {
     if (isLineProbe) {
       fillLineMap();
-      addLineCaptures(lineMap);
-    } else {
-      instrumentMethodEnter();
-      instrumentTryCatchHandlers();
-      processInstructions();
-      addFinallyHandler(returnHandlerLabel);
+      if (!addLineCaptures(lineMap)) {
+        return InstrumentationResult.Status.ERROR;
+      }
+      installFinallyBlocks();
+      return InstrumentationResult.Status.INSTALLED;
     }
+    instrumentMethodEnter();
+    instrumentTryCatchHandlers();
+    processInstructions();
+    addFinallyHandler(returnHandlerLabel);
     installFinallyBlocks();
+    return InstrumentationResult.Status.INSTALLED;
   }
 
   private void installFinallyBlocks() {
@@ -99,15 +103,15 @@ private void installFinallyBlocks() {
     }
   }
 
-  private void addLineCaptures(LineMap lineMap) {
+  private boolean addLineCaptures(LineMap lineMap) {
     Where.SourceLine[] targetLines = definition.getWhere().getSourceLines();
     if (targetLines == null) {
-      // no line capture to perform
-      return;
+      reportError("Missing line(s) in probe definition.");
+      return false;
     }
     if (lineMap.isEmpty()) {
       reportError("Missing line debug information.");
-      return;
+      return false;
     }
     for (Where.SourceLine sourceLine : targetLines) {
       int from = sourceLine.getFrom();
@@ -123,6 +127,8 @@ private void addLineCaptures(LineMap lineMap) {
       }
       if (beforeLabel != null) {
         InsnList insnList = new InsnList();
+        ldc(insnList, Type.getObjectType(classNode.name));
+        // stack [class, array]
         pushProbesIds(insnList);
         // stack [array]
         invokeStatic(
@@ -130,6 +136,7 @@ private void addLineCaptures(LineMap lineMap) {
             DEBUGGER_CONTEXT_TYPE,
             "isReadyToCapture",
             Type.BOOLEAN_TYPE,
+            CLASS_TYPE,
             STRING_ARRAY_TYPE);
         // stack [boolean]
         LabelNode targetNode = new LabelNode();
@@ -167,6 +174,7 @@ private void addLineCaptures(LineMap lineMap) {
         methodNode.instructions.insert(afterLabel, insnList);
       }
     }
+    return true;
   }
 
   @Override
@@ -309,10 +317,17 @@ private void instrumentMethodEnter() {
       methodNode.instructions.insert(methodEnterLabel, insnList);
       return;
     }
+    ldc(insnList, Type.getObjectType(classNode.name));
+    // stack [class]
     pushProbesIds(insnList);
-    // stack [array]
+    // stack [class, array]
     invokeStatic(
-        insnList, DEBUGGER_CONTEXT_TYPE, "isReadyToCapture", Type.BOOLEAN_TYPE, STRING_ARRAY_TYPE);
+        insnList,
+        DEBUGGER_CONTEXT_TYPE,
+        "isReadyToCapture",
+        Type.BOOLEAN_TYPE,
+        CLASS_TYPE,
+        STRING_ARRAY_TYPE);
     // stack [boolean]
     LabelNode targetNode = new LabelNode();
     LabelNode gotoNode = new LabelNode();
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/InstrumentationResult.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/InstrumentationResult.java
index a752a11d75b..134a542abd5 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/InstrumentationResult.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/InstrumentationResult.java
@@ -56,6 +56,10 @@ public InstrumentationResult(
     this.methodName = methodName;
   }
 
+  public boolean isError() {
+    return status == Status.ERROR;
+  }
+
   public boolean isBlocked() {
     return status == Status.BLOCKED;
   }
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/Instrumentor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/Instrumentor.java
index cdd6a02ec18..cda1012b299 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/Instrumentor.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/Instrumentor.java
@@ -1,14 +1,15 @@
 package com.datadog.debugger.instrumentation;
 
+import static com.datadog.debugger.instrumentation.ASMHelper.adjustLocalVarsBasedOnArgs;
+import static com.datadog.debugger.instrumentation.ASMHelper.createLocalVarNodes;
 import static com.datadog.debugger.instrumentation.ASMHelper.ldc;
+import static com.datadog.debugger.instrumentation.ASMHelper.sortLocalVariables;
 import static com.datadog.debugger.instrumentation.Types.STRING_TYPE;
 
 import com.datadog.debugger.instrumentation.DiagnosticMessage.Kind;
 import com.datadog.debugger.probe.ProbeDefinition;
 import com.datadog.debugger.probe.Where;
-import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Comparator;
 import java.util.List;
 import org.objectweb.asm.Opcodes;
 import org.objectweb.asm.Type;
@@ -69,35 +70,16 @@ public Instrumentor(
     localVarsBySlot = extractLocalVariables(argTypes);
   }
 
-  public abstract void instrument();
+  public abstract InstrumentationResult.Status instrument();
 
   private LocalVariableNode[] extractLocalVariables(Type[] argTypes) {
     if (methodNode.localVariables == null || methodNode.localVariables.isEmpty()) {
       return new LocalVariableNode[0];
     }
-    List<LocalVariableNode> sortedLocalVars = new ArrayList<>(methodNode.localVariables);
-    sortedLocalVars.sort(Comparator.comparingInt(o -> o.index));
-    int maxIndex = sortedLocalVars.get(sortedLocalVars.size() - 1).index;
-    LocalVariableNode[] localVars = new LocalVariableNode[maxIndex + 1];
+    List<LocalVariableNode> sortedLocalVars = sortLocalVariables(methodNode.localVariables);
+    LocalVariableNode[] localVars = createLocalVarNodes(sortedLocalVars);
+    adjustLocalVarsBasedOnArgs(isStatic, localVars, argTypes, sortedLocalVars);
     localVarBaseOffset = sortedLocalVars.get(0).index;
-    for (LocalVariableNode localVariableNode : sortedLocalVars) {
-      localVars[localVariableNode.index] = localVariableNode;
-    }
-    // assume that first local variables matches method arguments
-    // as stated into the JVM spec:
-    // https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-2.html#jvms-2.6.1
-    // so we reassigned local var in arg slots if they are empty
-    if (argTypes.length < localVars.length) {
-      int slot = isStatic ? 0 : 1;
-      int localVarTableIdx = slot;
-      for (Type t : argTypes) {
-        if (localVars[slot] == null && localVarTableIdx < sortedLocalVars.size()) {
-          localVars[slot] = sortedLocalVars.get(localVarTableIdx);
-        }
-        slot += t.getSize();
-        localVarTableIdx++;
-      }
-    }
     return localVars;
   }
 
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/LogInstrumentor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/LogInstrumentor.java
deleted file mode 100644
index 7b234703b3b..00000000000
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/LogInstrumentor.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package com.datadog.debugger.instrumentation;
-
-import static com.datadog.debugger.probe.LogProbe.Capture.toLimits;
-
-import com.datadog.debugger.probe.LogProbe;
-import java.util.List;
-import org.objectweb.asm.tree.ClassNode;
-import org.objectweb.asm.tree.MethodNode;
-
-/** Handles generating instrumentation for snapshot/log method & line probes */
-public final class LogInstrumentor extends CapturedContextInstrumentor {
-  private final LogProbe.Capture capture;
-
-  public LogInstrumentor(
-      LogProbe logProbe,
-      ClassLoader classLoader,
-      ClassNode classNode,
-      MethodNode methodNode,
-      List<DiagnosticMessage> diagnostics,
-      List<String> probeIds) {
-    super(
-        logProbe,
-        classLoader,
-        classNode,
-        methodNode,
-        diagnostics,
-        probeIds,
-        logProbe.isCaptureSnapshot(),
-        toLimits(logProbe.getCapture()));
-    this.capture = logProbe.getCapture();
-  }
-
-  @Override
-  public void instrument() {
-    super.instrument();
-  }
-}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/MetricInstrumentor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/MetricInstrumentor.java
index ae944a4bc6f..38642365cc4 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/MetricInstrumentor.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/MetricInstrumentor.java
@@ -89,29 +89,29 @@ public MetricInstrumentor(
   }
 
   @Override
-  public void instrument() {
+  public InstrumentationResult.Status instrument() {
     if (isLineProbe) {
       fillLineMap();
-      addLineMetric(lineMap);
-    } else {
-      switch (definition.getEvaluateAt()) {
-        case ENTRY:
-        case DEFAULT:
-          {
-            InsnList insnList = wrapTryCatch(callMetric(metricProbe));
-            methodNode.instructions.insert(methodEnterLabel, insnList);
-            break;
-          }
-        case EXIT:
-          {
-            processInstructions();
-            break;
-          }
-        default:
-          throw new IllegalArgumentException(
-              "Invalid evaluateAt attribute: " + definition.getEvaluateAt());
-      }
+      return addLineMetric(lineMap);
+    }
+    switch (definition.getEvaluateAt()) {
+      case ENTRY:
+      case DEFAULT:
+        {
+          InsnList insnList = wrapTryCatch(callMetric(metricProbe));
+          methodNode.instructions.insert(methodEnterLabel, insnList);
+          break;
+        }
+      case EXIT:
+        {
+          processInstructions();
+          break;
+        }
+      default:
+        throw new IllegalArgumentException(
+            "Invalid evaluateAt attribute: " + definition.getEvaluateAt());
     }
+    return InstrumentationResult.Status.INSTALLED;
   }
 
   private InsnList wrapTryCatch(InsnList insnList) {
@@ -287,15 +287,15 @@ private InsnList callMetric(MetricProbe metricProbe) {
     return null;
   }
 
-  private void addLineMetric(LineMap lineMap) {
+  private InstrumentationResult.Status addLineMetric(LineMap lineMap) {
     Where.SourceLine[] targetLines = metricProbe.getWhere().getSourceLines();
     if (targetLines == null) {
-      // no line capture to perform
-      return;
+      reportError("Missing line(s) in probe definition.");
+      return InstrumentationResult.Status.ERROR;
     }
     if (lineMap.isEmpty()) {
       reportError("Missing line debug information.");
-      return;
+      return InstrumentationResult.Status.ERROR;
     }
     for (Where.SourceLine sourceLine : targetLines) {
       int from = sourceLine.getFrom();
@@ -316,6 +316,7 @@ private void addLineMetric(LineMap lineMap) {
         methodNode.instructions.insert(afterLabel, insnList);
       }
     }
+    return InstrumentationResult.Status.INSTALLED;
   }
 
   private static class VisitorResult {
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanDecorationInstrumentor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanDecorationInstrumentor.java
deleted file mode 100644
index 2c1722a9722..00000000000
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanDecorationInstrumentor.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package com.datadog.debugger.instrumentation;
-
-import com.datadog.debugger.probe.SpanDecorationProbe;
-import datadog.trace.bootstrap.debugger.Limits;
-import java.util.List;
-import org.objectweb.asm.tree.ClassNode;
-import org.objectweb.asm.tree.MethodNode;
-
-public class SpanDecorationInstrumentor extends CapturedContextInstrumentor {
-  public SpanDecorationInstrumentor(
-      SpanDecorationProbe probe,
-      ClassLoader classLoader,
-      ClassNode classNode,
-      MethodNode methodNode,
-      List<DiagnosticMessage> diagnostics,
-      List<String> probeIds) {
-    super(probe, classLoader, classNode, methodNode, diagnostics, probeIds, false, Limits.DEFAULT);
-  }
-
-  @Override
-  public void instrument() {
-    super.instrument();
-  }
-}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanInstrumentor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanInstrumentor.java
index b1083fbd0f1..773ea79cf4e 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanInstrumentor.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/instrumentation/SpanInstrumentor.java
@@ -36,25 +36,24 @@ public SpanInstrumentor(
   }
 
   @Override
-  public void instrument() {
+  public InstrumentationResult.Status instrument() {
     if (isLineProbe) {
       fillLineMap();
-      addRangeSpan(lineMap);
-    } else {
-      spanVar = newVar(DEBUGGER_SPAN_TYPE);
-      processInstructions();
-      LabelNode initSpanLabel = new LabelNode();
-      InsnList insnList = createSpan(initSpanLabel);
-      LabelNode endLabel = new LabelNode();
-      methodNode.instructions.insert(methodNode.instructions.getLast(), endLabel);
-
-      LabelNode handlerLabel = new LabelNode();
-      InsnList handler = createCatchHandler(handlerLabel);
-      methodNode.instructions.add(handler);
-      methodNode.tryCatchBlocks.add(
-          new TryCatchBlockNode(initSpanLabel, endLabel, handlerLabel, null));
-      methodNode.instructions.insert(methodEnterLabel, insnList);
+      return addRangeSpan(lineMap);
     }
+    spanVar = newVar(DEBUGGER_SPAN_TYPE);
+    processInstructions();
+    LabelNode initSpanLabel = new LabelNode();
+    InsnList insnList = createSpan(initSpanLabel);
+    LabelNode endLabel = new LabelNode();
+    methodNode.instructions.insert(methodNode.instructions.getLast(), endLabel);
+    LabelNode handlerLabel = new LabelNode();
+    InsnList handler = createCatchHandler(handlerLabel);
+    methodNode.instructions.add(handler);
+    methodNode.tryCatchBlocks.add(
+        new TryCatchBlockNode(initSpanLabel, endLabel, handlerLabel, null));
+    methodNode.instructions.insert(methodEnterLabel, insnList);
+    return InstrumentationResult.Status.INSTALLED;
   }
 
   private InsnList createCatchHandler(LabelNode handlerLabel) {
@@ -94,25 +93,29 @@ private InsnList createSpan(LabelNode initSpanLabel) {
     return insnList;
   }
 
-  private void addRangeSpan(LineMap lineMap) {
+  private InstrumentationResult.Status addRangeSpan(LineMap lineMap) {
     Where.SourceLine[] targetLines = definition.getWhere().getSourceLines();
     if (targetLines == null || targetLines.length == 0) {
-      // no line capture to perform
-      return;
+      reportError("Missing line(s) in probe definition.");
+      return InstrumentationResult.Status.ERROR;
     }
     if (lineMap.isEmpty()) {
       reportError("Missing line debug information.");
-      return;
+      return InstrumentationResult.Status.ERROR;
     }
     for (Where.SourceLine sourceLine : targetLines) {
       int from = sourceLine.getFrom();
       int till = sourceLine.getTill();
+      if (from == till) {
+        reportError("Single line span is not supported, you need to provide a range.");
+        return InstrumentationResult.Status.ERROR;
+      }
       LabelNode beforeLabel = lineMap.getLineLabel(from);
       LabelNode afterLabel = lineMap.getLineLabel(till);
       if (beforeLabel == null || afterLabel == null) {
         reportError(
             "No line info for " + (sourceLine.isSingleLine() ? "line " : "range ") + sourceLine);
-        return;
+        return InstrumentationResult.Status.ERROR;
       }
       spanVar = newVar(DEBUGGER_SPAN_TYPE);
       LabelNode initSpanLabel = new LabelNode();
@@ -127,6 +130,7 @@ private void addRangeSpan(LineMap lineMap) {
       debuggerSpanFinish(finishSpanInsnList);
       methodNode.instructions.insert(afterLabel, finishSpanInsnList);
     }
+    return InstrumentationResult.Status.INSTALLED;
   }
 
   @Override
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/LogProbe.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/LogProbe.java
index 1ee64681b59..acb71fa7f50 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/LogProbe.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/LogProbe.java
@@ -1,13 +1,16 @@
 package com.datadog.debugger.probe;
 
+import static com.datadog.debugger.probe.LogProbe.Capture.toLimits;
+
 import com.datadog.debugger.agent.DebuggerAgent;
 import com.datadog.debugger.agent.Generated;
 import com.datadog.debugger.agent.LogMessageTemplateBuilder;
 import com.datadog.debugger.el.EvaluationException;
 import com.datadog.debugger.el.ProbeCondition;
 import com.datadog.debugger.el.ValueScript;
+import com.datadog.debugger.instrumentation.CapturedContextInstrumentor;
 import com.datadog.debugger.instrumentation.DiagnosticMessage;
-import com.datadog.debugger.instrumentation.LogInstrumentor;
+import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.sink.Sink;
 import com.datadog.debugger.sink.Snapshot;
 import com.squareup.moshi.Json;
@@ -341,22 +344,36 @@ public Sampling getSampling() {
   }
 
   @Override
-  public void instrument(
+  public InstrumentationResult.Status instrument(
       ClassLoader classLoader,
       ClassNode classNode,
       MethodNode methodNode,
       List<DiagnosticMessage> diagnostics,
       List<String> probeIds) {
-    new LogInstrumentor(this, classLoader, classNode, methodNode, diagnostics, probeIds)
+    return new CapturedContextInstrumentor(
+            this,
+            classLoader,
+            classNode,
+            methodNode,
+            diagnostics,
+            probeIds,
+            isCaptureSnapshot(),
+            toLimits(getCapture()))
         .instrument();
   }
 
   @Override
-  public void evaluate(CapturedContext context, CapturedContext.Status status) {
+  public void evaluate(
+      CapturedContext context, CapturedContext.Status status, MethodLocation methodLocation) {
     if (!(status instanceof LogStatus)) {
       throw new IllegalStateException("Invalid status: " + status.getClass());
     }
+
     LogStatus logStatus = (LogStatus) status;
+    if (!hasCondition()) {
+      // sample when no condition associated
+      sample(logStatus, methodLocation);
+    }
     logStatus.setCondition(evaluateCondition(context, logStatus));
     CapturedContext.CapturedThrowable throwable = context.getThrowable();
     if (logStatus.hasConditionErrors() && throwable != null) {
@@ -364,12 +381,29 @@ public void evaluate(CapturedContext context, CapturedContext.Status status) {
           new EvaluationError(
               "uncaught exception", throwable.getType() + ": " + throwable.getMessage()));
     }
-    if (logStatus.getCondition()) {
+    if (hasCondition() && logStatus.getCondition()) {
+      // sample if probe has condition and condition is true
+      sample(logStatus, methodLocation);
+    }
+    if (logStatus.isSampled() && logStatus.getCondition()) {
       LogMessageTemplateBuilder logMessageBuilder = new LogMessageTemplateBuilder(segments);
       logStatus.setMessage(logMessageBuilder.evaluate(context, logStatus));
     }
   }
 
+  private void sample(LogStatus logStatus, MethodLocation methodLocation) {
+    // sample only once and when we need to evaluate
+    if (!MethodLocation.isSame(methodLocation, evaluateAt)) {
+      return;
+    }
+    boolean sampled = ProbeRateLimiter.tryProbe(id);
+    logStatus.setSampled(sampled);
+    if (!sampled) {
+      LOGGER.debug("{} not sampled!", id);
+      DebuggerAgent.getSink().skipSnapshot(id, DebuggerContext.SkipCause.RATE);
+    }
+  }
+
   private boolean evaluateCondition(CapturedContext capture, LogStatus status) {
     if (probeCondition == null) {
       return true;
@@ -399,13 +433,19 @@ public void commit(
     LogStatus entryStatus = convertStatus(entryContext.getStatus(id));
     LogStatus exitStatus = convertStatus(exitContext.getStatus(id));
     String message = null;
+    String traceId = null;
+    String spanId = null;
     switch (evaluateAt) {
       case ENTRY:
       case DEFAULT:
         message = entryStatus.getMessage();
+        traceId = entryContext.getTraceId();
+        spanId = entryContext.getSpanId();
         break;
       case EXIT:
         message = exitStatus.getMessage();
+        traceId = exitContext.getTraceId();
+        spanId = exitContext.getSpanId();
         break;
     }
     Sink sink = DebuggerAgent.getSink();
@@ -413,13 +453,8 @@ public void commit(
     int maxDepth = capture != null ? capture.maxReferenceDepth : -1;
     Snapshot snapshot = new Snapshot(Thread.currentThread(), this, maxDepth);
     if (entryStatus.shouldSend() && exitStatus.shouldSend()) {
-      // only rate limit if a condition is defined
-      if (probeCondition != null) {
-        if (!ProbeRateLimiter.tryProbe(id)) {
-          sink.skipSnapshot(id, DebuggerContext.SkipCause.RATE);
-          return;
-        }
-      }
+      snapshot.setTraceId(traceId);
+      snapshot.setSpanId(spanId);
       if (isCaptureSnapshot()) {
         snapshot.setEntry(entryContext);
         snapshot.setExit(exitContext);
@@ -487,13 +522,8 @@ public void commit(CapturedContext lineContext, int line) {
     Snapshot snapshot = new Snapshot(Thread.currentThread(), this, maxDepth);
     boolean shouldCommit = false;
     if (status.shouldSend()) {
-      // only rate limit if a condition is defined
-      if (probeCondition != null) {
-        if (!ProbeRateLimiter.tryProbe(id)) {
-          sink.skipSnapshot(id, DebuggerContext.SkipCause.RATE);
-          return;
-        }
-      }
+      snapshot.setTraceId(lineContext.getTraceId());
+      snapshot.setSpanId(lineContext.getSpanId());
       if (isCaptureSnapshot()) {
         snapshot.addLine(lineContext, line);
       }
@@ -533,6 +563,7 @@ public static class LogStatus extends CapturedContext.Status {
     private boolean condition = true;
     private boolean hasLogTemplateErrors;
     private boolean hasConditionErrors;
+    private boolean sampled = true;
     private String message;
 
     public LogStatus(ProbeImplementation probeImplementation) {
@@ -546,7 +577,7 @@ private LogStatus(ProbeImplementation probeImplementation, boolean condition) {
 
     @Override
     public boolean shouldFreezeContext() {
-      return probeImplementation.isCaptureSnapshot() && shouldSend();
+      return sampled && probeImplementation.isCaptureSnapshot() && shouldSend();
     }
 
     @Override
@@ -555,7 +586,7 @@ public boolean isCapturing() {
     }
 
     public boolean shouldSend() {
-      return condition && !hasConditionErrors;
+      return sampled && condition && !hasConditionErrors;
     }
 
     public boolean shouldReportError() {
@@ -593,6 +624,14 @@ public void setMessage(String message) {
     public String getMessage() {
       return message;
     }
+
+    public void setSampled(boolean sampled) {
+      this.sampled = sampled;
+    }
+
+    public boolean isSampled() {
+      return sampled;
+    }
   }
 
   @Generated
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/MetricProbe.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/MetricProbe.java
index af481422d97..312da6dea68 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/MetricProbe.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/MetricProbe.java
@@ -3,6 +3,7 @@
 import com.datadog.debugger.agent.Generated;
 import com.datadog.debugger.el.ValueScript;
 import com.datadog.debugger.instrumentation.DiagnosticMessage;
+import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.instrumentation.MetricInstrumentor;
 import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
@@ -135,13 +136,13 @@ public ValueScript getValue() {
   }
 
   @Override
-  public void instrument(
+  public InstrumentationResult.Status instrument(
       ClassLoader classLoader,
       ClassNode classNode,
       MethodNode methodNode,
       List<DiagnosticMessage> diagnostics,
       List<String> probeIds) {
-    new MetricInstrumentor(this, classLoader, classNode, methodNode, diagnostics, probeIds)
+    return new MetricInstrumentor(this, classLoader, classNode, methodNode, diagnostics, probeIds)
         .instrument();
   }
 
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/ProbeDefinition.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/ProbeDefinition.java
index b7cc85da7f9..4de096f0619 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/ProbeDefinition.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/ProbeDefinition.java
@@ -122,15 +122,15 @@ private static void initTagMap(Map<String, String> tagMap, Tag[] tags) {
     }
   }
 
-  public void instrument(
+  public InstrumentationResult.Status instrument(
       ClassLoader classLoader,
       ClassNode classNode,
       MethodNode methodNode,
       List<DiagnosticMessage> diagnostics) {
-    instrument(classLoader, classNode, methodNode, diagnostics, singletonList(getId()));
+    return instrument(classLoader, classNode, methodNode, diagnostics, singletonList(getId()));
   }
 
-  public abstract void instrument(
+  public abstract InstrumentationResult.Status instrument(
       ClassLoader classLoader,
       ClassNode classNode,
       MethodNode methodNode,
@@ -143,7 +143,8 @@ public ProbeLocation getLocation() {
   }
 
   @Override
-  public void evaluate(CapturedContext context, CapturedContext.Status status) {}
+  public void evaluate(
+      CapturedContext context, CapturedContext.Status status, MethodLocation methodLocation) {}
 
   @Override
   public void commit(
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanDecorationProbe.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanDecorationProbe.java
index 4313a6b7c4d..5de07fc1a7b 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanDecorationProbe.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanDecorationProbe.java
@@ -5,12 +5,14 @@
 import com.datadog.debugger.agent.LogMessageTemplateBuilder;
 import com.datadog.debugger.el.EvaluationException;
 import com.datadog.debugger.el.ProbeCondition;
+import com.datadog.debugger.instrumentation.CapturedContextInstrumentor;
 import com.datadog.debugger.instrumentation.DiagnosticMessage;
-import com.datadog.debugger.instrumentation.SpanDecorationInstrumentor;
+import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.sink.Snapshot;
 import datadog.trace.api.Pair;
 import datadog.trace.bootstrap.debugger.CapturedContext;
 import datadog.trace.bootstrap.debugger.EvaluationError;
+import datadog.trace.bootstrap.debugger.Limits;
 import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
 import datadog.trace.bootstrap.debugger.ProbeImplementation;
@@ -131,18 +133,20 @@ public SpanDecorationProbe(
   }
 
   @Override
-  public void instrument(
+  public InstrumentationResult.Status instrument(
       ClassLoader classLoader,
       ClassNode classNode,
       MethodNode methodNode,
       List<DiagnosticMessage> diagnostics,
       List<String> probeIds) {
-    new SpanDecorationInstrumentor(this, classLoader, classNode, methodNode, diagnostics, probeIds)
+    return new CapturedContextInstrumentor(
+            this, classLoader, classNode, methodNode, diagnostics, probeIds, false, Limits.DEFAULT)
         .instrument();
   }
 
   @Override
-  public void evaluate(CapturedContext context, CapturedContext.Status status) {
+  public void evaluate(
+      CapturedContext context, CapturedContext.Status status, MethodLocation methodLocation) {
     for (Decoration decoration : decorations) {
       if (decoration.when != null) {
         try {
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanProbe.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanProbe.java
index 719a8997bd9..b577bef8cbb 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanProbe.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/SpanProbe.java
@@ -2,6 +2,7 @@
 
 import com.datadog.debugger.agent.Generated;
 import com.datadog.debugger.instrumentation.DiagnosticMessage;
+import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.instrumentation.SpanInstrumentor;
 import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
@@ -23,13 +24,13 @@ public SpanProbe(String language, ProbeId probeId, String[] tagStrs, Where where
   }
 
   @Override
-  public void instrument(
+  public InstrumentationResult.Status instrument(
       ClassLoader classLoader,
       ClassNode classNode,
       MethodNode methodNode,
       List<DiagnosticMessage> diagnostics,
       List<String> probeIds) {
-    new SpanInstrumentor(this, classLoader, classNode, methodNode, diagnostics, probeIds)
+    return new SpanInstrumentor(this, classLoader, classNode, methodNode, diagnostics, probeIds)
         .instrument();
   }
 
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/DebuggerSink.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/DebuggerSink.java
index bbe22230c77..6167e2de60d 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/DebuggerSink.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/DebuggerSink.java
@@ -30,6 +30,7 @@ public class DebuggerSink implements Sink {
 
   private final ProbeStatusSink probeStatusSink;
   private final SnapshotSink snapshotSink;
+  private final SymbolSink symbolSink;
   private final DebuggerMetrics debuggerMetrics;
   private final BatchUploader batchUploader;
   private final String tags;
@@ -42,10 +43,11 @@ public class DebuggerSink implements Sink {
   public DebuggerSink(Config config) {
     this(
         config,
-        new BatchUploader(config),
+        new BatchUploader(config, config.getFinalDebuggerSnapshotUrl()),
         DebuggerMetrics.getInstance(config),
         new ProbeStatusSink(config),
-        new SnapshotSink(config));
+        new SnapshotSink(config),
+        new SymbolSink(config));
   }
 
   DebuggerSink(Config config, BatchUploader batchUploader) {
@@ -54,16 +56,18 @@ public DebuggerSink(Config config) {
         batchUploader,
         DebuggerMetrics.getInstance(config),
         new ProbeStatusSink(config),
-        new SnapshotSink(config));
+        new SnapshotSink(config),
+        new SymbolSink(config));
   }
 
   public DebuggerSink(Config config, ProbeStatusSink probeStatusSink) {
     this(
         config,
-        new BatchUploader(config),
+        new BatchUploader(config, config.getFinalDebuggerSnapshotUrl()),
         DebuggerMetrics.getInstance(config),
         probeStatusSink,
-        new SnapshotSink(config));
+        new SnapshotSink(config),
+        new SymbolSink(config));
   }
 
   DebuggerSink(Config config, BatchUploader batchUploader, DebuggerMetrics debuggerMetrics) {
@@ -72,7 +76,8 @@ public DebuggerSink(Config config, ProbeStatusSink probeStatusSink) {
         batchUploader,
         debuggerMetrics,
         new ProbeStatusSink(config),
-        new SnapshotSink(config));
+        new SnapshotSink(config),
+        new SymbolSink(config));
   }
 
   public DebuggerSink(
@@ -80,12 +85,14 @@ public DebuggerSink(
       BatchUploader batchUploader,
       DebuggerMetrics debuggerMetrics,
       ProbeStatusSink probeStatusSink,
-      SnapshotSink snapshotSink) {
+      SnapshotSink snapshotSink,
+      SymbolSink symbolSink) {
     this.batchUploader = batchUploader;
     tags = getDefaultTagsMergedWithGlobalTags(config);
     this.debuggerMetrics = debuggerMetrics;
     this.probeStatusSink = probeStatusSink;
     this.snapshotSink = snapshotSink;
+    this.symbolSink = symbolSink;
     this.uploadFlushInterval = config.getDebuggerUploadFlushInterval();
   }
 
@@ -136,6 +143,10 @@ public BatchUploader getSnapshotUploader() {
     return batchUploader;
   }
 
+  public SymbolSink getSymbolSink() {
+    return symbolSink;
+  }
+
   @Override
   public void addSnapshot(Snapshot snapshot) {
     boolean added = snapshotSink.offer(snapshot);
@@ -160,15 +171,16 @@ private void reschedule() {
 
   // visible for testing
   void flush(DebuggerSink ignored) {
+    symbolSink.flush();
     List<String> diagnostics = probeStatusSink.getSerializedDiagnostics();
     List<String> snapshots = snapshotSink.getSerializedSnapshots();
     if (snapshots.size() + diagnostics.size() == 0) {
       return;
     }
-    if (snapshots.size() >= 1) {
+    if (snapshots.size() > 0) {
       uploadPayloads(snapshots);
     }
-    if (diagnostics.size() >= 1) {
+    if (diagnostics.size() > 0) {
       uploadPayloads(diagnostics);
     }
   }
@@ -221,7 +233,6 @@ public void removeDiagnostics(ProbeId probeId) {
     probeStatusSink.removeDiagnostics(probeId);
   }
 
-  @Override
   public void addDiagnostics(ProbeId probeId, List<DiagnosticMessage> messages) {
     for (DiagnosticMessage msg : messages) {
       switch (msg.getKind()) {
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/ProbeStatusSink.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/ProbeStatusSink.java
index c4be25c2b09..017bf5e544a 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/ProbeStatusSink.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/ProbeStatusSink.java
@@ -66,6 +66,10 @@ public List<String> getSerializedDiagnostics() {
     List<String> serializedDiagnostics = new ArrayList<>();
     for (ProbeStatus message : diagnostics) {
       try {
+        LOGGER.debug(
+            "Sending probe status[{}] for probe id: {}",
+            message.getDiagnostics().getStatus(),
+            message.getDiagnostics().getProbeId().getId());
         serializedDiagnostics.add(PROBE_STATUS_ADAPTER.toJson(message));
       } catch (Exception e) {
         ExceptionHelper.logException(LOGGER, e, "Error during probe status serialization:");
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Sink.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Sink.java
index fbc7c44989b..687c83ef747 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Sink.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Sink.java
@@ -1,14 +1,9 @@
 package com.datadog.debugger.sink;
 
-import com.datadog.debugger.instrumentation.DiagnosticMessage;
 import datadog.trace.bootstrap.debugger.DebuggerContext;
-import datadog.trace.bootstrap.debugger.ProbeId;
-import java.util.List;
 
 public interface Sink {
   void addSnapshot(Snapshot snapshot);
 
-  void addDiagnostics(ProbeId probeId, List<DiagnosticMessage> messages);
-
   void skipSnapshot(String probeId, DebuggerContext.SkipCause cause);
 }
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Snapshot.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Snapshot.java
index 5a1bec8ead8..7c59823006e 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Snapshot.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/Snapshot.java
@@ -26,8 +26,8 @@ public class Snapshot {
   private final ProbeImplementation probe;
   private final String language;
   private final transient CapturedThread thread;
-  private String traceId; // trace_id
-  private String spanId; // span_id
+  private transient String traceId;
+  private transient String spanId;
   private List<EvaluationError> evaluationErrors;
   private transient String message;
   private final transient int maxDepth;
@@ -176,6 +176,14 @@ public void recordStackTrace(int offset) {
     }
   }
 
+  public void setTraceId(String traceId) {
+    this.traceId = traceId;
+  }
+
+  public void setSpanId(String spanId) {
+    this.spanId = spanId;
+  }
+
   public enum Kind {
     ENTER,
     RETURN,
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/SymbolSink.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/SymbolSink.java
new file mode 100644
index 00000000000..1ff688a35ad
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/sink/SymbolSink.java
@@ -0,0 +1,85 @@
+package com.datadog.debugger.sink;
+
+import com.datadog.debugger.symbol.Scope;
+import com.datadog.debugger.symbol.ServiceVersion;
+import com.datadog.debugger.uploader.BatchUploader;
+import com.datadog.debugger.util.ExceptionHelper;
+import com.datadog.debugger.util.MoshiHelper;
+import com.squareup.moshi.JsonAdapter;
+import datadog.trace.api.Config;
+import datadog.trace.util.TagsHelper;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SymbolSink {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(SymbolSink.class);
+  private static final int CAPACITY = 1024;
+  private static final JsonAdapter<ServiceVersion> SERVICE_VERSION_ADAPTER =
+      MoshiHelper.createMoshiSymbol().adapter(ServiceVersion.class);
+  private static final String EVENT_FORMAT =
+      "{%n"
+          + "\"ddsource\": \"dd_debugger\",%n"
+          + "\"service\": \"%s\",%n"
+          + "\"runtimeId\": \"%s\"%n"
+          + "}";
+
+  private final String serviceName;
+  private final String env;
+  private final String version;
+  private final BatchUploader symbolUploader;
+  private final BlockingQueue<ServiceVersion> scopes = new ArrayBlockingQueue<>(CAPACITY);
+  private final BatchUploader.MultiPartContent event;
+
+  public SymbolSink(Config config) {
+    this(config, new BatchUploader(config, config.getFinalDebuggerSymDBUrl()));
+  }
+
+  SymbolSink(Config config, BatchUploader symbolUploader) {
+    this.serviceName = TagsHelper.sanitize(config.getServiceName());
+    this.env = config.getEnv();
+    this.version = config.getVersion();
+    this.symbolUploader = symbolUploader;
+    byte[] eventContent =
+        String.format(EVENT_FORMAT, serviceName, config.getRuntimeId())
+            .getBytes(StandardCharsets.UTF_8);
+    this.event = new BatchUploader.MultiPartContent(eventContent, "event", "event.json");
+  }
+
+  public boolean addScope(Scope jarScope) {
+    ServiceVersion serviceVersion =
+        new ServiceVersion(serviceName, env, version, "JAVA", Collections.singletonList(jarScope));
+    return scopes.offer(serviceVersion);
+  }
+
+  public void flush() {
+    if (scopes.isEmpty()) {
+      return;
+    }
+    List<ServiceVersion> scopesToSerialize = new ArrayList<>();
+    scopes.drainTo(scopesToSerialize);
+    LOGGER.debug("Sending {} scopes", scopesToSerialize.size());
+    for (ServiceVersion serviceVersion : scopesToSerialize) {
+      try {
+        String json = SERVICE_VERSION_ADAPTER.toJson(serviceVersion);
+        LOGGER.debug(
+            "Sending scope: {}, size={}",
+            serviceVersion.getScopes().get(0).getName(),
+            json.length());
+        symbolUploader.uploadAsMultipart(
+            "",
+            event,
+            new BatchUploader.MultiPartContent(
+                json.getBytes(StandardCharsets.UTF_8), "file", "file.json"));
+      } catch (Exception e) {
+        ExceptionHelper.logException(LOGGER, e, "Error during scope serialization:");
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/Scope.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/Scope.java
new file mode 100644
index 00000000000..4963e687959
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/Scope.java
@@ -0,0 +1,149 @@
+package com.datadog.debugger.symbol;
+
+import com.squareup.moshi.Json;
+import java.util.List;
+
+public class Scope {
+  @Json(name = "scope_type")
+  private final ScopeType scopeType;
+
+  @Json(name = "source_file")
+  private final String sourceFile;
+
+  @Json(name = "start_line")
+  private final int startLine;
+
+  @Json(name = "end_line")
+  private final int endLine;
+
+  private final String name;
+
+  @Json(name = "language_specifics")
+  private final List<Object> languageSpecifics;
+
+  private final List<Symbol> symbols;
+  private final List<Scope> scopes;
+
+  public Scope(
+      ScopeType scopeType,
+      String sourceFile,
+      int startLine,
+      int endLine,
+      String name,
+      List<Object> languageSpecifics,
+      List<Symbol> symbols,
+      List<Scope> scopes) {
+    this.scopeType = scopeType;
+    this.sourceFile = sourceFile;
+    this.startLine = startLine;
+    this.endLine = endLine;
+    this.name = name;
+    this.languageSpecifics = languageSpecifics;
+    this.symbols = symbols;
+    this.scopes = scopes;
+  }
+
+  public ScopeType getScopeType() {
+    return scopeType;
+  }
+
+  public String getSourceFile() {
+    return sourceFile;
+  }
+
+  public int getStartLine() {
+    return startLine;
+  }
+
+  public int getEndLine() {
+    return endLine;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public List<Object> getLanguageSpecifics() {
+    return languageSpecifics;
+  }
+
+  public List<Symbol> getSymbols() {
+    return symbols;
+  }
+
+  public List<Scope> getScopes() {
+    return scopes;
+  }
+
+  @Override
+  public String toString() {
+    return "Scope{"
+        + "scopeType="
+        + scopeType
+        + ", sourceFile='"
+        + sourceFile
+        + '\''
+        + ", startLine="
+        + startLine
+        + ", endLine="
+        + endLine
+        + ", name='"
+        + name
+        + '\''
+        + ", languageSpecifics="
+        + languageSpecifics
+        + ", symbols="
+        + symbols
+        + ", scopes="
+        + scopes
+        + '}';
+  }
+
+  public static Builder builder(
+      ScopeType scopeType, String sourceFile, int startLine, int endLine) {
+    return new Builder(scopeType, sourceFile, startLine, endLine);
+  }
+
+  public static class Builder {
+    private final ScopeType scopeType;
+    private final String sourceFile;
+    private final int startLine;
+    private final int endLine;
+    private String name;
+    private List<Object> languageSpecifics;
+    private List<Symbol> symbols;
+    private List<Scope> scopes;
+
+    public Builder(ScopeType scopeType, String sourceFile, int startLine, int endLine) {
+      this.scopeType = scopeType;
+      this.sourceFile = sourceFile;
+      this.startLine = startLine;
+      this.endLine = endLine;
+    }
+
+    public Builder name(String name) {
+      this.name = name;
+      return this;
+    }
+
+    public Builder languageSpecifics(List<Object> languageSpecifics) {
+      this.languageSpecifics = languageSpecifics;
+      return this;
+    }
+
+    public Builder symbols(List<Symbol> symbols) {
+      this.symbols = symbols;
+      return this;
+    }
+
+    public Builder scopes(List<Scope> scopes) {
+      this.scopes = scopes;
+      return this;
+    }
+
+    public Scope build() {
+      return new Scope(
+          scopeType, sourceFile, startLine, endLine, name, languageSpecifics, symbols, scopes);
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/ScopeType.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/ScopeType.java
new file mode 100644
index 00000000000..99d8c004a55
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/ScopeType.java
@@ -0,0 +1,9 @@
+package com.datadog.debugger.symbol;
+
+public enum ScopeType {
+  JAR,
+  CLASS,
+  METHOD,
+  LOCAL,
+  CLOSURE
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/ServiceVersion.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/ServiceVersion.java
new file mode 100644
index 00000000000..a88fc25da63
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/ServiceVersion.java
@@ -0,0 +1,25 @@
+package com.datadog.debugger.symbol;
+
+import java.util.List;
+
+public class ServiceVersion {
+  private final String service;
+
+  private final String env;
+  private final String version;
+  private final String language;
+  private final List<Scope> scopes;
+
+  public ServiceVersion(
+      String service, String env, String version, String language, List<Scope> scopes) {
+    this.service = service;
+    this.env = env;
+    this.version = version;
+    this.language = language;
+    this.scopes = scopes;
+  }
+
+  public List<Scope> getScopes() {
+    return scopes;
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/Symbol.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/Symbol.java
new file mode 100644
index 00000000000..55380f6c916
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/Symbol.java
@@ -0,0 +1,51 @@
+package com.datadog.debugger.symbol;
+
+import com.squareup.moshi.Json;
+
+public class Symbol {
+  @Json(name = "symbol_type")
+  private final SymbolType symbolType;
+
+  private final String name;
+  private final int line;
+  private final String type;
+
+  public Symbol(SymbolType symbolType, String name, int line, String type) {
+    this.symbolType = symbolType;
+    this.name = name;
+    this.line = line;
+    this.type = type;
+  }
+
+  public SymbolType getSymbolType() {
+    return symbolType;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public int getLine() {
+    return line;
+  }
+
+  public String getType() {
+    return type;
+  }
+
+  @Override
+  public String toString() {
+    return "Symbol{"
+        + "symbolType="
+        + symbolType
+        + ", name='"
+        + name
+        + '\''
+        + ", line="
+        + line
+        + ", type='"
+        + type
+        + '\''
+        + '}';
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolExtractionTransformer.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolExtractionTransformer.java
new file mode 100644
index 00000000000..203a306a1c0
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolExtractionTransformer.java
@@ -0,0 +1,140 @@
+package com.datadog.debugger.symbol;
+
+import com.datadog.debugger.agent.AllowListHelper;
+import com.datadog.debugger.agent.Configuration;
+import com.datadog.debugger.sink.SymbolSink;
+import datadog.trace.api.Config;
+import datadog.trace.util.AgentTaskScheduler;
+import datadog.trace.util.Strings;
+import java.lang.instrument.ClassFileTransformer;
+import java.net.URL;
+import java.security.CodeSource;
+import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SymbolExtractionTransformer implements ClassFileTransformer {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(SymbolExtractionTransformer.class);
+  private static final Pattern COMMA_PATTERN = Pattern.compile(",");
+
+  private final SymbolSink sink;
+  private final Map<String, Scope> jarScopesByName = new HashMap<>();
+  private final AgentTaskScheduler.Scheduled<SymbolExtractionTransformer> scheduled;
+  private final Object jarScopeLock = new Object();
+  private final AllowListHelper allowListHelper;
+  private int totalClasses;
+  private final int symbolFlushThreshold;
+
+  public SymbolExtractionTransformer() {
+    this(new SymbolSink(Config.get()), Config.get());
+  }
+
+  public SymbolExtractionTransformer(SymbolSink sink, Config config) {
+    this.sink = sink;
+    this.scheduled =
+        AgentTaskScheduler.INSTANCE.scheduleAtFixedRate(
+            this::flushRemainingScopes, this, 30, 30, TimeUnit.SECONDS);
+    String includes = config.getDebuggerSymbolIncludes();
+    if (includes != null) {
+      this.allowListHelper = new AllowListHelper(buildFilterList(includes));
+    } else {
+      this.allowListHelper = null;
+    }
+    this.symbolFlushThreshold = config.getDebuggerSymbolFlushThreshold();
+  }
+
+  private void flushRemainingScopes(SymbolExtractionTransformer symbolExtractionTransformer) {
+    synchronized (jarScopeLock) {
+      if (jarScopesByName.isEmpty()) {
+        return;
+      }
+      LOGGER.debug("Flush remaining scopes");
+      addJarScope(null, true); // force flush remaining scopes
+    }
+  }
+
+  private Configuration.FilterList buildFilterList(String includes) {
+    String[] includeParts = COMMA_PATTERN.split(includes);
+    return new Configuration.FilterList(Arrays.asList(includeParts), Collections.emptyList());
+  }
+
+  @Override
+  public byte[] transform(
+      ClassLoader loader,
+      String className,
+      Class<?> classBeingRedefined,
+      ProtectionDomain protectionDomain,
+      byte[] classfileBuffer) {
+    if (className == null) {
+      return null;
+    }
+    if (allowListHelper == null) {
+      if (className.startsWith("java/")
+          || className.startsWith("javax/")
+          || className.startsWith("jdk/")
+          || className.startsWith("sun/")
+          || className.startsWith("com/sun/")
+          || className.startsWith("datadog/")
+          || className.startsWith("com/datadog/")) {
+        return null;
+      }
+    } else {
+      if (!allowListHelper.isAllowed(Strings.getClassName(className))) {
+        return null;
+      }
+    }
+    String jarName = "DEFAULT";
+    if (protectionDomain != null) {
+      CodeSource codeSource = protectionDomain.getCodeSource();
+      if (codeSource != null) {
+        URL location = codeSource.getLocation();
+        if (location != null) {
+          jarName = location.getFile();
+        }
+      }
+    }
+    LOGGER.debug("Extracting Symbols from: {}, located in: {}", className, jarName);
+    Scope jarScope = SymbolExtractor.extract(classfileBuffer, jarName);
+    addJarScope(jarScope, false);
+    return null;
+  }
+
+  private void addJarScope(Scope jarScope, boolean forceFlush) {
+    List<Scope> scopes = Collections.emptyList();
+    synchronized (jarScopeLock) {
+      if (jarScope != null) {
+        Scope scope = jarScopesByName.get(jarScope.getName());
+        if (scope != null) {
+          scope.getScopes().addAll(jarScope.getScopes());
+        } else {
+          jarScopesByName.put(jarScope.getName(), jarScope);
+        }
+        totalClasses++;
+      }
+      if (totalClasses >= symbolFlushThreshold || forceFlush) {
+        scopes = new ArrayList<>(jarScopesByName.values());
+        jarScopesByName.clear();
+        totalClasses = 0;
+      }
+    }
+    if (!scopes.isEmpty()) {
+      LOGGER.debug("dumping {} jar scopes to sink", scopes.size());
+      for (Scope scope : scopes) {
+        LOGGER.debug(
+            "dumping {} class scopes to sink from scope: {}",
+            scope.getScopes().size(),
+            scope.getName());
+        sink.addScope(scope);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolExtractor.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolExtractor.java
new file mode 100644
index 00000000000..3498234820e
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolExtractor.java
@@ -0,0 +1,264 @@
+package com.datadog.debugger.symbol;
+
+import static com.datadog.debugger.instrumentation.ASMHelper.adjustLocalVarsBasedOnArgs;
+import static com.datadog.debugger.instrumentation.ASMHelper.createLocalVarNodes;
+import static com.datadog.debugger.instrumentation.ASMHelper.sortLocalVariables;
+
+import com.datadog.debugger.instrumentation.ASMHelper;
+import datadog.trace.util.Strings;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import org.objectweb.asm.ClassReader;
+import org.objectweb.asm.Label;
+import org.objectweb.asm.Opcodes;
+import org.objectweb.asm.Type;
+import org.objectweb.asm.tree.AbstractInsnNode;
+import org.objectweb.asm.tree.ClassNode;
+import org.objectweb.asm.tree.FieldNode;
+import org.objectweb.asm.tree.LabelNode;
+import org.objectweb.asm.tree.LineNumberNode;
+import org.objectweb.asm.tree.LocalVariableNode;
+import org.objectweb.asm.tree.MethodNode;
+import org.slf4j.LoggerFactory;
+
+public class SymbolExtractor {
+
+  public static Scope extract(byte[] classFileBuffer, String jarName) {
+    ClassNode classNode = parseClassFile(classFileBuffer);
+    return extractScopes(classNode, jarName);
+  }
+
+  private static Scope extractScopes(ClassNode classNode, String jarName) {
+    try {
+      String sourceFile = extractSourceFile(classNode);
+      List<Scope> methodScopes = new ArrayList<>();
+      for (MethodNode method : classNode.methods) {
+        MethodLineInfo methodLineInfo = extractMethodLineInfo(method);
+        List<Scope> varScopes = new ArrayList<>();
+        List<Symbol> methodSymbols = new ArrayList<>();
+        int localVarBaseSlot = extractArgs(method, methodSymbols, methodLineInfo.start);
+        extractScopesFromVariables(
+            sourceFile, method, methodLineInfo.lineMap, varScopes, localVarBaseSlot);
+        ScopeType methodScopeType = ScopeType.METHOD;
+        if (method.name.startsWith("lambda$")) {
+          methodScopeType = ScopeType.CLOSURE;
+        }
+        Scope methodScope =
+            Scope.builder(methodScopeType, sourceFile, methodLineInfo.start, methodLineInfo.end)
+                .name(method.name)
+                .scopes(varScopes)
+                .symbols(methodSymbols)
+                .build();
+        methodScopes.add(methodScope);
+      }
+      int classStartLine = Integer.MAX_VALUE;
+      int classEndLine = 0;
+      for (Scope scope : methodScopes) {
+        classStartLine = Math.min(classStartLine, scope.getStartLine());
+        classEndLine = Math.max(classEndLine, scope.getEndLine());
+      }
+      List<Symbol> fields = new ArrayList<>();
+      for (FieldNode fieldNode : classNode.fields) {
+        SymbolType symbolType =
+            ASMHelper.isStaticField(fieldNode) ? SymbolType.STATIC_FIELD : SymbolType.FIELD;
+        fields.add(
+            new Symbol(symbolType, fieldNode.name, 0, Type.getType(fieldNode.desc).getClassName()));
+      }
+      Scope classScope =
+          Scope.builder(ScopeType.CLASS, sourceFile, classStartLine, classEndLine)
+              .name(Strings.getClassName(classNode.name))
+              .scopes(methodScopes)
+              .symbols(fields)
+              .build();
+      return Scope.builder(ScopeType.JAR, jarName, 0, 0)
+          .name(jarName)
+          .scopes(new ArrayList<>(Collections.singletonList(classScope)))
+          .build();
+    } catch (Exception ex) {
+      LoggerFactory.getLogger(SymbolExtractor.class).info("", ex);
+      return null;
+    }
+  }
+
+  private static String extractSourceFile(ClassNode classNode) {
+    String packageName = classNode.name;
+    int idx = packageName.lastIndexOf('/');
+    packageName = idx >= 0 ? packageName.substring(0, idx + 1) : "";
+    return packageName + classNode.sourceFile;
+  }
+
+  private static int extractArgs(
+      MethodNode method, List<Symbol> methodSymbols, int methodStartLine) {
+    boolean isStatic = (method.access & Opcodes.ACC_STATIC) != 0;
+    int slot = isStatic ? 0 : 1;
+    if (method.localVariables == null || method.localVariables.size() == 0) {
+      return slot;
+    }
+    Type[] argTypes = Type.getArgumentTypes(method.desc);
+    if (argTypes.length == 0) {
+      return slot;
+    }
+    List<LocalVariableNode> sortedLocalVars = sortLocalVariables(method.localVariables);
+    LocalVariableNode[] localVarsBySlot = createLocalVarNodes(sortedLocalVars);
+    adjustLocalVarsBasedOnArgs(isStatic, localVarsBySlot, argTypes, sortedLocalVars);
+    for (Type argType : argTypes) {
+      if (slot >= localVarsBySlot.length) {
+        break;
+      }
+      String argName = localVarsBySlot[slot] != null ? localVarsBySlot[slot].name : "p" + slot;
+      methodSymbols.add(
+          new Symbol(SymbolType.ARG, argName, methodStartLine, argType.getClassName()));
+      slot += argType.getSize();
+    }
+    return slot;
+  }
+
+  private static void extractScopesFromVariables(
+      String sourceFile,
+      MethodNode methodNode,
+      Map<Label, Integer> monotonicLineMap,
+      List<Scope> varScopes,
+      int localVarBaseSlot) {
+    if (methodNode.localVariables == null) {
+      return;
+    }
+    // using a LinkedHashMap only for having a stable order of local scopes (tests)
+    Map<LabelNode, List<LocalVariableNode>> varsByEndLabel = new LinkedHashMap<>();
+    for (int i = 0; i < methodNode.localVariables.size(); i++) {
+      LocalVariableNode localVariable = methodNode.localVariables.get(i);
+      if (localVariable.index < localVarBaseSlot) {
+        continue;
+      }
+      varsByEndLabel.merge(
+          localVariable.end,
+          new ArrayList<>(Collections.singletonList(localVariable)),
+          (curr, next) -> {
+            curr.addAll(next);
+            return curr;
+          });
+    }
+    List<Scope> tmpScopes = new ArrayList<>();
+    for (Map.Entry<LabelNode, List<LocalVariableNode>> entry : varsByEndLabel.entrySet()) {
+      List<Symbol> varSymbols = new ArrayList<>();
+      int minLine = Integer.MAX_VALUE;
+      for (LocalVariableNode var : entry.getValue()) {
+        int line = monotonicLineMap.get(var.start.getLabel());
+        minLine = Math.min(line, minLine);
+        varSymbols.add(
+            new Symbol(SymbolType.LOCAL, var.name, line, Type.getType(var.desc).getClassName()));
+      }
+      int endLine = monotonicLineMap.get(entry.getKey().getLabel());
+      Scope varScope =
+          Scope.builder(ScopeType.LOCAL, sourceFile, minLine, endLine)
+              .symbols(varSymbols)
+              .scopes(new ArrayList<>())
+              .build();
+      tmpScopes.add(varScope);
+    }
+    nestScopes(varScopes, tmpScopes);
+  }
+
+  private static Scope removeWidestScope(List<Scope> scopes) {
+    Scope widestScope = null;
+    for (Scope scope : scopes) {
+      widestScope = widestScope != null ? maxScope(widestScope, scope) : scope;
+    }
+    // Remove the actual widest instance from the list, based on reference equality
+    scopes.remove(widestScope);
+    return widestScope;
+  }
+
+  private static void nestScopes(List<Scope> outerScopes, List<Scope> scopes) {
+    Scope widestScope = removeWidestScope(scopes);
+    if (widestScope == null) {
+      return;
+    }
+    outerScopes.add(widestScope);
+    for (Scope scope : scopes) {
+      boolean added = false;
+      for (Scope outerScope : outerScopes) {
+        if (isInnerScope(outerScope, scope)) {
+          outerScope.getScopes().add(scope);
+          added = true;
+          break;
+        }
+      }
+      if (!added) {
+        outerScopes.add(scope);
+      }
+    }
+    for (Scope outerScope : outerScopes) {
+      List<Scope> tmpScopes = new ArrayList<>(outerScope.getScopes());
+      outerScope.getScopes().clear();
+      nestScopes(outerScope.getScopes(), tmpScopes);
+    }
+  }
+
+  private static boolean isInnerScope(Scope enclosingScope, Scope scope) {
+    return scope.getStartLine() >= enclosingScope.getStartLine()
+        && scope.getEndLine() <= enclosingScope.getEndLine();
+  }
+
+  private static Scope maxScope(Scope scope1, Scope scope2) {
+    return scope1.getStartLine() > scope2.getStartLine()
+            || scope1.getEndLine() < scope2.getEndLine()
+        ? scope2
+        : scope1;
+  }
+
+  private static int getFirstLine(MethodNode methodNode) {
+    AbstractInsnNode node = methodNode.instructions.getFirst();
+    while (node != null) {
+      if (node.getType() == AbstractInsnNode.LINE) {
+        LineNumberNode lineNumberNode = (LineNumberNode) node;
+        return lineNumberNode.line;
+      }
+      node = node.getNext();
+    }
+    return 0;
+  }
+
+  private static MethodLineInfo extractMethodLineInfo(MethodNode methodNode) {
+    Map<Label, Integer> map = new HashMap<>();
+    int startLine = getFirstLine(methodNode);
+    int maxLine = startLine;
+    AbstractInsnNode node = methodNode.instructions.getFirst();
+    while (node != null) {
+      if (node.getType() == AbstractInsnNode.LINE) {
+        LineNumberNode lineNumberNode = (LineNumberNode) node;
+        maxLine = Math.max(lineNumberNode.line, maxLine);
+      }
+      if (node.getType() == AbstractInsnNode.LABEL) {
+        if (node instanceof LabelNode) {
+          LabelNode labelNode = (LabelNode) node;
+          map.put(labelNode.getLabel(), maxLine);
+        }
+      }
+      node = node.getNext();
+    }
+    return new MethodLineInfo(startLine, maxLine, map);
+  }
+
+  private static ClassNode parseClassFile(byte[] classfileBuffer) {
+    ClassReader reader = new ClassReader(classfileBuffer);
+    ClassNode classNode = new ClassNode();
+    reader.accept(classNode, ClassReader.SKIP_FRAMES);
+    return classNode;
+  }
+
+  public static class MethodLineInfo {
+    final int start;
+    final int end;
+    final Map<Label, Integer> lineMap;
+
+    public MethodLineInfo(int start, int end, Map<Label, Integer> lineMap) {
+      this.start = start;
+      this.end = end;
+      this.lineMap = lineMap;
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolType.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolType.java
new file mode 100644
index 00000000000..94b5b889c74
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/symbol/SymbolType.java
@@ -0,0 +1,8 @@
+package com.datadog.debugger.symbol;
+
+public enum SymbolType {
+  FIELD,
+  STATIC_FIELD,
+  ARG,
+  LOCAL
+}
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/uploader/BatchUploader.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/uploader/BatchUploader.java
index 422835ab659..15dbaaf604d 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/uploader/BatchUploader.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/uploader/BatchUploader.java
@@ -18,10 +18,10 @@
 import java.util.concurrent.TimeoutException;
 import okhttp3.Call;
 import okhttp3.Callback;
-import okhttp3.ConnectionPool;
 import okhttp3.Dispatcher;
 import okhttp3.HttpUrl;
 import okhttp3.MediaType;
+import okhttp3.MultipartBody;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.RequestBody;
@@ -32,13 +32,37 @@
 
 /** Handles batching logic of upload requests sent to the intake */
 public class BatchUploader {
+  public static class MultiPartContent {
+    private final byte[] content;
+    private final String partName;
+    private final String fileName;
+
+    public MultiPartContent(byte[] content, String partName, String fileName) {
+      this.content = content;
+      this.partName = partName;
+      this.fileName = fileName;
+    }
+
+    public byte[] getContent() {
+      return content;
+    }
+
+    public String getPartName() {
+      return partName;
+    }
+
+    public String getFileName() {
+      return fileName;
+    }
+  }
+
   private static final Logger log = LoggerFactory.getLogger(BatchUploader.class);
   private static final int MINUTES_BETWEEN_ERROR_LOG = 5;
   private static final MediaType APPLICATION_JSON = MediaType.parse("application/json");
-  private static final String HEADER_DD_API_KEY = "DD-API-KEY";
   private static final String HEADER_DD_CONTAINER_ID = "Datadog-Container-ID";
   private final String containerId;
 
+  static final String HEADER_DD_API_KEY = "DD-API-KEY";
   static final int MAX_RUNNING_REQUESTS = 10;
   static final int MAX_ENQUEUED_REQUESTS = 20;
   static final int TERMINATION_TIMEOUT = 5;
@@ -54,23 +78,23 @@ public class BatchUploader {
 
   private final Phaser inflightRequests = new Phaser(1);
 
-  public BatchUploader(Config config) {
-    this(config, new RatelimitedLogger(log, MINUTES_BETWEEN_ERROR_LOG, TimeUnit.MINUTES));
+  public BatchUploader(Config config, String endpoint) {
+    this(config, endpoint, new RatelimitedLogger(log, MINUTES_BETWEEN_ERROR_LOG, TimeUnit.MINUTES));
   }
 
-  BatchUploader(Config config, RatelimitedLogger ratelimitedLogger) {
-    this(config, ratelimitedLogger, ContainerInfo.get().containerId);
+  BatchUploader(Config config, String endpoint, RatelimitedLogger ratelimitedLogger) {
+    this(config, endpoint, ratelimitedLogger, ContainerInfo.get().containerId);
   }
 
   // Visible for testing
-  BatchUploader(Config config, RatelimitedLogger ratelimitedLogger, String containerId) {
+  BatchUploader(
+      Config config, String endpoint, RatelimitedLogger ratelimitedLogger, String containerId) {
     instrumentTheWorld = config.isDebuggerInstrumentTheWorld();
-    String url = config.getFinalDebuggerSnapshotUrl();
-    if (url == null || url.length() == 0) {
-      throw new IllegalArgumentException("Snapshot url is empty");
+    if (endpoint == null || endpoint.length() == 0) {
+      throw new IllegalArgumentException("Endpoint url is empty");
     }
-    urlBase = HttpUrl.get(url);
-    log.debug("Started SnapshotUploader with target url {}", urlBase);
+    urlBase = HttpUrl.get(endpoint);
+    log.debug("Started BatchUploader with target url {}", urlBase);
     apiKey = config.getApiKey();
     this.ratelimitedLogger = ratelimitedLogger;
     responseCallback = new ResponseCallback(ratelimitedLogger, inflightRequests);
@@ -84,10 +108,6 @@ public BatchUploader(Config config) {
             new SynchronousQueue<>(),
             new AgentThreadFactory(DEBUGGER_HTTP_DISPATCHER));
     this.containerId = containerId;
-    // Reusing connections causes non daemon threads to be created which causes agent to prevent app
-    // from exiting. See https://github.com/square/okhttp/issues/4029 for some details.
-    ConnectionPool connectionPool = new ConnectionPool(MAX_RUNNING_REQUESTS, 1, TimeUnit.SECONDS);
-
     Duration requestTimeout = Duration.ofSeconds(config.getDebuggerUploadTimeout());
     client =
         OkHttpUtils.buildHttpClient(
@@ -110,21 +130,41 @@ public void upload(byte[] batch) {
   }
 
   public void upload(byte[] batch, String tags) {
+    doUpload(() -> makeUploadRequest(batch, tags));
+  }
+
+  public void uploadAsMultipart(String tags, MultiPartContent... parts) {
+    doUpload(() -> makeMultipartUploadRequest(tags, parts));
+  }
+
+  private void makeMultipartUploadRequest(String tags, MultiPartContent[] parts) {
+    int contentLength = 0;
+    MultipartBody.Builder builder = new MultipartBody.Builder().setType(MultipartBody.FORM);
+    for (MultiPartContent part : parts) {
+      RequestBody fileBody = RequestBody.create(APPLICATION_JSON, part.content);
+      contentLength += part.content.length;
+      builder.addFormDataPart(part.partName, part.fileName, fileBody);
+    }
+    MultipartBody body = builder.build();
+    buildAndSendRequest(body, contentLength, tags);
+  }
+
+  private void doUpload(Runnable makeRequest) {
     if (instrumentTheWorld) {
       // no upload in Instrument-The-World mode
       return;
     }
     try {
       if (canEnqueueMoreRequests()) {
-        makeUploadRequest(batch, tags);
+        makeRequest.run();
         debuggerMetrics.count("batch.uploaded", 1);
       } else {
         debuggerMetrics.count("request.queue.full", 1);
         ratelimitedLogger.warn("Cannot upload batch data: too many enqueued requests!");
       }
-    } catch (final IllegalStateException | IOException e) {
+    } catch (Exception ex) {
       debuggerMetrics.count("batch.upload.error", 1);
-      ratelimitedLogger.warn("Problem uploading batch!", e);
+      ratelimitedLogger.warn("Problem uploading batch!", ex);
     }
   }
 
@@ -136,11 +176,15 @@ OkHttpClient getClient() {
     return client;
   }
 
-  private void makeUploadRequest(byte[] json, String tags) throws IOException {
+  private void makeUploadRequest(byte[] json, String tags) {
+    int contentLength = json.length;
     // use RequestBody.create(MediaType, byte[]) to avoid changing Content-Type to
     // "Content-Type: application/json; charset=UTF-8" which is not recognized
-    int contentLength = json.length;
     RequestBody body = RequestBody.create(APPLICATION_JSON, json);
+    buildAndSendRequest(body, contentLength, tags);
+  }
+
+  private void buildAndSendRequest(RequestBody body, int contentLength, String tags) {
     debuggerMetrics.histogram("batch.uploader.request.size", contentLength);
     if (log.isDebugEnabled()) {
       log.debug("Uploading batch data size={} bytes", contentLength);
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiHelper.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiHelper.java
index 47f1828e773..31e132639a6 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiHelper.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiHelper.java
@@ -46,4 +46,8 @@ public static JsonAdapter<Map<String, Object>> createGenericAdapter() {
     ParameterizedType type = Types.newParameterizedType(Map.class, String.class, Object.class);
     return new Moshi.Builder().build().adapter(type);
   }
+
+  public static Moshi createMoshiSymbol() {
+    return new Moshi.Builder().build();
+  }
 }
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiSnapshotHelper.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiSnapshotHelper.java
index 8708534ae9c..5f5a9e63ee4 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiSnapshotHelper.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/MoshiSnapshotHelper.java
@@ -11,6 +11,7 @@
 import datadog.trace.bootstrap.debugger.ProbeImplementation;
 import datadog.trace.bootstrap.debugger.ProbeLocation;
 import datadog.trace.bootstrap.debugger.util.TimeoutChecker;
+import datadog.trace.bootstrap.debugger.util.WellKnownClasses;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.lang.annotation.Annotation;
@@ -43,6 +44,8 @@ public class MoshiSnapshotHelper {
   public static final String COLLECTION_SIZE_REASON = "collectionSize";
   public static final String TIMEOUT_REASON = "timeout";
   public static final String DEPTH_REASON = "depth";
+  public static final String REDACTED_IDENT_REASON = "redactedIdent";
+  public static final String REDACTED_TYPE_REASON = "redactedType";
   public static final String TYPE = "type";
   public static final String VALUE = "value";
   public static final String FIELDS = "fields";
@@ -460,6 +463,18 @@ public void notCaptured(SerializerWithLimits.NotCapturedReason reason) throws Ex
               jsonWriter.value(TIMEOUT_REASON);
               break;
             }
+          case REDACTED_IDENT:
+            {
+              jsonWriter.name(NOT_CAPTURED_REASON);
+              jsonWriter.value(REDACTED_IDENT_REASON);
+              break;
+            }
+          case REDACTED_TYPE:
+            {
+              jsonWriter.name(NOT_CAPTURED_REASON);
+              jsonWriter.value(REDACTED_TYPE_REASON);
+              break;
+            }
           default:
             throw new RuntimeException("Unsupported NotCapturedReason: " + reason);
         }
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/SerializerWithLimits.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/SerializerWithLimits.java
index 588d7c6acf1..5d2da23f805 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/SerializerWithLimits.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/SerializerWithLimits.java
@@ -1,8 +1,12 @@
 package com.datadog.debugger.util;
 
+import static datadog.trace.bootstrap.debugger.util.Redaction.REDACTED_VALUE;
+
 import datadog.trace.bootstrap.debugger.CapturedContext;
 import datadog.trace.bootstrap.debugger.Limits;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import datadog.trace.bootstrap.debugger.util.TimeoutChecker;
+import datadog.trace.bootstrap.debugger.util.WellKnownClasses;
 import java.lang.reflect.Array;
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
@@ -45,7 +49,9 @@ public static boolean isPrimitive(String type) {
   enum NotCapturedReason {
     MAX_DEPTH,
     FIELD_COUNT,
-    TIMEOUT
+    TIMEOUT,
+    REDACTED_IDENT,
+    REDACTED_TYPE
   }
 
   public interface TokenWriter {
@@ -115,6 +121,17 @@ public void serialize(Object value, String type, Limits limits) throws Exception
       throw new IllegalArgumentException("Type is required for serialization");
     }
     tokenWriter.prologue(value, type);
+    NotCapturedReason reason = null;
+    if (value == REDACTED_VALUE) {
+      reason = NotCapturedReason.REDACTED_IDENT;
+    } else if (Redaction.isRedactedType(type)) {
+      reason = NotCapturedReason.REDACTED_TYPE;
+    }
+    if (reason != null) {
+      tokenWriter.notCaptured(reason);
+      tokenWriter.epilogue(value);
+      return;
+    }
     if (timeoutChecker.isTimedOut(System.currentTimeMillis())) {
       tokenWriter.notCaptured(NotCapturedReason.TIMEOUT);
       tokenWriter.epilogue(value);
@@ -152,9 +169,13 @@ private void serializeMap(Object value, Limits limits) throws Exception {
     int size = 0;
     try {
       map = (Map<?, ?>) value;
-      size = map.size(); // /!\ alien call /!\
-      Set<? extends Map.Entry<?, ?>> entries = map.entrySet(); // /!\ alien call /!\
-      isComplete = serializeMapEntries(entries, limits); // /!\ contains alien calls /!\
+      if (WellKnownClasses.isSizeSafe(map)) {
+        size = map.size(); // /!\ alien call /!\
+        Set<? extends Map.Entry<?, ?>> entries = map.entrySet(); // /!\ alien call /!\
+        isComplete = serializeMapEntries(entries, limits); // /!\ contains alien calls /!\
+      } else {
+        throw new RuntimeException("Unsupported Map type: " + map.getClass().getTypeName());
+      }
       tokenWriter.mapEpilogue(isComplete, size);
     } catch (Exception ex) {
       tokenWriter.mapEpilogue(isComplete, size);
@@ -169,8 +190,12 @@ private void serializeCollection(Object value, Limits limits) throws Exception {
     int size = 0;
     try {
       col = (Collection<?>) value;
-      size = col.size(); // /!\ alien call /!\
-      isComplete = serializeCollection(col, limits); // /!\ contains alien calls /!\
+      if (WellKnownClasses.isSizeSafe(col)) {
+        size = col.size(); // /!\ alien call /!\
+        isComplete = serializeCollection(col, limits); // /!\ contains alien calls /!\
+      } else {
+        throw new RuntimeException("Unsupported Collection type: " + col.getClass().getTypeName());
+      }
       tokenWriter.collectionEpilogue(value, isComplete, size);
     } catch (Exception ex) {
       tokenWriter.collectionEpilogue(value, isComplete, size);
@@ -270,6 +295,9 @@ private void onField(Field field, Object value, Limits limits) throws Exception
     } else {
       typeName = value != null ? value.getClass().getTypeName() : field.getType().getTypeName();
     }
+    if (Redaction.isRedactedKeyword(field.getName())) {
+      value = REDACTED_VALUE;
+    }
     serialize(
         value instanceof CapturedContext.CapturedValue
             ? ((CapturedContext.CapturedValue) value).getValue()
@@ -414,7 +442,12 @@ private boolean serializeMapEntries(Set<? extends Map.Entry<?, ?>> entries, Limi
       Map.Entry<?, ?> entry = (Map.Entry<?, ?>) it.next(); // /!\ alien call /!\
       tokenWriter.mapEntryPrologue(entry);
       Object keyObj = entry.getKey(); // /!\ alien call /!\
-      Object valObj = entry.getValue(); // /!\ alien call /!\
+      Object valObj;
+      if (keyObj instanceof String && Redaction.isRedactedKeyword((String) keyObj)) {
+        valObj = REDACTED_VALUE;
+      } else {
+        valObj = entry.getValue(); // /!\ alien call /!\
+      }
       serialize(
           keyObj,
           keyObj != null ? keyObj.getClass().getTypeName() : Object.class.getTypeName(),
diff --git a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/StringTokenWriter.java b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/StringTokenWriter.java
index 54528ec9ddd..fcd89a87dc1 100644
--- a/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/StringTokenWriter.java
+++ b/dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/util/StringTokenWriter.java
@@ -1,5 +1,8 @@
 package com.datadog.debugger.util;
 
+import static com.datadog.debugger.util.MoshiSnapshotHelper.REDACTED_IDENT_REASON;
+import static com.datadog.debugger.util.MoshiSnapshotHelper.REDACTED_TYPE_REASON;
+
 import com.datadog.debugger.el.Value;
 import datadog.trace.bootstrap.debugger.EvaluationError;
 import java.lang.reflect.Field;
@@ -155,6 +158,12 @@ public void notCaptured(SerializerWithLimits.NotCapturedReason reason) {
       case FIELD_COUNT:
         sb.append(", ...");
         break;
+      case REDACTED_IDENT:
+        sb.append("{").append(REDACTED_IDENT_REASON).append("}");
+        break;
+      case REDACTED_TYPE:
+        sb.append("{").append(REDACTED_TYPE_REASON).append("}");
+        break;
       default:
         throw new RuntimeException("Unsupported NotCapturedReason: " + reason);
     }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/CapturedSnapshotTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/CapturedSnapshotTest.java
index fed893eb71f..1b8ec443bce 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/CapturedSnapshotTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/CapturedSnapshotTest.java
@@ -1,15 +1,23 @@
 package com.datadog.debugger.agent;
 
+import static com.datadog.debugger.util.LogProbeTestHelper.parseTemplate;
 import static com.datadog.debugger.util.MoshiSnapshotHelper.DEPTH_REASON;
 import static com.datadog.debugger.util.MoshiSnapshotHelper.FIELD_COUNT_REASON;
 import static com.datadog.debugger.util.MoshiSnapshotHelper.NOT_CAPTURED_REASON;
+import static com.datadog.debugger.util.MoshiSnapshotHelper.REDACTED_IDENT_REASON;
+import static com.datadog.debugger.util.MoshiSnapshotHelper.REDACTED_TYPE_REASON;
 import static com.datadog.debugger.util.TestHelper.setFieldInConfig;
+import static datadog.trace.bootstrap.debugger.util.Redaction.REDACTED_VALUE;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static utils.InstrumentationTestHelper.compile;
 import static utils.InstrumentationTestHelper.compileAndLoadClass;
@@ -18,15 +26,22 @@
 
 import com.datadog.debugger.el.DSL;
 import com.datadog.debugger.el.ProbeCondition;
+import com.datadog.debugger.el.values.StringValue;
+import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.probe.LogProbe;
+import com.datadog.debugger.probe.ProbeDefinition;
+import com.datadog.debugger.sink.DebuggerSink;
+import com.datadog.debugger.sink.ProbeStatusSink;
 import com.datadog.debugger.sink.Snapshot;
 import com.datadog.debugger.util.MoshiHelper;
 import com.datadog.debugger.util.MoshiSnapshotTestHelper;
 import com.datadog.debugger.util.SerializerWithLimits;
 import com.squareup.moshi.JsonAdapter;
 import datadog.trace.api.Config;
+import datadog.trace.api.sampling.Sampler;
 import datadog.trace.bootstrap.debugger.*;
 import datadog.trace.bootstrap.debugger.el.ValueReferences;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import groovy.lang.GroovyClassLoader;
 import java.io.File;
 import java.io.IOException;
@@ -64,6 +79,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.ArgumentCaptor;
 import utils.SourceCompiler;
 
 public class CapturedSnapshotTest {
@@ -71,6 +87,7 @@ public class CapturedSnapshotTest {
   private static final ProbeId PROBE_ID = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f8", 0);
   private static final ProbeId PROBE_ID1 = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f6", 0);
   private static final ProbeId PROBE_ID2 = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f7", 0);
+  private static final ProbeId PROBE_ID3 = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f8", 0);
   private static final String SERVICE_NAME = "service-name";
   private static final JsonAdapter<CapturedContext.CapturedValue> VALUE_ADAPTER =
       new MoshiSnapshotTestHelper.CapturedValueAdapter();
@@ -79,6 +96,8 @@ public class CapturedSnapshotTest {
 
   private Instrumentation instr = ByteBuddyAgent.install();
   private ClassFileTransformer currentTransformer;
+  private ProbeStatusSink probeStatusSink;
+  private MockInstrumentationListener instrumentationListener;
 
   @BeforeEach
   public void before() {
@@ -92,6 +111,7 @@ public void after() {
     }
     ProbeRateLimiter.resetAll();
     Assertions.assertFalse(DebuggerContext.isInProbe());
+    Redaction.clearUserDefinedTypes();
   }
 
   @Test
@@ -101,10 +121,9 @@ public void methodNotFound() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, "foobar", null);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
-    Assertions.assertEquals(
-        "Cannot find method CapturedSnapshot01::foobar",
-        listener.errors.get(PROBE_ID.getId()).get(0).getMessage());
+    assertEquals(2, result);
+    verify(probeStatusSink)
+        .addError(eq(PROBE_ID), eq("Cannot find method CapturedSnapshot01::foobar"));
   }
 
   @Test
@@ -114,15 +133,15 @@ public void methodProbe() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, "main", "int (java.lang.String)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
+    assertEquals(3, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNotNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNotNull(snapshot.getCaptures().getReturn());
+    assertNotNull(snapshot.getCaptures().getEntry());
+    assertNotNull(snapshot.getCaptures().getReturn());
     assertCaptureArgs(snapshot.getCaptures().getEntry(), "arg", "java.lang.String", "1");
     assertCaptureArgs(snapshot.getCaptures().getReturn(), "arg", "java.lang.String", "1");
     assertTrue(snapshot.getDuration() > 0);
     assertTrue(snapshot.getStack().size() > 0);
-    Assertions.assertEquals("CapturedSnapshot01.main", snapshot.getStack().get(0).getFunction());
+    assertEquals("CapturedSnapshot01.main", snapshot.getStack().get(0).getFunction());
   }
 
   @Test
@@ -132,15 +151,15 @@ public void singleLineProbe() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, "main", "int (java.lang.String)", "8");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
+    assertEquals(3, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     assertCaptureArgs(snapshot.getCaptures().getLines().get(8), "arg", "java.lang.String", "1");
     assertCaptureLocals(snapshot.getCaptures().getLines().get(8), "var1", "int", "1");
     assertTrue(snapshot.getStack().size() > 0);
-    Assertions.assertEquals("CapturedSnapshot01.java", snapshot.getStack().get(0).getFileName());
+    assertEquals("CapturedSnapshot01.java", snapshot.getStack().get(0).getFileName());
   }
 
   @Test
@@ -152,8 +171,8 @@ public void resolutionFails() throws IOException, URISyntaxException {
     DebuggerContext.init((id, clazz) -> null, null);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
-    Assertions.assertEquals(0, listener.snapshots.size());
+    assertEquals(3, result);
+    assertEquals(0, listener.snapshots.size());
   }
 
   @Test
@@ -171,8 +190,8 @@ public void resolutionThrows() throws IOException, URISyntaxException {
         null);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
-    Assertions.assertEquals(0, listener.snapshots.size());
+    assertEquals(3, result);
+    assertEquals(0, listener.snapshots.size());
   }
 
   @Test
@@ -182,7 +201,7 @@ public void constructor() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, "<init>", "(String, Object)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "f").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     assertOneSnapshot(listener);
   }
 
@@ -193,7 +212,7 @@ public void overloadedConstructor() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, "<init>", "()");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "f").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     assertOneSnapshot(listener);
   }
 
@@ -203,11 +222,23 @@ public void veryOldClassFile() throws Exception {
     DebuggerTransformerTest.TestSnapshotListener listener =
         installSingleProbe(CLASS_NAME, "<init>", "()");
     Class<?> testClass = Class.forName(CLASS_NAME);
-    Assertions.assertNotNull(testClass);
+    assertNotNull(testClass);
     testClass.newInstance();
     assertOneSnapshot(listener);
   }
 
+  @Test
+  public void oldJavacBug() throws Exception {
+    final String CLASS_NAME = "com.datadog.debugger.classfiles.JavacBug"; // compiled with jdk 1.6
+    DebuggerTransformerTest.TestSnapshotListener listener =
+        installSingleProbe(CLASS_NAME, "main", null);
+    Class<?> testClass = Class.forName(CLASS_NAME);
+    assertNotNull(testClass);
+    int result = Reflect.on(testClass).call("main", "").get();
+    assertEquals(45, result);
+    assertEquals(0, listener.snapshots.size());
+  }
+
   @Test
   public void nestedConstructor() throws Exception {
     final String CLASS_NAME = "CapturedSnapshot02";
@@ -215,7 +246,7 @@ public void nestedConstructor() throws Exception {
         installSingleProbe(CLASS_NAME, "<init>", "(Throwable)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "init").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     assertOneSnapshot(listener);
   }
 
@@ -226,7 +257,7 @@ public void nestedConstructor2() throws Exception {
         installSingleProbe(CLASS_NAME, "<init>", "(int)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
   }
 
@@ -237,7 +268,7 @@ public void nestedConstructor3() throws Exception {
         installSingleProbe(CLASS_NAME, "<init>", "(int, int, int)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
   }
 
@@ -248,14 +279,14 @@ public void inheritedConstructor() throws Exception {
         installSingleProbe(CLASS_NAME + "$Inherited", "<init>", null);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureFields(
         snapshot.getCaptures().getEntry(), "obj2", "java.lang.Object", (String) null);
     CapturedContext.CapturedValue obj2 = snapshot.getCaptures().getReturn().getFields().get("obj2");
     Map<String, CapturedContext.CapturedValue> fields = getFields(obj2);
-    Assertions.assertEquals(24, fields.get("intValue").getValue());
-    Assertions.assertEquals(3.14, fields.get("doubleValue").getValue());
+    assertEquals(24, fields.get("intValue").getValue());
+    assertEquals(3.14, fields.get("doubleValue").getValue());
   }
 
   @Test
@@ -268,7 +299,7 @@ public void largeStackInheritedConstructor() throws Exception {
             createProbe(PROBE_ID2, CLASS_NAME, "<init>", "(String, long, String)"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     long result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(4_000_000_001L, result);
+    assertEquals(4_000_000_001L, result);
     assertSnapshots(listener, 2, PROBE_ID2, PROBE_ID1);
   }
 
@@ -282,7 +313,7 @@ public void multiMethods() throws IOException, URISyntaxException {
             createProbe(PROBE_ID2, CLASS_NAME, "f2", "(int)"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(48, result);
+    assertEquals(48, result);
     List<Snapshot> snapshots = assertSnapshots(listener, 2, PROBE_ID1, PROBE_ID2);
     Snapshot snapshot0 = snapshots.get(0);
     assertCaptureArgs(snapshot0.getCaptures().getEntry(), "value", "int", "31");
@@ -301,7 +332,7 @@ public void multiProbeSameMethod() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, probe, probe2);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(48, result);
+    assertEquals(48, result);
     List<Snapshot> snapshots = assertSnapshots(listener, 2, PROBE_ID1, PROBE_ID2);
     Snapshot snapshot0 = snapshots.get(0);
     assertCaptureArgs(snapshot0.getCaptures().getEntry(), "value", "int", "31");
@@ -315,9 +346,9 @@ private List<Snapshot> assertSnapshots(
       DebuggerTransformerTest.TestSnapshotListener listener,
       int expectedCount,
       ProbeId... probeIds) {
-    Assertions.assertEquals(expectedCount, listener.snapshots.size());
+    assertEquals(expectedCount, listener.snapshots.size());
     for (int i = 0; i < probeIds.length; i++) {
-      Assertions.assertEquals(probeIds[i].getId(), listener.snapshots.get(i).getProbe().getId());
+      assertEquals(probeIds[i].getId(), listener.snapshots.get(i).getProbe().getId());
     }
     return listener.snapshots;
   }
@@ -329,7 +360,7 @@ public void catchBlock() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, "f", "()"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "f").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     assertOneSnapshot(listener);
   }
 
@@ -346,7 +377,7 @@ public void insideSynchronizedBlock() throws IOException, URISyntaxException {
                 PROBE_ID, CLASS_NAME, "synchronizedBlock", "(int)", LINE_START + "-" + LINE_END));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "synchronizedBlock").get();
-    Assertions.assertEquals(76, result);
+    assertEquals(76, result);
     List<Snapshot> snapshots = assertSnapshots(listener, 10);
     int count = 31;
     for (int i = 0; i < 10; i++) {
@@ -374,10 +405,10 @@ public void outsideSynchronizedBlock() throws IOException, URISyntaxException {
                 PROBE_ID, CLASS_NAME, "synchronizedBlock", "(int)", LINE_START + "-" + LINE_END));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "synchronizedBlock").get();
-    Assertions.assertEquals(76, result);
+    assertEquals(76, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(2, snapshot.getCaptures().getLines().size());
     assertCaptureLocals(snapshot.getCaptures().getLines().get(LINE_START), "count", "int", "31");
     assertCaptureLocals(snapshot.getCaptures().getLines().get(LINE_END), "count", "int", "76");
@@ -390,10 +421,10 @@ public void sourceFileProbe() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createSourceFileProbe(PROBE_ID, CLASS_NAME + ".java", 4));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(48, result);
+    assertEquals(48, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     Assertions.assertEquals(CLASS_NAME, snapshot.getProbe().getLocation().getType());
     Assertions.assertEquals("f1", snapshot.getProbe().getLocation().getMethod());
@@ -407,10 +438,10 @@ public void simpleSourceFileProbe() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createSourceFileProbe(PROBE_ID, "CapturedSnapshot10.java", 11));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
+    assertEquals(2, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     Assertions.assertEquals(CLASS_NAME, snapshot.getProbe().getLocation().getType());
     Assertions.assertEquals("main", snapshot.getProbe().getLocation().getMethod());
@@ -427,10 +458,10 @@ public void sourceFileProbeFullPath() throws IOException, URISyntaxException {
             createSourceFileProbe(PROBE_ID, "src/main/java/" + DIR_CLASS_NAME + ".java", 11));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
+    assertEquals(2, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     Assertions.assertEquals(CLASS_NAME, snapshot.getProbe().getLocation().getType());
     Assertions.assertEquals("main", snapshot.getProbe().getLocation().getMethod());
@@ -447,10 +478,10 @@ public void sourceFileProbeFullPathTopLevelClass() throws IOException, URISyntax
             createSourceFileProbe(PROBE_ID, "src/main/java/" + DIR_CLASS_NAME + ".java", 21));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(42 * 42, result);
+    assertEquals(42 * 42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     Assertions.assertEquals(
         "com.datadog.debugger.TopLevel01", snapshot.getProbe().getLocation().getType());
@@ -469,21 +500,21 @@ public void methodProbeLineProbeMix() throws IOException, URISyntaxException {
             createProbe(PROBE_ID2, CLASS_NAME, "main", null));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
+    assertEquals(2, result);
     List<Snapshot> snapshots = assertSnapshots(listener, 2, PROBE_ID1, PROBE_ID2);
     Snapshot snapshot0 = snapshots.get(0);
-    Assertions.assertNull(snapshot0.getCaptures().getEntry());
-    Assertions.assertNull(snapshot0.getCaptures().getReturn());
+    assertNull(snapshot0.getCaptures().getEntry());
+    assertNull(snapshot0.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot0.getCaptures().getLines().size());
     Assertions.assertEquals(
         "com.datadog.debugger.CapturedSnapshot11", snapshot0.getProbe().getLocation().getType());
-    Assertions.assertEquals("main", snapshot0.getProbe().getLocation().getMethod());
+    assertEquals("main", snapshot0.getProbe().getLocation().getMethod());
     assertCaptureArgs(snapshot0.getCaptures().getLines().get(10), "arg", "java.lang.String", "2");
     assertCaptureLocals(snapshot0.getCaptures().getLines().get(10), "var1", "int", "1");
     Snapshot snapshot1 = snapshots.get(1);
-    Assertions.assertEquals(
+    assertEquals(
         "com.datadog.debugger.CapturedSnapshot11", snapshot1.getProbe().getLocation().getType());
-    Assertions.assertEquals("main", snapshot1.getProbe().getLocation().getMethod());
+    assertEquals("main", snapshot1.getProbe().getLocation().getMethod());
     assertCaptureArgs(snapshot1.getCaptures().getEntry(), "arg", "java.lang.String", "2");
     assertCaptureReturnValue(snapshot1.getCaptures().getReturn(), "int", "2");
   }
@@ -497,10 +528,10 @@ public void sourceFileProbeScala() throws IOException, URISyntaxException {
     String source = getFixtureContent("/" + FILE_NAME);
     Class<?> testClass = ScalaHelper.compileAndLoad(source, CLASS_NAME, FILE_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(48, result);
+    assertEquals(48, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     Assertions.assertEquals(CLASS_NAME, snapshot.getProbe().getLocation().getType());
     Assertions.assertEquals("f1", snapshot.getProbe().getLocation().getMethod());
@@ -516,10 +547,10 @@ public void sourceFileProbeGroovy() throws IOException, URISyntaxException {
     GroovyClassLoader groovyClassLoader = new GroovyClassLoader();
     Class<?> testClass = groovyClassLoader.parseClass(source);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(48, result);
+    assertEquals(48, result);
     Snapshot snapshot = assertOneSnapshot(listener);
-    Assertions.assertNull(snapshot.getCaptures().getEntry());
-    Assertions.assertNull(snapshot.getCaptures().getReturn());
+    assertNull(snapshot.getCaptures().getEntry());
+    assertNull(snapshot.getCaptures().getReturn());
     Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
     Assertions.assertEquals(CLASS_NAME, snapshot.getProbe().getLocation().getType());
     Assertions.assertEquals("f1", snapshot.getProbe().getLocation().getMethod());
@@ -532,16 +563,16 @@ public void sourceFileProbeKotlin() {
     DebuggerTransformerTest.TestSnapshotListener listener =
         installProbes(CLASS_NAME, createSourceFileProbe(PROBE_ID, CLASS_NAME + ".kt", 4));
     URL resource = CapturedSnapshotTest.class.getResource("/" + CLASS_NAME + ".kt");
-    Assertions.assertNotNull(resource);
+    assertNotNull(resource);
     List<File> filesToDelete = new ArrayList<>();
     Class<?> testClass = KotlinHelper.compileAndLoad(CLASS_NAME, resource.getFile(), filesToDelete);
     try {
       Object companion = Reflect.on(testClass).get("Companion");
       int result = Reflect.on(companion).call("main", "").get();
-      Assertions.assertEquals(48, result);
+      assertEquals(48, result);
       Snapshot snapshot = assertOneSnapshot(listener);
-      Assertions.assertNull(snapshot.getCaptures().getEntry());
-      Assertions.assertNull(snapshot.getCaptures().getReturn());
+      assertNull(snapshot.getCaptures().getEntry());
+      assertNull(snapshot.getCaptures().getReturn());
       Assertions.assertEquals(1, snapshot.getCaptures().getLines().size());
       Assertions.assertEquals(CLASS_NAME, snapshot.getProbe().getLocation().getType());
       Assertions.assertEquals("f1", snapshot.getProbe().getLocation().getMethod());
@@ -562,7 +593,7 @@ public void fieldExtractor() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, simpleDataProbe, compositeDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     List<Snapshot> snapshots = assertSnapshots(listener, 2, PROBE_ID1, PROBE_ID2);
     Snapshot simpleSnapshot = snapshots.get(0);
     Map<String, String> expectedSimpleFields = new HashMap<>();
@@ -594,7 +625,7 @@ public void fieldExtractorDeep2() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, compositeDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext.CapturedValue returnValue =
         snapshot.getCaptures().getReturn().getLocals().get("@return");
@@ -604,11 +635,10 @@ public void fieldExtractorDeep2() throws IOException, URISyntaxException {
     CapturedContext.CapturedValue s1 = fields.get("s1");
     Map<String, CapturedContext.CapturedValue> s1Fields =
         (Map<String, CapturedContext.CapturedValue>) s1.getValue();
-    Assertions.assertEquals("101", String.valueOf(s1Fields.get("intValue").getValue()));
-    Assertions.assertEquals("foo1", s1Fields.get("strValue").getValue());
-    Assertions.assertEquals("null", String.valueOf(s1Fields.get("listValue").getValue()));
-    Assertions.assertEquals(
-        DEPTH_REASON, String.valueOf(s1Fields.get("listValue").getNotCapturedReason()));
+    assertEquals("101", String.valueOf(s1Fields.get("intValue").getValue()));
+    assertEquals("foo1", s1Fields.get("strValue").getValue());
+    assertEquals("null", String.valueOf(s1Fields.get("listValue").getValue()));
+    assertEquals(DEPTH_REASON, String.valueOf(s1Fields.get("listValue").getNotCapturedReason()));
   }
 
   @Test
@@ -620,7 +650,7 @@ public void fieldExtractorLength() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, simpleDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     Map<String, String> expectedFields = new HashMap<>();
     expectedFields.put("intValue", "42");
@@ -639,14 +669,13 @@ public void fieldExtractorDisabled() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, simpleDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext.CapturedValue simpleData =
         snapshot.getCaptures().getReturn().getLocals().get("simpleData");
     Map<String, CapturedContext.CapturedValue> fields = getFields(simpleData);
-    Assertions.assertEquals(1, fields.size());
-    Assertions.assertEquals(
-        DEPTH_REASON, fields.get("@" + NOT_CAPTURED_REASON).getNotCapturedReason());
+    assertEquals(1, fields.size());
+    assertEquals(DEPTH_REASON, fields.get("@" + NOT_CAPTURED_REASON).getNotCapturedReason());
   }
 
   @Test
@@ -658,13 +687,13 @@ public void fieldExtractorDepth0() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, simpleDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext.CapturedValue simpleData =
         snapshot.getCaptures().getReturn().getLocals().get("simpleData");
     Map<String, CapturedContext.CapturedValue> simpleDataFields = getFields(simpleData);
-    Assertions.assertEquals(1, simpleDataFields.size());
-    Assertions.assertEquals(
+    assertEquals(1, simpleDataFields.size());
+    assertEquals(
         DEPTH_REASON, simpleDataFields.get("@" + NOT_CAPTURED_REASON).getNotCapturedReason());
   }
 
@@ -677,15 +706,15 @@ public void fieldExtractorDepth1() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, simpleDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext.CapturedValue simpleData =
         snapshot.getCaptures().getReturn().getLocals().get("simpleData");
     Map<String, CapturedContext.CapturedValue> simpleDataFields = getFields(simpleData);
-    Assertions.assertEquals(4, simpleDataFields.size());
-    Assertions.assertEquals("foo", simpleDataFields.get("strValue").getValue());
-    Assertions.assertEquals(42, simpleDataFields.get("intValue").getValue());
-    Assertions.assertEquals(DEPTH_REASON, simpleDataFields.get("listValue").getNotCapturedReason());
+    assertEquals(4, simpleDataFields.size());
+    assertEquals("foo", simpleDataFields.get("strValue").getValue());
+    assertEquals(42, simpleDataFields.get("intValue").getValue());
+    assertEquals(DEPTH_REASON, simpleDataFields.get("listValue").getNotCapturedReason());
   }
 
   @Test
@@ -698,29 +727,28 @@ public void fieldExtractorCount2() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, compositeDataProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(143, result);
+    assertEquals(143, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext.CapturedValue returnValue =
         snapshot.getCaptures().getReturn().getLocals().get("@return");
-    Assertions.assertEquals("CapturedSnapshot04$CompositeData", returnValue.getType());
+    assertEquals("CapturedSnapshot04$CompositeData", returnValue.getType());
     Map<String, CapturedContext.CapturedValue> fields = getFields(returnValue);
-    Assertions.assertEquals(3, fields.size());
-    Assertions.assertEquals(
-        FIELD_COUNT_REASON, fields.get("@" + NOT_CAPTURED_REASON).getNotCapturedReason());
+    assertEquals(3, fields.size());
+    assertEquals(FIELD_COUNT_REASON, fields.get("@" + NOT_CAPTURED_REASON).getNotCapturedReason());
     Map<String, CapturedContext.CapturedValue> s1Fields =
         (Map<String, CapturedContext.CapturedValue>) fields.get("s1").getValue();
-    Assertions.assertEquals("foo1", s1Fields.get("strValue").getValue());
-    Assertions.assertEquals(101, s1Fields.get("intValue").getValue());
+    assertEquals("foo1", s1Fields.get("strValue").getValue());
+    assertEquals(101, s1Fields.get("intValue").getValue());
     Map<String, CapturedContext.CapturedValue> s2Fields =
         (Map<String, CapturedContext.CapturedValue>) fields.get("s2").getValue();
-    Assertions.assertEquals("foo2", s2Fields.get("strValue").getValue());
-    Assertions.assertEquals(202, s2Fields.get("intValue").getValue());
+    assertEquals("foo2", s2Fields.get("strValue").getValue());
+    assertEquals(202, s2Fields.get("intValue").getValue());
 
     CapturedContext.CapturedValue compositeData =
         snapshot.getCaptures().getReturn().getLocals().get("compositeData");
     Map<String, CapturedContext.CapturedValue> compositeDataFields = getFields(compositeData);
-    Assertions.assertEquals(3, compositeDataFields.size());
-    Assertions.assertEquals(
+    assertEquals(3, compositeDataFields.size());
+    assertEquals(
         FIELD_COUNT_REASON,
         compositeDataFields.get("@" + NOT_CAPTURED_REASON).getNotCapturedReason());
     assertTrue(compositeDataFields.containsKey("s1"));
@@ -738,7 +766,7 @@ public void uncaughtException() throws IOException, URISyntaxException {
       Reflect.on(testClass).call("main", "triggerUncaughtException").get();
       Assertions.fail("should not reach this code");
     } catch (ReflectException ex) {
-      Assertions.assertEquals("oops", ex.getCause().getCause().getMessage());
+      assertEquals("oops", ex.getCause().getCause().getMessage());
     }
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureThrowable(
@@ -757,7 +785,7 @@ public void caughtException() throws IOException, URISyntaxException {
             CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, "triggerCaughtException", "()"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "triggerCaughtException").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureThrowable(
         snapshot.getCaptures().getCaughtExceptions().get(0),
@@ -781,7 +809,7 @@ public void rateLimitSnapshot() throws IOException, URISyntaxException {
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     for (int i = 0; i < 100; i++) {
       int result = Reflect.on(testClass).call("main", "1").get();
-      Assertions.assertEquals(3, result);
+      assertEquals(3, result);
     }
     assertTrue(listener.snapshots.size() < 20);
   }
@@ -801,7 +829,7 @@ public void globalRateLimitSnapshot() throws IOException, URISyntaxException {
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     for (int i = 0; i < 100; i++) {
       int result = Reflect.on(testClass).call("main", "").get();
-      Assertions.assertEquals(48, result);
+      assertEquals(48, result);
     }
     assertTrue(listener.snapshots.size() < 20, "actual snapshots: " + listener.snapshots.size());
   }
@@ -838,7 +866,7 @@ public void simpleConditionTest() throws IOException, URISyntaxException {
       int result = Reflect.on(testClass).call("main", String.valueOf(i)).get();
       assertTrue((i == 2 && result == 2) || result == 3);
     }
-    Assertions.assertEquals(1, listener.snapshots.size());
+    assertEquals(1, listener.snapshots.size());
     assertCaptureArgs(
         listener.snapshots.get(0).getCaptures().getReturn(), "arg", "java.lang.String", "5");
   }
@@ -856,7 +884,7 @@ public void staticFieldCondition() throws IOException, URISyntaxException {
     DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "0").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     Map<String, CapturedContext.CapturedValue> staticFields =
         snapshot.getCaptures().getReturn().getStaticFields();
@@ -879,8 +907,8 @@ public void simpleFalseConditionTest() throws IOException, URISyntaxException {
     DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "0").get();
-    Assertions.assertEquals(3, result);
-    Assertions.assertEquals(0, listener.snapshots.size());
+    assertEquals(3, result);
+    assertEquals(0, listener.snapshots.size());
   }
 
   @Test
@@ -901,10 +929,10 @@ public void nullCondition() throws IOException, URISyntaxException {
     DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbes);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(1, listener.snapshots.size());
+    assertEquals(1, listener.snapshots.size());
     List<EvaluationError> evaluationErrors = listener.snapshots.get(0).getEvaluationErrors();
     Assertions.assertEquals(1, evaluationErrors.size());
-    Assertions.assertEquals("fld", evaluationErrors.get(0).getExpr());
+    Assertions.assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
     Assertions.assertEquals(
         "Cannot dereference to field: fld", evaluationErrors.get(0).getMessage());
   }
@@ -963,8 +991,8 @@ private List<Snapshot> doMergedProbeConditions(
         installProbes(CLASS_NAME, probe1, probe2);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
-    Assertions.assertEquals(expectedSnapshots, listener.snapshots.size());
+    assertEquals(3, result);
+    assertEquals(expectedSnapshots, listener.snapshots.size());
     return listener.snapshots;
   }
 
@@ -983,7 +1011,7 @@ public void mergedProbesConditionMainErrorAdditionalFalse()
     List<Snapshot> snapshots = doMergedProbeConditions(condition1, condition2, 1);
     List<EvaluationError> evaluationErrors = snapshots.get(0).getEvaluationErrors();
     Assertions.assertEquals(1, evaluationErrors.size());
-    Assertions.assertEquals("fld", evaluationErrors.get(0).getExpr());
+    Assertions.assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
     Assertions.assertEquals(
         "Cannot dereference to field: fld", evaluationErrors.get(0).getMessage());
   }
@@ -1003,10 +1031,10 @@ public void mergedProbesConditionMainErrorAdditionalTrue()
     List<Snapshot> snapshots = doMergedProbeConditions(condition1, condition2, 2);
     List<EvaluationError> evaluationErrors = snapshots.get(0).getEvaluationErrors();
     Assertions.assertEquals(1, evaluationErrors.size());
-    Assertions.assertEquals("fld", evaluationErrors.get(0).getExpr());
+    Assertions.assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
     Assertions.assertEquals(
         "Cannot dereference to field: fld", evaluationErrors.get(0).getMessage());
-    Assertions.assertNull(snapshots.get(1).getEvaluationErrors());
+    assertNull(snapshots.get(1).getEvaluationErrors());
   }
 
   @Test
@@ -1024,7 +1052,7 @@ public void mergedProbesConditionMainFalseAdditionalError()
     List<Snapshot> snapshots = doMergedProbeConditions(condition1, condition2, 1);
     List<EvaluationError> evaluationErrors = snapshots.get(0).getEvaluationErrors();
     Assertions.assertEquals(1, evaluationErrors.size());
-    Assertions.assertEquals("fld", evaluationErrors.get(0).getExpr());
+    Assertions.assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
     Assertions.assertEquals(
         "Cannot dereference to field: fld", evaluationErrors.get(0).getMessage());
   }
@@ -1042,10 +1070,10 @@ public void mergedProbesConditionMainTrueAdditionalError()
                     DSL.value("hello"))),
             "nullTyped.fld.fld.msg == 'hello'");
     List<Snapshot> snapshots = doMergedProbeConditions(condition1, condition2, 2);
-    Assertions.assertNull(snapshots.get(0).getEvaluationErrors());
+    assertNull(snapshots.get(0).getEvaluationErrors());
     List<EvaluationError> evaluationErrors = snapshots.get(1).getEvaluationErrors();
     Assertions.assertEquals(1, evaluationErrors.size());
-    Assertions.assertEquals("fld", evaluationErrors.get(0).getExpr());
+    Assertions.assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
     Assertions.assertEquals(
         "Cannot dereference to field: fld", evaluationErrors.get(0).getMessage());
   }
@@ -1071,8 +1099,8 @@ public void mergedProbesConditionMixedLocation() throws IOException, URISyntaxEx
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(3, result);
     Assertions.assertEquals(2, listener.snapshots.size());
-    Assertions.assertNull(listener.snapshots.get(0).getEvaluationErrors());
-    Assertions.assertNull(listener.snapshots.get(1).getEvaluationErrors());
+    assertNull(listener.snapshots.get(0).getEvaluationErrors());
+    assertNull(listener.snapshots.get(1).getEvaluationErrors());
   }
 
   @Test
@@ -1082,7 +1110,7 @@ public void fields() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, "f", "()"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "f").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureFieldCount(snapshot.getCaptures().getEntry(), 5);
     assertCaptureFields(snapshot.getCaptures().getEntry(), "intValue", "int", "24");
@@ -1123,7 +1151,7 @@ public void inheritedFields() throws IOException, URISyntaxException {
         installProbes(INHERITED_CLASS_NAME, probe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "inherited").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     // Only Declared fields in the current class are captured, not inherited fields
     assertCaptureFieldCount(snapshot.getCaptures().getEntry(), 5);
@@ -1143,7 +1171,7 @@ public void staticFields() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, "<init>", "()");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     long result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(4_000_000_001L, result);
+    assertEquals(4_000_000_001L, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     Map<String, CapturedContext.CapturedValue> staticFields =
         snapshot.getCaptures().getEntry().getStaticFields();
@@ -1168,7 +1196,7 @@ public void staticInheritedFields() throws IOException, URISyntaxException {
         installProbes(INHERITED_CLASS_NAME, logProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "inherited").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     Map<String, CapturedContext.CapturedValue> staticFields =
         snapshot.getCaptures().getReturn().getStaticFields();
@@ -1188,10 +1216,10 @@ public void staticLambda() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, null, null, "33"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "static", "email@address").get();
-    Assertions.assertEquals(8, result);
+    assertEquals(8, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext context = snapshot.getCaptures().getLines().get(33);
-    Assertions.assertNotNull(context);
+    assertNotNull(context);
     assertCaptureLocals(context, "idx", "int", "5");
   }
 
@@ -1205,10 +1233,10 @@ public void capturingLambda() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, null, null, "44"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "capturing", "email@address").get();
-    Assertions.assertEquals(8, result);
+    assertEquals(8, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     CapturedContext context = snapshot.getCaptures().getLines().get(44);
-    Assertions.assertNotNull(context);
+    assertNotNull(context);
     assertCaptureLocals(context, "idx", "int", "5");
     assertCaptureFields(context, "strValue", "java.lang.String", "email@address");
   }
@@ -1233,7 +1261,7 @@ public void tracerInstrumentedClass() throws Exception {
     // it's important there is no null key in this map, as Jackson is not happy about it
     // it's means here that argument names are not resolved correctly
     Assertions.assertFalse(arguments.containsKey(null));
-    Assertions.assertEquals(4, arguments.size());
+    assertEquals(4, arguments.size());
     assertTrue(arguments.containsKey("this"));
     assertTrue(arguments.containsKey("apiKey"));
     assertTrue(arguments.containsKey("uriInfo"));
@@ -1249,13 +1277,14 @@ public void noCodeMethods() throws Exception {
         installProbes(CLASS_NAME, nativeMethodProbe, abstractMethodProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(1, result);
-    Assertions.assertEquals(
-        "Cannot instrument an abstract or native method",
-        listener.errors.get(PROBE_ID1.getId()).get(0).getMessage());
-    Assertions.assertEquals(
-        "Cannot instrument an abstract or native method",
-        listener.errors.get(PROBE_ID2.getId()).get(0).getMessage());
+    assertEquals(1, result);
+    ArgumentCaptor<ProbeId> probeIdCaptor = ArgumentCaptor.forClass(ProbeId.class);
+    ArgumentCaptor<String> strCaptor = ArgumentCaptor.forClass(String.class);
+    verify(probeStatusSink, times(2)).addError(probeIdCaptor.capture(), strCaptor.capture());
+    assertEquals(PROBE_ID1.getId(), probeIdCaptor.getAllValues().get(0).getId());
+    assertEquals("Cannot instrument an abstract or native method", strCaptor.getAllValues().get(0));
+    assertEquals(PROBE_ID2.getId(), probeIdCaptor.getAllValues().get(1).getId());
+    assertEquals("Cannot instrument an abstract or native method", strCaptor.getAllValues().get(1));
   }
 
   @Test
@@ -1270,7 +1299,7 @@ public void duplicateClassDefinition() throws Exception {
     DebuggerTransformerTest.TestSnapshotListener listener =
         installProbes(CLASS_NAME, abstractMethodProbe);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
-    Assertions.assertNotNull(testClass);
+    assertNotNull(testClass);
   }
 
   @Test
@@ -1280,7 +1309,7 @@ public void overloadedMethods() throws Exception {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, "overload", null));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(63, result);
+    assertEquals(63, result);
     List<Snapshot> snapshots = assertSnapshots(listener, 4, PROBE_ID, PROBE_ID, PROBE_ID, PROBE_ID);
     assertCaptureReturnValue(snapshots.get(0).getCaptures().getReturn(), "int", "42");
     assertCaptureArgs(snapshots.get(1).getCaptures().getEntry(), "s", "java.lang.String", "1");
@@ -1296,7 +1325,7 @@ public void noDebugInfoEmptyMethod() throws Exception {
     Map<String, byte[]> classFileBuffers = compile(CLASS_NAME, SourceCompiler.DebugInfo.NONE);
     Class<?> testClass = loadClass(CLASS_NAME, classFileBuffers);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(48, result);
+    assertEquals(48, result);
     assertOneSnapshot(listener);
   }
 
@@ -1313,8 +1342,8 @@ public void instrumentTheWorld() throws Exception {
       instr.removeTransformer(currentTransformer);
     }
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
-    Assertions.assertEquals(1, listener.snapshots.size());
+    assertEquals(2, result);
+    assertEquals(1, listener.snapshots.size());
     ProbeImplementation probeImplementation = listener.snapshots.get(0).getProbe();
     assertTrue(probeImplementation.isCaptureSnapshot());
     assertEquals("main", probeImplementation.getLocation().getMethod());
@@ -1335,8 +1364,8 @@ public void instrumentTheWorld_excludeClass(String excludeFileName) throws Excep
       instr.removeTransformer(currentTransformer);
     }
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
-    Assertions.assertEquals(0, listener.snapshots.size());
+    assertEquals(2, result);
+    assertEquals(0, listener.snapshots.size());
   }
 
   @Test
@@ -1346,7 +1375,7 @@ public void objectDynamicType() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, "processWithArg", null));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(50, result);
+    assertEquals(50, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureArgs(snapshot.getCaptures().getEntry(), "obj", "java.lang.Integer", "42");
     assertCaptureFields(
@@ -1362,7 +1391,7 @@ public void exceptionAsLocalVariable() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, null, null, "14"));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(42, result);
+    assertEquals(42, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     Map<String, String> expectedFields = new HashMap<>();
     expectedFields.put("detailMessage", "For input string: \"a\"");
@@ -1385,7 +1414,7 @@ public void evaluateAtEntry() throws IOException, URISyntaxException {
     DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbes);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
+    assertEquals(3, result);
     assertOneSnapshot(listener);
   }
 
@@ -1402,7 +1431,7 @@ public void evaluateAtExit() throws IOException, URISyntaxException {
     DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbes);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
+    assertEquals(3, result);
     assertOneSnapshot(listener);
   }
 
@@ -1419,10 +1448,10 @@ public void evaluateAtExitFalse() throws IOException, URISyntaxException {
     DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbes);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    Assertions.assertEquals(3, result);
-    Assertions.assertEquals(0, listener.snapshots.size());
+    assertEquals(3, result);
+    assertEquals(0, listener.snapshots.size());
     assertTrue(listener.skipped);
-    Assertions.assertEquals(DebuggerContext.SkipCause.CONDITION, listener.cause);
+    assertEquals(DebuggerContext.SkipCause.CONDITION, listener.cause);
   }
 
   @Test
@@ -1439,7 +1468,7 @@ public void uncaughtExceptionConditionLocalVar() throws IOException, URISyntaxEx
       Reflect.on(testClass).call("main", "triggerUncaughtException").get();
       Assertions.fail("should not reach this code");
     } catch (ReflectException ex) {
-      Assertions.assertEquals("oops", ex.getCause().getCause().getMessage());
+      assertEquals("oops", ex.getCause().getCause().getMessage());
     }
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureThrowable(
@@ -1448,10 +1477,9 @@ public void uncaughtExceptionConditionLocalVar() throws IOException, URISyntaxEx
         "oops",
         "CapturedSnapshot05.triggerUncaughtException",
         7);
-    Assertions.assertEquals(2, snapshot.getEvaluationErrors().size());
-    Assertions.assertEquals(
-        "Cannot find symbol: after", snapshot.getEvaluationErrors().get(0).getMessage());
-    Assertions.assertEquals(
+    assertEquals(2, snapshot.getEvaluationErrors().size());
+    assertEquals("Cannot find symbol: after", snapshot.getEvaluationErrors().get(0).getMessage());
+    assertEquals(
         "java.lang.IllegalStateException: oops",
         snapshot.getEvaluationErrors().get(1).getMessage());
   }
@@ -1464,7 +1492,7 @@ public void enumConstructorArgs() throws IOException, URISyntaxException {
         installProbes(ENUM_CLASS, createProbe(PROBE_ID, ENUM_CLASS, "<init>", null));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(2, result);
+    assertEquals(2, result);
     assertSnapshots(listener, 3, PROBE_ID);
     Map<String, CapturedContext.CapturedValue> arguments =
         listener.snapshots.get(0).getCaptures().getEntry().getArguments();
@@ -1481,7 +1509,7 @@ public void enumValues() throws IOException, URISyntaxException {
         installProbes(CLASS_NAME, createProbe(PROBE_ID, CLASS_NAME, "convert", null));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "2").get();
-    Assertions.assertEquals(2, result);
+    assertEquals(2, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureReturnValue(
         snapshot.getCaptures().getReturn(),
@@ -1497,7 +1525,7 @@ public void recursiveCapture() throws IOException, URISyntaxException {
         installProbes(INNER_CLASS, createProbe(PROBE_ID, INNER_CLASS, "size", null));
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "").get();
-    Assertions.assertEquals(1, result);
+    assertEquals(1, result);
   }
 
   @Test
@@ -1511,10 +1539,45 @@ public void recursiveCaptureException() throws IOException, URISyntaxException {
       Reflect.on(testClass).call("main", "exception").get();
       Assertions.fail("should not reach this code");
     } catch (ReflectException ex) {
-      Assertions.assertEquals("not supported", ex.getCause().getCause().getMessage());
+      assertEquals("not supported", ex.getCause().getCause().getMessage());
     }
   }
 
+  @Test
+  public void unknownCollectionCount() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot24";
+    Snapshot snapshot = doUnknownCount(CLASS_NAME);
+    assertEquals(
+        "Unsupported Collection class: com.datadog.debugger.CapturedSnapshot24$Holder",
+        snapshot.getEvaluationErrors().get(0).getMessage());
+  }
+
+  @Test
+  public void unknownMapCount() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot26";
+    Snapshot snapshot = doUnknownCount(CLASS_NAME);
+    assertEquals(
+        "Unsupported Map class: com.datadog.debugger.CapturedSnapshot26$Holder",
+        snapshot.getEvaluationErrors().get(0).getMessage());
+  }
+
+  private Snapshot doUnknownCount(String CLASS_NAME) throws IOException, URISyntaxException {
+    LogProbe logProbe =
+        createProbeBuilder(PROBE_ID, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(DSL.ge(DSL.len(DSL.ref("holder")), DSL.value(0))), "len(holder) >= 0"))
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, logProbe);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "").get();
+    Assertions.assertEquals(1, result);
+    Snapshot snapshot = assertOneSnapshot(listener);
+    assertEquals(1, snapshot.getEvaluationErrors().size());
+    assertEquals("len(holder)", snapshot.getEvaluationErrors().get(0).getExpr());
+    return snapshot;
+  }
+
   @Test
   public void beforeForLoopLineProbe() throws IOException, URISyntaxException {
     final String CLASS_NAME = "CapturedSnapshot02";
@@ -1522,11 +1585,283 @@ public void beforeForLoopLineProbe() throws IOException, URISyntaxException {
         installSingleProbe(CLASS_NAME, null, null, "46");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "synchronizedBlock").get();
-    Assertions.assertEquals(76, result);
+    assertEquals(76, result);
     Snapshot snapshot = assertOneSnapshot(listener);
     assertCaptureLocals(snapshot.getCaptures().getLines().get(46), "count", "int", "31");
   }
 
+  @Test
+  public void dupLineProbeSameTemplate() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "CapturedSnapshot08";
+    final String LOG_TEMPLATE = "msg1={typed.fld.fld.msg}";
+    LogProbe probe1 =
+        createProbeBuilder(PROBE_ID1, CLASS_NAME, null, null, "39")
+            .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
+            .build();
+    LogProbe probe2 =
+        createProbeBuilder(PROBE_ID2, CLASS_NAME, null, null, "39")
+            .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener =
+        installProbes(CLASS_NAME, probe1, probe2);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "1").get();
+    assertEquals(3, result);
+    List<Snapshot> snapshots = assertSnapshots(listener, 2, PROBE_ID1, PROBE_ID2);
+    for (Snapshot snapshot : snapshots) {
+      assertEquals("msg1=hello", snapshot.getMessage());
+    }
+  }
+
+  @Test
+  public void keywordRedaction() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot27";
+    final String LOG_TEMPLATE =
+        "arg={arg} secret={secret} password={this.password} fromMap={strMap['password']}";
+    LogProbe probe1 =
+        createProbeBuilder(PROBE_ID, CLASS_NAME, "doit", null)
+            .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, probe1);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    Assertions.assertEquals(42, result);
+    Snapshot snapshot = assertOneSnapshot(listener);
+    assertEquals(
+        "arg=secret123 secret={"
+            + REDACTED_VALUE
+            + "} password={"
+            + REDACTED_VALUE
+            + "} fromMap={"
+            + REDACTED_VALUE
+            + "}",
+        snapshot.getMessage());
+    CapturedContext.CapturedValue secretLocalVar =
+        snapshot.getCaptures().getReturn().getLocals().get("secret");
+    CapturedContext.CapturedValue secretValued =
+        VALUE_ADAPTER.fromJson(secretLocalVar.getStrValue());
+    assertEquals(REDACTED_IDENT_REASON, secretValued.getNotCapturedReason());
+    Map<String, CapturedContext.CapturedValue> thisFields =
+        getFields(snapshot.getCaptures().getReturn().getArguments().get("this"));
+    CapturedContext.CapturedValue passwordField = thisFields.get("password");
+    assertEquals(REDACTED_IDENT_REASON, passwordField.getNotCapturedReason());
+    Map<String, String> strMap = (Map<String, String>) thisFields.get("strMap").getValue();
+    assertNull(strMap.get("password"));
+  }
+
+  @Test
+  public void keywordRedactionConditions() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot27";
+    LogProbe probe1 =
+        createProbeBuilder(PROBE_ID1, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(
+                        DSL.contains(
+                            DSL.getMember(DSL.ref("this"), "password"), new StringValue("123"))),
+                    "contains(this.password, '123')"))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    LogProbe probe2 =
+        createProbeBuilder(PROBE_ID2, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(DSL.eq(DSL.ref("password"), DSL.value("123"))), "password == '123'"))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    LogProbe probe3 =
+        createProbeBuilder(PROBE_ID3, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(
+                        DSL.eq(
+                            DSL.index(DSL.ref("strMap"), DSL.value("password")), DSL.value("123"))),
+                    "strMap['password'] == '123'"))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener =
+        installProbes(CLASS_NAME, probe1, probe2, probe3);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    Assertions.assertEquals(42, result);
+    List<Snapshot> snapshots = assertSnapshots(listener, 3, PROBE_ID1, PROBE_ID2, PROBE_ID3);
+    assertEquals(1, snapshots.get(0).getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'this.password' was redacted",
+        snapshots.get(0).getEvaluationErrors().get(0).getMessage());
+    assertEquals(1, snapshots.get(1).getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'password' was redacted",
+        snapshots.get(1).getEvaluationErrors().get(0).getMessage());
+    assertEquals(1, snapshots.get(2).getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'strMap[\"password\"]' was redacted",
+        snapshots.get(2).getEvaluationErrors().get(0).getMessage());
+  }
+
+  @Test
+  public void typeRedactionBlockedProbe() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot27";
+    Config config = mock(Config.class);
+    when(config.getDebuggerRedactedTypes()).thenReturn("com.datadog.debugger.CapturedSnapshot27");
+    Redaction.addUserDefinedTypes(config);
+    LogProbe probe1 =
+        createProbeBuilder(PROBE_ID, CLASS_NAME, "doit", null)
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, probe1);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    Assertions.assertEquals(42, result);
+    assertEquals(0, listener.snapshots.size());
+    InstrumentationResult instrumentationResult =
+        instrumentationListener.results.get(PROBE_ID.getId());
+    assertTrue(instrumentationResult.isBlocked());
+  }
+
+  @Test
+  public void typeRedactionSnapshot() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot27";
+    final String LOG_TEMPLATE =
+        "arg={arg} credentials={creds} user={this.creds.user} code={creds.secretCode} dave={credMap['dave'].user}";
+    Config config = mock(Config.class);
+    when(config.getDebuggerRedactedTypes())
+        .thenReturn("com.datadog.debugger.CapturedSnapshot27$Creds");
+    Redaction.addUserDefinedTypes(config);
+    LogProbe probe1 =
+        createProbeBuilder(PROBE_ID, CLASS_NAME, "doit", null)
+            .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener = installProbes(CLASS_NAME, probe1);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    Assertions.assertEquals(42, result);
+    Snapshot snapshot = assertOneSnapshot(listener);
+    assertEquals(
+        "arg=secret123 credentials={"
+            + REDACTED_VALUE
+            + "} user={"
+            + REDACTED_VALUE
+            + "} code={"
+            + REDACTED_VALUE
+            + "} dave={"
+            + REDACTED_VALUE
+            + "}",
+        snapshot.getMessage());
+    Map<String, CapturedContext.CapturedValue> thisFields =
+        getFields(snapshot.getCaptures().getReturn().getArguments().get("this"));
+    CapturedContext.CapturedValue credsField = thisFields.get("creds");
+    assertEquals(REDACTED_TYPE_REASON, credsField.getNotCapturedReason());
+    Map<String, String> credMap = (Map<String, String>) thisFields.get("credMap").getValue();
+    assertNull(credMap.get("dave"));
+  }
+
+  @Test
+  public void typeRedactionCondition() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot27";
+    Config config = mock(Config.class);
+    when(config.getDebuggerRedactedTypes())
+        .thenReturn("com.datadog.debugger.CapturedSnapshot27$Creds");
+    Redaction.addUserDefinedTypes(config);
+    LogProbe probe1 =
+        createProbeBuilder(PROBE_ID1, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(
+                        DSL.contains(
+                            DSL.getMember(DSL.getMember(DSL.ref("this"), "creds"), "secretCode"),
+                            new StringValue("123"))),
+                    "contains(this.creds.secretCode, '123')"))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    LogProbe probe2 =
+        createProbeBuilder(PROBE_ID2, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(
+                        DSL.eq(DSL.getMember(DSL.ref("creds"), "secretCode"), DSL.value("123"))),
+                    "creds.secretCode == '123'"))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    LogProbe probe3 =
+        createProbeBuilder(PROBE_ID3, CLASS_NAME, "doit", null)
+            .when(
+                new ProbeCondition(
+                    DSL.when(
+                        DSL.eq(DSL.index(DSL.ref("credMap"), DSL.value("dave")), DSL.value("123"))),
+                    "credMap['dave'] == '123'"))
+            .captureSnapshot(true)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    DebuggerTransformerTest.TestSnapshotListener listener =
+        installProbes(CLASS_NAME, probe1, probe2, probe3);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    Assertions.assertEquals(42, result);
+    List<Snapshot> snapshots = assertSnapshots(listener, 3, PROBE_ID1, PROBE_ID2, PROBE_ID3);
+    assertEquals(1, snapshots.get(0).getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'this.creds' was redacted",
+        snapshots.get(0).getEvaluationErrors().get(0).getMessage());
+    assertEquals(1, snapshots.get(1).getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'creds' was redacted",
+        snapshots.get(1).getEvaluationErrors().get(0).getMessage());
+    assertEquals(1, snapshots.get(2).getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'credMap[\"dave\"]' was redacted",
+        snapshots.get(2).getEvaluationErrors().get(0).getMessage());
+  }
+
+  @Test
+  public void samplingMethodProbe() throws IOException, URISyntaxException {
+    doSamplingTest(this::methodProbe, 1, 1);
+  }
+
+  @Test
+  public void samplingProbeCondition() throws IOException, URISyntaxException {
+    doSamplingTest(this::simpleConditionTest, 1, 1);
+  }
+
+  @Test
+  public void samplingDupMethodProbeCondition() throws IOException, URISyntaxException {
+    doSamplingTest(this::mergedProbesWithAdditionalProbeConditionTest, 2, 2);
+  }
+
+  @Test
+  public void samplingLineProbe() throws IOException, URISyntaxException {
+    doSamplingTest(this::singleLineProbe, 1, 1);
+  }
+
+  interface TestMethod {
+    void run() throws IOException, URISyntaxException;
+  }
+
+  private void doSamplingTest(TestMethod testRun, int expectedGlobalCount, int expectedProbeCount)
+      throws IOException, URISyntaxException {
+    MockSampler probeSampler = new MockSampler();
+    MockSampler globalSampler = new MockSampler();
+    ProbeRateLimiter.setSamplerSupplier(rate -> rate < 101 ? probeSampler : globalSampler);
+    ProbeRateLimiter.setGlobalSnapshotRate(1000);
+    try {
+      testRun.run();
+    } finally {
+      ProbeRateLimiter.setSamplerSupplier(null);
+    }
+    assertEquals(expectedGlobalCount, globalSampler.callCount);
+    assertEquals(expectedProbeCount, probeSampler.callCount);
+  }
+
   private DebuggerTransformerTest.TestSnapshotListener setupInstrumentTheWorldTransformer(
       String excludeFileName) {
     Config config = mock(Config.class);
@@ -1534,11 +1869,16 @@ private DebuggerTransformerTest.TestSnapshotListener setupInstrumentTheWorldTran
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
     when(config.isDebuggerInstrumentTheWorld()).thenReturn(true);
     when(config.getDebuggerExcludeFiles()).thenReturn(excludeFileName);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    when(config.getDebuggerUploadBatchSize()).thenReturn(100);
     DebuggerTransformerTest.TestSnapshotListener listener =
         new DebuggerTransformerTest.TestSnapshotListener();
     DebuggerAgentHelper.injectSink(listener);
     currentTransformer =
-        DebuggerAgent.setupInstrumentTheWorldTransformer(config, instr, listener, null);
+        DebuggerAgent.setupInstrumentTheWorldTransformer(
+            config, instr, new DebuggerSink(config), null);
     DebuggerContext.initClassFilter(new DenyListHelper(null));
     return listener;
   }
@@ -1558,9 +1898,9 @@ private void setCorrelationSingleton(Object instance) {
   }
 
   private Snapshot assertOneSnapshot(DebuggerTransformerTest.TestSnapshotListener listener) {
-    Assertions.assertEquals(1, listener.snapshots.size());
+    assertEquals(1, listener.snapshots.size());
     Snapshot snapshot = listener.snapshots.get(0);
-    Assertions.assertEquals(PROBE_ID.getId(), snapshot.getProbe().getId());
+    assertEquals(PROBE_ID.getId(), snapshot.getProbe().getId());
     return snapshot;
   }
 
@@ -1576,8 +1916,18 @@ private DebuggerTransformerTest.TestSnapshotListener installProbes(
     when(config.isDebuggerEnabled()).thenReturn(true);
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
     when(config.isDebuggerVerifyByteCode()).thenReturn(true);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
     Collection<LogProbe> logProbes = configuration.getLogProbes();
-    currentTransformer = new DebuggerTransformer(config, configuration, null);
+    instrumentationListener = new MockInstrumentationListener();
+    probeStatusSink = mock(ProbeStatusSink.class);
+    currentTransformer =
+        new DebuggerTransformer(
+            config,
+            configuration,
+            instrumentationListener,
+            new DebuggerSink(config, probeStatusSink));
     instr.addTransformer(currentTransformer);
     DebuggerTransformerTest.TestSnapshotListener listener =
         new DebuggerTransformerTest.TestSnapshotListener();
@@ -1600,7 +1950,7 @@ private DebuggerTransformerTest.TestSnapshotListener installProbes(
 
   private ProbeImplementation resolver(
       String id, Class<?> callingClass, String expectedClassName, Collection<LogProbe> logProbes) {
-    Assertions.assertEquals(expectedClassName, callingClass.getName());
+    assertEquals(expectedClassName, callingClass.getName());
     for (LogProbe probe : logProbes) {
       if (probe.getId().equals(id)) {
         return probe;
@@ -1622,30 +1972,29 @@ private DebuggerTransformerTest.TestSnapshotListener installProbes(
   private void assertCaptureArgs(
       CapturedContext context, String name, String typeName, String value) {
     CapturedContext.CapturedValue capturedValue = context.getArguments().get(name);
-    Assertions.assertEquals(typeName, capturedValue.getType());
-    Assertions.assertEquals(value, getValue(capturedValue));
+    assertEquals(typeName, capturedValue.getType());
+    assertEquals(value, getValue(capturedValue));
   }
 
   private void assertCaptureLocals(
       CapturedContext context, String name, String typeName, String value) {
     CapturedContext.CapturedValue localVar = context.getLocals().get(name);
-    Assertions.assertEquals(typeName, localVar.getType());
-    Assertions.assertEquals(value, getValue(localVar));
+    assertEquals(typeName, localVar.getType());
+    assertEquals(value, getValue(localVar));
   }
 
   private void assertCaptureLocals(
       CapturedContext context, String name, String typeName, Map<String, String> expectedFields) {
     CapturedContext.CapturedValue localVar = context.getLocals().get(name);
-    Assertions.assertEquals(typeName, localVar.getType());
+    assertEquals(typeName, localVar.getType());
     Map<String, CapturedContext.CapturedValue> fields = getFields(localVar);
     for (Map.Entry<String, String> entry : expectedFields.entrySet()) {
       assertTrue(fields.containsKey(entry.getKey()));
       CapturedContext.CapturedValue fieldCapturedValue = fields.get(entry.getKey());
       if (fieldCapturedValue.getNotCapturedReason() != null) {
-        Assertions.assertEquals(
-            entry.getValue(), String.valueOf(fieldCapturedValue.getNotCapturedReason()));
+        assertEquals(entry.getValue(), String.valueOf(fieldCapturedValue.getNotCapturedReason()));
       } else {
-        Assertions.assertEquals(entry.getValue(), String.valueOf(fieldCapturedValue.getValue()));
+        assertEquals(entry.getValue(), String.valueOf(fieldCapturedValue.getValue()));
       }
     }
   }
@@ -1653,18 +2002,18 @@ private void assertCaptureLocals(
   private void assertCaptureFields(
       CapturedContext context, String name, String typeName, String value) {
     CapturedContext.CapturedValue field = context.getFields().get(name);
-    Assertions.assertEquals(typeName, field.getType());
-    Assertions.assertEquals(value, getValue(field));
+    assertEquals(typeName, field.getType());
+    assertEquals(value, getValue(field));
   }
 
   private void assertCaptureFields(
       CapturedContext context, String name, String typeName, Collection<?> collection) {
     CapturedContext.CapturedValue field = context.getFields().get(name);
-    Assertions.assertEquals(typeName, field.getType());
+    assertEquals(typeName, field.getType());
     Iterator<?> iterator = collection.iterator();
     for (Object obj : getCollection(field)) {
       if (iterator.hasNext()) {
-        Assertions.assertEquals(iterator.next(), obj);
+        assertEquals(iterator.next(), obj);
       } else {
         Assertions.fail("not same number of elements");
       }
@@ -1674,38 +2023,37 @@ private void assertCaptureFields(
   private void assertCaptureFields(
       CapturedContext context, String name, String typeName, Map<Object, Object> expectedMap) {
     CapturedContext.CapturedValue field = context.getFields().get(name);
-    Assertions.assertEquals(typeName, field.getType());
+    assertEquals(typeName, field.getType());
     Map<Object, Object> map = getMap(field);
-    Assertions.assertEquals(expectedMap.size(), map.size());
+    assertEquals(expectedMap.size(), map.size());
     for (Map.Entry<Object, Object> entry : map.entrySet()) {
       assertTrue(expectedMap.containsKey(entry.getKey()));
-      Assertions.assertEquals(expectedMap.get(entry.getKey()), entry.getValue());
+      assertEquals(expectedMap.get(entry.getKey()), entry.getValue());
     }
   }
 
   private void assertCaptureFieldCount(CapturedContext context, int expectedFieldCount) {
-    Assertions.assertEquals(expectedFieldCount, context.getFields().size());
+    assertEquals(expectedFieldCount, context.getFields().size());
   }
 
   private void assertCaptureReturnValue(CapturedContext context, String typeName, String value) {
     CapturedContext.CapturedValue returnValue = context.getLocals().get("@return");
-    Assertions.assertEquals(typeName, returnValue.getType());
-    Assertions.assertEquals(value, getValue(returnValue));
+    assertEquals(typeName, returnValue.getType());
+    assertEquals(value, getValue(returnValue));
   }
 
   private void assertCaptureReturnValue(
       CapturedContext context, String typeName, Map<String, String> expectedFields) {
     CapturedContext.CapturedValue returnValue = context.getLocals().get("@return");
-    Assertions.assertEquals(typeName, returnValue.getType());
+    assertEquals(typeName, returnValue.getType());
     Map<String, CapturedContext.CapturedValue> fields = getFields(returnValue);
     for (Map.Entry<String, String> entry : expectedFields.entrySet()) {
       assertTrue(fields.containsKey(entry.getKey()));
       CapturedContext.CapturedValue fieldCapturedValue = fields.get(entry.getKey());
       if (fieldCapturedValue.getNotCapturedReason() != null) {
-        Assertions.assertEquals(
-            entry.getValue(), String.valueOf(fieldCapturedValue.getNotCapturedReason()));
+        assertEquals(entry.getValue(), String.valueOf(fieldCapturedValue.getNotCapturedReason()));
       } else {
-        Assertions.assertEquals(entry.getValue(), String.valueOf(fieldCapturedValue.getValue()));
+        assertEquals(entry.getValue(), String.valueOf(fieldCapturedValue.getValue()));
       }
     }
   }
@@ -1722,13 +2070,13 @@ private void assertCaptureThrowable(
       String message,
       String methodName,
       int lineNumber) {
-    Assertions.assertNotNull(throwable);
-    Assertions.assertEquals(typeName, throwable.getType());
-    Assertions.assertEquals(message, throwable.getMessage());
-    Assertions.assertNotNull(throwable.getStacktrace());
+    assertNotNull(throwable);
+    assertEquals(typeName, throwable.getType());
+    assertEquals(message, throwable.getMessage());
+    assertNotNull(throwable.getStacktrace());
     Assertions.assertFalse(throwable.getStacktrace().isEmpty());
-    Assertions.assertEquals(methodName, throwable.getStacktrace().get(0).getFunction());
-    Assertions.assertEquals(lineNumber, throwable.getStacktrace().get(0).getLineNumber());
+    assertEquals(methodName, throwable.getStacktrace().get(0).getFunction());
+    assertEquals(lineNumber, throwable.getStacktrace().get(0).getLineNumber());
   }
 
   private static String getValue(CapturedContext.CapturedValue capturedValue) {
@@ -1841,6 +2189,36 @@ private static LogProbe createSourceFileProbe(ProbeId id, String sourceFile, int
         .build();
   }
 
+  static class MockInstrumentationListener implements DebuggerTransformer.InstrumentationListener {
+    final Map<String, InstrumentationResult> results = new HashMap<>();
+
+    @Override
+    public void instrumentationResult(ProbeDefinition definition, InstrumentationResult result) {
+      results.put(definition.getId(), result);
+    }
+  }
+
+  static class MockSampler implements Sampler {
+
+    int callCount;
+
+    @Override
+    public boolean sample() {
+      callCount++;
+      return true;
+    }
+
+    @Override
+    public boolean keep() {
+      return false;
+    }
+
+    @Override
+    public boolean drop() {
+      return false;
+    }
+  }
+
   static class KotlinHelper {
     public static Class<?> compileAndLoad(
         String className, String sourceFileName, List<File> outputFilesToDelete) {
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationTest.java
index 0a0a1815da9..ce1c446c54f 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationTest.java
@@ -120,13 +120,15 @@ public void deserializeLogProbes() throws Exception {
     ArrayList<LogProbe> logProbes = new ArrayList<>(config.getLogProbes());
     assertEquals(1, logProbes.size());
     LogProbe logProbe0 = logProbes.get(0);
-    assertEquals(6, logProbe0.getSegments().size());
+    assertEquals(8, logProbe0.getSegments().size());
     assertEquals("this is a log line customized! uuid=", logProbe0.getSegments().get(0).getStr());
     assertEquals("uuid", logProbe0.getSegments().get(1).getExpr());
     assertEquals(" result=", logProbe0.getSegments().get(2).getStr());
     assertEquals("result", logProbe0.getSegments().get(3).getExpr());
     assertEquals(" garbageStart=", logProbe0.getSegments().get(4).getStr());
     assertEquals("garbageStart", logProbe0.getSegments().get(5).getExpr());
+    assertEquals(" contain=", logProbe0.getSegments().get(6).getStr());
+    assertEquals("contains(arg, 'foo')", logProbe0.getSegments().get(7).getExpr());
   }
 
   @Test
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationUpdaterTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationUpdaterTest.java
index dcadafd6e18..5261dfb892f 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationUpdaterTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ConfigurationUpdaterTest.java
@@ -60,6 +60,7 @@ public class ConfigurationUpdaterTest {
   void setUp() {
     lenient().when(tracerConfig.getFinalDebuggerSnapshotUrl()).thenReturn("http://localhost");
     lenient().when(tracerConfig.getDebuggerUploadBatchSize()).thenReturn(100);
+    lenient().when(tracerConfig.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost");
 
     debuggerSinkWithMockStatusSink = new DebuggerSink(tracerConfig, probeStatusSink);
   }
@@ -376,7 +377,7 @@ public void acceptDeleteProbeSameClass() throws UnmodifiableClassException {
     ConfigurationUpdater configurationUpdater =
         new ConfigurationUpdater(
             inst,
-            (tracerConfig, configuration, listener) -> {
+            (tracerConfig, configuration, listener, debuggerSink) -> {
               assertEquals(expectedDefinitions.get(), configuration.getDefinitions().size());
               return transformer;
             },
@@ -698,7 +699,8 @@ private static Configuration createAppLogs(List<LogProbe> logProbes) {
   private DebuggerTransformer createTransformer(
       Config tracerConfig,
       Configuration configuration,
-      DebuggerTransformer.InstrumentationListener listener) {
+      DebuggerTransformer.InstrumentationListener listener,
+      DebuggerSink debuggerSink) {
     return transformer;
   }
 }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/DebuggerTransformerTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/DebuggerTransformerTest.java
index 5ec91f4e910..a10ba941959 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/DebuggerTransformerTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/DebuggerTransformerTest.java
@@ -2,11 +2,18 @@
 
 import static com.datadog.debugger.util.ClassFileHelperTest.getClassFileBytes;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import com.datadog.debugger.instrumentation.DiagnosticMessage;
 import com.datadog.debugger.instrumentation.InstrumentationResult;
 import com.datadog.debugger.probe.LogProbe;
+import com.datadog.debugger.probe.ProbeDefinition;
+import com.datadog.debugger.probe.SpanProbe;
+import com.datadog.debugger.probe.Where;
+import com.datadog.debugger.sink.DebuggerSink;
+import com.datadog.debugger.sink.ProbeStatusSink;
 import com.datadog.debugger.sink.Sink;
 import com.datadog.debugger.sink.Snapshot;
 import datadog.trace.api.Config;
@@ -29,7 +36,6 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Function;
 import net.bytebuddy.agent.ByteBuddyAgent;
@@ -38,6 +44,11 @@
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+import org.objectweb.asm.Opcodes;
+import org.objectweb.asm.tree.ClassNode;
+import org.objectweb.asm.tree.MethodNode;
+import org.objectweb.asm.tree.VarInsnNode;
 
 public class DebuggerTransformerTest {
   private static final String LANGUAGE = "java";
@@ -59,7 +70,6 @@ static class TestSnapshotListener implements Sink {
     boolean skipped;
     DebuggerContext.SkipCause cause;
     List<Snapshot> snapshots = new ArrayList<>();
-    Map<String, List<DiagnosticMessage>> errors = new HashMap<>();
 
     @Override
     public void skipSnapshot(String probeId, DebuggerContext.SkipCause cause) {
@@ -71,11 +81,6 @@ public void skipSnapshot(String probeId, DebuggerContext.SkipCause cause) {
     public void addSnapshot(Snapshot snapshot) {
       snapshots.add(snapshot);
     }
-
-    @Override
-    public void addDiagnostics(ProbeId probeId, List<DiagnosticMessage> messages) {
-      errors.computeIfAbsent(probeId.getId(), k -> new ArrayList<>()).addAll(messages);
-    }
   }
 
   static final String VAR_NAME = "var";
@@ -143,7 +148,7 @@ void setup() {
 
   @Test
   public void testDump() {
-    Config config = mock(Config.class);
+    Config config = createConfig();
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
     File instrumentedClassFile = new File("/tmp/debugger/java.util.ArrayList.class");
     File origClassFile = new File("/tmp/debugger/java.util.ArrayList_orig.class");
@@ -157,7 +162,7 @@ public void testDump() {
         LogProbe.builder().where("java.util.ArrayList", "add").probeId("", 0).build();
     DebuggerTransformer debuggerTransformer =
         new DebuggerTransformer(
-            config, new Configuration(SERVICE_NAME, Collections.singletonList(logProbe)), null);
+            config, new Configuration(SERVICE_NAME, Collections.singletonList(logProbe)));
     debuggerTransformer.transform(
         ClassLoader.getSystemClassLoader(),
         "java.util.ArrayList",
@@ -188,7 +193,7 @@ public void testMultiProbesSimpleName() {
 
   private void doTestMultiProbes(
       Function<Class<?>, String> getClassName, ProbeTestInfo... probeInfos) {
-    Config config = mock(Config.class);
+    Config config = createConfig();
     List<LogProbe> logProbes = new ArrayList<>();
     for (ProbeTestInfo probeInfo : probeInfos) {
       String className = getClassName.apply(probeInfo.clazz);
@@ -239,7 +244,7 @@ public ProbeTestInfo(Class<?> clazz, String methodName, String signature) {
 
   @Test
   public void testBlockedProbes() {
-    Config config = mock(Config.class);
+    Config config = createConfig();
     List<LogProbe> logProbes =
         Arrays.asList(
             LogProbe.builder()
@@ -251,7 +256,10 @@ public void testBlockedProbes() {
     AtomicReference<InstrumentationResult> lastResult = new AtomicReference<>(null);
     DebuggerTransformer debuggerTransformer =
         new DebuggerTransformer(
-            config, configuration, ((definition, result) -> lastResult.set(result)));
+            config,
+            configuration,
+            ((definition, result) -> lastResult.set(result)),
+            new DebuggerSink(config));
     byte[] newClassBuffer =
         debuggerTransformer.transform(
             ClassLoader.getSystemClassLoader(),
@@ -268,14 +276,17 @@ public void testBlockedProbes() {
 
   @Test
   public void classBeingRedefinedNull() {
-    Config config = mock(Config.class);
+    Config config = createConfig();
     LogProbe logProbe = LogProbe.builder().where("ArrayList", "add").probeId("", 0).build();
     Configuration configuration =
         new Configuration(SERVICE_NAME, Collections.singletonList(logProbe));
     AtomicReference<InstrumentationResult> lastResult = new AtomicReference<>(null);
     DebuggerTransformer debuggerTransformer =
         new DebuggerTransformer(
-            config, configuration, ((definition, result) -> lastResult.set(result)));
+            config,
+            configuration,
+            ((definition, result) -> lastResult.set(result)),
+            new DebuggerSink(config));
     byte[] newClassBuffer =
         debuggerTransformer.transform(
             ClassLoader.getSystemClassLoader(),
@@ -289,4 +300,90 @@ public void classBeingRedefinedNull() {
     Assertions.assertTrue(lastResult.get().isInstalled());
     Assertions.assertEquals("java.util.ArrayList", lastResult.get().getTypeName());
   }
+
+  @Test
+  public void classGenerationFailed() {
+    Config config = createConfig();
+    TestSnapshotListener listener = new TestSnapshotListener();
+    DebuggerAgentHelper.injectSink(listener);
+    final String CLASS_NAME = DebuggerAgent.class.getTypeName();
+    final String METHOD_NAME = "run";
+    MockProbe mockProbe = MockProbe.builder(PROBE_ID).where(CLASS_NAME, METHOD_NAME).build();
+    LogProbe logProbe1 =
+        LogProbe.builder().probeId("logprobe1", 0).where(CLASS_NAME, METHOD_NAME).build();
+    LogProbe logProbe2 =
+        LogProbe.builder().probeId("logprobe2", 0).where(CLASS_NAME, METHOD_NAME).build();
+    Configuration configuration =
+        Configuration.builder()
+            .setService(SERVICE_NAME)
+            .addSpanProbes(Collections.singletonList(mockProbe))
+            .addLogProbes(Arrays.asList(logProbe1, logProbe2))
+            .build();
+    AtomicReference<InstrumentationResult> lastResult = new AtomicReference<>(null);
+    ProbeStatusSink probeStatusSink = mock(ProbeStatusSink.class);
+    DebuggerTransformer debuggerTransformer =
+        new DebuggerTransformer(
+            config,
+            configuration,
+            ((definition, result) -> lastResult.set(result)),
+            new DebuggerSink(config, probeStatusSink));
+    byte[] newClassBuffer =
+        debuggerTransformer.transform(
+            ClassLoader.getSystemClassLoader(),
+            "com/datadog/debugger/agent/DebuggerAgent",
+            null,
+            null,
+            getClassFileBytes(DebuggerAgent.class));
+    Assertions.assertNull(newClassBuffer);
+    ArgumentCaptor<String> strCaptor = ArgumentCaptor.forClass(String.class);
+    ArgumentCaptor<ProbeId> probeIdCaptor = ArgumentCaptor.forClass(ProbeId.class);
+    verify(probeStatusSink, times(3)).addError(probeIdCaptor.capture(), strCaptor.capture());
+    Assertions.assertEquals("logprobe1", probeIdCaptor.getAllValues().get(0).getId());
+    Assertions.assertEquals("logprobe2", probeIdCaptor.getAllValues().get(1).getId());
+    Assertions.assertEquals(PROBE_ID.getId(), probeIdCaptor.getAllValues().get(2).getId());
+    Assertions.assertEquals(
+        "Instrumentation fails for " + CLASS_NAME, strCaptor.getAllValues().get(0));
+    Assertions.assertEquals(
+        "Instrumentation fails for " + CLASS_NAME, strCaptor.getAllValues().get(1));
+    Assertions.assertEquals(
+        "Instrumentation fails for " + CLASS_NAME, strCaptor.getAllValues().get(2));
+  }
+
+  private Config createConfig() {
+    Config config = mock(Config.class);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    when(config.getDebuggerUploadBatchSize()).thenReturn(100);
+    return config;
+  }
+
+  private static class MockProbe extends SpanProbe {
+
+    public MockProbe(ProbeId probeId, Where where) {
+      super(LANGUAGE, probeId, null, where);
+    }
+
+    @Override
+    public InstrumentationResult.Status instrument(
+        ClassLoader classLoader,
+        ClassNode classNode,
+        MethodNode methodNode,
+        List<DiagnosticMessage> diagnostics,
+        List<String> probeIds) {
+      methodNode.instructions.insert(
+          new VarInsnNode(Opcodes.ASTORE, methodNode.localVariables.size()));
+      return InstrumentationResult.Status.INSTALLED;
+    }
+
+    public static MockProbe.Builder builder(ProbeId probeId) {
+      return new MockProbe.Builder().probeId(probeId);
+    }
+
+    public static class Builder extends ProbeDefinition.Builder<MockProbe.Builder> {
+      public MockProbe build() {
+        return new MockProbe(probeId, where);
+      }
+    }
+  }
 }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogMessageTemplateBuilderTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogMessageTemplateBuilderTest.java
index ed26ece891f..0089376522b 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogMessageTemplateBuilderTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogMessageTemplateBuilderTest.java
@@ -5,6 +5,9 @@
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import com.datadog.debugger.el.DSL;
+import com.datadog.debugger.el.ValueScript;
+import com.datadog.debugger.el.values.StringValue;
 import com.datadog.debugger.probe.LogProbe;
 import datadog.trace.bootstrap.debugger.CapturedContext;
 import datadog.trace.bootstrap.debugger.EvaluationError;
@@ -16,6 +19,7 @@
 import java.util.List;
 import java.util.Map;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.DisabledIf;
 import org.junit.jupiter.api.condition.EnabledOnJre;
 import org.junit.jupiter.api.condition.JRE;
 
@@ -66,6 +70,24 @@ public void argTemplate() {
     assertEquals("foo", message);
   }
 
+  @Test
+  public void booleanArgTemplate() {
+    List<LogProbe.Segment> segments = new ArrayList<>();
+    segments.add(
+        new LogProbe.Segment(
+            new ValueScript(
+                DSL.bool(DSL.contains(DSL.ref("arg"), new StringValue("o"))), "{arg}")));
+    LogProbe probe = LogProbe.builder().template("{contains(arg, 'o')}", segments).build();
+    LogMessageTemplateBuilder summaryBuilder = new LogMessageTemplateBuilder(probe.getSegments());
+    CapturedContext capturedContext = new CapturedContext();
+    capturedContext.addArguments(
+        new CapturedContext.CapturedValue[] {
+          CapturedContext.CapturedValue.of("arg", String.class.getTypeName(), "foo")
+        });
+    String message = summaryBuilder.evaluate(capturedContext, new LogProbe.LogStatus(probe));
+    assertEquals("true", message);
+  }
+
   @Test
   public void argMultipleInFlightTemplate() {
     LogProbe probe = createLogProbe("{arg}");
@@ -203,6 +225,7 @@ public void argComplexObjectArrayTemplate() {
 
   @Test
   @EnabledOnJre(JRE.JAVA_17)
+  @DisabledIf("datadog.trace.api.Platform#isJ9")
   public void argInaccessibleFieldTemplate() {
     LogProbe probe = createLogProbe("{obj}");
     LogMessageTemplateBuilder summaryBuilder = new LogMessageTemplateBuilder(probe.getSegments());
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogProbesInstrumentationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogProbesInstrumentationTest.java
index 057f8f028e6..47f80e0c94d 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogProbesInstrumentationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/LogProbesInstrumentationTest.java
@@ -283,7 +283,7 @@ public void lineTemplateNullFieldLog() throws IOException, URISyntaxException {
         "this is log line with field={Cannot dereference to field: intValue}",
         snapshot.getMessage());
     assertEquals(1, snapshot.getEvaluationErrors().size());
-    assertEquals("intValue", snapshot.getEvaluationErrors().get(0).getExpr());
+    assertEquals("nullObject.intValue", snapshot.getEvaluationErrors().get(0).getExpr());
     assertEquals(
         "Cannot dereference to field: intValue",
         snapshot.getEvaluationErrors().get(0).getMessage());
@@ -486,8 +486,11 @@ private DebuggerTransformerTest.TestSnapshotListener installProbes(
     Config config = mock(Config.class);
     when(config.isDebuggerEnabled()).thenReturn(true);
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
-    when(config.isDebuggerVerifyByteCode()).thenReturn(true);
-    currentTransformer = new DebuggerTransformer(config, configuration, null);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    when(config.getDebuggerUploadBatchSize()).thenReturn(100);
+    currentTransformer = new DebuggerTransformer(config, configuration);
     instr.addTransformer(currentTransformer);
     DebuggerTransformerTest.TestSnapshotListener listener =
         new DebuggerTransformerTest.TestSnapshotListener();
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/MetricProbesInstrumentationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/MetricProbesInstrumentationTest.java
index 15faf2ee2f0..d898d7d904a 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/MetricProbesInstrumentationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/MetricProbesInstrumentationTest.java
@@ -4,7 +4,12 @@
 import static com.datadog.debugger.probe.MetricProbe.MetricKind.DISTRIBUTION;
 import static com.datadog.debugger.probe.MetricProbe.MetricKind.GAUGE;
 import static com.datadog.debugger.probe.MetricProbe.MetricKind.HISTOGRAM;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static utils.InstrumentationTestHelper.compileAndLoadClass;
 
@@ -12,8 +17,8 @@
 import com.datadog.debugger.el.ValueScript;
 import com.datadog.debugger.instrumentation.DiagnosticMessage;
 import com.datadog.debugger.probe.MetricProbe;
-import com.datadog.debugger.sink.Sink;
-import com.datadog.debugger.sink.Snapshot;
+import com.datadog.debugger.sink.DebuggerSink;
+import com.datadog.debugger.sink.ProbeStatusSink;
 import datadog.trace.api.Config;
 import datadog.trace.bootstrap.debugger.DebuggerContext;
 import datadog.trace.bootstrap.debugger.MethodLocation;
@@ -32,6 +37,7 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
 
 public class MetricProbesInstrumentationTest {
   private static final String LANGUAGE = "java";
@@ -43,9 +49,10 @@ public class MetricProbesInstrumentationTest {
   private static final String METRIC_PROBEID_TAG =
       "debugger.probeid:beae1807-f3b0-4ea8-a74f-826790c5e6f8";
 
+  private final List<DiagnosticMessage> currentDiagnostics = new ArrayList<>();
   private Instrumentation instr = ByteBuddyAgent.install();
   private ClassFileTransformer currentTransformer;
-  private MockSink mockSink;
+  private ProbeStatusSink probeStatusSink;
 
   @AfterEach
   public void after() {
@@ -125,9 +132,8 @@ public void invalidConstantValueMetric() throws IOException, URISyntaxException
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(3, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Unsupported constant value: 42.0 type: java.lang.Double",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink)
+        .addError(eq(METRIC_ID), eq("Unsupported constant value: 42.0 type: java.lang.Double"));
   }
 
   @Test
@@ -146,8 +152,7 @@ public void invalidValueMetric() throws IOException, URISyntaxException {
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(3, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Cannot resolve symbol value", mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink).addError(eq(METRIC_ID), eq("Cannot resolve symbol value"));
   }
 
   @Test
@@ -175,11 +180,10 @@ public void multiInvalidValueMetric() throws IOException, URISyntaxException {
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(3, result);
     Assertions.assertEquals(0, listener.counters.size());
-    Assertions.assertEquals(2, mockSink.getCurrentDiagnostics().size());
-    Assertions.assertEquals(
-        "Cannot resolve symbol value", mockSink.getCurrentDiagnostics().get(0).getMessage());
-    Assertions.assertEquals(
-        "Cannot resolve symbol invalid", mockSink.getCurrentDiagnostics().get(1).getMessage());
+    ArgumentCaptor<String> msgCaptor = ArgumentCaptor.forClass(String.class);
+    verify(probeStatusSink, times(2)).addError(any(), msgCaptor.capture());
+    Assertions.assertEquals("Cannot resolve symbol value", msgCaptor.getAllValues().get(0));
+    Assertions.assertEquals("Cannot resolve symbol invalid", msgCaptor.getAllValues().get(1));
   }
 
   @Test
@@ -398,8 +402,7 @@ public void invalidNameArgumentRefValueCountMetric() throws IOException, URISynt
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(48, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Cannot resolve symbol foo", mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink).addError(eq(METRIC_ID), eq("Cannot resolve symbol foo"));
   }
 
   @Test
@@ -418,9 +421,10 @@ public void invalidTypeArgumentRefValueCountMetric() throws IOException, URISynt
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(48, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Incompatible type for expression: java.lang.String with expected types: [long]",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink)
+        .addError(
+            eq(METRIC_ID),
+            eq("Incompatible type for expression: java.lang.String with expected types: [long]"));
   }
 
   @Test
@@ -450,8 +454,7 @@ public void invalidNameLocalRefValueCountMetric() throws IOException, URISyntaxE
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(3, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Cannot resolve symbol foo", mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink).addError(eq(METRIC_ID), eq("Cannot resolve symbol foo"));
   }
 
   @Test
@@ -466,9 +469,10 @@ public void invalidTypeLocalRefValueCountMetric() throws IOException, URISyntaxE
     int result = Reflect.on(testClass).call("main", "1").get();
     Assertions.assertEquals(3, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Incompatible type for expression: java.lang.String with expected types: [long]",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink)
+        .addError(
+            eq(METRIC_ID),
+            eq("Incompatible type for expression: java.lang.String with expected types: [long]"));
   }
 
   @Test
@@ -594,7 +598,7 @@ public void nullMultiFieldRefValueCountMetric() throws IOException, URISyntaxExc
     Assertions.assertEquals(143, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME1));
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME2));
-    Assertions.assertTrue(mockSink.getCurrentDiagnostics().isEmpty());
+    verify(probeStatusSink, times(0)).addError(any(), anyString());
   }
 
   @Test
@@ -626,10 +630,10 @@ public void invalidNameMultiFieldRefValueCountMetric() throws IOException, URISy
     Assertions.assertEquals(143, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME1));
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME2));
-    Assertions.assertEquals(
-        "Cannot resolve field foovalue", mockSink.getCurrentDiagnostics().get(0).getMessage());
-    Assertions.assertEquals(
-        "Cannot resolve field foovalue", mockSink.getCurrentDiagnostics().get(1).getMessage());
+    ArgumentCaptor<String> strCaptor = ArgumentCaptor.forClass(String.class);
+    verify(probeStatusSink, times(2)).addError(any(), strCaptor.capture());
+    Assertions.assertEquals("Cannot resolve field foovalue", strCaptor.getAllValues().get(0));
+    Assertions.assertEquals("Cannot resolve field foovalue", strCaptor.getAllValues().get(1));
   }
 
   @Test
@@ -661,12 +665,14 @@ public void invalidTypeMultiFieldRefValueCountMetric() throws IOException, URISy
     Assertions.assertEquals(143, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME1));
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME2));
+    ArgumentCaptor<String> strCaptor = ArgumentCaptor.forClass(String.class);
+    verify(probeStatusSink, times(2)).addError(any(), strCaptor.capture());
     Assertions.assertEquals(
         "Incompatible type for expression: java.lang.String with expected types: [long]",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+        strCaptor.getAllValues().get(0));
     Assertions.assertEquals(
         "Incompatible type for expression: java.lang.String with expected types: [long]",
-        mockSink.getCurrentDiagnostics().get(1).getMessage());
+        strCaptor.getAllValues().get(1));
   }
 
   @Test
@@ -686,8 +692,7 @@ public void invalidNameFieldRefValueCountMetric() throws IOException, URISyntaxE
     int result = Reflect.on(testClass).call("main", "f").get();
     Assertions.assertEquals(42, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Cannot resolve symbol fooValue", mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink).addError(eq(METRIC_ID), eq("Cannot resolve symbol fooValue"));
   }
 
   @Test
@@ -706,9 +711,10 @@ public void invalidTypeFieldRefValueCountMetric() throws IOException, URISyntaxE
     int result = Reflect.on(testClass).call("main", "f").get();
     Assertions.assertEquals(42, result);
     Assertions.assertFalse(listener.counters.containsKey(METRIC_NAME));
-    Assertions.assertEquals(
-        "Incompatible type for expression: java.lang.String with expected types: [long]",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink)
+        .addError(
+            eq(METRIC_ID),
+            eq("Incompatible type for expression: java.lang.String with expected types: [long]"));
   }
 
   @Test
@@ -867,16 +873,16 @@ public void nullExpression() throws IOException, URISyntaxException {
     int result = Reflect.on(testClass).call("main", "f").get();
     Assertions.assertEquals(42, result);
     Assertions.assertEquals(0, listener.gauges.size());
-    Assertions.assertEquals(3, mockSink.getCurrentDiagnostics().size());
+    ArgumentCaptor<String> strCaptor = ArgumentCaptor.forClass(String.class);
+    verify(probeStatusSink, times(3)).addError(any(), strCaptor.capture());
     Assertions.assertEquals(
-        "Unsupported type for len operation: java.lang.Object",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+        "Unsupported type for len operation: java.lang.Object", strCaptor.getAllValues().get(0));
     Assertions.assertEquals(
         "Incompatible type for expression: java.lang.String with expected types: [long,double]",
-        mockSink.getCurrentDiagnostics().get(1).getMessage());
+        strCaptor.getAllValues().get(1));
     Assertions.assertEquals(
         "Incompatible type for expression: java.lang.Object with expected types: [long,double]",
-        mockSink.getCurrentDiagnostics().get(2).getMessage());
+        strCaptor.getAllValues().get(2));
   }
 
   @Test
@@ -949,9 +955,11 @@ public void indexInvalidKeyTypeExpression() throws IOException, URISyntaxExcepti
     Assertions.assertEquals(42, result);
     Assertions.assertFalse(listener.gauges.containsKey(ARRAYSTRIDX_METRIC));
     Assertions.assertFalse(listener.gauges.containsKey(ARRAYOOBIDX_METRIC));
-    Assertions.assertEquals(
-        "Incompatible type for key: Type{mainType=Ljava/lang/String;, genericTypes=[]}, expected int or long",
-        mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink, times(2))
+        .addError(
+            eq(METRIC_ID),
+            eq(
+                "Incompatible type for key: Type{mainType=Ljava/lang/String;, genericTypes=[]}, expected int or long"));
   }
 
   @Test
@@ -1169,11 +1177,15 @@ private MetricForwarderListener installMetricProbes(Configuration configuration)
     Config config = mock(Config.class);
     when(config.isDebuggerEnabled()).thenReturn(true);
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
-    currentTransformer = new DebuggerTransformer(config, configuration);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    probeStatusSink = mock(ProbeStatusSink.class);
+    currentTransformer =
+        new DebuggerTransformer(
+            config, configuration, null, new DebuggerSink(config, probeStatusSink));
     instr.addTransformer(currentTransformer);
     MetricForwarderListener listener = new MetricForwarderListener();
-    mockSink = new MockSink();
-    DebuggerAgentHelper.injectSink(mockSink);
     DebuggerContext.init(null, listener);
     DebuggerContext.initClassFilter(new DenyListHelper(null));
     return listener;
@@ -1265,27 +1277,4 @@ public void setThrowing(boolean value) {
       this.throwing = value;
     }
   }
-
-  private static class MockSink implements Sink {
-
-    private final List<DiagnosticMessage> currentDiagnostics = new ArrayList<>();
-
-    @Override
-    public void addSnapshot(Snapshot snapshot) {}
-
-    @Override
-    public void skipSnapshot(String probeId, DebuggerContext.SkipCause cause) {}
-
-    @Override
-    public void addDiagnostics(ProbeId probeId, List<DiagnosticMessage> messages) {
-      for (DiagnosticMessage msg : messages) {
-        System.out.println(msg);
-      }
-      currentDiagnostics.addAll(messages);
-    }
-
-    public List<DiagnosticMessage> getCurrentDiagnostics() {
-      return currentDiagnostics;
-    }
-  }
 }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ProbeInstrumentationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ProbeInstrumentationTest.java
index 628192c3501..fa6ff412955 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ProbeInstrumentationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/ProbeInstrumentationTest.java
@@ -1,10 +1,9 @@
 package com.datadog.debugger.agent;
 
-import com.datadog.debugger.instrumentation.DiagnosticMessage;
+import com.datadog.debugger.sink.ProbeStatusSink;
 import com.datadog.debugger.sink.Sink;
 import com.datadog.debugger.sink.Snapshot;
 import datadog.trace.bootstrap.debugger.DebuggerContext;
-import datadog.trace.bootstrap.debugger.ProbeId;
 import java.lang.instrument.ClassFileTransformer;
 import java.lang.instrument.Instrumentation;
 import java.util.ArrayList;
@@ -18,6 +17,7 @@ public class ProbeInstrumentationTest {
   protected Instrumentation instr = ByteBuddyAgent.install();
   protected ClassFileTransformer currentTransformer;
   protected MockSink mockSink;
+  protected ProbeStatusSink probeStatusSink;
 
   @AfterEach
   public void after() {
@@ -28,7 +28,6 @@ public void after() {
 
   protected static class MockSink implements Sink {
 
-    private final List<DiagnosticMessage> currentDiagnostics = new ArrayList<>();
     private final List<Snapshot> snapshots = new ArrayList<>();
 
     @Override
@@ -39,18 +38,6 @@ public void addSnapshot(Snapshot snapshot) {
     @Override
     public void skipSnapshot(String probeId, DebuggerContext.SkipCause cause) {}
 
-    @Override
-    public void addDiagnostics(ProbeId probeId, List<DiagnosticMessage> messages) {
-      for (DiagnosticMessage msg : messages) {
-        System.out.println(msg);
-      }
-      currentDiagnostics.addAll(messages);
-    }
-
-    public List<DiagnosticMessage> getCurrentDiagnostics() {
-      return currentDiagnostics;
-    }
-
     public List<Snapshot> getSnapshots() {
       return snapshots;
     }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SnapshotSerializationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SnapshotSerializationTest.java
index 7492d3c75a3..ab1438171b7 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SnapshotSerializationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SnapshotSerializationTest.java
@@ -54,13 +54,13 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Random;
-import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.concurrent.locks.LockSupport;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.DisabledIf;
 import org.junit.jupiter.api.condition.EnabledOnJre;
 import org.junit.jupiter.api.condition.JRE;
 
@@ -96,6 +96,7 @@ public void roundTripProbeDetails() throws IOException {
 
   @Test
   @EnabledOnJre(JRE.JAVA_17)
+  @DisabledIf("datadog.trace.api.Platform#isJ9")
   public void roundTripCapturedValue() throws IOException, URISyntaxException {
     JsonAdapter<Snapshot> adapter = createSnapshotAdapter();
     Snapshot snapshot = createSnapshot();
@@ -700,20 +701,13 @@ public void capturedValueAdapterNull() {
   }
 
   @Test
-  public void collectionValueThrows() throws IOException {
+  public void collectionUnknown() throws IOException {
     JsonAdapter<Snapshot> adapter = createSnapshotAdapter();
     Snapshot snapshot = createSnapshot();
     CapturedContext context = new CapturedContext();
     CapturedContext.CapturedValue listLocal =
         CapturedContext.CapturedValue.of(
-            "listLocal",
-            List.class.getTypeName(),
-            new ArrayList<String>() {
-              @Override
-              public int size() {
-                throw new UnsupportedOperationException();
-              }
-            });
+            "listLocal", List.class.getTypeName(), new ArrayList<String>() {});
     context.addLocals(new CapturedContext.CapturedValue[] {listLocal});
     snapshot.setExit(context);
     String buffer = adapter.toJson(snapshot);
@@ -721,24 +715,18 @@ public int size() {
     Map<String, Object> locals = getLocalsFromJson(buffer);
     Map<String, Object> mapFieldObj = (Map<String, Object>) locals.get("listLocal");
     Assertions.assertEquals(
-        "java.lang.UnsupportedOperationException", mapFieldObj.get(NOT_CAPTURED_REASON));
+        "java.lang.RuntimeException: Unsupported Collection type: com.datadog.debugger.agent.SnapshotSerializationTest$1",
+        mapFieldObj.get(NOT_CAPTURED_REASON));
   }
 
   @Test
-  public void mapValueThrows() throws IOException {
+  public void mapValueUnknown() throws IOException {
     JsonAdapter<Snapshot> adapter = createSnapshotAdapter();
     Snapshot snapshot = createSnapshot();
     CapturedContext context = new CapturedContext();
     CapturedContext.CapturedValue mapLocal =
         CapturedContext.CapturedValue.of(
-            "mapLocal",
-            Map.class.getTypeName(),
-            new HashMap<String, String>() {
-              @Override
-              public Set<Entry<String, String>> entrySet() {
-                throw new UnsupportedOperationException();
-              }
-            });
+            "mapLocal", Map.class.getTypeName(), new HashMap<String, String>() {});
     context.addLocals(new CapturedContext.CapturedValue[] {mapLocal});
     snapshot.setExit(context);
     String buffer = adapter.toJson(snapshot);
@@ -746,7 +734,8 @@ public Set<Entry<String, String>> entrySet() {
     Map<String, Object> locals = getLocalsFromJson(buffer);
     Map<String, Object> mapFieldObj = (Map<String, Object>) locals.get("mapLocal");
     Assertions.assertEquals(
-        "java.lang.UnsupportedOperationException", mapFieldObj.get(NOT_CAPTURED_REASON));
+        "java.lang.RuntimeException: Unsupported Map type: com.datadog.debugger.agent.SnapshotSerializationTest$2",
+        mapFieldObj.get(NOT_CAPTURED_REASON));
   }
 
   @Test
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanDecorationProbeInstrumentationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanDecorationProbeInstrumentationTest.java
index 1e09cc7a4f9..b19401ac7a2 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanDecorationProbeInstrumentationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanDecorationProbeInstrumentationTest.java
@@ -6,8 +6,10 @@
 import static com.datadog.debugger.probe.SpanDecorationProbe.TargetSpan.ACTIVE;
 import static com.datadog.debugger.probe.SpanDecorationProbe.TargetSpan.ROOT;
 import static com.datadog.debugger.util.LogProbeTestHelper.parseTemplate;
+import static java.util.Collections.singletonList;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -16,16 +18,22 @@
 import com.datadog.debugger.el.DSL;
 import com.datadog.debugger.el.ProbeCondition;
 import com.datadog.debugger.el.expressions.BooleanExpression;
+import com.datadog.debugger.el.values.StringValue;
+import com.datadog.debugger.probe.LogProbe;
 import com.datadog.debugger.probe.SpanDecorationProbe;
+import com.datadog.debugger.sink.DebuggerSink;
+import com.datadog.debugger.sink.ProbeStatusSink;
 import com.datadog.debugger.sink.Snapshot;
 import datadog.trace.agent.tooling.TracerInstaller;
 import datadog.trace.api.Config;
 import datadog.trace.api.interceptor.MutableSpan;
 import datadog.trace.api.interceptor.TraceInterceptor;
+import datadog.trace.bootstrap.debugger.CapturedContext;
 import datadog.trace.bootstrap.debugger.DebuggerContext;
 import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
 import datadog.trace.bootstrap.debugger.ProbeImplementation;
+import datadog.trace.bootstrap.debugger.util.Redaction;
 import datadog.trace.core.CoreTracer;
 import java.io.IOException;
 import java.net.URISyntaxException;
@@ -34,6 +42,7 @@
 import java.util.Collection;
 import java.util.List;
 import org.joor.Reflect;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -41,6 +50,8 @@
 public class SpanDecorationProbeInstrumentationTest extends ProbeInstrumentationTest {
   private static final String LANGUAGE = "java";
   private static final ProbeId PROBE_ID = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f8", 0);
+  private static final ProbeId PROBE_ID1 = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f6", 0);
+  private static final ProbeId PROBE_ID2 = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f7", 0);
 
   private TestTraceInterceptor traceInterceptor = new TestTraceInterceptor();
 
@@ -51,6 +62,13 @@ public void setUp() {
     tracer.addTraceInterceptor(traceInterceptor);
   }
 
+  @Override
+  @AfterEach
+  public void after() {
+    super.after();
+    Redaction.clearUserDefinedTypes();
+  }
+
   @Test
   public void methodActiveSpanSimpleTag() throws IOException, URISyntaxException {
     final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot20";
@@ -59,7 +77,7 @@ public void methodActiveSpanSimpleTag() throws IOException, URISyntaxException {
         CLASS_NAME, ACTIVE, decoration, "process", "int (java.lang.String)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    assertEquals(42, result);
+    assertEquals(84, result);
     MutableSpan span = traceInterceptor.getFirstSpan();
     assertEquals("1", span.getTags().get("tag1"));
     assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag1.probe_id"));
@@ -81,7 +99,7 @@ public void methodActiveSpanTagList() throws IOException, URISyntaxException {
         "int (java.lang.String)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    assertEquals(42, result);
+    assertEquals(84, result);
     MutableSpan span = traceInterceptor.getFirstSpan();
     assertEquals("1", span.getTags().get("tag1"));
     assertEquals("42", span.getTags().get("tag2"));
@@ -124,7 +142,7 @@ public void methodActiveSpanCondition() throws IOException, URISyntaxException {
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     for (int i = 0; i < 10; i++) {
       int result = Reflect.on(testClass).call("main", String.valueOf(i)).get();
-      assertEquals(42, result);
+      assertEquals(84, result);
     }
     assertEquals(10, traceInterceptor.getAllTraces().size());
     MutableSpan span = traceInterceptor.getAllTraces().get(5).get(0);
@@ -139,7 +157,7 @@ public void methodTagEvalError() throws IOException, URISyntaxException {
         CLASS_NAME, ACTIVE, decoration, "process", "int (java.lang.String)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    assertEquals(42, result);
+    assertEquals(84, result);
     MutableSpan span = traceInterceptor.getFirstSpan();
     assertNull(span.getTags().get("tag1"));
     assertEquals("Cannot find symbol: noarg", span.getTags().get("_dd.di.tag1.evaluation_error"));
@@ -154,7 +172,7 @@ public void methodActiveSpanInvalidCondition() throws IOException, URISyntaxExce
         CLASS_NAME, ACTIVE, decoration, "process", "int (java.lang.String)");
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "5").get();
-    assertEquals(42, result);
+    assertEquals(84, result);
     assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag1"));
     assertEquals(1, mockSink.getSnapshots().size());
     Snapshot snapshot = mockSink.getSnapshots().get(0);
@@ -166,10 +184,10 @@ public void methodActiveSpanInvalidCondition() throws IOException, URISyntaxExce
   public void lineActiveSpanSimpleTag() throws IOException, URISyntaxException {
     final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot20";
     SpanDecorationProbe.Decoration decoration = createDecoration("tag1", "{arg}");
-    installSingleSpanDecoration(CLASS_NAME, ACTIVE, decoration, "CapturedSnapshot20.java", 37);
+    installSingleSpanDecoration(CLASS_NAME, ACTIVE, decoration, "CapturedSnapshot20.java", 38);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "1").get();
-    assertEquals(42, result);
+    assertEquals(84, result);
     MutableSpan span = traceInterceptor.getFirstSpan();
     assertEquals("1", span.getTags().get("tag1"));
     assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag1.probe_id"));
@@ -198,11 +216,11 @@ public void lineActiveSpanCondition() throws IOException, URISyntaxException {
     final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot20";
     SpanDecorationProbe.Decoration decoration =
         createDecoration(eq(ref("arg"), value("5")), "arg == '5'", "tag1", "{arg}");
-    installSingleSpanDecoration(CLASS_NAME, ACTIVE, decoration, "CapturedSnapshot20.java", 37);
+    installSingleSpanDecoration(CLASS_NAME, ACTIVE, decoration, "CapturedSnapshot20.java", 38);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     for (int i = 0; i < 10; i++) {
       int result = Reflect.on(testClass).call("main", String.valueOf(i)).get();
-      assertEquals(42, result);
+      assertEquals(84, result);
     }
     assertEquals(10, traceInterceptor.getAllTraces().size());
     MutableSpan span = traceInterceptor.getAllTraces().get(5).get(0);
@@ -214,10 +232,10 @@ public void lineActiveSpanInvalidCondition() throws IOException, URISyntaxExcept
     final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot20";
     SpanDecorationProbe.Decoration decoration =
         createDecoration(eq(ref("noarg"), value("5")), "arg == '5'", "tag1", "{arg}");
-    installSingleSpanDecoration(CLASS_NAME, ACTIVE, decoration, "CapturedSnapshot20.java", 37);
+    installSingleSpanDecoration(CLASS_NAME, ACTIVE, decoration, "CapturedSnapshot20.java", 38);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.on(testClass).call("main", "5").get();
-    assertEquals(42, result);
+    assertEquals(84, result);
     assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag1"));
     assertEquals(1, mockSink.getSnapshots().size());
     Snapshot snapshot = mockSink.getSnapshots().get(0);
@@ -236,6 +254,207 @@ public void nullActiveSpan() throws IOException, URISyntaxException {
     assertEquals(0, traceInterceptor.getAllTraces().size());
   }
 
+  @Test
+  public void mixedWithLogProbes() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot20";
+    SpanDecorationProbe.Decoration decoration = createDecoration("tag1", "{intLocal}");
+    SpanDecorationProbe spanDecoProbe =
+        createProbeBuilder(
+                PROBE_ID, ACTIVE, singletonList(decoration), CLASS_NAME, "process", null, null)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    LogProbe logProbe1 =
+        LogProbe.builder()
+            .probeId(PROBE_ID1)
+            .where(CLASS_NAME, "process")
+            .captureSnapshot(true)
+            .build();
+    LogProbe logProbe2 =
+        LogProbe.builder()
+            .probeId(PROBE_ID2)
+            .where(CLASS_NAME, "process")
+            .captureSnapshot(true)
+            .build();
+    Configuration configuration =
+        Configuration.builder()
+            .setService(SERVICE_NAME)
+            .add(logProbe1)
+            .add(logProbe2)
+            .add(spanDecoProbe)
+            .build();
+    installSpanDecorationProbes(CLASS_NAME, configuration);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "1").get();
+    assertEquals(84, result);
+    MutableSpan span = traceInterceptor.getFirstSpan();
+    assertEquals("84", span.getTags().get("tag1"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag1.probe_id"));
+    List<Snapshot> snapshots = mockSink.getSnapshots();
+    assertEquals(2, snapshots.size());
+    CapturedContext.CapturedValue intLocal =
+        snapshots.get(0).getCaptures().getReturn().getLocals().get("intLocal");
+    assertNotNull(intLocal);
+  }
+
+  @Test
+  public void keywordRedaction() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot28";
+    SpanDecorationProbe.Decoration decoration1 = createDecoration("tag1", "{password}");
+    SpanDecorationProbe.Decoration decoration2 = createDecoration("tag2", "{this.password}");
+    SpanDecorationProbe.Decoration decoration3 = createDecoration("tag3", "{strMap['password']}");
+    List<SpanDecorationProbe.Decoration> decorations =
+        Arrays.asList(decoration1, decoration2, decoration3);
+    installSingleSpanDecoration(
+        CLASS_NAME, ACTIVE, decorations, "process", "int (java.lang.String)");
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    assertEquals(42, result);
+    MutableSpan span = traceInterceptor.getFirstSpan();
+    assertFalse(span.getTags().containsKey("tag1"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag1.probe_id"));
+    assertEquals(
+        "Could not evaluate the expression because 'password' was redacted",
+        span.getTags().get("_dd.di.tag1.evaluation_error"));
+    assertFalse(span.getTags().containsKey("tag2"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag2.probe_id"));
+    assertEquals(
+        "Could not evaluate the expression because 'this.password' was redacted",
+        span.getTags().get("_dd.di.tag2.evaluation_error"));
+    assertFalse(span.getTags().containsKey("tag3"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag3.probe_id"));
+    assertEquals(
+        "Could not evaluate the expression because 'strMap[\"password\"]' was redacted",
+        span.getTags().get("_dd.di.tag3.evaluation_error"));
+  }
+
+  @Test
+  public void keywordRedactionConditions() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot28";
+    SpanDecorationProbe.Decoration decoration1 =
+        createDecoration(
+            DSL.contains(DSL.getMember(DSL.ref("this"), "password"), new StringValue("123")),
+            "contains(this.password, '123')",
+            "tag1",
+            "foo");
+    SpanDecorationProbe.Decoration decoration2 =
+        createDecoration(
+            DSL.eq(DSL.ref("password"), DSL.value("123")), "password == '123'", "tag2", "foo");
+    SpanDecorationProbe.Decoration decoration3 =
+        createDecoration(
+            DSL.eq(DSL.index(DSL.ref("strMap"), DSL.value("password")), DSL.value("123")),
+            "strMap['password'] == '123'",
+            "tag3",
+            "foo");
+    List<SpanDecorationProbe.Decoration> decorations =
+        Arrays.asList(decoration1, decoration2, decoration3);
+    installSingleSpanDecoration(
+        CLASS_NAME, ACTIVE, decorations, "process", "int (java.lang.String)");
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    assertEquals(42, result);
+    assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag1"));
+    assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag2"));
+    assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag3"));
+    assertEquals(1, mockSink.getSnapshots().size());
+    Snapshot snapshot = mockSink.getSnapshots().get(0);
+    assertEquals(3, snapshot.getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'this.password' was redacted",
+        snapshot.getEvaluationErrors().get(0).getMessage());
+    assertEquals(
+        "Could not evaluate the expression because 'password' was redacted",
+        snapshot.getEvaluationErrors().get(1).getMessage());
+    assertEquals(
+        "Could not evaluate the expression because 'strMap[\"password\"]' was redacted",
+        snapshot.getEvaluationErrors().get(2).getMessage());
+  }
+
+  @Test
+  public void typeRedaction() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot28";
+    Config config = mock(Config.class);
+    when(config.getDebuggerRedactedTypes())
+        .thenReturn("com.datadog.debugger.CapturedSnapshot28$Creds");
+    Redaction.addUserDefinedTypes(config);
+    SpanDecorationProbe.Decoration decoration1 = createDecoration("tag1", "{creds}");
+    SpanDecorationProbe.Decoration decoration2 = createDecoration("tag2", "{this.creds}");
+    SpanDecorationProbe.Decoration decoration3 = createDecoration("tag3", "{credMap['dave']}");
+    List<SpanDecorationProbe.Decoration> decorations =
+        Arrays.asList(decoration1, decoration2, decoration3);
+    installSingleSpanDecoration(
+        CLASS_NAME, ACTIVE, decorations, "process", "int (java.lang.String)");
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    assertEquals(42, result);
+    MutableSpan span = traceInterceptor.getFirstSpan();
+    assertFalse(span.getTags().containsKey("tag1"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag1.probe_id"));
+    assertEquals(
+        "Could not evaluate the expression because 'creds' was redacted",
+        span.getTags().get("_dd.di.tag1.evaluation_error"));
+    assertFalse(span.getTags().containsKey("tag2"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag2.probe_id"));
+    assertEquals(
+        "Could not evaluate the expression because 'this.creds' was redacted",
+        span.getTags().get("_dd.di.tag2.evaluation_error"));
+    assertFalse(span.getTags().containsKey("tag3"));
+    assertEquals(PROBE_ID.getId(), span.getTags().get("_dd.di.tag3.probe_id"));
+    assertEquals(
+        "Could not evaluate the expression because 'credMap[\"dave\"]' was redacted",
+        span.getTags().get("_dd.di.tag3.evaluation_error"));
+  }
+
+  @Test
+  public void typeRedactionConditions() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "com.datadog.debugger.CapturedSnapshot28";
+    Config config = mock(Config.class);
+    when(config.getDebuggerRedactedTypes())
+        .thenReturn("com.datadog.debugger.CapturedSnapshot28$Creds");
+    Redaction.addUserDefinedTypes(config);
+    SpanDecorationProbe.Decoration decoration1 =
+        createDecoration(
+            DSL.contains(
+                DSL.getMember(DSL.getMember(DSL.ref("this"), "creds"), "secretCode"),
+                new StringValue("123")),
+            "contains(this.creds.secretCode, '123')",
+            "tag1",
+            "foo");
+    SpanDecorationProbe.Decoration decoration2 =
+        createDecoration(
+            DSL.eq(DSL.getMember(DSL.ref("creds"), "secretCode"), DSL.value("123")),
+            "creds.secretCode == '123'",
+            "tag2",
+            "foo");
+    SpanDecorationProbe.Decoration decoration3 =
+        createDecoration(
+            DSL.eq(DSL.index(DSL.ref("credMap"), DSL.value("dave")), DSL.value("123")),
+            "credMap['dave'] == '123'",
+            "tag3",
+            "foo");
+    List<SpanDecorationProbe.Decoration> decorations =
+        Arrays.asList(decoration1, decoration2, decoration3);
+    installSingleSpanDecoration(
+        CLASS_NAME, ACTIVE, decorations, "process", "int (java.lang.String)");
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "secret123").get();
+    assertEquals(42, result);
+    assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag1"));
+    assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag2"));
+    assertFalse(traceInterceptor.getFirstSpan().getTags().containsKey("tag3"));
+    assertEquals(1, mockSink.getSnapshots().size());
+    Snapshot snapshot = mockSink.getSnapshots().get(0);
+    assertEquals(3, snapshot.getEvaluationErrors().size());
+    assertEquals(
+        "Could not evaluate the expression because 'this.creds' was redacted",
+        snapshot.getEvaluationErrors().get(0).getMessage());
+    assertEquals(
+        "Could not evaluate the expression because 'creds' was redacted",
+        snapshot.getEvaluationErrors().get(1).getMessage());
+    assertEquals(
+        "Could not evaluate the expression because 'credMap[\"dave\"]' was redacted",
+        snapshot.getEvaluationErrors().get(2).getMessage());
+  }
+
   private SpanDecorationProbe.Decoration createDecoration(String tagName, String valueDsl) {
     List<SpanDecorationProbe.Tag> tags =
         Arrays.asList(
@@ -305,6 +524,7 @@ private static SpanDecorationProbe createProbe(
       String... lines) {
     return createProbeBuilder(
             id, targetSpan, decorationList, typeName, methodName, signature, lines)
+        .evaluateAt(MethodLocation.EXIT)
         .build();
   }
 
@@ -362,24 +582,30 @@ private void installSpanDecorationProbes(String expectedClassName, Configuration
     Config config = mock(Config.class);
     when(config.isDebuggerEnabled()).thenReturn(true);
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
-    currentTransformer = new DebuggerTransformer(config, configuration);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    probeStatusSink = mock(ProbeStatusSink.class);
+    currentTransformer =
+        new DebuggerTransformer(
+            config, configuration, null, new DebuggerSink(config, probeStatusSink));
     instr.addTransformer(currentTransformer);
     mockSink = new MockSink();
     DebuggerAgentHelper.injectSink(mockSink);
     DebuggerContext.init(
-        (id, callingClass) ->
-            resolver(id, callingClass, expectedClassName, configuration.getSpanDecorationProbes()),
-        null);
+        (id, callingClass) -> resolver(id, callingClass, expectedClassName, configuration), null);
     DebuggerContext.initClassFilter(new DenyListHelper(null));
   }
 
   private ProbeImplementation resolver(
-      String id,
-      Class<?> callingClass,
-      String expectedClassName,
-      Collection<SpanDecorationProbe> spanDecorationProbes) {
+      String id, Class<?> callingClass, String expectedClassName, Configuration configuration) {
     Assertions.assertEquals(expectedClassName, callingClass.getName());
-    for (SpanDecorationProbe probe : spanDecorationProbes) {
+    for (SpanDecorationProbe probe : configuration.getSpanDecorationProbes()) {
+      if (probe.getId().equals(id)) {
+        return probe;
+      }
+    }
+    for (LogProbe probe : configuration.getLogProbes()) {
       if (probe.getId().equals(id)) {
         return probe;
       }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanProbeInstrumentationTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanProbeInstrumentationTest.java
index a92d0a72064..0764e1a5734 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanProbeInstrumentationTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/SpanProbeInstrumentationTest.java
@@ -3,14 +3,19 @@
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static utils.InstrumentationTestHelper.compileAndLoadClass;
 
 import com.datadog.debugger.probe.SpanProbe;
+import com.datadog.debugger.sink.DebuggerSink;
+import com.datadog.debugger.sink.ProbeStatusSink;
 import datadog.trace.api.Config;
 import datadog.trace.bootstrap.debugger.DebuggerContext;
 import datadog.trace.bootstrap.debugger.DebuggerSpan;
+import datadog.trace.bootstrap.debugger.ProbeId;
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
@@ -20,7 +25,7 @@
 import org.junit.jupiter.api.Test;
 
 public class SpanProbeInstrumentationTest extends ProbeInstrumentationTest {
-  private static final String SPAN_ID = "beae1807-f3b0-4ea8-a74f-826790c5e6f8";
+  private static final ProbeId SPAN_ID = new ProbeId("beae1807-f3b0-4ea8-a74f-826790c5e6f8", 0);
   private static final String SPAN_PROBEID_TAG =
       "debugger.probeid:beae1807-f3b0-4ea8-a74f-826790c5e6f8";
 
@@ -80,6 +85,17 @@ public void lineRangeSimpleSpan() throws IOException, URISyntaxException {
     assertArrayEquals(new String[] {SPAN_PROBEID_TAG}, span.tags);
   }
 
+  @Test
+  public void lineRangeErrorSimpleSpan() throws IOException, URISyntaxException {
+    final String CLASS_NAME = "CapturedSnapshot01";
+    MockTracer tracer = installSingleSpan(CLASS_NAME + ".java", 5, 9, null);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    int result = Reflect.on(testClass).call("main", "1").get();
+    assertEquals(3, result);
+    // instrumentation cannot happen, so no span generated
+    assertEquals(0, tracer.spans.size());
+  }
+
   @Test
   public void invalidLineSimpleSpan() throws IOException, URISyntaxException {
     final String CLASS_NAME = "CapturedSnapshot01";
@@ -88,9 +104,7 @@ public void invalidLineSimpleSpan() throws IOException, URISyntaxException {
     int result = Reflect.on(testClass).call("main", "1").get();
     assertEquals(3, result);
     assertEquals(0, tracer.spans.size());
-    assertEquals(1, mockSink.getCurrentDiagnostics().size());
-    assertEquals(
-        "No line info for range 4-10", mockSink.getCurrentDiagnostics().get(0).getMessage());
+    verify(probeStatusSink).addError(eq(SPAN_ID), eq("No line info for range 4-10"));
   }
 
   @Test
@@ -128,7 +142,14 @@ private MockTracer installSpanProbes(Configuration configuration) {
     Config config = mock(Config.class);
     when(config.isDebuggerEnabled()).thenReturn(true);
     when(config.isDebuggerClassFileDumpEnabled()).thenReturn(true);
-    currentTransformer = new DebuggerTransformer(config, configuration);
+    when(config.isDebuggerVerifyByteCode()).thenReturn(true);
+    when(config.getFinalDebuggerSnapshotUrl())
+        .thenReturn("http://localhost:8126/debugger/v1/input");
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    probeStatusSink = mock(ProbeStatusSink.class);
+    currentTransformer =
+        new DebuggerTransformer(
+            config, configuration, null, new DebuggerSink(config, probeStatusSink));
     instr.addTransformer(currentTransformer);
     mockSink = new MockSink();
     DebuggerAgentHelper.injectSink(mockSink);
@@ -185,20 +206,16 @@ public boolean isFinished() {
   }
 
   private static SpanProbe createSpan(
-      String id, String typeName, String methodName, String signature, String[] tags) {
+      ProbeId id, String typeName, String methodName, String signature, String[] tags) {
     return SpanProbe.builder()
-        .probeId(id, 0)
+        .probeId(id)
         .where(typeName, methodName, signature)
         .tags(tags)
         .build();
   }
 
   private static SpanProbe createSpan(
-      String id, String sourceFile, int lineFrom, int lineTill, String[] tags) {
-    return SpanProbe.builder()
-        .probeId(id, 0)
-        .where(sourceFile, lineFrom, lineTill)
-        .tags(tags)
-        .build();
+      ProbeId id, String sourceFile, int lineFrom, int lineTill, String[] tags) {
+    return SpanProbe.builder().probeId(id).where(sourceFile, lineFrom, lineTill).tags(tags).build();
   }
 }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/DebuggerSinkTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/DebuggerSinkTest.java
index c3792e2053b..61a40fa136f 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/DebuggerSinkTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/DebuggerSinkTest.java
@@ -71,6 +71,7 @@ void setUp() {
     when(config.getEnv()).thenReturn("test");
     when(config.getVersion()).thenReturn("foo");
     when(config.getDebuggerUploadBatchSize()).thenReturn(1);
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
 
     EXPECTED_SNAPSHOT_TAGS =
         "^env:test,version:foo,debugger_version:\\d+\\.\\d+\\.\\d+(-SNAPSHOT)?~[0-9a-f]+,agent_version:null,host_name:"
@@ -358,36 +359,9 @@ public void reconsiderFlushIntervalNoChange() {
   public void addSnapshotWithCorrelationIdsMethodProbe() throws URISyntaxException, IOException {
     DebuggerSink sink = new DebuggerSink(config, batchUploader);
     DebuggerAgentHelper.injectSerializer(new JsonSnapshotSerializer());
-    CapturedContext entry = new CapturedContext();
-    entry.addFields(
-        new CapturedValue[] {
-          CapturedValue.of("dd.trace_id", "java.lang.String", "123"),
-          CapturedValue.of("dd.span_id", "java.lang.String", "456"),
-        });
-    Snapshot snapshot = createSnapshot();
-    snapshot.setEntry(entry);
-    sink.addSnapshot(snapshot);
-    sink.flush(sink);
-    verify(batchUploader).upload(payloadCaptor.capture(), matches(EXPECTED_SNAPSHOT_TAGS));
-    String strPayload = new String(payloadCaptor.getValue(), StandardCharsets.UTF_8);
-    System.out.println(strPayload);
-    JsonSnapshotSerializer.IntakeRequest intakeRequest = assertOneIntakeRequest(strPayload);
-    assertEquals("123", intakeRequest.getTraceId());
-    assertEquals("456", intakeRequest.getSpanId());
-  }
-
-  @Test
-  public void addSnapshotWithCorrelationIdsLineProbe() throws URISyntaxException, IOException {
-    DebuggerSink sink = new DebuggerSink(config, batchUploader);
-    DebuggerAgentHelper.injectSerializer(new JsonSnapshotSerializer());
-    CapturedContext line = new CapturedContext();
-    line.addFields(
-        new CapturedValue[] {
-          CapturedValue.of("dd.trace_id", "java.lang.String", "123"),
-          CapturedValue.of("dd.span_id", "java.lang.String", "456"),
-        });
     Snapshot snapshot = createSnapshot();
-    snapshot.addLine(line, 25);
+    snapshot.setTraceId("123");
+    snapshot.setSpanId("456");
     sink.addSnapshot(snapshot);
     sink.flush(sink);
     verify(batchUploader).upload(payloadCaptor.capture(), matches(EXPECTED_SNAPSHOT_TAGS));
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/SymbolSinkTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/SymbolSinkTest.java
new file mode 100644
index 00000000000..d158780d92e
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/sink/SymbolSinkTest.java
@@ -0,0 +1,53 @@
+package com.datadog.debugger.sink;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import com.datadog.debugger.symbol.Scope;
+import com.datadog.debugger.symbol.ScopeType;
+import com.datadog.debugger.uploader.BatchUploader;
+import datadog.trace.api.Config;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+class SymbolSinkTest {
+
+  @Test
+  public void testFlush() {
+    SymbolUploaderMock symbolUploaderMock = new SymbolUploaderMock();
+    Config config = mock(Config.class);
+    when(config.getServiceName()).thenReturn("service1");
+    SymbolSink symbolSink = new SymbolSink(config, symbolUploaderMock);
+    symbolSink.addScope(Scope.builder(ScopeType.JAR, null, 0, 0).build());
+    symbolSink.flush();
+    assertEquals(2, symbolUploaderMock.multiPartContents.size());
+    BatchUploader.MultiPartContent eventContent = symbolUploaderMock.multiPartContents.get(0);
+    assertEquals("event", eventContent.getPartName());
+    assertEquals("event.json", eventContent.getFileName());
+    String strEventContent = new String(eventContent.getContent());
+    assertTrue(strEventContent.contains("\"ddsource\": \"dd_debugger\""));
+    assertTrue(strEventContent.contains("\"service\": \"service1\""));
+    BatchUploader.MultiPartContent symbolContent = symbolUploaderMock.multiPartContents.get(1);
+    assertEquals("file", symbolContent.getPartName());
+    assertEquals("file.json", symbolContent.getFileName());
+    assertEquals(
+        "{\"language\":\"JAVA\",\"scopes\":[{\"end_line\":0,\"scope_type\":\"JAR\",\"start_line\":0}],\"service\":\"service1\"}",
+        new String(symbolContent.getContent()));
+  }
+
+  static class SymbolUploaderMock extends BatchUploader {
+    final List<MultiPartContent> multiPartContents = new ArrayList<>();
+
+    public SymbolUploaderMock() {
+      super(Config.get(), "http://localhost");
+    }
+
+    @Override
+    public void uploadAsMultipart(String tags, MultiPartContent... parts) {
+      multiPartContents.addAll(Arrays.asList(parts));
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/symbol/SymbolExtractionTransformerTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/symbol/SymbolExtractionTransformerTest.java
new file mode 100644
index 00000000000..990efce48e6
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/symbol/SymbolExtractionTransformerTest.java
@@ -0,0 +1,724 @@
+package com.datadog.debugger.symbol;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.mockito.Mockito.when;
+import static utils.InstrumentationTestHelper.compileAndLoadClass;
+
+import com.datadog.debugger.sink.SymbolSink;
+import datadog.trace.api.Config;
+import java.io.IOException;
+import java.lang.instrument.Instrumentation;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.function.Supplier;
+import net.bytebuddy.agent.ByteBuddyAgent;
+import org.joor.Reflect;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+class SymbolExtractionTransformerTest {
+  private static final String SYMBOL_PACKAGE = "com.datadog.debugger.symbol.";
+  private static final String SYMBOL_PACKAGE_DIR = SYMBOL_PACKAGE.replace('.', '/');
+
+  private Instrumentation instr = ByteBuddyAgent.install();
+  private Config config;
+
+  @BeforeEach
+  public void setUp() {
+    config = Mockito.mock(Config.class);
+    when(config.getDebuggerSymbolIncludes()).thenReturn(SYMBOL_PACKAGE);
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    when(config.getDebuggerSymbolFlushThreshold()).thenReturn(1);
+  }
+
+  @Test
+  public void noIncludesFilterOutDatadogClass() throws IOException, URISyntaxException {
+    config = Mockito.mock(Config.class);
+    when(config.getFinalDebuggerSymDBUrl()).thenReturn("http://localhost:8126/symdb/v1/input");
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction01";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    assertFalse(
+        symbolSinkMock.jarScopes.stream()
+            .flatMap(scope -> scope.getScopes().stream())
+            .anyMatch(scope -> scope.getName().equals(CLASS_NAME)));
+  }
+
+  @Test
+  public void symbolExtraction01() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction01";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction01.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 2, 20, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 2, 2, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 4, 20, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 4);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 4, 20, SOURCE_FILE, 1, 2);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        4);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "var3",
+        Integer.TYPE.getTypeName(),
+        19);
+    Scope ifLine5Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(ifLine5Scope, ScopeType.LOCAL, null, 6, 17, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        ifLine5Scope.getSymbols().get(0), SymbolType.LOCAL, "var2", Integer.TYPE.getTypeName(), 6);
+    Scope forLine7Scope = ifLine5Scope.getScopes().get(0);
+    assertScope(forLine7Scope, ScopeType.LOCAL, null, 7, 15, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        forLine7Scope.getSymbols().get(0), SymbolType.LOCAL, "i", Integer.TYPE.getTypeName(), 7);
+    Scope forBodyLine7Scope = forLine7Scope.getScopes().get(0);
+    assertScope(forBodyLine7Scope, ScopeType.LOCAL, null, 8, 15, SOURCE_FILE, 1, 3);
+    assertSymbol(
+        forBodyLine7Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "foo",
+        Integer.TYPE.getTypeName(),
+        8);
+    assertSymbol(
+        forBodyLine7Scope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "bar",
+        Integer.TYPE.getTypeName(),
+        9);
+    assertSymbol(
+        forBodyLine7Scope.getSymbols().get(2),
+        SymbolType.LOCAL,
+        "j",
+        Integer.TYPE.getTypeName(),
+        11);
+    Scope whileLine12 = forBodyLine7Scope.getScopes().get(0);
+    assertScope(whileLine12, ScopeType.LOCAL, null, 13, 14, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        whileLine12.getSymbols().get(0), SymbolType.LOCAL, "var4", Integer.TYPE.getTypeName(), 13);
+  }
+
+  @Test
+  public void symbolExtraction02() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction02";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction02.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 6, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 6, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 6, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        String.class.getTypeName(),
+        5);
+  }
+
+  @Test
+  public void symbolExtraction03() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction03";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction03.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 4, 28, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 4, 4, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 6, 28, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 6);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 6, 28, SOURCE_FILE, 2, 2);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        String.class.getTypeName(),
+        6);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "var5",
+        String.class.getTypeName(),
+        27);
+    Scope elseLine10Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(elseLine10Scope, ScopeType.LOCAL, null, 12, 24, SOURCE_FILE, 1, 4);
+    assertSymbol(
+        elseLine10Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var31",
+        String.class.getTypeName(),
+        12);
+    assertSymbol(
+        elseLine10Scope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "var32",
+        String.class.getTypeName(),
+        13);
+    assertSymbol(
+        elseLine10Scope.getSymbols().get(2),
+        SymbolType.LOCAL,
+        "var30",
+        String.class.getTypeName(),
+        15);
+    assertSymbol(
+        elseLine10Scope.getSymbols().get(3),
+        SymbolType.LOCAL,
+        "var3",
+        String.class.getTypeName(),
+        17);
+    Scope ifLine19Scope = elseLine10Scope.getScopes().get(0);
+    assertScope(ifLine19Scope, ScopeType.LOCAL, null, 20, 21, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        ifLine19Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var4",
+        String.class.getTypeName(),
+        20);
+  }
+
+  @Test
+  public void symbolExtraction04() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction04";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction04.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 18, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 18, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 18, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        String.class.getTypeName(),
+        5);
+    Scope forLine6Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(forLine6Scope, ScopeType.LOCAL, null, 6, 15, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        forLine6Scope.getSymbols().get(0), SymbolType.LOCAL, "i", Integer.TYPE.getTypeName(), 6);
+    Scope forBodyLine6Scope = forLine6Scope.getScopes().get(0);
+    assertScope(forBodyLine6Scope, ScopeType.LOCAL, null, 7, 15, SOURCE_FILE, 1, 2);
+    assertSymbol(
+        forBodyLine6Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "j",
+        Integer.TYPE.getTypeName(),
+        8);
+    assertSymbol(
+        forBodyLine6Scope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "var2",
+        String.class.getTypeName(),
+        7);
+    Scope forBodyLine8Scope = forBodyLine6Scope.getScopes().get(0);
+    assertScope(forBodyLine8Scope, ScopeType.LOCAL, null, 9, 15, SOURCE_FILE, 1, 2);
+    assertSymbol(
+        forBodyLine8Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var3",
+        String.class.getTypeName(),
+        9);
+    assertSymbol(
+        forBodyLine8Scope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "var5",
+        String.class.getTypeName(),
+        14);
+    Scope forLine10Scope = forBodyLine8Scope.getScopes().get(0);
+    assertScope(forLine10Scope, ScopeType.LOCAL, null, 10, 12, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        forLine10Scope.getSymbols().get(0), SymbolType.LOCAL, "k", Integer.TYPE.getTypeName(), 10);
+    Scope forBodyLine10Scope = forLine10Scope.getScopes().get(0);
+    assertScope(forBodyLine10Scope, ScopeType.LOCAL, null, 11, 12, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        forBodyLine10Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var4",
+        String.class.getTypeName(),
+        11);
+  }
+
+  @Test
+  public void symbolExtraction05() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction05";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction05.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 15, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 15, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 15, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "i",
+        Integer.TYPE.getTypeName(),
+        5);
+    Scope whileLine6Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(whileLine6Scope, ScopeType.LOCAL, null, 7, 13, SOURCE_FILE, 1, 2);
+    assertSymbol(
+        whileLine6Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        7);
+    assertSymbol(
+        whileLine6Scope.getSymbols().get(1), SymbolType.LOCAL, "j", Integer.TYPE.getTypeName(), 8);
+    Scope whileLine9Scope = whileLine6Scope.getScopes().get(0);
+    assertScope(whileLine9Scope, ScopeType.LOCAL, null, 10, 11, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        whileLine9Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var2",
+        Integer.TYPE.getTypeName(),
+        10);
+  }
+
+  @Test
+  public void symbolExtraction06() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction06";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction06.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 13, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 13, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 13, SOURCE_FILE, 2, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        5);
+    Scope catchLine9Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(catchLine9Scope, ScopeType.LOCAL, null, 9, 11, SOURCE_FILE, 0, 2);
+    assertSymbol(
+        catchLine9Scope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var3",
+        Integer.TYPE.getTypeName(),
+        10);
+    assertSymbol(
+        catchLine9Scope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "rte",
+        RuntimeException.class.getTypeName(),
+        9);
+    Scope tryLine6Scope = mainMethodLocalScope.getScopes().get(1);
+    assertScope(tryLine6Scope, ScopeType.LOCAL, null, 7, 8, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        tryLine6Scope.getSymbols().get(0), SymbolType.LOCAL, "var2", Integer.TYPE.getTypeName(), 7);
+  }
+
+  @Test
+  public void symbolExtraction07() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction07";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction07.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 10, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 10, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 10, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "i",
+        Integer.TYPE.getTypeName(),
+        5);
+    Scope doLine6Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(doLine6Scope, ScopeType.LOCAL, null, 7, 8, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        doLine6Scope.getSymbols().get(0), SymbolType.LOCAL, "j", Integer.TYPE.getTypeName(), 7);
+  }
+
+  @Test
+  public void symbolExtraction08() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction08";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction08.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 11, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 11, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 11, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        5);
+    Scope line6Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(line6Scope, ScopeType.LOCAL, null, 7, 9, SOURCE_FILE, 0, 2);
+    assertSymbol(
+        line6Scope.getSymbols().get(0), SymbolType.LOCAL, "var2", Integer.TYPE.getTypeName(), 7);
+    assertSymbol(
+        line6Scope.getSymbols().get(1), SymbolType.LOCAL, "var3", Integer.TYPE.getTypeName(), 8);
+  }
+
+  @Test
+  public void symbolExtraction09() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction09";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction09.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 5, 23, SOURCE_FILE, 6, 2);
+    assertSymbol(
+        classScope.getSymbols().get(0),
+        SymbolType.STATIC_FIELD,
+        "staticIntField",
+        Integer.TYPE.getTypeName(),
+        0);
+    assertSymbol(
+        classScope.getSymbols().get(1),
+        SymbolType.FIELD,
+        "intField",
+        Integer.TYPE.getTypeName(),
+        0);
+    assertScope(
+        classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 5, 17, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 8, 14, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 8);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 8, 14, SOURCE_FILE, 0, 3);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "outside",
+        Integer.TYPE.getTypeName(),
+        8);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "outside2",
+        Integer.TYPE.getTypeName(),
+        9);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(2),
+        SymbolType.LOCAL,
+        "lambda",
+        Supplier.class.getTypeName(),
+        10);
+    Scope processMethodScope = classScope.getScopes().get(2);
+    assertScope(processMethodScope, ScopeType.METHOD, "process", 19, 23, SOURCE_FILE, 1, 0);
+    Scope processMethodLocalScope = processMethodScope.getScopes().get(0);
+    assertScope(processMethodLocalScope, ScopeType.LOCAL, null, 19, 23, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        processMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "supplier",
+        Supplier.class.getTypeName(),
+        19);
+    Scope supplierClosureScope = classScope.getScopes().get(3);
+    assertScope(
+        supplierClosureScope, ScopeType.CLOSURE, "lambda$process$1", 20, 21, SOURCE_FILE, 1, 0);
+    Scope supplierClosureLocalScope = supplierClosureScope.getScopes().get(0);
+    assertScope(supplierClosureLocalScope, ScopeType.LOCAL, null, 20, 21, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        supplierClosureLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        20);
+    Scope lambdaClosureScope = classScope.getScopes().get(4);
+    assertScope(lambdaClosureScope, ScopeType.CLOSURE, "lambda$main$0", 11, 12, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        lambdaClosureScope.getSymbols().get(0),
+        SymbolType.ARG,
+        "outside",
+        Integer.TYPE.getTypeName(),
+        11);
+    Scope lambdaMethodLocalScope = lambdaClosureScope.getScopes().get(0);
+    assertScope(lambdaMethodLocalScope, ScopeType.LOCAL, null, 11, 12, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        lambdaMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        11);
+    Scope clinitMethodScope = classScope.getScopes().get(5);
+    assertScope(clinitMethodScope, ScopeType.METHOD, "<clinit>", 6, 6, SOURCE_FILE, 0, 0);
+  }
+
+  @Test
+  public void symbolExtraction10() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction10";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction10.java";
+    when(config.getDebuggerSymbolFlushThreshold()).thenReturn(2);
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", "1").get();
+    assertEquals(2, symbolSinkMock.jarScopes.get(0).getScopes().size());
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 6, SOURCE_FILE, 2, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 3, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 5, 6, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", String.class.getTypeName(), 5);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 5, 6, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "winner",
+        "com.datadog.debugger.symbol.SymbolExtraction10$Inner",
+        5);
+    Scope innerClassScope = symbolSinkMock.jarScopes.get(0).getScopes().get(1);
+    assertScope(innerClassScope, ScopeType.CLASS, CLASS_NAME + "$Inner", 9, 13, SOURCE_FILE, 2, 1);
+    assertSymbol(
+        innerClassScope.getSymbols().get(0),
+        SymbolType.FIELD,
+        "field1",
+        Integer.TYPE.getTypeName(),
+        0);
+    assertScope(
+        innerClassScope.getScopes().get(0), ScopeType.METHOD, "<init>", 9, 10, SOURCE_FILE, 0, 0);
+    Scope addToMethod = innerClassScope.getScopes().get(1);
+    assertScope(addToMethod, ScopeType.METHOD, "addTo", 12, 13, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        addToMethod.getSymbols().get(0), SymbolType.ARG, "arg", Integer.TYPE.getTypeName(), 12);
+    Scope addToMethodLocalScope = addToMethod.getScopes().get(0);
+    assertScope(addToMethodLocalScope, ScopeType.LOCAL, null, 12, 13, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        addToMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        12);
+  }
+
+  @Test
+  public void symbolExtraction11() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction11";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction11.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", 1).get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 3, 11, SOURCE_FILE, 2, 1);
+    assertSymbol(
+        classScope.getSymbols().get(0), SymbolType.FIELD, "field1", Integer.TYPE.getTypeName(), 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 3, 4, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 6, 11, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", Integer.TYPE.getTypeName(), 6);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 6, 11, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "var1",
+        Integer.TYPE.getTypeName(),
+        6);
+    Scope ifLine7Scope = mainMethodLocalScope.getScopes().get(0);
+    assertScope(ifLine7Scope, ScopeType.LOCAL, null, 8, 9, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        ifLine7Scope.getSymbols().get(0), SymbolType.LOCAL, "var2", Integer.TYPE.getTypeName(), 8);
+  }
+
+  @Test
+  public void symbolExtraction12() throws IOException, URISyntaxException {
+    final String CLASS_NAME = SYMBOL_PACKAGE + "SymbolExtraction12";
+    final String SOURCE_FILE = SYMBOL_PACKAGE_DIR + "SymbolExtraction12.java";
+    SymbolSinkMock symbolSinkMock = new SymbolSinkMock(config);
+    SymbolExtractionTransformer transformer =
+        new SymbolExtractionTransformer(symbolSinkMock, config);
+    instr.addTransformer(transformer);
+    Class<?> testClass = compileAndLoadClass(CLASS_NAME);
+    Reflect.on(testClass).call("main", 1).get();
+    Scope classScope = symbolSinkMock.jarScopes.get(0).getScopes().get(0);
+    assertScope(classScope, ScopeType.CLASS, CLASS_NAME, 6, 20, SOURCE_FILE, 7, 0);
+    assertScope(classScope.getScopes().get(0), ScopeType.METHOD, "<init>", 6, 6, SOURCE_FILE, 0, 0);
+    Scope mainMethodScope = classScope.getScopes().get(1);
+    assertScope(mainMethodScope, ScopeType.METHOD, "main", 8, 13, SOURCE_FILE, 1, 1);
+    assertSymbol(
+        mainMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", Integer.TYPE.getTypeName(), 8);
+    Scope mainMethodLocalScope = mainMethodScope.getScopes().get(0);
+    assertScope(mainMethodLocalScope, ScopeType.LOCAL, null, 8, 13, SOURCE_FILE, 0, 2);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(0),
+        SymbolType.LOCAL,
+        "list",
+        List.class.getTypeName(),
+        8);
+    assertSymbol(
+        mainMethodLocalScope.getSymbols().get(1),
+        SymbolType.LOCAL,
+        "sum",
+        Integer.TYPE.getTypeName(),
+        12);
+    Scope fooMethodScope = classScope.getScopes().get(2);
+    assertScope(fooMethodScope, ScopeType.METHOD, "foo", 17, 20, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        fooMethodScope.getSymbols().get(0), SymbolType.ARG, "arg", Integer.TYPE.getTypeName(), 17);
+    Scope lambdaFoo3MethodScope = classScope.getScopes().get(3);
+    assertScope(
+        lambdaFoo3MethodScope, ScopeType.CLOSURE, "lambda$foo$3", 19, 19, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        lambdaFoo3MethodScope.getSymbols().get(0),
+        SymbolType.ARG,
+        "x",
+        Integer.TYPE.getTypeName(),
+        19);
+    Scope lambdaFoo2MethodScope = classScope.getScopes().get(4);
+    assertScope(
+        lambdaFoo2MethodScope, ScopeType.CLOSURE, "lambda$foo$2", 19, 19, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        lambdaFoo2MethodScope.getSymbols().get(0),
+        SymbolType.ARG,
+        "x",
+        Integer.class.getTypeName(),
+        19);
+    Scope lambdaMain1MethodScope = classScope.getScopes().get(5);
+    assertScope(
+        lambdaMain1MethodScope, ScopeType.CLOSURE, "lambda$main$1", 11, 11, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        lambdaMain1MethodScope.getSymbols().get(0),
+        SymbolType.ARG,
+        "x",
+        Integer.TYPE.getTypeName(),
+        11);
+    Scope lambdaMain0MethodScope = classScope.getScopes().get(6);
+    assertScope(
+        lambdaMain0MethodScope, ScopeType.CLOSURE, "lambda$main$0", 11, 11, SOURCE_FILE, 0, 1);
+    assertSymbol(
+        lambdaMain0MethodScope.getSymbols().get(0),
+        SymbolType.ARG,
+        "x",
+        Integer.class.getTypeName(),
+        11);
+  }
+
+  private static void assertScope(
+      Scope scope,
+      ScopeType scopeType,
+      String name,
+      int startLine,
+      int endLine,
+      String sourceFile,
+      int nbScopes,
+      int nbSymbols) {
+    assertEquals(scopeType, scope.getScopeType());
+    assertEquals(name, scope.getName());
+    assertEquals(startLine, scope.getStartLine());
+    assertEquals(endLine, scope.getEndLine());
+    assertEquals(sourceFile, scope.getSourceFile());
+    assertEquals(nbScopes, scope.getScopes().size());
+    assertEquals(nbSymbols, scope.getSymbols().size());
+  }
+
+  private void assertSymbol(
+      Symbol symbol, SymbolType symbolType, String name, String type, int line) {
+    assertEquals(symbolType, symbol.getSymbolType());
+    assertEquals(name, symbol.getName());
+    assertEquals(type, symbol.getType());
+    assertEquals(line, symbol.getLine());
+  }
+
+  static class SymbolSinkMock extends SymbolSink {
+    final List<Scope> jarScopes = new ArrayList<>();
+
+    public SymbolSinkMock(Config config) {
+      super(config);
+    }
+
+    @Override
+    public boolean addScope(Scope jarScope) {
+      return jarScopes.add(jarScope);
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/uploader/BatchUploaderTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/uploader/BatchUploaderTest.java
index c2fe8cf06b0..99a9e7db46e 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/uploader/BatchUploaderTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/uploader/BatchUploaderTest.java
@@ -1,5 +1,6 @@
 package com.datadog.debugger.uploader;
 
+import static com.datadog.debugger.uploader.BatchUploader.HEADER_DD_API_KEY;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
@@ -13,10 +14,8 @@
 import datadog.trace.relocate.api.RatelimitedLogger;
 import java.io.IOException;
 import java.net.ConnectException;
-import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 import okhttp3.ConnectionSpec;
@@ -41,6 +40,7 @@ public class BatchUploaderTest {
   private final Duration REQUEST_TIMEOUT = Duration.ofSeconds(10);
   private final Duration REQUEST_IO_OPERATION_TIMEOUT = Duration.ofSeconds(5);
   private final Duration FOREVER_REQUEST_TIMEOUT = Duration.ofSeconds(1000);
+  private static final String API_KEY_VALUE = "testkey";
 
   @Mock private Config config;
   @Mock private RatelimitedLogger ratelimitedLogger;
@@ -55,10 +55,9 @@ public void setup() throws IOException {
     server.start();
     url = server.url(URL_PATH);
 
-    when(config.getFinalDebuggerSnapshotUrl()).thenReturn(server.url(URL_PATH).toString());
     when(config.getDebuggerUploadTimeout()).thenReturn((int) REQUEST_TIMEOUT.getSeconds());
 
-    uploader = new BatchUploader(config, ratelimitedLogger);
+    uploader = new BatchUploader(config, url.toString(), ratelimitedLogger);
   }
 
   @AfterEach
@@ -73,9 +72,7 @@ public void tearDown() throws IOException {
 
   @Test
   void testOkHttpClientForcesCleartextConnspecWhenNotUsingTLS() {
-    when(config.getFinalDebuggerSnapshotUrl()).thenReturn("http://example.com");
-
-    uploader = new BatchUploader(config);
+    uploader = new BatchUploader(config, "http://example.com");
 
     final List<ConnectionSpec> connectionSpecs = uploader.getClient().connectionSpecs();
     assertEquals(connectionSpecs.size(), 1);
@@ -84,9 +81,7 @@ void testOkHttpClientForcesCleartextConnspecWhenNotUsingTLS() {
 
   @Test
   void testOkHttpClientUsesDefaultConnspecsOverTLS() {
-    when(config.getFinalDebuggerSnapshotUrl()).thenReturn("https://example.com");
-
-    uploader = new BatchUploader(config);
+    uploader = new BatchUploader(config, "https://example.com");
 
     final List<ConnectionSpec> connectionSpecs = uploader.getClient().connectionSpecs();
     assertEquals(connectionSpecs.size(), 2);
@@ -163,7 +158,7 @@ public void testTooManyRequests() throws IOException, InterruptedException {
     // We need to make sure that initial requests that fill up the queue hang to the duration of the
     // test. So we specify insanely large timeout here.
     when(config.getDebuggerUploadTimeout()).thenReturn((int) FOREVER_REQUEST_TIMEOUT.getSeconds());
-    uploader = new BatchUploader(config);
+    uploader = new BatchUploader(config, url.toString());
 
     // We have to block all parallel requests to make sure queue is kept full
     for (int i = 0; i < BatchUploader.MAX_RUNNING_REQUESTS; i++) {
@@ -178,13 +173,11 @@ public void testTooManyRequests() throws IOException, InterruptedException {
       uploader.upload(SNAPSHOT_BUFFER);
     }
 
-    final List<ByteBuffer> hangingRequests = new ArrayList<>();
     // We schedule one additional request to check case when request would be rejected immediately
     // rather than added to the queue.
     for (int i = 0; i < BatchUploader.MAX_ENQUEUED_REQUESTS + 1; i++) {
       uploader.upload(SNAPSHOT_BUFFER);
     }
-
     // Make sure all expected requests happened
     for (int i = 0; i < BatchUploader.MAX_RUNNING_REQUESTS; i++) {
       assertNotNull(server.takeRequest(5, TimeUnit.SECONDS));
@@ -205,15 +198,15 @@ public void testShutdown() throws IOException, InterruptedException {
 
   @Test
   public void testEmptyUrl() {
-    when(config.getFinalDebuggerSnapshotUrl()).thenReturn("");
-    Assertions.assertThrows(IllegalArgumentException.class, () -> new BatchUploader(config));
+    Assertions.assertThrows(IllegalArgumentException.class, () -> new BatchUploader(config, ""));
   }
 
   @Test
   public void testNoContainerId() throws InterruptedException {
     // we don't explicitly specify a container ID
     server.enqueue(new MockResponse().setResponseCode(200));
-    BatchUploader uploaderWithNoContainerId = new BatchUploader(config, ratelimitedLogger, null);
+    BatchUploader uploaderWithNoContainerId =
+        new BatchUploader(config, url.toString(), ratelimitedLogger, null);
 
     uploaderWithNoContainerId.upload(SNAPSHOT_BUFFER);
     uploaderWithNoContainerId.shutdown();
@@ -227,11 +220,24 @@ public void testContainerIdHeader() throws InterruptedException {
     server.enqueue(new MockResponse().setResponseCode(200));
 
     BatchUploader uploaderWithContainerId =
-        new BatchUploader(config, ratelimitedLogger, "testContainerId");
+        new BatchUploader(config, url.toString(), ratelimitedLogger, "testContainerId");
     uploaderWithContainerId.upload(SNAPSHOT_BUFFER);
     uploaderWithContainerId.shutdown();
 
     RecordedRequest request = server.takeRequest(100, TimeUnit.MILLISECONDS);
     assertEquals("testContainerId", request.getHeader("Datadog-Container-ID"));
   }
+
+  @Test
+  public void testApiKey() throws InterruptedException {
+    server.enqueue(new MockResponse().setResponseCode(200));
+    when(config.getApiKey()).thenReturn(API_KEY_VALUE);
+
+    BatchUploader uploaderWithApiKey = new BatchUploader(config, url.toString(), ratelimitedLogger);
+    uploaderWithApiKey.upload(SNAPSHOT_BUFFER);
+    uploaderWithApiKey.shutdown();
+
+    RecordedRequest request = server.takeRequest(100, TimeUnit.MILLISECONDS);
+    assertEquals(API_KEY_VALUE, request.getHeader(HEADER_DD_API_KEY));
+  }
 }
diff --git a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/util/StringTokenWriterTest.java b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/util/StringTokenWriterTest.java
index 1113191d087..71dc9950db2 100644
--- a/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/util/StringTokenWriterTest.java
+++ b/dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/util/StringTokenWriterTest.java
@@ -99,20 +99,15 @@ public void maps() throws Exception {
   }
 
   @Test
-  public void arrayListSizeThrows() throws Exception {
-    class MyArrayList<T> extends ArrayList<T> {
-      @Override
-      public int size() {
-        throw new UnsupportedOperationException("size");
-      }
-    }
+  public void collectionUnknown() throws Exception {
+    class MyArrayList<T> extends ArrayList<T> {}
     assertEquals(
-        "[](Error: java.lang.UnsupportedOperationException: size)",
+        "[](Error: java.lang.RuntimeException: Unsupported Collection type: com.datadog.debugger.util.StringTokenWriterTest$1MyArrayList)",
         serializeValue(new MyArrayList<>(), Limits.DEFAULT));
   }
 
   @Test
-  public void entrySetThrows() throws Exception {
+  public void mapUnknown() throws Exception {
     class MyMap<K, V> extends HashMap<K, V> {
       @Override
       public Set<Entry<K, V>> entrySet() {
@@ -120,7 +115,7 @@ public Set<Entry<K, V>> entrySet() {
       }
     }
     assertEquals(
-        "{}(Error: java.lang.UnsupportedOperationException: entrySet)",
+        "{}(Error: java.lang.RuntimeException: Unsupported Map type: com.datadog.debugger.util.StringTokenWriterTest$1MyMap)",
         serializeValue(new MyMap<String, String>(), Limits.DEFAULT));
   }
 
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot20.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot20.java
index 4ceff843986..07e5fa48828 100644
--- a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot20.java
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot20.java
@@ -34,6 +34,7 @@ public static int main(String arg) {
   }
 
   private int process(String arg) {
-    return intField;
+    int intLocal = intField + 42;
+    return intLocal;
   }
 }
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot24.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot24.java
index 8bfa6e43b3b..3bb7c2aecb7 100644
--- a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot24.java
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot24.java
@@ -1,9 +1,6 @@
 package com.datadog.debugger;
 
 import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
 
 public class CapturedSnapshot24 {
 
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot26.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot26.java
new file mode 100644
index 00000000000..f75d7af6909
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot26.java
@@ -0,0 +1,53 @@
+package com.datadog.debugger;
+
+import java.util.HashMap;
+
+public class CapturedSnapshot26 {
+
+  private Holder<String, String> holder = new Holder<>(this);
+  private HolderWithException<String, String> holderWithException = new HolderWithException<>(this);
+
+  public static int main(String arg) {
+    CapturedSnapshot26 cs26 = new CapturedSnapshot26();
+    if ("exception".equals(arg)) {
+      return cs26.doItException(arg);
+    }
+    return cs26.doit(arg);
+  }
+
+  private int doit(String arg) {
+    holder.put("foo", "bar");
+    return holder.size();
+  }
+
+  private int doItException(String arg) {
+    holderWithException.put("foo", "bar");
+    return holderWithException.size();
+  }
+
+  static class Holder<K, V> extends HashMap<K, V> {
+    private final CapturedSnapshot26 capturedSnapshot26;
+
+    public Holder(CapturedSnapshot26 capturedSnapshot26) {
+      this.capturedSnapshot26 = capturedSnapshot26;
+    }
+
+    @Override
+    public int size() {
+      return super.size();
+    }
+  }
+
+  static class HolderWithException<K, V> extends HashMap<K, V> {
+    private final CapturedSnapshot26 capturedSnapshot26;
+
+    public HolderWithException(CapturedSnapshot26 capturedSnapshot26) {
+      this.capturedSnapshot26 = capturedSnapshot26;
+    }
+
+    @Override
+    public int size() {
+      throw new UnsupportedOperationException("not supported");
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot27.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot27.java
new file mode 100644
index 00000000000..df2c9f41a0c
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot27.java
@@ -0,0 +1,40 @@
+package com.datadog.debugger;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class CapturedSnapshot27 {
+  private HashMap<String, String> strMap = new HashMap<>();
+  private Map<String, Creds> credMap = new HashMap<>();
+  {
+    strMap.put("foo1", "bar1");
+    strMap.put("foo3", "bar3");
+    credMap.put("dave", new Creds("dave", "secret456"));
+  }
+
+  private String password;
+  private Creds creds;
+
+  private int doit(String arg) {
+    creds = new Creds("john", arg);
+    password = arg;
+    String secret = arg;
+    strMap.put("password", arg);
+    return 42;
+  }
+
+  public static int main(String arg) {
+    CapturedSnapshot27 cs27 = new CapturedSnapshot27();
+    return cs27.doit(arg);
+  }
+
+  static class Creds {
+    private String user;
+    private String secretCode;
+
+    public Creds(String user, String secretCode) {
+      this.user = user;
+      this.secretCode = secretCode;
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot28.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot28.java
new file mode 100644
index 00000000000..160472ecf92
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/CapturedSnapshot28.java
@@ -0,0 +1,54 @@
+package com.datadog.debugger;
+
+import datadog.trace.agent.tooling.TracerInstaller;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.ScopeSource;
+import datadog.trace.core.CoreTracer;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class CapturedSnapshot28 {
+  private String password;
+  private Creds creds;
+  private final Map<String, String> strMap = new HashMap<>();
+  private final Map<String, Creds> credMap = new HashMap<>();
+  {
+    strMap.put("foo1", "bar1");
+    strMap.put("foo2", "bar2");
+    strMap.put("foo3", "bar3");
+    credMap.put("dave", new Creds("dave", "secret456"));
+  }
+
+  public static int main(String arg) {
+    AgentTracer.TracerAPI tracerAPI = AgentTracer.get();
+    AgentSpan span = tracerAPI.buildSpan("process").start();
+    try (AgentScope scope = tracerAPI.activateSpan(span, ScopeSource.MANUAL)) {
+      return new CapturedSnapshot28().process(arg);
+    } finally {
+      span.finish();
+    }
+  }
+
+  private int process(String arg) {
+    creds = new Creds("john", arg);
+    password = arg;
+    String secret = arg;
+    strMap.put("password", arg);
+    return 42;
+  }
+
+  static class Creds {
+    private String user;
+    private String secretCode;
+
+    public Creds(String user, String secretCode) {
+      this.user = user;
+      this.secretCode = secretCode;
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/classfiles/JavacBug.class b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/classfiles/JavacBug.class
new file mode 100644
index 00000000000..58c4aa2d0e5
Binary files /dev/null and b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/classfiles/JavacBug.class differ
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction01.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction01.java
new file mode 100644
index 00000000000..aea27733512
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction01.java
@@ -0,0 +1,22 @@
+package com.datadog.debugger.symbol;
+public class SymbolExtraction01 {
+  public static int main(String arg) {
+    int var1 = 1;
+    if (Integer.parseInt(arg) == 2) {
+      int var2 = 2;
+      for (int i = 0; i <= 9; i++) {
+        int foo = 13;
+        int bar = 13;
+        System.out.println(i + foo + bar);
+        int j = 0;
+        while (j < 10) {
+          int var4 = 1;
+          j++;
+        }
+      }
+      return var2;
+    }
+    int var3 = 3;
+    return var1 + var3;
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction02.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction02.java
new file mode 100644
index 00000000000..2b0396c23a5
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction02.java
@@ -0,0 +1,8 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction02 {
+  public static int main(String arg) {
+    String var1 = "var1";
+    return var1.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction03.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction03.java
new file mode 100644
index 00000000000..bc2be93c149
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction03.java
@@ -0,0 +1,30 @@
+
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction03 {
+  public static int main(String arg) {
+    String var1 = "var1";
+    if (arg.equals("foo")) {
+      String var2 = "var2";
+      System.out.println(var2);
+    } else {
+      System.out.println(var1);
+      String var31 = "var31";
+      String var32 = "var32";
+      System.out.println(var1);
+      String var30 = "var30";
+      System.out.println(var1);
+      String var3 = "var3";
+      System.out.println(var3);
+      if (arg.equals(var3)) {
+        String var4 = "var4";
+        System.out.println(var4);
+      }
+      if (arg.equals(var1)) {
+        return var3.length();
+      }
+    }
+    String var5 = "var5";
+    return var1.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction04.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction04.java
new file mode 100644
index 00000000000..f667317cb92
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction04.java
@@ -0,0 +1,20 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction04 {
+  public static int main(String arg) {
+    String var1 = "var1";
+    for (int i = 0; i < 10; i++) {
+      String var2 = "var2";
+      for (int j = 0; j < 10; j++) {
+        String var3 = "var3";
+        for (int k = 0; k < 10; k++) {
+          String var4 = "var4";
+          System.out.println("var4 = " + var4);
+        }
+        String var5 = "var5";
+        System.out.println("var5 = " + var5);
+      }
+    }
+    return var1.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction05.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction05.java
new file mode 100644
index 00000000000..327adb10431
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction05.java
@@ -0,0 +1,17 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction05 {
+  public static int main(String arg) {
+    int i = 0;
+    while (i < 10) {
+      int var1 = 10;
+      int j = 0;
+      while (j < 10) {
+        int var2 = 1;
+        j++;
+      }
+      i++;
+    }
+    return arg.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction06.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction06.java
new file mode 100644
index 00000000000..4eeb3173c81
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction06.java
@@ -0,0 +1,15 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction06 {
+  public static int main(String arg) {
+    int var1 = 1;
+    try {
+      int var2 = 2;
+      throw new RuntimeException("" + var1);
+    } catch (RuntimeException rte) {
+      int var3 = 3;
+      System.out.println("rte = " + rte.getMessage() + var3);
+    }
+    return arg.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction07.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction07.java
new file mode 100644
index 00000000000..6b3b6f04af1
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction07.java
@@ -0,0 +1,12 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction07 {
+  public static int main(String arg) {
+    int i = 10;
+    do {
+      int j = i + 12;
+      i--;
+    } while (i > 0);
+    return arg.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction08.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction08.java
new file mode 100644
index 00000000000..a06a4561a64
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction08.java
@@ -0,0 +1,13 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction08 {
+  public static int main(String arg) {
+    int var1 = 1;
+    {
+      int var2 = 2;
+      int var3 = 3;
+      int var4 = var2 + var3; // var4 is not in the LocalVariableTable because last statement of the scope
+    }
+    return arg.length();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction09.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction09.java
new file mode 100644
index 00000000000..fac032d858c
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction09.java
@@ -0,0 +1,25 @@
+package com.datadog.debugger.symbol;
+
+import java.util.function.Supplier;
+
+public class SymbolExtraction09 {
+  static int staticIntField = 42;
+  public static int main(String arg) {
+    int outside = 12;
+    int outside2 = 1337;
+    Supplier<Integer> lambda = () -> {
+      int var1 = 1;
+      return var1 + outside + staticIntField;
+    };
+    return lambda.get();
+  }
+
+  int intField = 42;
+  public int process() {
+    Supplier<Integer> supplier = () -> {
+      int var1 = 1;
+      return var1 + intField;
+    };
+    return supplier.get();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction10.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction10.java
new file mode 100644
index 00000000000..b1d6f28bea7
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction10.java
@@ -0,0 +1,16 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction10 {
+  public static int main(String arg) {
+    Inner winner = new Inner();
+    return winner.addTo(12);
+  }
+
+  static class Inner {
+    private final int field1 = 1;
+    public int addTo(int arg) {
+      int var1 = 2;
+      return var1 + arg;
+    }
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction11.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction11.java
new file mode 100644
index 00000000000..b4ba9ccd520
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction11.java
@@ -0,0 +1,13 @@
+package com.datadog.debugger.symbol;
+
+public class SymbolExtraction11 {
+  private final int field1 = 1;
+  public static int main(int arg) {
+    int var1 = 1;
+    if (arg == 42) {
+      int var2 = 2;
+      return var2;
+    }
+    return var1 + arg;
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction12.java b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction12.java
new file mode 100644
index 00000000000..330fbb1ae81
--- /dev/null
+++ b/dd-java-agent/agent-debugger/src/test/resources/com/datadog/debugger/symbol/SymbolExtraction12.java
@@ -0,0 +1,22 @@
+package com.datadog.debugger.symbol;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class SymbolExtraction12 {
+  public static int main(int arg) {
+    List<Integer> list = Arrays.asList(1, 2, 3);
+    int sum = list
+        .stream()
+        .mapToInt(x -> x + 1).map(x -> x - 12)
+        .sum();
+    return sum;
+  }
+
+  public static int foo(int arg) {
+    return Arrays.asList(1, 2, 3, 4)
+        .stream()
+        .mapToInt(x -> x + 1).map(x -> x - 12)
+        .sum();
+  }
+}
diff --git a/dd-java-agent/agent-debugger/src/test/resources/test_log_probe.json b/dd-java-agent/agent-debugger/src/test/resources/test_log_probe.json
index c52e5031e94..fc840be8e9f 100644
--- a/dd-java-agent/agent-debugger/src/test/resources/test_log_probe.json
+++ b/dd-java-agent/agent-debugger/src/test/resources/test_log_probe.json
@@ -18,7 +18,7 @@
       "typeName": "VetController",
       "methodName": "showVetList"
     },
-    "template": "this is a log line customized! uuid={uuid} result={result} garbageStart={garbageStart}",
+    "template": "this is a log line customized! uuid={uuid} result={result} garbageStart={garbageStart} contain={contains(arg, 'foo')}",
     "segments": [
       {
         "str": "this is a log line customized! uuid="
@@ -35,6 +35,11 @@
       }, {
         "dsl": "garbageStart",
         "json": {"ref": "garbageStart"}
+      }, {
+        "str": " contain="
+      }, {
+        "dsl": "contains(arg, 'foo')",
+        "json": {"contains": [{"ref": "arg"}, "foo"]}
       }
     ]
   }]
diff --git a/dd-java-agent/agent-iast/build.gradle b/dd-java-agent/agent-iast/build.gradle
index 4dfb4d9e3f0..068bbf5b61d 100644
--- a/dd-java-agent/agent-iast/build.gradle
+++ b/dd-java-agent/agent-iast/build.gradle
@@ -1,12 +1,46 @@
+import net.ltgt.gradle.errorprone.CheckSeverity
+
 plugins {
   id 'com.github.johnrengelman.shadow'
   id 'me.champeau.jmh'
   id 'java-test-fixtures'
+  id 'com.google.protobuf' version '0.8.18'
+  id 'net.ltgt.errorprone' version '3.1.0'
 }
 
 apply from: "$rootDir/gradle/java.gradle"
 apply from: "$rootDir/gradle/version.gradle"
 
+java {
+  toolchain {
+    languageVersion.set(JavaLanguageVersion.of(11))
+  }
+  sourceCompatibility = 1.8
+  targetCompatibility = 1.8
+}
+
+tasks.withType(AbstractCompile).configureEach {
+  // ensure no APIs beyond JDK8 are used
+  options.compilerArgs.addAll(['--release', '8'])
+}
+
+// First version with Mac M1 support
+def grpcVersion = '1.42.2'
+protobuf {
+  protoc {
+    // Download compiler rather than using locally installed version:
+    // First version with Mac M1 support
+    artifact = 'com.google.protobuf:protoc:3.17.3'
+  }
+  plugins {
+    // First version with aarch support
+    grpc { artifact = "io.grpc:protoc-gen-grpc-java:${grpcVersion}" }
+  }
+  generateProtoTasks {
+    all()*.plugins { grpc {} }
+  }
+}
+
 dependencies {
   api deps.slf4j
 
@@ -23,11 +57,18 @@ dependencies {
   testImplementation('org.skyscreamer:jsonassert:1.5.1')
   testImplementation('org.codehaus.groovy:groovy-yaml:3.0.17')
 
+  testImplementation group: 'io.grpc', name: 'grpc-core', version: grpcVersion
+  testImplementation group: 'io.grpc', name: 'grpc-protobuf', version: grpcVersion
+
   jmh project(':utils:test-utils')
   jmh project(':dd-trace-core')
   jmh project(':dd-java-agent:agent-builder')
   jmh project(':dd-java-agent:instrumentation:iast-instrumenter')
   jmh project(':dd-java-agent:instrumentation:java-lang')
+
+  compileOnly('org.jetbrains:annotations:24.0.0')
+  errorprone('com.uber.nullaway:nullaway:0.10.15')
+  errorprone('com.google.errorprone:error_prone_core:2.23.0')
 }
 
 shadowJar {
@@ -59,7 +100,6 @@ ext {
 tasks.withType(Test).configureEach {
   jvmArgs += ['-Ddd.iast.enabled=true']
 }
-def rootDir = project.rootDir
 spotless {
   java {
     target 'src/**/*.java'
@@ -75,3 +115,24 @@ pitest {
   targetClasses = ['com.datadog.iast.*']
   jvmArgs = ['-Ddd.iast.enabled=true']
 }
+
+sourceSets {
+  test {
+    java {
+      srcDirs += ["$buildDir/generated/source/proto/test/java"]
+    }
+  }
+}
+
+tasks.withType(JavaCompile).configureEach {
+  if (name == 'compileJava') {
+    options.errorprone {
+      check("NullAway", CheckSeverity.ERROR)
+      option("NullAway:AnnotatedPackages", "com.datadog.iast")
+      disableAllWarnings = true // only errors for now
+    }
+  } else {
+    // disable null away for test and jmh
+    options.errorprone.enabled = false
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderAppendBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderAppendBenchmark.java
index babe608c0f3..e4bb2ee9f46 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderAppendBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderAppendBenchmark.java
@@ -1,6 +1,6 @@
 package com.datadog.iast.propagation;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderBatchBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderBatchBenchmark.java
index 1d5f61a43bd..8bb5d4adb20 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderBatchBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderBatchBenchmark.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.propagation;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 import static java.util.concurrent.TimeUnit.MICROSECONDS;
 
 import com.datadog.iast.IastRequestContext;
@@ -34,8 +35,7 @@ protected StringBuilderBatchBenchmark.Context initializeContext() {
       final String value;
       if (current < limit) {
         value =
-            tainted(
-                context, UUID.randomUUID().toString(), new Range(3, 6, source(), Range.NOT_MARKED));
+            tainted(context, UUID.randomUUID().toString(), new Range(3, 6, source(), NOT_MARKED));
       } else {
         value = notTainted(UUID.randomUUID().toString());
       }
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderInitBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderInitBenchmark.java
index a3c832355dc..ec11b927ff2 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderInitBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderInitBenchmark.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.propagation;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
 import datadog.trace.instrumentation.java.lang.StringBuilderCallSite;
@@ -14,7 +16,7 @@ protected Context initializeContext() {
     final IastRequestContext context = new IastRequestContext();
     final String notTainted = notTainted("I am not a tainted string");
     final String tainted =
-        tainted(context, "I am a tainted string", new Range(3, 6, source(), Range.NOT_MARKED));
+        tainted(context, "I am a tainted string", new Range(3, 6, source(), NOT_MARKED));
     return new Context(context, notTainted, tainted);
   }
 
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderToStringBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderToStringBenchmark.java
index 707e9b04611..1a8468610a4 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderToStringBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringBuilderToStringBenchmark.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.propagation;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
 import datadog.trace.instrumentation.java.lang.StringBuilderCallSite;
@@ -18,7 +20,7 @@ protected Context initializeContext() {
         tainted(
             context,
             new StringBuilder("I am a tainted string builder"),
-            new Range(5, 7, source(), Range.NOT_MARKED));
+            new Range(5, 7, source(), NOT_MARKED));
     return new Context(context, notTaintedBuilder, taintedBuilder);
   }
 
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatBenchmark.java
index 4dded1b999e..0858263ff00 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatBenchmark.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.propagation;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
 import datadog.trace.instrumentation.java.lang.StringCallSite;
@@ -13,7 +15,7 @@ protected StringConcatBenchmark.Context initializeContext() {
     final IastRequestContext context = new IastRequestContext();
     final String notTainted = notTainted("I am not a tainted string");
     final String tainted =
-        tainted(context, "I am a tainted string", new Range(3, 5, source(), Range.NOT_MARKED));
+        tainted(context, "I am a tainted string", new Range(3, 5, source(), NOT_MARKED));
     return new StringConcatBenchmark.Context(context, notTainted, tainted);
   }
 
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBatchBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBatchBenchmark.java
index 42e1741f361..59f0353ec51 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBatchBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBatchBenchmark.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.propagation;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 import static java.util.concurrent.TimeUnit.MICROSECONDS;
 
 import com.datadog.iast.IastRequestContext;
@@ -54,7 +55,7 @@ protected StringConcatFactoryBatchBenchmark.Context initializeContext() {
       double current = i / (double) stringCount;
       final String value;
       if (current < limit) {
-        value = tainted(context, "Yep, tainted", new Range(3, 5, source(), Range.NOT_MARKED));
+        value = tainted(context, "Yep, tainted", new Range(3, 5, source(), NOT_MARKED));
       } else {
         value = notTainted("Nop, tainted");
       }
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBenchmark.java
index 6f99576fa56..9008bea3ad4 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringConcatFactoryBenchmark.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.propagation;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
 import datadog.trace.api.iast.InstrumentationBridge;
@@ -13,8 +15,7 @@ public class StringConcatFactoryBenchmark
   protected StringConcatFactoryBenchmark.Context initializeContext() {
     final IastRequestContext context = new IastRequestContext();
     final String notTainted = notTainted("Nop, tainted");
-    final String tainted =
-        tainted(context, "Yep, tainted", new Range(3, 5, source(), Range.NOT_MARKED));
+    final String tainted = tainted(context, "Yep, tainted", new Range(3, 5, source(), NOT_MARKED));
     return new StringConcatFactoryBenchmark.Context(context, notTainted, tainted);
   }
 
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringJoinBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringJoinBenchmark.java
index 5b7b4d87a69..3f8bb4b6cfd 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringJoinBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringJoinBenchmark.java
@@ -1,6 +1,6 @@
 package com.datadog.iast.propagation;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
diff --git a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringSubsequenceBenchmark.java b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringSubsequenceBenchmark.java
index 78e8f030be8..c8ba76a2add 100644
--- a/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringSubsequenceBenchmark.java
+++ b/dd-java-agent/agent-iast/src/jmh/java/com/datadog/iast/propagation/StringSubsequenceBenchmark.java
@@ -1,6 +1,6 @@
 package com.datadog.iast.propagation;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java
new file mode 100644
index 00000000000..e4df7602205
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java
@@ -0,0 +1,41 @@
+package com.datadog.iast;
+
+import com.datadog.iast.overhead.OverheadController;
+import datadog.trace.api.Config;
+import datadog.trace.util.stacktrace.StackWalker;
+import javax.annotation.Nonnull;
+
+public class Dependencies {
+
+  private final Config config;
+  private final Reporter reporter;
+  private final OverheadController overheadController;
+  private final StackWalker stackWalker;
+
+  public Dependencies(
+      @Nonnull final Config config,
+      @Nonnull final Reporter reporter,
+      @Nonnull final OverheadController overheadController,
+      @Nonnull final StackWalker stackWalker) {
+    this.config = config;
+    this.reporter = reporter;
+    this.overheadController = overheadController;
+    this.stackWalker = stackWalker;
+  }
+
+  public Config getConfig() {
+    return config;
+  }
+
+  public Reporter getReporter() {
+    return reporter;
+  }
+
+  public OverheadController getOverheadController() {
+    return overheadController;
+  }
+
+  public StackWalker getStackWalker() {
+    return stackWalker;
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/GrpcRequestMessageHandler.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/GrpcRequestMessageHandler.java
new file mode 100644
index 00000000000..8c167fbed7b
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/GrpcRequestMessageHandler.java
@@ -0,0 +1,43 @@
+package com.datadog.iast;
+
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.util.function.BiFunction;
+import javax.annotation.Nonnull;
+
+public class GrpcRequestMessageHandler implements BiFunction<RequestContext, Object, Flow<Void>> {
+
+  /**
+   * This will cover:
+   *
+   * <ul>
+   *   <li>com.google.protobuf.GeneratedMessage
+   *   <li>com.google.protobuf.GeneratedMessageV3
+   *   <li>com.google.protobuf.GeneratedMessageLite
+   * </ul>
+   */
+  private static final String GENERATED_MESSAGE = "com.google.protobuf.GeneratedMessage";
+
+  /** Maps map to this class that does not implement Map interface */
+  private static final String MAP_FIELD = "com.google.protobuf.MapField";
+
+  @Override
+  public Flow<Void> apply(final RequestContext ctx, final Object o) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null && o != null) {
+      final IastContext iastCtx = IastContext.Provider.get(ctx);
+      module.taintDeeply(
+          iastCtx, o, SourceTypes.GRPC_BODY, GrpcRequestMessageHandler::isProtobufArtifact);
+    }
+    return Flow.ResultFlow.empty();
+  }
+
+  static boolean isProtobufArtifact(@Nonnull final Class<?> kls) {
+    return kls.getSuperclass().getName().startsWith(GENERATED_MESSAGE)
+        || MAP_FIELD.equals(kls.getName());
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/HasDependencies.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/HasDependencies.java
deleted file mode 100644
index 9e1d7cf758f..00000000000
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/HasDependencies.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package com.datadog.iast;
-
-import com.datadog.iast.overhead.OverheadController;
-import datadog.trace.api.Config;
-import datadog.trace.util.stacktrace.StackWalker;
-import javax.annotation.Nonnull;
-
-public interface HasDependencies {
-
-  void registerDependencies(@Nonnull Dependencies dependencies);
-
-  class Dependencies {
-    private final Config config;
-    private final Reporter reporter;
-    private final OverheadController overheadController;
-    private final StackWalker stackWalker;
-
-    public Dependencies(
-        @Nonnull final Config config,
-        @Nonnull final Reporter reporter,
-        @Nonnull final OverheadController overheadController,
-        @Nonnull final StackWalker stackWalker) {
-      this.config = config;
-      this.reporter = reporter;
-      this.overheadController = overheadController;
-      this.stackWalker = stackWalker;
-    }
-
-    public Config getConfig() {
-      return config;
-    }
-
-    public Reporter getReporter() {
-      return reporter;
-    }
-
-    public OverheadController getOverheadController() {
-      return overheadController;
-    }
-
-    public StackWalker getStackWalker() {
-      return stackWalker;
-    }
-  }
-}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastRequestContext.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastRequestContext.java
index d6d79978118..15817bde263 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastRequestContext.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastRequestContext.java
@@ -4,21 +4,25 @@
 import com.datadog.iast.overhead.OverheadContext;
 import com.datadog.iast.taint.TaintedObjects;
 import datadog.trace.api.gateway.RequestContext;
-import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.telemetry.IastMetricCollector;
 import datadog.trace.api.iast.telemetry.IastMetricCollector.HasMetricCollector;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import java.util.concurrent.atomic.AtomicBoolean;
+import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
-public class IastRequestContext implements HasMetricCollector {
+public class IastRequestContext implements IastContext, HasMetricCollector {
 
   private final VulnerabilityBatch vulnerabilityBatch;
   private final AtomicBoolean spanDataIsSet;
   private final TaintedObjects taintedObjects;
   private final OverheadContext overheadContext;
-  private final IastMetricCollector collector;
+  @Nullable private final IastMetricCollector collector;
+  @Nullable private volatile String strictTransportSecurity;
+  @Nullable private volatile String xContentTypeOptions;
+  @Nullable private volatile String xForwardedProto;
+  @Nullable private volatile String contentType;
 
   public IastRequestContext() {
     this(TaintedObjects.acquire(), null);
@@ -29,7 +33,7 @@ public IastRequestContext(final TaintedObjects taintedObjects) {
   }
 
   public IastRequestContext(
-      final TaintedObjects taintedObjects, final IastMetricCollector collector) {
+      final TaintedObjects taintedObjects, @Nullable final IastMetricCollector collector) {
     this.vulnerabilityBatch = new VulnerabilityBatch();
     this.spanDataIsSet = new AtomicBoolean(false);
     this.overheadContext = new OverheadContext();
@@ -41,6 +45,42 @@ public VulnerabilityBatch getVulnerabilityBatch() {
     return vulnerabilityBatch;
   }
 
+  @Nullable
+  public String getStrictTransportSecurity() {
+    return strictTransportSecurity;
+  }
+
+  public void setStrictTransportSecurity(final String strictTransportSecurity) {
+    this.strictTransportSecurity = strictTransportSecurity;
+  }
+
+  @Nullable
+  public String getxContentTypeOptions() {
+    return xContentTypeOptions;
+  }
+
+  public void setxContentTypeOptions(final String xContentTypeOptions) {
+    this.xContentTypeOptions = xContentTypeOptions;
+  }
+
+  @Nullable
+  public String getxForwardedProto() {
+    return xForwardedProto;
+  }
+
+  public void setxForwardedProto(final String xForwardedProto) {
+    this.xForwardedProto = xForwardedProto;
+  }
+
+  @Nullable
+  public String getContentType() {
+    return contentType;
+  }
+
+  public void setContentType(final String contentType) {
+    this.contentType = contentType;
+  }
+
   public boolean getAndSetSpanDataIsSet() {
     return spanDataIsSet.getAndSet(true);
   }
@@ -49,6 +89,7 @@ public OverheadContext getOverheadContext() {
     return overheadContext;
   }
 
+  @Nonnull
   public TaintedObjects getTaintedObjects() {
     return taintedObjects;
   }
@@ -61,22 +102,21 @@ public IastMetricCollector getMetricCollector() {
 
   @Nullable
   public static IastRequestContext get() {
-    return get(AgentTracer.activeSpan());
+    return asRequestContext(IastContext.Provider.get());
   }
 
   @Nullable
   public static IastRequestContext get(final AgentSpan span) {
-    if (span == null) {
-      return null;
-    }
-    return get(span.getRequestContext());
+    return asRequestContext(IastContext.Provider.get(span));
   }
 
   @Nullable
   public static IastRequestContext get(final RequestContext reqCtx) {
-    if (reqCtx == null) {
-      return null;
-    }
-    return reqCtx.getData(RequestContextSlot.IAST);
+    return asRequestContext(IastContext.Provider.get(reqCtx));
+  }
+
+  @Nullable
+  private static IastRequestContext asRequestContext(final IastContext ctx) {
+    return ctx instanceof IastRequestContext ? (IastRequestContext) ctx : null;
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java
index df7c8b5cd58..589b2dfc80e 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java
@@ -1,11 +1,11 @@
 package com.datadog.iast;
 
-import com.datadog.iast.HasDependencies.Dependencies;
 import com.datadog.iast.overhead.OverheadController;
 import com.datadog.iast.propagation.FastCodecModule;
 import com.datadog.iast.propagation.PropagationModuleImpl;
 import com.datadog.iast.propagation.StringModuleImpl;
 import com.datadog.iast.sink.CommandInjectionModuleImpl;
+import com.datadog.iast.sink.HstsMissingHeaderModuleImpl;
 import com.datadog.iast.sink.HttpResponseHeaderModuleImpl;
 import com.datadog.iast.sink.InsecureCookieModuleImpl;
 import com.datadog.iast.sink.LdapInjectionModuleImpl;
@@ -19,13 +19,14 @@
 import com.datadog.iast.sink.WeakCipherModuleImpl;
 import com.datadog.iast.sink.WeakHashModuleImpl;
 import com.datadog.iast.sink.WeakRandomnessModuleImpl;
+import com.datadog.iast.sink.XContentTypeModuleImpl;
 import com.datadog.iast.sink.XPathInjectionModuleImpl;
 import com.datadog.iast.sink.XssModuleImpl;
-import com.datadog.iast.source.WebModuleImpl;
 import com.datadog.iast.telemetry.TelemetryRequestEndedHandler;
 import com.datadog.iast.telemetry.TelemetryRequestStartedHandler;
 import datadog.trace.api.Config;
 import datadog.trace.api.ProductActivation;
+import datadog.trace.api.function.TriConsumer;
 import datadog.trace.api.gateway.EventType;
 import datadog.trace.api.gateway.Events;
 import datadog.trace.api.gateway.Flow;
@@ -38,9 +39,9 @@
 import datadog.trace.util.AgentTaskScheduler;
 import datadog.trace.util.stacktrace.StackWalkerFactory;
 import java.util.function.BiFunction;
-import java.util.function.Consumer;
 import java.util.function.Supplier;
 import java.util.stream.Stream;
+import javax.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -53,7 +54,8 @@ public static void start(final SubscriptionService ss) {
     start(ss, null);
   }
 
-  public static void start(final SubscriptionService ss, OverheadController overheadController) {
+  public static void start(
+      final SubscriptionService ss, @Nullable OverheadController overheadController) {
     final Config config = Config.get();
     if (config.getIastActivation() != ProductActivation.FULLY_ENABLED) {
       LOGGER.debug("IAST is disabled");
@@ -68,43 +70,37 @@ public static void start(final SubscriptionService ss, OverheadController overhe
     final Dependencies dependencies =
         new Dependencies(config, reporter, overheadController, StackWalkerFactory.INSTANCE);
     final boolean addTelemetry = config.getIastTelemetryVerbosity() != Verbosity.OFF;
-    iastModules().forEach(registerModule(dependencies));
+    iastModules(dependencies).forEach(InstrumentationBridge::registerIastModule);
     registerRequestStartedCallback(ss, addTelemetry, dependencies);
     registerRequestEndedCallback(ss, addTelemetry, dependencies);
+    registerHeadersCallback(ss);
+    registerGrpcServerRequestMessageCallback(ss);
     LOGGER.debug("IAST started");
   }
 
-  private static Consumer<IastModule> registerModule(final Dependencies dependencies) {
-    return module -> {
-      if (module instanceof HasDependencies) {
-        ((HasDependencies) module).registerDependencies(dependencies);
-      }
-      InstrumentationBridge.registerIastModule(module);
-    };
-  }
-
-  private static Stream<IastModule> iastModules() {
+  private static Stream<IastModule> iastModules(final Dependencies dependencies) {
     return Stream.of(
-        new WebModuleImpl(),
         new StringModuleImpl(),
         new FastCodecModule(),
-        new SqlInjectionModuleImpl(),
-        new PathTraversalModuleImpl(),
-        new CommandInjectionModuleImpl(),
-        new WeakCipherModuleImpl(),
-        new WeakHashModuleImpl(),
-        new LdapInjectionModuleImpl(),
+        new SqlInjectionModuleImpl(dependencies),
+        new PathTraversalModuleImpl(dependencies),
+        new CommandInjectionModuleImpl(dependencies),
+        new WeakCipherModuleImpl(dependencies),
+        new WeakHashModuleImpl(dependencies),
+        new LdapInjectionModuleImpl(dependencies),
         new PropagationModuleImpl(),
-        new HttpResponseHeaderModuleImpl(),
+        new HttpResponseHeaderModuleImpl(dependencies),
+        new HstsMissingHeaderModuleImpl(dependencies),
         new InsecureCookieModuleImpl(),
         new NoHttpOnlyCookieModuleImpl(),
+        new XContentTypeModuleImpl(dependencies),
         new NoSameSiteCookieModuleImpl(),
-        new SsrfModuleImpl(),
-        new UnvalidatedRedirectModuleImpl(),
-        new WeakRandomnessModuleImpl(),
-        new XPathInjectionModuleImpl(),
-        new TrustBoundaryViolationModuleImpl(),
-        new XssModuleImpl());
+        new SsrfModuleImpl(dependencies),
+        new UnvalidatedRedirectModuleImpl(dependencies),
+        new WeakRandomnessModuleImpl(dependencies),
+        new XPathInjectionModuleImpl(dependencies),
+        new TrustBoundaryViolationModuleImpl(dependencies),
+        new XssModuleImpl(dependencies));
   }
 
   private static void registerRequestStartedCallback(
@@ -124,4 +120,15 @@ private static void registerRequestEndedCallback(
     final RequestEndedHandler handler = new RequestEndedHandler(dependencies);
     ss.registerCallback(event, addTelemetry ? new TelemetryRequestEndedHandler(handler) : handler);
   }
+
+  private static void registerHeadersCallback(final SubscriptionService ss) {
+    final EventType<TriConsumer<RequestContext, String, String>> event =
+        Events.get().requestHeader();
+    final TriConsumer<RequestContext, String, String> handler = new RequestHeaderHandler();
+    ss.registerCallback(event, handler);
+  }
+
+  private static void registerGrpcServerRequestMessageCallback(final SubscriptionService ss) {
+    ss.registerCallback(Events.get().grpcServerRequestMessage(), new GrpcRequestMessageHandler());
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Reporter.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Reporter.java
index df2a732e2a0..bb4f3436a27 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Reporter.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Reporter.java
@@ -4,6 +4,7 @@
 
 import com.datadog.iast.model.Vulnerability;
 import com.datadog.iast.model.VulnerabilityBatch;
+import com.datadog.iast.taint.TaintedObjects;
 import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.gateway.RequestContext;
@@ -29,7 +30,7 @@ public class Reporter {
     this(Config.get(), null);
   }
 
-  public Reporter(final Config config, final AgentTaskScheduler taskScheduler) {
+  public Reporter(final Config config, @Nullable final AgentTaskScheduler taskScheduler) {
     this(
         config.isIastDeduplicationEnabled()
             ? new HashBasedDeduplication(taskScheduler)
@@ -41,10 +42,13 @@ public Reporter(final Config config, final AgentTaskScheduler taskScheduler) {
   }
 
   public void report(@Nullable final AgentSpan span, @Nonnull final Vulnerability vulnerability) {
+    if (duplicated.test(vulnerability)) {
+      return;
+    }
     if (span == null) {
       final AgentSpan newSpan = startNewSpan();
       try (final AgentScope autoClosed = tracer().activateSpan(newSpan, ScopeSource.MANUAL)) {
-        vulnerability.getLocation().updateSpan(newSpan.getSpanId());
+        vulnerability.updateSpan(newSpan);
         reportVulnerability(newSpan, vulnerability);
       } finally {
         newSpan.finish();
@@ -64,9 +68,6 @@ private void reportVulnerability(
     if (ctx == null) {
       return;
     }
-    if (duplicated.test(vulnerability)) {
-      return;
-    }
     final VulnerabilityBatch batch = ctx.getVulnerabilityBatch();
     batch.add(vulnerability);
     if (!ctx.getAndSetSpanDataIsSet()) {
@@ -81,7 +82,8 @@ private void reportVulnerability(
 
   private AgentSpan startNewSpan() {
     final AgentSpan.Context tagContext =
-        new TagContext().withRequestContextDataIast(new IastRequestContext());
+        new TagContext()
+            .withRequestContextDataIast(new IastRequestContext(TaintedObjects.NoOp.INSTANCE));
     final AgentSpan span =
         tracer()
             .startSpan("iast", VULNERABILITY_SPAN_NAME, tagContext)
@@ -106,11 +108,11 @@ protected static class HashBasedDeduplication implements Predicate<Vulnerability
 
     private final Set<Long> hashes;
 
-    public HashBasedDeduplication(final AgentTaskScheduler taskScheduler) {
+    public HashBasedDeduplication(@Nullable final AgentTaskScheduler taskScheduler) {
       this(DEFAULT_MAX_SIZE, taskScheduler);
     }
 
-    HashBasedDeduplication(final int size, final AgentTaskScheduler taskScheduler) {
+    HashBasedDeduplication(final int size, @Nullable final AgentTaskScheduler taskScheduler) {
       maxSize = size;
       hashes = ConcurrentHashMap.newKeySet(size);
       if (taskScheduler != null) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestEndedHandler.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestEndedHandler.java
index 1dcadd078d5..fc2c9a18975 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestEndedHandler.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestEndedHandler.java
@@ -3,12 +3,13 @@
 import static com.datadog.iast.IastTag.ANALYZED;
 import static com.datadog.iast.IastTag.SKIPPED;
 
-import com.datadog.iast.HasDependencies.Dependencies;
 import com.datadog.iast.overhead.OverheadController;
 import com.datadog.iast.taint.TaintedObjects;
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.IGSpanInfo;
 import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.sink.HttpRequestEndModule;
 import datadog.trace.api.internal.TraceSegment;
 import java.util.function.BiFunction;
 import javax.annotation.Nonnull;
@@ -26,6 +27,11 @@ public Flow<Void> apply(final RequestContext requestContext, final IGSpanInfo ig
     final TraceSegment traceSegment = requestContext.getTraceSegment();
     final IastRequestContext iastRequestContext = IastRequestContext.get(requestContext);
     if (iastRequestContext != null) {
+      for (HttpRequestEndModule module : requestEndModules()) {
+        if (module != null) {
+          module.onRequestEnd(iastRequestContext, igSpanInfo);
+        }
+      }
       try {
         ANALYZED.setTagTop(traceSegment);
         final TaintedObjects taintedObjects = iastRequestContext.getTaintedObjects();
@@ -40,4 +46,11 @@ public Flow<Void> apply(final RequestContext requestContext, final IGSpanInfo ig
     }
     return Flow.ResultFlow.empty();
   }
+
+  private HttpRequestEndModule[] requestEndModules() {
+    return new HttpRequestEndModule[] {
+      InstrumentationBridge.HSTS_MISSING_HEADER_MODULE,
+      InstrumentationBridge.X_CONTENT_TYPE_HEADER_MODULE
+    };
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestHeaderHandler.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestHeaderHandler.java
new file mode 100644
index 00000000000..4effb6408c5
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestHeaderHandler.java
@@ -0,0 +1,21 @@
+package com.datadog.iast;
+
+import com.datadog.iast.util.HttpHeader;
+import com.datadog.iast.util.HttpHeader.ContextAwareHeader;
+import datadog.trace.api.function.TriConsumer;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+
+public class RequestHeaderHandler implements TriConsumer<RequestContext, String, String> {
+
+  @Override
+  public void accept(RequestContext requestContext, String key, String value) {
+    final IastRequestContext ctx = requestContext.getData(RequestContextSlot.IAST);
+    if (null != ctx && key != null) {
+      final HttpHeader header = HttpHeader.from(key);
+      if (header instanceof ContextAwareHeader) {
+        ((ContextAwareHeader) header).onHeader(ctx, value);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestStartedHandler.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestStartedHandler.java
index 9c680717743..4d5c851f52c 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestStartedHandler.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/RequestStartedHandler.java
@@ -1,6 +1,5 @@
 package com.datadog.iast;
 
-import com.datadog.iast.HasDependencies.Dependencies;
 import com.datadog.iast.overhead.OverheadController;
 import datadog.trace.api.gateway.Flow;
 import java.util.function.Supplier;
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Evidence.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Evidence.java
index 65b2f78e374..c4dc17d27e5 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Evidence.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Evidence.java
@@ -17,6 +17,8 @@ public final class Evidence {
   private final transient @Nonnull Context context = new Evidence.Context(4);
 
   /** For deserialization in tests via moshi */
+  @Deprecated
+  @SuppressWarnings({"NullAway", "DataFlowIssue", "unused"})
   private Evidence() {
     this(null, null);
   }
@@ -25,15 +27,17 @@ public Evidence(final String value) {
     this(value, null);
   }
 
-  public Evidence(final String value, final Range[] ranges) {
+  public Evidence(@Nonnull final String value, @Nullable final Range[] ranges) {
     this.value = value;
     this.ranges = ranges;
   }
 
+  @Nonnull
   public String getValue() {
     return value;
   }
 
+  @Nullable
   public Range[] getRanges() {
     return ranges;
   }
@@ -76,6 +80,7 @@ public boolean put(final String key, final Object value) {
       return true;
     }
 
+    @Nullable
     @SuppressWarnings("unchecked")
     public <E> E get(@Nonnull final String key) {
       return (E) context.get(key);
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Location.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Location.java
index a6919aed2c8..1dbe22b545d 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Location.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Location.java
@@ -1,35 +1,62 @@
 package com.datadog.iast.model;
 
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import javax.annotation.Nullable;
+
 public final class Location {
 
-  private final String path;
+  @Nullable private final String path;
 
   private final int line;
 
-  private final String method;
+  @Nullable private final String method;
+
+  @Nullable private Long spanId;
 
-  private Long spanId;
+  @Nullable private transient String serviceName;
 
-  private Location(final long spanId, final String path, final int line, final String method) {
-    this.spanId = spanId == 0 ? null : spanId;
+  private Location(
+      @Nullable final Long spanId,
+      @Nullable final String path,
+      final int line,
+      @Nullable final String method,
+      @Nullable final String serviceName) {
+    this.spanId = spanId;
     this.path = path;
     this.line = line;
     this.method = method;
+    this.serviceName = serviceName;
   }
 
-  public static Location forSpanAndStack(final long spanId, final StackTraceElement stack) {
-    return new Location(spanId, stack.getClassName(), stack.getLineNumber(), stack.getMethodName());
+  public static Location forSpanAndStack(
+      @Nullable final AgentSpan span, final StackTraceElement stack) {
+    return new Location(
+        spanId(span),
+        stack.getClassName(),
+        stack.getLineNumber(),
+        stack.getMethodName(),
+        serviceName(span));
   }
 
   public static Location forSpanAndClassAndMethod(
-      final long spanId, final String clazz, final String method) {
-    return new Location(spanId, clazz, -1, method);
+      final AgentSpan span, final String clazz, final String method) {
+    return new Location(spanId(span), clazz, -1, method, serviceName(span));
+  }
+
+  public static Location forSpanAndFileAndLine(
+      final AgentSpan span, final String file, final int line) {
+    return new Location(spanId(span), file, line, null, serviceName(span));
+  }
+
+  public static Location forSpan(final AgentSpan span) {
+    return new Location(spanId(span), null, -1, null, serviceName(span));
   }
 
   public long getSpanId() {
     return spanId == null ? 0 : spanId;
   }
 
+  @Nullable
   public String getPath() {
     return path;
   }
@@ -38,11 +65,30 @@ public int getLine() {
     return line;
   }
 
+  @Nullable
   public String getMethod() {
     return method;
   }
 
-  public void updateSpan(final long spanId) {
-    this.spanId = spanId;
+  @Nullable
+  public String getServiceName() {
+    return serviceName;
+  }
+
+  public void updateSpan(@Nullable final AgentSpan span) {
+    if (span != null) {
+      this.spanId = span.getSpanId();
+      this.serviceName = span.getServiceName();
+    }
+  }
+
+  @Nullable
+  private static Long spanId(@Nullable AgentSpan span) {
+    return span != null ? span.getSpanId() : null;
+  }
+
+  @Nullable
+  private static String serviceName(@Nullable AgentSpan span) {
+    return span != null ? span.getServiceName() : null;
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Range.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Range.java
index 97caac40bd3..a8e1d43b28a 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Range.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Range.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.model;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
 import com.datadog.iast.model.json.SourceIndex;
 import com.datadog.iast.util.Ranged;
 import java.util.Objects;
@@ -9,8 +11,6 @@
 
 public final class Range implements Ranged {
 
-  public static final int NOT_MARKED = 0;
-
   private final @Nonnegative int start;
   private final @Nonnegative int length;
   private final @Nonnull @SourceIndex Source source;
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Source.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Source.java
index 6dc5956adc7..31acd483a7a 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Source.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Source.java
@@ -5,13 +5,19 @@
 import datadog.trace.api.iast.Taintable;
 import java.util.Objects;
 import java.util.StringJoiner;
+import javax.annotation.Nullable;
 
 public final class Source implements Taintable.Source {
   private final @SourceTypeString byte origin;
-  private final String name;
-  private final String value;
+  @Nullable private final String name;
+  @Nullable private final String value;
 
-  public Source(final byte origin, final String name, final String value) {
+  public Source(
+      final byte origin, @Nullable final CharSequence name, @Nullable final CharSequence value) {
+    this(origin, name == null ? null : name.toString(), value == null ? null : value.toString());
+  }
+
+  public Source(final byte origin, @Nullable final String name, @Nullable final String value) {
     this.origin = origin;
     this.name = name;
     this.value = value;
@@ -23,11 +29,13 @@ public byte getOrigin() {
   }
 
   @Override
+  @Nullable
   public String getName() {
     return name;
   }
 
   @Override
+  @Nullable
   public String getValue() {
     return value;
   }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Vulnerability.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Vulnerability.java
index 26db8a7d7e7..97ecf815775 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Vulnerability.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Vulnerability.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.model;
 
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
@@ -11,24 +12,29 @@ public final class Vulnerability {
 
   private final @Nullable Evidence evidence;
 
-  private final long hash;
+  private long hash;
 
   public Vulnerability(
-      final VulnerabilityType type, final Location location, final Evidence evidence) {
+      @Nonnull final VulnerabilityType type,
+      @Nonnull final Location location,
+      @Nullable final Evidence evidence) {
     this.type = type;
     this.location = location;
     this.evidence = evidence;
     this.hash = type.calculateHash(this);
   }
 
+  @Nonnull
   public VulnerabilityType getType() {
     return type;
   }
 
+  @Nonnull
   public Location getLocation() {
     return location;
   }
 
+  @Nullable
   public Evidence getEvidence() {
     return evidence;
   }
@@ -37,6 +43,15 @@ public long getHash() {
     return hash;
   }
 
+  public void updateSpan(final AgentSpan newSpan) {
+    if (newSpan != null) {
+      location.updateSpan(newSpan);
+      if (type instanceof VulnerabilityType.HeaderVulnerabilityType) {
+        hash = type.calculateHash(this);
+      }
+    }
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityBatch.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityBatch.java
index 17f59fbdd7c..fa5193b0a00 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityBatch.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityBatch.java
@@ -3,12 +3,13 @@
 import com.datadog.iast.model.json.VulnerabilityEncoding;
 import java.util.ArrayList;
 import java.util.List;
+import javax.annotation.Nullable;
 
 /** Collects vulnerabilities and serializes to JSON lazily on {@link #toString()}. */
 public final class VulnerabilityBatch {
 
-  private List<Vulnerability> vulnerabilities;
-  private volatile String json;
+  @Nullable private List<Vulnerability> vulnerabilities;
+  @Nullable private volatile String json;
 
   public void add(final Vulnerability v) {
     synchronized (this) {
@@ -21,6 +22,7 @@ public void add(final Vulnerability v) {
   }
 
   /** Internal list of vulnerabilities. Not thread-safe. */
+  @Nullable
   public List<Vulnerability> getVulnerabilities() {
     return vulnerabilities;
   }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
index 6b204720c96..ae1d25ddfb3 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
@@ -1,60 +1,69 @@
 package com.datadog.iast.model;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 
 import datadog.trace.api.iast.VulnerabilityMarks;
 import datadog.trace.api.iast.VulnerabilityTypes;
 import java.io.File;
+import java.nio.charset.StandardCharsets;
 import java.util.zip.CRC32;
 import javax.annotation.Nonnull;
 
 public interface VulnerabilityType {
   VulnerabilityType WEAK_CIPHER =
-      new VulnerabilityTypeImpl(VulnerabilityTypes.WEAK_CIPHER, NOT_MARKED);
-  VulnerabilityType WEAK_HASH = new VulnerabilityTypeImpl(VulnerabilityTypes.WEAK_HASH, NOT_MARKED);
+      new VulnerabilityTypeImpl(VulnerabilityTypes.WEAK_CIPHER_STRING, NOT_MARKED);
+  VulnerabilityType WEAK_HASH =
+      new VulnerabilityTypeImpl(VulnerabilityTypes.WEAK_HASH_STRING, NOT_MARKED);
   VulnerabilityType INSECURE_COOKIE =
-      new VulnerabilityTypeImpl(VulnerabilityTypes.INSECURE_COOKIE, NOT_MARKED);
+      new CookieVulnerabilityType(VulnerabilityTypes.INSECURE_COOKIE_STRING, NOT_MARKED);
   VulnerabilityType NO_HTTPONLY_COOKIE =
-      new VulnerabilityTypeImpl(VulnerabilityTypes.NO_HTTPONLY_COOKIE, NOT_MARKED);
+      new CookieVulnerabilityType(VulnerabilityTypes.NO_HTTPONLY_COOKIE_STRING, NOT_MARKED);
+  VulnerabilityType HSTS_HEADER_MISSING =
+      new HeaderVulnerabilityType(VulnerabilityTypes.HSTS_HEADER_MISSING_STRING, NOT_MARKED);
+  VulnerabilityType XCONTENTTYPE_HEADER_MISSING =
+      new HeaderVulnerabilityType(
+          VulnerabilityTypes.XCONTENTTYPE_HEADER_MISSING_STRING, NOT_MARKED);
   VulnerabilityType NO_SAMESITE_COOKIE =
-      new VulnerabilityTypeImpl(VulnerabilityTypes.NO_SAMESITE_COOKIE, NOT_MARKED);
+      new CookieVulnerabilityType(VulnerabilityTypes.NO_SAMESITE_COOKIE_STRING, NOT_MARKED);
 
   InjectionType SQL_INJECTION =
       new InjectionTypeImpl(
-          VulnerabilityTypes.SQL_INJECTION, VulnerabilityMarks.SQL_INJECTION_MARK, ' ');
+          VulnerabilityTypes.SQL_INJECTION_STRING, VulnerabilityMarks.SQL_INJECTION_MARK, ' ');
   InjectionType COMMAND_INJECTION =
       new InjectionTypeImpl(
-          VulnerabilityTypes.COMMAND_INJECTION, VulnerabilityMarks.COMMAND_INJECTION_MARK, ' ');
+          VulnerabilityTypes.COMMAND_INJECTION_STRING,
+          VulnerabilityMarks.COMMAND_INJECTION_MARK,
+          ' ');
   InjectionType PATH_TRAVERSAL =
       new InjectionTypeImpl(
-          VulnerabilityTypes.PATH_TRAVERSAL,
+          VulnerabilityTypes.PATH_TRAVERSAL_STRING,
           VulnerabilityMarks.PATH_TRAVERSAL_MARK,
           File.separatorChar);
   InjectionType LDAP_INJECTION =
       new InjectionTypeImpl(
-          VulnerabilityTypes.LDAP_INJECTION, VulnerabilityMarks.LDAP_INJECTION_MARK, ' ');
+          VulnerabilityTypes.LDAP_INJECTION_STRING, VulnerabilityMarks.LDAP_INJECTION_MARK, ' ');
   InjectionType SSRF =
-      new InjectionTypeImpl(VulnerabilityTypes.SSRF, VulnerabilityMarks.SSRF_MARK, ' ');
+      new InjectionTypeImpl(VulnerabilityTypes.SSRF_STRING, VulnerabilityMarks.SSRF_MARK, ' ');
   InjectionType UNVALIDATED_REDIRECT =
       new InjectionTypeImpl(
-          VulnerabilityTypes.UNVALIDATED_REDIRECT,
+          VulnerabilityTypes.UNVALIDATED_REDIRECT_STRING,
           VulnerabilityMarks.UNVALIDATED_REDIRECT_MARK,
           ' ');
   VulnerabilityType WEAK_RANDOMNESS =
-      new VulnerabilityTypeImpl(VulnerabilityTypes.WEAK_RANDOMNESS, NOT_MARKED);
+      new VulnerabilityTypeImpl(VulnerabilityTypes.WEAK_RANDOMNESS_STRING, NOT_MARKED);
 
   InjectionType XPATH_INJECTION =
       new InjectionTypeImpl(
-          VulnerabilityTypes.XPATH_INJECTION, VulnerabilityMarks.XPATH_INJECTION_MARK, ' ');
+          VulnerabilityTypes.XPATH_INJECTION_STRING, VulnerabilityMarks.XPATH_INJECTION_MARK, ' ');
 
   InjectionType TRUST_BOUNDARY_VIOLATION =
       new InjectionTypeImpl(
-          VulnerabilityTypes.TRUST_BOUNDARY_VIOLATION,
+          VulnerabilityTypes.TRUST_BOUNDARY_VIOLATION_STRING,
           VulnerabilityMarks.TRUST_BOUNDARY_VIOLATION,
           ' ');
 
   InjectionType XSS =
-      new InjectionTypeImpl(VulnerabilityTypes.XSS, VulnerabilityMarks.XSS_MARK, ' ');
+      new InjectionTypeImpl(VulnerabilityTypes.XSS_STRING, VulnerabilityMarks.XSS_MARK, ' ');
 
   String name();
 
@@ -91,17 +100,24 @@ public int mark() {
     @Override
     public long calculateHash(@Nonnull final Vulnerability vulnerability) {
       CRC32 crc = new CRC32();
-      crc.update(name().getBytes());
+      update(crc, name());
       final Location location = vulnerability.getLocation();
       if (location != null) {
         crc.update(location.getLine());
-        crc.update(location.getPath().getBytes());
+        if (location.getPath() != null) {
+          update(crc, location.getPath());
+        }
         if (location.getLine() <= -1 && location.getMethod() != null) {
-          crc.update(location.getMethod().getBytes());
+          update(crc, location.getMethod());
         }
       }
       return crc.getValue();
     }
+
+    protected void update(final CRC32 crc, final String value) {
+      final byte[] bytes = value.getBytes(StandardCharsets.UTF_8);
+      crc.update(bytes, 0, bytes.length);
+    }
   }
 
   class InjectionTypeImpl extends VulnerabilityTypeImpl implements InjectionType {
@@ -118,4 +134,38 @@ public char evidenceSeparator() {
       return evidenceSeparator;
     }
   }
+
+  class HeaderVulnerabilityType extends VulnerabilityTypeImpl {
+    public HeaderVulnerabilityType(@Nonnull String name, int vulnerabilityMark) {
+      super(name, vulnerabilityMark);
+    }
+
+    @Override
+    public long calculateHash(@Nonnull final Vulnerability vulnerability) {
+      CRC32 crc = new CRC32();
+      update(crc, name());
+      String serviceName = vulnerability.getLocation().getServiceName();
+      if (serviceName != null) {
+        update(crc, serviceName);
+      }
+      return crc.getValue();
+    }
+  }
+
+  class CookieVulnerabilityType extends VulnerabilityTypeImpl {
+    public CookieVulnerabilityType(@Nonnull String name, int vulnerabilityMark) {
+      super(name, vulnerabilityMark);
+    }
+
+    @Override
+    public long calculateHash(@Nonnull final Vulnerability vulnerability) {
+      CRC32 crc = new CRC32();
+      update(crc, name());
+      final Evidence evidence = vulnerability.getEvidence();
+      if (evidence != null) {
+        update(crc, evidence.getValue());
+      }
+      return crc.getValue();
+    }
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/AdapterFactory.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/AdapterFactory.java
index e94b8e5ce60..b62e74388ae 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/AdapterFactory.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/AdapterFactory.java
@@ -37,7 +37,7 @@ static class Context {
     final List<Source> sources;
     final Map<Source, Integer> sourceIndexMap;
     final Map<Source, RedactionContext> sourceContext;
-    Vulnerability vulnerability;
+    @Nullable Vulnerability vulnerability;
 
     public Context() {
       sources = new ArrayList<>();
@@ -73,7 +73,7 @@ public JsonAdapter<?> create(
       if (hasSourceIndexAnnotation(annotations)) {
         return new SourceIndexAdapter();
       } else {
-        return new SourceAdapter(this, moshi);
+        return new SourceAdapter();
       }
     } else if (VulnerabilityBatch.class.equals(rawType)) {
       return new VulnerabilityBatchAdapter(moshi);
@@ -83,6 +83,8 @@ public JsonAdapter<?> create(
       return new EvidenceAdapter(moshi);
     } else if (VulnerabilityType.class.equals(rawType)) {
       return new VulnerabilityTypeAdapter();
+    } else if (TruncatedVulnerabilities.class.equals(rawType)) {
+      return new TruncatedVulnerabilitiesAdapter(moshi);
     }
     return null;
   }
@@ -181,7 +183,7 @@ public static class RedactionContext {
     private final Source source;
     private final boolean sensitive;
     private boolean sensitiveRanges;
-    private String redactedValue;
+    @Nullable private String redactedValue;
 
     public RedactionContext(final Source source) {
       this.source = source;
@@ -204,6 +206,7 @@ public boolean shouldRedact() {
       return sensitive || sensitiveRanges;
     }
 
+    @Nullable
     public String getRedactedValue() {
       return redactedValue;
     }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/EvidenceAdapter.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/EvidenceAdapter.java
index a14e47db13d..9c78f11ed81 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/EvidenceAdapter.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/EvidenceAdapter.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.model.json;
 
+import static com.datadog.iast.model.json.TruncationUtils.writeTruncableValue;
+
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.Range;
 import com.datadog.iast.model.Source;
@@ -29,9 +31,13 @@
 import java.util.stream.Collectors;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class EvidenceAdapter extends FormattingAdapter<Evidence> {
 
+  private static final Logger log = LoggerFactory.getLogger(EvidenceAdapter.class);
+
   private final JsonAdapter<Source> sourceAdapter;
   private final JsonAdapter<Evidence> defaultAdapter;
   private final JsonAdapter<Evidence> redactedAdapter;
@@ -57,15 +63,23 @@ public void toJson(@Nonnull final JsonWriter writer, final @Nullable Evidence ev
   }
 
   private String substring(final String value, final Ranged range) {
-    final int end = Math.min(range.getStart() + range.getLength(), value.length());
+    int end = Math.min(range.getStart() + range.getLength(), value.length());
+    if (end < 0) {
+      log.debug("Invalid negative end parameter for substring. Value: {} Range: {}", value, range);
+      end = value.length();
+    }
     return value.substring(range.getStart(), end);
   }
 
   private class DefaultEvidenceAdapter extends FormattingAdapter<Evidence> {
 
     @Override
-    public void toJson(@Nonnull final JsonWriter writer, final @Nonnull Evidence evidence)
+    public void toJson(@Nonnull final JsonWriter writer, final @Nullable Evidence evidence)
         throws IOException {
+      if (evidence == null) {
+        writer.nullValue();
+        return;
+      }
       writer.beginObject();
       if (evidence.getRanges() == null || evidence.getRanges().length == 0) {
         writer.name("value");
@@ -122,8 +136,12 @@ private void writeValuePart(
   private class RedactedEvidenceAdapter extends FormattingAdapter<Evidence> {
 
     @Override
-    public void toJson(@Nonnull final JsonWriter writer, @Nonnull final Evidence evidence)
+    public void toJson(@Nonnull final JsonWriter writer, @Nullable final Evidence evidence)
         throws IOException {
+      if (evidence == null) {
+        writer.nullValue();
+        return;
+      }
       final Context ctx = Context.get();
       final Vulnerability vulnerability = ctx.vulnerability;
       if (vulnerability == null) {
@@ -153,7 +171,10 @@ private void toRedactedJson(
       writer.beginArray();
       for (final Iterator<ValuePart> it = new ValuePartIterator(ctx, value, tainted, sensitive);
           it.hasNext(); ) {
-        it.next().write(ctx, writer);
+        final ValuePart next = it.next();
+        if (next != null) {
+          next.write(ctx, writer);
+        }
       }
       writer.endArray();
     }
@@ -195,6 +216,7 @@ public boolean hasNext() {
       return !next.isEmpty() || index < value.length();
     }
 
+    @Nullable
     @Override
     public ValuePart next() {
       if (!hasNext()) {
@@ -217,12 +239,17 @@ public ValuePart next() {
         }
       }
       if (nextSensitive != null) {
-        addNextStringValuePart(nextSensitive.getStart(), next); // pending string chunk
-        handleSensitiveValue(nextSensitive);
+        if (nextSensitive.isBefore(nextTainted)) {
+          addNextStringValuePart(nextSensitive.getStart(), next); // pending string chunk
+          handleSensitiveValue(nextSensitive);
+        } else {
+          sensitive.addFirst(nextSensitive);
+        }
       }
       return next.poll();
     }
 
+    @Nullable
     private Ranged handleTaintedValue(
         @Nonnull final Range nextTainted, @Nullable Ranged nextSensitive) {
       final RedactionContext redactionCtx = ctx.getRedaction(nextTainted.getSource());
@@ -276,6 +303,7 @@ private void handleSensitiveValue(@Nonnull Ranged nextSensitive) {
      * Removes the tainted range from the sensitive one and returns whatever is before and enqueues
      * the rest
      */
+    @Nullable
     private Ranged removeTaintedRange(final Ranged sensitive, final Range tainted) {
       final List<Ranged> disjointRanges = sensitive.remove(tainted);
       Ranged result = null;
@@ -289,6 +317,7 @@ private Ranged removeTaintedRange(final Ranged sensitive, final Range tainted) {
       return result;
     }
 
+    @Nullable
     private ValuePart nextStringValuePart(final int end) {
       if (index < end) {
         final String chunk = value.substring(index, end);
@@ -311,9 +340,10 @@ interface ValuePart {
   }
 
   static class StringValuePart implements ValuePart {
-    private final String value;
 
-    private StringValuePart(final String value) {
+    @Nullable private final String value;
+
+    private StringValuePart(@Nullable final String value) {
       this.value = value;
     }
 
@@ -324,7 +354,7 @@ public void write(final Context ctx, final JsonWriter writer) throws IOException
       }
       writer.beginObject();
       writer.name("value");
-      writer.value(value);
+      writeTruncableValue(writer, value);
       writer.endObject();
     }
   }
@@ -339,7 +369,7 @@ private RedactedValuePart(final String value) {
 
     @Override
     public void write(final Context ctx, final JsonWriter writer) throws IOException {
-      if (value == null || value.isEmpty()) {
+      if (value == null) {
         return;
       }
       writer.beginObject();
@@ -385,7 +415,7 @@ public void write(final Context ctx, final JsonWriter writer) throws IOException
       } else {
         writer.beginObject();
         writer.name("value");
-        writer.value(value);
+        writeTruncableValue(writer, value);
         writer.name("source");
         adapter.toJson(writer, source);
         writer.endObject();
@@ -429,11 +459,13 @@ private void addValuePart(
           valueParts.add(new TaintedValuePart(adapter, source, chunk, false));
         } else {
           final int length = chunk.length();
-          final int matching = source.getValue().indexOf(chunk);
+          final String sourceValue = source.getValue();
+          final String redactedValue = ctx.getRedactedValue();
+          final int matching = (sourceValue == null) ? -1 : sourceValue.indexOf(chunk);
           final String pattern;
-          if (matching >= 0) {
+          if (matching >= 0 && redactedValue != null) {
             // if matches append the matching part from the redacted value
-            pattern = ctx.getRedactedValue().substring(matching, matching + length);
+            pattern = redactedValue.substring(matching, matching + length);
           } else {
             // otherwise redact the string
             pattern = SensitiveHandler.get().redactString(chunk);
@@ -470,7 +502,7 @@ private TaintedValuePart(
 
     @Override
     public void write(final Context ctx, final JsonWriter writer) throws IOException {
-      if (value == null || value.isEmpty()) {
+      if (value == null) {
         return;
       }
       writer.beginObject();
@@ -483,7 +515,7 @@ public void write(final Context ctx, final JsonWriter writer) throws IOException
       } else {
         writer.name("value");
       }
-      writer.value(value);
+      writeTruncableValue(writer, value);
       writer.endObject();
     }
   }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/FormattingAdapter.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/FormattingAdapter.java
index 51a79738436..12d00ff344d 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/FormattingAdapter.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/FormattingAdapter.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.model.json;
 
+import com.squareup.moshi.FromJson;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.JsonReader;
 import java.io.IOException;
@@ -8,6 +9,7 @@
 
 public abstract class FormattingAdapter<V> extends JsonAdapter<V> {
 
+  @FromJson
   @Nullable
   @Override
   public final V fromJson(@Nonnull final JsonReader reader) throws IOException {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/SourceAdapter.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/SourceAdapter.java
index 342bbdf122d..7f5ab7edc1f 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/SourceAdapter.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/SourceAdapter.java
@@ -1,26 +1,26 @@
 package com.datadog.iast.model.json;
 
+import static com.datadog.iast.model.json.TruncationUtils.writeTruncableValue;
+
 import com.datadog.iast.model.Source;
 import com.datadog.iast.model.json.AdapterFactory.Context;
 import com.datadog.iast.model.json.AdapterFactory.RedactionContext;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.JsonWriter;
-import com.squareup.moshi.Moshi;
 import datadog.trace.api.Config;
 import java.io.IOException;
-import java.util.Collections;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 public class SourceAdapter extends FormattingAdapter<Source> {
 
-  private final SourceTypeAdapter sourceAdapter;
+  private final SourceTypeAdapter sourceTypeAdapter;
   private final JsonAdapter<Source> defaultAdapter;
   private final JsonAdapter<Source> redactedAdapter;
 
-  public SourceAdapter(final Factory factory, final Moshi moshi) {
-    sourceAdapter = new SourceTypeAdapter();
-    defaultAdapter = moshi.nextAdapter(factory, Source.class, Collections.emptySet());
+  public SourceAdapter() {
+    sourceTypeAdapter = new SourceTypeAdapter();
+    defaultAdapter = new DefaultSourceAdapter();
     redactedAdapter = new RedactedSourceAdapter();
   }
 
@@ -38,6 +38,21 @@ public void toJson(@Nonnull final JsonWriter writer, final @Nullable Source sour
     }
   }
 
+  private class DefaultSourceAdapter extends FormattingAdapter<Source> {
+
+    @Override
+    public void toJson(@Nonnull JsonWriter writer, @Nonnull Source source) throws IOException {
+      writer.beginObject();
+      writer.name("origin");
+      sourceTypeAdapter.toJson(writer, source.getOrigin());
+      writer.name("name");
+      writer.value(source.getName());
+      writer.name("value");
+      writeTruncableValue(writer, source.getValue());
+      writer.endObject();
+    }
+  }
+
   private class RedactedSourceAdapter extends FormattingAdapter<Source> {
 
     @Override
@@ -51,17 +66,18 @@ public void toJson(@Nonnull final JsonWriter writer, final @Nonnull Source sourc
       }
     }
 
-    private void toRedactedJson(final JsonWriter writer, final Source source, final String value)
+    private void toRedactedJson(
+        final JsonWriter writer, final Source source, @Nullable final String value)
         throws IOException {
       writer.beginObject();
       writer.name("origin");
-      sourceAdapter.toJson(writer, source.getOrigin());
+      sourceTypeAdapter.toJson(writer, source.getOrigin());
       writer.name("name");
       writer.value(source.getName());
       writer.name("redacted");
       writer.value(true);
       writer.name("pattern");
-      writer.value(value);
+      writeTruncableValue(writer, value);
       writer.endObject();
     }
   }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncatedVulnerabilities.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncatedVulnerabilities.java
new file mode 100644
index 00000000000..fe767384ef2
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncatedVulnerabilities.java
@@ -0,0 +1,19 @@
+package com.datadog.iast.model.json;
+
+import com.datadog.iast.model.Vulnerability;
+import java.util.List;
+import javax.annotation.Nullable;
+
+public class TruncatedVulnerabilities {
+
+  @Nullable private final List<Vulnerability> vulnerabilities;
+
+  public TruncatedVulnerabilities(@Nullable final List<Vulnerability> vulnerabilities) {
+    this.vulnerabilities = vulnerabilities;
+  }
+
+  @Nullable
+  public List<Vulnerability> getVulnerabilities() {
+    return vulnerabilities;
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncatedVulnerabilitiesAdapter.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncatedVulnerabilitiesAdapter.java
new file mode 100644
index 00000000000..ffe32b726bc
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncatedVulnerabilitiesAdapter.java
@@ -0,0 +1,87 @@
+package com.datadog.iast.model.json;
+
+import com.datadog.iast.model.Evidence;
+import com.datadog.iast.model.Location;
+import com.datadog.iast.model.Vulnerability;
+import com.datadog.iast.model.VulnerabilityType;
+import com.squareup.moshi.JsonAdapter;
+import com.squareup.moshi.JsonWriter;
+import com.squareup.moshi.Moshi;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+class TruncatedVulnerabilitiesAdapter extends FormattingAdapter<TruncatedVulnerabilities> {
+
+  private static final String MAX_SIZE_EXCEEDED = "MAX SIZE EXCEEDED";
+
+  private final JsonAdapter<Vulnerability> vulnerabilityAdapter;
+
+  public TruncatedVulnerabilitiesAdapter(Moshi moshi) {
+    this.vulnerabilityAdapter = new TruncatedVulnerabilityAdapter(moshi);
+  }
+
+  @Override
+  public void toJson(@Nonnull JsonWriter writer, @Nullable TruncatedVulnerabilities value)
+      throws IOException {
+    if (value == null) {
+      writer.nullValue();
+      return;
+    }
+    final List<Vulnerability> vulnerabilities = value.getVulnerabilities();
+    writer.beginObject();
+    if (vulnerabilities != null && !vulnerabilities.isEmpty()) {
+      writer.name("vulnerabilities");
+      writer.beginArray();
+      for (Vulnerability vulnerability : vulnerabilities) {
+        vulnerabilityAdapter.toJson(writer, vulnerability);
+      }
+      writer.endArray();
+    }
+    writer.endObject();
+  }
+
+  private static class TruncatedVulnerabilityAdapter extends FormattingAdapter<Vulnerability> {
+
+    private final JsonAdapter<VulnerabilityType> vulnerabilityTypeAdapter;
+
+    private final JsonAdapter<Evidence> evidenceAdapter;
+
+    private final JsonAdapter<Location> locationAdapter;
+
+    public TruncatedVulnerabilityAdapter(Moshi moshi) {
+      this.vulnerabilityTypeAdapter = moshi.adapter(VulnerabilityType.class);
+      this.evidenceAdapter = new TruncatedEvidenceAdapter();
+      this.locationAdapter = moshi.adapter(Location.class);
+    }
+
+    @Override
+    public void toJson(@Nonnull JsonWriter writer, @Nullable Vulnerability value)
+        throws IOException {
+      if (value == null) {
+        return;
+      }
+      writer.beginObject();
+      writer.name("type");
+      vulnerabilityTypeAdapter.toJson(writer, value.getType());
+      writer.name("evidence");
+      evidenceAdapter.toJson(writer, value.getEvidence());
+      writer.name("hash");
+      writer.value(value.getHash());
+      writer.name("location");
+      locationAdapter.toJson(writer, value.getLocation());
+      writer.endObject();
+    }
+  }
+
+  private static class TruncatedEvidenceAdapter extends FormattingAdapter<Evidence> {
+    @Override
+    public void toJson(@Nonnull JsonWriter writer, @Nullable Evidence evidence) throws IOException {
+      writer.beginObject();
+      writer.name("value");
+      writer.value(MAX_SIZE_EXCEEDED);
+      writer.endObject();
+    }
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncationUtils.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncationUtils.java
new file mode 100644
index 00000000000..7125ae86ead
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/TruncationUtils.java
@@ -0,0 +1,26 @@
+package com.datadog.iast.model.json;
+
+import com.squareup.moshi.JsonWriter;
+import datadog.trace.api.Config;
+import java.io.IOException;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+public final class TruncationUtils {
+  private static final int VALUE_MAX_LENGTH = Config.get().getIastTruncationMaxValueLength();
+  private static final String TRUNCATED = "truncated";
+  private static final String RIGHT = "right";
+
+  private TruncationUtils() {}
+
+  public static void writeTruncableValue(@Nonnull JsonWriter writer, @Nullable String value)
+      throws IOException {
+    if (value != null && value.length() > VALUE_MAX_LENGTH) {
+      writer.value(value.substring(0, VALUE_MAX_LENGTH));
+      writer.name(TRUNCATED);
+      writer.value(RIGHT);
+    } else {
+      writer.value(value);
+    }
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/VulnerabilityEncoding.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/VulnerabilityEncoding.java
index e777953632a..59c6c1c5b62 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/VulnerabilityEncoding.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/json/VulnerabilityEncoding.java
@@ -3,16 +3,37 @@
 import com.datadog.iast.model.VulnerabilityBatch;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Moshi;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class VulnerabilityEncoding {
 
+  private static final Logger log = LoggerFactory.getLogger(VulnerabilityEncoding.class);
+  private static final int MAX_SPAN_TAG_SIZE = 25000;
+
   static final Moshi MOSHI =
       new Moshi.Builder().add(new SourceTypeAdapter()).add(new AdapterFactory()).build();
 
   private static final JsonAdapter<VulnerabilityBatch> BATCH_ADAPTER =
       MOSHI.adapter(VulnerabilityBatch.class);
 
+  private static final JsonAdapter<TruncatedVulnerabilities> TRUNCATED_VULNERABILITIES_ADAPTER =
+      MOSHI.adapter(TruncatedVulnerabilities.class);
+
   public static String toJson(final VulnerabilityBatch value) {
-    return BATCH_ADAPTER.toJson(value);
+    try {
+      String json = BATCH_ADAPTER.toJson(value);
+      return json.getBytes().length > MAX_SPAN_TAG_SIZE
+          ? getExceededTagSizeJson(new TruncatedVulnerabilities(value.getVulnerabilities()))
+          : json;
+    } catch (Exception ex) {
+      log.debug("Vulnerability serialization error", ex);
+      return "{\"vulnerabilities\":[]}";
+    }
+  }
+
+  static String getExceededTagSizeJson(final TruncatedVulnerabilities truncatedVulnerabilities) {
+    // TODO report via telemetry
+    return TRUNCATED_VULNERABILITIES_ADAPTER.toJson(truncatedVulnerabilities);
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operation.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operation.java
index f0d75012887..c21cec9d9c7 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operation.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operation.java
@@ -1,7 +1,9 @@
 package com.datadog.iast.overhead;
 
+import javax.annotation.Nullable;
+
 public interface Operation {
-  boolean hasQuota(final OverheadContext context);
+  boolean hasQuota(@Nullable final OverheadContext context);
 
-  boolean consumeQuota(final OverheadContext context);
+  boolean consumeQuota(@Nullable final OverheadContext context);
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operations.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operations.java
index c9eab7b7237..e7bb35f1550 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operations.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/Operations.java
@@ -1,5 +1,7 @@
 package com.datadog.iast.overhead;
 
+import javax.annotation.Nullable;
+
 public class Operations {
 
   private Operations() {}
@@ -7,7 +9,7 @@ private Operations() {}
   public static final Operation REPORT_VULNERABILITY =
       new Operation() {
         @Override
-        public boolean hasQuota(final OverheadContext context) {
+        public boolean hasQuota(@Nullable final OverheadContext context) {
           if (context == null) {
             return false;
           }
@@ -15,7 +17,7 @@ public boolean hasQuota(final OverheadContext context) {
         }
 
         @Override
-        public boolean consumeQuota(final OverheadContext context) {
+        public boolean consumeQuota(@Nullable final OverheadContext context) {
           if (context == null) {
             return false;
           }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/OverheadController.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/OverheadController.java
index 26dd0b9d9fe..44f62063030 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/OverheadController.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/overhead/OverheadController.java
@@ -12,7 +12,8 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.util.AgentTaskScheduler;
 import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+import javax.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -24,9 +25,9 @@ public interface OverheadController {
 
   int releaseRequest();
 
-  boolean hasQuota(final Operation operation, final AgentSpan span);
+  boolean hasQuota(final Operation operation, @Nullable final AgentSpan span);
 
-  boolean consumeQuota(final Operation operation, final AgentSpan span);
+  boolean consumeQuota(final Operation operation, @Nullable final AgentSpan span);
 
   static OverheadController build(final Config config, final AgentTaskScheduler scheduler) {
     final OverheadControllerImpl result = new OverheadControllerImpl(config, scheduler);
@@ -68,7 +69,7 @@ public int releaseRequest() {
     }
 
     @Override
-    public boolean hasQuota(final Operation operation, final AgentSpan span) {
+    public boolean hasQuota(final Operation operation, @Nullable final AgentSpan span) {
       final boolean result = delegate.hasQuota(operation, span);
       if (LOGGER.isDebugEnabled()) {
         LOGGER.debug(
@@ -82,7 +83,7 @@ public boolean hasQuota(final Operation operation, final AgentSpan span) {
     }
 
     @Override
-    public boolean consumeQuota(final Operation operation, final AgentSpan span) {
+    public boolean consumeQuota(final Operation operation, @Nullable final AgentSpan span) {
       final boolean result = delegate.consumeQuota(operation, span);
       if (LOGGER.isDebugEnabled()) {
         LOGGER.debug(
@@ -103,7 +104,7 @@ public void reset() {
       }
     }
 
-    private int getAvailableQuote(final AgentSpan span) {
+    private int getAvailableQuote(@Nullable final AgentSpan span) {
       final OverheadContext context = delegate.getContext(span);
       return context == null ? -1 : context.getAvailableQuota();
     }
@@ -117,13 +118,14 @@ class OverheadControllerImpl implements OverheadController {
 
     final NonBlockingSemaphore availableRequests;
 
-    final AtomicInteger executedRequests = new AtomicInteger(0);
+    final AtomicLong cumulativeCounter;
 
     final OverheadContext globalContext = new OverheadContext();
 
     public OverheadControllerImpl(final Config config, final AgentTaskScheduler taskScheduler) {
       sampling = computeSamplingParameter(config.getIastRequestSampling());
       availableRequests = maxConcurrentRequests(config.getIastMaxConcurrentRequests());
+      cumulativeCounter = new AtomicLong(sampling);
       if (taskScheduler != null) {
         taskScheduler.scheduleAtFixedRate(
             this::reset, 2 * RESET_PERIOD_SECONDS, RESET_PERIOD_SECONDS, TimeUnit.SECONDS);
@@ -132,11 +134,14 @@ public OverheadControllerImpl(final Config config, final AgentTaskScheduler task
 
     @Override
     public boolean acquireRequest() {
-      if (executedRequests.incrementAndGet() % sampling != 0) {
-        // Skipped by sampling
-        return false;
+      long prevValue = cumulativeCounter.getAndAdd(sampling);
+      long newValue = prevValue + sampling;
+      if (newValue / 100 == prevValue / 100 + 1) {
+        // Sample request
+        return availableRequests.acquire();
       }
-      return availableRequests.acquire();
+      // Skipped by sampling
+      return false;
     }
 
     @Override
@@ -145,16 +150,17 @@ public int releaseRequest() {
     }
 
     @Override
-    public boolean hasQuota(final Operation operation, final AgentSpan span) {
+    public boolean hasQuota(final Operation operation, @Nullable final AgentSpan span) {
       return operation.hasQuota(getContext(span));
     }
 
     @Override
-    public boolean consumeQuota(final Operation operation, final AgentSpan span) {
+    public boolean consumeQuota(final Operation operation, @Nullable final AgentSpan span) {
       return operation.consumeQuota(getContext(span));
     }
 
-    public OverheadContext getContext(final AgentSpan span) {
+    @Nullable
+    public OverheadContext getContext(@Nullable final AgentSpan span) {
       final RequestContext requestContext = span != null ? span.getRequestContext() : null;
       if (requestContext != null) {
         IastRequestContext iastRequestContext = requestContext.getData(RequestContextSlot.IAST);
@@ -165,14 +171,14 @@ public OverheadContext getContext(final AgentSpan span) {
 
     static int computeSamplingParameter(final float pct) {
       if (pct >= 100) {
-        return 1;
+        return 100;
       }
       if (pct <= 0) {
         // We don't support disabling IAST by setting it, so we set it to 100%.
         // TODO: We probably want a warning here.
-        return 1;
+        return 100;
       }
-      return Math.round(100 / pct);
+      return (int) pct;
     }
 
     static NonBlockingSemaphore maxConcurrentRequests(final int max) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java
index 64122f158a0..ea0abe982b3 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java
@@ -1,8 +1,8 @@
 package com.datadog.iast.propagation;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
 import static com.datadog.iast.taint.Ranges.highestPriorityRange;
-import static com.datadog.iast.taint.Tainteds.canBeTainted;
+import static com.datadog.iast.util.ObjectVisitor.State.CONTINUE;
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
@@ -10,297 +10,499 @@
 import com.datadog.iast.taint.Ranges;
 import com.datadog.iast.taint.TaintedObject;
 import com.datadog.iast.taint.TaintedObjects;
-import datadog.trace.api.iast.SourceTypes;
+import com.datadog.iast.taint.Tainteds;
+import com.datadog.iast.util.ObjectVisitor;
+import datadog.trace.api.Config;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
+import java.util.function.Predicate;
+import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import org.jetbrains.annotations.Contract;
 
 public class PropagationModuleImpl implements PropagationModule {
 
+  /** Prevent copy of values bigger than this threshold */
+  private static final int MAX_VALUE_LENGTH = Config.get().getIastTruncationMaxValueLength();
+
   @Override
-  public void taintIfInputIsTainted(@Nullable final Object toTaint, @Nullable final Object input) {
-    if (toTaint == null || input == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    final Source source = highestPriorityTaintedSource(taintedObjects, input);
-    if (source != null) {
-      taintObject(taintedObjects, toTaint, source);
-    }
+  public void taint(@Nullable final Object target, final byte origin) {
+    taint(target, origin, null);
   }
 
   @Override
-  public void taintIfInputIsTainted(@Nullable final String toTaint, @Nullable final Object input) {
-    if (!canBeTainted(toTaint) || input == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    final Source source = highestPriorityTaintedSource(taintedObjects, input);
-    if (source != null) {
-      taintString(taintedObjects, toTaint, source);
-    }
+  public void taint(
+      @Nullable final Object target, final byte origin, @Nullable final CharSequence name) {
+    taint(target, origin, name, sourceValue(target));
   }
 
   @Override
-  public void taintIfInputIsTainted(
+  public void taint(
+      @Nullable final Object target,
       final byte origin,
-      @Nullable final String name,
-      @Nullable final String toTaint,
-      @Nullable final Object input) {
-    if (!canBeTainted(toTaint) || input == null) {
+      @Nullable final CharSequence name,
+      @Nullable final CharSequence value) {
+    if (!canBeTainted(target)) {
       return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    if (isTainted(taintedObjects, input)) {
-      taintString(taintedObjects, toTaint, new Source(origin, name, toTaint));
-    }
+    taint(LazyContext.build(), target, origin, name, value);
   }
 
   @Override
-  public void taintIfInputIsTainted(
-      final byte origin,
-      @Nullable final String name,
-      @Nullable final Collection<String> toTaintCollection,
-      @Nullable final Object input) {
-    if (toTaintCollection == null || toTaintCollection.isEmpty() || input == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    if (isTainted(taintedObjects, input)) {
-      for (final String toTaint : toTaintCollection) {
-        if (canBeTainted(toTaint)) {
-          taintString(taintedObjects, toTaint, new Source(origin, name, toTaint));
-        }
-      }
-    }
+  public void taint(
+      @Nullable final IastContext ctx, @Nullable final Object target, final byte origin) {
+    taint(ctx, target, origin, null);
   }
 
   @Override
-  public void taintIfInputIsTainted(
+  public void taint(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
       final byte origin,
-      @Nullable final Collection<String> toTaintCollection,
-      @Nullable final Object input) {
-    if (toTaintCollection == null || toTaintCollection.isEmpty() || input == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    if (isTainted(taintedObjects, input)) {
-      for (final String toTaint : toTaintCollection) {
-        if (canBeTainted(toTaint)) {
-          taintString(taintedObjects, toTaint, new Source(origin, toTaint, toTaint));
-        }
-      }
-    }
+      @Nullable final CharSequence name) {
+    taint(ctx, target, origin, name, sourceValue(target));
   }
 
   @Override
-  public void taintIfInputIsTainted(
+  public void taint(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
       final byte origin,
-      @Nullable final List<Map.Entry<String, String>> toTaintCollection,
-      @Nullable final Object input) {
-    if (toTaintCollection == null || toTaintCollection.isEmpty() || input == null) {
+      @Nullable final CharSequence name,
+      @Nullable final CharSequence value) {
+    if (!canBeTainted(target)) {
       return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    if (isTainted(taintedObjects, input)) {
-      for (final Map.Entry<String, String> entry : toTaintCollection) {
-        final String name = entry.getKey();
-        if (canBeTainted(name)) {
-          taintString(
-              taintedObjects, name, new Source(SourceTypes.namedSource(origin), name, name));
-        }
-        final String toTaint = entry.getValue();
-        if (canBeTainted(toTaint)) {
-          taintString(taintedObjects, toTaint, new Source(origin, name, toTaint));
-        }
-      }
-    }
+    internalTaint(ctx, target, new Source(origin, name, sourceValue(target, value)), NOT_MARKED);
+  }
+
+  @Override
+  public void taintIfTainted(@Nullable final Object target, @Nullable final Object input) {
+    taintIfTainted(target, input, false, NOT_MARKED);
   }
 
   @Override
-  public void taintIfAnyInputIsTainted(
-      @Nullable final Object toTaint, @Nullable final Object... inputs) {
-    if (toTaint == null || inputs == null || inputs.length == 0) {
+  public void taintIfTainted(
+      @Nullable final Object target, @Nullable final Object input, boolean keepRanges, int mark) {
+    if (!canBeTainted(target) || !canBeTainted(input)) {
       return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    for (final Object input : inputs) {
-      final Source source = highestPriorityTaintedSource(taintedObjects, input);
-      if (source != null) {
-        taintObject(taintedObjects, toTaint, source);
-        return;
-      }
-    }
+    taintIfTainted(LazyContext.build(), target, input, keepRanges, mark);
   }
 
   @Override
-  public void taint(final byte source, @Nullable final String name, @Nullable final String value) {
-    if (!canBeTainted(value)) {
+  public void taintIfTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object input) {
+    taintIfTainted(ctx, target, input, false, NOT_MARKED);
+  }
+
+  @Override
+  public void taintIfTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object input,
+      boolean keepRanges,
+      int mark) {
+    if (!canBeTainted(target) || !canBeTainted(input)) {
       return;
     }
-    final IastRequestContext ctx = IastRequestContext.get();
-    if (ctx == null) {
-      return;
+    if (keepRanges) {
+      internalTaint(ctx, target, getRanges(ctx, input), mark);
+    } else {
+      internalTaint(ctx, target, highestPrioritySource(ctx, input), mark);
     }
-    final TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    taintedObjects.taintInputString(value, new Source(source, name, value));
   }
 
   @Override
-  public void taint(
-      @Nullable final Object ctx_,
-      final byte source,
-      @Nullable final String name,
-      @Nullable final String value) {
-    if (ctx_ == null || !canBeTainted(value)) {
+  public void taintIfTainted(
+      @Nullable final Object target, @Nullable final Object input, final byte origin) {
+    taintIfTainted(target, input, origin, null);
+  }
+
+  @Override
+  public void taintIfTainted(
+      @Nullable final Object target,
+      @Nullable final Object input,
+      final byte origin,
+      @Nullable final CharSequence name) {
+    taintIfTainted(target, input, origin, name, sourceValue(target));
+  }
+
+  @Override
+  public void taintIfTainted(
+      @Nullable final Object target,
+      @Nullable final Object input,
+      final byte origin,
+      @Nullable final CharSequence name,
+      @Nullable final CharSequence value) {
+    if (!canBeTainted(target) || !canBeTainted(input)) {
       return;
     }
-    final IastRequestContext ctx = (IastRequestContext) ctx_;
-    final TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    taintedObjects.taintInputString(value, new Source(source, name, value));
+    taintIfTainted(LazyContext.build(), target, input, origin, name, value);
+  }
+
+  @Override
+  public void taintIfTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object input,
+      final byte origin) {
+    taintIfTainted(ctx, target, input, origin, null);
+  }
+
+  @Override
+  public void taintIfTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object input,
+      final byte origin,
+      @Nullable final CharSequence name) {
+    taintIfTainted(ctx, target, input, origin, name, sourceValue(target));
   }
 
   @Override
-  public void taintObjectIfInputIsTaintedKeepingRanges(
-      @Nullable final Object toTaint, @Nullable Object input) {
-    if (toTaint == null || input == null) {
+  public void taintIfTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object input,
+      final byte origin,
+      @Nullable final CharSequence name,
+      @Nullable final CharSequence value) {
+    if (!canBeTainted(target) || !canBeTainted(input)) {
       return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    final Range[] ranges = getTaintedRanges(taintedObjects, input);
-    if (ranges != null && ranges.length > 0) {
-      taintedObjects.taint(toTaint, ranges);
+    if (isTainted(ctx, input)) {
+      internalTaint(ctx, target, new Source(origin, name, sourceValue(target, value)), NOT_MARKED);
     }
   }
 
   @Override
-  public void taintObject(final byte origin, @Nullable final Object toTaint) {
-    if (toTaint == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(false);
-    if (taintedObjects == null) {
+  public void taintIfAnyTainted(@Nullable final Object target, @Nullable final Object[] inputs) {
+    taintIfAnyTainted(target, inputs, false, NOT_MARKED);
+  }
+
+  @Override
+  public void taintIfAnyTainted(
+      @Nullable final Object target,
+      @Nullable final Object[] inputs,
+      final boolean keepRanges,
+      final int mark) {
+    if (!canBeTainted(target) || !canBeTainted(inputs)) {
       return;
     }
-    final Source source = new Source(origin, null, null);
-    taintObject(taintedObjects, toTaint, source);
+    taintIfAnyTainted(LazyContext.build(), target, inputs, keepRanges, mark);
   }
 
   @Override
-  public void taintObjects(final byte origin, @Nullable final Object[] toTaintArray) {
-    if (toTaintArray == null || toTaintArray.length == 0) {
+  public void taintIfAnyTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object[] inputs) {
+    taintIfAnyTainted(ctx, target, inputs, false, NOT_MARKED);
+  }
+
+  @Override
+  public void taintIfAnyTainted(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      @Nullable final Object[] inputs,
+      final boolean keepRanges,
+      final int mark) {
+    if (!canBeTainted(target) || !canBeTainted(inputs)) {
       return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    final Source source = new Source(origin, null, null);
-    for (final Object toTaint : toTaintArray) {
-      taintObject(taintedObjects, toTaint, source);
+    if (keepRanges) {
+      final Range[] ranges = getRangesInArray(ctx, inputs);
+      if (ranges != null) {
+        internalTaint(ctx, target, ranges, mark);
+      }
+    } else {
+      final Source source = highestPrioritySourceInArray(ctx, inputs);
+      if (source != null) {
+        internalTaint(ctx, target, source, mark);
+      }
     }
   }
 
   @Override
-  public boolean isTainted(@Nullable Object obj) {
-    if (obj instanceof Taintable) {
-      return ((Taintable) obj).$DD$isTainted();
-    }
-
-    if (obj == null) {
-      return false;
+  public void taintDeeply(
+      @Nullable final Object target, final byte origin, final Predicate<Class<?>> classFilter) {
+    if (!canBeTainted(target)) {
+      return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    return taintedObjects.get(obj) != null;
+    taintDeeply(LazyContext.build(), target, origin, classFilter);
   }
 
   @Override
-  public void taintObjects(
-      final byte origin, @Nullable final Collection<Object> toTaintCollection) {
-    if (toTaintCollection == null || toTaintCollection.isEmpty()) {
+  public void taintDeeply(
+      @Nullable final IastContext ctx,
+      @Nullable final Object target,
+      final byte origin,
+      final Predicate<Class<?>> classFilter) {
+    if (!canBeTainted(target)) {
       return;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    final Source source = new Source(origin, null, null);
-    for (final Object toTaint : toTaintCollection) {
-      taintObject(taintedObjects, toTaint, source);
+    final TaintedObjects to = getTaintedObjects(ctx);
+    if (to == null) {
+      return;
+    }
+    if (target instanceof CharSequence) {
+      internalTaint(ctx, target, new Source(origin, null, sourceValue(target)), NOT_MARKED);
+    } else {
+      ObjectVisitor.visit(target, new TaintingVisitor(to, origin), classFilter);
     }
   }
 
+  @Nullable
   @Override
-  public void taint(
-      byte origin, @Nullable String name, @Nullable String value, @Nullable Taintable t) {
-    if (t == null) {
-      return;
-    }
-    t.$$DD$setSource(new Source(origin, name, value));
+  public Taintable.Source findSource(@Nullable final Object target) {
+    return target == null ? null : findSource(LazyContext.build(), target);
   }
 
+  @Nullable
   @Override
-  public Taintable.Source firstTaintedSource(@Nullable final Object input) {
-    if (input == null) {
+  public Taintable.Source findSource(
+      @Nullable final IastContext ctx, @Nullable final Object target) {
+    if (target == null) {
       return null;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    return highestPriorityTaintedSource(taintedObjects, input);
+    return highestPrioritySource(ctx, target);
   }
 
   @Override
-  public void taintIfInputIsTaintedWithMarks(
-      @Nullable final String toTaint, @Nullable final Object input, final int mark) {
-    if (!canBeTainted(toTaint) || input == null) {
-      return;
+  public boolean isTainted(@Nullable final Object target) {
+    return target != null && isTainted(LazyContext.build(), target);
+  }
+
+  @Override
+  public boolean isTainted(@Nullable final IastContext ctx, @Nullable final Object target) {
+    return target != null && findSource(ctx, target) != null;
+  }
+
+  /**
+   * Compares origin and value to check if they are the same reference in order to prevent retaining
+   * references
+   *
+   * @see #sourceValue(Object)
+   */
+  @Nullable
+  private static CharSequence sourceValue(
+      @Nullable final Object origin, @Nullable final CharSequence value) {
+    if (value != null && origin == value) {
+      return sourceValue(value);
+    }
+    return value;
+  }
+
+  /**
+   * This method will prevent the code from creating a strong reference to what should remain weak
+   */
+  @Nullable
+  private static CharSequence sourceValue(@Nullable final Object target) {
+    if (target instanceof String) {
+      final String string = (String) target;
+      if (MAX_VALUE_LENGTH > string.length()) {
+        return String.copyValueOf(string.toCharArray());
+      } else {
+        final char[] chars = new char[MAX_VALUE_LENGTH];
+        string.getChars(0, MAX_VALUE_LENGTH, chars, 0);
+        return String.copyValueOf(chars);
+      }
+    } else if (target instanceof CharSequence) {
+      final CharSequence charSequence = (CharSequence) target;
+      if (MAX_VALUE_LENGTH > charSequence.length()) {
+        return charSequence.toString();
+      } else {
+        final CharSequence subSequence = charSequence.subSequence(0, MAX_VALUE_LENGTH);
+        return subSequence.toString();
+      }
+    }
+    return null;
+  }
+
+  @Contract("null -> false")
+  private static boolean canBeTainted(@Nullable final Object target) {
+    if (target == null) {
+      return false;
     }
-    final TaintedObjects taintedObjects = TaintedObjects.activeTaintedObjects(true);
-    final Range[] ranges = getTaintedRanges(taintedObjects, input);
-    if (ranges != null && ranges.length > 0) {
-      Range priorityRange = highestPriorityRange(ranges);
-      taintedObjects.taintInputString(
-          toTaint, priorityRange.getSource(), priorityRange.getMarks() | mark);
+    if (target instanceof CharSequence) {
+      return Tainteds.canBeTainted((CharSequence) target);
     }
+    return true;
   }
 
-  private static void taintString(
-      final TaintedObjects taintedObjects, final String toTaint, final Source source) {
-    taintedObjects.taintInputString(toTaint, source);
+  @Contract("null -> false")
+  private static boolean canBeTainted(@Nullable final Object[] target) {
+    if (target == null || target.length == 0) {
+      return false;
+    }
+    return true;
   }
 
-  private static void taintObject(
-      final TaintedObjects taintedObjects, final Object toTaint, final Source source) {
-    if (toTaint instanceof Taintable) {
-      ((Taintable) toTaint).$$DD$setSource(source);
-    } else {
-      taintedObjects.taintInputObject(toTaint, source);
+  @Nullable
+  private static TaintedObjects getTaintedObjects(final @Nullable IastContext ctx) {
+    IastRequestContext iastCtx = null;
+    if (ctx instanceof IastRequestContext) {
+      iastCtx = (IastRequestContext) ctx;
+    } else if (ctx instanceof LazyContext) {
+      iastCtx = ((LazyContext) ctx).getDelegate();
+    }
+    return iastCtx == null ? null : iastCtx.getTaintedObjects();
+  }
+
+  @Nullable
+  private static Range[] getRangesInArray(
+      final @Nullable IastContext ctx, final @Nonnull Object[] objects) {
+    for (final Object object : objects) {
+      final Range[] ranges = getRanges(ctx, object);
+      if (ranges != null) {
+        return ranges;
+      }
+    }
+    return null;
+  }
+
+  @Nullable
+  private static Range[] getRanges(final @Nullable IastContext ctx, final @Nonnull Object object) {
+    if (object instanceof Taintable) {
+      final Source source = highestPrioritySource(ctx, object);
+      if (source == null) {
+        return null;
+      } else {
+        return new Range[] {new Range(0, Integer.MAX_VALUE, source, NOT_MARKED)};
+      }
     }
+    final TaintedObjects to = getTaintedObjects(ctx);
+    if (to == null) {
+      return null;
+    }
+    final TaintedObject tainted = to.get(object);
+    return tainted == null ? null : tainted.getRanges();
   }
 
-  private static boolean isTainted(final TaintedObjects taintedObjects, final Object object) {
-    return highestPriorityTaintedSource(taintedObjects, object) != null;
+  @Nullable
+  private static Source highestPrioritySourceInArray(
+      final @Nullable IastContext ctx, final @Nonnull Object[] objects) {
+    for (final Object object : objects) {
+      final Source source = highestPrioritySource(ctx, object);
+      if (source != null) {
+        return source;
+      }
+    }
+    return null;
   }
 
-  private static Source highestPriorityTaintedSource(
-      final TaintedObjects taintedObjects, final Object object) {
+  @Nullable
+  private static Source highestPrioritySource(
+      final @Nullable IastContext ctx, final @Nonnull Object object) {
     if (object instanceof Taintable) {
       return (Source) ((Taintable) object).$$DD$getSource();
     } else {
-      final TaintedObject tainted = taintedObjects.get(object);
-      final Range[] ranges = tainted == null ? null : tainted.getRanges();
+      final Range[] ranges = getRanges(ctx, object);
       return ranges != null && ranges.length > 0 ? highestPriorityRange(ranges).getSource() : null;
     }
   }
 
-  private static Range[] getTaintedRanges(
-      final TaintedObjects taintedObjects, final Object object) {
-    if (object instanceof Taintable) {
-      Source source = (Source) ((Taintable) object).$$DD$getSource();
-      if (source == null) {
-        return null;
+  private static void internalTaint(
+      @Nullable final IastContext ctx,
+      @Nonnull final Object value,
+      @Nullable final Source source,
+      int mark) {
+    if (source == null) {
+      return;
+    }
+    if (value instanceof Taintable) {
+      ((Taintable) value).$$DD$setSource(source);
+    } else {
+      final TaintedObjects to = getTaintedObjects(ctx);
+      if (to == null) {
+        return;
+      }
+      if (value instanceof CharSequence) {
+        to.taint(value, Ranges.forCharSequence((CharSequence) value, source, mark));
       } else {
-        return Ranges.forObject(source, NOT_MARKED);
+        to.taint(value, Ranges.forObject(source, mark));
       }
+    }
+  }
+
+  private static void internalTaint(
+      @Nullable final IastContext ctx,
+      @Nonnull final Object value,
+      @Nullable final Range[] ranges,
+      final int mark) {
+    if (ranges == null || ranges.length == 0) {
+      return;
+    }
+    if (value instanceof Taintable) {
+      ((Taintable) value).$$DD$setSource(ranges[0].getSource());
     } else {
-      final TaintedObject tainted = taintedObjects.get(object);
-      return tainted == null ? null : tainted.getRanges();
+      final TaintedObjects to = getTaintedObjects(ctx);
+      if (to != null) {
+        final Range[] markedRanges = markRanges(ranges, mark);
+        to.taint(value, markedRanges);
+      }
+    }
+  }
+
+  @Nonnull
+  private static Range[] markRanges(@Nonnull final Range[] ranges, final int mark) {
+    if (mark == NOT_MARKED) {
+      return ranges;
+    }
+    final Range[] result = new Range[ranges.length];
+    for (int i = 0; i < ranges.length; i++) {
+      final Range range = ranges[i];
+      final int newMark = range.getMarks() | mark;
+      result[i] = new Range(range.getStart(), range.getLength(), range.getSource(), newMark);
+    }
+    return result;
+  }
+
+  private static class LazyContext implements IastContext {
+
+    private boolean fetched;
+    @Nullable private IastRequestContext delegate;
+
+    @Nullable
+    private IastRequestContext getDelegate() {
+      if (!fetched) {
+        fetched = true;
+        delegate = IastRequestContext.get();
+      }
+      return delegate;
+    }
+
+    public static IastContext build() {
+      return new LazyContext();
+    }
+  }
+
+  private static class TaintingVisitor implements ObjectVisitor.Visitor {
+
+    private final TaintedObjects taintedObjects;
+    private final byte origin;
+
+    private TaintingVisitor(@Nonnull final TaintedObjects taintedObjects, final byte origin) {
+      this.taintedObjects = taintedObjects;
+      this.origin = origin;
+    }
+
+    @Nonnull
+    @Override
+    public ObjectVisitor.State visit(@Nonnull final String path, @Nonnull final Object value) {
+      if (value instanceof CharSequence) {
+        final CharSequence charSequence = (CharSequence) value;
+        if (canBeTainted(charSequence)) {
+          final Source source = new Source(origin, path, sourceValue(value));
+          taintedObjects.taint(
+              charSequence, Ranges.forCharSequence(charSequence, source, NOT_MARKED));
+        }
+      }
+      return CONTINUE;
     }
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java
index 36f4c1897c4..a93d3c53e8e 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java
@@ -9,19 +9,19 @@
 
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
-import com.datadog.iast.model.Source;
 import com.datadog.iast.taint.Ranges;
+import com.datadog.iast.taint.Ranges.RangeList;
+import com.datadog.iast.taint.Ranges.RangesProvider;
 import com.datadog.iast.taint.TaintedObject;
 import com.datadog.iast.taint.TaintedObjects;
 import com.datadog.iast.util.Ranged;
 import datadog.trace.api.iast.propagation.StringModule;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Deque;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.LinkedList;
-import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.regex.Matcher;
@@ -39,6 +39,7 @@ public class StringModuleImpl implements StringModule {
 
   private static final int NULL_STR_LENGTH = "null".length();
 
+  @SuppressWarnings("NullAway") // NullAway fails with taintedLeft and taintedRight checks
   @Override
   public void onStringConcat(
       @Nonnull final String left, @Nullable final String right, @Nonnull final String result) {
@@ -153,7 +154,7 @@ public void onStringConcatFactory(
 
     final TaintedObjects taintedObjects = ctx.getTaintedObjects();
     final Map<Integer, Range[]> sourceRanges = new HashMap<>();
-    int rangeCount = 0;
+    long rangeCount = 0;
     for (int i = 0; i < args.length; i++) {
       final TaintedObject to = getTainted(taintedObjects, args[i]);
       if (to != null) {
@@ -166,17 +167,19 @@ public void onStringConcatFactory(
       return;
     }
 
-    final Range[] targetRanges = new Range[rangeCount];
+    final Range[] targetRanges = Ranges.newArray(rangeCount);
     int offset = 0, rangeIndex = 0;
     for (int item : recipeOffsets) {
       if (item < 0) {
-        offset += (-item);
+        offset += -item;
       } else {
         final String argument = args[item];
         final Range[] ranges = sourceRanges.get(item);
         if (ranges != null) {
-          Ranges.copyShift(ranges, targetRanges, rangeIndex, offset);
-          rangeIndex += ranges.length;
+          rangeIndex = insertRange(targetRanges, ranges, offset, rangeIndex);
+          if (rangeIndex >= targetRanges.length) {
+            break;
+          }
         }
         offset += getToStringLength(argument);
       }
@@ -212,7 +215,7 @@ public void onStringSubSequence(
 
   @Override
   public void onStringJoin(
-      @Nullable String result, @Nonnull CharSequence delimiter, @Nonnull CharSequence... elements) {
+      @Nullable String result, @Nonnull CharSequence delimiter, @Nonnull CharSequence[] elements) {
     if (!canBeTainted(result)) {
       return;
     }
@@ -225,33 +228,42 @@ public void onStringJoin(
     if (getTainted(taintedObjects, result) != null) {
       return;
     }
-    List<Range> newRanges = new ArrayList<>();
-    int pos = 0;
-    // Delimiter info
-    Range[] delimiterRanges = getRanges(getTainted(taintedObjects, delimiter));
-    boolean delimiterHasRanges = delimiterRanges.length > 0;
-    int delimiterLength = delimiter.length();
-
+    final RangesProvider<CharSequence> elementRanges = rangesProviderFor(taintedObjects, elements);
+    final Range[] delimiterRanges = getRanges(getTainted(taintedObjects, delimiter));
+    final long rangeCount =
+        elementRanges.rangeCount() + ((long) (elements.length - 1) * delimiterRanges.length);
+    if (rangeCount == 0) {
+      return;
+    }
+    final Range[] targetRanges = Ranges.newArray(rangeCount);
+    int delimiterLength = getToStringLength(delimiter), offset = 0, rangeIndex = 0;
     for (int i = 0; i < elements.length; i++) {
-      CharSequence element = elements[i];
-      pos =
-          getPositionAndUpdateRangesInStringJoin(
-              taintedObjects,
-              newRanges,
-              pos,
-              delimiterRanges,
-              delimiterLength,
-              element,
-              delimiterHasRanges && i < elements.length - 1);
-    }
-    if (!newRanges.isEmpty()) {
-      taintedObjects.taint(result, newRanges.toArray(new Range[0]));
+      // insert element ranges
+      final CharSequence element = elements[i];
+      final Range[] ranges = elementRanges.ranges(element);
+      if (ranges != null) {
+        rangeIndex = insertRange(targetRanges, ranges, offset, rangeIndex);
+        if (rangeIndex >= targetRanges.length) {
+          break;
+        }
+      }
+      offset += getToStringLength(element);
+
+      if (i < elements.length - 1) {
+        // add delimiter ranges
+        rangeIndex = insertRange(targetRanges, delimiterRanges, offset, rangeIndex);
+        if (rangeIndex >= targetRanges.length) {
+          break;
+        }
+        offset += delimiterLength;
+      }
     }
+    taintedObjects.taint(result, targetRanges);
   }
 
   @Override
   @SuppressFBWarnings("ES_COMPARING_PARAMETER_STRING_WITH_EQ")
-  public void onStringRepeat(String self, int count, String result) {
+  public void onStringRepeat(@Nonnull String self, int count, @Nonnull String result) {
     if (!canBeTainted(self) || !canBeTainted(result) || self == result) {
       return;
     }
@@ -264,9 +276,13 @@ public void onStringRepeat(String self, int count, String result) {
     if (selfRanges.length == 0) {
       return;
     }
-    final Range[] ranges = new Range[selfRanges.length * count];
+    final Range[] ranges = Ranges.newArray(selfRanges.length * (long) count);
+    int rangeIndex = 0;
     for (int i = 0; i < count; i++) {
-      Ranges.copyShift(selfRanges, ranges, i * selfRanges.length, i * self.length());
+      rangeIndex = insertRange(ranges, selfRanges, i * self.length(), rangeIndex);
+      if (rangeIndex >= ranges.length) {
+        break;
+      }
     }
     taintedObjects.taint(result, ranges);
   }
@@ -342,40 +358,18 @@ private void stringCaseChangedWithReducedSize(
     taintedObjects.taint(result, newRanges);
   }
 
-  /**
-   * Iterates over the element and delimiter ranges (if necessary) to update them and calculate the
-   * new pos value
-   */
-  private static int getPositionAndUpdateRangesInStringJoin(
-      TaintedObjects taintedObjects,
-      List<Range> newRanges,
-      int pos,
-      Range[] delimiterRanges,
-      int delimiterLength,
-      CharSequence element,
-      boolean addDelimiterRanges) {
-    if (canBeTainted(element)) {
-      TaintedObject elementTainted = taintedObjects.get(element);
-      if (elementTainted != null) {
-        Range[] elementRanges = elementTainted.getRanges();
-        if (elementRanges.length > 0) {
-          for (Range range : elementRanges) {
-            newRanges.add(pos == 0 ? range : range.shift(pos));
-          }
-        }
-      }
-    }
-    pos += getToStringLength(element);
-    if (addDelimiterRanges) {
-      for (Range range : delimiterRanges) {
-        newRanges.add(range.shift(pos));
-      }
+  /** Inserts the range in the selected position and returns the new position for further ranges */
+  private static int insertRange(
+      final Range[] targetRanges, final Range[] ranges, final int offset, final int rangeIndex) {
+    if (ranges.length == 0) {
+      return rangeIndex;
     }
-    pos += delimiterLength;
-    return pos;
+    final int count = Math.min(targetRanges.length - rangeIndex, ranges.length);
+    Ranges.copyShift(ranges, targetRanges, rangeIndex, offset, count);
+    return rangeIndex + count;
   }
 
-  private static Range[] getRanges(final TaintedObject taintedObject) {
+  private static Range[] getRanges(@Nullable final TaintedObject taintedObject) {
     return taintedObject == null ? EMPTY : taintedObject.getRanges();
   }
 
@@ -454,7 +448,7 @@ public void onStringFormat(
       return;
     }
     final TaintedObjects to = ctx.getTaintedObjects();
-    final Ranges.RangesProvider<Object> paramRangesProvider = rangesProviderFor(to, parameters);
+    final RangesProvider<Object> paramRangesProvider = rangesProviderFor(to, parameters);
     int rangeCount = paramRangesProvider.rangeCount();
     final Deque<Range> formatRanges = new LinkedList<>();
     final TaintedObject formatTainted = to.get(format);
@@ -467,7 +461,7 @@ public void onStringFormat(
     }
     // params can appear zero or multiple times in the pattern so the final number of ranges is
     // unknown beforehand
-    final List<Range> finalRanges = new LinkedList<>();
+    final RangeList finalRanges = new RangeList();
     final Matcher matcher = FORMAT_PATTERN.matcher(format);
     int offset = 0, paramIndex = 0;
     while (matcher.find()) {
@@ -493,11 +487,53 @@ public void onStringFormat(
       addParameterTaintedRanges(
           placeholderRange, parameter, formattedValue, shift, paramRanges, finalRanges);
       offset += (formattedValue.length() - placeholder.length());
+      if (finalRanges.isFull()) {
+        break;
+      }
     }
     addFormatTaintedRanges(
         END, offset, formatRanges, finalRanges); // add remaining ranges from the format
     if (!finalRanges.isEmpty()) {
-      to.taint(result, finalRanges.toArray(new Range[0]));
+      to.taint(result, finalRanges.toArray());
+    }
+  }
+
+  @Override
+  public void onStringFormat(
+      @Nonnull final Iterable<String> literals,
+      @Nonnull final Object[] parameters,
+      @Nonnull final String result) {
+    if (!canBeTainted(result)) {
+      return;
+    }
+    final IastRequestContext ctx = IastRequestContext.get();
+    if (ctx == null) {
+      return;
+    }
+    final TaintedObjects to = ctx.getTaintedObjects();
+    final RangesProvider<Object> paramRangesProvider = rangesProviderFor(to, parameters);
+    if (paramRangesProvider.rangeCount() == 0) {
+      return;
+    }
+    // since we might join ranges the final number is unknown beforehand
+    final RangeList finalRanges = new RangeList();
+    int offset = 0, paramIndex = 0;
+    for (final Iterator<String> it = literals.iterator(); it.hasNext(); ) {
+      final String literal = it.next();
+      offset += literal.length();
+      if (it.hasNext() && paramIndex < parameters.length) {
+        final Object parameter = parameters[paramIndex++];
+        final Range[] parameterRanges = paramRangesProvider.ranges(parameter);
+        final String formatted = String.valueOf(parameter);
+        addParameterTaintedRanges(null, parameter, formatted, offset, parameterRanges, finalRanges);
+        offset += formatted.length();
+      }
+      if (finalRanges.isFull()) {
+        break;
+      }
+    }
+    if (!finalRanges.isEmpty()) {
+      to.taint(result, finalRanges.toArray());
     }
   }
 
@@ -537,12 +573,12 @@ public void onSplit(@Nonnull String self, @Nonnull String[] result) {
    * @param finalRanges result with all ranges
    */
   private void addParameterTaintedRanges(
-      final Range placeholderRange,
+      @Nullable final Range placeholderRange,
       final Object param,
       final String formatted,
       final int offset,
-      final Range[] ranges,
-      /* out */ final List<Range> finalRanges) {
+      @Nullable final Range[] ranges,
+      /* out */ final RangeList finalRanges) {
     if (ranges != null && ranges.length > 0) {
       // only shift ranges if they are character sequences of the same length, otherwise taint the
       // whole thing
@@ -554,7 +590,6 @@ private void addParameterTaintedRanges(
         finalRanges.add(Ranges.copyWithPosition(ranges[0], offset, formatted.length()));
       }
     } else if (placeholderRange != null) {
-      final Source source = placeholderRange.getSource();
       finalRanges.add(Ranges.copyWithPosition(placeholderRange, offset, formatted.length()));
     }
   }
@@ -568,11 +603,12 @@ private void addParameterTaintedRanges(
    * @param finalRanges result with all ranges
    * @return tainted range of the placeholder or {@code null} if not tainted
    */
+  @Nullable
   private Range addFormatTaintedRanges(
       final Ranged placeholderPos,
       final int offset,
       final Deque<Range> ranges,
-      /* out */ final List<Range> finalRanges) {
+      /* out */ final RangeList finalRanges) {
     Range formatRange;
     int end = placeholderPos.getStart() + placeholderPos.getLength();
     Range placeholderRange = null;
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/AbstractRegexTokenizer.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/AbstractRegexTokenizer.java
index 58a1e8aaec3..54c73669be3 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/AbstractRegexTokenizer.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/AbstractRegexTokenizer.java
@@ -4,11 +4,12 @@
 import java.util.NoSuchElementException;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import javax.annotation.Nullable;
 
 public abstract class AbstractRegexTokenizer implements SensitiveHandler.Tokenizer {
 
   protected final Matcher matcher;
-  private Ranged current;
+  @Nullable private Ranged current;
 
   protected AbstractRegexTokenizer(final Pattern pattern, final String evidence) {
     matcher = pattern.matcher(evidence);
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SensitiveHandlerImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SensitiveHandlerImpl.java
index 69f01f9b1c8..d62fdf8c95c 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SensitiveHandlerImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SensitiveHandlerImpl.java
@@ -45,6 +45,7 @@ public SensitiveHandlerImpl() {
     tokenizers.put(VulnerabilityType.COMMAND_INJECTION, CommandRegexpTokenizer::new);
     tokenizers.put(VulnerabilityType.SSRF, UrlRegexpTokenizer::new);
     tokenizers.put(VulnerabilityType.UNVALIDATED_REDIRECT, UrlRegexpTokenizer::new);
+    tokenizers.put(VulnerabilityType.XSS, TaintedRangeBasedTokenizer::new);
   }
 
   @Override
@@ -75,7 +76,7 @@ public Tokenizer tokenizeEvidence(
     return supplier.tokenizerFor(evidence);
   }
 
-  private int computeLength(final String value) {
+  private int computeLength(@Nullable final String value) {
     if (value == null || value.isEmpty()) {
       return 0;
     }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SqlRegexpTokenizer.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SqlRegexpTokenizer.java
index 9082979e890..6c87aaf7a87 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SqlRegexpTokenizer.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/SqlRegexpTokenizer.java
@@ -120,10 +120,6 @@ public static Dialect fromEvidence(final Evidence evidence) {
       return ANSI;
     }
 
-    public static Dialect current() {
-      return ANSI;
-    }
-
     public Pattern buildPattern() {
       return pattern.get();
     }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/TaintedRangeBasedTokenizer.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/TaintedRangeBasedTokenizer.java
new file mode 100644
index 00000000000..b2cff3356b4
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sensitive/TaintedRangeBasedTokenizer.java
@@ -0,0 +1,61 @@
+package com.datadog.iast.sensitive;
+
+import com.datadog.iast.model.Evidence;
+import com.datadog.iast.model.Range;
+import com.datadog.iast.taint.Ranges;
+import com.datadog.iast.util.Ranged;
+import java.util.NoSuchElementException;
+import javax.annotation.Nullable;
+
+public class TaintedRangeBasedTokenizer implements SensitiveHandler.Tokenizer {
+
+  private final String value;
+  private final Range[] ranges;
+
+  @Nullable private Ranged current;
+
+  private int rangesIndex;
+
+  private int pos;
+
+  public TaintedRangeBasedTokenizer(final Evidence evidence) {
+    this.ranges = evidence.getRanges() == null ? Ranges.EMPTY : evidence.getRanges();
+    this.value = evidence.getValue();
+    rangesIndex = 0;
+    pos = 0; // current value position
+  }
+
+  @Override
+  public boolean next() {
+    current = buildNext();
+    return current != null;
+  }
+
+  @Override
+  public Ranged current() {
+    if (current == null) {
+      throw new NoSuchElementException();
+    }
+    return current;
+  }
+
+  @Nullable
+  private Ranged buildNext() {
+    for (; rangesIndex < ranges.length; rangesIndex++) {
+      Range range = ranges[rangesIndex];
+      if (range.getStart() <= pos) {
+        pos = range.getStart() + range.getLength();
+      } else {
+        Ranged next = Ranged.build(pos, range.getStart() - pos);
+        pos = range.getStart() + range.getLength();
+        return next;
+      }
+    }
+    if (pos < value.length()) {
+      Ranged next = Ranged.build(pos, value.length() - pos);
+      pos = value.length();
+      return next;
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/CommandInjectionModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/CommandInjectionModuleImpl.java
index ea5fa289e6d..24fd88c99c4 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/CommandInjectionModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/CommandInjectionModuleImpl.java
@@ -3,6 +3,7 @@
 import static com.datadog.iast.taint.Ranges.rangesProviderFor;
 import static com.datadog.iast.taint.Tainteds.canBeTainted;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.VulnerabilityType;
 import com.datadog.iast.taint.TaintedObjects;
@@ -15,6 +16,10 @@
 
 public class CommandInjectionModuleImpl extends SinkModuleBase implements CommandInjectionModule {
 
+  public CommandInjectionModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onRuntimeExec(@Nullable final String... cmdArray) {
     if (!canBeTainted(cmdArray)) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HstsMissingHeaderModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HstsMissingHeaderModuleImpl.java
new file mode 100644
index 00000000000..801d7e51052
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HstsMissingHeaderModuleImpl.java
@@ -0,0 +1,86 @@
+package com.datadog.iast.sink;
+
+import com.datadog.iast.Dependencies;
+import com.datadog.iast.IastRequestContext;
+import com.datadog.iast.model.Location;
+import com.datadog.iast.model.Vulnerability;
+import com.datadog.iast.model.VulnerabilityType;
+import com.datadog.iast.overhead.Operations;
+import datadog.trace.api.gateway.IGSpanInfo;
+import datadog.trace.api.iast.sink.HstsMissingHeaderModule;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.Locale;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class HstsMissingHeaderModuleImpl extends SinkModuleBase implements HstsMissingHeaderModule {
+  private static final Pattern MAX_AGE =
+      Pattern.compile("max-age=(\\d+)", Pattern.CASE_INSENSITIVE);
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(HstsMissingHeaderModuleImpl.class);
+
+  public HstsMissingHeaderModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
+  @Override
+  public void onRequestEnd(final Object iastRequestContextObject, final IGSpanInfo igSpanInfo) {
+
+    final IastRequestContext iastRequestContext = (IastRequestContext) iastRequestContextObject;
+
+    if (!isValidMaxAge(iastRequestContext.getStrictTransportSecurity())) {
+      try {
+        Map<String, Object> tags = igSpanInfo.getTags();
+        String urlString = (String) tags.get("http.url");
+        Integer httpStatus = (Integer) tags.get("http.status_code");
+        if (isIgnorableResponseCode(httpStatus)) {
+          return;
+        }
+        if (!isHtmlResponse(iastRequestContext.getContentType())) {
+          return;
+        }
+        if (!isHttps(urlString, iastRequestContext.getxForwardedProto())) {
+          return;
+        }
+        final AgentSpan span = AgentTracer.activeSpan();
+        if (overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
+          reporter.report(
+              span,
+              new Vulnerability(
+                  VulnerabilityType.HSTS_HEADER_MISSING, Location.forSpan(span), null));
+        }
+      } catch (Throwable e) {
+        LOGGER.debug("Exception while checking for missing HSTS headers vulnerability", e);
+      }
+    }
+  }
+
+  static boolean isValidMaxAge(@Nullable final String value) {
+    if (value == null) {
+      return false;
+    }
+    final Matcher matcher = MAX_AGE.matcher(value);
+    if (!matcher.find()) {
+      return false;
+    }
+    return Integer.parseInt(matcher.group(1)) > 0;
+  }
+
+  static boolean isHttps(@Nullable final String urlString, @Nullable final String forwardedFor) {
+    if (urlString == null) {
+      return false;
+    }
+    if (urlString.toLowerCase(Locale.ROOT).startsWith("https://")) {
+      return true;
+    }
+    if (forwardedFor == null) {
+      return false;
+    }
+    return forwardedFor.toLowerCase(Locale.ROOT).contains("https");
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HttpResponseHeaderModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HttpResponseHeaderModuleImpl.java
index 01f486502ef..9eea7be16c5 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HttpResponseHeaderModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HttpResponseHeaderModuleImpl.java
@@ -1,13 +1,18 @@
 package com.datadog.iast.sink;
 
+import static com.datadog.iast.util.HttpHeader.Values.SET_COOKIE;
 import static java.util.Collections.singletonList;
 
+import com.datadog.iast.Dependencies;
+import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.Location;
 import com.datadog.iast.model.Vulnerability;
 import com.datadog.iast.model.VulnerabilityType;
 import com.datadog.iast.overhead.Operations;
 import com.datadog.iast.util.CookieSecurityParser;
+import com.datadog.iast.util.HttpHeader;
+import com.datadog.iast.util.HttpHeader.ContextAwareHeader;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.sink.HttpCookieModule;
 import datadog.trace.api.iast.sink.HttpResponseHeaderModule;
@@ -22,15 +27,28 @@
 
 public class HttpResponseHeaderModuleImpl extends SinkModuleBase
     implements HttpResponseHeaderModule {
-  private static final String SET_COOKIE_HEADER = "Set-Cookie";
+
+  public HttpResponseHeaderModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
 
   @Override
   public void onHeader(@Nonnull final String name, final String value) {
-    if (SET_COOKIE_HEADER.equalsIgnoreCase(name)) {
-      onCookies(CookieSecurityParser.parse(value));
-    }
-    if (null != InstrumentationBridge.UNVALIDATED_REDIRECT) {
-      InstrumentationBridge.UNVALIDATED_REDIRECT.onHeader(name, value);
+    final HttpHeader header = HttpHeader.from(name);
+    if (header != null) {
+      if (header instanceof ContextAwareHeader) {
+        final AgentSpan span = AgentTracer.activeSpan();
+        final IastRequestContext ctx = IastRequestContext.get(span);
+        if (ctx != null) {
+          ((ContextAwareHeader) header).onHeader(ctx, value);
+        }
+      }
+      if (header == SET_COOKIE) {
+        onCookies(CookieSecurityParser.parse(value));
+      }
+      if (null != InstrumentationBridge.UNVALIDATED_REDIRECT) {
+        InstrumentationBridge.UNVALIDATED_REDIRECT.onHeader(name, value);
+      }
     }
   }
 
@@ -48,7 +66,7 @@ private void onCookies(final List<Cookie> cookies) {
     if (!overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
       return;
     }
-    final Location location = Location.forSpanAndStack(spanId(span), getCurrentStackTrace());
+    final Location location = Location.forSpanAndStack(span, getCurrentStackTrace());
     for (final Map.Entry<VulnerabilityType, Cookie> entry : vulnerable.entrySet()) {
       final Cookie cookie = entry.getValue();
       final Evidence evidence = new Evidence(cookie.getCookieName());
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/LdapInjectionModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/LdapInjectionModuleImpl.java
index 1b0fc2a3cd9..aaa0f999bfb 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/LdapInjectionModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/LdapInjectionModuleImpl.java
@@ -3,6 +3,7 @@
 import static com.datadog.iast.taint.Ranges.rangesProviderFor;
 import static com.datadog.iast.taint.Tainteds.canBeTainted;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.VulnerabilityType;
 import com.datadog.iast.taint.TaintedObjects;
@@ -14,6 +15,10 @@
 
 public class LdapInjectionModuleImpl extends SinkModuleBase implements LdapInjectionModule {
 
+  public LdapInjectionModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @SuppressWarnings("unchecked")
   @Override
   public void onDirContextSearch(
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/PathTraversalModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/PathTraversalModuleImpl.java
index 2cb6eb4d816..cd5a54862a7 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/PathTraversalModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/PathTraversalModuleImpl.java
@@ -4,6 +4,7 @@
 import static com.datadog.iast.taint.Tainteds.canBeTainted;
 import static java.util.Arrays.asList;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.VulnerabilityType;
 import com.datadog.iast.taint.TaintedObjects;
@@ -20,6 +21,10 @@
 
 public class PathTraversalModuleImpl extends SinkModuleBase implements PathTraversalModule {
 
+  public PathTraversalModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onPathTraversal(final @Nullable String path) {
     if (!canBeTainted(path)) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java
index 7691e428f3a..d1a24a5516f 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java
@@ -1,6 +1,9 @@
 package com.datadog.iast.sink;
 
-import com.datadog.iast.HasDependencies;
+import static com.datadog.iast.util.ObjectVisitor.State.CONTINUE;
+import static com.datadog.iast.util.ObjectVisitor.State.EXIT;
+
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.Reporter;
 import com.datadog.iast.model.Evidence;
@@ -14,28 +17,25 @@
 import com.datadog.iast.taint.Ranges;
 import com.datadog.iast.taint.Ranges.RangesProvider;
 import com.datadog.iast.taint.TaintedObject;
-import com.datadog.iast.taint.TaintedObjects;
+import com.datadog.iast.util.ObjectVisitor;
+import com.datadog.iast.util.ObjectVisitor.State;
+import com.datadog.iast.util.ObjectVisitor.Visitor;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie;
 import datadog.trace.util.stacktrace.StackWalker;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
 import java.util.stream.Stream;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 /** Base class with utility methods for with sinks */
-public abstract class SinkModuleBase implements HasDependencies {
-  private static final int MAX_VISITED_OBJECTS = 1000;
-  private static final int MAX_RECURSIVE_DEPTH = 10;
-  protected OverheadController overheadController;
-  protected Reporter reporter;
-  protected StackWalker stackWalker;
+@SuppressWarnings({"UnusedReturnValue", "SameParameterValue"})
+public abstract class SinkModuleBase {
+
+  protected final OverheadController overheadController;
+  protected final Reporter reporter;
+  protected final StackWalker stackWalker;
 
-  @Override
-  public void registerDependencies(@Nonnull final Dependencies dependencies) {
+  protected SinkModuleBase(@Nonnull final Dependencies dependencies) {
     overheadController = dependencies.getOverheadController();
     reporter = dependencies.getReporter();
     stackWalker = dependencies.getStackWalker();
@@ -62,6 +62,16 @@ public void registerDependencies(@Nonnull final Dependencies dependencies) {
     return result;
   }
 
+  protected final <E> @Nullable Evidence checkInjectionDeeply(
+      @Nullable final AgentSpan span,
+      @Nonnull final IastRequestContext ctx,
+      @Nonnull final InjectionType type,
+      @Nonnull final E value) {
+    final InjectionVisitor visitor = new InjectionVisitor(span, ctx, type);
+    ObjectVisitor.visit(value, visitor);
+    return visitor.evidence;
+  }
+
   protected final <E> @Nullable Evidence checkInjection(
       @Nullable final AgentSpan span,
       @Nonnull final InjectionType type,
@@ -78,6 +88,9 @@ public void registerDependencies(@Nonnull final Dependencies dependencies) {
     if (rangeProvider.size() == 1) {
       // only one item and has ranges
       final E item = rangeProvider.value(0);
+      if (item == null) {
+        return null; // should never happen
+      }
       evidence = item.toString();
       targetRanges = rangeProvider.ranges(item);
     } else {
@@ -159,93 +172,13 @@ protected final void report(
       @Nonnull final Evidence evidence) {
     reporter.report(
         span,
-        new Vulnerability(
-            type, Location.forSpanAndStack(spanId(span), getCurrentStackTrace()), evidence));
-  }
-
-  protected Object isDeeplyTainted(
-      @Nonnull final Object value, @Nonnull final TaintedObjects taintedObjects) {
-    return isDeeplyTaintedRecursive(value, taintedObjects, new HashSet<>(), MAX_RECURSIVE_DEPTH);
-  }
-
-  private Object isDeeplyTaintedRecursive(
-      @Nonnull final Object value,
-      @Nonnull final TaintedObjects taintedObjects,
-      Set<Object> visitedObjects,
-      int depth) {
-    if (null == value) {
-      return null;
-    }
-    if (visitedObjects.size() > MAX_VISITED_OBJECTS) {
-      return null;
-    }
-    if (visitedObjects.contains(value)) {
-      return null;
-    }
-    TaintedObject taintedObject = taintedObjects.get(value);
-    if (null != taintedObject) {
-      return value;
-    } else {
-      if (depth <= 0) {
-        return null;
-      }
-      visitedObjects.add(value);
-      if (value instanceof Object[]) {
-        Object[] array = (Object[]) value;
-        for (int i = 0; i < array.length; i++) {
-          Object arrayValue = array[i];
-          Object result =
-              isDeeplyTaintedRecursive(arrayValue, taintedObjects, visitedObjects, depth - 1);
-          if (null != result) {
-            return result;
-          } else {
-            visitedObjects.add(arrayValue);
-          }
-        }
-        return null;
-      } else if (value instanceof Map) {
-        for (Map.Entry<?, ?> entry : ((Map<?, ?>) value).entrySet()) {
-          Object result =
-              isDeeplyTaintedRecursive(entry.getKey(), taintedObjects, visitedObjects, depth);
-          if (null != result) {
-            return result;
-          } else {
-            visitedObjects.add(entry.getKey());
-          }
-          result =
-              isDeeplyTaintedRecursive(entry.getValue(), taintedObjects, visitedObjects, depth - 1);
-          if (null != result) {
-            return result;
-          } else {
-            visitedObjects.add(entry.getValue());
-          }
-        }
-        return null;
-      } else if (value instanceof Collection) {
-        for (Object object : (Collection<?>) value) {
-          Object result =
-              isDeeplyTaintedRecursive(object, taintedObjects, visitedObjects, depth - 1);
-          if (null != result) {
-            return result;
-          } else {
-            visitedObjects.add(object);
-          }
-        }
-        return null;
-      } else {
-        return null;
-      }
-    }
+        new Vulnerability(type, Location.forSpanAndStack(span, getCurrentStackTrace()), evidence));
   }
 
   protected StackTraceElement getCurrentStackTrace() {
     return stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability);
   }
 
-  static long spanId(final AgentSpan span) {
-    return span == null ? 0 : span.getSpanId();
-  }
-
   static StackTraceElement findValidPackageForVulnerability(
       @Nonnull final Stream<StackTraceElement> stream) {
     final StackTraceElement[] first = new StackTraceElement[1];
@@ -260,4 +193,26 @@ static StackTraceElement findValidPackageForVulnerability(
         .findFirst()
         .orElse(first[0]);
   }
+
+  private class InjectionVisitor implements Visitor {
+
+    @Nullable private final AgentSpan span;
+    private final IastRequestContext ctx;
+    private final InjectionType type;
+    @Nullable private Evidence evidence;
+
+    private InjectionVisitor(
+        @Nullable final AgentSpan span, final IastRequestContext ctx, final InjectionType type) {
+      this.span = span;
+      this.ctx = ctx;
+      this.type = type;
+    }
+
+    @Nonnull
+    @Override
+    public State visit(@Nonnull final String path, @Nonnull final Object value) {
+      evidence = checkInjection(span, ctx, type, value);
+      return evidence != null ? EXIT : CONTINUE; // report first tainted value only
+    }
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SqlInjectionModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SqlInjectionModuleImpl.java
index 31d42394329..98ad3d757f4 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SqlInjectionModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SqlInjectionModuleImpl.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.sink;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.VulnerabilityType;
@@ -10,6 +11,10 @@
 
 public class SqlInjectionModuleImpl extends SinkModuleBase implements SqlInjectionModule {
 
+  public SqlInjectionModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onJdbcQuery(@Nullable final String queryString) {
     onJdbcQuery(queryString, null);
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SsrfModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SsrfModuleImpl.java
index b4df8302c94..e397e649c6e 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SsrfModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SsrfModuleImpl.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.sink;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.VulnerabilityType;
 import datadog.trace.api.iast.sink.SsrfModule;
@@ -9,6 +10,10 @@
 
 public class SsrfModuleImpl extends SinkModuleBase implements SsrfModule {
 
+  public SsrfModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onURLConnection(@Nullable final Object url) {
     if (url == null) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/TrustBoundaryViolationModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/TrustBoundaryViolationModuleImpl.java
index d1b4fb16eaa..5f3ed0707b2 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/TrustBoundaryViolationModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/TrustBoundaryViolationModuleImpl.java
@@ -1,10 +1,8 @@
 package com.datadog.iast.sink;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
-import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.VulnerabilityType;
-import com.datadog.iast.overhead.Operations;
-import com.datadog.iast.taint.TaintedObjects;
 import datadog.trace.api.iast.sink.TrustBoundaryViolationModule;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
@@ -12,24 +10,24 @@
 
 public class TrustBoundaryViolationModuleImpl extends SinkModuleBase
     implements TrustBoundaryViolationModule {
+
+  public TrustBoundaryViolationModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onSessionValue(@Nonnull String name, Object value) {
     final AgentSpan span = AgentTracer.activeSpan();
-    final IastRequestContext ctx = IastRequestContext.get(span);
-    if (ctx == null) {
+    if (span == null) {
       return;
     }
-    TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    if (null != taintedObjects.get(name)) {
-      if (!overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
-        return;
-      }
-      report(span, VulnerabilityType.TRUST_BOUNDARY_VIOLATION, new Evidence(name));
+    final IastRequestContext ctx = IastRequestContext.get(span);
+    if (ctx == null) {
       return;
     }
-    Object taintedObject = isDeeplyTainted(value, taintedObjects);
-    if (null != taintedObject) {
-      checkInjection(span, ctx, VulnerabilityType.TRUST_BOUNDARY_VIOLATION, taintedObject);
+    checkInjection(span, ctx, VulnerabilityType.TRUST_BOUNDARY_VIOLATION, name);
+    if (value != null) {
+      checkInjectionDeeply(span, ctx, VulnerabilityType.TRUST_BOUNDARY_VIOLATION, value);
     }
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl.java
index e24fbdb798f..deaf1977898 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl.java
@@ -2,6 +2,7 @@
 
 import static com.datadog.iast.taint.Tainteds.canBeTainted;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.Location;
@@ -25,6 +26,10 @@ public class UnvalidatedRedirectModuleImpl extends SinkModuleBase
   private static final String LOCATION_HEADER = "Location";
   private static final String REFERER = "Referer";
 
+  public UnvalidatedRedirectModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onRedirect(final @Nullable String value) {
     if (!canBeTainted(value)) {
@@ -89,7 +94,7 @@ private void checkUnvalidatedRedirect(
           span,
           new Vulnerability(
               VulnerabilityType.UNVALIDATED_REDIRECT,
-              Location.forSpanAndClassAndMethod(span.getSpanId(), clazz, method),
+              Location.forSpanAndClassAndMethod(span, clazz, method),
               evidence));
     } else {
       report(span, VulnerabilityType.UNVALIDATED_REDIRECT, evidence);
@@ -99,7 +104,7 @@ private void checkUnvalidatedRedirect(
   private boolean isRefererHeader(Range[] ranges) {
     for (Range range : ranges) {
       if (range.getSource().getOrigin() != SourceTypes.REQUEST_HEADER_VALUE
-          || !range.getSource().getName().equalsIgnoreCase(REFERER)) {
+          || !REFERER.equalsIgnoreCase(range.getSource().getName())) {
         return false;
       }
     }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakCipherModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakCipherModuleImpl.java
index f06a52c4f02..0c61867614d 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakCipherModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakCipherModuleImpl.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.sink;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.VulnerabilityType;
 import com.datadog.iast.overhead.Operations;
@@ -14,9 +15,8 @@ public class WeakCipherModuleImpl extends SinkModuleBase implements WeakCipherMo
 
   private Config config;
 
-  @Override
-  public void registerDependencies(@Nonnull Dependencies dependencies) {
-    super.registerDependencies(dependencies);
+  public WeakCipherModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
     config = dependencies.getConfig();
   }
 
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakHashModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakHashModuleImpl.java
index 3d91d1d371b..88b9cb8b0a4 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakHashModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakHashModuleImpl.java
@@ -1,5 +1,6 @@
 package com.datadog.iast.sink;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.VulnerabilityType;
 import com.datadog.iast.overhead.Operations;
@@ -14,9 +15,8 @@ public class WeakHashModuleImpl extends SinkModuleBase implements WeakHashModule
 
   private Config config;
 
-  @Override
-  public void registerDependencies(@Nonnull Dependencies dependencies) {
-    super.registerDependencies(dependencies);
+  public WeakHashModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
     config = dependencies.getConfig();
   }
 
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakRandomnessModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakRandomnessModuleImpl.java
index 08c1d278e8f..7c13313eb30 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakRandomnessModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/WeakRandomnessModuleImpl.java
@@ -1,7 +1,9 @@
 package com.datadog.iast.sink;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.model.Evidence;
 import com.datadog.iast.model.VulnerabilityType;
+import com.datadog.iast.overhead.Operations;
 import datadog.trace.api.iast.sink.WeakRandomnessModule;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
@@ -10,12 +12,19 @@
 
 public class WeakRandomnessModuleImpl extends SinkModuleBase implements WeakRandomnessModule {
 
+  public WeakRandomnessModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onWeakRandom(@Nonnull final Class<?> instance) {
     if (isSecuredInstance(instance)) {
       return;
     }
     final AgentSpan span = AgentTracer.activeSpan();
+    if (!overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
+      return;
+    }
     report(span, VulnerabilityType.WEAK_RANDOMNESS, new Evidence(instance.getName()));
   }
 
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XContentTypeModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XContentTypeModuleImpl.java
new file mode 100644
index 00000000000..8cb864e443e
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XContentTypeModuleImpl.java
@@ -0,0 +1,59 @@
+package com.datadog.iast.sink;
+
+import com.datadog.iast.Dependencies;
+import com.datadog.iast.IastRequestContext;
+import com.datadog.iast.model.Location;
+import com.datadog.iast.model.Vulnerability;
+import com.datadog.iast.model.VulnerabilityType;
+import com.datadog.iast.overhead.Operations;
+import datadog.trace.api.gateway.IGSpanInfo;
+import datadog.trace.api.iast.sink.XContentTypeModule;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.Locale;
+import java.util.Map;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class XContentTypeModuleImpl extends SinkModuleBase implements XContentTypeModule {
+  private static final Logger LOGGER = LoggerFactory.getLogger(XContentTypeModuleImpl.class);
+
+  public XContentTypeModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
+  @Override
+  public void onRequestEnd(final Object iastRequestContextObject, final IGSpanInfo igSpanInfo) {
+    try {
+
+      final IastRequestContext iastRequestContext = (IastRequestContext) iastRequestContextObject;
+
+      if (!isNoSniffContentOptions(iastRequestContext.getxContentTypeOptions())) {
+        if (!isHtmlResponse(iastRequestContext.getContentType())) {
+          return;
+        }
+        Map<String, Object> tags = igSpanInfo.getTags();
+        if (isIgnorableResponseCode((Integer) tags.get("http.status_code"))) {
+          return;
+        }
+        final AgentSpan span = AgentTracer.activeSpan();
+        if (overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
+          reporter.report(
+              span,
+              new Vulnerability(
+                  VulnerabilityType.XCONTENTTYPE_HEADER_MISSING, Location.forSpan(span), null));
+        }
+      }
+    } catch (Throwable e) {
+      LOGGER.debug("Exception while checking for missing X Content type optios header", e);
+    }
+  }
+
+  static boolean isNoSniffContentOptions(@Nullable final String value) {
+    if (value == null) {
+      return false;
+    }
+    return value.toLowerCase(Locale.ROOT).contains("nosniff");
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XPathInjectionModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XPathInjectionModuleImpl.java
index 7e501b969a6..31633777c5e 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XPathInjectionModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XPathInjectionModuleImpl.java
@@ -2,6 +2,7 @@
 
 import static com.datadog.iast.taint.Tainteds.canBeTainted;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.VulnerabilityType;
 import datadog.trace.api.iast.sink.XPathInjectionModule;
@@ -10,6 +11,11 @@
 import javax.annotation.Nullable;
 
 public class XPathInjectionModuleImpl extends SinkModuleBase implements XPathInjectionModule {
+
+  public XPathInjectionModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onExpression(@Nullable String expression) {
     if (!canBeTainted(expression)) {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XssModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XssModuleImpl.java
index 4c80d271755..da3d1e18337 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XssModuleImpl.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/XssModuleImpl.java
@@ -3,8 +3,16 @@
 import static com.datadog.iast.taint.Ranges.rangesProviderFor;
 import static com.datadog.iast.taint.Tainteds.canBeTainted;
 
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
+import com.datadog.iast.model.Evidence;
+import com.datadog.iast.model.Location;
+import com.datadog.iast.model.Range;
+import com.datadog.iast.model.Vulnerability;
 import com.datadog.iast.model.VulnerabilityType;
+import com.datadog.iast.overhead.Operations;
+import com.datadog.iast.taint.Ranges;
+import com.datadog.iast.taint.TaintedObject;
 import com.datadog.iast.taint.TaintedObjects;
 import datadog.trace.api.iast.sink.XssModule;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
@@ -14,6 +22,10 @@
 
 public class XssModuleImpl extends SinkModuleBase implements XssModule {
 
+  public XssModuleImpl(final Dependencies dependencies) {
+    super(dependencies);
+  }
+
   @Override
   public void onXss(@Nonnull String s) {
     if (!canBeTainted(s)) {
@@ -27,6 +39,37 @@ public void onXss(@Nonnull String s) {
     checkInjection(span, ctx, VulnerabilityType.XSS, s);
   }
 
+  @Override
+  public void onXss(@Nonnull String s, @Nonnull String clazz, @Nonnull String method) {
+    if (!canBeTainted(s)) {
+      return;
+    }
+    final AgentSpan span = AgentTracer.activeSpan();
+    final IastRequestContext ctx = IastRequestContext.get(span);
+    if (ctx == null) {
+      return;
+    }
+    TaintedObject taintedObject = ctx.getTaintedObjects().get(s);
+    if (taintedObject == null) {
+      return;
+    }
+    Range[] notMarkedRanges =
+        Ranges.getNotMarkedRanges(taintedObject.getRanges(), VulnerabilityType.XSS.mark());
+    if (notMarkedRanges == null || notMarkedRanges.length == 0) {
+      return;
+    }
+    if (!overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
+      return;
+    }
+    final Evidence evidence = new Evidence(s, notMarkedRanges);
+    reporter.report(
+        span,
+        new Vulnerability(
+            VulnerabilityType.XSS,
+            Location.forSpanAndClassAndMethod(span, clazz, method),
+            evidence));
+  }
+
   @Override
   public void onXss(@Nonnull char[] array) {
     if (array == null || array.length == 0) {
@@ -54,4 +97,33 @@ public void onXss(@Nonnull String format, @Nullable Object[] args) {
     checkInjection(
         span, VulnerabilityType.XSS, rangesProviderFor(to, format), rangesProviderFor(to, args));
   }
+
+  @Override
+  public void onXss(@Nonnull CharSequence s, @Nullable String file, int line) {
+    if (!canBeTainted(s) || file == null || file.isEmpty()) {
+      return;
+    }
+    final AgentSpan span = AgentTracer.activeSpan();
+    final IastRequestContext ctx = IastRequestContext.get(span);
+    if (ctx == null) {
+      return;
+    }
+    TaintedObject taintedObject = ctx.getTaintedObjects().get(s);
+    if (taintedObject == null) {
+      return;
+    }
+    Range[] notMarkedRanges =
+        Ranges.getNotMarkedRanges(taintedObject.getRanges(), VulnerabilityType.XSS.mark());
+    if (notMarkedRanges == null || notMarkedRanges.length == 0) {
+      return;
+    }
+    if (!overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span)) {
+      return;
+    }
+    final Evidence evidence = new Evidence(s.toString(), notMarkedRanges);
+    reporter.report(
+        span,
+        new Vulnerability(
+            VulnerabilityType.XSS, Location.forSpanAndFileAndLine(span, file, line), evidence));
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/source/WebModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/source/WebModuleImpl.java
deleted file mode 100644
index 6702478efb1..00000000000
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/source/WebModuleImpl.java
+++ /dev/null
@@ -1,139 +0,0 @@
-package com.datadog.iast.source;
-
-import static com.datadog.iast.taint.Tainteds.canBeTainted;
-
-import com.datadog.iast.IastRequestContext;
-import com.datadog.iast.model.Source;
-import com.datadog.iast.taint.TaintedObjects;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.source.WebModule;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.Map;
-import javax.annotation.Nullable;
-
-public class WebModuleImpl implements WebModule {
-
-  @Override
-  public void onParameterNames(@Nullable final Collection<String> paramNames) {
-    onNamed(paramNames, SourceTypes.REQUEST_PARAMETER_NAME);
-  }
-
-  @Override
-  public void onParameterValues(
-      @Nullable final String paramName, @Nullable final String[] paramValues) {
-    onNamed(paramName, paramValues, SourceTypes.REQUEST_PARAMETER_VALUE);
-  }
-
-  @Override
-  public void onParameterValues(
-      @Nullable final String paramName, @Nullable final Collection<String> paramValues) {
-    onNamed(paramName, paramValues, SourceTypes.REQUEST_PARAMETER_VALUE);
-  }
-
-  @Override
-  public void onParameterValues(@Nullable final Map<String, String[]> values) {
-    onNamed(values, SourceTypes.REQUEST_PARAMETER_VALUE);
-  }
-
-  @Override
-  public void onHeaderNames(@Nullable final Collection<String> headerNames) {
-    onNamed(headerNames, SourceTypes.REQUEST_HEADER_NAME);
-  }
-
-  @Override
-  public void onHeaderValues(
-      @Nullable final String headerName, @Nullable final Collection<String> headerValues) {
-    onNamed(headerName, headerValues, SourceTypes.REQUEST_HEADER_VALUE);
-  }
-
-  @Override
-  public void onCookieNames(@Nullable Iterable<String> cookieNames) {
-    onNamed(cookieNames, SourceTypes.REQUEST_COOKIE_NAME);
-  }
-
-  private static void onNamed(@Nullable final Iterable<String> names, final byte source) {
-    if (names == null) {
-      return;
-    }
-    Iterator<String> iterator = names.iterator();
-    if (!iterator.hasNext()) {
-      return;
-    }
-
-    final IastRequestContext ctx = IastRequestContext.get();
-    if (ctx == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    do {
-      String name = iterator.next();
-      if (canBeTainted(name)) {
-        taintedObjects.taintInputString(name, new Source(source, name, name));
-      }
-    } while (iterator.hasNext());
-  }
-
-  private static void onNamed(
-      @Nullable final String name, @Nullable final Iterable<String> values, final byte source) {
-    if (values == null) {
-      return;
-    }
-    Iterator<String> iterator = values.iterator();
-    if (!iterator.hasNext()) {
-      return;
-    }
-
-    final IastRequestContext ctx = IastRequestContext.get();
-    if (ctx == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    do {
-      String value = iterator.next();
-      if (canBeTainted(value)) {
-        taintedObjects.taintInputString(value, new Source(source, name, value));
-      }
-    } while (iterator.hasNext());
-  }
-
-  private static void onNamed(
-      @Nullable final String name, @Nullable final String[] values, final byte source) {
-    if (values == null || values.length == 0) {
-      return;
-    }
-    final IastRequestContext ctx = IastRequestContext.get();
-    if (ctx == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    for (final String value : values) {
-      if (canBeTainted(value)) {
-        taintedObjects.taintInputString(value, new Source(source, name, value));
-      }
-    }
-  }
-
-  private static void onNamed(@Nullable final Map<String, String[]> values, final byte source) {
-    if (values == null || values.isEmpty()) {
-      return;
-    }
-    final IastRequestContext ctx = IastRequestContext.get();
-    if (ctx == null) {
-      return;
-    }
-    final TaintedObjects taintedObjects = ctx.getTaintedObjects();
-    final byte nameSource = SourceTypes.namedSource(source);
-    for (final Map.Entry<String, String[]> entry : values.entrySet()) {
-      final String name = entry.getKey();
-      if (canBeTainted(name)) {
-        taintedObjects.taintInputString(name, new Source(nameSource, name, name));
-      }
-      for (final String value : entry.getValue()) {
-        if (canBeTainted(value)) {
-          taintedObjects.taintInputString(value, new Source(source, name, value));
-        }
-      }
-    }
-  }
-}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java
index e04da6227b0..992655086c5 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java
@@ -1,9 +1,11 @@
 package com.datadog.iast.taint;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
+import static com.datadog.iast.taint.TaintedObject.MAX_RANGE_COUNT;
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
 
 import com.datadog.iast.model.Range;
 import com.datadog.iast.model.Source;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -39,21 +41,43 @@ public Range[] ranges(final Object value) {
 
   private Ranges() {}
 
-  public static Range[] forString(
-      final @Nonnull String obj, final @Nonnull Source source, final int mark) {
+  public static Range[] forCharSequence(
+      final @Nonnull CharSequence obj, final @Nonnull Source source) {
+    return forCharSequence(obj, source, NOT_MARKED);
+  }
+
+  public static Range[] forCharSequence(
+      final @Nonnull CharSequence obj, final @Nonnull Source source, final int mark) {
     return new Range[] {new Range(0, obj.length(), source, mark)};
   }
 
+  public static Range[] forObject(final @Nonnull Source source) {
+    return forObject(source, NOT_MARKED);
+  }
+
   public static Range[] forObject(final @Nonnull Source source, final int mark) {
     return new Range[] {new Range(0, Integer.MAX_VALUE, source, mark)};
   }
 
   public static void copyShift(
       final @Nonnull Range[] src, final @Nonnull Range[] dst, final int dstPos, final int shift) {
+    copyShift(src, dst, dstPos, shift, src.length);
+  }
+
+  public static void copyShift(
+      final @Nonnull Range[] src,
+      final @Nonnull Range[] dst,
+      final int dstPos,
+      final int shift,
+      final int max) {
+    final int srcLength = Math.min(max, src.length);
+    if (srcLength <= 0) {
+      return;
+    }
     if (shift == 0) {
-      System.arraycopy(src, 0, dst, dstPos, src.length);
+      System.arraycopy(src, 0, dst, dstPos, srcLength);
     } else {
-      for (int iSrc = 0, iDst = dstPos; iSrc < src.length; iSrc++, iDst++) {
+      for (int iSrc = 0, iDst = dstPos; iSrc < srcLength; iSrc++, iDst++) {
         dst[iDst] = src[iSrc].shift(shift);
       }
     }
@@ -61,13 +85,16 @@ public static void copyShift(
 
   public static Range[] mergeRanges(
       final int offset, @Nonnull final Range[] rangesLeft, @Nonnull final Range[] rangesRight) {
-    final int nRanges = rangesLeft.length + rangesRight.length;
-    final Range[] ranges = new Range[nRanges];
+    final long nRanges = rangesLeft.length + (long) rangesRight.length;
+    final Range[] ranges = newArray(nRanges);
+    int remaining = ranges.length;
     if (rangesLeft.length > 0) {
-      System.arraycopy(rangesLeft, 0, ranges, 0, rangesLeft.length);
+      final int count = Math.min(rangesLeft.length, remaining);
+      System.arraycopy(rangesLeft, 0, ranges, 0, count);
+      remaining -= count;
     }
-    if (rangesRight.length > 0) {
-      Ranges.copyShift(rangesRight, ranges, rangesLeft.length, offset);
+    if (rangesRight.length > 0 && remaining > 0) {
+      Ranges.copyShift(rangesRight, ranges, rangesLeft.length, offset, remaining);
     }
     return ranges;
   }
@@ -96,6 +123,7 @@ public static <E> RangesProvider<E> rangesProviderFor(
     return new ListProvider<>(items, to);
   }
 
+  @Nullable
   public static Range[] forSubstring(int offset, int length, final @Nonnull Range[] ranges) {
 
     int[] includedRangesInterval = getIncludedRangesInterval(offset, length, ranges);
@@ -157,6 +185,7 @@ public static int[] getIncludedRangesInterval(
     return new int[] {start, end};
   }
 
+  @Nonnull
   public static Range highestPriorityRange(@Nonnull final Range[] ranges) {
     /*
      * This approach is better but not completely correct ideally the highest priority should use the following patterns:
@@ -177,19 +206,25 @@ public static Range highestPriorityRange(@Nonnull final Range[] ranges) {
     return ranges[0];
   }
 
+  public static Range[] newArray(final long size) {
+    return new Range[size > MAX_RANGE_COUNT ? MAX_RANGE_COUNT : (int) size];
+  }
+
   public interface RangesProvider<E> {
     int rangeCount();
 
     int size();
 
+    @Nullable
     E value(final int index);
 
+    @Nullable
     Range[] ranges(final E value);
   }
 
   private abstract static class IterableProvider<E, LIST> implements RangesProvider<E> {
     private final LIST items;
-    private final Map<E, Range[]> ranges;
+    @Nullable private final Map<E, Range[]> ranges;
     private final int rangeCount;
 
     private IterableProvider(@Nonnull final LIST items, @Nonnull final TaintedObjects to) {
@@ -220,11 +255,13 @@ public int rangeCount() {
       return rangeCount;
     }
 
+    @Nullable
     @Override
     public E value(final int index) {
       return item(items, index);
     }
 
+    @Nullable
     @Override
     public Range[] ranges(final E value) {
       return ranges == null ? null : ranges.get(value);
@@ -237,12 +274,13 @@ public int size() {
 
     protected abstract int size(@Nonnull final LIST items);
 
+    @Nullable
     protected abstract E item(@Nonnull final LIST items, final int index);
   }
 
   private static class SingleProvider<E> implements RangesProvider<E> {
     private final E value;
-    private final TaintedObject tainted;
+    @Nullable private final TaintedObject tainted;
 
     private SingleProvider(@Nonnull final E value, @Nonnull final TaintedObjects to) {
       this.value = value;
@@ -259,11 +297,13 @@ public int size() {
       return 1;
     }
 
+    @Nullable
     @Override
     public E value(int index) {
       return index == 0 ? value : null;
     }
 
+    @Nullable
     @Override
     public Range[] ranges(E value) {
       return value == this.value && tainted != null ? tainted.getRanges() : null;
@@ -281,6 +321,7 @@ protected int size(@Nonnull final E[] items) {
       return items.length;
     }
 
+    @Nullable
     @Override
     protected E item(@Nonnull final E[] items, final int index) {
       return items[index];
@@ -298,45 +339,15 @@ protected int size(@Nonnull final List<E> items) {
       return items.size();
     }
 
+    @Nullable
     @Override
     protected E item(@Nonnull final List<E> items, final int index) {
       return items.get(index);
     }
   }
 
-  public static Range createIfDifferent(Range range, int start, int length) {
-    if (start != range.getStart() || length != range.getLength()) {
-      return new Range(start, length, range.getSource(), range.getMarks());
-    } else {
-      return range;
-    }
-  }
-
-  static int calculateSubstringSkippedRanges(int offset, int length, @Nonnull Range[] ranges) {
-    // calculate how many skipped ranges are there
-    int skippedRanges = 0;
-    for (int rangeIndex = 0; rangeIndex < ranges.length; rangeIndex++) {
-      final Range rangeSelf = ranges[rangeIndex];
-      if (rangeSelf.getStart() + rangeSelf.getLength() <= offset) {
-        skippedRanges++;
-      } else {
-        break;
-      }
-    }
-
-    for (int rangeIndex = ranges.length - 1; rangeIndex >= 0; rangeIndex--) {
-      final Range rangeSelf = ranges[rangeIndex];
-      if (rangeSelf.getStart() - offset >= length) {
-        skippedRanges++;
-      } else {
-        break;
-      }
-    }
-
-    return skippedRanges;
-  }
-
-  public static Range[] getNotMarkedRanges(final Range[] ranges, final int mark) {
+  @Nullable
+  public static Range[] getNotMarkedRanges(@Nullable final Range[] ranges, final int mark) {
     if (ranges == null) {
       return null;
     }
@@ -366,4 +377,37 @@ public static Range[] getNotMarkedRanges(final Range[] ranges, final int mark) {
   public static Range copyWithPosition(final Range range, final int offset, final int length) {
     return new Range(offset, length, range.getSource(), range.getMarks());
   }
+
+  public static class RangeList {
+    private final ArrayList<Range> delegate = new ArrayList<>();
+    private int remaining;
+
+    public RangeList() {
+      this(MAX_RANGE_COUNT);
+    }
+
+    public RangeList(final int maxSize) {
+      this.remaining = maxSize;
+    }
+
+    public boolean add(final Range item) {
+      if (remaining > 0 && delegate.add(item)) {
+        remaining--;
+        return true;
+      }
+      return false;
+    }
+
+    public boolean isEmpty() {
+      return delegate.isEmpty();
+    }
+
+    public boolean isFull() {
+      return remaining == 0;
+    }
+
+    public Range[] toArray() {
+      return delegate.toArray(new Range[0]);
+    }
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java
index fa690a22ded..79f91c18a6a 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java
@@ -223,7 +223,7 @@ private int remove(final TaintedObject entry) {
     if (cur == null) {
       return 0;
     }
-    for (TaintedObject prev = cur.next; cur != null; prev = cur, cur = cur.next) {
+    for (TaintedObject prev = cur.next; cur != null && prev != null; prev = cur, cur = cur.next) {
       if (cur == entry) {
         prev.next = cur.next;
         return 1;
@@ -259,7 +259,7 @@ private int index(int h) {
   private Iterator<TaintedObject> iterator(final int start, final int stop) {
     return new Iterator<TaintedObject>() {
       int currentIndex = start;
-      TaintedObject currentSubPos;
+      @Nullable TaintedObject currentSubPos;
 
       @Override
       public boolean hasNext() {
@@ -294,6 +294,8 @@ public TaintedObject next() {
     };
   }
 
+  @Nonnull
+  @Override
   public Iterator<TaintedObject> iterator() {
     return iterator(0, table.length);
   }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObject.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObject.java
index 3e5ebd3a209..84d3b9c6091 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObject.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObject.java
@@ -3,14 +3,18 @@
 import static com.datadog.iast.taint.TaintedMap.POSITIVE_MASK;
 
 import com.datadog.iast.model.Range;
+import datadog.trace.api.Config;
 import java.lang.ref.ReferenceQueue;
 import java.lang.ref.WeakReference;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 public class TaintedObject extends WeakReference<Object> {
+
+  public static final int MAX_RANGE_COUNT = Config.get().getIastMaxRangeCount();
+
   final int positiveHashCode;
-  TaintedObject next;
+  @Nullable TaintedObject next;
   private Range[] ranges;
 
   public TaintedObject(
@@ -19,7 +23,13 @@ public TaintedObject(
       final @Nullable ReferenceQueue<Object> queue) {
     super(obj, queue);
     this.positiveHashCode = System.identityHashCode(obj) & POSITIVE_MASK;
-    this.ranges = ranges;
+    // ensure ranges never go over the limit
+    if (ranges.length > MAX_RANGE_COUNT) {
+      this.ranges = new Range[MAX_RANGE_COUNT];
+      System.arraycopy(ranges, 0, this.ranges, 0, MAX_RANGE_COUNT);
+    } else {
+      this.ranges = ranges;
+    }
   }
 
   /**
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java
index 890b9cfd6d8..ab3b20e0401 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java
@@ -1,13 +1,10 @@
 package com.datadog.iast.taint;
 
-import static com.datadog.iast.model.Range.NOT_MARKED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_MAX_CONCURRENT_REQUESTS;
 import static java.util.Collections.emptyIterator;
 
-import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.IastSystem;
 import com.datadog.iast.model.Range;
-import com.datadog.iast.model.Source;
 import com.datadog.iast.model.json.TaintedObjectEncoding;
 import datadog.trace.api.Config;
 import java.util.ArrayList;
@@ -16,17 +13,17 @@
 import java.util.UUID;
 import java.util.concurrent.ArrayBlockingQueue;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+@SuppressWarnings("UnusedReturnValue")
 public interface TaintedObjects extends Iterable<TaintedObject> {
 
-  TaintedObject taintInputString(@Nonnull String obj, @Nonnull Source source, int mark);
-
-  TaintedObject taintInputObject(@Nonnull Object obj, @Nonnull Source source, int mark);
-
+  @Nullable
   TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges);
 
+  @Nullable
   TaintedObject get(@Nonnull Object obj);
 
   void release();
@@ -37,14 +34,6 @@ public interface TaintedObjects extends Iterable<TaintedObject> {
 
   boolean isFlat();
 
-  default TaintedObject taintInputString(@Nonnull String obj, @Nonnull Source source) {
-    return taintInputString(obj, source, NOT_MARKED);
-  }
-
-  default TaintedObject taintInputObject(@Nonnull Object obj, @Nonnull Source source) {
-    return taintInputObject(obj, source, NOT_MARKED);
-  }
-
   static TaintedObjects acquire() {
     TaintedObjectsImpl taintedObjects = TaintedObjectsImpl.pool.poll();
     if (taintedObjects == null) {
@@ -53,22 +42,6 @@ static TaintedObjects acquire() {
     return IastSystem.DEBUG ? new TaintedObjectsDebugAdapter(taintedObjects) : taintedObjects;
   }
 
-  static TaintedObjects activeTaintedObjects(boolean lazy) {
-    if (lazy) {
-      return new LazyTaintedObjects();
-    } else {
-      final IastRequestContext ctx = IastRequestContext.get();
-      if (ctx != null) {
-        return ctx.getTaintedObjects();
-      }
-      return null;
-    }
-  }
-
-  static TaintedObjects activeTaintedObjects() {
-    return activeTaintedObjects(false);
-  }
-
   class TaintedObjectsImpl implements TaintedObjects {
 
     private static final ArrayBlockingQueue<TaintedObjectsImpl> pool =
@@ -86,24 +59,6 @@ private TaintedObjectsImpl(final @Nonnull TaintedMap map) {
       this.map = map;
     }
 
-    @Override
-    public TaintedObject taintInputString(
-        final @Nonnull String obj, final @Nonnull Source source, final int mark) {
-      final TaintedObject tainted =
-          new TaintedObject(obj, Ranges.forString(obj, source, mark), map.getReferenceQueue());
-      map.put(tainted);
-      return tainted;
-    }
-
-    @Override
-    public TaintedObject taintInputObject(
-        @Nonnull Object obj, @Nonnull Source source, final int mark) {
-      final TaintedObject tainted =
-          new TaintedObject(obj, Ranges.forObject(source, mark), map.getReferenceQueue());
-      map.put(tainted);
-      return tainted;
-    }
-
     @Override
     public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ranges) {
       final TaintedObject tainted = new TaintedObject(obj, ranges, map.getReferenceQueue());
@@ -111,6 +66,7 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran
       return tainted;
     }
 
+    @Nullable
     @Override
     public TaintedObject get(final @Nonnull Object obj) {
       return map.get(obj);
@@ -137,13 +93,14 @@ public boolean isFlat() {
       return map.isFlat();
     }
 
+    @Nonnull
     @Override
     public Iterator<TaintedObject> iterator() {
       return map.iterator();
     }
   }
 
-  class TaintedObjectsDebugAdapter implements TaintedObjects {
+  final class TaintedObjectsDebugAdapter implements TaintedObjects {
     static final Logger LOGGER = LoggerFactory.getLogger(TaintedObjects.class);
 
     private final TaintedObjectsImpl delegated;
@@ -155,22 +112,7 @@ public TaintedObjectsDebugAdapter(final TaintedObjectsImpl delegated) {
       LOGGER.debug("new: id={}", id);
     }
 
-    @Override
-    public TaintedObject taintInputString(
-        final @Nonnull String obj, final @Nonnull Source source, final int mark) {
-      final TaintedObject tainted = delegated.taintInputString(obj, source, mark);
-      logTainted(tainted);
-      return tainted;
-    }
-
-    @Override
-    public TaintedObject taintInputObject(
-        @Nonnull Object obj, @Nonnull Source source, final int mark) {
-      final TaintedObject tainted = delegated.taintInputObject(obj, source, mark);
-      logTainted(tainted);
-      return tainted;
-    }
-
+    @Nullable
     @Override
     public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ranges) {
       final TaintedObject tainted = delegated.taint(obj, ranges);
@@ -178,6 +120,7 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran
       return tainted;
     }
 
+    @Nullable
     @Override
     public TaintedObject get(final @Nonnull Object obj) {
       return delegated.get(obj);
@@ -214,6 +157,7 @@ public boolean isFlat() {
       return delegated.isFlat();
     }
 
+    @Nonnull
     @Override
     public Iterator<TaintedObject> iterator() {
       return delegated.iterator();
@@ -230,74 +174,44 @@ private void logTainted(final TaintedObject tainted) {
     }
   }
 
-  class LazyTaintedObjects implements TaintedObjects {
-    private boolean fetched = false;
-    private TaintedObjects taintedObjects;
-
-    @Override
-    public TaintedObject taintInputString(
-        @Nonnull final String obj, @Nonnull final Source source, final int mark) {
-      final TaintedObjects to = getTaintedObjects();
-      return to == null ? null : to.taintInputString(obj, source, mark);
-    }
+  final class NoOp implements TaintedObjects {
 
-    @Override
-    public TaintedObject taintInputObject(
-        @Nonnull final Object obj, @Nonnull final Source source, final int mark) {
-      final TaintedObjects to = getTaintedObjects();
-      return to == null ? null : to.taintInputObject(obj, source, mark);
-    }
+    public static final TaintedObjects INSTANCE = new NoOp();
 
+    @Nullable
     @Override
     public TaintedObject taint(@Nonnull final Object obj, @Nonnull final Range[] ranges) {
-      final TaintedObjects to = getTaintedObjects();
-      return to == null ? null : to.taint(obj, ranges);
+      return null;
     }
 
+    @Nullable
     @Override
     public TaintedObject get(@Nonnull final Object obj) {
-      final TaintedObjects to = getTaintedObjects();
-      return to == null ? null : to.get(obj);
+      return null;
     }
 
     @Override
-    public void release() {
-      final TaintedObjects to = getTaintedObjects();
-      if (to != null) {
-        to.release();
-      }
-    }
+    public void release() {}
 
     @Override
-    public Iterator<TaintedObject> iterator() {
-      final TaintedObjects to = getTaintedObjects();
-      return to != null ? to.iterator() : emptyIterator();
+    public boolean isFlat() {
+      return false;
     }
 
     @Override
-    public int getEstimatedSize() {
-      final TaintedObjects to = getTaintedObjects();
-      return to != null ? to.getEstimatedSize() : 0;
+    public int count() {
+      return 0;
     }
 
     @Override
-    public boolean isFlat() {
-      final TaintedObjects to = getTaintedObjects();
-      return to != null && to.isFlat();
+    public int getEstimatedSize() {
+      return 0;
     }
 
     @Override
-    public int count() {
-      final TaintedObjects to = getTaintedObjects();
-      return to != null ? to.count() : 0;
-    }
-
-    private TaintedObjects getTaintedObjects() {
-      if (!fetched) {
-        fetched = true;
-        taintedObjects = activeTaintedObjects();
-      }
-      return taintedObjects;
+    @Nonnull
+    public Iterator<TaintedObject> iterator() {
+      return emptyIterator();
     }
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Tainteds.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Tainteds.java
index 142249ec1fe..422f677d553 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Tainteds.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Tainteds.java
@@ -1,17 +1,21 @@
 package com.datadog.iast.taint;
 
 import java.util.Collection;
+import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import org.jetbrains.annotations.Contract;
 
 /** Utilitiles to work with {@link TaintedObject} */
 public final class Tainteds {
 
   private Tainteds() {}
 
+  @Contract("null -> false")
   public static boolean canBeTainted(@Nullable final CharSequence s) {
     return s != null && s.length() > 0;
   }
 
+  @Contract("null -> false")
   public static <E extends CharSequence> boolean canBeTainted(@Nullable final E[] e) {
     if (e == null || e.length == 0) {
       return false;
@@ -24,6 +28,7 @@ public static <E extends CharSequence> boolean canBeTainted(@Nullable final E[]
     return false;
   }
 
+  @Contract("null -> false")
   public static <E extends CharSequence> boolean canBeTainted(@Nullable final Collection<E> e) {
     if (e == null || e.isEmpty()) {
       return false;
@@ -36,7 +41,9 @@ public static <E extends CharSequence> boolean canBeTainted(@Nullable final Coll
     return false;
   }
 
-  public static TaintedObject getTainted(final TaintedObjects to, final Object value) {
+  @Nullable
+  public static TaintedObject getTainted(
+      @Nonnull final TaintedObjects to, @Nullable final Object value) {
     return value == null ? null : to.get(value);
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/TelemetryRequestStartedHandler.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/TelemetryRequestStartedHandler.java
index 2af4532a727..5e647355b09 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/TelemetryRequestStartedHandler.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/TelemetryRequestStartedHandler.java
@@ -1,6 +1,6 @@
 package com.datadog.iast.telemetry;
 
-import com.datadog.iast.HasDependencies.Dependencies;
+import com.datadog.iast.Dependencies;
 import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.RequestStartedHandler;
 import com.datadog.iast.taint.TaintedObjects;
@@ -23,6 +23,10 @@ protected IastRequestContext newContext() {
     final TaintedObjects taintedObjects =
         TaintedObjectsWithTelemetry.build(verbosity, TaintedObjects.acquire());
     final IastMetricCollector collector = new IastMetricCollector();
-    return new IastRequestContext(taintedObjects, collector);
+    final IastRequestContext ctx = new IastRequestContext(taintedObjects, collector);
+    if (taintedObjects instanceof TaintedObjectsWithTelemetry) {
+      ((TaintedObjectsWithTelemetry) taintedObjects).initContext(ctx);
+    }
+    return ctx;
   }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java
index 9bc900d3ea2..1ac059b0b54 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java
@@ -4,17 +4,15 @@
 import static datadog.trace.api.iast.telemetry.IastMetric.REQUEST_TAINTED;
 import static datadog.trace.api.iast.telemetry.IastMetric.TAINTED_FLAT_MODE;
 
+import com.datadog.iast.IastRequestContext;
 import com.datadog.iast.model.Range;
-import com.datadog.iast.model.Source;
 import com.datadog.iast.taint.TaintedObject;
 import com.datadog.iast.taint.TaintedObjects;
-import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.iast.telemetry.IastMetricCollector;
 import datadog.trace.api.iast.telemetry.Verbosity;
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import java.util.Iterator;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 public class TaintedObjectsWithTelemetry implements TaintedObjects {
 
@@ -33,42 +31,32 @@ public static TaintedObjects build(
 
   private final TaintedObjects delegate;
   private final boolean debug;
-  private volatile RequestContext ctx;
+  @Nullable private IastRequestContext ctx;
 
   protected TaintedObjectsWithTelemetry(final boolean debug, final TaintedObjects delegate) {
     this.delegate = delegate;
     this.debug = debug;
   }
 
-  @Override
-  public TaintedObject taintInputString(
-      @Nonnull String obj, @Nonnull Source source, final int mark) {
-    final TaintedObject result = delegate.taintInputString(obj, source, mark);
-    if (debug) {
-      IastMetricCollector.add(EXECUTED_TAINTED, 1, getRequestContext());
-    }
-    return result;
+  /**
+   * {@link IastRequestContext} depends on {@link TaintedObjects} so it cannot be initialized via
+   * ctor
+   */
+  public void initContext(final IastRequestContext ctx) {
+    this.ctx = ctx;
   }
 
+  @Nullable
   @Override
   public TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges) {
     final TaintedObject result = delegate.taint(obj, ranges);
     if (debug) {
-      IastMetricCollector.add(EXECUTED_TAINTED, 1, getRequestContext());
-    }
-    return result;
-  }
-
-  @Override
-  public TaintedObject taintInputObject(
-      @Nonnull Object obj, @Nonnull Source source, final int mark) {
-    final TaintedObject result = delegate.taintInputObject(obj, source, mark);
-    if (debug) {
-      IastMetricCollector.add(EXECUTED_TAINTED, 1, getRequestContext());
+      IastMetricCollector.add(EXECUTED_TAINTED, 1, ctx);
     }
     return result;
   }
 
+  @Nullable
   @Override
   public TaintedObject get(@Nonnull Object obj) {
     return delegate.get(obj);
@@ -77,16 +65,16 @@ public TaintedObject get(@Nonnull Object obj) {
   @Override
   public void release() {
     try {
-      final RequestContext reqCtx = getRequestContext();
       if (delegate.isFlat()) {
-        IastMetricCollector.add(TAINTED_FLAT_MODE, 1, reqCtx);
+        IastMetricCollector.add(TAINTED_FLAT_MODE, 1, ctx);
       }
-      IastMetricCollector.add(REQUEST_TAINTED, computeSize(), reqCtx);
+      IastMetricCollector.add(REQUEST_TAINTED, computeSize(), ctx);
     } finally {
       delegate.release();
     }
   }
 
+  @Nonnull
   @Override
   public Iterator<TaintedObject> iterator() {
     return delegate.iterator();
@@ -111,16 +99,4 @@ private int computeSize() {
     int size = getEstimatedSize();
     return size > COUNT_THRESHOLD ? size : count();
   }
-
-  /**
-   * A {@link TaintedObjects} data structure is always linked to a {@link RequestContext} so it's
-   * actually OK to cache the result.
-   */
-  protected RequestContext getRequestContext() {
-    if (ctx == null) {
-      final AgentSpan span = AgentTracer.activeSpan();
-      ctx = span == null ? null : span.getRequestContext();
-    }
-    return ctx;
-  }
 }
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/CookieSecurityParser.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/CookieSecurityParser.java
index 54dec1ec58a..bc238eac288 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/CookieSecurityParser.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/CookieSecurityParser.java
@@ -5,8 +5,10 @@
 import datadog.trace.api.iast.util.Cookie;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import java.util.NoSuchElementException;
 import java.util.StringTokenizer;
+import javax.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -44,6 +46,7 @@ public static List<Cookie> parse(final String cookieString) {
     }
   }
 
+  @Nullable
   private static Cookie parseInternal(final String header) {
     String cookieName;
     boolean httpOnly = false;
@@ -111,7 +114,7 @@ private static List<String> splitMultiCookies(final String header) {
   }
 
   private static int guessCookieVersion(String header) {
-    header = header.toLowerCase();
+    header = header.toLowerCase(Locale.ROOT);
     if (header.contains("expires=")) {
       // only netscape cookie using 'expires'
       return 0;
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/HttpHeader.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/HttpHeader.java
new file mode 100644
index 00000000000..5d58ea8a617
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/HttpHeader.java
@@ -0,0 +1,88 @@
+package com.datadog.iast.util;
+
+import com.datadog.iast.IastRequestContext;
+import java.util.Locale;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import javax.annotation.Nullable;
+
+public class HttpHeader {
+
+  final String name;
+
+  HttpHeader(final String name) {
+    this.name = name.toLowerCase(Locale.ROOT);
+  }
+
+  public boolean matches(final String name) {
+    return this.name.equalsIgnoreCase(name);
+  }
+
+  @Nullable
+  public static HttpHeader from(final String name) {
+    return Values.HEADERS.get(name.toLowerCase(Locale.ROOT));
+  }
+
+  public abstract static class ContextAwareHeader extends HttpHeader {
+
+    ContextAwareHeader(final String name) {
+      super(name);
+    }
+
+    public abstract void onHeader(final IastRequestContext ctx, final String value);
+  }
+
+  public static final class Values {
+
+    public static final HttpHeader X_FORWARDED_PROTO =
+        new ContextAwareHeader("X-Forwarded-Proto") {
+
+          @Override
+          public void onHeader(final IastRequestContext ctx, final String value) {
+            ctx.setxForwardedProto(value);
+          }
+        };
+    public static final HttpHeader SET_COOKIE = new HttpHeader("Set-Cookie");
+    public static final HttpHeader STRICT_TRANSPORT_SECURITY =
+        new ContextAwareHeader("Strict-Transport-Security") {
+          @Override
+          public void onHeader(final IastRequestContext ctx, final String value) {
+            ctx.setStrictTransportSecurity(value);
+          }
+        };
+    public static final HttpHeader CONTENT_TYPE =
+        new ContextAwareHeader("Content-Type") {
+          @Override
+          public void onHeader(final IastRequestContext ctx, final String value) {
+            ctx.setContentType(value);
+          }
+        };
+    public static final HttpHeader X_CONTENT_TYPE_OPTIONS =
+        new ContextAwareHeader("X-Content-Type-Options") {
+          @Override
+          public void onHeader(final IastRequestContext ctx, final String value) {
+            ctx.setxContentTypeOptions(value);
+          }
+        };
+    public static final HttpHeader LOCATION = new HttpHeader("Location");
+    public static final HttpHeader REFERER = new HttpHeader("Referer");
+
+    /** Faster lookup for headers */
+    static final Map<String, HttpHeader> HEADERS;
+
+    static {
+      HEADERS =
+          Stream.of(
+                  Values.X_FORWARDED_PROTO,
+                  Values.SET_COOKIE,
+                  Values.STRICT_TRANSPORT_SECURITY,
+                  Values.CONTENT_TYPE,
+                  Values.X_CONTENT_TYPE_OPTIONS,
+                  Values.LOCATION,
+                  Values.REFERER)
+              .collect(Collectors.toMap(header -> header.name, Function.identity()));
+    }
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/ObjectVisitor.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/ObjectVisitor.java
new file mode 100644
index 00000000000..01f5e568061
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/ObjectVisitor.java
@@ -0,0 +1,249 @@
+package com.datadog.iast.util;
+
+import static com.datadog.iast.util.ObjectVisitor.State.CONTINUE;
+import static com.datadog.iast.util.ObjectVisitor.State.EXIT;
+
+import datadog.trace.api.Platform;
+import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.util.Collections;
+import java.util.IdentityHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Predicate;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings("JavaReflectionMemberAccess")
+public class ObjectVisitor {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(ObjectVisitor.class);
+
+  private static final int MAX_VISITED_OBJECTS = 1000;
+  private static final int MAX_DEPTH = 10;
+  @Nullable private static final Method TRY_SET_ACCESSIBLE;
+
+  static {
+    TRY_SET_ACCESSIBLE = fetchTrySetAccessibleMethod();
+  }
+
+  public static void visit(@Nonnull final Object object, @Nonnull final Visitor visitor) {
+    visit(object, visitor, ObjectVisitor::inspectClass);
+  }
+
+  public static void visit(
+      @Nonnull final Object object,
+      @Nonnull final Visitor visitor,
+      @Nonnull final Predicate<Class<?>> classFilter) {
+    visit(object, visitor, classFilter, MAX_DEPTH, MAX_VISITED_OBJECTS);
+  }
+
+  public static void visit(
+      @Nonnull final Object object,
+      @Nonnull final Visitor visitor,
+      final int maxDepth,
+      final int maxObjects) {
+    visit(object, visitor, ObjectVisitor::inspectClass, maxDepth, maxObjects);
+  }
+
+  public static void visit(
+      @Nonnull final Object object,
+      @Nonnull final Visitor visitor,
+      @Nonnull final Predicate<Class<?>> classFilter,
+      final int maxDepth,
+      final int maxObjects) {
+    new ObjectVisitor(classFilter, maxDepth, maxObjects, visitor).visit(0, "root", object);
+  }
+
+  private int remaining;
+  private final int maxDepth;
+  private final Set<Object> visited;
+  private final Visitor visitor;
+  private final Predicate<Class<?>> classFilter;
+
+  private ObjectVisitor(
+      final Predicate<Class<?>> classFilter,
+      final int maxDepth,
+      final int maxObjects,
+      final Visitor visitor) {
+    this.maxDepth = maxDepth;
+    this.remaining = maxObjects;
+    this.visited = Collections.newSetFromMap(new IdentityHashMap<>());
+    this.visitor = visitor;
+    this.classFilter = classFilter;
+  }
+
+  private State visit(final int depth, final String path, final Object value) {
+    if (remaining <= 0) {
+      return EXIT;
+    }
+    remaining--;
+    if (depth > maxDepth) {
+      return CONTINUE;
+    }
+    if (!visited.add(value)) {
+      return CONTINUE;
+    }
+    State state = CONTINUE;
+    try {
+      if (value instanceof Object[]) {
+        state = visitArray(depth, path, (Object[]) value);
+      } else if (value instanceof Map) {
+        state = visitMap(depth, path, (Map<?, ?>) value);
+      } else if (value instanceof Iterable) {
+        state = visitIterable(depth, path, (Iterable<?>) value);
+      } else {
+        state = visitObject(depth, path, value);
+      }
+    } catch (final Throwable e) {
+      LOGGER.debug("Failed to visit object of type {}", value.getClass(), e);
+    }
+    return state;
+  }
+
+  private State visitArray(final int depth, final String path, final Object[] array) {
+    final int arrayDepth = depth + 1;
+    for (int i = 0; i < array.length; i++) {
+      final Object item = array[i];
+      if (item != null) {
+        final String itemPath = path + "[" + i + "]";
+        final State state = visit(arrayDepth, itemPath, item);
+        if (state != CONTINUE) {
+          return state;
+        }
+      }
+    }
+    return CONTINUE;
+  }
+
+  private State visitMap(final int depth, final String path, final Map<?, ?> map) {
+    final int mapDepth = depth + 1;
+    for (final Map.Entry<?, ?> entry : map.entrySet()) {
+      final Object key = entry.getKey();
+      if (key != null) {
+        final String keyPath = path + "[]";
+        final ObjectVisitor.State state = visit(mapDepth, keyPath, key);
+        if (state != CONTINUE) {
+          return state;
+        }
+      }
+      final Object item = entry.getValue();
+      if (item != null) {
+        final String itemPath = path + "[" + key + "]";
+        final State state = visit(mapDepth, itemPath, item);
+        if (state != CONTINUE) {
+          return state;
+        }
+      }
+    }
+    return CONTINUE;
+  }
+
+  private State visitIterable(final int depth, final String path, final Iterable<?> iterable) {
+    final int iterableDepth = depth + 1;
+    int index = 0;
+    for (final Object item : iterable) {
+      if (item != null) {
+        final String itemPath = path + "[" + (index++) + "]";
+        final State state = visit(iterableDepth, itemPath, item);
+        if (state != CONTINUE) {
+          return state;
+        }
+      }
+    }
+    return CONTINUE;
+  }
+
+  private State visitObject(final int depth, final String path, final Object value) {
+    final int childDepth = depth + 1;
+    State state = visitor.visit(path, value);
+    if (state != State.CONTINUE || !classFilter.test(value.getClass())) {
+      return state;
+    }
+    Class<?> klass = value.getClass();
+    while (klass != Object.class) {
+      for (final Field field : klass.getDeclaredFields()) {
+        try {
+          if (inspectField(field) && trySetAccessible(field)) {
+            final Object fieldValue = field.get(value);
+            if (fieldValue != null) {
+              final String fieldPath = path + "." + field.getName();
+              state = visit(childDepth, fieldPath, fieldValue);
+              if (state != CONTINUE) {
+                return state;
+              }
+            }
+          }
+        } catch (final Throwable e) {
+          LOGGER.debug("Unable to get field {}", field, e);
+        }
+      }
+      klass = klass.getSuperclass();
+    }
+    return ObjectVisitor.State.CONTINUE;
+  }
+
+  public static boolean inspectClass(final Class<?> cls) {
+    if (cls.isPrimitive()) {
+      return false; // skip primitives
+    }
+    return IastExclusionTrie.apply(cls.getName()) < 1;
+  }
+
+  private static boolean inspectField(final Field field) {
+    final int modifiers = field.getModifiers();
+    if (Modifier.isStatic(modifiers)) {
+      return false;
+    }
+    final String fieldName = field.getName();
+    if ("this$0".equals(fieldName)) {
+      return false; // skip back references from inner class
+    }
+    final Class<?> fieldType = field.getType();
+    if ("groovy.lang.MetaClass".equals(fieldType.getName())) {
+      return false; // skip the whole groovy MOP
+    }
+    return true;
+  }
+
+  @Nullable
+  private static Method fetchTrySetAccessibleMethod() {
+    Method method = null;
+    if (Platform.isJavaVersionAtLeast(9)) {
+      try {
+        method = Field.class.getMethod("trySetAccessible");
+      } catch (NoSuchMethodException e) {
+        LOGGER.warn("Can't get method 'Field.trySetAccessible'", e);
+      }
+    }
+    return method;
+  }
+
+  private static boolean trySetAccessible(final Field field) {
+    try {
+      if (TRY_SET_ACCESSIBLE != null) {
+        return (boolean) TRY_SET_ACCESSIBLE.invoke(field);
+      }
+      field.setAccessible(true);
+      return true;
+    } catch (RuntimeException | IllegalAccessException | InvocationTargetException e) {
+      LOGGER.debug("Unable to make field accessible", e);
+      return false;
+    }
+  }
+
+  public interface Visitor {
+    @Nonnull
+    State visit(@Nonnull String path, @Nonnull Object value);
+  }
+
+  public enum State {
+    CONTINUE,
+    EXIT
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/Ranged.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/Ranged.java
index ed4ef8135f0..645fb58cfdc 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/Ranged.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/Ranged.java
@@ -5,6 +5,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import javax.annotation.Nullable;
 
 public interface Ranged {
 
@@ -62,6 +63,7 @@ default List<Ranged> remove(final Ranged range) {
   }
 
   /** Computes the intersection of the ranges or {@code null} if they do not intersect */
+  @Nullable
   default Ranged intersection(final Ranged range) {
     if (this.getStart() == range.getStart() && this.getLength() == range.getLength()) {
       return this;
@@ -84,15 +86,19 @@ default Ranged intersection(final Ranged range) {
     }
   }
 
-  default boolean isBefore(final Ranged range) {
+  default boolean isBefore(@Nullable final Ranged range) {
     if (range == null) {
       return true;
     }
-    return getStart() <= range.getStart();
+    final int offset = getStart() - range.getStart();
+    if (offset == 0) {
+      return getLength() <= range.getLength(); // put smaller ranges first
+    }
+    return offset < 0;
   }
 
-  static Ranged build(int start, int end) {
-    return new RangedImpl(start, end);
+  static Ranged build(int start, int length) {
+    return new RangedImpl(start, length);
   }
 
   class RangedImpl implements Ranged {
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/RangedDeque.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/RangedDeque.java
index faef93afde0..4e66a2bf5a1 100644
--- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/RangedDeque.java
+++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/RangedDeque.java
@@ -9,8 +9,10 @@
 /** */
 public interface RangedDeque<E extends Ranged> {
 
+  @Nullable
   E poll();
 
+  @Nullable
   E peek();
 
   void addFirst(@Nonnull E item);
@@ -31,8 +33,9 @@ abstract class BaseRangedDequeue<E extends Ranged> implements RangedDeque<E> {
 
     private final Deque<E> head = new LinkedList<>();
 
-    protected E next;
+    @Nullable protected E next;
 
+    @Nullable
     @Override
     public final E poll() {
       final E result = next;
@@ -40,6 +43,7 @@ public final E poll() {
       return result;
     }
 
+    @Nullable
     @Override
     public final E peek() {
       return next;
@@ -58,15 +62,18 @@ public final boolean isEmpty() {
       return next == null;
     }
 
+    @Nullable
     protected final E fetchNext() {
       return head.isEmpty() ? internalPoll() : head.poll();
     }
 
+    @Nullable
     protected abstract E internalPoll();
   }
 
   class EmptyRangedDequeue<E extends Ranged> extends BaseRangedDequeue<E> {
 
+    @Nullable
     @Override
     protected E internalPoll() {
       return null;
@@ -82,6 +89,7 @@ class TokenizerQueue extends BaseRangedDequeue<Ranged> {
       next = fetchNext();
     }
 
+    @Nullable
     @Override
     protected Ranged internalPoll() {
       return tokenizer.next() ? tokenizer.current() : null;
@@ -99,6 +107,7 @@ class ArrayQueue<E extends Ranged> extends BaseRangedDequeue<E> {
       next = fetchNext();
     }
 
+    @Nullable
     @Override
     protected E internalPoll() {
       return index >= array.length ? null : array[index++];
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/GrpcRequestMessageHandlerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/GrpcRequestMessageHandlerTest.groovy
new file mode 100644
index 00000000000..e4081f96d7d
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/GrpcRequestMessageHandlerTest.groovy
@@ -0,0 +1,124 @@
+package com.datadog.iast
+
+import com.datadog.iast.protobuf.Test2
+import com.datadog.iast.protobuf.Test3
+import com.datadog.iast.util.ObjectVisitor
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.SourceTypes
+import datadog.trace.api.iast.propagation.PropagationModule
+import datadog.trace.test.util.DDSpecification
+import foo.bar.VisitableClass
+
+import java.util.function.Predicate
+
+import static com.datadog.iast.util.ObjectVisitor.State.CONTINUE
+
+class GrpcRequestMessageHandlerTest extends DDSpecification {
+
+  private PropagationModule propagation
+  private IastRequestContext iastCtx
+  private RequestContext ctx
+
+  void setup() {
+    propagation = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(propagation)
+    iastCtx = Mock(IastRequestContext)
+    ctx = Mock(RequestContext) {
+      getData(RequestContextSlot.IAST) >> iastCtx
+    }
+  }
+
+  void 'the handler does nothing without propagation'() {
+    given:
+    final handler = new GrpcRequestMessageHandler()
+    InstrumentationBridge.clearIastModules()
+
+    when:
+    handler.apply(ctx, [:])
+
+    then:
+    0 * _
+  }
+
+  void 'the handler does nothing with null values'() {
+    given:
+    final handler = new GrpcRequestMessageHandler()
+
+    when:
+    handler.apply(ctx, null)
+
+    then:
+    0 * _
+  }
+
+  void 'the handler forwards objects to the propagation module'() {
+    given:
+    final target = [:]
+    final handler = new GrpcRequestMessageHandler()
+
+    when:
+    handler.apply(ctx, target)
+
+    then:
+    1 * propagation.taintDeeply(iastCtx, target, SourceTypes.GRPC_BODY, _ as Predicate<Class<?>>)
+  }
+
+  void 'the handler only takes into account protobuf v.#protobufVersion related messages'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor) {
+      visit(_ as String, _ as Object) >> {
+        println 'feo'
+        return CONTINUE
+      }
+    }
+    final url = 'https://dd.datad0g.com/'
+    final nonProtobufMessage = new VisitableClass(name: 'test')
+    final filter = GrpcRequestMessageHandler::isProtobufArtifact
+
+    when: 'the message is not a protobuf instance'
+    ObjectVisitor.visit(nonProtobufMessage, visitor, filter)
+
+    then: 'only the root object is visited'
+    1 * visitor.visit('root', nonProtobufMessage) >> CONTINUE
+    0 * visitor._
+
+    when: 'the message is a protobuf message'
+    ObjectVisitor.visit(protobufMessage, visitor, filter)
+
+    then: 'all the properties are visited'
+    1 * visitor.visit('root', protobufMessage) >> CONTINUE
+    1 * visitor.visit('root.child_.optional_', 'optional') >> CONTINUE
+    1 * visitor.visit('root.child_.required_', 'required') >> CONTINUE
+    1 * visitor.visit('root.child_.repeated_[0]', 'repeated0') >> CONTINUE
+    1 * visitor.visit('root.child_.repeated_[1]', 'repeated1') >> CONTINUE
+    // for maps we go inside com.google.protobuf.MapField and extract properties
+    1 * visitor.visit('root.child_.map_.mapData[]', 'key') >> CONTINUE
+    1 * visitor.visit('root.child_.map_.mapData[key]', 'value') >> CONTINUE
+
+    where:
+    protobufVersion << ['2', '3']
+    protobufMessage << [buildProto2Message(), buildProto3Message()]
+  }
+
+  private static def buildProto2Message() {
+    final child = Test2.Proto2Child.newBuilder()
+    .setOptional("optional")
+    .setRequired("required")
+    .addAllRepeated(Arrays.asList('repeated0', 'repeated1'))
+    .putMap('key', 'value')
+    .build()
+    return Test2.Proto2Parent.newBuilder().setChild(child).build()
+  }
+
+  private static def buildProto3Message() {
+    final child = Test3.Proto3Child.newBuilder()
+    .setOptional("optional")
+    .setRequired("required")
+    .addAllRepeated(Arrays.asList('repeated0', 'repeated1'))
+    .putMap('key', 'value')
+    .build()
+    return Test3.Proto3Parent.newBuilder().setChild(child).build()
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastModuleImplTestBase.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastModuleImplTestBase.groovy
index d47ce8e0a14..9ad167ed6c6 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastModuleImplTestBase.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastModuleImplTestBase.groovy
@@ -1,6 +1,5 @@
 package com.datadog.iast
 
-import com.datadog.iast.HasDependencies.Dependencies
 import com.datadog.iast.overhead.Operation
 import com.datadog.iast.overhead.OverheadController
 import datadog.trace.api.Config
@@ -25,6 +24,8 @@ class IastModuleImplTestBase extends DDSpecification {
   // TODO replace by mock an fix all mock assertions (0 * _ will usually fail)
   protected StackWalker stackWalker = StackWalkerFactory.INSTANCE
 
+  protected Dependencies dependencies = new Dependencies(Config.get(), reporter, overheadController, stackWalker)
+
   void setup() {
     AgentTracer.forceRegister(tracer)
     overheadController.acquireRequest() >> true
@@ -34,9 +35,4 @@ class IastModuleImplTestBase extends DDSpecification {
   void cleanup() {
     AgentTracer.forceRegister(ORIGINAL_TRACER)
   }
-
-  protected <E extends HasDependencies> E registerDependencies(final E module) {
-    module.registerDependencies(new Dependencies(Config.get(), reporter, overheadController, stackWalker))
-    return module
-  }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastSystemTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastSystemTest.groovy
index f6b610bc45b..e5374552b8c 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastSystemTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/IastSystemTest.groovy
@@ -1,5 +1,6 @@
 package com.datadog.iast
 
+import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.internal.TraceSegment
 import datadog.trace.api.gateway.InstrumentationGateway
 import datadog.trace.api.gateway.RequestContextSlot
@@ -11,6 +12,10 @@ import datadog.trace.test.util.DDSpecification
 
 class IastSystemTest extends DDSpecification {
 
+  def setup() {
+    InstrumentationBridge.clearIastModules()
+  }
+
   void 'start'() {
     given:
     final ig = new InstrumentationGateway()
@@ -33,6 +38,8 @@ class IastSystemTest extends DDSpecification {
     then:
     1 * ss.registerCallback(Events.get().requestStarted(), _)
     1 * ss.registerCallback(Events.get().requestEnded(), _)
+    1 * ss.registerCallback(Events.get().requestHeader(), _)
+    1 * ss.registerCallback(Events.get().grpcServerRequestMessage(), _)
     0 * _
 
     when:
@@ -52,6 +59,8 @@ class IastSystemTest extends DDSpecification {
     1 * iastContext.getTaintedObjects()
     1 * iastContext.getMetricCollector()
     1 * traceSegment.setTagTop('_dd.iast.enabled', 1)
+    1 * iastContext.getxContentTypeOptions() >> 'nosniff'
+    1 * iastContext.getStrictTransportSecurity() >> 'max-age=35660'
     0 * _
     noExceptionThrown()
   }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
index 0f5de3915e6..b44307568bd 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
@@ -52,10 +52,10 @@ class ReporterTest extends DDSpecification {
     span.getSpanId() >> spanId
 
     final v = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(spanId, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("MD5")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("MD5")
+    )
 
     when:
     reporter.report(span, v)
@@ -97,15 +97,15 @@ class ReporterTest extends DDSpecification {
     span.getSpanId() >> spanId
 
     final v1 = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(spanId, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("MD5")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("MD5")
+    )
     final v2 = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(spanId, new StackTraceElement("foo", "foo", "foo", 2)),
-      new Evidence("MD4")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 2)),
+    new Evidence("MD4")
+    )
 
     when:
     reporter.report(span, v1)
@@ -148,33 +148,77 @@ class ReporterTest extends DDSpecification {
     final tracerAPI = Mock(TracerAPI)
     AgentTracer.forceRegister(tracerAPI)
     final spanId = 12345L
+    final serviceName = 'service-name'
     final span = Mock(AgentSpan)
     final scope = Mock(AgentScope)
     final ctx = new IastRequestContext()
     final reqCtx = Stub(RequestContext)
     reqCtx.getData(RequestContextSlot.IAST) >> ctx
     final reporter = new Reporter()
-    final v = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(0, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("MD5")
-      )
+    final hash = v.getHash()
 
     when:
     reporter.report(null, v)
-    v.getLocation().getSpanId() == spanId
 
     then:
     noExceptionThrown()
     1 * tracerAPI.startSpan('iast', 'vulnerability', _ as AgentSpan.Context) >> span
     1 * tracerAPI.activateSpan(span, ScopeSource.MANUAL) >> scope
-    1 * span.getSpanId() >> spanId
     1 * span.getRequestContext() >> reqCtx
     1 * span.setSpanType(InternalSpanTypes.VULNERABILITY) >> span
     1 * span.setTag(ANALYZED.key(), ANALYZED.value())
+    1 * span.getServiceName() >> serviceName
+    1 * span.getSpanId() >> spanId
     1 * span.finish()
     1 * scope.close()
     0 * _
+
+    when:
+    def newSpanId = null
+    def newServiceName = null
+    if(v.getType() instanceof VulnerabilityType.HeaderVulnerabilityType){
+      newServiceName = v.getLocation().getServiceName()
+    }else{
+      newSpanId =  v.getLocation().getSpanId()
+    }
+    def newHash = v.getHash()
+
+    then:
+    if(v.getType() instanceof VulnerabilityType.HeaderVulnerabilityType){
+      assert newServiceName == serviceName
+      assert newHash != hash
+    }else{
+      assert newSpanId == spanId
+      assert newHash == hash
+    }
+
+    where:
+    v | _
+    defaultVulnerability() | _
+    cookieVulnerability() | _
+    headerVulnerability() | _
+  }
+
+  void 'no spans are create if duplicates are reported'() {
+    given:
+    final tracerAPI = Mock(TracerAPI)
+    AgentTracer.forceRegister(tracerAPI)
+    final ctx = new IastRequestContext()
+    final reqCtx = Stub(RequestContext)
+    reqCtx.getData(RequestContextSlot.IAST) >> ctx
+    final reporter = new Reporter((vul) -> true)
+    final v = new Vulnerability(
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(null, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("MD5")
+    )
+
+    when:
+    reporter.report(null, v)
+
+    then:
+    noExceptionThrown()
+    0 * _
   }
 
   void 'null RequestContext does not throw'() {
@@ -184,10 +228,10 @@ class ReporterTest extends DDSpecification {
     span.getRequestContext() >> null
     span.getSpanId() >> 12345L
     final v = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(0, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("MD5")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(null, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("MD5")
+    )
 
     when:
     reporter.report(span, v)
@@ -208,10 +252,10 @@ class ReporterTest extends DDSpecification {
     span.getRequestContext() >> reqCtx
     span.getSpanId() >> spanId
     final v = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(spanId, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("MD5")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("MD5")
+    )
 
     when:
     reporter.report(span, v)
@@ -225,16 +269,20 @@ class ReporterTest extends DDSpecification {
 
   void 'Vulnerabilities with same type and location are equals'() {
     given:
+    final span1 = Mock(AgentSpan)
+    span1.getSpanId() >> 123456
     final vulnerability1 = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("GOOD")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span1, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("GOOD")
+    )
+    final span2 = Mock(AgentSpan)
+    span1.getSpanId() >> 7890
     final vulnerability2 = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(7890, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("BAD")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span2, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("BAD")
+    )
 
     expect:
     vulnerability1 == vulnerability2
@@ -242,16 +290,20 @@ class ReporterTest extends DDSpecification {
 
   void 'Vulnerabilities with same type and different location are not equals'() {
     given:
+    final span1 = Mock(AgentSpan)
+    span1.getSpanId() >> 123456
     final vulnerability1 = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("GOOD")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span1, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("GOOD")
+    )
+    final span2 = Mock(AgentSpan)
+    span1.getSpanId() >> 7890
     final vulnerability2 = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(7890, new StackTraceElement("foo", "foo", "foo", 2)),
-      new Evidence("BAD")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span2, new StackTraceElement("foo", "foo", "foo", 2)),
+    new Evidence("BAD")
+    )
 
     expect:
     vulnerability1 != vulnerability2
@@ -264,10 +316,10 @@ class ReporterTest extends DDSpecification {
     final batch = new VulnerabilityBatch()
     final span = spanWithBatch(batch)
     final vulnerability = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(span.spanId, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("GOOD")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("GOOD")
+    )
 
     when: 'first time a vulnerability is reported'
     reporter.report(span, vulnerability)
@@ -289,10 +341,10 @@ class ReporterTest extends DDSpecification {
     final batch = new VulnerabilityBatch()
     final span = spanWithBatch(batch)
     final vulnerability = new Vulnerability(
-      VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(span.spanId, new StackTraceElement("foo", "foo", "foo", 1)),
-      new Evidence("GOOD")
-      )
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("GOOD")
+    )
 
     when: 'first time a vulnerability is reported'
     reporter.report(span, vulnerability)
@@ -316,10 +368,10 @@ class ReporterTest extends DDSpecification {
     final span = spanWithBatch(batch)
     final vulnerabilityBuilder = { int index ->
       new Vulnerability(
-        VulnerabilityType.WEAK_HASH,
-        Location.forSpanAndStack(span.spanId, new StackTraceElement(index.toString(), index.toString(), index.toString(), index)),
-        new Evidence("GOOD")
-        )
+      VulnerabilityType.WEAK_HASH,
+      Location.forSpanAndStack(span, new StackTraceElement(index.toString(), index.toString(), index.toString(), index)),
+      new Evidence("GOOD")
+      )
     }
 
     when: 'the deduplication cache is filled for the first time'
@@ -356,10 +408,10 @@ class ReporterTest extends DDSpecification {
     final span = spanWithBatch(batch)
     final vulnerabilityBuilder = { int index ->
       new Vulnerability(
-        VulnerabilityType.WEAK_HASH,
-        Location.forSpanAndStack(span.spanId, new StackTraceElement(index.toString(), index.toString(), index.toString(), index)),
-        new Evidence("GOOD")
-        )
+      VulnerabilityType.WEAK_HASH,
+      Location.forSpanAndStack(span, new StackTraceElement(index.toString(), index.toString(), index.toString(), index)),
+      new Evidence("GOOD")
+      )
     }
 
     when: 'a few duplicates are reported in a concurrent scenario'
@@ -401,4 +453,25 @@ class ReporterTest extends DDSpecification {
     span.getSpanId() >> spanId
     return span
   }
+
+  private Vulnerability defaultVulnerability(){
+    return new Vulnerability(
+    VulnerabilityType.WEAK_HASH,
+    Location.forSpanAndStack(null, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("MD5")
+    )
+  }
+
+  private Vulnerability cookieVulnerability(){
+    return new Vulnerability(
+    VulnerabilityType.INSECURE_COOKIE,
+    Location.forSpanAndStack(null, new StackTraceElement("foo", "foo", "foo", 1)),
+    new Evidence("cookie-name")
+    )
+  }
+
+  private Vulnerability headerVulnerability(){
+    return new Vulnerability(
+    VulnerabilityType.XCONTENTTYPE_HEADER_MISSING, Location.forSpan(null), null)
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestEndedHandlerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestEndedHandlerTest.groovy
index f1d584b4eae..b325a373d90 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestEndedHandlerTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestEndedHandlerTest.groovy
@@ -1,12 +1,12 @@
 package com.datadog.iast
 
-import com.datadog.iast.HasDependencies.Dependencies
 import com.datadog.iast.overhead.OverheadController
 import datadog.trace.api.Config
 import datadog.trace.api.gateway.Flow
 import datadog.trace.api.gateway.IGSpanInfo
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.internal.TraceSegment
 import datadog.trace.test.util.DDSpecification
 import datadog.trace.util.stacktrace.StackWalker
@@ -15,6 +15,10 @@ import groovy.transform.CompileDynamic
 @CompileDynamic
 class RequestEndedHandlerTest extends DDSpecification {
 
+  def setup() {
+    InstrumentationBridge.clearIastModules()
+  }
+
   void 'request ends with IAST context'() {
     given:
     final OverheadController overheadController = Mock(OverheadController)
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestHeaderHandlerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestHeaderHandlerTest.groovy
new file mode 100644
index 00000000000..1b8c733eadb
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestHeaderHandlerTest.groovy
@@ -0,0 +1,42 @@
+package com.datadog.iast
+
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.test.util.DDSpecification
+import groovy.transform.CompileDynamic
+
+@CompileDynamic
+class RequestHeaderHandlerTest extends DDSpecification {
+  void 'forwarded proto is set'(){
+    given:
+    final handler = new RequestHeaderHandler()
+    final iastCtx = Mock(IastRequestContext)
+    final ctx = Mock(RequestContext)
+    ctx.getData(RequestContextSlot.IAST) >> iastCtx
+
+    when:
+    handler.accept(ctx, 'X-Forwarded-Proto', 'https')
+
+    then:
+    1 * ctx.getData(RequestContextSlot.IAST) >> iastCtx
+    1 * iastCtx.setxForwardedProto('https')
+    0 * _
+  }
+
+
+  void 'forwarded proto is not set'(){
+    given:
+    final handler = new RequestHeaderHandler()
+    final iastCtx = Mock(IastRequestContext)
+    final ctx = Mock(RequestContext)
+    ctx.getData(RequestContextSlot.IAST) >> iastCtx
+
+    when:
+    handler.accept(ctx, 'Custom-Header', 'https')
+
+    then:
+    1 * ctx.getData(RequestContextSlot.IAST) >> iastCtx
+    0 * iastCtx.getxForwardedProto()
+    0 * _
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestStartedHandlerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestStartedHandlerTest.groovy
index f70e087b146..8a0ca4e2c4a 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestStartedHandlerTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/RequestStartedHandlerTest.groovy
@@ -1,6 +1,5 @@
 package com.datadog.iast
 
-import com.datadog.iast.HasDependencies.Dependencies
 import com.datadog.iast.overhead.OverheadController
 import datadog.trace.api.Config
 import datadog.trace.api.gateway.Flow
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/LocationTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/LocationTest.groovy
index 4ea0fba7d9e..656e4da309a 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/LocationTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/LocationTest.groovy
@@ -1,16 +1,19 @@
 package com.datadog.iast.model
 
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.test.util.DDSpecification
 
 class LocationTest extends DDSpecification {
 
   void 'forStack'() {
     given:
+    final span = Mock(AgentSpan)
     final spanId = 123456
+    span.getSpanId() >> spanId
     final stack = new StackTraceElement("declaringClass", "methodName", "fileName", 42)
 
     when:
-    final location = Location.forSpanAndStack(spanId, stack)
+    final location = Location.forSpanAndStack(span, stack)
 
     then:
     location.getSpanId() == spanId
@@ -21,12 +24,14 @@ class LocationTest extends DDSpecification {
 
   void 'forSpanAndClassAndMethod'() {
     given:
+    final span = Mock(AgentSpan)
     final spanId = 123456
+    span.getSpanId() >> spanId
     final declaringClass = "declaringClass"
     final methodName = "methodName"
 
     when:
-    final location = Location.forSpanAndClassAndMethod(spanId, declaringClass, methodName)
+    final location = Location.forSpanAndClassAndMethod(span, declaringClass, methodName)
 
     then:
     location.getSpanId() == spanId
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/RangeTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/RangeTest.groovy
index 5a3561fe7f8..c4992278756 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/RangeTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/RangeTest.groovy
@@ -35,7 +35,7 @@ class RangeTest extends DDSpecification {
   def 'shift zero'() {
     given:
     final source = new Source(SourceTypes.NONE, null, null)
-    final orig = new Range(0, 1, source, Range.NOT_MARKED)
+    final orig = new Range(0, 1, source, VulnerabilityMarks.NOT_MARKED)
 
     when:
     final result = orig.shift(0)
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy
index 66d1319ea2d..408219c9000 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/VulnerabilityTypeTest.groovy
@@ -1,27 +1,65 @@
 package com.datadog.iast.model
 
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.test.util.DDSpecification
 
+import static com.datadog.iast.model.VulnerabilityType.INSECURE_COOKIE
+import static com.datadog.iast.model.VulnerabilityType.NO_HTTPONLY_COOKIE
+import static com.datadog.iast.model.VulnerabilityType.NO_SAMESITE_COOKIE
 import static com.datadog.iast.model.VulnerabilityType.WEAK_CIPHER
+import static com.datadog.iast.model.VulnerabilityType.XCONTENTTYPE_HEADER_MISSING
+import static com.datadog.iast.model.VulnerabilityType.HSTS_HEADER_MISSING
 
 class VulnerabilityTypeTest extends DDSpecification {
 
-  def 'test compute hash'(final VulnerabilityType type, final Location location, final Evidence evidence, final long expected) {
+  void 'test compute hash'() {
     when:
     final vulnerability = new Vulnerability(type, location, evidence)
+
     then:
     vulnerability.hash == expected
 
     where:
-    type        | location                                                                     | evidence            | expected
-    WEAK_CIPHER | Location.forSpanAndStack(123, new StackTraceElement("foo", "foo", "foo", 1)) | new Evidence("MD5") | 1045110372
-    WEAK_CIPHER | Location.forSpanAndStack(456, new StackTraceElement("foo", "foo", "foo", 1)) | new Evidence("MD4") | 1045110372
-    WEAK_CIPHER | Location.forSpanAndStack(789, new StackTraceElement("foo", "foo", "foo", 1)) | null                | 1045110372
-    WEAK_CIPHER | Location.forSpanAndClassAndMethod(123, "foo", "foo")                         | new Evidence("MD5") | 3265519776
-    WEAK_CIPHER | Location.forSpanAndClassAndMethod(456, "foo", "foo")                         | new Evidence("MD4") | 3265519776
-    WEAK_CIPHER | Location.forSpanAndClassAndMethod(789, "foo", "foo")                         | null                | 3265519776
-    WEAK_CIPHER | null                                                                         | new Evidence("MD5") | 1272119222
-    WEAK_CIPHER | null                                                                         | new Evidence("MD4") | 1272119222
-    WEAK_CIPHER | null                                                                         | null                | 1272119222
+    type                        | location                              | evidence                    | expected
+    WEAK_CIPHER                 | getSpanAndStackLocation(123)          | new Evidence("MD5")         | 1045110372
+    WEAK_CIPHER                 | getSpanAndStackLocation(456)          | new Evidence("MD4")         | 1045110372
+    WEAK_CIPHER                 | getSpanAndStackLocation(789)          | null                        | 1045110372
+    WEAK_CIPHER                 | getSpanAndClassAndMethodLocation(123) | new Evidence("MD5")         | 3265519776
+    WEAK_CIPHER                 | getSpanAndClassAndMethodLocation(456) | new Evidence("MD4")         | 3265519776
+    WEAK_CIPHER                 | getSpanAndClassAndMethodLocation(789) | null                        | 3265519776
+    INSECURE_COOKIE             | getSpanAndStackLocation(123)          | null                        | 3471934557
+    INSECURE_COOKIE             | getSpanAndStackLocation(123)          | new Evidence("cookieName1") | 360083726
+    INSECURE_COOKIE             | getSpanAndStackLocation(123)          | new Evidence("cookieName2") | 2357141684
+    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)          | null                        | 2115643285
+    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)          | new Evidence("cookieName1") | 585548920
+    NO_HTTPONLY_COOKIE          | getSpanAndStackLocation(123)          | new Evidence("cookieName2") | 3153040834
+    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)          | null                        | 3683185539
+    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)          | new Evidence("cookieName1") | 881944211
+    NO_SAMESITE_COOKIE          | getSpanAndStackLocation(123)          | new Evidence("cookieName2") | 2912433961
+    XCONTENTTYPE_HEADER_MISSING | getSpanLocation(123, null)            | null                        | 3429203725
+    XCONTENTTYPE_HEADER_MISSING | getSpanLocation(123, 'serviceName1')  | null                        | 2718833340
+    XCONTENTTYPE_HEADER_MISSING | getSpanLocation(123, 'serviceName2')  | null                        | 990333702
+    HSTS_HEADER_MISSING         | getSpanLocation(123, null)            | null                        | 121310697
+    HSTS_HEADER_MISSING         | getSpanLocation(123, 'serviceName1')  | null                        | 3533496951
+    HSTS_HEADER_MISSING         | getSpanLocation(123, 'serviceName2')  | null                        | 1268102093
+  }
+
+  private Location getSpanAndStackLocation(final long spanId) {
+    final span = Mock(AgentSpan)
+    span.getSpanId() >> spanId
+    return Location.forSpanAndStack(span, new StackTraceElement("foo", "foo", "foo", 1))
+  }
+
+  private Location getSpanAndClassAndMethodLocation(final long spanId) {
+    final span = Mock(AgentSpan)
+    span.getSpanId() >> spanId
+    return Location.forSpanAndClassAndMethod(span, "foo", "foo")
+  }
+
+  private Location getSpanLocation(final long spanId, final String serviceName) {
+    final span = Mock(AgentSpan)
+    span.getSpanId() >> spanId
+    span.getServiceName() >> serviceName
+    return Location.forSpan(span)
   }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceEncodingTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceEncodingTest.groovy
index c946e53f70a..9b3d67e9339 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceEncodingTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceEncodingTest.groovy
@@ -10,6 +10,8 @@ import datadog.trace.test.util.DDSpecification
 import org.skyscreamer.jsonassert.JSONAssert
 import spock.lang.Shared
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
+
 class EvidenceEncodingTest extends DDSpecification {
 
   private static final List<Source> SOURCES_SUITE = (0..2).collect { new Source((byte) it, "name$it", "value$it") }
@@ -65,7 +67,7 @@ class EvidenceEncodingTest extends DDSpecification {
   }
 
   private static Range range(final int start, final int length, final Source source) {
-    return new Range(start, length, source, Range.NOT_MARKED)
+    return new Range(start, length, source, NOT_MARKED)
   }
 
   private static Source source(final int index) {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceRedactionTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceRedactionTest.groovy
index ab9ce895d37..255d531f819 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceRedactionTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceRedactionTest.groovy
@@ -70,11 +70,8 @@ class EvidenceRedactionTest extends DDSpecification {
     new StringValuePart(null)                                  | _
     new StringValuePart('')                                    | _
     new RedactedValuePart(null)                                | _
-    new RedactedValuePart('')                                  | _
     new TaintedValuePart(Mock(JsonAdapter), null, null, true)  | _
-    new TaintedValuePart(Mock(JsonAdapter), null, '', true)    | _
     new TaintedValuePart(Mock(JsonAdapter), null, null, false) | _
-    new TaintedValuePart(Mock(JsonAdapter), null, '', false)   | _
   }
 
   void 'test #suite'() {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/TaintedObjectEncodingTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/TaintedObjectEncodingTest.groovy
index 55956358225..dfbc0fb8275 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/TaintedObjectEncodingTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/TaintedObjectEncodingTest.groovy
@@ -10,6 +10,8 @@ import org.skyscreamer.jsonassert.JSONAssert
 
 import java.lang.ref.ReferenceQueue
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
+
 class TaintedObjectEncodingTest extends DDSpecification {
 
   @Override
@@ -87,7 +89,7 @@ class TaintedObjectEncodingTest extends DDSpecification {
   private TaintedObject taintedObject(final String value, final byte sourceType, final String sourceName, final String sourceValue) {
     return new TaintedObject(
       value,
-      [new Range(0, value.length(), new Source(sourceType, sourceName, sourceValue), Range.NOT_MARKED)] as Range[],
+      [new Range(0, value.length(), new Source(sourceType, sourceName, sourceValue), NOT_MARKED)] as Range[],
       Mock(ReferenceQueue))
   }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/VulnerabilityEncodingTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/VulnerabilityEncodingTest.groovy
index c1bdd1f3908..4ade1c08a8d 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/VulnerabilityEncodingTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/VulnerabilityEncodingTest.groovy
@@ -9,10 +9,14 @@ import com.datadog.iast.model.VulnerabilityBatch
 import com.datadog.iast.model.VulnerabilityType
 import datadog.trace.api.config.IastConfig
 import datadog.trace.api.iast.SourceTypes
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.test.util.DDSpecification
 import org.skyscreamer.jsonassert.JSONAssert
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import java.util.regex.Matcher
+import java.util.regex.Pattern
+
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 
 class VulnerabilityEncodingTest extends DDSpecification {
 
@@ -27,7 +31,15 @@ class VulnerabilityEncodingTest extends DDSpecification {
     value.add(null)
 
     when:
-    final result = VulnerabilityEncoding.toJson(value)
+    def result = VulnerabilityEncoding.toJson(value)
+
+    then:
+    JSONAssert.assertEquals('''{
+      "vulnerabilities": []
+    }''', result, true)
+
+    when:
+    result = VulnerabilityEncoding.getExceededTagSizeJson(new TruncatedVulnerabilities(value.getVulnerabilities()))
 
     then:
     JSONAssert.assertEquals('''{
@@ -37,10 +49,13 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'one vulnerability'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("MD5")
       ))
 
@@ -72,7 +87,7 @@ class VulnerabilityEncodingTest extends DDSpecification {
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(0, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(null, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("MD5")
       ))
 
@@ -100,10 +115,13 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'one vulnerability with one source'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD", [new Range(0, 1, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key", "value"), NOT_MARKED)] as Range[])
       ))
 
@@ -142,10 +160,13 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'one vulnerability with two sources'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD", [
         new Range(0, 1, new Source(SourceTypes.REQUEST_PARAMETER_NAME, "key", "value"), NOT_MARKED),
         new Range(1, 1, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key2", "value2"), NOT_MARKED)
@@ -193,10 +214,13 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'one vulnerability with null source'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD", [new Range(0, 1, null, NOT_MARKED)] as Range[])
       ))
 
@@ -228,10 +252,13 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'one vulnerability with no source type'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD", [new Range(0, 1, new Source(SourceTypes.NONE, "key", "value"), NOT_MARKED)] as Range[])
       ))
 
@@ -269,16 +296,19 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'two vulnerabilities with one shared source'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     final source = new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key", "value")
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD1", [new Range(0, 1, source, NOT_MARKED)] as Range[])
       ))
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD2", [new Range(0, 1, source, NOT_MARKED)] as Range[])
       ))
 
@@ -333,15 +363,18 @@ class VulnerabilityEncodingTest extends DDSpecification {
 
   void 'two vulnerability with no shared sources'() {
     given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
     final value = new VulnerabilityBatch()
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD", [new Range(0, 1, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key1", "value"), NOT_MARKED)] as Range[])
       ))
     value.add(new Vulnerability(
       VulnerabilityType.WEAK_HASH,
-      Location.forSpanAndStack(123456L, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
       new Evidence("BAD", [new Range(0, 1, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key2", "value"), NOT_MARKED)] as Range[])
       ))
 
@@ -398,4 +431,162 @@ class VulnerabilityEncodingTest extends DDSpecification {
       ]
     }''', result, true)
   }
+
+  void 'one truncated vulnerability'() {
+    given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
+    final value = new VulnerabilityBatch()
+    value.add(new Vulnerability(
+      VulnerabilityType.WEAK_HASH,
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      new Evidence(generateLargeString())
+      ))
+
+    when:
+    final result = VulnerabilityEncoding.getExceededTagSizeJson(new TruncatedVulnerabilities(value.getVulnerabilities()))
+
+    then:
+    JSONAssert.assertEquals('''{
+      "vulnerabilities": [
+        {
+          "type": "WEAK_HASH",
+          "evidence": {
+            "value": "MAX SIZE EXCEEDED"
+          },
+          "hash":1042880134,
+          "location": {
+            "spanId": 123456,
+            "line": 1,
+            "method": "fooMethod",
+            "path": "foo"
+          }
+        }
+      ]
+    }''', result, true)
+  }
+
+  void 'two truncated vulnerabilities'() {
+    given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
+    final value = new VulnerabilityBatch()
+    value.add(new Vulnerability(
+      VulnerabilityType.WEAK_HASH,
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      new Evidence(generateLargeString(), [new Range(0, 1, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key1", "value"), NOT_MARKED)] as Range[])
+      ))
+    value.add(new Vulnerability(
+      VulnerabilityType.WEAK_HASH,
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      new Evidence(generateLargeString(), [new Range(0, 1, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key2", "value"), NOT_MARKED)] as Range[])
+      ))
+
+    when:
+    final result = VulnerabilityEncoding.getExceededTagSizeJson(new TruncatedVulnerabilities(value.getVulnerabilities()))
+
+    then:
+    JSONAssert.assertEquals('''{
+      "vulnerabilities": [
+        {
+          "evidence": {
+            "value": "MAX SIZE EXCEEDED"
+          },
+          "hash": 1042880134,
+          "location": {
+            "spanId": 123456,
+            "line": 1,
+            "method": "fooMethod",
+            "path": "foo"
+          },
+          "type": "WEAK_HASH"
+        },
+        {
+          "evidence": {
+            "value": "MAX SIZE EXCEEDED"
+          },
+          "hash": 1042880134,
+          "location": {
+            "spanId": 123456,
+            "line": 1,
+            "method": "fooMethod",
+            "path": "foo"
+          },
+          "type": "WEAK_HASH"
+        }
+      ]
+    }''', result, true)
+  }
+
+  void 'when json is greater than 25kb VulnerabilityEncoding#getExceededTagSizeJson is called'(){
+    given:
+    final span = Mock(AgentSpan)
+    final spanId = 123456
+    span.getSpanId() >> spanId
+    final value = new VulnerabilityBatch()
+    for (int i = 0 ; i < 40; i++){
+      value.add(generateBigVulnerability(span))
+    }
+
+    when:
+    final result = VulnerabilityEncoding.toJson(value)
+
+    then: 'all sources have been removed and all vulnerabilities have generic evidence'
+    !result.contains("source") //sources have been removed
+    countGenericEvidenceOccurrences(result) == value.getVulnerabilities().size() //All the vulnerabilities have generic evidence
+
+  }
+
+  void 'exception during serialization is caught'() {
+    given:
+    final value = new VulnerabilityBatch()
+    final type = Mock(VulnerabilityType) {
+      name() >> { throw new RuntimeException("ERROR") }
+    }
+    final vuln = new Vulnerability(type, null, null)
+    value.add(vuln)
+
+    when:
+    final result = VulnerabilityEncoding.toJson(value)
+
+    then:
+    JSONAssert.assertEquals('''{
+      "vulnerabilities": [
+      ]
+    }''', result, true)
+  }
+
+  private static String generateLargeString(){
+    int targetSize = 25 * 1024
+    StringBuilder sb = new StringBuilder()
+    Random random = new Random()
+    while (sb.length() < targetSize){
+      sb.append(random.nextInt())
+    }
+    return sb.toString()
+  }
+
+
+  private static Vulnerability generateBigVulnerability(AgentSpan span){
+    String largeString = generateLargeString()
+    return new Vulnerability(
+      VulnerabilityType.WEAK_HASH,
+      Location.forSpanAndStack(span, new StackTraceElement("foo", "fooMethod", "foo", 1)),
+      new Evidence(largeString, [
+        new Range(0, largeString.length(), new Source(SourceTypes.REQUEST_PARAMETER_VALUE, "key2", largeString), NOT_MARKED)
+      ] as Range[])
+      )
+  }
+
+  private static int countGenericEvidenceOccurrences(final String input){
+    Pattern pattern = Pattern.compile("\"evidence\":\\{\"value\":\"MAX SIZE EXCEEDED\"}")
+    Matcher matcher = pattern.matcher(input)
+    int count = 0
+    while (matcher.find()){
+      count++
+    }
+    return count
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/overhead/OverheadControllerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/overhead/OverheadControllerTest.groovy
index aa93451d9c7..e784643f909 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/overhead/OverheadControllerTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/overhead/OverheadControllerTest.groovy
@@ -47,9 +47,9 @@ class OverheadControllerTest extends DDSpecification {
     where:
     samplingPct              | requests | expectedSampledRequests
     DEFAULT_REQUEST_SAMPLING | 100      | 33
-    30                       | 100      | 33
-    30                       | 10       | 3
-    30                       | 9        | 3
+    33                       | 100      | 33
+    33                       | 10       | 3
+    33                       | 9        | 3
     50                       | 100      | 50
     50                       | 10       | 5
     100                      | 1        | 1
@@ -57,6 +57,8 @@ class OverheadControllerTest extends DDSpecification {
     200                      | 100      | 100
     1000                     | 100      | 100
     0                        | 100      | 100
+    51                       | 100      | 51
+    99                       | 100      | 99
   }
 
   void 'No more than two request can be acquired concurrently'() {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy
index a06b44e4fa5..b0dceae6377 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy
@@ -4,6 +4,9 @@ import com.datadog.iast.IastModuleImplTestBase
 import com.datadog.iast.IastRequestContext
 import com.datadog.iast.model.Range
 import com.datadog.iast.model.Source
+import com.datadog.iast.taint.Ranges
+import com.datadog.iast.taint.TaintedObject
+import datadog.trace.api.Config
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.iast.SourceTypes
@@ -11,25 +14,19 @@ import datadog.trace.api.iast.Taintable
 import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.propagation.PropagationModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
-import groovy.transform.CompileDynamic
+import org.junit.Assume
 
-import static com.datadog.iast.model.Range.NOT_MARKED
-import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
-import static com.datadog.iast.taint.TaintUtils.fromTaintFormat
-import static datadog.trace.api.iast.VulnerabilityMarks.SQL_INJECTION_MARK
-import static datadog.trace.api.iast.VulnerabilityMarks.XPATH_INJECTION_MARK
-import static datadog.trace.api.iast.VulnerabilityMarks.XSS_MARK
+import static com.datadog.iast.taint.Ranges.highestPriorityRange
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 
-@CompileDynamic
 class PropagationModuleTest extends IastModuleImplTestBase {
 
   private PropagationModule module
-  private List<Object> objectHolder
+
   private IastRequestContext ctx
 
-  def setup() {
+  void setup() {
     module = new PropagationModuleImpl()
-    objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
       getData(RequestContextSlot.IAST) >> ctx
@@ -40,54 +37,49 @@ class PropagationModuleTest extends IastModuleImplTestBase {
     tracer.activeSpan() >> span
   }
 
-  void '#method null or empty'() {
-    when:
+  void '#method(#args) not taintable'() {
+    when: 'there is no context by default'
     module.&"$method".call(args.toArray())
 
-    then:
+    then: 'no mock calls should happen'
+    0 * _
+
+    when: 'there is a context'
+    args.add(0, ctx)
+    module.&"$method".call(args.toArray())
+
+    then: 'no mock calls should happen'
     0 * _
 
     where:
-    method                                     | args
-    'taintIfInputIsTainted'                    | [null, null]
-    'taintIfInputIsTainted'                    | [null, new Object()]
-    'taintIfInputIsTainted'                    | [null, 'test']
-    'taintIfInputIsTainted'                    | [new Object(), null]
-    'taintIfInputIsTainted'                    | [null as String, null]
-    'taintIfInputIsTainted'                    | ['', null]
-    'taintIfInputIsTainted'                    | ['', new Object()]
-    'taintIfInputIsTainted'                    | [null as String, new Object()]
-    'taintIfInputIsTainted'                    | ['test', null]
-    'taintIfInputIsTainted'                    | [null as String, 'test']
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', null as String, null]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', '', null]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', '', new Object()]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', null as String, new Object()]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'test', null]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', null as String, 'test']
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [].toSet(), 'test']
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, ['test'].toSet(), null]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [:].entrySet().toList(), 'test']
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [key: "value"].entrySet().toList(), null]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', null as Collection, 'test']
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', [], 'test']
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', ['value'], null]
-    'taintObjectIfInputIsTaintedKeepingRanges' | [null, new Object()]
-    'taintObjectIfInputIsTaintedKeepingRanges' | [new Object(), null]
-    'taintIfAnyInputIsTainted'                 | [null, null]
-    'taintIfAnyInputIsTainted'                 | [null, [].toArray()]
-    'taintIfAnyInputIsTainted'                 | ['test', [].toArray()]
-    'taint'                                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', null as String]
-    'taint'                                    | [SourceTypes.REQUEST_PARAMETER_VALUE, null as String, null as String]
-    'taint'                                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', '']
-    'taintObjects'                             | [SourceTypes.REQUEST_PARAMETER_VALUE, null as Object[]]
-    'taintObjects'                             | [SourceTypes.REQUEST_PARAMETER_VALUE, [] as Object[]]
-    'taintObjects'                             | [SourceTypes.REQUEST_PARAMETER_VALUE, null as Collection]
-    'taintIfInputIsTaintedWithMarks'           | ['', null, VulnerabilityMarks.XSS_MARK]
-    'taintIfInputIsTaintedWithMarks'           | ['', new Object(), VulnerabilityMarks.XSS_MARK]
-    'taintIfInputIsTaintedWithMarks'           | [null as String, new Object(), VulnerabilityMarks.XSS_MARK]
-    'taintIfInputIsTaintedWithMarks'           | ['test', null, VulnerabilityMarks.XSS_MARK]
-    'taintIfInputIsTaintedWithMarks'           | [null as String, 'test', VulnerabilityMarks.XSS_MARK]
+    method              | args
+    'taint'             | [null, SourceTypes.REQUEST_PARAMETER_VALUE]
+    'taint'             | [null, SourceTypes.REQUEST_PARAMETER_VALUE, 'name']
+    'taint'             | [null, SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value']
+    'taintIfTainted'    | [null, 'test']
+    'taintIfTainted'    | ['test', null]
+    'taintIfTainted'    | [null, 'test', false, NOT_MARKED]
+    'taintIfTainted'    | ['test', null, false, NOT_MARKED]
+    'taintIfTainted'    | [null, 'test']
+    'taintIfTainted'    | ['test', null]
+    'taintIfTainted'    | [null, 'test', SourceTypes.REQUEST_PARAMETER_VALUE]
+    'taintIfTainted'    | ['test', null, SourceTypes.REQUEST_PARAMETER_VALUE]
+    'taintIfTainted'    | [null, 'test', SourceTypes.REQUEST_PARAMETER_VALUE, 'name']
+    'taintIfTainted'    | ['test', null, SourceTypes.REQUEST_PARAMETER_VALUE, 'name']
+    'taintIfTainted'    | [null, 'test', SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value']
+    'taintIfTainted'    | ['test', null, SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value']
+    'taintIfAnyTainted' | [null, ['test'] as Object[]]
+    'taintIfAnyTainted' | ['test', null]
+    'taintIfAnyTainted' | ['test', [] as Object[]]
+    'taintDeeply'       | [
+      null,
+      SourceTypes.REQUEST_PARAMETER_VALUE,
+      {
+        true
+      }
+    ]
+    'findSource'        | [null]
+    'isTainted'         | [null]
   }
 
   void '#method without span'() {
@@ -99,438 +91,473 @@ class PropagationModuleTest extends IastModuleImplTestBase {
     0 * _
 
     where:
-    method                                     | args
-    'taintIfInputIsTainted'                    | [new Object(), new Object()]
-    'taintIfInputIsTainted'                    | [new Object(), 'test']
-    'taintIfInputIsTainted'                    | ['test', new Object()]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value', new Object()]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', ['value'], new Object()]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, ['value'].toSet(), new Object()]
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [key: 'value'].entrySet().toList(), new Object()]
-    'taintObjectIfInputIsTaintedKeepingRanges' | [new Object(), new Object()]
-    'taintIfAnyInputIsTainted'                 | ['value', ['test', 'test2'].toArray()]
-    'taint'                                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value']
-    'taintObjects'                             | [SourceTypes.REQUEST_PARAMETER_VALUE, [new Object()] as Object[]]
-    'taintObjects'                             | [SourceTypes.REQUEST_PARAMETER_VALUE, [new Object()]]
-    'taintObjects'                             | [SourceTypes.REQUEST_PARAMETER_VALUE, [new Object()] as Collection<Object>]
-    'taintIfInputIsTaintedWithMarks'           | ['test', new Object(), VulnerabilityMarks.XSS_MARK]
+    method              | args
+    'taint'             | ['test', SourceTypes.REQUEST_PARAMETER_VALUE]
+    'taint'             | ['test', SourceTypes.REQUEST_PARAMETER_VALUE, 'name']
+    'taint'             | ['test', SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value']
+    'taintIfTainted'    | ['test', 'test']
+    'taintIfTainted'    | ['test', 'test', false, NOT_MARKED]
+    'taintIfTainted'    | ['test', 'test', SourceTypes.REQUEST_PARAMETER_VALUE]
+    'taintIfTainted'    | ['test', 'test', SourceTypes.REQUEST_PARAMETER_VALUE, 'name']
+    'taintIfTainted'    | ['test', 'test', SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value']
+    'taintIfAnyTainted' | ['test', ['test']]
+    'taintDeeply'       | [
+      'test',
+      SourceTypes.REQUEST_PARAMETER_VALUE,
+      {
+        true
+      }
+    ]
+    'findSource'        | ['test']
+    'isTainted'         | ['test']
   }
 
-  void 'test propagation for #method'() {
+  void 'test taint'() {
     given:
-    final toTaint = toTaintClosure.call(args)
-    final targetMethod = module.&"$method"
-    final arguments = args.toArray()
-    final input = inputClosure.call(arguments)
+    final value = (target instanceof CharSequence) ? target.toString() : null
+    final source = taintedSource(value)
+    final ranges = Ranges.forObject(source)
 
     when:
-    targetMethod.call(arguments)
+    module.taint(target, source.origin, source.name, source.value)
 
     then:
-    assertNotTainted(toTaint)
+    final tainted = getTaintedObject(target)
+    if (shouldTaint) {
+      assertTainted(tainted, ranges)
+    } else {
+      assert tainted == null
+    }
 
-    when:
-    taint(input)
-    targetMethod.call(arguments)
+    where:
+    target                         | shouldTaint
+    string('string')               | true
+    stringBuilder('stringBuilder') | true
+    date()                         | true
+    taintable()                    | true
+  }
+
+  void 'test taintIfTainted keeping ranges'() {
+    given:
+    def (target, input) = suite
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+
+    when: 'input is not tainted'
+    module.taintIfTainted(target, input, true, NOT_MARKED)
 
     then:
-    assertTainted(toTaint)
+    assert getTaintedObject(target) == null
 
-    where:
-    method                                     | args                                                                                            | toTaintClosure            | inputClosure
-    'taintIfInputIsTainted'                    | [new Object(), 'I am an string']                                                                | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTainted'                    | [new Object(), new Object()]                                                                    | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTainted'                    | [new Object(), new MockTaintable()]                                                             | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTainted'                    | ['Hello', 'I am an string']                                                                     | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTainted'                    | ['Hello', new Object()]                                                                         | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTainted'                    | ['Hello', new MockTaintable()]                                                                  | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value', 'I am an string']                        | {
-      it[2]
-    }                                                                                                                                                                        | {
-      it[3]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value', new Object()]                            | {
-      it[2]
-    }                                                                                                                                                                        | {
-      it[3]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value', new MockTaintable()]                     | {
-      it[2]
-    }                                                                                                                                                                        | {
-      it[3]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', ['value'], 'I am an string']                      | {
-      it[2][0]
-    }                                                                                                                                                                        | {
-      it[3]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', ['value'], new Object()]                          | {
-      it[2][0]
-    }                                                                                                                                                                        | {
-      it[3]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, 'name', ['value'], new MockTaintable()]                   | {
-      it[2][0]
-    }                                                                                                                                                                        | {
-      it[3]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, ['value'].toSet(), 'I am an string']                      | {
-      it[1][0]
-    }                                                                                                                                                                        | {
-      it[2]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, ['value'].toSet(), new Object()]                          | {
-      it[1][0]
-    }                                                                                                                                                                        | {
-      it[2]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, ['value'].toSet(), new MockTaintable()]                   | {
-      it[1][0]
-    }                                                                                                                                                                        | {
-      it[2]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [name: 'value'].entrySet().toList(), 'I am an string']    | {
-      it[1][0].value
-    }                                                                                                                                                                        | {
-      it[2]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [name: 'value'].entrySet().toList(), new Object()]        | {
-      it[1][0].value
-    }                                                                                                                                                                        | {
-      it[2]
-    }
-    'taintIfInputIsTainted'                    | [SourceTypes.REQUEST_PARAMETER_VALUE, [name: 'value'].entrySet().toList(), new MockTaintable()] | {
-      it[1][0].value
-    }                                                                                                                                                                        | {
-      it[2]
-    }
-    'taintObjectIfInputIsTaintedKeepingRanges' | [new Object(), new Object()]                                                                    | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintObjectIfInputIsTaintedKeepingRanges' | [new Object(), new MockTaintable()]                                                             | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfAnyInputIsTainted'                 | [new Object(), ['I am an string'].toArray()]                                                    | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1][0]
-    }
-    'taintIfAnyInputIsTainted'                 | [new Object(), [new Object()].toArray()]                                                        | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1][0]
-    }
-    'taintIfAnyInputIsTainted'                 | [new Object(), [new MockTaintable()].toArray()]                                                 | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1][0]
-    }
-    'taintIfAnyInputIsTainted'                 | ['Hello', ['I am an string'].toArray()]                                                         | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1][0]
-    }
-    'taintIfAnyInputIsTainted'                 | ['Hello', [new Object()].toArray()]                                                             | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1][0]
-    }
-    'taintIfAnyInputIsTainted'                 | ['Hello', [new MockTaintable()].toArray()]                                                      | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1][0]
-    }
-    'taintIfInputIsTaintedWithMarks'           | ['Hello', 'I am an string', VulnerabilityMarks.XSS_MARK]                                        | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTaintedWithMarks'           | ['Hello', new Object(), VulnerabilityMarks.XSS_MARK]                                            | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
-    }
-    'taintIfInputIsTaintedWithMarks'           | ['Hello', new MockTaintable(), VulnerabilityMarks.XSS_MARK]                                     | {
-      it[0]
-    }                                                                                                                                                                        | {
-      it[1]
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfTainted(target, input, true, NOT_MARKED)
+
+    then:
+    final tainted = getTaintedObject(target)
+    if (target instanceof Taintable) {
+      // only first range is kept
+      assertTainted(tainted, [taintedFrom.ranges[0]] as Range[])
+    } else {
+      assertTainted(tainted, taintedFrom.ranges)
     }
+
+    where:
+    suite << taintIfSuite()
   }
 
-  void 'test value source for #method'() {
+  void 'test taintIfTainted keeping ranges with a mark'() {
     given:
-    final span = Mock(AgentSpan)
-    tracer.activeSpan() >> span
-    final reqCtx = Mock(RequestContext)
-    span.getRequestContext() >> reqCtx
-    final ctx = new IastRequestContext()
-    reqCtx.getData(RequestContextSlot.IAST) >> ctx
+    def (target, input) = suite
+    Assume.assumeFalse(target instanceof Taintable) // taintable does not support multiple ranges or marks
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+    final mark = VulnerabilityMarks.UNVALIDATED_REDIRECT_MARK
 
-    when:
-    module."$method"(source, name, value)
+    when: 'input is not tainted'
+    module.taintIfTainted(target, input, true, mark)
 
     then:
-    1 * tracer.activeSpan() >> span
-    1 * span.getRequestContext() >> reqCtx
-    1 * reqCtx.getData(RequestContextSlot.IAST) >> ctx
-    0 * _
-    ctx.getTaintedObjects().get(name) == null
-    def to = ctx.getTaintedObjects().get(value)
-    to != null
-    to.get() == value
-    to.ranges.size() == 1
-    to.ranges[0].start == 0
-    to.ranges[0].length == value.length()
-    to.ranges[0].source == new Source(source, name, value)
+    assert getTaintedObject(target) == null
+
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfTainted(target, input, true, mark)
+
+    then:
+    final tainted = getTaintedObject(target)
+    assertTainted(tainted, taintedFrom.ranges, mark)
 
     where:
-    method  | name   | value   | source
-    'taint' | null   | 'value' | SourceTypes.REQUEST_PARAMETER_VALUE
-    'taint' | 'name' | 'value' | SourceTypes.REQUEST_PARAMETER_VALUE
+    suite << taintIfSuite()
   }
 
-  void 'taint with context for #method'() {
-    setup:
-    def ctx = new IastRequestContext()
+  void 'test taintIfTainted not keeping ranges'() {
+    given:
+    def (target, input) = suite
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
 
-    when:
-    module."$method"(ctx as Object, source, name, value)
+    when: 'input is not tainted'
+    module.taintIfTainted(target, input, false, NOT_MARKED)
 
     then:
-    ctx.getTaintedObjects().get(name) == null
-    def to = ctx.getTaintedObjects().get(value)
-    to != null
-    to.get() == value
-    to.ranges.size() == 1
-    to.ranges[0].start == 0
-    to.ranges[0].length == value.length()
-    to.ranges[0].source == new Source(source, name, value)
-    0 * _
+    assert getTaintedObject(target) == null
+
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfTainted(target, input, false, NOT_MARKED)
+
+    then:
+    final tainted = getTaintedObject(target)
+    assertTainted(tainted, [highestPriorityRange(taintedFrom.ranges)] as Range[])
 
     where:
-    method  | name    | value   | source
-    'taint' | null    | "value" | SourceTypes.REQUEST_PATH_PARAMETER
-    'taint' | ""      | "value" | SourceTypes.REQUEST_PATH_PARAMETER
-    'taint' | "param" | "value" | SourceTypes.REQUEST_PATH_PARAMETER
+    suite << taintIfSuite()
   }
 
-  void 'test taintObject'() {
-    when:
-    module.taintObject(origin, toTaint)
+  void 'test taintIfTainted not keeping ranges with a mark'() {
+    given:
+    def (target, input) = suite
+    Assume.assumeFalse(target instanceof Taintable) // taintable does not support marks
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+    final mark = VulnerabilityMarks.LDAP_INJECTION_MARK
+
+    when: 'input is not tainted'
+    module.taintIfTainted(target, input, false, mark)
 
     then:
-    assertTainted(toTaint)
+    assert getTaintedObject(target) == null
+
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfTainted(target, input, false, mark)
+
+    then:
+    final tainted = getTaintedObject(target)
+    assertTainted(tainted, [highestPriorityRange(taintedFrom.ranges)] as Range[], mark)
 
     where:
-    origin                              | toTaint
-    SourceTypes.REQUEST_PARAMETER_VALUE | new Object()
-    SourceTypes.REQUEST_PARAMETER_VALUE | new MockTaintable()
+    suite << taintIfSuite()
   }
 
-  void 'test taintObjects[array]'() {
-    when:
-    module.taintObjects(origin, new Object[]{
-      toTaint
-    })
+  void 'test taintIfAnyTainted keeping ranges'() {
+    given:
+    def (target, input) = suite
+    final inputs = ['test', input].toArray()
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+
+    when: 'input is not tainted'
+    module.taintIfAnyTainted(target, inputs, true, NOT_MARKED)
 
     then:
-    assertTainted(toTaint)
+    assert getTaintedObject(target) == null
+
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfAnyTainted(target, inputs, true, NOT_MARKED)
+
+    then:
+    final tainted = getTaintedObject(target)
+    if (target instanceof Taintable) {
+      // only first range is kept
+      assertTainted(tainted, [taintedFrom.ranges[0]] as Range[])
+    } else {
+      assertTainted(tainted, taintedFrom.ranges)
+    }
 
     where:
-    origin                              | toTaint
-    SourceTypes.REQUEST_PARAMETER_VALUE | new Object()
-    SourceTypes.REQUEST_PARAMETER_VALUE | new MockTaintable()
+    suite << taintIfSuite()
   }
 
-  void 'onJsonFactoryCreateParser'() {
+  void 'test taintIfAnyTainted keeping ranges with a mark'() {
     given:
-    final taintedObjects = ctx.getTaintedObjects()
-    def shouldBeTainted = true
+    def (target, input) = suite
+    Assume.assumeFalse(target instanceof Taintable) // taintable does not support multiple ranges or marks
+    final inputs = ['test', input].toArray()
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+    final mark = VulnerabilityMarks.UNVALIDATED_REDIRECT_MARK
 
-    def firstParam
-    if (param1 instanceof String) {
-      firstParam = addFromTaintFormat(taintedObjects, param1)
-      objectHolder.add(firstParam)
-    } else {
-      firstParam = param1
-    }
+    when: 'input is not tainted'
+    module.taintIfAnyTainted(target, inputs, true, mark)
 
-    def secondParam
-    if (param2 instanceof String) {
-      secondParam = addFromTaintFormat(taintedObjects, param2)
-      objectHolder.add(secondParam)
-      shouldBeTainted = fromTaintFormat(param2) != null
-    } else {
-      secondParam = param2
-    }
+    then:
+    assert getTaintedObject(target) == null
 
-    if (shouldBeTainted) {
-      def ranges = new Range[1]
-      ranges[0] = new Range(0, Integer.MAX_VALUE, new Source((byte) 1, "test", "test"), NOT_MARKED)
-      taintedObjects.taint(secondParam, ranges)
-    }
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfAnyTainted(target, inputs, true, mark)
+
+    then:
+    final tainted = getTaintedObject(target)
+    assertTainted(tainted, taintedFrom.ranges, mark)
+
+    where:
+    suite << taintIfSuite()
+  }
+
+  void 'test taintIfAnyTainted not keeping ranges'() {
+    given:
+    def (target, input) = suite
+    final inputs = ['test', input].toArray()
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+
+    when: 'input is not tainted'
+    module.taintIfAnyTainted(target, inputs, false, NOT_MARKED)
+
+    then:
+    assert getTaintedObject(target) == null
+
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfAnyTainted(target, inputs, false, NOT_MARKED)
+
+    then:
+    final tainted = getTaintedObject(target)
+    assertTainted(tainted, [highestPriorityRange(taintedFrom.ranges)] as Range[])
+
+    where:
+    suite << taintIfSuite()
+  }
+
+  void 'test taintIfAnyTainted not keeping ranges with a mark'() {
+    given:
+    def (target, input) = suite
+    Assume.assumeFalse(target instanceof Taintable) // taintable does not support marks
+    final inputs = ['test', input].toArray()
+    final source = taintedSource()
+    final ranges = [new Range(0, 1, source, NOT_MARKED), new Range(1, 1, source, NOT_MARKED)] as Range[]
+    final mark = VulnerabilityMarks.LDAP_INJECTION_MARK
+
+    when: 'input is not tainted'
+    module.taintIfAnyTainted(target, inputs, false, mark)
+
+    then:
+    assert getTaintedObject(target) == null
+
+    when: 'input is tainted'
+    final taintedFrom = taintObject(input, ranges)
+    module.taintIfAnyTainted(target, inputs, false, mark)
+
+    then:
+    final tainted = getTaintedObject(target)
+    assertTainted(tainted, [highestPriorityRange(taintedFrom.ranges)] as Range[], mark)
+
+    where:
+    suite << taintIfSuite()
+  }
+
+  void 'test taint deeply'() {
+    given:
+    final target = [Hello: " World!", Age: 25]
 
     when:
-    module.taintIfInputIsTainted(firstParam, secondParam)
+    module.taintDeeply(target, SourceTypes.GRPC_BODY, { true })
 
     then:
-    def to = ctx.getTaintedObjects().get(param1)
-    if (shouldBeTainted) {
-      assert to != null
-      assert to.get() == param1
-      if (param1 instanceof String) {
-        final ranges = to.getRanges()
-        assert ranges.length == 1
-        assert ranges[0].start == 0
-        assert ranges[0].length == param1.length()
-      } else {
-        final ranges = to.getRanges()
-        assert ranges.length == 1
-        assert ranges[0].start == 0
-        assert ranges[0].length == Integer.MAX_VALUE
-      }
-    } else {
-      assert to == null
+    final taintedObjects = ctx.taintedObjects
+    target.keySet().each { key ->
+      assert taintedObjects.get(key) != null
     }
+    assert taintedObjects.get(target['Hello']) != null
+    assert taintedObjects.size() == 3 // two keys and one string value
+  }
 
-    where:
-    param1       | param2
-    '123'        | new Object()
-    new Object() | new Object()
-    new Object() | '123'
-    new Object() | '==>123<=='
+  void 'test taint deeply char sequence'() {
+    given:
+    final target = stringBuilder('taint me')
+
+    when:
+    module.taintDeeply(target, SourceTypes.GRPC_BODY, { true })
+
+    then:
+    final taintedObjects = ctx.taintedObjects
+    assert taintedObjects.size() == 1
+    final tainted = taintedObjects.get(target)
+    assert tainted != null
+    final source = tainted.ranges[0].source
+    assert source.origin == SourceTypes.GRPC_BODY
+    assert source.value == target.toString()
   }
 
-  void 'test first tainted source'() {
+  void 'test is tainted and find source'() {
+    given:
+    if (source != null) {
+      taintObject(target, source)
+    }
+
     when:
-    final before = module.firstTaintedSource(target)
+    final tainted = module.isTainted(target)
 
     then:
-    before == null
+    tainted == (source != null)
 
     when:
-    module.taintObject(origin, target)
-    final after = module.firstTaintedSource(target)
+    final foundSource = module.findSource(target)
 
     then:
-    after.origin == origin
+    foundSource == source
 
     where:
-    target              | origin
-    'this is a string'  | SourceTypes.REQUEST_PARAMETER_VALUE
-    new Object()        | SourceTypes.REQUEST_PARAMETER_VALUE
-    new MockTaintable() | SourceTypes.REQUEST_PARAMETER_VALUE
+    target                         | source
+    string('string')               | null
+    stringBuilder('stringBuilder') | null
+    date()                         | null
+    taintable()                    | null
+    string('string')               | taintedSource()
+    stringBuilder('stringBuilder') | taintedSource()
+    date()                         | taintedSource()
+    taintable()                    | taintedSource()
   }
 
-  void 'test taintIfInputIsTaintedWithMarks marks ranges for #mark'() {
+  void 'test source names over threshold'() {
     given:
-    final toTaint = 'this is a string'
-    final tainted = new Object()
-    ctx.getTaintedObjects().taint(tainted, previousRanges)
-    objectHolder.add(toTaint)
+    final maxSize = Config.get().iastTruncationMaxValueLength
 
     when:
-    module.taintIfInputIsTaintedWithMarks(toTaint, tainted, mark)
+    module.taint(target, SourceTypes.REQUEST_PARAMETER_VALUE)
 
     then:
-    final to = ctx.getTaintedObjects().get(toTaint)
-    final ranges = to.getRanges()
-    ranges != null && ranges.length == 1
-    ranges[0].marks == expected
+    final tainted = ctx.getTaintedObjects().get(target)
+    tainted != null
+    final sourceValue  = tainted.ranges.first().source.value
+    sourceValue.length() <= target.length()
+    sourceValue.length() <= maxSize
 
     where:
-    previousRanges                                                                                                                  | mark     | expected
-    [new Range(0, Integer.MAX_VALUE, getDefaultSource(), NOT_MARKED)] as Range[]                                                    | XSS_MARK | XSS_MARK
-    [new Range(0, 1, getDefaultSource(), SQL_INJECTION_MARK), new Range(2, 3, getDefaultSource(), NOT_MARKED)] as Range[]           | XSS_MARK | XSS_MARK
-    [new Range(2, 3, getDefaultSource(), NOT_MARKED), new Range(0, 1, getDefaultSource(), SQL_INJECTION_MARK)] as Range[]           | XSS_MARK | XSS_MARK
-    [new Range(2, 3, getDefaultSource(), XPATH_INJECTION_MARK), new Range(0, 1, getDefaultSource(), SQL_INJECTION_MARK)] as Range[] | XSS_MARK | getMarks(XPATH_INJECTION_MARK, XSS_MARK)
+    target                                                                          | _
+    string((0..Config.get().getIastTruncationMaxValueLength() * 2).join(''))        | _
+    stringBuilder((0..Config.get().getIastTruncationMaxValueLength() * 2).join('')) | _
+  }
+
+  private List<Tuple<Object>> taintIfSuite() {
+    return [
+      Tuple.tuple(string('string'), string('string')),
+      Tuple.tuple(string('string'), stringBuilder('stringBuilder')),
+      Tuple.tuple(string('string'), date()),
+      Tuple.tuple(string('string'), taintable()),
+      Tuple.tuple(stringBuilder('stringBuilder'), string('string')),
+      Tuple.tuple(stringBuilder('stringBuilder'), stringBuilder('stringBuilder')),
+      Tuple.tuple(stringBuilder('stringBuilder'), date()),
+      Tuple.tuple(stringBuilder('stringBuilder'), taintable()),
+      Tuple.tuple(date(), string('string')),
+      Tuple.tuple(date(), stringBuilder('stringBuilder')),
+      Tuple.tuple(date(), date()),
+      Tuple.tuple(date(), taintable()),
+      Tuple.tuple(taintable(), string('string')),
+      Tuple.tuple(taintable(), stringBuilder('stringBuilder')),
+      Tuple.tuple(taintable(), date()),
+      Tuple.tuple(taintable(), taintable())
+    ]
   }
 
-  private <E> E taint(final E toTaint) {
-    final source = new Source(SourceTypes.REQUEST_PARAMETER_VALUE, null, null)
-    if (toTaint instanceof Taintable) {
-      toTaint.$$DD$setSource(source)
+  private TaintedObject getTaintedObject(final Object target) {
+    if (target instanceof Taintable) {
+      final source = (target as Taintable).$$DD$getSource() as Source
+      return source == null ? null : new TaintedObject(target, Ranges.forObject(source), null)
+    }
+    return ctx.getTaintedObjects().get(target)
+  }
+
+  private TaintedObject taintObject(final Object target, Source source, int mark = NOT_MARKED) {
+    if (target instanceof Taintable) {
+      target.$$DD$setSource(source)
+    } else if (target instanceof CharSequence) {
+      ctx.getTaintedObjects().taint(target, Ranges.forCharSequence(target, source, mark))
     } else {
-      ctx.taintedObjects.taintInputObject(toTaint, source)
-      objectHolder.add(toTaint)
+      ctx.getTaintedObjects().taint(target, Ranges.forObject(source, mark))
     }
-    return toTaint
+    return getTaintedObject(target)
   }
 
-  private void assertTainted(final Object toTaint) {
-    final tainted = ctx.getTaintedObjects().get(toTaint)
-    if (toTaint instanceof Taintable) {
-      assert tainted == null
-      assert toTaint.$$DD$getSource() != null
+  private TaintedObject taintObject(final Object target, Range[] ranges) {
+    if (target instanceof Taintable) {
+      target.$$DD$setSource(ranges[0].getSource())
     } else {
-      assert tainted != null
+      ctx.getTaintedObjects().taint(target, ranges)
+    }
+    return getTaintedObject(target)
+  }
+
+  private String string(String value, Source source = null, int mark = NOT_MARKED) {
+    final result = new String(value)
+    if (source != null) {
+      taintObject(result, source, mark)
     }
+    return result
   }
 
-  private void assertNotTainted(final Object toTaint) {
-    final tainted = ctx.getTaintedObjects().get(toTaint)
-    assert tainted == null
-    if (toTaint instanceof Taintable) {
-      assert toTaint.$$DD$getSource() == null
+  private StringBuilder stringBuilder(String value, Source source = null, int mark = NOT_MARKED) {
+    final result = new StringBuilder(value)
+    if (source != null) {
+      taintObject(result, source, mark)
     }
+    return result
   }
 
-  private static Source getDefaultSource() {
-    return new Source(SourceTypes.REQUEST_PARAMETER_VALUE, null, null)
+  private Date date(Source source = null, int mark = NOT_MARKED) {
+    final result = new Date()
+    if (source != null) {
+      taintObject(result, source, mark)
+    }
+    return result
   }
 
-  private static int getMarks(int ... marks) {
-    int result = NOT_MARKED
-    for (int mark : marks) {
-      result = result | mark
+  private Taintable taintable(Source source = null) {
+    final result = new MockTaintable()
+    if (source != null) {
+      taintObject(result, source)
     }
     return result
   }
 
-  /**
-   * Mocking makes the test a bit more confusing*/
-  private static final class MockTaintable implements Taintable {
+  private Source taintedSource(String value = 'value') {
+    return new Source(SourceTypes.REQUEST_PARAMETER_VALUE, 'name', value)
+  }
 
+  private static void assertTainted(final TaintedObject tainted, final Range[] ranges, final int mark = NOT_MARKED) {
+    assert tainted != null
+    final originalValue = tainted.get()
+    assert tainted.ranges.length == ranges.length
+    ranges.eachWithIndex { Range expected, int i ->
+      final range = tainted.ranges[i]
+      if (mark == NOT_MARKED) {
+        assert range.marks == expected.marks
+      } else {
+        assert (range.marks & mark) > 0
+      }
+      final source = range.source
+      assert !source.value.is(originalValue): 'Weak value should not be retained by the source'
+
+      final expectedSource = expected.source
+      assert source.origin == expectedSource.origin
+      assert source.name == expectedSource.name
+      assert source.value == expectedSource.value
+    }
+  }
+
+  private static class MockTaintable implements Taintable {
     private Source source
 
-    @Override
     @SuppressWarnings('CodeNarc')
+    @Override
     Source $$DD$getSource() {
       return source
     }
 
-    @Override
     @SuppressWarnings('CodeNarc')
+    @Override
     void $$DD$setSource(Source source) {
       this.source = source
     }
+
+    @Override
+    String toString() {
+      return Taintable.name
+    }
   }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleRangeLimitForkedTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleRangeLimitForkedTest.groovy
new file mode 100644
index 00000000000..45d8ff8561c
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleRangeLimitForkedTest.groovy
@@ -0,0 +1,187 @@
+package com.datadog.iast.propagation
+
+import com.datadog.iast.IastModuleImplTestBase
+import com.datadog.iast.IastRequestContext
+import datadog.trace.api.config.IastConfig
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.propagation.StringModule
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+
+import static com.datadog.iast.taint.TaintUtils.*
+
+class StringModuleRangeLimitForkedTest extends IastModuleImplTestBase {
+
+  private StringModule module
+
+  private List<Object> objectHolder
+
+  private AgentSpan span
+
+  private IastRequestContext ctx
+
+  private RequestContext reqCtx
+
+  def setup() {
+    injectSysConfig(IastConfig.IAST_MAX_RANGE_COUNT, '2')
+
+    module = new StringModuleImpl()
+    objectHolder = []
+    span = Mock(AgentSpan)
+    tracer.activeSpan() >> span
+    reqCtx = Mock(RequestContext)
+    span.getRequestContext() >> reqCtx
+    ctx = new IastRequestContext()
+    reqCtx.getData(RequestContextSlot.IAST) >> ctx
+  }
+
+  void 'onStringConcatFactory'() {
+    given:
+    final taintedObjects = ctx.getTaintedObjects()
+    args = args.collect { it ->
+      final item = addFromTaintFormat(taintedObjects, it)
+      objectHolder.add(item)
+      return item
+    }
+    final recipe = args.collect { '\u0001' }.join()
+    final recipeOffsets = (0..<recipe.length()).collect { it }
+
+    and:
+    final result = getStringFromTaintFormat(expected)
+    objectHolder.add(expected)
+
+    when:
+    module.onStringConcatFactory(result, args as String[], recipe, [] as Object[], recipeOffsets as int[])
+
+    then:
+    final to = ctx.getTaintedObjects().get(result)
+    to != null
+    to.get() == result
+    taintFormat(to.get() as String, to.getRanges()) == expected
+
+    where:
+    args                              | expected
+    ['==>1<==', '==>2<==']            | '==>1<====>2<=='
+    ['==>1<==', '==>2<==', '==>3<=='] | '==>1<====>2<==3'
+  }
+
+  void 'onString'() {
+    given:
+    final result = getStringFromTaintFormat(expected)
+    objectHolder.add(expected)
+
+    and:
+    final taintedObjects = ctx.getTaintedObjects()
+    final fromTaintedDelimiter = addFromTaintFormat(taintedObjects, delimiter)
+    objectHolder.add(fromTaintedDelimiter)
+
+    and:
+    final fromTaintedElements = new CharSequence[elements.size()]
+    elements.eachWithIndex { element, i ->
+      def el = addFromTaintFormat(taintedObjects, element)
+      objectHolder.add(el)
+      fromTaintedElements[i] = el
+    }
+
+    when:
+    module.onStringJoin(result, fromTaintedDelimiter, fromTaintedElements)
+
+    then:
+    final to = ctx.getTaintedObjects().get(result)
+    to != null
+    to.get() == result
+    taintFormat(to.get() as String, to.getRanges()) == expected
+
+    where:
+    delimiter | elements                          | expected
+    ""        | ['==>1<==', '==>2<==']            | '==>1<====>2<=='
+    ""        | ['==>1<==', '==>2<==', '==>3<=='] | '==>1<====>2<==3'
+    "==>,<==" | ['1', '2', '3']                   | '1==>,<==2==>,<==3'
+    "==>,<==" | ['1', '2', '3', '4']              | '1==>,<==2==>,<==3,4'
+    "==>,<==" | ['==>1<==', '==>2<==', '==>3<=='] | '==>1<====>,<==23'
+  }
+
+  void 'onStringRepeat'() {
+    given:
+    final taintedObjects = ctx.getTaintedObjects()
+    self = addFromTaintFormat(taintedObjects, self)
+    objectHolder.add(self)
+
+    and:
+    final result = getStringFromTaintFormat(expected)
+    objectHolder.add(expected)
+
+    when:
+    module.onStringRepeat(self, count, result)
+
+    then:
+    final to = ctx.getTaintedObjects().get(result)
+    to != null
+    to.get() == result
+    taintFormat(to.get() as String, to.getRanges()) == expected
+
+    where:
+    self        | count | expected
+    "==>b<=="   | 2     | "==>b<====>b<=="
+    "==>b<=="   | 3     | "==>b<====>b<==b"
+    "aa==>b<==" | 2     | "aa==>b<==aa==>b<=="
+    "aa==>b<==" | 3     | "aa==>b<==aa==>b<==aab"
+    "==>b<==cc" | 2     | "==>b<==cc==>b<==ccbcc"
+    "a==>b<==c" | 2     | "a==>b<==ca==>b<==c"
+    "a==>b<==c" | 3     | "a==>b<==ca==>b<==cabc"
+  }
+
+  void 'onStringFormat'() {
+    given:
+    final to = ctx.getTaintedObjects()
+    final format = addFromTaintFormat(to, formatTainted)
+    final args = argsTainted.collect {
+      final value = taint(to, it)
+      objectHolder.add(value)
+      return value
+    }
+    final formatted = String.format(format, args as Object[])
+    final expected = getStringFromTaintFormat(expectedTainted)
+    assert expected == formatted // validate expectation is OK
+
+    when:
+    module.onStringFormat(format, args as Object[], formatted)
+
+    then:
+    final tainted = to.get(formatted)
+    final formattedResult = taintFormat(formatted, tainted?.ranges)
+    assert formattedResult == expectedTainted: tainted?.ranges
+
+    where:
+    formatTainted        | argsTainted                       | expectedTainted
+    '%s%s'               | ['==>1<==', '==>2<==']            | '==>1<====>2<=='
+    '%s%s%s'             | ['==>1<==', '==>2<==', '==>3<=='] | '==>1<====>2<==3'
+    '==>%s<====>%s<==%s' | ['1', '2', '==>3<==']             | '==>1<====>2<==3'
+    '%s==>%s<====>%s<==' | ['1', '2', '==>3<==']             | '1==>2<====>3<=='
+    '%s%s==>%s<=='       | ['==>1<==', '==>2<==', '3']       | '==>1<====>2<==3'
+  }
+
+  void 'onStringFormat literals'() {
+    given:
+    final to = ctx.getTaintedObjects()
+    final args = argsTainted.collect {
+      final value = taint(to, it)
+      objectHolder.add(value)
+      return value
+    }
+    final expected = getStringFromTaintFormat(expectedTainted)
+
+    when:
+    module.onStringFormat(literals, args as Object[], expected)
+
+    then:
+    final tainted = to.get(expected)
+    final formattedResult = taintFormat(expected, tainted?.ranges)
+    assert formattedResult == expectedTainted: tainted?.ranges
+
+    where:
+    literals         | argsTainted                       | expectedTainted
+    ['', '', '']     | ['==>1<==', '==>2<==']            | '==>1<====>2<=='
+    ['', '', '', ''] | ['==>1<==', '==>2<==', '==>3<=='] | '==>1<====>2<==3'
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy
index 11319301eaf..5e7dd245777 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy
@@ -908,6 +908,34 @@ class StringModuleTest extends IastModuleImplTestBase {
     'He==>llo %s!<=='               | ['W==>or<==ld']                     | 'He==>llo <==W==>or<==ld==>!<==' // tainted placeholder (3) [mixing with tainted parameter]
   }
 
+  void 'onStringFormat literals: #literals args: #argsTainted'() {
+    given:
+    final to = ctx.getTaintedObjects()
+    final args = argsTainted.collect {
+      final value = taint(to, it)
+      objectHolder.add(value)
+      return value
+    }
+    final expected = getStringFromTaintFormat(expectedTainted)
+
+    when:
+    module.onStringFormat(literals, args as Object[], expected)
+
+    then:
+    final tainted = to.get(expected)
+    final formattedResult = taintFormat(expected, tainted?.ranges)
+    assert formattedResult == expectedTainted: tainted?.ranges
+
+    where:
+    literals          | argsTainted                        | expectedTainted
+    ['Hello World!']  | []                                 | 'Hello World!'
+    ['', ' ', '']     | ['Hello', 'World!']                | 'Hello World!'
+    ['', ' ', '']     | ['He==>ll<==o', 'World==>!<==']    | 'He==>ll<==o World==>!<=='
+    ['Hello World!']  | []                                 | 'Hello World!'
+    ['Today is ', ''] | [date('yyyy.MM.dd', '2012.11.23')] | "Today is ==>${String.valueOf(date('yyyy.MM.dd', '2012.11.23'))}<=="
+    ['', '']          | ['He==>ll<==o', 'World==>!<==']    | 'He==>ll<==o' // extra args
+  }
+
   void 'onSplit'() {
     given:
     final to = ctx.getTaintedObjects()
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/CommandInjectionModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/CommandInjectionModuleTest.groovy
index 9bc9148bb30..30b8adf5166 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/CommandInjectionModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/CommandInjectionModuleTest.groovy
@@ -11,7 +11,7 @@ import datadog.trace.api.iast.sink.CommandInjectionModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import groovy.transform.CompileDynamic
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.taintFormat
 
@@ -27,7 +27,7 @@ class CommandInjectionModuleTest extends IastModuleImplTestBase {
   private AgentSpan span
 
   def setup() {
-    module = registerDependencies(new CommandInjectionModuleImpl())
+    module = new CommandInjectionModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HstsMissingHeaderModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HstsMissingHeaderModuleTest.groovy
new file mode 100644
index 00000000000..505776b3ea4
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HstsMissingHeaderModuleTest.groovy
@@ -0,0 +1,170 @@
+package com.datadog.iast.sink
+
+import com.datadog.iast.IastModuleImplTestBase
+import com.datadog.iast.IastRequestContext
+import com.datadog.iast.RequestEndedHandler
+import com.datadog.iast.model.Vulnerability
+import com.datadog.iast.model.VulnerabilityType
+import datadog.trace.api.gateway.Flow
+import datadog.trace.api.gateway.IGSpanInfo
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.internal.TraceSegment
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+
+class HstsMissingHeaderModuleTest extends IastModuleImplTestBase {
+
+  private List<Object> objectHolder
+
+  private IastRequestContext ctx
+
+  private HstsMissingHeaderModuleImpl module
+
+  private AgentSpan span
+
+  def setup() {
+    InstrumentationBridge.clearIastModules()
+    module = new HstsMissingHeaderModuleImpl(dependencies)
+    InstrumentationBridge.registerIastModule(module)
+    objectHolder = []
+    ctx = new IastRequestContext()
+    final reqCtx = Mock(RequestContext) {
+      getData(RequestContextSlot.IAST) >> ctx
+    }
+    span = Mock(AgentSpan) {
+      getSpanId() >> 123456
+      getRequestContext() >> reqCtx
+    }
+  }
+
+
+  void 'hsts vulnerability'() {
+    given:
+    Vulnerability savedVul1
+    final iastCtx = Mock(IastRequestContext)
+    iastCtx.getxForwardedProto() >> 'https'
+    iastCtx.getContentType() >> "text/html"
+    final handler = new RequestEndedHandler(dependencies)
+    final TraceSegment traceSegment = Mock(TraceSegment)
+    final reqCtx = Mock(RequestContext)
+    reqCtx.getTraceSegment() >> traceSegment
+    reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    final tags = Mock(Map<String, Object>)
+    tags.get("http.url") >> "https://localhost/a"
+    tags.get("http.status_code") >> 200i
+    final spanInfo = Mock(IGSpanInfo)
+    spanInfo.getTags() >> tags
+    IastRequestContext.get(span) >> iastCtx
+
+
+    when:
+    def flow = handler.apply(reqCtx, spanInfo)
+
+    then:
+    flow.getAction() == Flow.Action.Noop.INSTANCE
+    flow.getResult() == null
+    1 * reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    1 * reqCtx.getTraceSegment() >> traceSegment
+    1 * traceSegment.setTagTop("_dd.iast.enabled", 1)
+    1 * iastCtx.getTaintedObjects() >> null
+    1 * overheadController.releaseRequest()
+    1 * spanInfo.getTags() >> tags
+    1 * tags.get('http.url') >> "https://localhost/a"
+    1 * tags.get('http.status_code') >> 200i
+    1 * iastCtx.getStrictTransportSecurity()
+    1 * tracer.activeSpan() >> span
+    1 * iastCtx.getContentType() >> "text/html"
+    1 * reporter.report(_, _ as Vulnerability) >> {
+      savedVul1 = it[1]
+    }
+
+    with(savedVul1) {
+      type == VulnerabilityType.HSTS_HEADER_MISSING
+    }
+  }
+
+
+  void 'no hsts vulnerability reported'() {
+    given:
+    final iastCtx = Mock(IastRequestContext)
+    iastCtx.getxForwardedProto() >> 'https'
+    iastCtx.getContentType() >> "text/html"
+    final handler = new RequestEndedHandler(dependencies)
+    final TraceSegment traceSegment = Mock(TraceSegment)
+    final reqCtx = Mock(RequestContext)
+    reqCtx.getTraceSegment() >> traceSegment
+    reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    final tags = Mock(Map<String, Object>)
+    tags.get("http.url") >> url
+    tags.get("http.status_code") >> status
+    final spanInfo = Mock(IGSpanInfo)
+    spanInfo.getTags() >> tags
+    IastRequestContext.get(span) >> iastCtx
+
+
+    when:
+    def flow = handler.apply(reqCtx, spanInfo)
+
+    then:
+    flow.getAction() == Flow.Action.Noop.INSTANCE
+    flow.getResult() == null
+    1 * reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    1 * reqCtx.getTraceSegment() >> traceSegment
+    1 * traceSegment.setTagTop("_dd.iast.enabled", 1)
+    1 * iastCtx.getTaintedObjects() >> null
+    1 * overheadController.releaseRequest()
+    1 * spanInfo.getTags() >> tags
+    1 * tags.get('http.url') >> url
+    1 * tags.get('http.status_code') >> status
+    1 * iastCtx.getStrictTransportSecurity()
+    0 * _
+
+    where:
+    url                   | status
+    "https://localhost/a" | 307i
+    "https://localhost/a" | HttpURLConnection.HTTP_MOVED_PERM
+    "https://localhost/a" | HttpURLConnection.HTTP_MOVED_TEMP
+    "https://localhost/a" | HttpURLConnection.HTTP_NOT_MODIFIED
+    "https://localhost/a" | HttpURLConnection.HTTP_NOT_FOUND
+    "https://localhost/a" | HttpURLConnection.HTTP_GONE
+    "https://localhost/a" | HttpURLConnection.HTTP_INTERNAL_ERROR
+  }
+
+
+
+  void 'throw exception if context is null'(){
+    when:
+    module.onRequestEnd(null, null)
+
+    then:
+    thrown(NullPointerException)
+  }
+
+  void 'exception not thrown if igSpanInfo is null'(){
+    when:
+    module.onRequestEnd(ctx, null)
+
+    then:
+    noExceptionThrown()
+  }
+
+  void 'test max age'(){
+    when:
+    final result = HstsMissingHeaderModuleImpl.isValidMaxAge(value)
+
+    then:
+    result == expected
+
+    where:
+    value               | expected
+    "max-age=0"         | false
+    "max-age=-1"        | false
+    null                | false
+    ""                  | false
+    "max-age-3"         | false
+    "ramdom"            | false
+    "max-age=10"        | true
+    "max-age=0122344"   | true
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HttpResponseHeaderModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HttpResponseHeaderModuleTest.groovy
index 34e26d60e99..f3e30e1e180 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HttpResponseHeaderModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HttpResponseHeaderModuleTest.groovy
@@ -1,12 +1,15 @@
 package com.datadog.iast.sink
 
+
 import com.datadog.iast.IastModuleImplTestBase
 import com.datadog.iast.IastRequestContext
 import com.datadog.iast.model.Vulnerability
 import com.datadog.iast.model.VulnerabilityType
+import com.datadog.iast.taint.TaintedObjects
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.telemetry.IastMetricCollector
 import datadog.trace.api.iast.util.Cookie
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
@@ -22,10 +25,13 @@ class HttpResponseHeaderModuleTest extends IastModuleImplTestBase {
 
   def setup() {
     InstrumentationBridge.clearIastModules()
-    module = registerDependencies(new HttpResponseHeaderModuleImpl())
+    module = new HttpResponseHeaderModuleImpl(dependencies)
+    InstrumentationBridge.registerIastModule(module)
     InstrumentationBridge.registerIastModule(new InsecureCookieModuleImpl())
     InstrumentationBridge.registerIastModule(new NoHttpOnlyCookieModuleImpl())
     InstrumentationBridge.registerIastModule(new NoSameSiteCookieModuleImpl())
+    InstrumentationBridge.registerIastModule(new HstsMissingHeaderModuleImpl(dependencies))
+    InstrumentationBridge.registerIastModule(new UnvalidatedRedirectModuleImpl(dependencies))
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
@@ -52,6 +58,7 @@ class HttpResponseHeaderModuleTest extends IastModuleImplTestBase {
     then:
     1 * tracer.activeSpan() >> span
     1 * span.getSpanId()
+    1 * span.getServiceName()
     1 * overheadController.consumeQuota(_, _) >> true
     1 * reporter.report(_, _ as Vulnerability) >> { onReport.call(it[1] as Vulnerability) }
     1 * reporter.report(_, _ as Vulnerability) >> { onReport.call(it[1] as Vulnerability) }
@@ -81,10 +88,42 @@ class HttpResponseHeaderModuleTest extends IastModuleImplTestBase {
   void 'exercise onHeader'() {
     when:
     module.onHeader("Set-Cookie", "user-id=7")
+    module.onHeader("X-Content-Type-Options", "nosniff")
+    module.onHeader("Content-Type", "text/html")
+    module.onHeader("Strict-Transport-Security", "invalid max age")
 
     then:
-    1 * tracer.activeSpan()
+    4 * tracer.activeSpan()
     1 * overheadController.consumeQuota(_,_)
     0 * _
   }
+
+  void 'exercise IastRequestController'(){
+    given:
+    final taintedObjects = Mock(TaintedObjects)
+    IastRequestContext ctx = new IastRequestContext(taintedObjects)
+
+    when:
+    ctx.setxForwardedProto('https')
+
+    then:
+    ctx.getxForwardedProto() == 'https'
+  }
+
+  void 'exercise IastRequestContext'(){
+    given:
+    final taintedObjects = Mock(TaintedObjects)
+    final iastMetricsCollector = Mock(IastMetricCollector)
+
+    when:
+    IastRequestContext ctx = new IastRequestContext(taintedObjects, iastMetricsCollector)
+    ctx.setxForwardedProto('https')
+    ctx.setContentType("text/html")
+    ctx.setxContentTypeOptions('nosniff')
+    ctx.getxContentTypeOptions()
+    ctx.setStrictTransportSecurity('max-age=2345')
+
+    then:
+    0 * _
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/InsecureCookieModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/InsecureCookieModuleTest.groovy
index bf74a709519..b160f37a28b 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/InsecureCookieModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/InsecureCookieModuleTest.groovy
@@ -24,7 +24,7 @@ class InsecureCookieModuleTest extends IastModuleImplTestBase {
 
   def setup() {
     InstrumentationBridge.clearIastModules()
-    module = registerDependencies(new HttpResponseHeaderModuleImpl())
+    module = new HttpResponseHeaderModuleImpl(dependencies)
     InstrumentationBridge.registerIastModule(new InsecureCookieModuleImpl())
     objectHolder = []
     ctx = new IastRequestContext()
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/LdapInjectionModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/LdapInjectionModuleTest.groovy
index 2159276a958..682e8dfef39 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/LdapInjectionModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/LdapInjectionModuleTest.groovy
@@ -11,7 +11,7 @@ import datadog.trace.api.iast.sink.LdapInjectionModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import groovy.transform.CompileDynamic
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.taintFormat
 
@@ -27,7 +27,7 @@ class LdapInjectionModuleTest extends IastModuleImplTestBase {
   private AgentSpan span
 
   def setup() {
-    module = registerDependencies(new LdapInjectionModuleImpl())
+    module = new LdapInjectionModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoHttpCookieModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoHttpCookieModuleTest.groovy
index 28fda1aeecb..a246f30ee9f 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoHttpCookieModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoHttpCookieModuleTest.groovy
@@ -24,7 +24,7 @@ class NoHttpCookieModuleTest extends IastModuleImplTestBase {
 
   def setup() {
     InstrumentationBridge.clearIastModules()
-    module = registerDependencies(new HttpResponseHeaderModuleImpl())
+    module = new HttpResponseHeaderModuleImpl(dependencies)
     InstrumentationBridge.registerIastModule(new NoHttpOnlyCookieModuleImpl())
     objectHolder = []
     ctx = new IastRequestContext()
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoSameSiteCookieModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoSameSiteCookieModuleTest.groovy
index f4a97aaffa1..4e32a9b7722 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoSameSiteCookieModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/NoSameSiteCookieModuleTest.groovy
@@ -24,7 +24,7 @@ class NoSameSiteCookieModuleTest extends IastModuleImplTestBase {
 
   def setup() {
     InstrumentationBridge.clearIastModules()
-    module = registerDependencies(new HttpResponseHeaderModuleImpl())
+    module = new HttpResponseHeaderModuleImpl(dependencies)
     InstrumentationBridge.registerIastModule(new NoSameSiteCookieModuleImpl())
     objectHolder = []
     ctx = new IastRequestContext()
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/PathTraversalModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/PathTraversalModuleTest.groovy
index d55e2975e7e..6c25122e393 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/PathTraversalModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/PathTraversalModuleTest.groovy
@@ -10,7 +10,7 @@ import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.sink.PathTraversalModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.fromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.getStringFromTaintFormat
@@ -27,7 +27,7 @@ class PathTraversalModuleTest extends IastModuleImplTestBase {
   private IastRequestContext ctx
 
   def setup() {
-    module = registerDependencies(new PathTraversalModuleImpl())
+    module = new PathTraversalModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SqlInjectionModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SqlInjectionModuleTest.groovy
index 3041c928a2a..69b30fe5ef3 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SqlInjectionModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SqlInjectionModuleTest.groovy
@@ -10,7 +10,7 @@ import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.sink.SqlInjectionModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.taintFormat
 import static datadog.trace.api.iast.sink.SqlInjectionModule.DATABASE_PARAMETER
@@ -24,7 +24,7 @@ class SqlInjectionModuleTest extends IastModuleImplTestBase {
   private IastRequestContext ctx
 
   def setup() {
-    module = registerDependencies(new SqlInjectionModuleImpl())
+    module = new SqlInjectionModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SsrfModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SsrfModuleTest.groovy
index 6884da0e616..c379cea4b8f 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SsrfModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/SsrfModuleTest.groovy
@@ -6,6 +6,7 @@ import com.datadog.iast.model.Range
 import com.datadog.iast.model.Source
 import com.datadog.iast.model.Vulnerability
 import com.datadog.iast.model.VulnerabilityType
+import com.datadog.iast.taint.Ranges
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.iast.SourceTypes
@@ -24,7 +25,7 @@ class SsrfModuleTest extends IastModuleImplTestBase {
   private AgentSpan span
 
   def setup() {
-    module = registerDependencies(new SsrfModuleImpl())
+    module = new SsrfModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
@@ -82,6 +83,6 @@ class SsrfModuleTest extends IastModuleImplTestBase {
   }
 
   private void taint(final Object value) {
-    ctx.getTaintedObjects().taintInputObject(value, new Source(SourceTypes.REQUEST_PARAMETER_VALUE, 'name', value.toString()))
+    ctx.getTaintedObjects().taint(value, Ranges.forObject(new Source(SourceTypes.REQUEST_PARAMETER_VALUE, 'name', value.toString())))
   }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/TrustBoundaryViolationModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/TrustBoundaryViolationModuleTest.groovy
index c8120abab73..a3fce16d195 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/TrustBoundaryViolationModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/TrustBoundaryViolationModuleTest.groovy
@@ -5,11 +5,13 @@ import com.datadog.iast.IastRequestContext
 import com.datadog.iast.model.Source
 import com.datadog.iast.model.Vulnerability
 import com.datadog.iast.model.VulnerabilityType
+import com.datadog.iast.taint.Ranges
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+import foo.bar.VisitableClass
 
 class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
   private List<Object> objectHolder
@@ -23,7 +25,7 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
 
   def setup() {
     InstrumentationBridge.clearIastModules()
-    module = registerDependencies(new TrustBoundaryViolationModuleImpl())
+    module = new TrustBoundaryViolationModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
@@ -35,11 +37,31 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
     }
   }
 
+  void 'report TrustBoundary vulnerability without context'() {
+    when:
+    module.onSessionValue('test', null)
+
+    then:
+    1 * tracer.activeSpan() >> null
+    0 * overheadController.consumeQuota(_, _)
+    0 * reporter._
+  }
+
+  void 'report TrustBoundary vulnerability for null value'() {
+    when:
+    module.onSessionValue('test', null)
+
+    then:
+    1 * tracer.activeSpan() >> span
+    0 * overheadController.consumeQuota(_, _)
+    0 * reporter._
+  }
+
   void 'report TrustBoundary vulnerability for tainted name'() {
     given:
     Vulnerability savedVul
     final name = "name"
-    ctx.getTaintedObjects().taintInputString(name, new Source(SourceTypes.NONE, null, null))
+    ctx.getTaintedObjects().taint(name, Ranges.forCharSequence(name, new Source(SourceTypes.NONE, null, null)))
 
     when:
     module.onSessionValue(name, "value")
@@ -56,7 +78,7 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
     Vulnerability savedVul
     final name = "name"
     final badValue = "theValue"
-    ctx.getTaintedObjects().taintInputString(badValue, new Source(SourceTypes.NONE, null, null))
+    ctx.getTaintedObjects().taint(badValue, Ranges.forCharSequence(badValue, new Source(SourceTypes.NONE, null, null)))
 
     when:
     module.onSessionValue(name, badValue)
@@ -74,7 +96,7 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
     Vulnerability savedVul
     final name = "name"
     final badValue = "badValue"
-    ctx.getTaintedObjects().taintInputString(badValue, new Source(SourceTypes.NONE, null, null))
+    ctx.getTaintedObjects().taint(badValue, Ranges.forCharSequence(badValue, new Source(SourceTypes.NONE, null, null)))
     final values = ["A", "B", badValue]
 
     when:
@@ -92,7 +114,7 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
     Vulnerability savedVul
     final name = "name"
     final badValue = "badValue"
-    ctx.getTaintedObjects().taintInputString(badValue, new Source(SourceTypes.NONE, null, null))
+    ctx.getTaintedObjects().taint(badValue, Ranges.forCharSequence(badValue, new Source(SourceTypes.NONE, null, null)))
     final values = new String[3]
     values[0] = "A"
     values[1] = "B"
@@ -113,7 +135,7 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
     Vulnerability savedVul
     final name = "name"
     final badValue = "badValue"
-    ctx.getTaintedObjects().taintInputString(badValue, new Source(SourceTypes.NONE, null, null))
+    ctx.getTaintedObjects().taint(badValue, Ranges.forCharSequence(badValue, new Source(SourceTypes.NONE, null, null)))
     final values = new LinkedHashMap<String,String>()
     values.put("A", "A")
     values.put("B", "B")
@@ -129,6 +151,23 @@ class TrustBoundaryViolationModuleTest extends IastModuleImplTestBase {
     assertVulnerability(savedVul, badValue)
   }
 
+  void 'report TrustBoundary vulnerability for tainted value within custom class'() {
+    given:
+    Vulnerability savedVul
+    final name = "name"
+    final badValue = "badValue"
+    ctx.getTaintedObjects().taint(badValue, Ranges.forCharSequence(badValue, new Source(SourceTypes.NONE, null, null)))
+    final value = new VisitableClass(name: badValue)
+
+    when:
+    module.onSessionValue(name, value)
+
+    then:
+    1 * tracer.activeSpan() >> span
+    1 * overheadController.consumeQuota(_, _) >> true
+    1 * reporter.report(_, _ as Vulnerability) >> { savedVul = it[1] }
+    assertVulnerability(savedVul, badValue)
+  }
 
   private static void assertVulnerability(final Vulnerability vuln, String expectedValue) {
     assert vuln != null
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/UnvalidatedRedirectModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/UnvalidatedRedirectModuleTest.groovy
index fc22237fa09..5dabb12cc52 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/UnvalidatedRedirectModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/UnvalidatedRedirectModuleTest.groovy
@@ -6,6 +6,7 @@ import com.datadog.iast.model.Range
 import com.datadog.iast.model.Source
 import com.datadog.iast.model.Vulnerability
 import com.datadog.iast.model.VulnerabilityType
+import com.datadog.iast.taint.Ranges
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.iast.InstrumentationBridge
@@ -14,7 +15,7 @@ import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.sink.UnvalidatedRedirectModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.taintFormat
 
@@ -27,7 +28,7 @@ class UnvalidatedRedirectModuleTest extends IastModuleImplTestBase {
   private IastRequestContext ctx
 
   def setup() {
-    module = registerDependencies(new UnvalidatedRedirectModuleImpl())
+    module = new UnvalidatedRedirectModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
@@ -64,7 +65,7 @@ class UnvalidatedRedirectModuleTest extends IastModuleImplTestBase {
 
   void 'iast module detects URI redirect (#value)'(final URI value, final String expected) {
     setup:
-    ctx.taintedObjects.taintInputObject(value, new Source(SourceTypes.NONE, null, null))
+    ctx.taintedObjects.taint(value, Ranges.forObject(new Source(SourceTypes.NONE, null, null)))
 
     when:
     module.onURIRedirect(value)
@@ -107,7 +108,7 @@ class UnvalidatedRedirectModuleTest extends IastModuleImplTestBase {
 
   void 'if onHeader receives a Location header call onRedirect'() {
     setup:
-    final urm = Spy(UnvalidatedRedirectModuleImpl)
+    final urm = Spy(new UnvalidatedRedirectModuleImpl(dependencies))
     InstrumentationBridge.registerIastModule(urm)
 
     when:
@@ -157,6 +158,10 @@ class UnvalidatedRedirectModuleTest extends IastModuleImplTestBase {
       new Range(0, 2, new Source(SourceTypes.REQUEST_HEADER_VALUE, 'referer', 'value'), NOT_MARKED),
       new Range(4, 1, new Source(SourceTypes.REQUEST_PARAMETER_NAME, 'referer', 'value'), NOT_MARKED)
     ]
+    'test03' | [
+      new Range(0, 2, new Source(SourceTypes.REQUEST_HEADER_VALUE, null, null), NOT_MARKED),
+      new Range(4, 1, new Source(SourceTypes.REQUEST_PARAMETER_NAME, 'referer', 'value'), NOT_MARKED)
+    ]
   }
 
   void 'If all ranges from tainted element have unvalidated redirect mark vulnerability is not reported'() {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakCipherModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakCipherModuleTest.groovy
index 3fec5882597..802df43ec28 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakCipherModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakCipherModuleTest.groovy
@@ -12,7 +12,7 @@ class WeakCipherModuleTest extends IastModuleImplTestBase {
   private WeakCipherModule module
 
   def setup() {
-    module = registerDependencies(new WeakCipherModuleImpl())
+    module = new WeakCipherModuleImpl(dependencies)
   }
 
   void 'iast module vulnerable cipher algorithm'(final String algorithm){
@@ -26,6 +26,7 @@ class WeakCipherModuleTest extends IastModuleImplTestBase {
     then:
     1 * tracer.activeSpan() >> span
     1 * span.getSpanId() >> spanId
+    1 * span.getServiceName()
     1 * overheadController.consumeQuota(_, _) >> true
     1 * reporter.report(_, _) >> { args ->
       Vulnerability vuln = args[1] as Vulnerability
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakHashModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakHashModuleTest.groovy
index 0d84ab3b8a6..2cfebb744e0 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakHashModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakHashModuleTest.groovy
@@ -12,7 +12,7 @@ class WeakHashModuleTest extends IastModuleImplTestBase {
   private WeakHashModule module
 
   def setup() {
-    module = registerDependencies(new WeakHashModuleImpl())
+    module = new WeakHashModuleImpl(dependencies)
   }
 
   void 'iast module vulnerable hash algorithm'(final String algorithm){
@@ -26,6 +26,7 @@ class WeakHashModuleTest extends IastModuleImplTestBase {
     then:
     1 * tracer.activeSpan() >> span
     1 * span.getSpanId() >> spanId
+    1 * span.getServiceName()
     1 * overheadController.consumeQuota(_, _) >> true
     1 * reporter.report(_, _) >> { args ->
       Vulnerability vuln = args[1] as Vulnerability
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakRandomnessModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakRandomnessModuleTest.groovy
index 3b32d0afa88..fa3db3c8f19 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakRandomnessModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/WeakRandomnessModuleTest.groovy
@@ -1,6 +1,7 @@
 package com.datadog.iast.sink
 
 import com.datadog.iast.IastModuleImplTestBase
+import com.datadog.iast.overhead.Operations
 import datadog.trace.api.iast.sink.WeakRandomnessModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
@@ -13,7 +14,7 @@ class WeakRandomnessModuleTest extends IastModuleImplTestBase {
   private AgentSpan span
 
   def setup() {
-    module = registerDependencies(new WeakRandomnessModuleImpl())
+    module = new WeakRandomnessModuleImpl(dependencies)
     span = Mock(AgentSpan) {
       getSpanId() >> 123456
     }
@@ -28,6 +29,7 @@ class WeakRandomnessModuleTest extends IastModuleImplTestBase {
       0 * _
     } else {
       tracer.activeSpan() >> span
+      1 * overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span) >> true
       1 * reporter.report(span, _)
     }
 
@@ -39,6 +41,7 @@ class WeakRandomnessModuleTest extends IastModuleImplTestBase {
       0 * _
     } else {
       tracer.activeSpan() >> null
+      1 * overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, null) >> true
       1 * reporter.report(_, _)
     }
 
@@ -47,4 +50,14 @@ class WeakRandomnessModuleTest extends IastModuleImplTestBase {
     Random       | false
     SecureRandom | true
   }
+
+  void 'test nothing is reported if no quota available'() {
+    when:
+    module.onWeakRandom(Random)
+
+    then:
+    tracer.activeSpan() >> span
+    1 * overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, span) >> false
+    0 * _
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XContentTypeOptionsModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XContentTypeOptionsModuleTest.groovy
new file mode 100644
index 00000000000..a8d377e968b
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XContentTypeOptionsModuleTest.groovy
@@ -0,0 +1,140 @@
+package com.datadog.iast.sink
+
+import com.datadog.iast.IastModuleImplTestBase
+import com.datadog.iast.IastRequestContext
+import com.datadog.iast.RequestEndedHandler
+import com.datadog.iast.model.Vulnerability
+import com.datadog.iast.model.VulnerabilityType
+import datadog.trace.api.gateway.Flow
+import datadog.trace.api.gateway.IGSpanInfo
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.internal.TraceSegment
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+
+public class XContentTypeOptionsModuleTest extends IastModuleImplTestBase {
+
+  private List<Object> objectHolder
+
+  private IastRequestContext ctx
+
+  private XContentTypeModuleImpl module
+
+  private AgentSpan span
+
+  def setup() {
+    InstrumentationBridge.clearIastModules()
+    module = new XContentTypeModuleImpl(dependencies)
+    InstrumentationBridge.registerIastModule(module)
+    objectHolder = []
+    ctx = new IastRequestContext()
+    final reqCtx = Mock(RequestContext) {
+      getData(RequestContextSlot.IAST) >> ctx
+    }
+    span = Mock(AgentSpan) {
+      getSpanId() >> 123456
+      getRequestContext() >> reqCtx
+    }
+  }
+
+
+  void 'x content options sniffing vulnerability'() {
+    given:
+    Vulnerability savedVul1
+    final iastCtx = Mock(IastRequestContext)
+    iastCtx.getContentType() >> "text/html"
+    final handler = new RequestEndedHandler(dependencies)
+    final TraceSegment traceSegment = Mock(TraceSegment)
+    final reqCtx = Mock(RequestContext)
+    reqCtx.getTraceSegment() >> traceSegment
+    reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    final tags = Mock(Map<String, Object>)
+    tags.get("http.status_code") >> 200i
+    final spanInfo = Mock(IGSpanInfo)
+    spanInfo.getTags() >> tags
+    IastRequestContext.get(span) >> iastCtx
+
+
+    when:
+    def flow = handler.apply(reqCtx, spanInfo)
+
+    then:
+    flow.getAction() == Flow.Action.Noop.INSTANCE
+    flow.getResult() == null
+    1 * reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    1 * reqCtx.getTraceSegment() >> traceSegment
+    1 * traceSegment.setTagTop("_dd.iast.enabled", 1)
+    1 * iastCtx.getTaintedObjects() >> null
+    1 * overheadController.releaseRequest()
+    1 * spanInfo.getTags() >> tags
+    1 * tags.get('http.status_code') >> 200i
+    1 * iastCtx.getxContentTypeOptions() >> null
+    1 * tracer.activeSpan() >> span
+    1 * iastCtx.getContentType() >> "text/html"
+    1 * reporter.report(_, _ as Vulnerability) >> {
+      savedVul1 = it[1]
+    }
+
+    with(savedVul1) {
+      type == VulnerabilityType.XCONTENTTYPE_HEADER_MISSING
+    }
+  }
+
+
+  void 'no x content options sniffing reported'() {
+    given:
+    final iastCtx = Mock(IastRequestContext)
+    iastCtx.getxForwardedProto() >> 'https'
+    iastCtx.getContentType() >> "text/html"
+    final handler = new RequestEndedHandler(dependencies)
+    final TraceSegment traceSegment = Mock(TraceSegment)
+    final reqCtx = Mock(RequestContext)
+    reqCtx.getTraceSegment() >> traceSegment
+    reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    final tags = Mock(Map<String, Object>)
+    tags.get("http.url") >> url
+    tags.get("http.status_code") >> status
+    final spanInfo = Mock(IGSpanInfo)
+    spanInfo.getTags() >> tags
+    IastRequestContext.get(span) >> iastCtx
+
+
+    when:
+    def flow = handler.apply(reqCtx, spanInfo)
+
+    then:
+    flow.getAction() == Flow.Action.Noop.INSTANCE
+    flow.getResult() == null
+    1 * reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
+    1 * reqCtx.getTraceSegment() >> traceSegment
+    1 * traceSegment.setTagTop("_dd.iast.enabled", 1)
+    1 * iastCtx.getTaintedObjects() >> null
+    1 * overheadController.releaseRequest()
+    1 * spanInfo.getTags() >> tags
+    1 * iastCtx.getContentType() >> "text/html"
+    1 * tags.get('http.status_code') >> status
+    1 * iastCtx.getxContentTypeOptions()
+    0 * _
+
+    where:
+    url                   | status
+    "https://localhost/a" | 307i
+    "https://localhost/a" | HttpURLConnection.HTTP_MOVED_PERM
+    "https://localhost/a" | HttpURLConnection.HTTP_MOVED_TEMP
+    "https://localhost/a" | HttpURLConnection.HTTP_NOT_MODIFIED
+    "https://localhost/a" | HttpURLConnection.HTTP_NOT_FOUND
+    "https://localhost/a" | HttpURLConnection.HTTP_GONE
+    "https://localhost/a" | HttpURLConnection.HTTP_INTERNAL_ERROR
+  }
+
+
+
+  void 'throw exception if context is null'(){
+    when:
+    module.onRequestEnd(null, null)
+
+    then:
+    noExceptionThrown()
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XPathInjectionModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XPathInjectionModuleTest.groovy
index 6a44afd10b8..3638b6f431b 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XPathInjectionModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XPathInjectionModuleTest.groovy
@@ -10,7 +10,7 @@ import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.sink.XPathInjectionModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.taintFormat
 
@@ -23,7 +23,7 @@ class XPathInjectionModuleTest extends IastModuleImplTestBase {
   private IastRequestContext ctx
 
   def setup() {
-    module = registerDependencies(new XPathInjectionModuleImpl())
+    module = new XPathInjectionModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XssModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XssModuleTest.groovy
index 76ebed3b3a6..bbebbceae97 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XssModuleTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/XssModuleTest.groovy
@@ -5,6 +5,7 @@ import com.datadog.iast.IastRequestContext
 import com.datadog.iast.model.Source
 import com.datadog.iast.model.Vulnerability
 import com.datadog.iast.model.VulnerabilityType
+import com.datadog.iast.taint.Ranges
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.iast.SourceTypes
@@ -12,7 +13,7 @@ import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.sink.XssModule
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 import static com.datadog.iast.taint.TaintUtils.addFromTaintFormat
 import static com.datadog.iast.taint.TaintUtils.taintFormat
 
@@ -25,7 +26,7 @@ class XssModuleTest extends IastModuleImplTestBase {
   private IastRequestContext ctx
 
   def setup() {
-    module = registerDependencies(new XssModuleImpl())
+    module = new XssModuleImpl(dependencies)
     objectHolder = []
     ctx = new IastRequestContext()
     final reqCtx = Mock(RequestContext) {
@@ -65,7 +66,7 @@ class XssModuleTest extends IastModuleImplTestBase {
   void 'module detects char[] XSS'() {
     setup:
     if (tainted) {
-      ctx.taintedObjects.taintInputObject(buf, new Source(SourceTypes.NONE, '', ''), mark)
+      ctx.taintedObjects.taint(buf, Ranges.forObject(new Source(SourceTypes.NONE, '', ''), mark))
     }
 
     when:
@@ -119,6 +120,54 @@ class XssModuleTest extends IastModuleImplTestBase {
     '/==>var<==' | ['a', 'b']             | VulnerabilityMarks.SQL_INJECTION_MARK | "/==>var<== a b"
   }
 
+  void 'module detects Charsequence XSS with file and line'() {
+    setup:
+    final param = mapTainted(s, mark)
+
+    when:
+    module.onXss(param as CharSequence, file as String, line as int)
+
+    then:
+    if (expected != null) {
+      1 * reporter.report(_, _) >> { args -> assertEvidence(args[1] as Vulnerability, expected) }
+    } else {
+      0 * reporter.report(_, _)
+    }
+
+    where:
+    s     | file | line        | mark                                  | expected
+    null    | 'test' | 3      | NOT_MARKED                            | null
+    '/var'    | 'test' | 3    | NOT_MARKED                            | null
+    '/==>var<=='| 'test' | 3  | NOT_MARKED                            | "/==>var<=="
+    '/==>var<=='| 'test' | 3  | VulnerabilityMarks.XSS_MARK           | null
+    '/==>var<=='| 'test' | 3  | VulnerabilityMarks.SQL_INJECTION_MARK | "/==>var<=="
+    '/==>var<=='| null | 3  | VulnerabilityMarks.SQL_INJECTION_MARK | null
+  }
+
+  void 'iast module detects String xss with class and method (#value)'() {
+    setup:
+    final param = mapTainted(value, mark)
+    final clazz = "class"
+    final method = "method"
+
+    when:
+    module.onXss(param, clazz, method)
+
+    then:
+    if (expected != null) {
+      1 * reporter.report(_, _) >> { args -> assertEvidence(args[1] as Vulnerability, expected) }
+    } else {
+      0 * reporter.report(_, _)
+    }
+
+    where:
+    value        | mark| expected
+    null         | NOT_MARKED| null
+    '/var'       | NOT_MARKED| null
+    '/==>var<==' | VulnerabilityMarks.XSS_MARK| null
+    '/==>var<==' | VulnerabilityMarks.SQL_INJECTION_MARK| "/==>var<=="
+  }
+
 
   private String mapTainted(final String value, final int mark) {
     final result = addFromTaintFormat(ctx.taintedObjects, value, mark)
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/source/WebModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/source/WebModuleTest.groovy
deleted file mode 100644
index 1e93f5e3fb4..00000000000
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/source/WebModuleTest.groovy
+++ /dev/null
@@ -1,130 +0,0 @@
-package com.datadog.iast.source
-
-import com.datadog.iast.IastModuleImplTestBase
-import com.datadog.iast.IastRequestContext
-import com.datadog.iast.model.Source
-import datadog.trace.api.gateway.RequestContext
-import datadog.trace.api.gateway.RequestContextSlot
-import datadog.trace.api.iast.SourceTypes
-import datadog.trace.api.iast.source.WebModule
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan
-import groovy.transform.CompileDynamic
-
-@CompileDynamic
-class WebModuleTest extends IastModuleImplTestBase {
-
-  private WebModule module
-
-  def setup() {
-    module = new WebModuleImpl()
-  }
-
-  void 'test #method: null or empty'() {
-    when:
-    module."$method"(*args)
-
-    then:
-    0 * _
-
-    where:
-    method              | args
-    'onParameterNames'  | [null]
-    'onParameterNames'  | [[]]
-    'onParameterValues' | [null, null]
-    'onParameterValues' | ['', []]
-    'onParameterValues' | [null, null as String[]]
-    'onParameterValues' | ['', [] as String[]]
-    'onParameterValues' | [[:]]
-    'onHeaderNames'     | [null]
-    'onHeaderNames'     | [[]]
-    'onHeaderValues'    | [null, null]
-    'onHeaderValues'    | ['', []]
-    'onCookieNames'     | [null]
-    'onCookieNames'     | [[]]
-  }
-
-  void 'test #method: without span'() {
-    when:
-    module."$method"(*args)
-
-    then:
-    1 * tracer.activeSpan() >> null
-    0 * _
-
-    where:
-    method              | args
-    'onParameterNames'  | [['param']]
-    'onParameterValues' | ['name', ['value']]
-    'onParameterValues' | ['name', ['value'] as String[]]
-    'onParameterValues' | [[name: ['value'] as String[]]]
-    'onHeaderNames'     | [['header']]
-    'onHeaderValues'    | ['name', ['value']]
-    'onCookieNames'     | [['name']]
-    'onNamed'           | ['name', ['v1'], (byte)0]
-    'onNamed'           | ['name', ['v1'] as String[], (byte)0]
-    'onNamed'           | [[name: 'v1'], (byte)0]
-  }
-
-  void 'onNamed #variant'() {
-    given:
-    final span = Mock(AgentSpan)
-    tracer.activeSpan() >> span
-    final reqCtx = Mock(RequestContext)
-    span.getRequestContext() >> reqCtx
-    final ctx = new IastRequestContext()
-    reqCtx.getData(RequestContextSlot.IAST) >> ctx
-
-    when:
-    module.onNamed(*args, SourceTypes.REQUEST_PARAMETER_NAME)
-
-    then:
-    1 * tracer.activeSpan() >> span
-    1 * span.getRequestContext() >> reqCtx
-    1 * reqCtx.getData(RequestContextSlot.IAST) >> ctx
-    0 * _
-    def tos = ctx.taintedObjects
-    def to = tos.get('foo')
-    to.ranges.size() == 1
-    to.ranges[0].start == 0
-    to.ranges[0].length == 3
-    to.ranges[0].source == new Source(SourceTypes.REQUEST_PARAMETER_NAME, 'var', 'foo')
-
-    where:
-    variant      | args
-    'collection' | ['var', ['foo']]
-    'array'      | ['var', ['foo'] as String[]]
-    'map'        | [[var: ['foo'] as String[]]]
-  }
-
-  void 'test #method'() {
-    given:
-    final span = Mock(AgentSpan)
-    tracer.activeSpan() >> span
-    final reqCtx = Mock(RequestContext)
-    span.getRequestContext() >> reqCtx
-    final ctx = new IastRequestContext()
-    reqCtx.getData(RequestContextSlot.IAST) >> ctx
-
-    when:
-    module."$method"([name])
-
-    then:
-    1 * tracer.activeSpan() >> span
-    1 * span.getRequestContext() >> reqCtx
-    1 * reqCtx.getData(RequestContextSlot.IAST) >> ctx
-    0 * _
-    def to = ctx.getTaintedObjects().get(name)
-    to != null
-    to.get() == name
-    to.ranges.size() == 1
-    to.ranges[0].start == 0
-    to.ranges[0].length == name.length()
-    to.ranges[0].source == new Source(source, name, name)
-
-    where:
-    method             | name    | source
-    'onParameterNames' | 'param' | SourceTypes.REQUEST_PARAMETER_NAME
-    'onHeaderNames'    | 'param' | SourceTypes.REQUEST_HEADER_NAME
-    'onCookieNames'    | 'param' | SourceTypes.REQUEST_COOKIE_NAME
-  }
-}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/RangesTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/RangesTest.groovy
index de86e5a4f90..60525afa7e2 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/RangesTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/RangesTest.groovy
@@ -3,23 +3,27 @@ package com.datadog.iast.taint
 import com.datadog.iast.model.Range
 import com.datadog.iast.model.Source
 import com.datadog.iast.model.VulnerabilityType
+import datadog.trace.api.Config
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.test.util.DDSpecification
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
+import static com.datadog.iast.taint.Ranges.mergeRanges
 import static com.datadog.iast.taint.Ranges.rangesProviderFor
+import static datadog.trace.api.iast.SourceTypes.REQUEST_HEADER_NAME
 
 class RangesTest extends DDSpecification {
 
   private static final int NEGATIVE_MARK = 1 << 31
+  private static final int MAX_RANGE_COUNT = Config.get().iastMaxRangeCount
 
   void 'forString'() {
     given:
     final source = new Source(SourceTypes.NONE, null, null)
 
     when:
-    final result = Ranges.forString(s, source, VulnerabilityMarks.SQL_INJECTION_MARK)
+    final result = Ranges.forCharSequence(s, source, VulnerabilityMarks.SQL_INJECTION_MARK)
 
     then:
     result != null
@@ -280,6 +284,29 @@ class RangesTest extends DDSpecification {
     NEGATIVE_MARK                                 | _
   }
 
+  void 'test merge ranges with limits'() {
+    given:
+    final leftRanges = (0..<left).collect { index -> rangeFor(index) } as Range[]
+    final rightRanges = (0..<right).collect { index -> rangeFor(index) } as Range[]
+
+    when:
+    final merged = mergeRanges(offset, leftRanges, rightRanges)
+
+    then:
+    merged.size() == expected
+
+    where:
+    offset | left            | right           | expected
+    0      | 1               | 1               | 2
+    0      | MAX_RANGE_COUNT | 1               | MAX_RANGE_COUNT
+    0      | 1               | MAX_RANGE_COUNT | MAX_RANGE_COUNT
+    0      | MAX_RANGE_COUNT | MAX_RANGE_COUNT | MAX_RANGE_COUNT
+    10     | 1               | 1               | 2
+    10     | MAX_RANGE_COUNT | 1               | MAX_RANGE_COUNT
+    10     | 1               | MAX_RANGE_COUNT | MAX_RANGE_COUNT
+    10     | MAX_RANGE_COUNT | MAX_RANGE_COUNT | MAX_RANGE_COUNT
+  }
+
 
   Range[] rangesFromSpec(List<List<Object>> spec) {
     def ranges = new Range[spec.size()]
@@ -304,4 +331,8 @@ class RangesTest extends DDSpecification {
       getRanges() >> ranges
     }
   }
+
+  Range rangeFor(final int index) {
+    return new Range(index, 1, new Source(REQUEST_HEADER_NAME, 'a', 'b'), NOT_MARKED)
+  }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintUtils.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintUtils.groovy
index 7db1a75c673..88b21e9406b 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintUtils.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintUtils.groovy
@@ -4,7 +4,7 @@ import com.datadog.iast.model.Range
 import com.datadog.iast.model.Source
 import datadog.trace.api.iast.SourceTypes
 
-import static com.datadog.iast.model.Range.NOT_MARKED
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
 
 class TaintUtils {
 
@@ -76,7 +76,7 @@ class TaintUtils {
     if (value instanceof String) {
       return addFromTaintFormat(tos, value as String)
     }
-    tos.taintInputObject(value, new Source(SourceTypes.NONE, null, null))
+    tos.taint(value, Ranges.forObject(new Source(SourceTypes.NONE, null, null)))
     return value
   }
 
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectTest.groovy
new file mode 100644
index 00000000000..d809f5b8b69
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectTest.groovy
@@ -0,0 +1,28 @@
+package com.datadog.iast.taint
+
+import com.datadog.iast.model.Source
+import datadog.trace.api.Config
+import spock.lang.Specification
+import com.datadog.iast.model.Range
+
+import java.lang.ref.ReferenceQueue
+
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED
+import static datadog.trace.api.iast.SourceTypes.REQUEST_HEADER_NAME
+
+class TaintedObjectTest extends Specification {
+
+  void 'test that tainted objects never go over the limit'() {
+    given:
+    final max = Config.get().iastMaxRangeCount
+    final ranges = (0..max + 1)
+      .collect { index -> new Range(index, 1, new Source(REQUEST_HEADER_NAME, 'a', 'b'), NOT_MARKED) }
+
+    when:
+    final tainted = new TaintedObject('test', ranges.toArray(new Range[0]), new ReferenceQueue<Object>())
+
+    then:
+    ranges.size() > max
+    tainted.ranges.size() == max
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLazyTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLazyTest.groovy
deleted file mode 100644
index 8ed664ff27b..00000000000
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLazyTest.groovy
+++ /dev/null
@@ -1,69 +0,0 @@
-package com.datadog.iast.taint
-
-import com.datadog.iast.IastModuleImplTestBase
-import com.datadog.iast.IastRequestContext
-import com.datadog.iast.model.Source
-import datadog.trace.api.gateway.RequestContext
-import datadog.trace.api.gateway.RequestContextSlot
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan
-
-class TaintedObjectsLazyTest extends IastModuleImplTestBase {
-
-  private TaintedObjects delegate = Mock(TaintedObjects)
-  private IastRequestContext iastCtx
-  private RequestContext reqCtx
-  private AgentSpan span
-
-  void setup() {
-    delegate = Mock(TaintedObjects)
-    iastCtx = Mock(IastRequestContext)
-    iastCtx.getTaintedObjects() >> delegate
-    reqCtx = Mock(RequestContext)
-    reqCtx.getData(RequestContextSlot.IAST) >> iastCtx
-    span = Mock(AgentSpan)
-    span.getRequestContext() >> reqCtx
-  }
-
-  void 'get non lazy instance'() {
-    when:
-    final to = TaintedObjects.activeTaintedObjects()
-
-    then:
-    1 * tracer.activeSpan() >> span
-    !(to instanceof TaintedObjects.LazyTaintedObjects)
-  }
-
-  void 'get lazy objects instance'() {
-    when:
-    final to = TaintedObjects.activeTaintedObjects(true)
-
-    then:
-    to instanceof TaintedObjects.LazyTaintedObjects
-
-    when:
-    to.&"$method".call(args as Object[])
-
-    then: 'first time the active tainted objects if fetched'
-    1 * delegate._
-    1 * tracer.activeSpan() >> span
-
-    when:
-    to.&"$method".call(args as Object[])
-
-    then: 'the active tainted objets is already fetched'
-    1 * delegate._
-    0 * _
-
-    where:
-    method             | args
-    'getEstimatedSize' | []
-    'isFlat'           | []
-    'taintInputString' | ['', new Source((byte) 0, null, null)]
-    'taintInputObject' | ['', new Source((byte) 0, null, null)]
-    'taint'            | ['', Ranges.EMPTY]
-    'get'              | ['']
-    'release'          | []
-    'count'            | []
-    'iterator'         | []
-  }
-}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy
index 5ba53745d51..ea01efa3989 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy
@@ -3,7 +3,6 @@ package com.datadog.iast.taint
 import ch.qos.logback.classic.Level
 import ch.qos.logback.classic.Logger
 import com.datadog.iast.IastSystem
-import com.datadog.iast.model.Range
 import com.datadog.iast.model.Source
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.test.util.DDSpecification
@@ -35,7 +34,7 @@ class TaintedObjectsLogTest extends DDSpecification {
     final value = "A"
 
     when:
-    def tainted = taintedObjects.taintInputString(value, new Source(SourceTypes.NONE, null, null))
+    def tainted = taintedObjects.taint(value, Ranges.forCharSequence(value, new Source(SourceTypes.NONE, null, null)))
 
     then:
     noExceptionThrown()
@@ -54,9 +53,8 @@ class TaintedObjectsLogTest extends DDSpecification {
     IastSystem.DEBUG = true
     logger.level = Level.ALL
     TaintedObjects taintedObjects = TaintedObjects.acquire()
-    taintedObjects.taint('A', [new Range(0, 1, new Source(SourceTypes.NONE, null, null), Range.NOT_MARKED)] as Range[])
-    taintedObjects.taintInputString('B', new Source(SourceTypes.REQUEST_PARAMETER_NAME, 'test', 'value'))
-    taintedObjects.taintInputObject(new Date(), new Source(SourceTypes.REQUEST_HEADER_VALUE, 'test', 'value'))
+    final obj = 'A'
+    taintedObjects.taint(obj, Ranges.forCharSequence(obj, new Source(SourceTypes.NONE, null, null)))
 
     when:
     taintedObjects.release()
@@ -64,5 +62,21 @@ class TaintedObjectsLogTest extends DDSpecification {
     then:
     noExceptionThrown()
   }
+
+  void "test TaintedObjects api calls"() {
+    given:
+    IastSystem.DEBUG = true
+    logger.level = Level.ALL
+    TaintedObjects taintedObjects = TaintedObjects.acquire()
+    final obj = 'A'
+
+    when:
+    taintedObjects.taint(obj, Ranges.forCharSequence(obj, new Source(SourceTypes.NONE, null, null)))
+
+    then:
+    taintedObjects.size() == 1
+    taintedObjects.iterator().size() == 1
+    !taintedObjects.flat
+  }
 }
 
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsNoOpTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsNoOpTest.groovy
new file mode 100644
index 00000000000..c8f1f91fe86
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsNoOpTest.groovy
@@ -0,0 +1,32 @@
+package com.datadog.iast.taint
+
+import com.datadog.iast.model.Source
+import spock.lang.Specification
+
+class TaintedObjectsNoOpTest extends Specification {
+
+
+  void 'test no op implementation'() {
+    setup:
+    final instance = TaintedObjects.NoOp.INSTANCE
+    final toTaint = 'test'
+
+    when:
+    final tainted = instance.taint(toTaint, Ranges.forCharSequence(toTaint, new Source(0 as byte, 'test', 'test')))
+
+    then:
+    tainted == null
+    instance.get(toTaint) == null
+    instance.count() == 0
+    instance.estimatedSize == 0
+    instance.size() == 0
+    !instance.flat
+    !instance.iterator().hasNext()
+
+    when:
+    instance.release()
+
+    then:
+    noExceptionThrown()
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/AbstractTelemetryCallbackTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/AbstractTelemetryCallbackTest.groovy
index aefaf6c46a1..92f03e910d2 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/AbstractTelemetryCallbackTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/AbstractTelemetryCallbackTest.groovy
@@ -1,7 +1,7 @@
 package com.datadog.iast.telemetry
 
 
-import com.datadog.iast.HasDependencies.Dependencies
+import com.datadog.iast.Dependencies
 import com.datadog.iast.IastModuleImplTestBase
 import datadog.trace.api.Config
 import datadog.trace.api.gateway.RequestContext
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestEndedHandlerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestEndedHandlerTest.groovy
index 7c0571b4d0e..30a61959d98 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestEndedHandlerTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestEndedHandlerTest.groovy
@@ -3,9 +3,11 @@ package com.datadog.iast.telemetry
 import com.datadog.iast.IastRequestContext
 import com.datadog.iast.RequestEndedHandler
 import com.datadog.iast.model.Source
+import com.datadog.iast.taint.Ranges
 import com.datadog.iast.taint.TaintedObjects
 import com.datadog.iast.telemetry.taint.TaintedObjectsWithTelemetry
 import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.VulnerabilityTypes
 import datadog.trace.api.iast.telemetry.IastMetric
@@ -25,6 +27,7 @@ class TelemetryRequestEndedHandlerTest extends AbstractTelemetryCallbackTest {
   protected IastMetricCollector globalCollector
 
   void setup() {
+    InstrumentationBridge.clearIastModules()
     delegate = Spy(new RequestEndedHandler(dependencies))
     final TaintedObjects to = TaintedObjectsWithTelemetry.build(Verbosity.DEBUG, TaintedObjects.acquire())
     iastCtx = new IastRequestContext(to, new IastMetricCollector())
@@ -39,7 +42,7 @@ class TelemetryRequestEndedHandlerTest extends AbstractTelemetryCallbackTest {
     final handler = new TelemetryRequestEndedHandler(delegate)
     final toTaint = 'hello'
     final source = new Source(SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value')
-    iastCtx.taintedObjects.taintInputString(toTaint, source)
+    iastCtx.taintedObjects.taint(toTaint, Ranges.forCharSequence(toTaint, source))
 
     when:
     handler.apply(reqCtx, span)
@@ -61,15 +64,14 @@ class TelemetryRequestEndedHandlerTest extends AbstractTelemetryCallbackTest {
     given:
     final handler = new TelemetryRequestEndedHandler(delegate)
     final metric = TAINTED_FLAT_MODE
-    final tagValue = null
 
     when:
-    iastCtx.metricCollector.addMetric(metric, tagValue, 1)
+    iastCtx.metricCollector.addMetric(metric, (byte) -1, 1)
     handler.apply(reqCtx, span)
 
     then:
     1 * delegate.apply(reqCtx, span)
-    1 * traceSegment.setTagTop(String.format(TRACE_METRIC_PATTERN, getSpanTagValue(metric, tagValue)), 1)
+    1 * traceSegment.setTagTop(String.format(TRACE_METRIC_PATTERN, getSpanTagValue(metric)), 1)
 
     when:
     globalCollector.prepareMetrics()
@@ -109,32 +111,36 @@ class TelemetryRequestEndedHandlerTest extends AbstractTelemetryCallbackTest {
     where:
     metrics                                                                       | description
     [
-      metric(REQUEST_TAINTED, null, 123),
-      metric(EXECUTED_SOURCE, SourceTypes.REQUEST_PARAMETER_VALUE_STRING, 2),
-      metric(EXECUTED_SOURCE, SourceTypes.REQUEST_HEADER_VALUE_STRING, 4),
+      metric(REQUEST_TAINTED, 123),
+      metric(EXECUTED_SOURCE, SourceTypes.REQUEST_PARAMETER_VALUE, 2),
+      metric(EXECUTED_SOURCE, SourceTypes.REQUEST_HEADER_VALUE, 4),
       metric(EXECUTED_SINK, VulnerabilityTypes.SQL_INJECTION, 1),
       metric(EXECUTED_SINK, VulnerabilityTypes.COMMAND_INJECTION, 2),
     ]                                                                             | 'List of only request scoped metrics'
     [
-      metric(REQUEST_TAINTED, null, 123),
-      metric(INSTRUMENTED_SOURCE, SourceTypes.REQUEST_PARAMETER_VALUE_STRING, 2),
+      metric(REQUEST_TAINTED, 123),
+      metric(INSTRUMENTED_SOURCE, SourceTypes.REQUEST_PARAMETER_VALUE, 2),
     ]                                                                             | 'Mix between global and request scoped metrics'
   }
 
-  private static String getSpanTagValue(final IastMetric metric, final String tagValue) {
+  private static String getSpanTagValue(final IastMetric metric, final Byte tagValue = null) {
     return metric.getTag() == null
       ? metric.getName()
-      : String.format("%s.%s", metric.getName(), tagValue.toLowerCase().replaceAll("\\.", "_"))
+      : String.format("%s.%s", metric.getName(), metric.tag.toString(tagValue).toLowerCase().replaceAll("\\.", "_"))
   }
 
-  private static Data metric(final IastMetric metric, final String tagValue, final int value) {
+  private static Data metric(final IastMetric metric, final byte tagValue, final int value) {
     return new Data(metric: metric, tagValue: tagValue, value: value)
   }
 
+  private static Data metric(final IastMetric metric, final int value) {
+    return new Data(metric: metric, tagValue: (byte) -1, value: value)
+  }
+
   @ToString
   private static class Data {
     IastMetric metric
-    String tagValue
+    byte tagValue
     int value
   }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestStartedHandlerTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestStartedHandlerTest.groovy
index 3f097768bb2..97d9565d7b5 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestStartedHandlerTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/TelemetryRequestStartedHandlerTest.groovy
@@ -3,11 +3,13 @@ package com.datadog.iast.telemetry
 import com.datadog.iast.IastRequestContext
 import com.datadog.iast.telemetry.taint.TaintedObjectsWithTelemetry
 import datadog.trace.api.gateway.Flow
+import datadog.trace.api.iast.telemetry.Verbosity
 
 class TelemetryRequestStartedHandlerTest extends AbstractTelemetryCallbackTest {
 
   void 'request started add the required collector'() {
     given:
+    injectSysConfig('dd.iast.telemetry.verbosity', verbosity.name())
     final handler = new TelemetryRequestStartedHandler(dependencies)
 
     when:
@@ -18,7 +20,14 @@ class TelemetryRequestStartedHandlerTest extends AbstractTelemetryCallbackTest {
     flow.getResult() instanceof IastRequestContext
     final iastCtx = flow.getResult() as IastRequestContext
     iastCtx.metricCollector != null
-    iastCtx.taintedObjects instanceof TaintedObjectsWithTelemetry
+    final withTelemetry = iastCtx.taintedObjects instanceof TaintedObjectsWithTelemetry
+    withTelemetry == taintedObjectsWithTelemetry
     1 * dependencies.overheadController.acquireRequest() >> true
+
+    where:
+    verbosity             | taintedObjectsWithTelemetry
+    Verbosity.MANDATORY   | false
+    Verbosity.INFORMATION | true
+    Verbosity.DEBUG       | true
   }
 }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetryTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetryTest.groovy
index 2ba948ade20..c20ca32dace 100644
--- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetryTest.groovy
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetryTest.groovy
@@ -2,13 +2,11 @@ package com.datadog.iast.telemetry.taint
 
 import com.datadog.iast.IastRequestContext
 import com.datadog.iast.model.Range
-import com.datadog.iast.model.Source
 import com.datadog.iast.taint.Ranges
 import com.datadog.iast.taint.TaintedObject
 import com.datadog.iast.taint.TaintedObjects
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
-import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.telemetry.IastMetric
 import datadog.trace.api.iast.telemetry.IastMetricCollector
 import datadog.trace.api.iast.telemetry.Verbosity
@@ -60,7 +58,7 @@ class TaintedObjectsWithTelemetryTest extends DDSpecification {
 
     then:
     if (IastMetric.REQUEST_TAINTED.isEnabled(verbosity)) {
-      1 * mockCollector.addMetric(IastMetric.REQUEST_TAINTED, null, tainteds.size())
+      1 * mockCollector.addMetric(IastMetric.REQUEST_TAINTED, _, tainteds.size())
     } else {
       0 * mockCollector.addMetric
     }
@@ -74,13 +72,11 @@ class TaintedObjectsWithTelemetryTest extends DDSpecification {
     final taintedObjects = TaintedObjectsWithTelemetry.build(verbosity, Mock(TaintedObjects))
 
     when:
-    taintedObjects.taintInputString('test', new Source(SourceTypes.REQUEST_PARAMETER_VALUE, 'name', 'value'))
-    taintedObjects.taintInputObject(new Date(), new Source(SourceTypes.REQUEST_HEADER_VALUE, 'name', 'value'))
     taintedObjects.taint('test', new Range[0])
 
     then:
     if (IastMetric.EXECUTED_TAINTED.isEnabled(verbosity)) {
-      3 * mockCollector.addMetric(IastMetric.EXECUTED_TAINTED, null, 1) // two calls with one element
+      1 * mockCollector.addMetric(IastMetric.EXECUTED_TAINTED, _, 1)
     } else {
       0 * mockCollector.addMetric
     }
@@ -100,7 +96,7 @@ class TaintedObjectsWithTelemetryTest extends DDSpecification {
 
     then:
     if (IastMetric.TAINTED_FLAT_MODE.isEnabled(verbosity) && taintedObjects.isFlat()) {
-      1 * mockCollector.addMetric(IastMetric.TAINTED_FLAT_MODE, null, _)
+      1 * mockCollector.addMetric(IastMetric.TAINTED_FLAT_MODE, _, _)
     } else {
       0 * mockCollector.addMetric
     }
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/util/HttpHeaderTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/util/HttpHeaderTest.groovy
new file mode 100644
index 00000000000..971df3071d7
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/util/HttpHeaderTest.groovy
@@ -0,0 +1,40 @@
+package com.datadog.iast.util
+
+import com.datadog.iast.IastRequestContext
+import spock.lang.Specification
+
+import static com.datadog.iast.util.HttpHeader.Values.HEADERS
+
+class HttpHeaderTest extends Specification {
+
+
+  void 'test context headers'() {
+    setup:
+    final iastCtx = Spy(IastRequestContext)
+
+    when:
+    final parsed = HttpHeader.from(header.name)
+
+    then:
+    parsed != null
+
+    when:
+    final matches = parsed.matches(header.name.toUpperCase(Locale.ROOT))
+
+    then:
+    matches
+
+    when:
+    if (header instanceof HttpHeader.ContextAwareHeader) {
+      header.onHeader(iastCtx, "my_value")
+    }
+
+    then:
+    if (header instanceof HttpHeader.ContextAwareHeader) {
+      1 * iastCtx._
+    }
+
+    where:
+    header << HEADERS.values()
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/util/ObjectVisitorTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/util/ObjectVisitorTest.groovy
new file mode 100644
index 00000000000..1f1c1eea745
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/util/ObjectVisitorTest.groovy
@@ -0,0 +1,118 @@
+package com.datadog.iast.util
+
+import foo.bar.VisitableClass
+import spock.lang.Specification
+
+import static com.datadog.iast.util.ObjectVisitor.State.CONTINUE
+
+class ObjectVisitorTest extends Specification {
+
+  void 'test visiting simple type'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final target = '123'
+
+    when:
+    ObjectVisitor.visit(target, visitor)
+
+    then:
+    1 * visitor.visit('root', target) >> CONTINUE
+    0 * _
+  }
+
+  void 'test visiting collection'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final target = ['1', '2', '3']
+
+    when:
+    ObjectVisitor.visit(target, visitor)
+
+    then:
+    target.eachWithIndex { value, index ->
+      1 * visitor.visit("root[$index]", value) >> CONTINUE
+    }
+    0 * _
+  }
+
+  void 'test visiting iterable'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final wrapped = ['1', '2', '3']
+    final target = new Iterable() {
+        @Override
+        Iterator iterator() {
+          return wrapped.iterator()
+        }
+      }
+
+    when:
+    ObjectVisitor.visit(target, visitor)
+
+    then:
+    wrapped.eachWithIndex { value, index ->
+      1 * visitor.visit("root[$index]", value) >> CONTINUE
+    }
+    0 * _
+  }
+
+  void 'test visiting map'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final target = ['a': 'b']
+
+    when:
+    ObjectVisitor.visit(target, visitor)
+
+    then:
+    target.keySet().each { key ->
+      1 * visitor.visit('root[]', key) >> CONTINUE
+    }
+    target.each { key, value ->
+      1 * visitor.visit("root[$key]", value) >> CONTINUE
+    }
+    0 * _
+  }
+
+  void 'test max depth'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final target = [a : [b: ['c', 'd']]]
+
+    when:
+    ObjectVisitor.visit(target, visitor, 2, Integer.MAX_VALUE)
+
+    then:
+    1 * visitor.visit("root[]", 'a') >> CONTINUE
+    1 * visitor.visit("root[a][]", 'b') >> CONTINUE
+    0 * _
+  }
+
+  void 'test max objects'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final target = [1, 2, 3]
+
+    when: 'we visit at most two objects'
+    ObjectVisitor.visit(target, visitor, Integer.MAX_VALUE, 2)
+
+    then: 'we visit the array and its first element'
+    1 * visitor.visit("root[0]", 1) >> CONTINUE
+    0 * _
+  }
+
+  void 'test cycles'() {
+    given:
+    final visitor = Mock(ObjectVisitor.Visitor)
+    final target = new VisitableClass(name: 'cycle')
+    target.cycle = target
+
+    when: 'we visit a class with a self reference'
+    ObjectVisitor.visit(target, visitor, Integer.MAX_VALUE, Integer.MAX_VALUE)
+
+    then: 'we only visit the class once'
+    1 * visitor.visit("root", target) >> CONTINUE
+    1 * visitor.visit("root.name", 'cycle') >> CONTINUE
+    0 * _
+  }
+}
diff --git a/dd-java-agent/agent-iast/src/test/groovy/foo/bar/VisitableClass.groovy b/dd-java-agent/agent-iast/src/test/groovy/foo/bar/VisitableClass.groovy
new file mode 100644
index 00000000000..6864ef5cf9f
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/groovy/foo/bar/VisitableClass.groovy
@@ -0,0 +1,6 @@
+package foo.bar
+
+class VisitableClass {
+  String name
+  VisitableClass cycle
+}
diff --git a/dd-java-agent/agent-iast/src/test/proto/test2.proto b/dd-java-agent/agent-iast/src/test/proto/test2.proto
new file mode 100644
index 00000000000..47993c2e8a9
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/proto/test2.proto
@@ -0,0 +1,15 @@
+syntax = "proto2";
+
+package com.datadog.iast.protobuf;
+
+message Proto2Child {
+  optional string optional = 1;
+  required string required = 2;
+  repeated string repeated = 3;
+  map<string, string> map = 4;
+
+}
+
+message Proto2Parent {
+  required Proto2Child child = 1;
+}
diff --git a/dd-java-agent/agent-iast/src/test/proto/test3.proto b/dd-java-agent/agent-iast/src/test/proto/test3.proto
new file mode 100644
index 00000000000..e1a5c3c1cf7
--- /dev/null
+++ b/dd-java-agent/agent-iast/src/test/proto/test3.proto
@@ -0,0 +1,14 @@
+syntax = "proto3";
+
+package com.datadog.iast.protobuf;
+
+message Proto3Child {
+  optional string optional = 1;
+  string required = 2;
+  repeated string repeated = 3;
+  map<string, string> map = 4;
+}
+
+message Proto3Parent {
+  Proto3Child child = 1;
+}
diff --git a/dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite.yml b/dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite.yml
index 734f02bf153..cf92538ae54 100644
--- a/dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite.yml
+++ b/dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite.yml
@@ -247,6 +247,38 @@ suite:
           }
         ]
       }
+  - type: 'VULNERABILITIES'
+    description: 'Query with single quoted string literal and null source'
+    input: >
+      [
+        {
+          "type": "SQL_INJECTION",
+          "evidence": {
+            "value": "select * from users where username = 'user'",
+            "ranges": [
+              { "start" : 38, "length" : 4, "source": { "origin": "http.request.body" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.body" }
+        ],
+        "vulnerabilities": [
+          {
+            "type": "SQL_INJECTION",
+            "evidence": {
+              "valueParts": [
+                { "value": "select * from users where username = '" },
+                { "redacted": true, "source": 0, "pattern": "****" },
+                { "value": "'" }
+              ]
+            }
+          }
+        ]
+      }
   - type: 'VULNERABILITIES'
     description: '$1 query with double quoted string literal $2'
     parameters:
@@ -1605,3 +1637,389 @@ suite:
           }
         ]
       }   
+
+  - type: 'VULNERABILITIES'
+    description: 'SQLi exploited'
+    input: >
+      [
+        {
+          "type": "SQL_INJECTION",
+          "evidence": {
+            "value": "SELECT * FROM Users WHERE email = '' OR TRUE --' AND password = '81dc9bdb52d04dc20036dbd8313ed055' AND deletedAt IS NULL",
+            "ranges": [
+              { "start" : 35, "length" : 12, "source": { "origin": "http.request.parameter", "name": "email", "value": "' OR TRUE --" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "email", "value": "' OR TRUE --" }
+        ],
+        "vulnerabilities": [
+          {
+            "type": "SQL_INJECTION",
+            "evidence": {
+              "valueParts": [
+                { "value": "SELECT * FROM Users WHERE email = '" },
+                { "redacted": true },
+                { "source": 0, "value": "' OR TRUE --" },
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      }
+  - type: 'VULNERABILITIES'
+    description: 'Consecutive ranges - at the beginning'
+    input: >
+      [
+        {
+          "type": "UNVALIDATED_REDIRECT",
+          "evidence": {
+            "value": "https://user:password@datadoghq.com:443/api/v1/test/123/?param1=pone&param2=ptwo#fragment1=fone&fragment2=ftwo",
+            "ranges": [
+              { "start" : 0, "length" : 4, "source": { "origin": "http.request.parameter", "name": "protocol", "value": "http" } },
+              { "start" : 4, "length" : 1, "source": { "origin": "http.request.parameter", "name": "secure", "value": "s" } },
+              { "start" : 22, "length" : 13, "source": { "origin": "http.request.parameter", "name": "host", "value": "datadoghq.com" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "protocol", "value": "http" },
+          { "origin": "http.request.parameter", "name": "secure", "value": "s" },
+          { "origin": "http.request.parameter", "name": "host", "value": "datadoghq.com" }
+        ],
+        "vulnerabilities": [
+          {
+            "type": "UNVALIDATED_REDIRECT",
+            "evidence": {
+              "valueParts": [
+                { "source": 0, "value": "http" },
+                { "source": 1, "value": "s" },
+                { "value": "://" },
+                { "redacted": true },
+                { "value": "@" },
+                { "source": 2, "value": "datadoghq.com" },
+                { "value": ":443/api/v1/test/123/?param1=" },
+                { "redacted": true },
+                { "value": "&param2=" },
+                { "redacted": true },
+                { "value": "#fragment1=" },
+                { "redacted": true },
+                { "value": "&fragment2=" },
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      }
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction '
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS vulnerability but can be extended to future ones",
+            "ranges": [
+              { "start" : 123, "length" : 3, "source": { "origin": "http.request.parameter", "name": "type", "value": "XSS" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "type", "value": "XSS" }
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "redacted": true },
+                { "source": 0, "value": "XSS" },
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      } 
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction - with redactable source '
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS vulnerability but can be extended to future ones",
+            "ranges": [
+              { "start" : 123, "length" : 3, "source": { "origin": "http.request.parameter", "name": "password", "value": "XSS" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "password", "redacted": true, "pattern": "abc" }
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "redacted": true },
+                { "source": 0, "redacted": true, "pattern": "abc"},
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      } 
+
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction - with null source '
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS vulnerability but can be extended to future ones",
+            "ranges": [
+              { "start" : 123, "length" : 3, "source": { "origin": "http.request.body" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.body" }
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "redacted": true },
+                { "source": 0, "value": "XSS" },
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      }
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction - multiple ranges'
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS vulnerability but can be extended to future ones",
+            "ranges": [
+              { "start" : 16, "length" : 10, "source": { "origin": "http.request.parameter", "name": "text", "value": "super long" }},
+              { "start" : 123, "length" : 3, "source": { "origin": "http.request.parameter", "name": "type", "value": "XSS" }}
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "text", "value": "super long" },
+          { "origin": "http.request.parameter", "name": "type", "value": "XSS"}
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "redacted": true },
+                { "source": 0, "value": "super long" },
+                { "redacted": true },
+                {"source": 1, "value": "XSS"}, 
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      } 
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction - first range at the beginning '
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS vulnerability but can be extended to future ones",
+            "ranges": [
+              { "start" : 0, "length" : 4, "source": { "origin": "http.request.parameter", "name": "text", "value": "this" }},
+              { "start" : 123, "length" : 3, "source": { "origin": "http.request.parameter", "name": "type", "value": "XSS" }}
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "text", "value": "this" },
+          { "origin": "http.request.parameter", "name": "type", "value": "XSS"}
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "source": 0, "value": "this" },
+                { "redacted": true },
+                {"source": 1, "value": "XSS"}, 
+                { "redacted": true }
+              ]
+            }
+          }
+        ]
+      } 
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction - last range at the end '
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS",
+            "ranges": [
+              { "start" : 0, "length" : 4, "source": { "origin": "http.request.parameter", "name": "text", "value": "this" }},
+              { "start" : 123, "length" : 3, "source": { "origin": "http.request.parameter", "name": "type", "value": "XSS" }}
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "text", "value": "this" },
+          { "origin": "http.request.parameter", "name": "type", "value": "XSS"}
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "source": 0, "value": "this" },
+                { "redacted": true },
+                {"source": 1, "value": "XSS"}
+              ]
+            }
+          }
+        ]
+      } 
+
+  - type: 'VULNERABILITIES'
+    description: 'Tainted range based redaction - whole text '
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS",
+            "ranges": [
+              { "start" : 0, "length" : 126, "source": { "origin": "http.request.parameter", "name": "text", "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS" }}
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "text", "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS"}
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "source": 0, "value": "this could be a super long text, so we need to reduce it before send it to the backend. This redaction strategy applies to XSS" }
+              ]
+            }
+          }
+        ]
+      } 
+
+  - type: 'VULNERABILITIES'
+    description: 'Redacted source that needs to be truncated'
+    input: >
+      [
+        {
+          "type": "SQL_INJECTION",
+          "evidence": {
+            "value": "select * from users where username = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Sed ut perspiciatis unde omnis iste natus error sit voluptatem ac'",
+            "ranges": [
+              { "start" : 26, "length" : 523, "source": { "origin": "http.request.parameter", "name": "clause", "value": "username = 'Lorem%20ipsum%20dolor%20sit%20amet,%20consectetur%20adipiscing%20elit,%20sed%20do%20eiusmod%20tempor%20incididunt%20ut%20labore%20et%20dolore%20magna%20aliqua.%20Ut%20enim%20ad%20minim%20veniam,%20quis%20nostrud%20exercitation%20ullamco%20laboris%20nisi%20ut%20aliquip%20ex%20ea%20commodo%20consequat.%20Duis%20aute%20irure%20dolor%20in%20reprehenderit%20in%20voluptate%20velit%20esse%20cillum%20dolore%20eu%20fugiat%20nulla%20pariatur.%20Excepteur%20sint%20occaecat%20cupidatat%20non%20proident,%20sunt%20in%20culpa%20qui%20officia%20deserunt%20mollit%20anim%20id%20est%20laborum.Sed%20ut%20perspiciatis%20unde%20omnis%20iste%20natus%20error%20sit%20voluptatem%20ac'" } }
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "clause", "redacted": true, "pattern": "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ab", "truncated": "right"}
+        ],
+        "vulnerabilities": [
+          {
+            "type": "SQL_INJECTION",
+            "evidence": {
+              "valueParts": [
+                { "value": "select * from users where " },
+                { "source": 0, "value": "username = '" },
+                { "source": 0, "redacted": true, "truncated": "right", "pattern": "**********************************************************************************************************************************************************************************************************************************************************" },
+                { "source": 0, "value": "'" }
+              ]
+            }
+          }
+        ]
+      } 
+
+  - type: 'VULNERABILITIES'
+    description: 'No redacted that needs to be truncated - whole text'
+    input: >
+      [
+        {
+          "type": "XSS",
+          "evidence": {
+            "value": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Sed ut perspiciatis unde omnis iste natus error sit voluptatem ac",
+            "ranges": [
+              { "start" : 0, "length" : 510, "source": { "origin": "http.request.parameter", "name": "text", "value": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Sed ut perspiciatis unde omnis iste natus error sit voluptatem ac" }}
+            ]
+          }
+        }
+      ]
+    expected: >
+      {
+        "sources": [
+          { "origin": "http.request.parameter", "name": "text", "truncated": "right", "value": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure do"}
+        ],
+        "vulnerabilities": [
+          {
+            "type": "XSS",
+            "evidence": {
+              "valueParts": [
+                { "source": 0, "truncated": "right", "value": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure do" }
+              ]
+            }
+          }
+        ]
+      }
+
diff --git a/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastRequestContextPreparationTrait.groovy b/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastRequestContextPreparationTrait.groovy
index ffa956d5ded..6e0b849f6ca 100644
--- a/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastRequestContextPreparationTrait.groovy
+++ b/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastRequestContextPreparationTrait.groovy
@@ -3,16 +3,9 @@ package com.datadog.iast.test
 import com.datadog.iast.IastRequestContext
 import com.datadog.iast.IastSystem
 import com.datadog.iast.model.Range
-import com.datadog.iast.model.Source
 import com.datadog.iast.taint.TaintedObject
 import com.datadog.iast.taint.TaintedObjects
-import datadog.trace.api.gateway.CallbackProvider
-import datadog.trace.api.gateway.EventType
-import datadog.trace.api.gateway.Events
-import datadog.trace.api.gateway.Flow
-import datadog.trace.api.gateway.IGSpanInfo
-import datadog.trace.api.gateway.RequestContext
-import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.gateway.*
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
 import org.slf4j.Logger
@@ -68,22 +61,12 @@ trait IastRequestContextPreparationTrait {
 
       List<Object> objects = Collections.synchronizedList([])
 
-      TaintedObject taintInputString(String obj, Source source, int mark) {
-        objects << obj
-        this.delegate.taintInputString(obj, source, mark)
-        logTaint obj
-      }
-
-      TaintedObject taintInputObject(Object obj, Source source, int mark) {
-        objects << obj
-        this.delegate.taintInputObject(obj, source, mark)
-        logTaint obj
-      }
-
+      @Override
       TaintedObject taint(Object obj, Range[] ranges) {
         objects << obj
-        this.delegate.taintInputString(obj, ranges)
+        final tainted = this.delegate.taint(obj, ranges)
         logTaint obj
+        return tainted
       }
 
       private final static Logger LOGGER = LoggerFactory.getLogger("map tainted objects")
diff --git a/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/NoopOverheadController.groovy b/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/NoopOverheadController.groovy
index 74964a13634..32152663dc1 100644
--- a/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/NoopOverheadController.groovy
+++ b/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/NoopOverheadController.groovy
@@ -2,6 +2,7 @@ package com.datadog.iast.test
 
 import com.datadog.iast.overhead.Operation
 import com.datadog.iast.overhead.OverheadController
+import com.github.javaparser.quality.Nullable
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import groovy.transform.CompileStatic
 
@@ -18,12 +19,12 @@ class NoopOverheadController implements OverheadController {
   }
 
   @Override
-  boolean hasQuota(Operation operation, AgentSpan span) {
+  boolean hasQuota(Operation operation, @Nullable AgentSpan span) {
     true
   }
 
   @Override
-  boolean consumeQuota(Operation operation, AgentSpan span) {
+  boolean consumeQuota(Operation operation, @Nullable AgentSpan span) {
     true
   }
 
diff --git a/dd-java-agent/agent-jmxfetch/build.gradle b/dd-java-agent/agent-jmxfetch/build.gradle
index 5049af66a9e..afb349e2342 100644
--- a/dd-java-agent/agent-jmxfetch/build.gradle
+++ b/dd-java-agent/agent-jmxfetch/build.gradle
@@ -11,10 +11,12 @@ plugins {
 apply from: "$rootDir/gradle/java.gradle"
 
 dependencies {
-  api('com.datadoghq:jmxfetch:0.47.9') {
+  api('com.datadoghq:jmxfetch:0.47.10') {
     exclude group: 'org.slf4j', module: 'slf4j-api'
     exclude group: 'org.slf4j', module: 'slf4j-jdk14'
     exclude group: 'com.beust', module: 'jcommander'
+    exclude group: 'com.fasterxml.jackson.core', module: 'jackson-core'
+    exclude group: 'com.fasterxml.jackson.jr', module: 'jackson-jr-objects'
   }
   api deps.slf4j
   api project(':internal-api')
diff --git a/dd-java-agent/agent-jmxfetch/integrations-core b/dd-java-agent/agent-jmxfetch/integrations-core
index bb8520bc2a8..03aed80d105 160000
--- a/dd-java-agent/agent-jmxfetch/integrations-core
+++ b/dd-java-agent/agent-jmxfetch/integrations-core
@@ -1 +1 @@
-Subproject commit bb8520bc2a877a2d1fbe640bd0526378ec20e8bc
+Subproject commit 03aed80d105aa81b047e74c6da086165cac5ff6f
diff --git a/dd-java-agent/agent-jmxfetch/src/main/java/com/fasterxml/jackson/core/JsonProcessingException.java b/dd-java-agent/agent-jmxfetch/src/main/java/com/fasterxml/jackson/core/JsonProcessingException.java
new file mode 100644
index 00000000000..4ceefbc5622
--- /dev/null
+++ b/dd-java-agent/agent-jmxfetch/src/main/java/com/fasterxml/jackson/core/JsonProcessingException.java
@@ -0,0 +1,4 @@
+package com.fasterxml.jackson.core;
+
+// empty stub; here to satisfy a catch reference in org.datadog.jmxfetch.App
+public class JsonProcessingException extends java.io.IOException {}
diff --git a/dd-java-agent/agent-jmxfetch/src/main/java/datadog/trace/agent/jmxfetch/JMXFetch.java b/dd-java-agent/agent-jmxfetch/src/main/java/datadog/trace/agent/jmxfetch/JMXFetch.java
index e4b6b171afc..5f905fe5585 100644
--- a/dd-java-agent/agent-jmxfetch/src/main/java/datadog/trace/agent/jmxfetch/JMXFetch.java
+++ b/dd-java-agent/agent-jmxfetch/src/main/java/datadog/trace/agent/jmxfetch/JMXFetch.java
@@ -95,7 +95,6 @@ private static void run(final StatsDClientManager statsDClientManager, final Con
             // App should be run as daemon otherwise CLI apps would not exit once main method exits.
             .daemon(true)
             .embedded(true)
-            .exitWatcher(new TraceConfigExitWatcher())
             .confdDirectory(jmxFetchConfigDir)
             .yamlFileList(jmxFetchConfigs)
             .targetDirectInstances(true)
@@ -132,7 +131,7 @@ public void run() {
                   if (!appConfig.getExitWatcher().shouldExit()) {
                     try {
                       final int result = app.run();
-                      log.error("jmx collector exited with result: " + result);
+                      log.error("jmx collector exited with result: {}", result);
                     } catch (final Exception e) {
                       log.error("Exception in jmx collector thread", e);
                     }
diff --git a/dd-java-agent/agent-logging/src/main/java/datadog/trace/logging/ddlogger/DDLoggerFactory.java b/dd-java-agent/agent-logging/src/main/java/datadog/trace/logging/ddlogger/DDLoggerFactory.java
index afa838ae20a..1958c015f65 100644
--- a/dd-java-agent/agent-logging/src/main/java/datadog/trace/logging/ddlogger/DDLoggerFactory.java
+++ b/dd-java-agent/agent-logging/src/main/java/datadog/trace/logging/ddlogger/DDLoggerFactory.java
@@ -75,4 +75,9 @@ private LoggerHelperFactory getHelperFactory() {
     }
     return factory;
   }
+
+  @Override
+  public void reinitialize() {
+    helperFactory = null;
+  }
 }
diff --git a/dd-java-agent/agent-profiling/profiling-controller-ddprof/build.gradle b/dd-java-agent/agent-profiling/profiling-controller-ddprof/build.gradle
index 49302e0ad0c..855c5b68bca 100644
--- a/dd-java-agent/agent-profiling/profiling-controller-ddprof/build.gradle
+++ b/dd-java-agent/agent-profiling/profiling-controller-ddprof/build.gradle
@@ -6,6 +6,7 @@ ext {
   skipSettingTestJavaVersion = true
   // need access to jdk.jfr package
   skipSettingCompilerRelease = true
+  excludeJdk = ['SEMERU11', 'SEMERU17']
 }
 
 apply from: "$rootDir/gradle/java.gradle"
diff --git a/dd-java-agent/agent-profiling/profiling-controller-jfr/build.gradle b/dd-java-agent/agent-profiling/profiling-controller-jfr/build.gradle
index 36047c0e6f0..5dc47d1c0f6 100644
--- a/dd-java-agent/agent-profiling/profiling-controller-jfr/build.gradle
+++ b/dd-java-agent/agent-profiling/profiling-controller-jfr/build.gradle
@@ -6,6 +6,8 @@ ext {
 
   // need access to jdk.jfr package
   skipSettingCompilerRelease = true
+
+  excludeJdk = ['SEMERU11', 'SEMERU17']
 }
 
 apply from: "$rootDir/gradle/java.gradle"
diff --git a/dd-java-agent/agent-profiling/profiling-controller-jfr/src/main/resources/jfr/dd.jfp b/dd-java-agent/agent-profiling/profiling-controller-jfr/src/main/resources/jfr/dd.jfp
index debc9e78413..f5e10fa9c38 100644
--- a/dd-java-agent/agent-profiling/profiling-controller-jfr/src/main/resources/jfr/dd.jfp
+++ b/dd-java-agent/agent-profiling/profiling-controller-jfr/src/main/resources/jfr/dd.jfp
@@ -232,6 +232,8 @@ jdk.ActiveRecording#enabled=true
 jdk.ActiveSetting#enabled=true
 jdk.DataLoss#enabled=true
 jdk.DumpReason#enabled=true
+jdk.ZAllocationStall#enabled=true
+jdk.ZAllocationStall#threshold=10 ms
 jdk.ZPageAllocation#enabled=true
 jdk.ZPageAllocation#threshold=10 ms
 jdk.ZThreadPhase#enabled=true
diff --git a/dd-java-agent/agent-profiling/profiling-controller-openjdk/build.gradle b/dd-java-agent/agent-profiling/profiling-controller-openjdk/build.gradle
index facdd7fb8c7..2f561175283 100644
--- a/dd-java-agent/agent-profiling/profiling-controller-openjdk/build.gradle
+++ b/dd-java-agent/agent-profiling/profiling-controller-openjdk/build.gradle
@@ -3,6 +3,7 @@ ext {
   minJavaVersionForTests = JavaVersion.VERSION_11
   // Zulu has backported profiling support
   forceJdk = ['ZULU8']
+  excludeJdk = ['SEMERU11', 'SEMERU17']
   // By default tests with be compiled for `minJavaVersionForTests` version,
   // but in this case we would like to avoid this since we would like to run with ZULU8
   skipSettingTestJavaVersion = true
@@ -16,6 +17,9 @@ apply plugin: 'idea'
 dependencies {
   api deps.slf4j
   api project(':internal-api')
+  api(project(':dd-java-agent:agent-bootstrap')) {
+    exclude group: 'com.datadoghq', module: 'agent-logging'
+  }
   api project(':dd-java-agent:agent-profiling:profiling-auxiliary')
   api project(':dd-java-agent:agent-profiling:profiling-controller')
   api project(':dd-java-agent:agent-profiling:profiling-controller-jfr')
diff --git a/dd-java-agent/agent-profiling/profiling-controller-openjdk/src/main/java/com/datadog/profiling/controller/openjdk/OpenJdkController.java b/dd-java-agent/agent-profiling/profiling-controller-openjdk/src/main/java/com/datadog/profiling/controller/openjdk/OpenJdkController.java
index 1f576bac76e..541ad63d14e 100644
--- a/dd-java-agent/agent-profiling/profiling-controller-openjdk/src/main/java/com/datadog/profiling/controller/openjdk/OpenJdkController.java
+++ b/dd-java-agent/agent-profiling/profiling-controller-openjdk/src/main/java/com/datadog/profiling/controller/openjdk/OpenJdkController.java
@@ -16,7 +16,10 @@
 package com.datadog.profiling.controller.openjdk;
 
 import static com.datadog.profiling.controller.ProfilingSupport.*;
+import static com.datadog.profiling.controller.ProfilingSupport.isObjectCountParallelized;
 import static datadog.trace.api.Platform.isJavaVersionAtLeast;
+import static datadog.trace.api.config.ProfilingConfig.PROFILING_HEAP_HISTOGRAM_ENABLED;
+import static datadog.trace.api.config.ProfilingConfig.PROFILING_HEAP_HISTOGRAM_ENABLED_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_ULTRA_MINIMAL;
 
 import com.datadog.profiling.controller.ConfigurationException;
@@ -27,6 +30,7 @@
 import datadog.trace.api.Platform;
 import datadog.trace.api.config.ProfilingConfig;
 import datadog.trace.bootstrap.config.provider.ConfigProvider;
+import datadog.trace.bootstrap.instrumentation.jfr.exceptions.ExceptionProfiling;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.io.IOException;
 import java.time.Duration;
@@ -99,6 +103,16 @@ public OpenJdkController(final ConfigProvider configProvider)
       disableEvent(recordingSettings, "jdk.FileWrite", EXPENSIVE_ON_CURRENT_JVM);
     }
 
+    if (configProvider.getBoolean(
+        PROFILING_HEAP_HISTOGRAM_ENABLED, PROFILING_HEAP_HISTOGRAM_ENABLED_DEFAULT)) {
+      if (!isObjectCountParallelized()) {
+        log.warn(
+            "enabling Datadog heap histogram on JVM without an efficient implementation of the jdk.ObjectCount event. "
+                + "This may increase p99 latency. Consider upgrading to JDK 17.0.9+ or 21+ to reduce latency impact.");
+      }
+      enableEvent(recordingSettings, "jdk.ObjectCount", "user enabled histogram heap collection");
+    }
+
     // Toggle settings from override file
 
     try {
@@ -169,6 +183,10 @@ && isEventEnabled(recordingSettings, "jdk.NativeMethodSample")) {
 
     this.recordingSettings = Collections.unmodifiableMap(recordingSettings);
 
+    if (isEventEnabled(this.recordingSettings, "datadog.ExceptionSample")) {
+      ExceptionProfiling.getInstance().start();
+    }
+
     // Register periodic events
     AvailableProcessorCoresEvent.register();
   }
diff --git a/dd-java-agent/agent-profiling/profiling-controller/src/main/java/com/datadog/profiling/controller/ProfilingSupport.java b/dd-java-agent/agent-profiling/profiling-controller/src/main/java/com/datadog/profiling/controller/ProfilingSupport.java
index c53e8130947..5e04651f115 100644
--- a/dd-java-agent/agent-profiling/profiling-controller/src/main/java/com/datadog/profiling/controller/ProfilingSupport.java
+++ b/dd-java-agent/agent-profiling/profiling-controller/src/main/java/com/datadog/profiling/controller/ProfilingSupport.java
@@ -26,6 +26,12 @@ public static boolean isObjectAllocationSampleAvailable() {
     return isJavaVersionAtLeast(16);
   }
 
+  public static boolean isObjectCountParallelized() {
+    // parallelized jdk.ObjectCount implemented in JDK21 and backported to JDK17
+    // https://bugs.openjdk.org/browse/JDK-8307348
+    return (isJavaVersion(17) && isJavaVersionAtLeast(17, 0, 9)) || isJavaVersionAtLeast(21);
+  }
+
   public static boolean isNativeMethodSampleAvailable() {
     if (isOracleJDK8()) {
       return false;
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfiler.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfiler.java
index 58ac043f327..bd8d4a37b24 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfiler.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfiler.java
@@ -14,11 +14,12 @@
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.getWallInterval;
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isAllocationProfilingEnabled;
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isCpuProfilerEnabled;
-import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isJmethodIdCacheEnabled;
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isLiveHeapSizeTrackingEnabled;
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isMemoryLeakProfilingEnabled;
+import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isResourceNameContextAttributeEnabled;
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isSpanNameContextAttributeEnabled;
 import static com.datadog.profiling.ddprof.DatadogProfilerConfig.isWallClockProfilerEnabled;
+import static com.datadog.profiling.ddprof.DatadogProfilerConfig.omitLineNumbers;
 import static com.datadog.profiling.utils.ProfilingMode.ALLOCATION;
 import static com.datadog.profiling.utils.ProfilingMode.CPU;
 import static com.datadog.profiling.utils.ProfilingMode.MEMLEAK;
@@ -58,6 +59,7 @@ public final class DatadogProfiler {
   private static final int[] EMPTY = new int[0];
 
   private static final String OPERATION = "_dd.trace.operation";
+  private static final String RESOURCE = "_dd.trace.resource";
 
   private static final int MAX_NUM_ENDPOINTS = 8192;
 
@@ -144,6 +146,7 @@ private DatadogProfiler(ConfigProvider configProvider) throws UnsupportedEnviron
     try {
       profiler =
           JavaProfiler.getInstance(
+              configProvider.getString(ProfilingConfig.PROFILING_DATADOG_PROFILER_LIBPATH),
               configProvider.getString(
                   ProfilingConfig.PROFILING_DATADOG_PROFILER_SCRATCH,
                   ProfilingConfig.PROFILING_DATADOG_PROFILER_SCRATCH_DEFAULT));
@@ -172,6 +175,9 @@ private DatadogProfiler(ConfigProvider configProvider) throws UnsupportedEnviron
     if (isSpanNameContextAttributeEnabled(configProvider)) {
       orderedContextAttributes.add(OPERATION);
     }
+    if (isResourceNameContextAttributeEnabled(configProvider)) {
+      orderedContextAttributes.add(RESOURCE);
+    }
     this.contextSetter = new ContextSetter(profiler, orderedContextAttributes);
     this.queueTimeThreshold =
         configProvider.getLong(
@@ -305,6 +311,9 @@ String cmdStartProfiling(Path file) throws IllegalStateException {
     cmd.append(",cstack=").append(getCStack(configProvider));
     cmd.append(",safemode=").append(getSafeMode(configProvider));
     cmd.append(",attributes=").append(String.join(";", orderedContextAttributes));
+    if (omitLineNumbers(configProvider)) {
+      cmd.append(",linenumbers=f");
+    }
     if (profilingModes.contains(CPU)) {
       // cpu profiling is enabled.
       String schedulingEvent = getSchedulingEvent(configProvider);
@@ -343,10 +352,6 @@ String cmdStartProfiling(Path file) throws IllegalStateException {
         cmd.append(isLiveHeapSizeTrackingEnabled(configProvider) ? 'L' : 'l');
       }
     }
-    if (isJmethodIdCacheEnabled()) {
-      // element retention is 30 chunk rotations, will be checked only if >10000 elements in cache
-      cmd.append(",minfocache=30:1000");
-    }
     String cmdString = cmd.toString();
     log.debug("Datadog profiler command line: {}", cmdString);
     return cmdString;
@@ -367,6 +372,10 @@ public int operationNameOffset() {
     return offsetOf(OPERATION);
   }
 
+  public int resourceNameOffset() {
+    return offsetOf(RESOURCE);
+  }
+
   public int offsetOf(String attribute) {
     return contextSetter.offsetOf(attribute);
   }
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerConfig.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerConfig.java
index e4470e70f55..f45be14f8ac 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerConfig.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerConfig.java
@@ -3,6 +3,7 @@
 import static datadog.trace.api.Platform.isJ9;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_ALLOCATION_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_CONTEXT_ATTRIBUTES;
+import static datadog.trace.api.config.ProfilingConfig.PROFILING_CONTEXT_ATTRIBUTES_RESOURCE_NAME_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_CONTEXT_ATTRIBUTES_SPAN_NAME_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_ALLOC_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_ALLOC_ENABLED_DEFAULT;
@@ -15,6 +16,8 @@
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_CSTACK;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_CSTACK_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_LIBPATH;
+import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_LINE_NUMBERS;
+import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_LINE_NUMBERS_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_LIVEHEAP_CAPACITY;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_LIVEHEAP_CAPACITY_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_LIVEHEAP_ENABLED;
@@ -40,8 +43,6 @@
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_WALL_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_WALL_INTERVAL;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DATADOG_PROFILER_WALL_INTERVAL_DEFAULT;
-import static datadog.trace.api.config.ProfilingConfig.PROFILING_JMETHODID_CACHE_ENABLED;
-import static datadog.trace.api.config.ProfilingConfig.PROFILING_JMETHODID_CACHE_ENABLED_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_QUEUEING_TIME_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_QUEUEING_TIME_ENABLED_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_ULTRA_MINIMAL;
@@ -108,8 +109,8 @@ public static boolean isWallClockProfilerEnabled(ConfigProvider configProvider)
     boolean isUltraMinimal = getBoolean(configProvider, PROFILING_ULTRA_MINIMAL, false);
     boolean isTracingEnabled = configProvider.getBoolean(TRACE_ENABLED, true);
     boolean disableUnlessOptedIn = isUltraMinimal || !isTracingEnabled || isJ9();
-    return getBoolean(
-        configProvider, PROFILING_DATADOG_PROFILER_WALL_ENABLED, disableUnlessOptedIn);
+    boolean enabledByDefault = !disableUnlessOptedIn;
+    return getBoolean(configProvider, PROFILING_DATADOG_PROFILER_WALL_ENABLED, enabledByDefault);
   }
 
   public static int getWallInterval(ConfigProvider configProvider) {
@@ -246,6 +247,13 @@ public static String getCStack() {
     return getCStack(ConfigProvider.getInstance());
   }
 
+  public static boolean omitLineNumbers(ConfigProvider configProvider) {
+    return !getBoolean(
+        configProvider,
+        PROFILING_DATADOG_PROFILER_LINE_NUMBERS,
+        PROFILING_DATADOG_PROFILER_LINE_NUMBERS_DEFAULT);
+  }
+
   private static int clamp(int min, int max, int value) {
     return Math.max(min, Math.min(max, value));
   }
@@ -282,13 +290,8 @@ public static boolean isSpanNameContextAttributeEnabled(ConfigProvider configPro
     return configProvider.getBoolean(PROFILING_CONTEXT_ATTRIBUTES_SPAN_NAME_ENABLED, true);
   }
 
-  public static boolean isJmethodIdCacheEnabled() {
-    return isJmethodIdCacheEnabled(ConfigProvider.getInstance());
-  }
-
-  public static boolean isJmethodIdCacheEnabled(ConfigProvider configProvider) {
-    return configProvider.getBoolean(
-        PROFILING_JMETHODID_CACHE_ENABLED, PROFILING_JMETHODID_CACHE_ENABLED_DEFAULT);
+  public static boolean isResourceNameContextAttributeEnabled(ConfigProvider configProvider) {
+    return configProvider.getBoolean(PROFILING_CONTEXT_ATTRIBUTES_RESOURCE_NAME_ENABLED, true);
   }
 
   public static String getString(ConfigProvider configProvider, String key, String defaultValue) {
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerContextSetter.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerContextSetter.java
index 40a656ceb65..58c9fbfd9cb 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerContextSetter.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerContextSetter.java
@@ -1,8 +1,7 @@
 package com.datadog.profiling.ddprof;
 
-import datadog.trace.api.experimental.ProfilingContextSetter;
-
-public class DatadogProfilerContextSetter implements ProfilingContextSetter {
+public class DatadogProfilerContextSetter
+    implements datadog.trace.api.profiling.ProfilingContextAttribute {
 
   private final int offset;
   private final DatadogProfiler profiler;
@@ -12,12 +11,10 @@ public DatadogProfilerContextSetter(String attribute, DatadogProfiler profiler)
     this.profiler = profiler;
   }
 
-  @Override
   public void set(CharSequence value) {
     profiler.setContextValue(offset, value);
   }
 
-  @Override
   public void clear() {
     profiler.clearContextValue(offset);
   }
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingIntegration.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingIntegration.java
index 608fdd02cc5..6810a590419 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingIntegration.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingIntegration.java
@@ -1,7 +1,7 @@
 package com.datadog.profiling.ddprof;
 
-import datadog.trace.api.experimental.ProfilingContextSetter;
-import datadog.trace.api.experimental.ProfilingScope;
+import datadog.trace.api.profiling.ProfilingContextAttribute;
+import datadog.trace.api.profiling.ProfilingScope;
 import datadog.trace.bootstrap.instrumentation.api.ProfilerContext;
 import datadog.trace.bootstrap.instrumentation.api.ProfilingContextIntegration;
 
@@ -13,6 +13,7 @@ public class DatadogProfilingIntegration implements ProfilingContextIntegration
 
   private static final DatadogProfiler DDPROF = DatadogProfiler.getInstance();
   private static final int SPAN_NAME_INDEX = DDPROF.operationNameOffset();
+  private static final int RESOURCE_NAME_INDEX = DDPROF.resourceNameOffset();
   private static final boolean WALLCLOCK_ENABLED =
       DatadogProfilerConfig.isWallClockProfilerEnabled();
 
@@ -42,22 +43,14 @@ public int encode(CharSequence constant) {
   public void setContext(ProfilerContext profilerContext) {
     DDPROF.setSpanContext(profilerContext.getSpanId(), profilerContext.getRootSpanId());
     DDPROF.setContextValue(SPAN_NAME_INDEX, profilerContext.getEncodedOperationName());
+    DDPROF.setContextValue(RESOURCE_NAME_INDEX, profilerContext.getEncodedResourceName());
   }
 
   @Override
   public void clearContext() {
     DDPROF.clearSpanContext();
     DDPROF.clearContextValue(SPAN_NAME_INDEX);
-  }
-
-  @Override
-  public void setContextValue(String attribute, String value) {
-    DDPROF.setContextValue(attribute, value);
-  }
-
-  @Override
-  public void clearContextValue(String attribute) {
-    DDPROF.clearContextValue(attribute);
+    DDPROF.clearContextValue(RESOURCE_NAME_INDEX);
   }
 
   @Override
@@ -66,7 +59,7 @@ public void setContext(long rootSpanId, long spanId) {
   }
 
   @Override
-  public ProfilingContextSetter createContextSetter(String attribute) {
+  public ProfilingContextAttribute createContextAttribute(String attribute) {
     return new DatadogProfilerContextSetter(attribute, DDPROF);
   }
 
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingScope.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingScope.java
index 5abf7562a29..ccb7c72af65 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingScope.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilingScope.java
@@ -1,6 +1,7 @@
 package com.datadog.profiling.ddprof;
 
-import datadog.trace.api.experimental.ProfilingScope;
+import datadog.trace.api.profiling.ProfilingContextAttribute;
+import datadog.trace.api.profiling.ProfilingScope;
 
 public class DatadogProfilingScope implements ProfilingScope {
   private final DatadogProfiler profiler;
@@ -16,11 +17,25 @@ public void setContextValue(String attribute, String value) {
     profiler.setContextValue(attribute, value);
   }
 
+  @Override
+  public void setContextValue(ProfilingContextAttribute attribute, String value) {
+    if (attribute instanceof DatadogProfilerContextSetter) {
+      ((DatadogProfilerContextSetter) attribute).set(value);
+    }
+  }
+
   @Override
   public void clearContextValue(String attribute) {
     profiler.clearContextValue(attribute);
   }
 
+  @Override
+  public void clearContextValue(ProfilingContextAttribute attribute) {
+    if (attribute instanceof DatadogProfilerContextSetter) {
+      ((DatadogProfilerContextSetter) attribute).clear();
+    }
+  }
+
   @Override
   public void close() {
     for (int i = 0; i < snapshot.length; i++) {
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/QueueTimeTracker.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/QueueTimeTracker.java
index b04cf869398..cf7ac164347 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/QueueTimeTracker.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/QueueTimeTracker.java
@@ -2,6 +2,8 @@
 
 import com.datadoghq.profiler.JavaProfiler;
 import datadog.trace.api.profiling.QueueTiming;
+import datadog.trace.bootstrap.instrumentation.api.TaskWrapper;
+import java.lang.ref.WeakReference;
 
 public class QueueTimeTracker implements QueueTiming {
 
@@ -9,7 +11,7 @@ public class QueueTimeTracker implements QueueTiming {
   private final Thread origin;
   private final long threshold;
   private final long startTicks;
-  private Class<?> task;
+  private WeakReference<Object> weakTask;
   private Class<?> scheduler;
 
   public QueueTimeTracker(JavaProfiler profiler, long threshold) {
@@ -21,8 +23,8 @@ public QueueTimeTracker(JavaProfiler profiler, long threshold) {
   }
 
   @Override
-  public void setTask(Class<?> task) {
-    this.task = task;
+  public void setTask(Object task) {
+    this.weakTask = new WeakReference<>(task);
   }
 
   @Override
@@ -32,11 +34,19 @@ public void setScheduler(Class<?> scheduler) {
 
   @Override
   public void close() {
-    assert task != null && scheduler != null;
-    // potentually avoidable JNI call
-    long endTicks = profiler.getCurrentTicks();
-    if (profiler.isThresholdExceeded(threshold, startTicks, endTicks)) {
-      profiler.recordQueueTime(startTicks, endTicks, task, scheduler, origin);
+    assert weakTask != null && scheduler != null;
+    Object task = this.weakTask.get();
+    if (task != null) {
+      // potentially avoidable JNI call
+      long endTicks = profiler.getCurrentTicks();
+      if (profiler.isThresholdExceeded(threshold, startTicks, endTicks)) {
+        // note: because this type traversal can update secondary_super_cache (see JDK-8180450)
+        // we avoid doing this unless we are absolutely certain we will record the event
+        Class<?> taskType = TaskWrapper.getUnwrappedType(task);
+        if (taskType != null) {
+          profiler.recordQueueTime(startTicks, endTicks, taskType, scheduler, origin);
+        }
+      }
     }
   }
 }
diff --git a/dd-java-agent/agent-profiling/profiling-ddprof/src/test/java/com/datadog/profiling/ddprof/DatadogProfilerTest.java b/dd-java-agent/agent-profiling/profiling-ddprof/src/test/java/com/datadog/profiling/ddprof/DatadogProfilerTest.java
index 12c262349b1..67531996499 100644
--- a/dd-java-agent/agent-profiling/profiling-ddprof/src/test/java/com/datadog/profiling/ddprof/DatadogProfilerTest.java
+++ b/dd-java-agent/agent-profiling/profiling-ddprof/src/test/java/com/datadog/profiling/ddprof/DatadogProfilerTest.java
@@ -10,8 +10,7 @@
 import com.datadog.profiling.controller.UnsupportedEnvironmentException;
 import com.datadog.profiling.utils.ProfilingMode;
 import datadog.trace.api.config.ProfilingConfig;
-import datadog.trace.api.experimental.ProfilingContextSetter;
-import datadog.trace.api.experimental.ProfilingScope;
+import datadog.trace.api.profiling.ProfilingScope;
 import datadog.trace.bootstrap.config.provider.ConfigProvider;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -116,8 +115,8 @@ public void testContextRegistration() throws UnsupportedEnvironmentException {
     assertTrue(profiler.setContextValue("foo", "xyz"));
     assertFalse(profiler.setContextValue("xyz", "foo"));
 
-    ProfilingContextSetter fooSetter = new DatadogProfilerContextSetter("foo", profiler);
-    ProfilingContextSetter barSetter = new DatadogProfilerContextSetter("bar", profiler);
+    DatadogProfilerContextSetter fooSetter = new DatadogProfilerContextSetter("foo", profiler);
+    DatadogProfilerContextSetter barSetter = new DatadogProfilerContextSetter("bar", profiler);
     int[] snapshot0 = profiler.snapshot();
     try (ProfilingScope outer = new DatadogProfilingScope(profiler)) {
       fooSetter.set("foo0");
diff --git a/dd-java-agent/agent-profiling/src/main/java/com/datadog/profiling/agent/ProfilingAgent.java b/dd-java-agent/agent-profiling/src/main/java/com/datadog/profiling/agent/ProfilingAgent.java
index 6d4bc6891db..3a0832f5c8e 100644
--- a/dd-java-agent/agent-profiling/src/main/java/com/datadog/profiling/agent/ProfilingAgent.java
+++ b/dd-java-agent/agent-profiling/src/main/java/com/datadog/profiling/agent/ProfilingAgent.java
@@ -159,7 +159,7 @@ public static synchronized void run(final boolean isStartingFirst, ClassLoader a
         log.warn(e.getMessage());
         log.debug("", e);
       } catch (final ConfigurationException e) {
-        log.warn("Failed to initialize profiling agent! " + e.getMessage());
+        log.warn("Failed to initialize profiling agent! {}", e.getMessage());
         log.debug("Failed to initialize profiling agent!", e);
       }
     }
diff --git a/dd-java-agent/agent-tooling/build.gradle b/dd-java-agent/agent-tooling/build.gradle
index 29e3ffa1ec9..93e2e2f84ff 100644
--- a/dd-java-agent/agent-tooling/build.gradle
+++ b/dd-java-agent/agent-tooling/build.gradle
@@ -43,7 +43,6 @@ dependencies {
     exclude group: 'com.datadoghq', module: 'agent-logging'
   }
   api group: 'com.blogspot.mydailyjava', name: 'weak-lock-free', version: '0.17'
-  api group: 'com.googlecode.concurrentlinkedhashmap', name: 'concurrentlinkedhashmap-lru', version: '1.4.2'
   api deps.bytebuddy
   api deps.bytebuddyagent
   implementation group: 'net.java.dev.jna', name: 'jna', version: '5.8.0'
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/AgentCLI.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/AgentCLI.java
index 59db1a00ded..85114370c4c 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/AgentCLI.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/AgentCLI.java
@@ -128,7 +128,7 @@ private static void recursiveDependencySearch(Consumer<File> invoker, File origi
 
   private static void unzipJar(Consumer<File> invoker, File file) throws IOException {
     try (JarFile jar = new JarFile(file)) {
-      log.debug("Finding entries in file:" + file.getName());
+      log.debug("Finding entries in file: {}", file.getName());
 
       jar.stream()
           .forEach(
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/Instrumenter.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/Instrumenter.java
index e8fcb87bd66..8642a55d4fe 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/Instrumenter.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/Instrumenter.java
@@ -7,6 +7,7 @@
 import static java.util.Collections.singletonList;
 import static net.bytebuddy.matcher.ElementMatchers.isSynthetic;
 
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import datadog.trace.agent.tooling.muzzle.Reference;
 import datadog.trace.agent.tooling.muzzle.ReferenceMatcher;
 import datadog.trace.agent.tooling.muzzle.ReferenceProvider;
@@ -24,6 +25,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import net.bytebuddy.asm.Advice;
 import net.bytebuddy.asm.AsmVisitorWrapper;
 import net.bytebuddy.description.method.MethodDescription;
 import net.bytebuddy.description.type.TypeDescription;
@@ -117,6 +119,11 @@ interface WithTypeStructure {
     ElementMatcher<TypeDescription> structureMatcher();
   }
 
+  /** Instrumentation that wants to apply additional structure checks after type matching. */
+  interface WithPostProcessor {
+    Advice.PostProcessor.Factory postProcessor();
+  }
+
   /** Instrumentation that provides method advice. */
   interface HasAdvice {
     /**
@@ -314,8 +321,9 @@ public boolean isApplicable(Set<TargetSystem> enabledSystems) {
 
     @Override
     public boolean isEnabled() {
-      return !ConfigProvider.getInstance()
-          .getBoolean(ProfilingConfig.PROFILING_ULTRA_MINIMAL, false);
+      return super.isEnabled()
+          && !ConfigProvider.getInstance()
+              .getBoolean(ProfilingConfig.PROFILING_ULTRA_MINIMAL, false);
     }
   }
 
@@ -333,7 +341,7 @@ public boolean isApplicable(Set<TargetSystem> enabledSystems) {
 
   /** Parent class for all IAST related instrumentations */
   @SuppressForbidden
-  abstract class Iast extends Default {
+  abstract class Iast extends Default implements WithPostProcessor {
 
     private static final Logger log = LoggerFactory.getLogger(Instrumenter.Iast.class);
 
@@ -374,6 +382,11 @@ private void preloadClassNames() {
     public String[] getClassNamesToBePreloaded() {
       return null;
     }
+
+    @Override
+    public Advice.PostProcessor.Factory postProcessor() {
+      return IastPostProcessorFactory.INSTANCE;
+    }
   }
 
   /** Parent class for all USM related instrumentations */
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/KnownTypesIndex.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/KnownTypesIndex.java
index 1c6afeb6841..60388260b30 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/KnownTypesIndex.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/KnownTypesIndex.java
@@ -70,7 +70,7 @@ public static KnownTypesIndex readIndex() {
         }
         return new KnownTypesIndex(multipleIdTable, ClassNameTrie.readFrom(in));
       } catch (Throwable e) {
-        log.error("Problem reading " + KNOWN_TYPES_INDEX_NAME, e);
+        log.error("Problem reading {}", KNOWN_TYPES_INDEX_NAME, e);
       }
     }
     return buildIndex(); // fallback to runtime generation when testing
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/ClassFileLocators.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/ClassFileLocators.java
index fadf94de971..c7b2d026204 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/ClassFileLocators.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/ClassFileLocators.java
@@ -101,6 +101,8 @@ static Resolution loadClassResource(ClassLoader classLoader, String resourceName
   private ClassFileLocators() {}
 
   public static final class LazyResolution implements Resolution {
+    private static final Boolean USE_URL_CACHES = InstrumenterConfig.get().isResolverUseUrlCaches();
+
     private final URL url;
     private byte[] bytecode;
 
@@ -122,7 +124,9 @@ public byte[] resolve() {
       if (null == bytecode) {
         try {
           URLConnection uc = url.openConnection();
-          uc.setUseCaches(false);
+          if (null != USE_URL_CACHES) {
+            uc.setUseCaches(USE_URL_CACHES);
+          }
           try (InputStream in = uc.getInputStream()) {
             bytecode = StreamDrainer.DEFAULT.drain(in);
           }
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/csi/CallSiteTransformer.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/csi/CallSiteTransformer.java
index 2d517dbb21f..50848a30ebf 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/csi/CallSiteTransformer.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/csi/CallSiteTransformer.java
@@ -161,6 +161,11 @@ public void instruction(final int opcode) {
       mv.visitInsn(opcode);
     }
 
+    @Override
+    public void instruction(final int opcode, final int parameter) {
+      mv.visitIntInsn(opcode, parameter);
+    }
+
     @Override
     public void instruction(final int opcode, final String type) {
       mv.visitTypeInsn(opcode, type);
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableRedefinitionStrategyListener.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableRedefinitionStrategyListener.java
new file mode 100644
index 00000000000..d8b8284146d
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableRedefinitionStrategyListener.java
@@ -0,0 +1,62 @@
+package datadog.trace.agent.tooling.bytebuddy.iast;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import javax.annotation.Nonnull;
+import net.bytebuddy.agent.builder.AgentBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * {@link TaintableVisitor} redefines the structure of a class by adding interfaces and fields,
+ * meaning that it cannot be applied to already loaded classes.
+ *
+ * <p>This listener will disable the visitor to prevent a failure with the whole redefinition batch.
+ */
+public final class TaintableRedefinitionStrategyListener
+    extends AgentBuilder.RedefinitionStrategy.Listener.Adapter {
+
+  private static final Logger LOGGER =
+      LoggerFactory.getLogger(TaintableRedefinitionStrategyListener.class);
+  private static final boolean DEBUG = LOGGER.isDebugEnabled();
+
+  public static final TaintableRedefinitionStrategyListener INSTANCE =
+      new TaintableRedefinitionStrategyListener();
+
+  private TaintableRedefinitionStrategyListener() {}
+
+  @Override
+  @Nonnull
+  public Iterable<? extends List<Class<?>>> onError(
+      final int index,
+      @Nonnull final List<Class<?>> batch,
+      @Nonnull final Throwable throwable,
+      @Nonnull final List<Class<?>> types) {
+    if (TaintableVisitor.ENABLED) {
+      if (DEBUG) {
+        LOGGER.debug(
+            "Exception while retransforming with the visitor in batch {}, disabling it", index);
+      }
+      TaintableVisitor.ENABLED = false;
+      return Collections.singletonList(batch);
+    } else {
+      if (DEBUG) {
+        LOGGER.debug(
+            "Exception while retransforming after disabling the visitor in batch {}, classes won't be instrumented",
+            index);
+      }
+      return Collections.emptyList();
+    }
+  }
+
+  @Override
+  public void onComplete(
+      final int amount, final List<Class<?>> types, final Map<List<Class<?>>, Throwable> failures) {
+    if (DEBUG) {
+      if (!TaintableVisitor.ENABLED) {
+        LOGGER.debug("Retransforming succeeded with a disabled visitor");
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitor.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitor.java
index 595b60a6e9b..1d644ba7580 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitor.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitor.java
@@ -22,6 +22,7 @@
 public class TaintableVisitor implements AsmVisitorWrapper {
 
   public static volatile boolean DEBUG = false;
+  static volatile boolean ENABLED = true;
 
   private static final String INTERFACE_NAME = "datadog/trace/api/iast/Taintable";
   private static final String SOURCE_CLASS_NAME = "L" + INTERFACE_NAME + "$Source;";
@@ -55,9 +56,21 @@ public ClassVisitor wrap(
       final MethodList<?> methods,
       final int writerFlags,
       final int readerFlags) {
-    return types.contains(instrumentedType.getName())
-        ? new AddTaintableInterfaceVisitor(classVisitor)
-        : classVisitor;
+    if (ENABLED) {
+      return types.contains(instrumentedType.getName())
+          ? new AddTaintableInterfaceVisitor(classVisitor)
+          : classVisitor;
+    } else {
+      return NoOp.INSTANCE.wrap(
+          instrumentedType,
+          classVisitor,
+          implementationContext,
+          typePool,
+          fields,
+          methods,
+          writerFlags,
+          readerFlags);
+    }
   }
 
   private static class AddTaintableInterfaceVisitor extends ClassVisitor {
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/HierarchyMatchers.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/HierarchyMatchers.java
index 6826bd0f0d3..97b699e0803 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/HierarchyMatchers.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/HierarchyMatchers.java
@@ -5,7 +5,7 @@
 
 import datadog.trace.agent.tooling.bytebuddy.SharedTypePools;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
-import net.bytebuddy.description.DeclaredByType;
+import net.bytebuddy.description.ByteCodeElement;
 import net.bytebuddy.description.NamedElement;
 import net.bytebuddy.description.annotation.AnnotationSource;
 import net.bytebuddy.description.field.FieldDescription;
@@ -82,15 +82,17 @@ public static ElementMatcher.Junction<TypeDescription> declaresContextField(
     return SUPPLIER.declaresContextField(keyClassName, contextClassName);
   }
 
+  /** Use this to match annotated fields, methods, or method parameters. */
   @SuppressForbidden
-  public static <T extends AnnotationSource & DeclaredByType.WithMandatoryDeclaration>
+  public static <T extends AnnotationSource & ByteCodeElement.TypeDependant<?, ?>>
       ElementMatcher.Junction<T> isAnnotatedWith(NameMatchers.Named<? super NamedElement> matcher) {
     SharedTypePools.annotationOfInterest(matcher.name);
     return ElementMatchers.isAnnotatedWith(matcher);
   }
 
+  /** Use this to match annotated fields, methods, or method parameters. */
   @SuppressForbidden
-  public static <T extends AnnotationSource & DeclaredByType.WithMandatoryDeclaration>
+  public static <T extends AnnotationSource & ByteCodeElement.TypeDependant<?, ?>>
       ElementMatcher.Junction<T> isAnnotatedWith(NameMatchers.OneOf<? super NamedElement> matcher) {
     SharedTypePools.annotationsOfInterest(matcher.names);
     return ElementMatchers.isAnnotatedWith(matcher);
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/ScalaTraitMatchers.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/ScalaTraitMatchers.java
new file mode 100644
index 00000000000..51464848f33
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/matcher/ScalaTraitMatchers.java
@@ -0,0 +1,44 @@
+package datadog.trace.agent.tooling.bytebuddy.matcher;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.is;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+public class ScalaTraitMatchers {
+  public static ElementMatcher.Junction<MethodDescription> isTraitMethod(
+      String traitName, String name, Object... argumentTypes) {
+
+    ElementMatcher.Junction<MethodDescription> scalaOldArgs =
+        isStatic()
+            .and(takesArguments(argumentTypes.length + 1))
+            .and(takesArgument(0, named(traitName)));
+    ElementMatcher.Junction<MethodDescription> scalaNewArgs =
+        not(isStatic()).and(takesArguments(argumentTypes.length));
+
+    for (int i = 0; i < argumentTypes.length; i++) {
+      Object argumentType = argumentTypes[i];
+      ElementMatcher<? super TypeDescription> matcher;
+      if (argumentType instanceof ElementMatcher) {
+        matcher = (ElementMatcher<? super TypeDescription>) argumentType;
+      } else if (argumentType instanceof String) {
+        matcher = named((String) argumentType);
+      } else if (argumentType instanceof Class) {
+        matcher = is((Class<?>) argumentType);
+      } else {
+        throw new IllegalArgumentException("Unexpected type for argument type specification");
+      }
+      scalaOldArgs = scalaOldArgs.and(takesArgument(i + 1, matcher));
+      scalaNewArgs = scalaNewArgs.and(takesArgument(i, matcher));
+    }
+
+    return isMethod().and(named(name)).and(scalaOldArgs.or(scalaNewArgs));
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypeFactory.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypeFactory.java
index ad9f291d8a2..cc0252bef51 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypeFactory.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypeFactory.java
@@ -66,6 +66,9 @@ final class TypeFactory {
     }
   }
 
+  private static final boolean OUTLINING_ENABLED =
+      InstrumenterConfig.get().isResolverOutliningEnabled();
+
   private static final TypeParser outlineTypeParser = new OutlineTypeParser();
 
   private static final TypeParser fullTypeParser = new FullTypeParser();
@@ -86,7 +89,7 @@ final class TypeFactory {
 
   boolean installing = false;
 
-  boolean createOutlines = true;
+  boolean createOutlines = OUTLINING_ENABLED;
 
   ClassLoader originalClassLoader;
 
@@ -152,7 +155,7 @@ void enableFullDescriptions() {
   /** Temporarily turn off full description parsing; returns {@code true} if it was enabled. */
   boolean disableFullDescriptions() {
     boolean wasEnabled = !createOutlines;
-    createOutlines = true;
+    createOutlines = OUTLINING_ENABLED;
     return wasEnabled;
   }
 
@@ -171,7 +174,7 @@ void endTransform() {
 
     targetName = null;
     targetBytecode = null;
-    createOutlines = true;
+    createOutlines = OUTLINING_ENABLED;
   }
 
   private void clearReferences() {
@@ -276,8 +279,8 @@ private TypeDescription loadType(String name, TypeParser typeParser) {
       Class<?> loadedType;
       if (BOOTSTRAP_LOADER == classLoader) {
         loadedType = Class.forName(name, false, BOOTSTRAP_LOADER);
-      } else if (classLoader.getClass().getName().startsWith("groovy.lang.GroovyClassLoader")) {
-        return null; // avoid due to https://issues.apache.org/jira/browse/GROOVY-9742
+      } else if (skipLoadClass(classLoader.getClass().getName())) {
+        return null; // avoid known problematic class-loaders
       } else {
         loadedType = classLoader.loadClass(name);
       }
@@ -293,6 +296,12 @@ private TypeDescription loadType(String name, TypeParser typeParser) {
     }
   }
 
+  private static boolean skipLoadClass(String loaderClassName) {
+    // avoid due to https://issues.apache.org/jira/browse/GROOVY-9742
+    return loaderClassName.startsWith("groovy.lang.GroovyClassLoader")
+        || loaderClassName.equals("org.apache.jasper.servlet.JasperLoader");
+  }
+
   /** Type description that begins with a name and provides more details on-demand. */
   final class LazyType extends WithName implements WithLocation {
     private ClassFileLocator.Resolution location;
@@ -369,7 +378,7 @@ private TypeDescription outline() {
         return doResolve(true);
       }
       // temporarily switch to generating (fast) outlines as that's all we need
-      createOutlines = true;
+      createOutlines = OUTLINING_ENABLED;
       try {
         return doResolve(true);
       } finally {
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypePoolFacade.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypePoolFacade.java
index e4882db4b83..b5b2e3b39a8 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypePoolFacade.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/outline/TypePoolFacade.java
@@ -21,6 +21,7 @@ public static void registerAsSupplier() {
 
   @Override
   public TypePool typePool(ClassLoader classLoader) {
+    switchContext(classLoader);
     return INSTANCE;
   }
 
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/profiling/UnwrappingVisitor.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/profiling/UnwrappingVisitor.java
index e1490e3c0d6..7d6b73d901c 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/profiling/UnwrappingVisitor.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/profiling/UnwrappingVisitor.java
@@ -58,7 +58,8 @@ public ClassVisitor wrap(
 
   private static class ImplementTaskWrapperClassVisitor extends ClassVisitor {
 
-    private static final String TASK_WRAPPER = "datadog/trace/bootstrap/TaskWrapper";
+    private static final String TASK_WRAPPER =
+        "datadog/trace/bootstrap/instrumentation/api/TaskWrapper";
 
     private final String className;
     private final String fieldName;
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSiteAdvice.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSiteAdvice.java
index d00f58dd498..28c41fb820d 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSiteAdvice.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/csi/CallSiteAdvice.java
@@ -9,6 +9,9 @@ interface MethodHandler {
     /** Executes an instruction without parameters */
     void instruction(int opcode);
 
+    /** Executes an instruction with an int parameter */
+    void instruction(final int opcode, final int parameter);
+
     /** Executes an instruction with a type parameter */
     void instruction(int opcode, String type);
 
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/IastPostProcessorFactory.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/IastPostProcessorFactory.java
new file mode 100644
index 00000000000..2cfd9ab9ec5
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/IastPostProcessorFactory.java
@@ -0,0 +1,176 @@
+package datadog.trace.agent.tooling.iast;
+
+import static datadog.trace.api.iast.telemetry.IastMetric.EXECUTED_PROPAGATION;
+import static datadog.trace.api.iast.telemetry.IastMetric.EXECUTED_SINK;
+import static datadog.trace.api.iast.telemetry.IastMetric.EXECUTED_SOURCE;
+import static datadog.trace.api.iast.telemetry.IastMetric.INSTRUMENTED_PROPAGATION;
+import static datadog.trace.api.iast.telemetry.IastMetric.INSTRUMENTED_SINK;
+import static datadog.trace.api.iast.telemetry.IastMetric.INSTRUMENTED_SOURCE;
+import static net.bytebuddy.jar.asm.Opcodes.BIPUSH;
+import static net.bytebuddy.jar.asm.Opcodes.GETSTATIC;
+import static net.bytebuddy.jar.asm.Opcodes.ICONST_0;
+import static net.bytebuddy.jar.asm.Opcodes.ICONST_1;
+import static net.bytebuddy.jar.asm.Opcodes.ICONST_M1;
+import static net.bytebuddy.jar.asm.Opcodes.INVOKESTATIC;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.telemetry.IastMetric;
+import datadog.trace.api.iast.telemetry.IastMetricCollector;
+import datadog.trace.api.iast.telemetry.Verbosity;
+import java.util.Collections;
+import javax.annotation.Nonnull;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.annotation.AnnotationDescription;
+import net.bytebuddy.description.annotation.AnnotationValue;
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.description.type.PackageDescription;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.implementation.Implementation;
+import net.bytebuddy.implementation.bytecode.StackManipulation;
+import net.bytebuddy.implementation.bytecode.assign.Assigner;
+import net.bytebuddy.jar.asm.MethodVisitor;
+import net.bytebuddy.jar.asm.Type;
+
+public class IastPostProcessorFactory implements Advice.PostProcessor.Factory {
+
+  public static final Advice.PostProcessor.Factory INSTANCE;
+
+  static {
+    final Verbosity verbosity = Config.get().getIastTelemetryVerbosity();
+    INSTANCE = verbosity == Verbosity.OFF ? null : new IastPostProcessorFactory(verbosity);
+  }
+
+  private static final String IAST_ANNOTATIONS_PKG = Sink.class.getPackage().getName();
+  private static final String SINK_NAME = Sink.class.getSimpleName();
+  private static final String PROPAGATION_NAME = Propagation.class.getSimpleName();
+  private static final String SOURCE_NAME = Source.class.getSimpleName();
+
+  private static final String COLLECTOR_INTERNAL_NAME =
+      Type.getType(IastMetricCollector.class).getInternalName();
+  private static final String METRIC_INTERNAL_NAME =
+      Type.getType(IastMetric.class).getInternalName();
+  private static final String METRIC_DESCRIPTOR = "L" + METRIC_INTERNAL_NAME + ";";
+  private static final String ADD_DESCRIPTOR = "(" + METRIC_DESCRIPTOR + "I)V";
+  private static final String ADD_WITH_TAG_DESCRIPTOR = "(" + METRIC_DESCRIPTOR + "BI)V";
+
+  private final Verbosity verbosity;
+
+  public IastPostProcessorFactory(final Verbosity verbosity) {
+    this.verbosity = verbosity;
+  }
+
+  @Override
+  public @Nonnull Advice.PostProcessor make(
+      @Nonnull final MethodDescription.InDefinedShape advice, final boolean exit) {
+    for (final AnnotationDescription annotation : advice.getDeclaredAnnotations()) {
+      final TypeDescription typeDescr = annotation.getAnnotationType();
+      final PackageDescription pkgDescr = typeDescr.getPackage();
+      if (pkgDescr != null && IAST_ANNOTATIONS_PKG.equals(pkgDescr.getName())) {
+        final String typeName = typeDescr.getSimpleName();
+        if (SINK_NAME.equals(typeName)) {
+          final AnnotationValue<?, ?> tag = annotation.getValue("value");
+          return createPostProcessor(INSTRUMENTED_SINK, EXECUTED_SINK, tag.resolve(Byte.class));
+        } else if (SOURCE_NAME.equals(typeName)) {
+          final AnnotationValue<?, ?> tag = annotation.getValue("value");
+          return createPostProcessor(INSTRUMENTED_SOURCE, EXECUTED_SOURCE, tag.resolve(Byte.class));
+        } else if (PROPAGATION_NAME.equals(typeName)) {
+          return createPostProcessor(INSTRUMENTED_PROPAGATION, EXECUTED_PROPAGATION, null);
+        }
+      }
+    }
+    return Advice.PostProcessor.NoOp.INSTANCE;
+  }
+
+  private PostProcessor createPostProcessor(
+      final IastMetric instrumented, final IastMetric executed, final Byte tagValue) {
+    if (!executed.isEnabled(verbosity)) {
+      return new PostProcessor(instrumented, null, tagValue);
+    }
+    return new PostProcessor(instrumented, executed, tagValue);
+  }
+
+  private static class PostProcessor implements Advice.PostProcessor {
+
+    private final IastMetric instrumentation;
+    private final IastMetric runtime;
+    private final Byte tagValue;
+
+    private PostProcessor(
+        final IastMetric instrumentation, final IastMetric runtime, final Byte tagValue) {
+      this.instrumentation = instrumentation;
+      this.runtime = runtime;
+      this.tagValue = tagValue;
+    }
+
+    @Override
+    public @Nonnull StackManipulation resolve(
+        @Nonnull final TypeDescription instrumentedType,
+        @Nonnull final MethodDescription instrumentedMethod,
+        @Nonnull final Assigner assigner,
+        @Nonnull final Advice.ArgumentHandler argumentHandler,
+        @Nonnull final Advice.StackMapFrameHandler.ForPostProcessor stackMapFrameHandler,
+        @Nonnull final StackManipulation exceptionHandler) {
+      if (tagValue == null) {
+        IastMetricCollector.add(instrumentation, 1);
+      } else {
+        IastMetricCollector.add(instrumentation, (byte) tagValue, 1);
+      }
+      return runtime == null
+          ? StackManipulation.Trivial.INSTANCE
+          : new TelemetryStackManipulation(stackMapFrameHandler, runtime.name(), tagValue);
+    }
+  }
+
+  private static class TelemetryStackManipulation extends StackManipulation.AbstractBase {
+    private final Advice.StackMapFrameHandler.ForAdvice.ForPostProcessor stackMapFrameHandler;
+    private final String metricName;
+    private final Byte tagValue;
+
+    private TelemetryStackManipulation(
+        final Advice.StackMapFrameHandler.ForPostProcessor stackMapFrameHandler,
+        final String metricName,
+        final Byte tagValue) {
+      this.stackMapFrameHandler = stackMapFrameHandler;
+      this.metricName = metricName;
+      this.tagValue = tagValue;
+    }
+
+    @Override
+    public @Nonnull Size apply(
+        @Nonnull final MethodVisitor mv, @Nonnull final Implementation.Context ctx) {
+      stackMapFrameHandler.injectIntermediateFrame(mv, Collections.emptyList());
+      mv.visitFieldInsn(GETSTATIC, METRIC_INTERNAL_NAME, metricName, METRIC_DESCRIPTOR);
+      final String descriptor;
+      if (tagValue != null) {
+        visitTag(mv, tagValue);
+        descriptor = ADD_WITH_TAG_DESCRIPTOR;
+      } else {
+        descriptor = ADD_DESCRIPTOR;
+      }
+      mv.visitInsn(ICONST_1);
+      mv.visitMethodInsn(INVOKESTATIC, COLLECTOR_INTERNAL_NAME, "add", descriptor, false);
+      return new Size(0, tagValue != null ? 3 : 2);
+    }
+
+    private void visitTag(final MethodVisitor mv, final byte tagValue) {
+      switch (tagValue) {
+        case -1:
+          mv.visitInsn(ICONST_M1);
+          break;
+        case 0:
+        case 1:
+        case 2:
+        case 3:
+        case 4:
+        case 5:
+          mv.visitInsn(ICONST_0 + tagValue);
+          break;
+        default:
+          mv.visitIntInsn(BIPUSH, tagValue);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/TaintableEnumeration.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/TaintableEnumeration.java
new file mode 100644
index 00000000000..cfc8fb3b44f
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/TaintableEnumeration.java
@@ -0,0 +1,101 @@
+package datadog.trace.agent.tooling.iast;
+
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import datadog.trace.util.stacktrace.StackUtils;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import java.util.Enumeration;
+import javax.annotation.Nullable;
+
+public class TaintableEnumeration implements Enumeration<String> {
+
+  private static final String CLASS_NAME = TaintableEnumeration.class.getName();
+
+  private volatile IastContext context;
+  private volatile boolean contextFetched;
+
+  private final PropagationModule module;
+
+  private final byte origin;
+
+  private final CharSequence name;
+
+  private final boolean useValueAsName;
+
+  private final Enumeration<String> delegate;
+
+  private TaintableEnumeration(
+      @NonNull final Enumeration<String> delegate,
+      @NonNull final PropagationModule module,
+      final byte origin,
+      @Nullable final CharSequence name,
+      final boolean useValueAsName) {
+    this.delegate = delegate;
+    this.module = module;
+    this.origin = origin;
+    this.name = name;
+    this.useValueAsName = useValueAsName;
+  }
+
+  @Override
+  public boolean hasMoreElements() {
+    try {
+      return delegate.hasMoreElements();
+    } catch (Throwable e) {
+      StackUtils.filterFirst(e, TaintableEnumeration::nonTaintableEnumerationStack);
+      throw e;
+    }
+  }
+
+  @Override
+  public String nextElement() {
+    final String next;
+    try {
+      next = delegate.nextElement();
+    } catch (Throwable e) {
+      StackUtils.filterFirst(e, TaintableEnumeration::nonTaintableEnumerationStack);
+      throw e;
+    }
+    try {
+      module.taint(context(), next, origin, name(next));
+    } catch (final Throwable e) {
+      module.onUnexpectedException("Failed to taint enumeration", e);
+    }
+    return next;
+  }
+
+  private IastContext context() {
+    if (!contextFetched) {
+      contextFetched = true;
+      context = IastContext.Provider.get();
+    }
+    return context;
+  }
+
+  private CharSequence name(final String value) {
+    if (name != null) {
+      return name;
+    }
+    return useValueAsName ? value : null;
+  }
+
+  private static boolean nonTaintableEnumerationStack(final StackTraceElement element) {
+    return !CLASS_NAME.equals(element.getClassName());
+  }
+
+  public static Enumeration<String> wrap(
+      @NonNull final Enumeration<String> delegate,
+      @NonNull final PropagationModule module,
+      final byte origin,
+      @Nullable final CharSequence name) {
+    return new TaintableEnumeration(delegate, module, origin, name, false);
+  }
+
+  public static Enumeration<String> wrap(
+      @NonNull final Enumeration<String> delegate,
+      @NonNull final PropagationModule module,
+      final byte origin,
+      boolean useValueAsName) {
+    return new TaintableEnumeration(delegate, module, origin, null, useValueAsName);
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/muzzle/MuzzleVersionScanPlugin.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/muzzle/MuzzleVersionScanPlugin.java
index 72562cd902e..23b0b755f74 100644
--- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/muzzle/MuzzleVersionScanPlugin.java
+++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/muzzle/MuzzleVersionScanPlugin.java
@@ -164,6 +164,15 @@ public static void printMuzzleReferences(final ClassLoader instrumentationLoader
     }
   }
 
+  public static Set<String> listInstrumentationNames(
+      final ClassLoader instrumentationLoader, String directive) throws Exception {
+    final Set<String> ret = new HashSet<>();
+    for (final Instrumenter.Default instrumenter : toBeTested(instrumentationLoader, directive)) {
+      ret.add(instrumenter.name());
+    }
+    return ret;
+  }
+
   private static String prettyPrint(final String prefix, final Reference ref) {
     final StringBuilder builder = new StringBuilder(prefix);
     builder.append(Reference.prettyPrint(ref.flags));
diff --git a/dd-java-agent/agent-tooling/src/main/resources/datadog/trace/agent/tooling/bytebuddy/matcher/ignored_class_name.trie b/dd-java-agent/agent-tooling/src/main/resources/datadog/trace/agent/tooling/bytebuddy/matcher/ignored_class_name.trie
index ad2b96727af..d244f5a623b 100644
--- a/dd-java-agent/agent-tooling/src/main/resources/datadog/trace/agent/tooling/bytebuddy/matcher/ignored_class_name.trie
+++ b/dd-java-agent/agent-tooling/src/main/resources/datadog/trace/agent/tooling/bytebuddy/matcher/ignored_class_name.trie
@@ -42,7 +42,8 @@
 1 io.opentelemetry.javaagent.*
 1 java.*
 # allow exception profiling instrumentation
-0 java.lang.Throwable
+0 java.lang.Exception
+0 java.lang.Error
 # allow ProcessImpl instrumentation
 0 java.lang.ProcessImpl
 0 java.net.http.*
@@ -52,6 +53,7 @@
 0 java.nio.DirectByteBuffer
 0 java.nio.ByteBuffer
 0 java.rmi.*
+0 java.util.Timer
 0 java.util.concurrent.*
 1 java.util.concurrent.ConcurrentHashMap*
 1 java.util.concurrent.atomic.*
@@ -121,6 +123,9 @@
 2 akka.http.scaladsl.*
 0 akka.http.scaladsl.Http2Ext
 0 akka.http.scaladsl.HttpExt
+0 akka.http.scaladsl.server.ExceptionHandler$
+0 akka.http.scaladsl.common.StrictForm$
+0 akka.http.impl.engine.server.HttpServerBluePrint$ControllerStage$$anon$*
 # saves ~0.1s skipping ~407 classes
 2 akka.stream.*
 0 akka.stream.impl.FanIn$SubInput
@@ -132,6 +137,8 @@
 0 akka.http.javadsl.model.HttpHeader
 0 akka.http.scaladsl.model.HttpRequest
 0 akka.http.scaladsl.model.headers.*
+0 akka.http.scaladsl.marshallers.sprayjson.SprayJsonSupport
+0 akka.http.scaladsl.marshallers.sprayjson.SprayJsonSupport$class
 0 akka.http.scaladsl.unmarshalling.*
 0 akka.http.scaladsl.server.PathMatcher$Matched
 0 akka.http.scaladsl.server.directives.ParameterDirectives$class
@@ -141,6 +148,7 @@
 0 akka.http.scaladsl.server.directives.FormFieldDirectives$class
 0 akka.http.scaladsl.server.directives.FormFieldDirectives
 0 akka.http.scaladsl.model.Uri
+0 akka.http.scaladsl.model.Multipart$FormData
 0 akka.http.scaladsl.model.FormData
 0 akka.http.scaladsl.server.RequestContextImpl
 0 akka.http.scaladsl.server.directives.CookieDirectives$class
@@ -185,6 +193,9 @@
 0 com.google.common.base.internal.Finalizer
 0 com.google.common.util.concurrent.*
 2 com.google.gson.*
+# Need for IAST: we instrument this class
+0 com.google.gson.Gson
+0 com.google.gson.stream.JsonReader
 2 com.google.inject.*
 # We instrument Runnable there
 0 com.google.inject.internal.AbstractBindingProcessor$*
@@ -244,6 +255,7 @@
 0 org.springframework.beans.factory.support.DefaultListableBeanFactory
 0 org.springframework.beans.factory.support.DisposableBeanAdapter
 2 org.springframework.boot.*
+0 org.apache.xalan.transformer.TransformerImpl
 # More runnables to deal with
 0 org.springframework.boot.autoconfigure.BackgroundPreinitializer$*
 0 org.springframework.boot.autoconfigure.condition.OnClassCondition$*
@@ -276,8 +288,6 @@
 2 org.springframework.expression.*
 2 org.springframework.format.*
 2 org.springframework.http.*
-# Need for IAST: calls ServletRequest methods instrumented at callsite
-0 org.springframework.http.server.ServletServerHttpRequest
 # Need for IAST: we instrument these classes
 0 org.springframework.http.HttpHeaders
 0 org.springframework.http.ReadOnlyHttpHeaders
@@ -313,16 +323,15 @@
 2 org.springframework.validation.*
 2 org.springframework.web.*
 0 org.springframework.web.context.request.async.*
-0 org.springframework.web.context.request.*
 0 org.springframework.web.context.support.AbstractRefreshableWebApplicationContext
 0 org.springframework.web.context.support.GenericWebApplicationContext
 0 org.springframework.web.context.support.XmlWebApplicationContext
 0 org.springframework.web.reactive.*
 0 org.springframework.web.servlet.*
-# Included for IAST
-0 org.springframework.web.util.WebUtils
-# Included for IAST Spring mvc unvalidated redirect vulnerability
-0 org.springframework.web.method.support.InvocableHandlerMethod
+# Need for IAST so propagation of tainted objects is complete in spring 2.7.5
+0 org.springframework.util.StreamUtils$NonClosingInputStream
+# Included for IAST Spring mvc unvalidated redirect and xss vulnerability
+0 org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite
 2 org.xml.*
 2 org.yaml.snakeyaml.*
 # saves ~0.5s skipping instrumentation of almost ~470 classes
@@ -330,5 +339,8 @@
 
 # -------- SPECIAL CASES --------
 
+# incomplete wrapper that throws exceptions for all but one method
+1 reactor.rabbitmq.ChannelProxy
+
 3 com.mchange.v2.c3p0.*
 4 org.springframework.http.converter.*
diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/WeakMapTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/WeakMapTest.groovy
index 7c1f8eea0d4..e501161c6fe 100644
--- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/WeakMapTest.groovy
+++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/WeakMapTest.groovy
@@ -1,8 +1,8 @@
 package datadog.trace.agent.tooling
 
-import datadog.trace.test.util.Flaky
 import datadog.trace.test.util.GCUtils
 import datadog.trace.test.util.DDSpecification
+import spock.lang.IgnoreIf
 
 import java.lang.ref.WeakReference
 import java.util.concurrent.TimeUnit
@@ -36,6 +36,7 @@ class WeakMapTest extends DDSpecification {
   }
 
   //@Flaky("awaitGC usage is flaky")
+  @IgnoreIf(reason="Often fails in Semeru runtime", value = { System.getProperty("java.runtime.name").contains("Semeru") })
   def "Unreferenced map gets cleaned up"() {
     setup:
     def map = WeakMaps.newWeakMap()
@@ -51,6 +52,7 @@ class WeakMapTest extends DDSpecification {
   }
 
   //@Flaky("awaitGC usage is flaky")
+  @IgnoreIf(reason="Often fails in Semeru runtime", value = { System.getProperty("java.runtime.name").contains("Semeru") })
   def "Unreferenced keys get cleaned up"() {
     setup:
     def key = new Object()
diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/MrReturnAdvice.java b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/MrReturnAdvice.java
new file mode 100644
index 00000000000..88872a50f41
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/MrReturnAdvice.java
@@ -0,0 +1,10 @@
+package datadog.trace.agent.tooling.bytebuddy.iast;
+
+import net.bytebuddy.asm.Advice;
+
+public class MrReturnAdvice {
+  @Advice.OnMethodExit
+  public static void sayHello(@Advice.Return(readOnly = false) String result) {
+    result = "Hello Mr!";
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitorTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitorTest.groovy
index 41fd865afb4..88a51e3ab35 100644
--- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitorTest.groovy
+++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/bytebuddy/iast/TaintableVisitorTest.groovy
@@ -1,13 +1,32 @@
 package datadog.trace.agent.tooling.bytebuddy.iast
 
+import datadog.trace.agent.tooling.bytebuddy.LoadedTaintableClass
 import datadog.trace.api.iast.Taintable
-import groovy.transform.CompileDynamic
+import datadog.trace.test.util.DDSpecification
 import net.bytebuddy.ByteBuddy
+import net.bytebuddy.agent.ByteBuddyAgent
+import net.bytebuddy.agent.builder.AgentBuilder
 import net.bytebuddy.description.modifier.Visibility
-import spock.lang.Specification
+import net.bytebuddy.description.type.TypeDescription
+import net.bytebuddy.dynamic.DynamicType
+import net.bytebuddy.utility.JavaModule
+import net.bytebuddy.utility.nullability.MaybeNull
 
-@CompileDynamic
-class TaintableVisitorTest extends Specification {
+import java.security.ProtectionDomain
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named
+
+class TaintableVisitorTest extends DDSpecification {
+
+  private boolean wasEnabled
+
+  void setup() {
+    wasEnabled = TaintableVisitor.ENABLED
+  }
+
+  void cleanup() {
+    TaintableVisitor.ENABLED = wasEnabled
+  }
 
   void 'test taintable visitor'() {
     given:
@@ -81,4 +100,51 @@ class TaintableVisitorTest extends Specification {
     then:
     1 * source.getOrigin()
   }
+
+  void 'test taintable visitor with already loaded class'() {
+    given:
+    final instance = new LoadedTaintableClass()
+    final listener = Mock(AgentBuilder.RedefinitionStrategy.Listener)
+
+    when:
+    final result = instance.sayHello()
+
+    then:
+    result == 'Hello!'
+
+    when:
+    new AgentBuilder.Default()
+      .disableClassFormatChanges()
+      .with(AgentBuilder.RedefinitionStrategy.RETRANSFORMATION)
+      .with(TaintableRedefinitionStrategyListener.INSTANCE)
+      .with(listener)
+      .type(named(LoadedTaintableClass.name))
+      .transform(new AgentBuilder.Transformer.ForAdvice().advice(named('sayHello'), 'datadog.trace.agent.tooling.bytebuddy.iast.MrReturnAdvice'))
+      .transform(new AgentBuilder.Transformer() {
+        @Override
+        DynamicType.Builder<?> transform(DynamicType.Builder<?> builder,
+          TypeDescription typeDescription,
+          @MaybeNull ClassLoader classLoader,
+          @MaybeNull JavaModule module,
+          ProtectionDomain protectionDomain) {
+          return builder.visit(new TaintableVisitor(LoadedTaintableClass.name))
+        }
+      })
+      .installOn(ByteBuddyAgent.instrumentation)
+
+    then:
+    final modifiedResult = instance.sayHello()
+
+    then:
+    modifiedResult == 'Hello Mr!'
+    // failing initial batch
+    1 * listener.onBatch(0, { List<Class<?>> list -> list.contains(LoadedTaintableClass) }, _)
+    1 * listener.onError(0, { List<Class<?>> list -> list.contains(LoadedTaintableClass) }, _, _) >> []
+
+    // successful batch after disabling the visitor
+    1 * listener.onBatch(1, { List<Class<?>> list -> list.contains(LoadedTaintableClass) }, _)
+
+    // finally two batches where executed
+    1 * listener.onComplete(2, { List<Class<?>> list -> list.contains(LoadedTaintableClass) }, _)
+  }
 }
diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/IastPostProcessorFactoryTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/IastPostProcessorFactoryTest.groovy
new file mode 100644
index 00000000000..fb3757edf4a
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/IastPostProcessorFactoryTest.groovy
@@ -0,0 +1,83 @@
+package datadog.trace.agent.tooling.iast
+
+import datadog.trace.api.iast.telemetry.IastMetric
+import datadog.trace.api.iast.telemetry.IastMetricCollector
+import datadog.trace.test.util.DDSpecification
+import net.bytebuddy.asm.Advice
+import net.bytebuddy.description.method.MethodDescription
+import net.bytebuddy.description.type.TypeDescription
+import net.bytebuddy.implementation.Implementation
+import net.bytebuddy.implementation.bytecode.StackManipulation
+import net.bytebuddy.implementation.bytecode.assign.Assigner
+import net.bytebuddy.jar.asm.MethodVisitor
+import net.bytebuddy.jar.asm.Opcodes
+import net.bytebuddy.jar.asm.Type
+
+class IastPostProcessorFactoryTest extends DDSpecification {
+
+  private static final Type COLLECTOR_TYPE = Type.getType(IastMetricCollector)
+  private static final Type METRIC_TYPE = Type.getType(IastMetric)
+
+  static class NonAnnotatedAdvice {
+    @Advice.OnMethodExit
+    static void exit() {}
+  }
+
+  void 'test factory for non annotated'() {
+    given:
+    final method = new MethodDescription.ForLoadedMethod(NonAnnotatedAdvice.getDeclaredMethod('exit'))
+
+    when:
+    final result = IastPostProcessorFactory.INSTANCE.make(method, true)
+
+    then:
+    result == Advice.PostProcessor.NoOp.INSTANCE
+  }
+
+  void 'test factory for annotated advice'() {
+    given:
+    final collector = IastMetricCollector.get()
+    final method = new MethodDescription.ForLoadedMethod(IastAnnotatedAdvice.getDeclaredMethod('exit'))
+    final typeDescription = Mock(TypeDescription)
+    final methodDescription = Mock(MethodDescription)
+    final assigner = Mock(Assigner)
+    final argumentHandler = Mock(Advice.ArgumentHandler)
+    final forPostProcessor = Mock(Advice.StackMapFrameHandler.ForPostProcessor)
+    final stackManipulation = Mock(StackManipulation)
+    final methodVisitor = Mock(MethodVisitor)
+    final context = Mock(Implementation.Context)
+
+    when:
+    final postProcessor = IastPostProcessorFactory.INSTANCE.make(method, true)
+
+    then:
+    postProcessor != Advice.PostProcessor.NoOp.INSTANCE
+
+    when: 'a new advice is handled'
+    final manipulation = postProcessor.resolve(typeDescription, methodDescription, assigner, argumentHandler, forPostProcessor, stackManipulation)
+
+    then: 'a new method has been instrumented and the metric is generated'
+    manipulation != null
+    collector.prepareMetrics()
+    final metrics = collector.drain()
+    assert metrics.size() == 1
+    // one method has ben instrumented
+    metrics.first().with {
+      assert it.metric == IastMetric.INSTRUMENTED_SINK
+      assert it.tags == ['vulnerability_type:SQL_INJECTION']
+      assert it.value == 1L
+    }
+
+    when: 'the advice is used'
+    final size = manipulation.apply(methodVisitor, context)
+
+    then: 'the byte code to generate the metric during runtime is appended'
+    size.sizeImpact == 0 // stack remains the same
+    size.maximalSize == 3 // metric + tag + counter
+    1 * forPostProcessor.injectIntermediateFrame(methodVisitor, []) // new empty frame
+    1 * methodVisitor.visitFieldInsn(Opcodes.GETSTATIC, METRIC_TYPE.internalName, 'EXECUTED_SINK', 'L' + METRIC_TYPE.internalName + ';') // add executed metric to stack
+    1 * methodVisitor.visitInsn(Opcodes.ICONST_2) // add tag to stack: public static final byte SQL_INJECTION = 2
+    1 * methodVisitor.visitInsn(Opcodes.ICONST_1) // add counter to stack
+    1 * methodVisitor.visitMethodInsn(Opcodes.INVOKESTATIC, COLLECTOR_TYPE.internalName, 'add', '(L' + METRIC_TYPE.internalName + ';BI)V', false) // call increment
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/TaintableEnumerationTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/TaintableEnumerationTest.groovy
new file mode 100644
index 00000000000..78566a8bec7
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/TaintableEnumerationTest.groovy
@@ -0,0 +1,99 @@
+package datadog.trace.agent.tooling.iast
+
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.IastContext
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.SourceTypes
+import datadog.trace.api.iast.propagation.PropagationModule
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer
+import datadog.trace.test.util.DDSpecification
+import spock.lang.Shared
+
+class TaintableEnumerationTest extends DDSpecification {
+
+  @Shared
+  protected static final AgentTracer.TracerAPI ORIGINAL_TRACER = AgentTracer.get()
+
+  protected AgentTracer.TracerAPI tracer = Mock(AgentTracer.TracerAPI)
+
+  protected IastContext iastCtx = Mock(IastContext)
+
+  protected RequestContext reqCtx = Mock(RequestContext) {
+    getData(RequestContextSlot.IAST) >> iastCtx
+  }
+
+  protected AgentSpan span = Mock(AgentSpan) {
+    getRequestContext() >> reqCtx
+  }
+
+  protected PropagationModule module
+
+
+  void setup() {
+    AgentTracer.forceRegister(tracer)
+    module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+  }
+
+  void cleanup() {
+    AgentTracer.forceRegister(ORIGINAL_TRACER)
+    InstrumentationBridge.clearIastModules()
+  }
+
+  void 'underlying enumerated values are tainted with a name'() {
+    given:
+    final values = (1..10).collect { "value$it".toString() }
+    final origin = SourceTypes.REQUEST_PARAMETER_NAME
+    final name = 'test'
+    final enumeration = TaintableEnumeration.wrap(Collections.enumeration(values), module, origin, name)
+
+    when:
+    final result = enumeration.collect()
+
+    then:
+    result == values
+    values.each { 1 * module.taint(_, it, origin, name) }
+    1 * tracer.activeSpan() >> span // only one access to the active context
+  }
+
+  void 'underlying enumerated values are tainted with the value as a name'() {
+    given:
+    final values = (1..10).collect { "value$it".toString() }
+    final origin = SourceTypes.REQUEST_PARAMETER_NAME
+    final enumeration = TaintableEnumeration.wrap(Collections.enumeration(values), module, origin, true)
+
+    when:
+    final result = enumeration.collect()
+
+    then:
+    result == values
+    values.each { 1 * module.taint(_, it, origin, it) }
+  }
+
+  void 'taintable enumeration leaves no trace in case of error'() {
+    given:
+    final origin = SourceTypes.REQUEST_PARAMETER_NAME
+    final enumeration = TaintableEnumeration.wrap(new BadEnumeration(), module, origin, true)
+
+    when:
+    enumeration.hasMoreElements()
+
+    then:
+    final first = thrown(Error)
+    first.stackTrace.find { it.className == TaintableEnumeration.name } == null
+  }
+
+  private static class BadEnumeration implements Enumeration<String> {
+    @Override
+    boolean hasMoreElements() {
+      throw new Error('Ooops!!!')
+    }
+
+    @Override
+    String nextElement() {
+      throw new Error('Boom!!!')
+    }
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/muzzle/ReferenceMatcherTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/muzzle/ReferenceMatcherTest.groovy
index d04ec546e83..cdfcd656e51 100644
--- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/muzzle/ReferenceMatcherTest.groovy
+++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/muzzle/ReferenceMatcherTest.groovy
@@ -7,6 +7,7 @@ import datadog.trace.agent.tooling.muzzle.TestAdviceClasses.MethodBodyAdvice
 import datadog.trace.test.util.DDSpecification
 import net.bytebuddy.jar.asm.Type
 import net.bytebuddy.pool.TypePool
+import spock.lang.IgnoreIf
 import spock.lang.Shared
 
 import static datadog.trace.agent.tooling.muzzle.Reference.EXPECTS_INTERFACE
@@ -60,6 +61,7 @@ class ReferenceMatcherTest extends DDSpecification {
     getMismatchClassSet(refMatcher.getMismatchedReferenceSources(unsafeClasspath)) == new HashSet<>([MissingClass])
   }
 
+  @IgnoreIf(reason="Often fails in Semeru runtime", value = { System.getProperty("java.runtime.name").contains("Semeru") })
   def "matching does not hold a strong reference to classloaders"() {
     expect:
     MuzzleWeakReferenceTest.classLoaderRefIsGarbageCollected()
diff --git a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/bytebuddy/LoadedTaintableClass.java b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/bytebuddy/LoadedTaintableClass.java
new file mode 100644
index 00000000000..a851f988502
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/bytebuddy/LoadedTaintableClass.java
@@ -0,0 +1,8 @@
+package datadog.trace.agent.tooling.bytebuddy;
+
+public class LoadedTaintableClass {
+
+  public String sayHello() {
+    return "Hello!";
+  }
+}
diff --git a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/csi/StringConcatExample.java b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/csi/StringConcatExample.java
index 136517b8c08..facd9ce4ab9 100644
--- a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/csi/StringConcatExample.java
+++ b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/csi/StringConcatExample.java
@@ -11,7 +11,7 @@ public class StringConcatExample implements BiFunction<String, String, String> {
   public String apply(final String first, final String second) {
     LOGGER.debug("Before apply");
     final String result = first.concat(second);
-    LOGGER.debug("After apply " + result);
+    LOGGER.debug("After apply {}", result);
     return result;
   }
 }
diff --git a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/IastAnnotatedAdvice.java b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/IastAnnotatedAdvice.java
new file mode 100644
index 00000000000..bed2f532fcb
--- /dev/null
+++ b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/IastAnnotatedAdvice.java
@@ -0,0 +1,11 @@
+package datadog.trace.agent.tooling.iast;
+
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import net.bytebuddy.asm.Advice;
+
+public class IastAnnotatedAdvice {
+  @Advice.OnMethodExit
+  @Sink(VulnerabilityTypes.SQL_INJECTION)
+  static void exit() {}
+}
diff --git a/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusConstantsExample.java b/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusConstantsExample.java
index 23df53b87a7..a71e58609a0 100644
--- a/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusConstantsExample.java
+++ b/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusConstantsExample.java
@@ -11,7 +11,7 @@ public class StringPlusConstantsExample implements TriFunction<String, String, S
   public String apply(final String first, final String second, final String third) {
     LOGGER.debug("Before apply");
     final String result = first + " " + second + " " + third;
-    LOGGER.debug("After apply " + result);
+    LOGGER.debug("After apply {}", result);
     return result;
   }
 }
diff --git a/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusExample.java b/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusExample.java
index 24449ee59a9..0a15d1e9fe4 100644
--- a/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusExample.java
+++ b/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusExample.java
@@ -11,7 +11,7 @@ public class StringPlusExample implements TriFunction<String, String, String, St
   public String apply(final String first, final String second, final String third) {
     LOGGER.debug("Before apply");
     final String result = first + second + third;
-    LOGGER.debug("After apply " + result);
+    LOGGER.debug("After apply {}", result);
     return result;
   }
 }
diff --git a/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusLoadWithTagsExample.java b/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusLoadWithTagsExample.java
index 66bba6e17e4..a0461eb111b 100644
--- a/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusLoadWithTagsExample.java
+++ b/dd-java-agent/agent-tooling/src/test/java11/datadog/trace/agent/tooling/csi/StringPlusLoadWithTagsExample.java
@@ -11,7 +11,7 @@ public class StringPlusLoadWithTagsExample implements TriFunction<String, String
   public String apply(final String first, final String second, final String third) {
     LOGGER.debug("Before apply");
     final String result = first + " \u0002 " + second + " \u0001 " + third;
-    LOGGER.debug("After apply " + result);
+    LOGGER.debug("After apply {}", result);
     return result;
   }
 }
diff --git a/dd-java-agent/appsec/build.gradle b/dd-java-agent/appsec/build.gradle
index 21e564e294f..7f270bbf4c7 100644
--- a/dd-java-agent/appsec/build.gradle
+++ b/dd-java-agent/appsec/build.gradle
@@ -1,8 +1,3 @@
-buildscript {
-  dependencies {
-    classpath 'org.jsonschema2pojo:jsonschema2pojo-gradle-plugin:1.1.1'
-  }
-}
 plugins {
   id "com.github.johnrengelman.shadow"
   id "me.champeau.jmh"
@@ -11,19 +6,15 @@ plugins {
 
 apply from: "$rootDir/gradle/java.gradle"
 apply from: "$rootDir/gradle/version.gradle"
-apply plugin: 'jsonschema2pojo'
 
 dependencies {
   api deps.slf4j
   implementation project(':internal-api')
   implementation project(':communication')
   implementation project(':telemetry')
-  implementation group: 'io.sqreen', name: 'libsqreen', version: '7.1.0'
+  implementation group: 'io.sqreen', name: 'libsqreen', version: '8.0.0'
   implementation group: 'com.squareup.moshi', name: 'moshi', version: versions.moshi
 
-  annotationProcessor deps.autoserviceProcessor
-  compileOnly deps.autoserviceAnnotation
-
   testImplementation deps.bytebuddy
   testImplementation project(':utils:test-utils')
   testImplementation group: 'org.hamcrest', name: 'hamcrest', version: '2.2'
@@ -59,35 +50,6 @@ jmhJar {
   exclude 'org/slf4j/impl/**/*'
 }
 
-jsonSchema2Pojo {
-  source = files("$projectDir/src/main/schemas")
-  targetPackage = 'com.datadog.appsec.report'
-  includeAdditionalProperties = false
-  includeGeneratedAnnotation = false
-  generateBuilders = true
-  useInnerClassBuilders = true
-  usePrimitives = false
-  annotationStyle = 'moshi1'
-  //  customAnnotator = 'org.jsonschema2pojo.NoopAnnotator'
-
-  // Whether to use the 'title' property of the schema to decide the class name (if not
-  // set to true, the filename and property names are used).
-  useTitleAsClassname = true
-  sourceType = 'jsonschema'
-
-
-  dateType = "java.time.LocalDate"
-  dateTimeType = "java.time.Instant"
-  timeType = "java.time.LocalDate"
-
-  //  formatTypeMapping = []
-  //  toStringExcludes = ["someProperty"]
-
-  targetVersion = "1.8"
-}
-
-packageSources.dependsOn 'generateJsonSchema2Pojo'
-sourcesJar.dependsOn 'generateJsonSchema2Pojo'
 
 task runSampleApp(type: GradleBuild, dependsOn: ':dd-java-agent:shadowJar') {
   description = "Run AppSec sample app with instrumentation"
@@ -117,13 +79,13 @@ ext {
   excludedClassesCoverage = [
     'com.datadog.appsec.config.MergedAsmData.InvalidAsmDataException',
     'com.datadog.appsec.powerwaf.LibSqreenInitialization',
-    'com.datadog.appsec.report.raw.events.*',
-    'com.datadog.appsec.report.AppSecEventWrapper',
+    'com.datadog.appsec.report.*',
     'com.datadog.appsec.config.AppSecConfigServiceImpl.SubscribeFleetServiceRunnable.1',
     'com.datadog.appsec.util.StandardizedLogging',
     'com.datadog.appsec.util.AbortStartupException',
     'com.datadog.appsec.config.AppSecConfig.AppSecConfigV1',
     'com.datadog.appsec.config.AppSecConfig.AppSecConfigV2',
+    'com.datadog.appsec.config.AppSecConfig.NumberJsonAdapter',
     'com.datadog.appsec.event.ReplaceableEventProducerService',
   ]
   excludedClassesBranchCoverage = [
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecModule.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecModule.java
index 7c5676800e4..6ac207979cb 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecModule.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecModule.java
@@ -2,8 +2,6 @@
 
 import com.datadog.appsec.config.AppSecModuleConfigurer;
 import com.datadog.appsec.event.DataListener;
-import com.datadog.appsec.event.EventListener;
-import com.datadog.appsec.event.EventType;
 import com.datadog.appsec.event.data.Address;
 import java.util.Collection;
 
@@ -14,25 +12,8 @@ public interface AppSecModule {
 
   String getInfo();
 
-  Collection<EventSubscription> getEventSubscriptions();
-
   Collection<DataSubscription> getDataSubscriptions();
 
-  abstract class EventSubscription implements EventListener {
-    public final EventType eventType;
-    private final Priority priority;
-
-    protected EventSubscription(EventType eventType, Priority priority) {
-      this.eventType = eventType;
-      this.priority = priority;
-    }
-
-    @Override
-    public Priority getPriority() {
-      return priority;
-    }
-  }
-
   abstract class DataSubscription implements DataListener {
     private final Collection<Address<?>> subscribedAddresses;
     private final Priority priority;
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java
index feb3cd548f9..1fd373a1e74 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/AppSecSystem.java
@@ -1,5 +1,6 @@
 package com.datadog.appsec;
 
+import com.datadog.appsec.api.security.ApiSecurityRequestSampler;
 import com.datadog.appsec.blocking.BlockingServiceImpl;
 import com.datadog.appsec.config.AppSecConfigService;
 import com.datadog.appsec.config.AppSecConfigServiceImpl;
@@ -7,6 +8,7 @@
 import com.datadog.appsec.event.ReplaceableEventProducerService;
 import com.datadog.appsec.gateway.GatewayBridge;
 import com.datadog.appsec.gateway.RateLimiter;
+import com.datadog.appsec.powerwaf.PowerWAFModule;
 import com.datadog.appsec.util.AbortStartupException;
 import com.datadog.appsec.util.StandardizedLogging;
 import datadog.appsec.api.blocking.Blocking;
@@ -23,8 +25,8 @@
 import datadog.trace.util.Strings;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
-import java.util.ServiceLoader;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;
@@ -75,11 +77,14 @@ private static void doStart(SubscriptionService gw, SharedCommunicationObjects s
     sco.createRemaining(config);
 
     RateLimiter rateLimiter = getRateLimiter(config, sco.monitoring);
+    ApiSecurityRequestSampler requestSampler = new ApiSecurityRequestSampler(config);
+
     GatewayBridge gatewayBridge =
         new GatewayBridge(
             gw,
             REPLACEABLE_EVENT_PRODUCER,
             rateLimiter,
+            requestSampler,
             APP_SEC_CONFIG_SERVICE.getTraceSegmentPostProcessors());
 
     loadModules(eventDispatcher);
@@ -136,13 +141,10 @@ public static void stop() {
   }
 
   private static void loadModules(EventDispatcher eventDispatcher) {
-    EventDispatcher.EventSubscriptionSet eventSubscriptionSet =
-        new EventDispatcher.EventSubscriptionSet();
     EventDispatcher.DataSubscriptionSet dataSubscriptionSet =
         new EventDispatcher.DataSubscriptionSet();
 
-    ServiceLoader<AppSecModule> modules =
-        ServiceLoader.load(AppSecModule.class, AppSecSystem.class.getClassLoader());
+    final List<AppSecModule> modules = Collections.singletonList(new PowerWAFModule());
     for (AppSecModule module : modules) {
       log.debug("Starting appsec module {}", module.getName());
       try {
@@ -155,10 +157,6 @@ private static void loadModules(EventDispatcher eventDispatcher) {
         continue;
       }
 
-      for (AppSecModule.EventSubscription sub : module.getEventSubscriptions()) {
-        eventSubscriptionSet.addSubscription(sub.eventType, sub);
-      }
-
       for (AppSecModule.DataSubscription sub : module.getDataSubscriptions()) {
         dataSubscriptionSet.addSubscription(sub.getSubscribedAddresses(), sub);
       }
@@ -166,29 +164,21 @@ private static void loadModules(EventDispatcher eventDispatcher) {
       STARTED_MODULES_INFO.put(module, module.getInfo());
     }
 
-    eventDispatcher.subscribeEvents(eventSubscriptionSet);
     eventDispatcher.subscribeDataAvailable(dataSubscriptionSet);
   }
 
   private static void reloadSubscriptions(
       ReplaceableEventProducerService replaceableEventProducerService) {
-    EventDispatcher.EventSubscriptionSet eventSubscriptionSet =
-        new EventDispatcher.EventSubscriptionSet();
     EventDispatcher.DataSubscriptionSet dataSubscriptionSet =
         new EventDispatcher.DataSubscriptionSet();
 
     EventDispatcher newEd = new EventDispatcher();
     for (AppSecModule module : STARTED_MODULES_INFO.keySet()) {
-      for (AppSecModule.EventSubscription sub : module.getEventSubscriptions()) {
-        eventSubscriptionSet.addSubscription(sub.eventType, sub);
-      }
-
       for (AppSecModule.DataSubscription sub : module.getDataSubscriptions()) {
         dataSubscriptionSet.addSubscription(sub.getSubscribedAddresses(), sub);
       }
     }
 
-    newEd.subscribeEvents(eventSubscriptionSet);
     newEd.subscribeDataAvailable(dataSubscriptionSet);
 
     replaceableEventProducerService.replaceEventProducerService(newEd);
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityRequestSampler.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityRequestSampler.java
new file mode 100644
index 00000000000..cb345e7f94c
--- /dev/null
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityRequestSampler.java
@@ -0,0 +1,37 @@
+package com.datadog.appsec.api.security;
+
+import datadog.trace.api.Config;
+import java.util.concurrent.atomic.AtomicLong;
+
+public class ApiSecurityRequestSampler {
+
+  private final int sampling;
+  private final AtomicLong cumulativeCounter = new AtomicLong();
+
+  public ApiSecurityRequestSampler(final Config config) {
+    sampling = computeSamplingParameter(config.getApiSecurityRequestSampleRate());
+  }
+
+  public boolean sampleRequest() {
+    long prevValue = cumulativeCounter.getAndAdd(sampling);
+    long newValue = prevValue + sampling;
+    if (newValue / 100 == prevValue / 100 + 1) {
+      // Sample request
+      return true;
+    }
+    // Skipped by sampling
+    return false;
+  }
+
+  static int computeSamplingParameter(final float pct) {
+    if (pct >= 1) {
+      return 100;
+    }
+    if (pct < 0) {
+      // We don't support disabling Api Security by setting it, so we set it to 100%.
+      // TODO: We probably want a warning here.
+      return 100;
+    }
+    return (int) (pct * 100);
+  }
+}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/blocking/BlockingServiceImpl.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/blocking/BlockingServiceImpl.java
index c64c0b95b5b..0a36358271f 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/blocking/BlockingServiceImpl.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/blocking/BlockingServiceImpl.java
@@ -84,7 +84,8 @@ public boolean tryCommitBlockingResponse(
 
     log.debug("About to call block response function: {}", blockResponseFunction);
     boolean res =
-        blockResponseFunction.tryCommitBlockingResponse(statusCode, templateType, extraHeaders);
+        blockResponseFunction.tryCommitBlockingResponse(
+            reqCtx.getTraceSegment(), statusCode, templateType, extraHeaders);
     if (res) {
       TraceSegment traceSegment = reqCtx.getTraceSegment();
       if (traceSegment != null) {
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfig.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfig.java
index dbacf30e715..1977fc12cc7 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfig.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfig.java
@@ -1,16 +1,19 @@
 package com.datadog.appsec.config;
 
 import com.squareup.moshi.JsonAdapter;
+import com.squareup.moshi.JsonReader;
+import com.squareup.moshi.JsonWriter;
 import com.squareup.moshi.Moshi;
 import java.io.IOException;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import javax.annotation.Nullable;
 
 public interface AppSecConfig {
 
-  Moshi MOSHI = new Moshi.Builder().build();
+  Moshi MOSHI = new Moshi.Builder().add(Double.class, new NumberJsonAdapter()).build();
   JsonAdapter<AppSecConfigV1> ADAPTER_V1 = MOSHI.adapter(AppSecConfigV1.class);
   JsonAdapter<AppSecConfigV2> ADAPTER_V2 = MOSHI.adapter(AppSecConfigV2.class);
 
@@ -121,4 +124,18 @@ public int hashCode() {
       return hash;
     }
   }
+
+  class NumberJsonAdapter extends JsonAdapter<Number> {
+
+    @Nullable
+    @Override
+    public Number fromJson(JsonReader reader) throws IOException {
+      return reader.nextInt();
+    }
+
+    @Override
+    public void toJson(JsonWriter writer, @Nullable Number value) throws IOException {
+      writer.value(value);
+    }
+  }
 }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java
index b305a1d75d4..ae58309bcd3 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java
@@ -8,6 +8,7 @@
 import static datadog.remoteconfig.tuf.RemoteConfigRequest.ClientInfo.CAPABILITY_ASM_EXCLUSIONS;
 import static datadog.remoteconfig.tuf.RemoteConfigRequest.ClientInfo.CAPABILITY_ASM_IP_BLOCKING;
 import static datadog.remoteconfig.tuf.RemoteConfigRequest.ClientInfo.CAPABILITY_ASM_REQUEST_BLOCKING;
+import static datadog.remoteconfig.tuf.RemoteConfigRequest.ClientInfo.CAPABILITY_ASM_TRUSTED_IPS;
 import static datadog.remoteconfig.tuf.RemoteConfigRequest.ClientInfo.CAPABILITY_ASM_USER_BLOCKING;
 
 import com.datadog.appsec.AppSecSystem;
@@ -93,7 +94,8 @@ private void subscribeConfigurationPoller() {
             | CAPABILITY_ASM_REQUEST_BLOCKING
             | CAPABILITY_ASM_USER_BLOCKING
             | CAPABILITY_ASM_CUSTOM_RULES
-            | CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE);
+            | CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE
+            | CAPABILITY_ASM_TRUSTED_IPS);
   }
 
   private void subscribeRulesAndData() {
@@ -184,7 +186,7 @@ private void distributeSubConfigurations(
       try {
         listener.onNewSubconfig(newConfig.get(key), reconfiguration);
       } catch (Exception rte) {
-        log.warn("Error updating configuration of app sec module listening on key " + key, rte);
+        log.warn("Error updating configuration of app sec module listening on key {}", key, rte);
       }
     }
   }
@@ -328,7 +330,8 @@ public void close() {
             | CAPABILITY_ASM_REQUEST_BLOCKING
             | CAPABILITY_ASM_USER_BLOCKING
             | CAPABILITY_ASM_CUSTOM_RULES
-            | CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE);
+            | CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE
+            | CAPABILITY_ASM_TRUSTED_IPS);
     this.configurationPoller.removeListener(Product.ASM_DD);
     this.configurationPoller.removeListener(Product.ASM_DATA);
     this.configurationPoller.removeListener(Product.ASM);
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CurrentAppSecConfig.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CurrentAppSecConfig.java
index 9cb3401b4f2..b661a876503 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CurrentAppSecConfig.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/CurrentAppSecConfig.java
@@ -17,7 +17,7 @@
 import org.slf4j.LoggerFactory;
 
 public class CurrentAppSecConfig {
-  private static Logger log = LoggerFactory.getLogger(CurrentAppSecConfig.class);
+  private static final Logger log = LoggerFactory.getLogger(CurrentAppSecConfig.class);
 
   private AppSecConfig ddConfig; // assume there's only one of these
   CollectedUserConfigs userConfigs = new CollectedUserConfigs();
@@ -84,6 +84,11 @@ public AppSecConfig getMergedUpdateConfig() throws IOException {
     if (dirtyStatus.rules) {
       mso.put("metadata", ddConfig.getRawConfig().getOrDefault("metadata", Collections.emptyMap()));
       mso.put("rules", ddConfig.getRawConfig().getOrDefault("rules", Collections.emptyList()));
+      mso.put(
+          "processors",
+          ddConfig.getRawConfig().getOrDefault("processors", Collections.emptyList()));
+      mso.put(
+          "scanners", ddConfig.getRawConfig().getOrDefault("scanners", Collections.emptyList()));
     }
     if (dirtyStatus.customRules) {
       mso.put("custom_rules", getMergedCustomRules());
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/TraceSegmentPostProcessor.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/TraceSegmentPostProcessor.java
index 43aff89458d..a6440c6d6ea 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/TraceSegmentPostProcessor.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/TraceSegmentPostProcessor.java
@@ -1,11 +1,11 @@
 package com.datadog.appsec.config;
 
 import com.datadog.appsec.gateway.AppSecRequestContext;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
+import com.datadog.appsec.report.AppSecEvent;
 import datadog.trace.api.internal.TraceSegment;
 import java.util.Collection;
 
 public interface TraceSegmentPostProcessor {
   void processTraceSegment(
-      TraceSegment segment, AppSecRequestContext ctx, Collection<AppSecEvent100> collectedEvents);
+      TraceSegment segment, AppSecRequestContext ctx, Collection<AppSecEvent> collectedEvents);
 }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventDispatcher.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventDispatcher.java
index a2c320c5cc3..6db67b01f43 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventDispatcher.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventDispatcher.java
@@ -1,7 +1,5 @@
 package com.datadog.appsec.event;
 
-import static com.datadog.appsec.event.EventType.NUM_EVENT_TYPES;
-
 import com.datadog.appsec.event.data.Address;
 import com.datadog.appsec.event.data.DataBundle;
 import com.datadog.appsec.event.data.KnownAddresses;
@@ -10,7 +8,6 @@
 import java.util.ArrayList;
 import java.util.BitSet;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -23,8 +20,6 @@ public class EventDispatcher implements EventProducerService {
   private static final Logger log = LoggerFactory.getLogger(EventDispatcher.class);
   private static final char[] EMPTY_CHAR_ARRAY = new char[0];
 
-  private List<List<EventListener>> eventListeners; // index: eventType.serial
-
   // indexes are the ids we successively attribute to listeners
   // we support up to 2^16 listeners in total
   // The listeners are ordered by priority (from highest to lowest)
@@ -36,12 +31,6 @@ public class EventDispatcher implements EventProducerService {
   public EventDispatcher() {
     KnownAddresses.HEADERS_NO_COOKIES.getKey(); // force class initialization
 
-    // empty subscriptions
-    eventListeners = new ArrayList<>(NUM_EVENT_TYPES);
-    for (int i = 0; i < NUM_EVENT_TYPES; i++) {
-      eventListeners.add(Collections.emptyList());
-    }
-
     final int addressCount = Address.instanceCount();
     dataListenerSubs = new ArrayList<>(addressCount);
     for (int i = 0; i < addressCount; i++) {
@@ -49,31 +38,6 @@ public EventDispatcher() {
     }
   }
 
-  public static class EventSubscriptionSet {
-    private final List<List<EventListener>> eventListeners; // index: eventType.serial
-
-    public EventSubscriptionSet() {
-      KnownAddresses.HEADERS_NO_COOKIES.getKey(); // force class initialization
-
-      eventListeners = new ArrayList<>(NUM_EVENT_TYPES);
-      for (int i = 0; i < NUM_EVENT_TYPES; i++) {
-        eventListeners.add(new ArrayList<>(2));
-      }
-    }
-
-    public void addSubscription(EventType event, EventListener listener) {
-      List<EventListener> eventListeners = this.eventListeners.get(event.ordinal());
-      eventListeners.add(listener);
-    }
-  }
-
-  public void subscribeEvents(EventSubscriptionSet subscriptionSet) {
-    for (List<EventListener> eventListener : subscriptionSet.eventListeners) {
-      eventListener.sort(OrderedCallback.CallbackPriorityComparator.INSTANCE);
-    }
-    this.eventListeners = subscriptionSet.eventListeners;
-  }
-
   public static class DataSubscriptionSet {
     private final Map<DataListener, Integer> indexes = new HashMap<>();
     // index: addr.serial
@@ -134,18 +98,6 @@ public void subscribeDataAvailable(DataSubscriptionSet subSet) {
     allSubscribedAddresses = subSet.allAddresses;
   }
 
-  @Override
-  public void publishEvent(AppSecRequestContext ctx, EventType event) {
-    List<EventListener> eventListeners = this.eventListeners.get(event.ordinal());
-    for (EventListener listener : eventListeners) {
-      try {
-        listener.onEvent(ctx, event);
-      } catch (RuntimeException rte) {
-        log.warn("AppSec callback exception", rte);
-      }
-    }
-  }
-
   @Override
   public DataSubscriberInfo getDataSubscribers(Address<?>... newAddresses) {
     if (newAddresses.length == 1) {
@@ -204,18 +156,6 @@ public Flow publishDataEvent(
     return flow;
   }
 
-  @Override
-  public Collection<EventType> allSubscribedEvents() {
-    EventType[] values = EventType.values();
-    List<EventType> res = new ArrayList<>(values.length);
-    for (int i = 0; i < values.length; i++) {
-      if (!eventListeners.get(i).isEmpty()) {
-        res.add(values[i]);
-      }
-    }
-    return res;
-  }
-
   @Override
   public Collection<Address<?>> allSubscribedDataAddresses() {
     return allSubscribedAddresses;
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventListener.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventListener.java
deleted file mode 100644
index d35634f3c25..00000000000
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventListener.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package com.datadog.appsec.event;
-
-import com.datadog.appsec.gateway.AppSecRequestContext;
-
-public interface EventListener extends OrderedCallback {
-  void onEvent(AppSecRequestContext ctx, EventType eventType);
-}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventProducerService.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventProducerService.java
index cc60ad74476..202c422ccee 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventProducerService.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventProducerService.java
@@ -7,13 +7,6 @@
 import java.util.Collection;
 
 public interface EventProducerService {
-  /**
-   * Runs the event callbacks for the given event type.
-   *
-   * <p>This method does not throw. If one of the callbacks throws, the exception is caught and the
-   * processing continues.
-   */
-  void publishEvent(AppSecRequestContext ctx, EventType event);
 
   /**
    * Determines the data callbacks for the given addresses. The return value can be cached if it's
@@ -49,7 +42,5 @@ interface DataSubscriberInfo {
     boolean isEmpty();
   }
 
-  Collection<EventType> allSubscribedEvents();
-
   Collection<Address<?>> allSubscribedDataAddresses();
 }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventType.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventType.java
deleted file mode 100644
index 8ae95380055..00000000000
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/EventType.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.datadog.appsec.event;
-
-public enum EventType {
-  REQUEST_START,
-  REQUEST_END,
-
-  // modules can subscribe to these two to implement heuristics
-  // dependent on whether the body is on the process of being read.
-  // After REQUEST_BODY_START, AppSecRequestContext::getStoredRequestBody() is avail
-  REQUEST_BODY_START,
-  REQUEST_BODY_END;
-
-  static int NUM_EVENT_TYPES = EventType.values().length;
-}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/ReplaceableEventProducerService.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/ReplaceableEventProducerService.java
index 99807f2dd45..1139dd52ad9 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/ReplaceableEventProducerService.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/ReplaceableEventProducerService.java
@@ -13,11 +13,6 @@ public void replaceEventProducerService(EventProducerService ed) {
     this.cur = ed;
   }
 
-  @Override
-  public void publishEvent(AppSecRequestContext ctx, EventType event) {
-    cur.publishEvent(ctx, event);
-  }
-
   @Override
   public DataSubscriberInfo getDataSubscribers(Address<?>... newAddresses) {
     return cur.getDataSubscribers(newAddresses);
@@ -33,11 +28,6 @@ public Flow<Void> publishDataEvent(
     return cur.publishDataEvent(subscribers, ctx, newData, isTransient);
   }
 
-  @Override
-  public Collection<EventType> allSubscribedEvents() {
-    return cur.allSubscribedEvents();
-  }
-
   @Override
   public Collection<Address<?>> allSubscribedDataAddresses() {
     return cur.allSubscribedDataAddresses();
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/KnownAddresses.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/KnownAddresses.java
index 6efee9d1046..85b74f00b94 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/KnownAddresses.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/KnownAddresses.java
@@ -45,6 +45,8 @@ public interface KnownAddresses {
   /** status code of HTTP response */
   Address<String> RESPONSE_STATUS = new Address<>("server.response.status");
 
+  Address<Object> RESPONSE_BODY_OBJECT = new Address<>("server.response.body");
+
   /** First chars of HTTP response body */
   Address<String> RESPONSE_BODY_RAW = new Address<>("server.response.body.raw");
 
@@ -98,6 +100,8 @@ public interface KnownAddresses {
 
   Address<String> USER_ID = new Address<>("usr.id");
 
+  Address<Map<String, Object>> WAF_CONTEXT_PROCESSOR = new Address<>("waf.context.processor");
+
   static Address<?> forName(String name) {
     switch (name) {
       case "server.request.body":
@@ -124,6 +128,8 @@ static Address<?> forName(String name) {
         return REQUEST_TRANSPORT;
       case "server.response.status":
         return RESPONSE_STATUS;
+      case "server.response.body":
+        return RESPONSE_BODY_OBJECT;
       case "server.response.body.raw":
         return RESPONSE_BODY_RAW;
       case "server.response.headers.no_cookies":
@@ -144,6 +150,8 @@ static Address<?> forName(String name) {
         return GRPC_SERVER_REQUEST_METADATA;
       case "usr.id":
         return USER_ID;
+      case "waf.context.processor":
+        return WAF_CONTEXT_PROCESSOR;
       default:
         return null;
     }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/MapDataBundle.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/MapDataBundle.java
index 4dc590b9dda..14797179eef 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/MapDataBundle.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/MapDataBundle.java
@@ -78,6 +78,10 @@ public Builder(int capacity) {
     }
 
     public <A extends Address<?>, V> Builder add(A address, V value) {
+      if (address == null || value == null) return this;
+      if (value instanceof Collection && ((Collection<?>) value).isEmpty()) return this;
+      if (value instanceof Map && ((Map<?, ?>) value).isEmpty()) return this;
+
       map.put(address, value);
       return this;
     }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java
index ce66c752b5b..728b5bad015 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java
@@ -3,9 +3,8 @@
 import com.datadog.appsec.event.data.Address;
 import com.datadog.appsec.event.data.DataBundle;
 import com.datadog.appsec.event.data.KnownAddresses;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
+import com.datadog.appsec.report.AppSecEvent;
 import com.datadog.appsec.util.StandardizedLogging;
-import datadog.trace.api.gateway.BlockResponseFunction;
 import datadog.trace.api.http.StoredBodySupplier;
 import datadog.trace.api.internal.TraceSegment;
 import io.sqreen.powerwaf.Additive;
@@ -51,7 +50,7 @@ public class AppSecRequestContext implements DataBundle, Closeable {
               "accept-language"));
 
   private final ConcurrentHashMap<Address<?>, Object> persistentData = new ConcurrentHashMap<>();
-  private Collection<AppSecEvent100> collectedEvents; // guarded by this
+  private Collection<AppSecEvent> collectedEvents; // guarded by this
 
   // assume these will always be written and read by the same thread
   private String scheme;
@@ -74,7 +73,7 @@ public class AppSecRequestContext implements DataBundle, Closeable {
   private boolean rawReqBodyPublished;
   private boolean convertedReqBodyPublished;
   private boolean respDataPublished;
-  private BlockResponseFunction blockResponseFunction;
+  private Map<String, String> apiSchemas;
 
   // should be guarded by this
   private Additive additive;
@@ -333,10 +332,6 @@ public void setRespDataPublished(boolean respDataPublished) {
     this.respDataPublished = respDataPublished;
   }
 
-  public void setBlockResponseFunction(BlockResponseFunction blockResponseFunction) {
-    this.blockResponseFunction = blockResponseFunction;
-  }
-
   @Override
   public void close() {
     synchronized (this) {
@@ -362,8 +357,8 @@ public CharSequence getStoredRequestBody() {
     return storedRequestBodySupplier.get();
   }
 
-  public void reportEvents(Collection<AppSecEvent100> events, TraceSegment traceSegment) {
-    for (AppSecEvent100 event : events) {
+  public void reportEvents(Collection<AppSecEvent> events) {
+    for (AppSecEvent event : events) {
       StandardizedLogging.attackDetected(log, event);
     }
     synchronized (this) {
@@ -378,8 +373,8 @@ public void reportEvents(Collection<AppSecEvent100> events, TraceSegment traceSe
     }
   }
 
-  Collection<AppSecEvent100> transferCollectedEvents() {
-    Collection<AppSecEvent100> events;
+  Collection<AppSecEvent> transferCollectedEvents() {
+    Collection<AppSecEvent> events;
     synchronized (this) {
       events = this.collectedEvents;
       this.collectedEvents = Collections.emptyList();
@@ -390,4 +385,22 @@ Collection<AppSecEvent100> transferCollectedEvents() {
       return Collections.emptyList();
     }
   }
+
+  public void reportApiSchemas(Map<String, String> schemas) {
+    if (schemas == null || schemas.isEmpty()) return;
+
+    if (apiSchemas == null) {
+      apiSchemas = schemas;
+    } else {
+      apiSchemas.putAll(schemas);
+    }
+  }
+
+  boolean commitApiSchemas(TraceSegment traceSegment) {
+    if (traceSegment == null || apiSchemas == null) {
+      return false;
+    }
+    apiSchemas.forEach(traceSegment::setTagTop);
+    return true;
+  }
 }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
index 86c212c82fd..e89927ebb44 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
@@ -3,10 +3,10 @@
 import static com.datadog.appsec.event.data.MapDataBundle.Builder.CAPACITY_6_10;
 
 import com.datadog.appsec.AppSecSystem;
+import com.datadog.appsec.api.security.ApiSecurityRequestSampler;
 import com.datadog.appsec.config.TraceSegmentPostProcessor;
 import com.datadog.appsec.event.EventProducerService;
 import com.datadog.appsec.event.EventProducerService.DataSubscriberInfo;
-import com.datadog.appsec.event.EventType;
 import com.datadog.appsec.event.ExpiredSubscriberInfoException;
 import com.datadog.appsec.event.data.Address;
 import com.datadog.appsec.event.data.DataBundle;
@@ -14,8 +14,9 @@
 import com.datadog.appsec.event.data.MapDataBundle;
 import com.datadog.appsec.event.data.ObjectIntrospection;
 import com.datadog.appsec.event.data.SingletonDataBundle;
+import com.datadog.appsec.report.AppSecEvent;
 import com.datadog.appsec.report.AppSecEventWrapper;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
+import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.function.TriConsumer;
 import datadog.trace.api.function.TriFunction;
@@ -61,6 +62,7 @@ public class GatewayBridge {
   private final SubscriptionService subscriptionService;
   private final EventProducerService producerService;
   private final RateLimiter rateLimiter;
+  private final ApiSecurityRequestSampler requestSampler;
   private final List<TraceSegmentPostProcessor> traceSegmentPostProcessors;
 
   // subscriber cache
@@ -75,10 +77,12 @@ public GatewayBridge(
       SubscriptionService subscriptionService,
       EventProducerService producerService,
       RateLimiter rateLimiter,
+      ApiSecurityRequestSampler requestSampler,
       List<TraceSegmentPostProcessor> traceSegmentPostProcessors) {
     this.subscriptionService = subscriptionService;
     this.producerService = producerService;
     this.rateLimiter = rateLimiter;
+    this.requestSampler = requestSampler;
     this.traceSegmentPostProcessors = traceSegmentPostProcessors;
   }
 
@@ -86,7 +90,7 @@ public void init() {
     Events<AppSecRequestContext> events = Events.get();
     Collection<datadog.trace.api.gateway.EventType<?>> additionalIGEvents =
         IGAppSecEventDependencies.additionalIGEventTypes(
-            producerService.allSubscribedEvents(), producerService.allSubscribedDataAddresses());
+            producerService.allSubscribedDataAddresses());
 
     subscriptionService.registerCallback(
         events.requestStarted(),
@@ -94,12 +98,7 @@ public void init() {
           if (!AppSecSystem.isActive()) {
             return RequestContextSupplier.EMPTY;
           }
-
-          RequestContextSupplier requestContextSupplier = new RequestContextSupplier();
-          AppSecRequestContext ctx = requestContextSupplier.getResult();
-          producerService.publishEvent(ctx, EventType.REQUEST_START);
-
-          return requestContextSupplier;
+          return new RequestContextSupplier();
         });
 
     subscriptionService.registerCallback(
@@ -110,7 +109,8 @@ public void init() {
             return NoopFlow.INSTANCE;
           }
 
-          producerService.publishEvent(ctx, EventType.REQUEST_END);
+          // WAF call
+          ctx.closeAdditive();
 
           TraceSegment traceSeg = ctx_.getTraceSegment();
 
@@ -119,7 +119,7 @@ public void init() {
             traceSeg.setTagTop("_dd.appsec.enabled", 1);
             traceSeg.setTagTop("_dd.runtime_family", "jvm");
 
-            Collection<AppSecEvent100> collectedEvents = ctx.transferCollectedEvents();
+            Collection<AppSecEvent> collectedEvents = ctx.transferCollectedEvents();
 
             for (TraceSegmentPostProcessor pp : this.traceSegmentPostProcessors) {
               pp.processTraceSegment(traceSeg, ctx, collectedEvents);
@@ -169,6 +169,11 @@ public void init() {
                     });
               }
             }
+
+            // If extracted any Api Schemas - commit them
+            if (!ctx.commitApiSchemas(traceSeg)) {
+              log.debug("Unable to commit, api security schemas and will be skipped");
+            }
           }
 
           ctx.close();
@@ -182,20 +187,17 @@ public void init() {
     subscriptionService.registerCallback(
         EVENTS.requestMethodUriRaw(), new MethodAndRawURICallback());
 
-    if (additionalIGEvents.contains(EVENTS.requestBodyStart())) {
-      subscriptionService.registerCallback(
-          EVENTS.requestBodyStart(),
-          (RequestContext ctx_, StoredBodySupplier supplier) -> {
-            AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
-            if (ctx == null) {
-              return null;
-            }
-
-            ctx.setStoredRequestBodySupplier(supplier);
-            producerService.publishEvent(ctx, EventType.REQUEST_BODY_START);
+    subscriptionService.registerCallback(
+        EVENTS.requestBodyStart(),
+        (RequestContext ctx_, StoredBodySupplier supplier) -> {
+          AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
+          if (ctx == null) {
             return null;
-          });
-    }
+          }
+
+          ctx.setStoredRequestBodySupplier(supplier);
+          return null;
+        });
 
     if (additionalIGEvents.contains(EVENTS.requestPathParams())) {
       subscriptionService.registerCallback(
@@ -223,8 +225,7 @@ public void init() {
               DataBundle bundle =
                   new SingletonDataBundle<>(KnownAddresses.REQUEST_PATH_PARAMS, data);
               try {
-                Flow<Void> flow = producerService.publishDataEvent(subInfo, ctx, bundle, false);
-                return flow;
+                return producerService.publishDataEvent(subInfo, ctx, bundle, false);
               } catch (ExpiredSubscriberInfoException e) {
                 pathParamsSubInfo = null;
               }
@@ -232,42 +233,38 @@ public void init() {
           });
     }
 
-    if (additionalIGEvents.contains(EVENTS.requestBodyDone())) {
-      subscriptionService.registerCallback(
-          EVENTS.requestBodyDone(),
-          (RequestContext ctx_, StoredBodySupplier supplier) -> {
-            AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
-            if (ctx == null || ctx.isRawReqBodyPublished()) {
+    subscriptionService.registerCallback(
+        EVENTS.requestBodyDone(),
+        (RequestContext ctx_, StoredBodySupplier supplier) -> {
+          AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
+          if (ctx == null || ctx.isRawReqBodyPublished()) {
+            return NoopFlow.INSTANCE;
+          }
+          ctx.setRawReqBodyPublished(true);
+
+          while (true) {
+            DataSubscriberInfo subInfo = rawRequestBodySubInfo;
+            if (subInfo == null) {
+              subInfo = producerService.getDataSubscribers(KnownAddresses.REQUEST_BODY_RAW);
+              rawRequestBodySubInfo = subInfo;
+            }
+            if (subInfo == null || subInfo.isEmpty()) {
               return NoopFlow.INSTANCE;
             }
-            ctx.setRawReqBodyPublished(true);
-
-            producerService.publishEvent(ctx, EventType.REQUEST_BODY_END);
 
-            while (true) {
-              DataSubscriberInfo subInfo = rawRequestBodySubInfo;
-              if (subInfo == null) {
-                subInfo = producerService.getDataSubscribers(KnownAddresses.REQUEST_BODY_RAW);
-                rawRequestBodySubInfo = subInfo;
-              }
-              if (subInfo == null || subInfo.isEmpty()) {
-                return NoopFlow.INSTANCE;
-              }
-
-              CharSequence bodyContent = supplier.get();
-              if (bodyContent == null || bodyContent.length() == 0) {
-                return NoopFlow.INSTANCE;
-              }
-              DataBundle bundle =
-                  new SingletonDataBundle<>(KnownAddresses.REQUEST_BODY_RAW, bodyContent);
-              try {
-                return producerService.publishDataEvent(subInfo, ctx, bundle, false);
-              } catch (ExpiredSubscriberInfoException e) {
-                rawRequestBodySubInfo = null;
-              }
+            CharSequence bodyContent = supplier.get();
+            if (bodyContent == null || bodyContent.length() == 0) {
+              return NoopFlow.INSTANCE;
             }
-          });
-    }
+            DataBundle bundle =
+                new SingletonDataBundle<>(KnownAddresses.REQUEST_BODY_RAW, bodyContent);
+            try {
+              return producerService.publishDataEvent(subInfo, ctx, bundle, false);
+            } catch (ExpiredSubscriberInfoException e) {
+              rawRequestBodySubInfo = null;
+            }
+          }
+        });
 
     if (additionalIGEvents.contains(EVENTS.requestBodyProcessed())) {
       subscriptionService.registerCallback(
@@ -380,8 +377,7 @@ public void init() {
             DataBundle bundle =
                 new SingletonDataBundle<>(KnownAddresses.GRPC_SERVER_REQUEST_MESSAGE, convObj);
             try {
-              return producerService.publishDataEvent(
-                  grpcServerRequestMsgSubInfo, ctx, bundle, true);
+              return producerService.publishDataEvent(subInfo, ctx, bundle, true);
             } catch (ExpiredSubscriberInfoException e) {
               grpcServerRequestMsgSubInfo = null;
             }
@@ -519,8 +515,9 @@ private Flow<Void> maybePublishRequestData(AppSecRequestContext ctx) {
             .build();
 
     while (true) {
-      if (initialReqDataSubInfo == null) {
-        initialReqDataSubInfo =
+      DataSubscriberInfo subInfo = this.initialReqDataSubInfo;
+      if (subInfo == null) {
+        subInfo =
             producerService.getDataSubscribers(
                 KnownAddresses.HEADERS_NO_COOKIES,
                 KnownAddresses.REQUEST_COOKIES,
@@ -531,12 +528,13 @@ private Flow<Void> maybePublishRequestData(AppSecRequestContext ctx) {
                 KnownAddresses.REQUEST_CLIENT_IP,
                 KnownAddresses.REQUEST_CLIENT_PORT,
                 KnownAddresses.REQUEST_INFERRED_CLIENT_IP);
+        initialReqDataSubInfo = subInfo;
       }
 
       try {
-        return producerService.publishDataEvent(initialReqDataSubInfo, ctx, bundle, false);
+        return producerService.publishDataEvent(subInfo, ctx, bundle, false);
       } catch (ExpiredSubscriberInfoException e) {
-        initialReqDataSubInfo = null;
+        this.initialReqDataSubInfo = null;
       }
     }
   }
@@ -551,20 +549,30 @@ private Flow<Void> maybePublishResponseData(AppSecRequestContext ctx) {
 
     ctx.setRespDataPublished(true);
 
+    boolean extractSchema = false;
+    if (Config.get().isApiSecurityEnabled() && requestSampler != null) {
+      extractSchema = requestSampler.sampleRequest();
+    }
+
     MapDataBundle bundle =
         MapDataBundle.of(
             KnownAddresses.RESPONSE_STATUS, String.valueOf(ctx.getResponseStatus()),
-            KnownAddresses.RESPONSE_HEADERS_NO_COOKIES, ctx.getResponseHeaders());
+            KnownAddresses.RESPONSE_HEADERS_NO_COOKIES, ctx.getResponseHeaders(),
+            // Extract api schema on response stage
+            KnownAddresses.WAF_CONTEXT_PROCESSOR,
+                Collections.singletonMap("extract-schema", extractSchema));
 
     while (true) {
-      if (respDataSubInfo == null) {
-        respDataSubInfo =
+      DataSubscriberInfo subInfo = respDataSubInfo;
+      if (subInfo == null) {
+        subInfo =
             producerService.getDataSubscribers(
                 KnownAddresses.RESPONSE_STATUS, KnownAddresses.RESPONSE_HEADERS_NO_COOKIES);
+        respDataSubInfo = subInfo;
       }
 
       try {
-        return producerService.publishDataEvent(respDataSubInfo, ctx, bundle, false);
+        return producerService.publishDataEvent(subInfo, ctx, bundle, false);
       } catch (ExpiredSubscriberInfoException e) {
         respDataSubInfo = null;
       }
@@ -637,16 +645,11 @@ private static int byteToDigit(byte b) {
   }
 
   private static class IGAppSecEventDependencies {
-    private static final Map<EventType, Collection<datadog.trace.api.gateway.EventType<?>>>
-        EVENT_DEPENDENCIES = new HashMap<>(3); // ceil(2 / .75)
 
     private static final Map<Address<?>, Collection<datadog.trace.api.gateway.EventType<?>>>
         DATA_DEPENDENCIES = new HashMap<>(4);
 
     static {
-      EVENT_DEPENDENCIES.put(EventType.REQUEST_BODY_START, l(EVENTS.requestBodyStart()));
-      EVENT_DEPENDENCIES.put(EventType.REQUEST_BODY_END, l(EVENTS.requestBodyDone()));
-
       DATA_DEPENDENCIES.put(
           KnownAddresses.REQUEST_BODY_RAW, l(EVENTS.requestBodyStart(), EVENTS.requestBodyDone()));
       DATA_DEPENDENCIES.put(KnownAddresses.REQUEST_PATH_PARAMS, l(EVENTS.requestPathParams()));
@@ -659,14 +662,8 @@ private static Collection<datadog.trace.api.gateway.EventType<?>> l(
     }
 
     static Collection<datadog.trace.api.gateway.EventType<?>> additionalIGEventTypes(
-        Collection<EventType> eventTypes, Collection<Address<?>> addresses) {
+        Collection<Address<?>> addresses) {
       Set<datadog.trace.api.gateway.EventType<?>> res = new HashSet<>();
-      for (EventType eventType : eventTypes) {
-        Collection<datadog.trace.api.gateway.EventType<?>> c = EVENT_DEPENDENCIES.get(eventType);
-        if (c != null) {
-          res.addAll(c);
-        }
-      }
       for (Address<?> address : addresses) {
         Collection<datadog.trace.api.gateway.EventType<?>> c = DATA_DEPENDENCIES.get(address);
         if (c != null) {
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFInitializationResultReporter.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFInitializationResultReporter.java
index f279f13a985..74d973d7134 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFInitializationResultReporter.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFInitializationResultReporter.java
@@ -2,7 +2,7 @@
 
 import com.datadog.appsec.config.TraceSegmentPostProcessor;
 import com.datadog.appsec.gateway.AppSecRequestContext;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
+import com.datadog.appsec.report.AppSecEvent;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Moshi;
 import com.squareup.moshi.Types;
@@ -35,7 +35,7 @@ public void setReportForPublication(RuleSetInfo report) {
 
   @Override
   public void processTraceSegment(
-      TraceSegment segment, AppSecRequestContext ctx, Collection<AppSecEvent100> collectedEvents) {
+      TraceSegment segment, AppSecRequestContext ctx, Collection<AppSecEvent> collectedEvents) {
     RuleSetInfo report = pendingReportRef.get();
     if (report == null) {
       return;
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java
index a2777e6bad1..d71e112877c 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java
@@ -9,18 +9,15 @@
 import com.datadog.appsec.config.AppSecModuleConfigurer;
 import com.datadog.appsec.config.CurrentAppSecConfig;
 import com.datadog.appsec.event.ChangeableFlow;
-import com.datadog.appsec.event.EventType;
 import com.datadog.appsec.event.data.Address;
 import com.datadog.appsec.event.data.DataBundle;
 import com.datadog.appsec.event.data.KnownAddresses;
 import com.datadog.appsec.gateway.AppSecRequestContext;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
-import com.datadog.appsec.report.raw.events.Parameter;
-import com.datadog.appsec.report.raw.events.Rule;
-import com.datadog.appsec.report.raw.events.RuleMatch;
-import com.datadog.appsec.report.raw.events.Tags;
+import com.datadog.appsec.report.AppSecEvent;
+import com.datadog.appsec.report.Parameter;
+import com.datadog.appsec.report.Rule;
+import com.datadog.appsec.report.RuleMatch;
 import com.datadog.appsec.util.StandardizedLogging;
-import com.google.auto.service.AutoService;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Moshi;
 import com.squareup.moshi.Types;
@@ -37,6 +34,7 @@
 import io.sqreen.powerwaf.RuleSetInfo;
 import io.sqreen.powerwaf.exception.AbstractPowerwafException;
 import io.sqreen.powerwaf.exception.InvalidRuleSetException;
+import io.sqreen.powerwaf.exception.TimeoutPowerwafException;
 import java.io.IOException;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationHandler;
@@ -64,7 +62,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-@AutoService(AppSecModule.class)
 public class PowerWAFModule implements AppSecModule {
   private static final Logger log = LoggerFactory.getLogger(PowerWAFModule.class);
 
@@ -75,7 +72,6 @@ public class PowerWAFModule implements AppSecModule {
   private static final Class<?> PROXY_CLASS =
       Proxy.getProxyClass(PowerWAFModule.class.getClassLoader(), Set.class);
   private static final Constructor<?> PROXY_CLASS_CONSTRUCTOR;
-  private static final Set<EventType> EVENTS_OF_INTEREST;
 
   private static final JsonAdapter<List<PowerWAFResultData>> RES_JSON_ADAPTER;
 
@@ -117,10 +113,6 @@ CtxAndAddresses withNewActions(Map<String, ActionInfo> actionInfoMap) {
       throw new UndeclaredThrowableException(e);
     }
 
-    EVENTS_OF_INTEREST = new HashSet<>();
-    EVENTS_OF_INTEREST.add(EventType.REQUEST_START);
-    EVENTS_OF_INTEREST.add(EventType.REQUEST_END);
-
     Moshi moshi = new Moshi.Builder().build();
     RES_JSON_ADAPTER =
         moshi.adapter(Types.newParameterizedType(List.class, PowerWAFResultData.class));
@@ -245,7 +237,7 @@ private void initializeNewWafCtx(
       initReport = newPwafCtx.getRuleSetInfo();
       Collection<Address<?>> addresses = getUsedAddresses(newPwafCtx);
 
-      // Update current rules' version if need
+      // Update current rules' version if you need
       if (initReport != null && initReport.rulesetVersion != null) {
         currentRulesVersion = initReport.rulesetVersion;
       }
@@ -256,12 +248,18 @@ private void initializeNewWafCtx(
         WafMetricCollector.get().wafUpdates(currentRulesVersion);
       }
 
-      log.info(
-          "Created {} WAF context with rules ({} OK, {} BAD), version {}",
-          prevContextAndAddresses == null ? "new" : "updated",
-          initReport.getNumRulesOK(),
-          initReport.getNumRulesError(),
-          initReport.rulesetVersion);
+      if (initReport != null) {
+        log.info(
+            "Created {} WAF context with rules ({} OK, {} BAD), version {}",
+            prevContextAndAddresses == null ? "new" : "updated",
+            initReport.getNumRulesOK(),
+            initReport.getNumRulesError(),
+            initReport.rulesetVersion);
+      } else {
+        log.warn(
+            "Created {} WAF context without rules",
+            prevContextAndAddresses == null ? "new" : "updated");
+      }
 
       Map<String, ActionInfo> actionInfoMap =
           calculateEffectiveActions(prevContextAndAddresses, ruleConfig);
@@ -356,24 +354,6 @@ public String getInfo() {
     return "powerwaf(libddwaf: " + Powerwaf.LIB_VERSION + ") loaded";
   }
 
-  @Override
-  public Collection<EventSubscription> getEventSubscriptions() {
-    return singletonList(new PowerWAFEventsCallback());
-  }
-
-  private static class PowerWAFEventsCallback extends EventSubscription {
-    public PowerWAFEventsCallback() {
-      super(EventType.REQUEST_END, Priority.DEFAULT);
-    }
-
-    @Override
-    public void onEvent(AppSecRequestContext reqCtx, EventType eventType) {
-      if (eventType == EventType.REQUEST_END) {
-        reqCtx.closeAdditive();
-      }
-    }
-  }
-
   @Override
   public Collection<DataSubscription> getDataSubscriptions() {
     if (this.ctxAndAddresses.get() == null) {
@@ -384,7 +364,7 @@ public Collection<DataSubscription> getDataSubscriptions() {
 
   private static Collection<Address<?>> getUsedAddresses(PowerwafContext ctx) {
     String[] usedAddresses = ctx.getUsedAddresses();
-    List<Address<?>> addressList = new ArrayList<>(usedAddresses.length);
+    Set<Address<?>> addressList = new HashSet<>(usedAddresses.length);
     for (String addrKey : usedAddresses) {
       Address<?> address = KnownAddresses.forName(addrKey);
       if (address != null) {
@@ -393,6 +373,17 @@ private static Collection<Address<?>> getUsedAddresses(PowerwafContext ctx) {
         log.warn("WAF has rule against unknown address {}", addrKey);
       }
     }
+
+    // TODO: get addresses dynamically when will it be implemented in waf
+    addressList.add(KnownAddresses.WAF_CONTEXT_PROCESSOR);
+    addressList.add(KnownAddresses.HEADERS_NO_COOKIES);
+    addressList.add(KnownAddresses.REQUEST_QUERY);
+    addressList.add(KnownAddresses.REQUEST_PATH_PARAMS);
+    addressList.add(KnownAddresses.REQUEST_COOKIES);
+    addressList.add(KnownAddresses.REQUEST_BODY_RAW);
+    addressList.add(KnownAddresses.RESPONSE_HEADERS_NO_COOKIES);
+    addressList.add(KnownAddresses.RESPONSE_BODY_OBJECT);
+
     return addressList;
   }
 
@@ -410,23 +401,26 @@ public void onDataAvailable(
         log.debug("Skipped; the WAF is not configured");
         return;
       }
-      try {
-        StandardizedLogging.executingWAF(log);
-        long start = 0L;
-        if (log.isDebugEnabled()) {
-          start = System.currentTimeMillis();
-        }
 
-        resultWithData = doRunPowerwaf(reqCtx, newData, ctxAndAddr, isTransient);
+      StandardizedLogging.executingWAF(log);
+      long start = 0L;
+      if (log.isDebugEnabled()) {
+        start = System.currentTimeMillis();
+      }
 
+      try {
+        resultWithData = doRunPowerwaf(reqCtx, newData, ctxAndAddr, isTransient);
+      } catch (TimeoutPowerwafException tpe) {
+        log.debug("Timeout calling the WAF", tpe);
+        return;
+      } catch (AbstractPowerwafException e) {
+        log.error("Error calling WAF", e);
+        return;
+      } finally {
         if (log.isDebugEnabled()) {
           long elapsed = System.currentTimeMillis() - start;
           StandardizedLogging.finishedExecutionWAF(log, elapsed);
         }
-
-      } catch (AbstractPowerwafException e) {
-        log.error("Error calling WAF", e);
-        return;
       }
 
       StandardizedLogging.inAppWafReturn(log, resultWithData);
@@ -436,29 +430,27 @@ public void onDataAvailable(
           log.warn("WAF signalled result {}: {}", resultWithData.result, resultWithData.data);
         }
 
-        if (resultWithData.actions.length > 0) {
-          for (String action : resultWithData.actions) {
-            ActionInfo actionInfo = ctxAndAddr.actionInfoMap.get(action);
-            if (actionInfo == null) {
-              log.warn(
-                  "WAF indicated action {}, but such action id is unknown (not one from {})",
-                  action,
-                  ctxAndAddr.actionInfoMap.keySet());
-            } else if ("block_request".equals(actionInfo.type)) {
-              Flow.Action.RequestBlockingAction rba = createBlockRequestAction(actionInfo);
-              flow.setAction(rba);
-              break;
-            } else if ("redirect_request".equals(actionInfo.type)) {
-              Flow.Action.RequestBlockingAction rba = createRedirectRequestAction(actionInfo);
-              flow.setAction(rba);
-              break;
-            } else {
-              log.info("Ignoring action with type {}", actionInfo.type);
-            }
+        for (String action : resultWithData.actions) {
+          ActionInfo actionInfo = ctxAndAddr.actionInfoMap.get(action);
+          if (actionInfo == null) {
+            log.warn(
+                "WAF indicated action {}, but such action id is unknown (not one from {})",
+                action,
+                ctxAndAddr.actionInfoMap.keySet());
+          } else if ("block_request".equals(actionInfo.type)) {
+            Flow.Action.RequestBlockingAction rba = createBlockRequestAction(actionInfo);
+            flow.setAction(rba);
+            break;
+          } else if ("redirect_request".equals(actionInfo.type)) {
+            Flow.Action.RequestBlockingAction rba = createRedirectRequestAction(actionInfo);
+            flow.setAction(rba);
+            break;
+          } else {
+            log.info("Ignoring action with type {}", actionInfo.type);
           }
         }
-        Collection<AppSecEvent100> events = buildEvents(resultWithData);
-        reqCtx.reportEvents(events, null);
+        Collection<AppSecEvent> events = buildEvents(resultWithData);
+        reqCtx.reportEvents(events);
 
         if (flow.isBlocking()) {
           WafMetricCollector.get().wafRequestBlocked();
@@ -469,6 +461,10 @@ public void onDataAvailable(
       } else {
         WafMetricCollector.get().wafRequest();
       }
+
+      if (resultWithData != null && resultWithData.schemas != null) {
+        reqCtx.reportApiSchemas(resultWithData.schemas);
+      }
     }
 
     private Flow.Action.RequestBlockingAction createBlockRequestAction(ActionInfo actionInfo) {
@@ -540,7 +536,7 @@ private Powerwaf.ResultWithData runPowerwafTransient(
         new DataBundleMapWrapper(ctxAndAddr.addressesOfInterest, bundle), LIMITS, metrics);
   }
 
-  private Collection<AppSecEvent100> buildEvents(Powerwaf.ResultWithData actionWithData) {
+  private Collection<AppSecEvent> buildEvents(Powerwaf.ResultWithData actionWithData) {
     Collection<PowerWAFResultData> listResults;
     try {
       listResults = RES_JSON_ADAPTER.fromJson(actionWithData.data);
@@ -557,7 +553,7 @@ private Collection<AppSecEvent100> buildEvents(Powerwaf.ResultWithData actionWit
     return emptyList();
   }
 
-  private AppSecEvent100 buildEvent(PowerWAFResultData wafResult) {
+  private AppSecEvent buildEvent(PowerWAFResultData wafResult) {
 
     if (wafResult == null || wafResult.rule == null || wafResult.rule_matches == null) {
       log.warn("WAF result is empty: {}", wafResult);
@@ -571,7 +567,7 @@ private AppSecEvent100 buildEvent(PowerWAFResultData wafResult) {
 
       for (PowerWAFResultData.Parameter parameter : rule_match.parameters) {
         parameterList.add(
-            new Parameter.ParameterBuilder()
+            new Parameter.Builder()
                 .withAddress(parameter.address)
                 .withKeyPath(parameter.key_path)
                 .withValue(parameter.value)
@@ -580,7 +576,7 @@ private AppSecEvent100 buildEvent(PowerWAFResultData wafResult) {
       }
 
       RuleMatch ruleMatch =
-          new RuleMatch.RuleMatchBuilder()
+          new RuleMatch.Builder()
               .withOperator(rule_match.operator)
               .withOperatorValue(rule_match.operator_value)
               .withParameters(parameterList)
@@ -589,16 +585,12 @@ private AppSecEvent100 buildEvent(PowerWAFResultData wafResult) {
       ruleMatchList.add(ruleMatch);
     }
 
-    return new AppSecEvent100.AppSecEvent100Builder()
+    return new AppSecEvent.Builder()
         .withRule(
-            new Rule.RuleBuilder()
+            new Rule.Builder()
                 .withId(wafResult.rule.id)
                 .withName(wafResult.rule.name)
-                .withTags(
-                    new Tags.TagsBuilder()
-                        .withType(wafResult.rule.tags.get("type"))
-                        .withCategory(wafResult.rule.tags.get("category"))
-                        .build())
+                .withTags(wafResult.rule.tags)
                 .build())
         .withRuleMatches(ruleMatchList)
         .build();
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFStatsReporter.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFStatsReporter.java
index d1dabcb7c3e..49e5bf41b97 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFStatsReporter.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFStatsReporter.java
@@ -2,7 +2,7 @@
 
 import com.datadog.appsec.config.TraceSegmentPostProcessor;
 import com.datadog.appsec.gateway.AppSecRequestContext;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
+import com.datadog.appsec.report.AppSecEvent;
 import datadog.trace.api.internal.TraceSegment;
 import io.sqreen.powerwaf.PowerwafMetrics;
 import java.util.Collection;
@@ -18,7 +18,7 @@ public class PowerWAFStatsReporter implements TraceSegmentPostProcessor {
 
   @Override
   public void processTraceSegment(
-      TraceSegment segment, AppSecRequestContext ctx, Collection<AppSecEvent100> collectedEvents) {
+      TraceSegment segment, AppSecRequestContext ctx, Collection<AppSecEvent> collectedEvents) {
     PowerwafMetrics metrics = ctx.getWafMetrics();
     if (metrics != null) {
       segment.setTagTop(TOTAL_DURATION_US_TAG, metrics.getTotalRunTimeNs() / 1000L);
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEvent.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEvent.java
new file mode 100644
index 00000000000..7381f621994
--- /dev/null
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEvent.java
@@ -0,0 +1,96 @@
+package com.datadog.appsec.report;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class AppSecEvent {
+
+  @com.squareup.moshi.Json(name = "rule")
+  private Rule rule;
+
+  @com.squareup.moshi.Json(name = "rule_matches")
+  private List<RuleMatch> ruleMatches = new ArrayList<>();
+
+  public Rule getRule() {
+    return rule;
+  }
+
+  public void setRule(Rule rule) {
+    this.rule = rule;
+  }
+
+  public List<RuleMatch> getRuleMatches() {
+    return ruleMatches;
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder();
+    sb.append(AppSecEvent.class.getName())
+        .append('@')
+        .append(Integer.toHexString(System.identityHashCode(this)))
+        .append('[');
+    sb.append("rule");
+    sb.append('=');
+    sb.append(((this.rule == null) ? "<null>" : this.rule));
+    sb.append(',');
+    sb.append("ruleMatches");
+    sb.append('=');
+    sb.append(((this.ruleMatches == null) ? "<null>" : this.ruleMatches));
+    sb.append(',');
+    if (sb.charAt((sb.length() - 1)) == ',') {
+      sb.setCharAt((sb.length() - 1), ']');
+    } else {
+      sb.append(']');
+    }
+    return sb.toString();
+  }
+
+  @Override
+  public int hashCode() {
+    int result = 1;
+    result = ((result * 31) + ((this.rule == null) ? 0 : this.rule.hashCode()));
+    result = ((result * 31) + ((this.ruleMatches == null) ? 0 : this.ruleMatches.hashCode()));
+    return result;
+  }
+
+  @Override
+  public boolean equals(Object other) {
+    if (other == this) {
+      return true;
+    }
+    if (!(other instanceof AppSecEvent)) {
+      return false;
+    }
+    AppSecEvent rhs = ((AppSecEvent) other);
+    return (((this.rule == rhs.rule) || ((this.rule != null) && this.rule.equals(rhs.rule)))
+        && ((this.ruleMatches == rhs.ruleMatches)
+            || ((this.ruleMatches != null) && this.ruleMatches.equals(rhs.ruleMatches))));
+  }
+
+  public static class Builder {
+
+    protected AppSecEvent instance;
+
+    public Builder() {
+      this.instance = new AppSecEvent();
+    }
+
+    public AppSecEvent build() {
+      AppSecEvent result;
+      result = this.instance;
+      this.instance = null;
+      return result;
+    }
+
+    public Builder withRule(Rule rule) {
+      this.instance.rule = rule;
+      return this;
+    }
+
+    public Builder withRuleMatches(List<RuleMatch> ruleMatches) {
+      this.instance.ruleMatches = ruleMatches;
+      return this;
+    }
+  }
+}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEventWrapper.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEventWrapper.java
index 0157086756d..dcbff552463 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEventWrapper.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/AppSecEventWrapper.java
@@ -1,6 +1,5 @@
 package com.datadog.appsec.report;
 
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Moshi;
 import java.util.Collection;
@@ -11,14 +10,14 @@ public class AppSecEventWrapper {
   private static final JsonAdapter<AppSecEventWrapper> ADAPTER =
       new Moshi.Builder().build().adapter(AppSecEventWrapper.class);
 
-  private Collection<AppSecEvent100> triggers;
+  private final Collection<AppSecEvent> triggers;
   private String json;
 
-  public AppSecEventWrapper(Collection<AppSecEvent100> events) {
+  public AppSecEventWrapper(Collection<AppSecEvent> events) {
     this.triggers = events;
   }
 
-  public Collection<AppSecEvent100> getTriggers() {
+  public Collection<AppSecEvent> getTriggers() {
     return triggers;
   }
 
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/Parameter.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/Parameter.java
new file mode 100644
index 00000000000..44fbcb8326e
--- /dev/null
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/Parameter.java
@@ -0,0 +1,158 @@
+package com.datadog.appsec.report;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+public class Parameter {
+
+  /**
+   * The address containing the value that triggered the rule. For example ``http.server.query``.
+   * (Required)
+   */
+  @com.squareup.moshi.Json(name = "address")
+  private String address;
+
+  /**
+   * The path of the value that triggered the rule. For example ``["query", 0]`` to refer to the
+   * value in ``{"query": ["triggering value"]}``. (Required)
+   */
+  @com.squareup.moshi.Json(name = "key_path")
+  private List<Object> keyPath = new ArrayList<>();
+
+  /** The value that triggered the rule. (Required) */
+  @com.squareup.moshi.Json(name = "value")
+  private String value;
+
+  /** The part of the value that triggered the rule. (Required) */
+  @com.squareup.moshi.Json(name = "highlight")
+  private List<String> highlight = new ArrayList<>();
+
+  /**
+   * The address containing the value that triggered the rule. For example ``http.server.query``.
+   * (Required)
+   */
+  public String getAddress() {
+    return address;
+  }
+
+  /**
+   * The address containing the value that triggered the rule. For example ``http.server.query``.
+   * (Required)
+   */
+  public void setAddress(String address) {
+    this.address = address;
+  }
+
+  /**
+   * The path of the value that triggered the rule. For example ``["query", 0]`` to refer to the
+   * value in ``{"query": ["triggering value"]}``. (Required)
+   */
+  public List<Object> getKeyPath() {
+    return keyPath;
+  }
+
+  /** The value that triggered the rule. (Required) */
+  public String getValue() {
+    return value;
+  }
+
+  /** The part of the value that triggered the rule. (Required) */
+  public List<String> getHighlight() {
+    return highlight;
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder();
+    sb.append(Parameter.class.getName())
+        .append('@')
+        .append(Integer.toHexString(System.identityHashCode(this)))
+        .append('[');
+    sb.append("address");
+    sb.append('=');
+    sb.append(((this.address == null) ? "<null>" : this.address));
+    sb.append(',');
+    sb.append("keyPath");
+    sb.append('=');
+    sb.append(((this.keyPath == null) ? "<null>" : this.keyPath));
+    sb.append(',');
+    sb.append("value");
+    sb.append('=');
+    sb.append(((this.value == null) ? "<null>" : this.value));
+    sb.append(',');
+    sb.append("highlight");
+    sb.append('=');
+    sb.append(((this.highlight == null) ? "<null>" : this.highlight));
+    sb.append(',');
+    if (sb.charAt((sb.length() - 1)) == ',') {
+      sb.setCharAt((sb.length() - 1), ']');
+    } else {
+      sb.append(']');
+    }
+    return sb.toString();
+  }
+
+  @Override
+  public int hashCode() {
+    int result = 1;
+    result = ((result * 31) + ((this.highlight == null) ? 0 : this.highlight.hashCode()));
+    result = ((result * 31) + ((this.address == null) ? 0 : this.address.hashCode()));
+    result = ((result * 31) + ((this.value == null) ? 0 : this.value.hashCode()));
+    result = ((result * 31) + ((this.keyPath == null) ? 0 : this.keyPath.hashCode()));
+    return result;
+  }
+
+  @Override
+  public boolean equals(Object other) {
+    if (other == this) {
+      return true;
+    }
+    if (!(other instanceof Parameter)) {
+      return false;
+    }
+
+    Parameter rhs = ((Parameter) other);
+    return (Objects.equals(this.highlight, rhs.highlight)
+            || this.highlight != null && this.highlight.equals(rhs.highlight))
+        && Objects.equals(this.address, rhs.address)
+        && Objects.equals(this.value, rhs.value)
+        && Objects.equals(this.keyPath, rhs.keyPath);
+  }
+
+  public static class Builder {
+
+    protected Parameter instance;
+
+    public Builder() {
+      this.instance = new Parameter();
+    }
+
+    public Parameter build() {
+      Parameter result;
+      result = this.instance;
+      this.instance = null;
+      return result;
+    }
+
+    public Builder withAddress(String address) {
+      this.instance.address = address;
+      return this;
+    }
+
+    public Builder withKeyPath(List<Object> keyPath) {
+      this.instance.keyPath = keyPath;
+      return this;
+    }
+
+    public Builder withValue(String value) {
+      this.instance.value = value;
+      return this;
+    }
+
+    public Builder withHighlight(List<String> highlight) {
+      this.instance.highlight = highlight;
+      return this;
+    }
+  }
+}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/Rule.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/Rule.java
new file mode 100644
index 00000000000..40ba2ef8f03
--- /dev/null
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/Rule.java
@@ -0,0 +1,135 @@
+package com.datadog.appsec.report;
+
+import java.util.Map;
+import java.util.Objects;
+
+public class Rule {
+  /**
+   * The unique identifier of the rule that triggered the event. For example, ``ua-910-xax``.
+   * (Required)
+   */
+  @com.squareup.moshi.Json(name = "id")
+  private java.lang.String id;
+  /** The friendly name of the rule that triggered the event. (Required) */
+  @com.squareup.moshi.Json(name = "name")
+  private java.lang.String name;
+  /** (Required) */
+  @com.squareup.moshi.Json(name = "tags")
+  private Map<String, String> tags;
+
+  /**
+   * The unique identifier of the rule that triggered the event. For example, ``ua-910-xax``.
+   * (Required)
+   */
+  public java.lang.String getId() {
+    return id;
+  }
+
+  /**
+   * The unique identifier of the rule that triggered the event. For example, ``ua-910-xax``.
+   * (Required)
+   */
+  public void setId(java.lang.String id) {
+    this.id = id;
+  }
+
+  /** The friendly name of the rule that triggered the event. (Required) */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /** The friendly name of the rule that triggered the event. (Required) */
+  public void setName(java.lang.String name) {
+    this.name = name;
+  }
+
+  /** (Required) */
+  public Map<String, String> getTags() {
+    return tags;
+  }
+
+  /** (Required) */
+  public void setTags(Map<String, String> tags) {
+    this.tags = tags;
+  }
+
+  @Override
+  public java.lang.String toString() {
+    StringBuilder sb = new StringBuilder();
+    sb.append(Rule.class.getName())
+        .append('@')
+        .append(Integer.toHexString(System.identityHashCode(this)))
+        .append('[');
+    sb.append("id");
+    sb.append('=');
+    sb.append(((this.id == null) ? "<null>" : this.id));
+    sb.append(',');
+    sb.append("name");
+    sb.append('=');
+    sb.append(((this.name == null) ? "<null>" : this.name));
+    sb.append(',');
+    sb.append("tags");
+    sb.append('=');
+    sb.append(((this.tags == null) ? "<null>" : this.tags));
+    sb.append(',');
+    if (sb.charAt((sb.length() - 1)) == ',') {
+      sb.setCharAt((sb.length() - 1), ']');
+    } else {
+      sb.append(']');
+    }
+    return sb.toString();
+  }
+
+  @Override
+  public int hashCode() {
+    int result = 1;
+    result = ((result * 31) + ((this.name == null) ? 0 : this.name.hashCode()));
+    result = ((result * 31) + ((this.id == null) ? 0 : this.id.hashCode()));
+    result = ((result * 31) + ((this.tags == null) ? 0 : this.tags.hashCode()));
+    return result;
+  }
+
+  @Override
+  public boolean equals(Object other) {
+    if (other == this) {
+      return true;
+    }
+    if (!(other instanceof Rule)) {
+      return false;
+    }
+    Rule rhs = ((Rule) other);
+    return (((Objects.equals(this.name, rhs.name)) && (Objects.equals(this.id, rhs.id)))
+        && (Objects.equals(this.tags, rhs.tags)));
+  }
+
+  public static class Builder {
+
+    protected Rule instance;
+
+    public Builder() {
+      this.instance = new Rule();
+    }
+
+    public Rule build() {
+      Rule result;
+      result = this.instance;
+      this.instance = null;
+      return result;
+    }
+
+    public Builder withId(java.lang.String id) {
+      this.instance.id = id;
+      return this;
+    }
+
+    public Builder withName(java.lang.String name) {
+      this.instance.name = name;
+      return this;
+    }
+
+    public Builder withTags(Map<String, String> tags) {
+      this.instance.tags = tags;
+      return this;
+    }
+  }
+}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/RuleMatch.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/RuleMatch.java
new file mode 100644
index 00000000000..582b5fac5a6
--- /dev/null
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/RuleMatch.java
@@ -0,0 +1,133 @@
+package com.datadog.appsec.report;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+public class RuleMatch {
+  /**
+   * The rule operator that triggered this event. For example, ``match_regex`` or ``phrase_match``.
+   * (Required)
+   */
+  @com.squareup.moshi.Json(name = "operator")
+  private String operator;
+  /**
+   * The rule operator operand that triggered this event. For example, the word that triggered using
+   * the ``phrase_match`` operator. (Required)
+   */
+  @com.squareup.moshi.Json(name = "operator_value")
+  private String operatorValue;
+  /** (Required) */
+  @com.squareup.moshi.Json(name = "parameters")
+  private List<Parameter> parameters = new ArrayList<>();
+
+  /**
+   * The rule operator that triggered this event. For example, ``match_regex`` or ``phrase_match``.
+   * (Required)
+   */
+  public String getOperator() {
+    return operator;
+  }
+
+  /**
+   * The rule operator that triggered this event. For example, ``match_regex`` or ``phrase_match``.
+   * (Required)
+   */
+  public void setOperator(String operator) {
+    this.operator = operator;
+  }
+
+  /**
+   * The rule operator operand that triggered this event. For example, the word that triggered using
+   * the ``phrase_match`` operator. (Required)
+   */
+  public String getOperatorValue() {
+    return operatorValue;
+  }
+
+  /** (Required) */
+  public List<Parameter> getParameters() {
+    return parameters;
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder();
+    sb.append(RuleMatch.class.getName())
+        .append('@')
+        .append(Integer.toHexString(System.identityHashCode(this)))
+        .append('[');
+    sb.append("operator");
+    sb.append('=');
+    sb.append(((this.operator == null) ? "<null>" : this.operator));
+    sb.append(',');
+    sb.append("operatorValue");
+    sb.append('=');
+    sb.append(((this.operatorValue == null) ? "<null>" : this.operatorValue));
+    sb.append(',');
+    sb.append("parameters");
+    sb.append('=');
+    sb.append(((this.parameters == null) ? "<null>" : this.parameters));
+    sb.append(',');
+    if (sb.charAt((sb.length() - 1)) == ',') {
+      sb.setCharAt((sb.length() - 1), ']');
+    } else {
+      sb.append(']');
+    }
+    return sb.toString();
+  }
+
+  @Override
+  public int hashCode() {
+    int result = 1;
+    result = ((result * 31) + ((this.parameters == null) ? 0 : this.parameters.hashCode()));
+    result = ((result * 31) + ((this.operator == null) ? 0 : this.operator.hashCode()));
+    result = ((result * 31) + ((this.operatorValue == null) ? 0 : this.operatorValue.hashCode()));
+    return result;
+  }
+
+  @Override
+  public boolean equals(Object other) {
+    if (other == this) {
+      return true;
+    }
+    if (!(other instanceof RuleMatch)) {
+      return false;
+    }
+    RuleMatch rhs = ((RuleMatch) other);
+    return (Objects.equals(this.parameters, rhs.parameters))
+        && Objects.equals(this.operator, rhs.operator)
+        && Objects.equals(this.operatorValue, rhs.operatorValue);
+  }
+
+  public static class Builder {
+
+    protected RuleMatch instance;
+
+    public Builder() {
+      this.instance = new RuleMatch();
+    }
+
+    public RuleMatch build() {
+      RuleMatch result;
+      result = this.instance;
+      this.instance = null;
+      return result;
+    }
+
+    public Builder withOperator(String operator) {
+      this.instance.operator = operator;
+      return this;
+    }
+
+    public Builder withOperatorValue(String operatorValue) {
+      this.instance.operatorValue = operatorValue;
+      return this;
+    }
+
+    public Builder withParameters(List<Parameter> parameters) {
+      this.instance.parameters = parameters;
+      return this;
+    }
+  }
+}
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/StandardizedLogging.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/StandardizedLogging.java
index e2ac7ade868..25703fa343b 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/StandardizedLogging.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/StandardizedLogging.java
@@ -1,8 +1,8 @@
 package com.datadog.appsec.util;
 
 import com.datadog.appsec.event.data.Address;
-import com.datadog.appsec.report.raw.events.AppSecEvent100;
-import com.datadog.appsec.report.raw.events.Rule;
+import com.datadog.appsec.report.AppSecEvent;
+import com.datadog.appsec.report.Rule;
 import io.sqreen.powerwaf.Powerwaf;
 import org.slf4j.Logger;
 import org.slf4j.Marker;
@@ -131,7 +131,7 @@ public static void inAppWafReturn(Logger logger, Powerwaf.ResultWithData resultW
   }
 
   // D6, I5
-  public static void attackDetected(Logger logger, AppSecEvent100 event) {
+  public static void attackDetected(Logger logger, AppSecEvent event) {
     String ruleId = "unknown rule";
     Rule rule = event.getRule();
     if (rule != null) {
diff --git a/dd-java-agent/appsec/src/main/resources/default_config.json b/dd-java-agent/appsec/src/main/resources/default_config.json
index 4bbe6f9a5b5..a6e01468548 100644
--- a/dd-java-agent/appsec/src/main/resources/default_config.json
+++ b/dd-java-agent/appsec/src/main/resources/default_config.json
@@ -1,7 +1,7 @@
 {
   "version": "2.2",
   "metadata": {
-    "rules_version": "1.7.1"
+    "rules_version": "1.8.0"
   },
   "rules": [
     {
@@ -62,6 +62,8 @@
         "crs_id": "913110",
         "category": "attack_attempt",
         "tool_name": "Acunetix",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "0"
       },
       "conditions": [
@@ -94,6 +96,8 @@
         "type": "security_scanner",
         "crs_id": "913120",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -108,6 +112,12 @@
               },
               {
                 "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -144,6 +154,8 @@
         "type": "http_protocol_violation",
         "crs_id": "920260",
         "category": "attack_attempt",
+        "cwe": "176",
+        "capec": "1000/255/153/267/71",
         "confidence": "0"
       },
       "conditions": [
@@ -171,7 +183,9 @@
       "tags": {
         "type": "http_protocol_violation",
         "crs_id": "921110",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "444",
+        "capec": "1000/210/272/220/33"
       },
       "conditions": [
         {
@@ -206,7 +220,9 @@
       "tags": {
         "type": "http_protocol_violation",
         "crs_id": "921160",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "113",
+        "capec": "1000/210/272/220/105"
       },
       "conditions": [
         {
@@ -239,6 +255,8 @@
         "type": "lfi",
         "crs_id": "930100",
         "category": "attack_attempt",
+        "cwe": "22",
+        "capec": "1000/255/153/126",
         "confidence": "1"
       },
       "conditions": [
@@ -271,6 +289,8 @@
         "type": "lfi",
         "crs_id": "930110",
         "category": "attack_attempt",
+        "cwe": "22",
+        "capec": "1000/255/153/126",
         "confidence": "1"
       },
       "conditions": [
@@ -304,6 +324,8 @@
         "type": "lfi",
         "crs_id": "930120",
         "category": "attack_attempt",
+        "cwe": "22",
+        "capec": "1000/255/153/126",
         "confidence": "1"
       },
       "conditions": [
@@ -321,6 +343,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -1743,7 +1768,10 @@
               "sys/hypervisor",
               "sys/kernel",
               "sys/module",
-              "sys/power"
+              "sys/power",
+              "windows\\win.ini",
+              "default\\ntuser.dat",
+              "/var/run/secrets/kubernetes.io/serviceaccount"
             ]
           },
           "operator": "phrase_match"
@@ -1761,6 +1789,8 @@
         "type": "rfi",
         "crs_id": "931110",
         "category": "attack_attempt",
+        "cwe": "98",
+        "capec": "1000/152/175/253/193",
         "confidence": "1"
       },
       "conditions": [
@@ -1787,7 +1817,9 @@
       "tags": {
         "type": "rfi",
         "crs_id": "931120",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "98",
+        "capec": "1000/152/175/253/193"
       },
       "conditions": [
         {
@@ -1801,6 +1833,12 @@
               },
               {
                 "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "^(?i:file|ftps?)://.*?\\?+$",
@@ -1821,6 +1859,8 @@
         "type": "command_injection",
         "crs_id": "932160",
         "category": "attack_attempt",
+        "cwe": "77",
+        "capec": "1000/152/248/88",
         "confidence": "1"
       },
       "conditions": [
@@ -1838,6 +1878,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -2312,7 +2355,8 @@
         }
       ],
       "transformers": [
-        "lowercase"
+        "lowercase",
+        "cmdLine"
       ]
     },
     {
@@ -2322,6 +2366,8 @@
         "type": "command_injection",
         "crs_id": "932171",
         "category": "attack_attempt",
+        "cwe": "77",
+        "capec": "1000/152/248/88",
         "confidence": "1"
       },
       "conditions": [
@@ -2342,6 +2388,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "^\\(\\s*\\)\\s+{",
@@ -2362,6 +2411,8 @@
         "type": "command_injection",
         "crs_id": "932180",
         "category": "attack_attempt",
+        "cwe": "706",
+        "capec": "1000/225/122/17/177",
         "confidence": "1"
       },
       "conditions": [
@@ -2421,6 +2472,8 @@
         "type": "unrestricted_file_upload",
         "crs_id": "933111",
         "category": "attack_attempt",
+        "cwe": "434",
+        "capec": "1000/225/122/17/650",
         "confidence": "1"
       },
       "conditions": [
@@ -2472,6 +2525,8 @@
         "type": "php_code_injection",
         "crs_id": "933130",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/225/122/17/650",
         "confidence": "1"
       },
       "conditions": [
@@ -2489,6 +2544,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -2528,7 +2586,9 @@
       "tags": {
         "type": "php_code_injection",
         "crs_id": "933131",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/225/122/17/650"
       },
       "conditions": [
         {
@@ -2545,6 +2605,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
@@ -2565,6 +2628,8 @@
         "type": "php_code_injection",
         "crs_id": "933140",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/225/122/17/650",
         "confidence": "1"
       },
       "conditions": [
@@ -2582,6 +2647,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
@@ -2601,6 +2669,8 @@
         "type": "php_code_injection",
         "crs_id": "933150",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/225/122/17/650",
         "confidence": "1"
       },
       "conditions": [
@@ -2618,6 +2688,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -2680,7 +2753,9 @@
       "tags": {
         "type": "php_code_injection",
         "crs_id": "933160",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/225/122/17/650"
       },
       "conditions": [
         {
@@ -2697,6 +2772,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
@@ -2717,6 +2795,8 @@
         "type": "php_code_injection",
         "crs_id": "933170",
         "category": "attack_attempt",
+        "cwe": "502",
+        "capec": "1000/152/586",
         "confidence": "1"
       },
       "conditions": [
@@ -2737,6 +2817,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
@@ -2756,7 +2839,9 @@
       "tags": {
         "type": "php_code_injection",
         "crs_id": "933200",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "502",
+        "capec": "1000/152/586"
       },
       "conditions": [
         {
@@ -2773,6 +2858,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
@@ -2794,7 +2882,9 @@
       "tags": {
         "type": "js_code_injection",
         "crs_id": "934100",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242"
       },
       "conditions": [
         {
@@ -2811,6 +2901,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
@@ -2831,7 +2924,9 @@
         "type": "js_code_injection",
         "crs_id": "934101",
         "category": "attack_attempt",
-        "confidence": "1"
+        "confidence": "1",
+        "cwe": "94",
+        "capec": "1000/152/242"
       },
       "conditions": [
         {
@@ -2848,6 +2943,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
@@ -2868,6 +2966,8 @@
         "type": "xss",
         "crs_id": "941110",
         "category": "attack_attempt",
+        "cwe": "80",
+        "capec": "1000/152/242/63/591",
         "confidence": "1"
       },
       "conditions": [
@@ -2897,6 +2997,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<script[^>]*>[\\s\\S]*?",
@@ -2919,6 +3022,8 @@
         "type": "xss",
         "crs_id": "941120",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -2948,9 +3053,12 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
-            "regex": "[\\s\\\"'`;\\/0-9=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]on(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress)|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
+            "regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
             "options": {
               "min_length": 8
             }
@@ -2970,6 +3078,8 @@
         "type": "xss",
         "crs_id": "941140",
         "category": "attack_attempt",
+        "cwe": "84",
+        "capec": "1000/152/242/63/591/244",
         "confidence": "1"
       },
       "conditions": [
@@ -2999,6 +3109,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
@@ -3021,6 +3134,8 @@
         "type": "xss",
         "crs_id": "941170",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -3047,6 +3162,12 @@
               },
               {
                 "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
@@ -3068,7 +3189,9 @@
       "tags": {
         "type": "xss",
         "crs_id": "941180",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "79",
+        "capec": "1000/152/242/63/591"
       },
       "conditions": [
         {
@@ -3085,6 +3208,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -3111,6 +3237,8 @@
         "type": "xss",
         "crs_id": "941200",
         "category": "attack_attempt",
+        "cwe": "80",
+        "capec": "1000/152/242/63/591",
         "confidence": "1"
       },
       "conditions": [
@@ -3128,6 +3256,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
@@ -3150,6 +3281,8 @@
         "type": "xss",
         "crs_id": "941210",
         "category": "attack_attempt",
+        "cwe": "80",
+        "capec": "1000/152/242/63/591",
         "confidence": "1"
       },
       "conditions": [
@@ -3167,6 +3300,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3189,6 +3325,8 @@
         "type": "xss",
         "crs_id": "941220",
         "category": "attack_attempt",
+        "cwe": "80",
+        "capec": "1000/152/242/63/591",
         "confidence": "1"
       },
       "conditions": [
@@ -3206,6 +3344,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3228,6 +3369,8 @@
         "type": "xss",
         "crs_id": "941230",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -3245,6 +3388,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
@@ -3266,6 +3412,8 @@
         "type": "xss",
         "crs_id": "941240",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -3283,6 +3431,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
@@ -3305,7 +3456,9 @@
       "tags": {
         "type": "xss",
         "crs_id": "941270",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243"
       },
       "conditions": [
         {
@@ -3322,6 +3475,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<LINK[\\s/+].*?href[\\s/+]*=",
@@ -3343,6 +3499,8 @@
         "type": "xss",
         "crs_id": "941280",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -3360,6 +3518,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<BASE[\\s/+].*?href[\\s/+]*=",
@@ -3381,6 +3542,8 @@
         "type": "xss",
         "crs_id": "941290",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -3398,6 +3561,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<APPLET[\\s/+>]",
@@ -3419,6 +3585,8 @@
         "type": "xss",
         "crs_id": "941300",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -3436,6 +3604,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
@@ -3457,6 +3628,8 @@
         "type": "xss",
         "crs_id": "941350",
         "category": "attack_attempt",
+        "cwe": "87",
+        "capec": "1000/152/242/63/591/199",
         "confidence": "1"
       },
       "conditions": [
@@ -3474,6 +3647,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
@@ -3493,7 +3669,9 @@
       "tags": {
         "type": "xss",
         "crs_id": "941360",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "87",
+        "capec": "1000/152/242/63/591/199"
       },
       "conditions": [
         {
@@ -3510,6 +3688,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "![!+ ]\\[\\]",
@@ -3530,7 +3711,9 @@
         "type": "xss",
         "crs_id": "941390",
         "category": "attack_attempt",
-        "confidence": "1"
+        "confidence": "1",
+        "cwe": "79",
+        "capec": "1000/152/242/63/591"
       },
       "conditions": [
         {
@@ -3547,6 +3730,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
@@ -3566,7 +3752,9 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942100",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66"
       },
       "conditions": [
         {
@@ -3583,6 +3771,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ]
           },
@@ -3600,6 +3791,8 @@
         "type": "sql_injection",
         "crs_id": "942160",
         "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66/7",
         "confidence": "1"
       },
       "conditions": [
@@ -3617,6 +3810,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
@@ -3637,6 +3833,8 @@
         "type": "sql_injection",
         "crs_id": "942240",
         "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66/7",
         "confidence": "1"
       },
       "conditions": [
@@ -3654,6 +3852,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
@@ -3672,7 +3873,9 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942250",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66"
       },
       "conditions": [
         {
@@ -3689,6 +3892,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
@@ -3708,7 +3914,9 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942270",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66"
       },
       "conditions": [
         {
@@ -3725,6 +3933,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "union.*?select.*?from",
@@ -3744,6 +3955,8 @@
         "type": "sql_injection",
         "crs_id": "942280",
         "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66/7",
         "confidence": "1"
       },
       "conditions": [
@@ -3761,6 +3974,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
@@ -3779,7 +3995,9 @@
       "tags": {
         "type": "nosql_injection",
         "crs_id": "942290",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "943",
+        "capec": "1000/152/248/676"
       },
       "conditions": [
         {
@@ -3796,6 +4014,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
@@ -3817,7 +4038,9 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942360",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66/470"
       },
       "conditions": [
         {
@@ -3834,6 +4057,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
@@ -3852,7 +4078,9 @@
       "tags": {
         "type": "sql_injection",
         "crs_id": "942500",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "89",
+        "capec": "1000/152/248/66"
       },
       "conditions": [
         {
@@ -3869,6 +4097,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
@@ -3889,6 +4120,8 @@
         "type": "http_protocol_violation",
         "crs_id": "943100",
         "category": "attack_attempt",
+        "cwe": "384",
+        "capec": "1000/225/21/593/61",
         "confidence": "1"
       },
       "conditions": [
@@ -3903,6 +4136,12 @@
               },
               {
                 "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
@@ -3923,6 +4162,8 @@
         "type": "java_code_injection",
         "crs_id": "944100",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -3943,6 +4184,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "java\\.lang\\.(?:runtime|processbuilder)",
@@ -3964,7 +4208,9 @@
       "tags": {
         "type": "java_code_injection",
         "crs_id": "944110",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242"
       },
       "conditions": [
         {
@@ -3984,6 +4230,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:runtime|processbuilder)",
@@ -4011,6 +4260,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:unmarshaller|base64data|java\\.)",
@@ -4032,7 +4284,9 @@
       "tags": {
         "type": "java_code_injection",
         "crs_id": "944130",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242"
       },
       "conditions": [
         {
@@ -4052,6 +4306,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "list": [
@@ -4112,6 +4369,8 @@
         "type": "java_code_injection",
         "crs_id": "944260",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -4132,6 +4391,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
@@ -4150,7 +4412,9 @@
       "name": "Look for Cassandra injections",
       "tags": {
         "type": "nosql_injection",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "943",
+        "capec": "1000/152/248/676"
       },
       "conditions": [
         {
@@ -4165,6 +4429,12 @@
               {
                 "address": "server.request.path_params"
               },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
+              },
               {
                 "address": "server.request.headers.no_cookies"
               }
@@ -4183,7 +4453,9 @@
       "name": "OGNL - Look for formatting injection patterns",
       "tags": {
         "type": "java_code_injection",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242"
       },
       "conditions": [
         {
@@ -4204,6 +4476,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
@@ -4221,6 +4496,8 @@
       "tags": {
         "type": "java_code_injection",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -4242,6 +4519,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "[@#]ognl",
@@ -4259,6 +4539,8 @@
       "tags": {
         "type": "exploit_detection",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -4287,6 +4569,8 @@
       "tags": {
         "type": "js_code_injection",
         "category": "attack_attempt",
+        "cwe": "1321",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -4315,6 +4599,8 @@
       "tags": {
         "type": "js_code_injection",
         "category": "attack_attempt",
+        "cwe": "1321",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -4357,6 +4643,8 @@
       "tags": {
         "type": "java_code_injection",
         "category": "attack_attempt",
+        "cwe": "1336",
+        "capec": "1000/152/242/19",
         "confidence": "1"
       },
       "conditions": [
@@ -4377,6 +4665,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
@@ -4393,6 +4684,8 @@
         "type": "attack_tool",
         "category": "attack_attempt",
         "tool_name": "BurpCollaborator",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -4413,6 +4706,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
@@ -4429,6 +4725,8 @@
         "type": "commercial_scanner",
         "category": "attack_attempt",
         "tool_name": "Qualys",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "0"
       },
       "conditions": [
@@ -4449,6 +4747,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\bqualysperiscope\\.com\\b"
@@ -4465,6 +4766,8 @@
         "type": "commercial_scanner",
         "category": "attack_attempt",
         "tool_name": "Probely",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "0"
       },
       "conditions": [
@@ -4485,6 +4788,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\bprbly\\.win\\b"
@@ -4500,6 +4806,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -4520,6 +4828,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
@@ -4535,6 +4846,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "0"
       },
       "conditions": [
@@ -4555,6 +4868,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
@@ -4571,6 +4887,8 @@
         "type": "commercial_scanner",
         "category": "attack_attempt",
         "tool_name": "Rapid7",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "0"
       },
       "conditions": [
@@ -4591,6 +4909,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\bappspidered\\.rapid7\\."
@@ -4607,6 +4928,8 @@
         "type": "attack_tool",
         "category": "attack_attempt",
         "tool_name": "interact.sh",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -4627,6 +4950,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
@@ -4636,12 +4962,59 @@
       ],
       "transformers": []
     },
+    {
+      "id": "dog-913-008",
+      "name": "Netsparker OOB domain",
+      "tags": {
+        "type": "commercial_scanner",
+        "category": "attack_attempt",
+        "tool_name": "Netsparker",
+        "cwe": "200",
+        "capec": "1000/118/169",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
+              }
+            ],
+            "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
+            "options": {
+              "case_sensitive": false,
+              "min_length": 7
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
     {
       "id": "dog-931-001",
       "name": "RFI: URL Payload to well known RFI target",
       "tags": {
         "type": "rfi",
         "category": "attack_attempt",
+        "cwe": "98",
+        "capec": "1000/152/175/253/193",
         "confidence": "1"
       },
       "conditions": [
@@ -4656,6 +5029,12 @@
               },
               {
                 "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
@@ -4675,6 +5054,8 @@
       "tags": {
         "type": "xxe",
         "category": "attack_attempt",
+        "cwe": "91",
+        "capec": "1000/152/248/250",
         "confidence": "0"
       },
       "conditions": [
@@ -4686,6 +5067,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
@@ -4699,12 +5083,69 @@
       ],
       "transformers": []
     },
+    {
+      "id": "dog-941-001",
+      "name": "XSS in source property",
+      "tags": {
+        "type": "xss",
+        "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "user-agent"
+                ]
+              },
+              {
+                "address": "server.request.headers.no_cookies",
+                "key_path": [
+                  "referer"
+                ]
+              },
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
+              }
+            ],
+            "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?",
+            "options": {
+              "min_length": 14
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "removeNulls",
+        "urlDecodeUni"
+      ]
+    },
     {
       "id": "dog-942-001",
       "name": "Blind XSS callback domains",
       "tags": {
         "type": "xss",
         "category": "attack_attempt",
+        "cwe": "83",
+        "capec": "1000/152/242/63/591/243",
         "confidence": "1"
       },
       "conditions": [
@@ -4725,6 +5166,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
@@ -4743,6 +5187,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -4978,6 +5424,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5018,6 +5466,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5058,6 +5508,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5098,6 +5550,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5138,6 +5592,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5178,6 +5634,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5218,6 +5676,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5258,6 +5718,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5298,6 +5760,8 @@
       "tags": {
         "type": "ssrf",
         "category": "attack_attempt",
+        "cwe": "918",
+        "capec": "1000/225/115/664",
         "confidence": "1"
       },
       "conditions": [
@@ -5315,6 +5779,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
@@ -5334,7 +5801,9 @@
       "name": "Server-side Javascript injection: Try to detect obvious JS injection",
       "tags": {
         "type": "js_code_injection",
-        "category": "attack_attempt"
+        "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242"
       },
       "conditions": [
         {
@@ -5351,6 +5820,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
@@ -5371,6 +5843,8 @@
       "tags": {
         "type": "command_injection",
         "category": "attack_attempt",
+        "cwe": "78",
+        "capec": "1000/152/248/88",
         "confidence": "1"
       },
       "conditions": [
@@ -5391,6 +5865,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
@@ -5406,6 +5883,8 @@
       "tags": {
         "type": "command_injection",
         "category": "attack_attempt",
+        "cwe": "78",
+        "capec": "1000/152/248/88",
         "confidence": "1"
       },
       "conditions": [
@@ -5426,14 +5905,19 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
-            "regex": "(?i)[&|]\\s*cat\\s+\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
+            "regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
           },
           "operator": "match_regex"
         }
       ],
-      "transformers": []
+      "transformers": [
+        "cmdLine"
+      ]
     },
     {
       "id": "sqr-000-010",
@@ -5441,6 +5925,8 @@
       "tags": {
         "type": "command_injection",
         "category": "attack_attempt",
+        "cwe": "78",
+        "capec": "1000/152/248/88",
         "confidence": "1"
       },
       "conditions": [
@@ -5461,6 +5947,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
@@ -5476,6 +5965,8 @@
       "tags": {
         "type": "ssrf",
         "category": "attack_attempt",
+        "cwe": "918",
+        "capec": "1000/225/115/664",
         "confidence": "1"
       },
       "conditions": [
@@ -5493,6 +5984,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
@@ -5511,6 +6005,8 @@
       "tags": {
         "type": "ssrf",
         "category": "attack_attempt",
+        "cwe": "918",
+        "capec": "1000/225/115/664",
         "confidence": "0"
       },
       "conditions": [
@@ -5528,6 +6024,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -5545,6 +6044,8 @@
       "tags": {
         "type": "ssrf",
         "category": "attack_attempt",
+        "cwe": "918",
+        "capec": "1000/225/115/664",
         "confidence": "0"
       },
       "conditions": [
@@ -5562,6 +6063,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -5579,6 +6083,8 @@
       "tags": {
         "type": "ssrf",
         "category": "attack_attempt",
+        "cwe": "918",
+        "capec": "1000/225/115/664",
         "confidence": "1"
       },
       "conditions": [
@@ -5599,6 +6105,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
@@ -5614,6 +6123,8 @@
       "tags": {
         "type": "ssrf",
         "category": "attack_attempt",
+        "cwe": "918",
+        "capec": "1000/225/115/664",
         "confidence": "0"
       },
       "conditions": [
@@ -5634,6 +6145,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
@@ -5651,6 +6165,8 @@
       "tags": {
         "type": "exploit_detection",
         "category": "attack_attempt",
+        "cwe": "94",
+        "capec": "1000/152/242",
         "confidence": "1"
       },
       "conditions": [
@@ -5674,6 +6190,9 @@
               },
               {
                 "address": "grpc.server.request.message"
+              },
+              {
+                "address": "graphql.server.all_resolvers"
               }
             ],
             "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
@@ -5691,6 +6210,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Joomla exploitation tool",
         "confidence": "1"
       },
@@ -5718,6 +6239,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nessus",
         "confidence": "1"
       },
@@ -5745,6 +6268,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Arachni",
         "confidence": "1"
       },
@@ -5772,6 +6297,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Jorgee",
         "confidence": "1"
       },
@@ -5799,6 +6326,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Probely",
         "confidence": "0"
       },
@@ -5826,6 +6355,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Metis",
         "confidence": "1"
       },
@@ -5853,6 +6384,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "SQLPowerInjector",
         "confidence": "1"
       },
@@ -5880,6 +6413,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "N-Stealth",
         "confidence": "1"
       },
@@ -5907,6 +6442,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Brutus",
         "confidence": "1"
       },
@@ -5934,6 +6471,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -5960,6 +6499,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Netsparker",
         "confidence": "0"
       },
@@ -5987,6 +6528,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "JAASCois",
         "confidence": "1"
       },
@@ -6014,6 +6557,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nsauditor",
         "confidence": "1"
       },
@@ -6041,6 +6586,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Paros",
         "confidence": "1"
       },
@@ -6068,6 +6615,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "DirBuster",
         "confidence": "1"
       },
@@ -6095,6 +6644,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Pangolin",
         "confidence": "1"
       },
@@ -6122,6 +6673,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Qualys",
         "confidence": "0"
       },
@@ -6149,6 +6702,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "SQLNinja",
         "confidence": "1"
       },
@@ -6176,6 +6731,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nikto",
         "confidence": "1"
       },
@@ -6203,6 +6760,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "BlackWidow",
         "confidence": "1"
       },
@@ -6230,6 +6789,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Grendel-Scan",
         "confidence": "1"
       },
@@ -6257,6 +6818,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Havij",
         "confidence": "1"
       },
@@ -6284,6 +6847,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "w3af",
         "confidence": "1"
       },
@@ -6311,6 +6876,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nmap",
         "confidence": "1"
       },
@@ -6338,6 +6905,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nessus",
         "confidence": "1"
       },
@@ -6365,6 +6934,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "EvilScanner",
         "confidence": "1"
       },
@@ -6392,6 +6963,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "WebFuck",
         "confidence": "1"
       },
@@ -6419,6 +6992,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "OpenVAS",
         "confidence": "1"
       },
@@ -6446,6 +7021,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Spider-Pig",
         "confidence": "1"
       },
@@ -6473,6 +7050,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Zgrab",
         "confidence": "1"
       },
@@ -6500,6 +7079,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Zmeu",
         "confidence": "1"
       },
@@ -6527,6 +7108,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "GoogleSecurityScanner",
         "confidence": "0"
       },
@@ -6554,6 +7137,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Commix",
         "confidence": "1"
       },
@@ -6581,6 +7166,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Gobuster",
         "confidence": "1"
       },
@@ -6608,6 +7195,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "CGIchk",
         "confidence": "1"
       },
@@ -6635,6 +7224,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "FFUF",
         "confidence": "1"
       },
@@ -6662,6 +7253,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nuclei",
         "confidence": "1"
       },
@@ -6689,6 +7282,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Tsunami",
         "confidence": "1"
       },
@@ -6716,6 +7311,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Nimbostratus",
         "confidence": "1"
       },
@@ -6743,6 +7340,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Datadog Canary Test",
         "confidence": "1"
       },
@@ -6776,6 +7375,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Datadog Canary Test",
         "confidence": "1"
       },
@@ -6812,6 +7413,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "AlertLogic",
         "confidence": "0"
       },
@@ -6839,6 +7442,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "wfuzz",
         "confidence": "1"
       },
@@ -6866,6 +7471,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Detectify",
         "confidence": "0"
       },
@@ -6893,6 +7500,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "BSQLBF",
         "confidence": "1"
       },
@@ -6920,6 +7529,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "masscan",
         "confidence": "1"
       },
@@ -6947,6 +7558,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "WPScan",
         "confidence": "1"
       },
@@ -6974,6 +7587,8 @@
       "tags": {
         "type": "commercial_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Aon",
         "confidence": "0"
       },
@@ -7001,6 +7616,8 @@
       "tags": {
         "type": "security_scanner",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "confidence": "1"
       },
       "conditions": [
@@ -7014,7 +7631,10 @@
                 ]
               }
             ],
-            "regex": "mozilla/4\\.0 \\(compatible(; msie 6\\.0; win32)?\\)"
+            "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; win32|4\\.0; Windows NT))?\\)",
+            "options": {
+              "case_sensitive": false
+            }
           },
           "operator": "match_regex"
         }
@@ -7027,6 +7647,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "SQLmap",
         "confidence": "1"
       },
@@ -7054,6 +7676,8 @@
       "tags": {
         "type": "attack_tool",
         "category": "attack_attempt",
+        "cwe": "200",
+        "capec": "1000/118/169",
         "tool_name": "Skipfish",
         "confidence": "1"
       },
@@ -7074,32 +7698,6 @@
         }
       ],
       "transformers": []
-    },
-    {
-      "id": "__troubleshooting_rule",
-      "name": "troubleshooting rule for block on request body",
-      "tags": {
-        "type": "troubleshooting",
-        "category": "troubleshooting",
-        "confidence": "1"
-      },
-      "conditions": [
-        {
-          "parameters": {
-            "inputs": [
-              {
-                "address": "server.request.body"
-              }
-            ],
-            "regex": "ADKMFFpndcwHNnr2MW9W"
-          },
-          "operator": "match_regex"
-        }
-      ],
-      "transformers": [],
-      "on_match": [
-        "block"
-      ]
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecModuleSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecModuleSpecification.groovy
index 6904d032647..02fdd645276 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecModuleSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecModuleSpecification.groovy
@@ -1,7 +1,6 @@
 package com.datadog.appsec
 
 import com.datadog.appsec.event.ChangeableFlow
-import com.datadog.appsec.event.EventType
 import com.datadog.appsec.event.OrderedCallback
 import com.datadog.appsec.event.data.Address
 import com.datadog.appsec.event.data.DataBundle
@@ -25,19 +24,6 @@ class AppSecModuleSpecification extends DDSpecification {
     list == [ds3, ds1, ds2]
   }
 
-  void 'event subscriptions are correctly ordered'() {
-    def es1 = new NoopEventSubscription('es1', EventType.REQUEST_START, DEFAULT)
-    def es2 = new NoopEventSubscription('es2', EventType.REQUEST_START, HIGH)
-    def es3 = new NoopEventSubscription('es3', EventType.REQUEST_START, HIGH)
-
-    when:
-    def list = [es3, es1, es2]
-    list.sort(OrderedCallback.CallbackPriorityComparator.INSTANCE)
-
-    then:
-    list == [es3, es2, es1]
-  }
-
   private static class NoopDataSubscription extends AppSecModule.DataSubscription {
     final String name
 
@@ -55,22 +41,4 @@ class AppSecModuleSpecification extends DDSpecification {
       name
     }
   }
-
-  private static class NoopEventSubscription extends AppSecModule.EventSubscription {
-    final String name
-
-    NoopEventSubscription(String name, EventType eventType, Priority priority) {
-      super(eventType, priority)
-      this.name = name
-    }
-
-    @Override
-    void onEvent(AppSecRequestContext ctx, EventType eventType) {
-    }
-
-    @Override
-    String toString() {
-      name
-    }
-  }
 }
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecSystemSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecSystemSpecification.groovy
index 76f19bd2476..12a9bd7c5db 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecSystemSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/AppSecSystemSpecification.groovy
@@ -3,7 +3,7 @@ package com.datadog.appsec
 import com.datadog.appsec.config.AppSecConfig
 import com.datadog.appsec.event.EventProducerService
 import com.datadog.appsec.gateway.AppSecRequestContext
-import com.datadog.appsec.report.raw.events.AppSecEvent100
+import com.datadog.appsec.report.AppSecEvent
 import com.datadog.appsec.util.AbortStartupException
 import datadog.communication.ddagent.DDAgentFeaturesDiscovery
 import datadog.communication.ddagent.SharedCommunicationObjects
@@ -77,7 +77,7 @@ class AppSecSystemSpecification extends DDSpecification {
     1 * subService.registerCallback(EVENTS.requestEnded(), _) >> { requestEndedCB = it[1]; null }
     1 * requestContext.getData(RequestContextSlot.APPSEC) >> appSecReqCtx
     1 * requestContext.traceSegment >> traceSegment
-    1 * appSecReqCtx.transferCollectedEvents() >> [Mock(AppSecEvent100)]
+    1 * appSecReqCtx.transferCollectedEvents() >> [Mock(AppSecEvent)]
     1 * appSecReqCtx.getRequestHeaders() >> ['foo-bar': ['1.1.1.1']]
     1 * appSecReqCtx.getResponseHeaders() >> [:]
     1 * traceSegment.setTagTop('actor.ip', '1.1.1.1')
@@ -105,7 +105,7 @@ class AppSecSystemSpecification extends DDSpecification {
     1 * subService.registerCallback(EVENTS.requestEnded(), _) >> { requestEndedCB = it[1]; null }
     7 * requestContext.getData(RequestContextSlot.APPSEC) >> appSecReqCtx
     7 * requestContext.traceSegment >> traceSegment
-    7 * appSecReqCtx.transferCollectedEvents() >> [Mock(AppSecEvent100)]
+    7 * appSecReqCtx.transferCollectedEvents() >> [Mock(AppSecEvent)]
     // allow for one extra in case we move to another second and round down the prev count
     (5..6) * appSecReqCtx.getRequestHeaders() >> [:]
     (5..6) * appSecReqCtx.getResponseHeaders() >> [:]
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/ApiSecurityRequestSamplerTest.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/ApiSecurityRequestSamplerTest.groovy
new file mode 100644
index 00000000000..b15a22e1c47
--- /dev/null
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/ApiSecurityRequestSamplerTest.groovy
@@ -0,0 +1,43 @@
+package com.datadog.appsec.api.security
+
+import datadog.trace.api.Config
+import datadog.trace.test.util.DDSpecification
+import spock.lang.Shared
+
+class ApiSecurityRequestSamplerTest extends DDSpecification {
+
+  @Shared
+  static final float DEFAULT_SAMPLE_RATE = Config.get().getApiSecurityRequestSampleRate()
+
+  void 'Api Security Request Sample Rate'() {
+    given:
+    def config = Spy(Config.get())
+    config.getApiSecurityRequestSampleRate() >> sampleRate
+    def sampler = new ApiSecurityRequestSampler(config)
+
+    when:
+    def numOfRequest = expectedSampledRequests.size()
+    def results = new int[numOfRequest]
+    for (int i = 0; i < numOfRequest; i++) {
+      results[i] = sampler.sampleRequest() ? 1 : 0
+    }
+
+    then:
+    results == expectedSampledRequests as int[]
+
+    where:
+    sampleRate               | expectedSampledRequests
+    DEFAULT_SAMPLE_RATE      | [0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0]  // Default sample rate - 10%
+    0.0                      | [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+    0.1                      | [0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0]
+    0.25                     | [0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1]
+    0.33                     | [0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1]
+    0.5                      | [0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1]
+    0.75                     | [0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1]
+    0.9                      | [0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0]
+    0.99                     | [0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+    1.0                      | [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+    1.25                     | [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]    // Wrong sample rate - use 100%
+    -0.5                     | [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]    // Wrong sample rate - use 100%
+  }
+}
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/blocking/BlockingServiceImplSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/blocking/BlockingServiceImplSpecification.groovy
index 705db033676..314fa037196 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/blocking/BlockingServiceImplSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/blocking/BlockingServiceImplSpecification.groovy
@@ -108,7 +108,7 @@ class BlockingServiceImplSpecification extends DDSpecification {
 
     then:
     res == true
-    1 * brf.tryCommitBlockingResponse(405, BlockingContentType.HTML, [:]) >> true
+    1 * brf.tryCommitBlockingResponse(mts, 405, BlockingContentType.HTML, [:],) >> true
     1 * mts.effectivelyBlocked()
   }
 
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigDeserializerSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigDeserializerSpecification.groovy
new file mode 100644
index 00000000000..52775d4acb2
--- /dev/null
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigDeserializerSpecification.groovy
@@ -0,0 +1,61 @@
+package com.datadog.appsec.config
+
+import spock.lang.Specification
+
+import java.nio.charset.StandardCharsets
+
+class AppSecConfigDeserializerSpecification extends Specification {
+
+  void "deserialize rule with unknown key"() {
+    given:
+    final deser = AppSecConfigDeserializer.INSTANCE
+    final input = """
+    {
+      "version": "2.9999",
+      "metadata": {
+        "rules_version": "1.7.1"
+      },
+      "exclusions": [
+        {
+          "UNKNOWN_FIELD": "UNKNOWN_VALUE"
+        }
+      ],
+      "rules": [
+        {
+          "UNKNOWN_FIELD": "UNKNOWN_VALUE",
+          "id": "blk-001-001",
+          "name": "Block IP Addresses",
+          "tags": {
+            "type": "block_ip",
+            "category": "security_response"
+          },
+          "conditions": [
+            {
+              "parameters": {
+                "inputs": [
+                  {
+                    "address": "http.client_ip"
+                  }
+                ],
+                "data": "blocked_ips"
+              },
+              "operator": "ip_match"
+            }
+          ],
+          "transformers": [],
+          "on_match": [
+            "block"
+          ]
+        }
+      ]
+    }
+    """
+
+    when:
+    def result = deser.deserialize(input.getBytes(StandardCharsets.UTF_8))
+
+    then:
+    result != null
+    result.getNumberOfRules() == 1
+  }
+}
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigServiceImplSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigServiceImplSpecification.groovy
index 4f8559e3760..439365faac0 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigServiceImplSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/config/AppSecConfigServiceImplSpecification.groovy
@@ -213,7 +213,7 @@ class AppSecConfigServiceImplSpecification extends DDSpecification {
     }
     1 * poller.addConfigurationEndListener(_) >> { listeners.savedConfEndListener = it[0] }
     1 * poller.addCapabilities(2L)
-    1 * poller.addCapabilities(956L)
+    1 * poller.addCapabilities(1980L)
     0 * _._
     initialWafConfig.get() != null
 
@@ -350,7 +350,7 @@ class AppSecConfigServiceImplSpecification extends DDSpecification {
     }
     1 * poller.addConfigurationEndListener(_) >> { listeners.savedConfEndListener = it[0] }
     1 * poller.addCapabilities(2L)
-    1 * poller.addCapabilities(956L)
+    1 * poller.addCapabilities(1980L)
     0 * _._
 
     when:
@@ -406,7 +406,7 @@ class AppSecConfigServiceImplSpecification extends DDSpecification {
     poller = null
 
     then:
-    1 * poller.removeCapabilities(958L)
+    1 * poller.removeCapabilities(1982L)
     4 * poller.removeListener(_)
     1 * poller.removeConfigurationEndListener(_)
     1 * poller.stop()
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/EventDispatcherSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/EventDispatcherSpecification.groovy
index e5e2def08a1..5cbcf9c6614 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/EventDispatcherSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/EventDispatcherSpecification.groovy
@@ -9,35 +9,10 @@ import datadog.appsec.api.blocking.BlockingContentType
 import datadog.trace.api.gateway.Flow
 import datadog.trace.test.util.DDSpecification
 
-import static org.hamcrest.Matchers.containsInAnyOrder
-import static spock.util.matcher.HamcrestSupport.expect
-
 class EventDispatcherSpecification extends DDSpecification {
   EventDispatcher dispatcher = new EventDispatcher()
   AppSecRequestContext ctx = Mock()
 
-  void 'notifies about events in order'() {
-    given:
-    EventListener eventListener1 = Mock()
-    EventListener eventListener2 = Mock()
-    eventListener1.priority >> OrderedCallback.Priority.DEFAULT
-    eventListener2.priority >> OrderedCallback.Priority.HIGH
-
-    def set = new EventDispatcher.EventSubscriptionSet()
-    set.addSubscription(EventType.REQUEST_END, eventListener1)
-    set.addSubscription(EventType.REQUEST_END, eventListener2)
-    dispatcher.subscribeEvents(set)
-
-    when:
-    dispatcher.publishEvent(ctx, EventType.REQUEST_END)
-
-    then:
-    1 * eventListener2.onEvent(ctx, EventType.REQUEST_END)
-
-    then:
-    1 * eventListener1.onEvent(ctx, EventType.REQUEST_END)
-  }
-
   void 'notifies about data in order with the same flow'() {
     Flow savedFlow1, savedFlow2, savedFlow3
 
@@ -163,22 +138,16 @@ class EventDispatcherSpecification extends DDSpecification {
   }
 
   void 'saves the subscribed to events and addresses'() {
-    when:
-    EventListener eventListener = Mock()
-    eventListener.priority >> OrderedCallback.Priority.DEFAULT
-    def set = new EventDispatcher.EventSubscriptionSet()
-    set.addSubscription(EventType.REQUEST_END, eventListener)
-
+    given:
+    def addressSet = new EventDispatcher.DataSubscriptionSet()
     DataListener dataListener = Mock()
     dataListener.priority >> OrderedCallback.Priority.DEFAULT
-    dispatcher.subscribeEvents(set)
-    def addressSet = new EventDispatcher.DataSubscriptionSet()
+
+    when:
     addressSet.addSubscription([KnownAddresses.REQUEST_CLIENT_IP], dataListener)
-    dispatcher.subscribeDataAvailable(addressSet)
 
     then:
-    expect dispatcher.allSubscribedDataAddresses(), containsInAnyOrder(KnownAddresses.REQUEST_CLIENT_IP)
-    expect dispatcher.allSubscribedEvents(), containsInAnyOrder(EventType.REQUEST_END)
+    dispatcher.subscribeDataAvailable(addressSet)
   }
 
   void 'throws ExpiredSubscriberInfo if it is from a different EventDispatcher'() {
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/data/KnownAddressesSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/data/KnownAddressesSpecification.groovy
index 0b0cfdeaf48..040297f1f57 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/data/KnownAddressesSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/event/data/KnownAddressesSpecification.groovy
@@ -31,12 +31,13 @@ class KnownAddressesSpecification extends Specification {
       'grpc.server.request.message',
       'grpc.server.request.metadata',
       'usr.id',
+      'waf.context.processor',
     ]
   }
 
   void 'number of known addresses is expected number'() {
     expect:
-    Address.instanceCount() == 22
-    KnownAddresses.USER_ID.serial == Address.instanceCount() - 1
+    Address.instanceCount() == 24
+    KnownAddresses.WAF_CONTEXT_PROCESSOR.serial == Address.instanceCount() - 1
   }
 }
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy
index 2ad0e9dcd1f..4e7ce0b9d85 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy
@@ -4,7 +4,7 @@ package com.datadog.appsec.gateway
 import com.datadog.appsec.config.CurrentAppSecConfig
 import com.datadog.appsec.event.data.KnownAddresses
 import com.datadog.appsec.event.data.MapDataBundle
-import com.datadog.appsec.report.raw.events.AppSecEvent100
+import com.datadog.appsec.report.AppSecEvent
 import com.datadog.appsec.test.StubAppSecConfigService
 import datadog.trace.test.util.DDSpecification
 import io.sqreen.powerwaf.Additive
@@ -98,7 +98,7 @@ class AppSecRequestContextSpecification extends DDSpecification {
 
   void 'can collect events'() {
     when:
-    ctx.reportEvents([new AppSecEvent100(), new AppSecEvent100()], null)
+    ctx.reportEvents([new AppSecEvent(), new AppSecEvent()])
     def events = ctx.transferCollectedEvents()
 
     then:
@@ -107,7 +107,7 @@ class AppSecRequestContextSpecification extends DDSpecification {
     events[1] != null
 
     when:
-    ctx.reportEvents([new AppSecEvent100()], null)
+    ctx.reportEvents([new AppSecEvent()])
 
     then:
     thrown IllegalStateException
@@ -183,6 +183,6 @@ class AppSecRequestContextSpecification extends DDSpecification {
 
     then:
     ctx.additive == null
-    additive.online == false
+    !additive.online
   }
 }
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeIGRegistrationSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeIGRegistrationSpecification.groovy
index 1f8213b4ab0..7457fd23e98 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeIGRegistrationSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeIGRegistrationSpecification.groovy
@@ -1,7 +1,6 @@
 package com.datadog.appsec.gateway
 
 import com.datadog.appsec.event.EventDispatcher
-import com.datadog.appsec.event.EventType
 import com.datadog.appsec.event.data.KnownAddresses
 import datadog.trace.api.gateway.Events
 import datadog.trace.api.gateway.SubscriptionService
@@ -11,11 +10,10 @@ class GatewayBridgeIGRegistrationSpecification extends DDSpecification {
   SubscriptionService ig = Mock()
   EventDispatcher eventDispatcher = Mock()
 
-  GatewayBridge bridge = new GatewayBridge(ig, eventDispatcher, null, [])
+  GatewayBridge bridge = new GatewayBridge(ig, eventDispatcher, null, null, [])
 
   void 'request_body_start and request_body_done are registered'() {
     given:
-    1 * eventDispatcher.allSubscribedEvents() >> [EventType.REQUEST_BODY_START, EventType.REQUEST_BODY_END]
     1 * eventDispatcher.allSubscribedDataAddresses() >> []
 
     when:
@@ -28,7 +26,6 @@ class GatewayBridgeIGRegistrationSpecification extends DDSpecification {
 
   void 'request_body_done is is registered via data address'() {
     given:
-    1 * eventDispatcher.allSubscribedEvents() >> []
     1 * eventDispatcher.allSubscribedDataAddresses() >> [KnownAddresses.REQUEST_BODY_RAW]
 
     when:
@@ -37,28 +34,4 @@ class GatewayBridgeIGRegistrationSpecification extends DDSpecification {
     then:
     1 * ig.registerCallback(Events.REQUEST_BODY_DONE, _)
   }
-
-  void 'request_body_start is not registered'() {
-    given:
-    1 * eventDispatcher.allSubscribedEvents() >> [EventType.REQUEST_BODY_END]
-    1 * eventDispatcher.allSubscribedDataAddresses() >> []
-
-    when:
-    bridge.init()
-
-    then:
-    0 * ig.registerCallback(Events.REQUEST_BODY_START, _)
-  }
-
-  void 'request_body_end is not registered'() {
-    given:
-    1 * eventDispatcher.allSubscribedEvents() >> [EventType.REQUEST_BODY_START]
-    1 * eventDispatcher.allSubscribedDataAddresses() >> []
-
-    when:
-    bridge.init()
-
-    then:
-    0 * ig.registerCallback(Events.REQUEST_BODY_DONE, _)
-  }
 }
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy
index 8a0e58180fd..f1d3d7ee241 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy
@@ -4,12 +4,11 @@ import com.datadog.appsec.AppSecSystem
 import com.datadog.appsec.config.TraceSegmentPostProcessor
 import com.datadog.appsec.event.EventDispatcher
 import com.datadog.appsec.event.EventProducerService
-import com.datadog.appsec.event.EventType
 import com.datadog.appsec.event.data.DataBundle
 import com.datadog.appsec.event.data.KnownAddresses
 import com.datadog.appsec.event.data.SingletonDataBundle
+import com.datadog.appsec.report.AppSecEvent
 import com.datadog.appsec.report.AppSecEventWrapper
-import com.datadog.appsec.report.raw.events.AppSecEvent100
 import datadog.trace.api.internal.TraceSegment
 import datadog.trace.api.function.TriConsumer
 import datadog.trace.api.function.TriFunction
@@ -62,7 +61,7 @@ class GatewayBridgeSpecification extends DDSpecification {
 
   RateLimiter rateLimiter = new RateLimiter(10, { -> 0L } as TimeSource, RateLimiter.ThrottledCallback.NOOP)
   TraceSegmentPostProcessor pp = Mock()
-  GatewayBridge bridge = new GatewayBridge(ig, eventDispatcher, rateLimiter, [pp])
+  GatewayBridge bridge = new GatewayBridge(ig, eventDispatcher, rateLimiter, null, [pp])
 
   Supplier<Flow<AppSecRequestContext>> requestStartedCB
   BiFunction<RequestContext, AgentSpan, Flow<Void>> requestEndedCB
@@ -94,7 +93,6 @@ class GatewayBridgeSpecification extends DDSpecification {
     Flow<AppSecRequestContext> startFlow = requestStartedCB.get()
 
     then:
-    1 * eventDispatcher.publishEvent(_ as AppSecRequestContext, EventType.REQUEST_START)
     Object producedCtx = startFlow.getResult()
     producedCtx instanceof AppSecRequestContext
     startFlow.action == Flow.Action.Noop.INSTANCE
@@ -117,7 +115,7 @@ class GatewayBridgeSpecification extends DDSpecification {
   }
 
   void 'request_end closes context reports attacks and publishes event'() {
-    AppSecEvent100 event = Mock()
+    AppSecEvent event = Mock()
     AppSecRequestContext mockAppSecCtx = Mock(AppSecRequestContext)
     mockAppSecCtx.requestHeaders >> ['accept':['header_value']]
     mockAppSecCtx.responseHeaders >> [
@@ -145,13 +143,13 @@ class GatewayBridgeSpecification extends DDSpecification {
     1 * traceSegment.setTagTop('http.request.headers.accept', 'header_value')
     1 * traceSegment.setTagTop('http.response.headers.content-type', 'text/html; charset=UTF-8')
     1 * traceSegment.setTagTop('network.client.ip', '2001::1')
-    1 * eventDispatcher.publishEvent(mockAppSecCtx, EventType.REQUEST_END)
+    1 * mockAppSecCtx.closeAdditive()
     flow.result == null
     flow.action == Flow.Action.Noop.INSTANCE
   }
 
   void 'event publishing is rate limited'() {
-    AppSecEvent100 event = Mock()
+    AppSecEvent event = Mock()
     AppSecRequestContext mockAppSecCtx = Mock(AppSecRequestContext)
     mockAppSecCtx.requestHeaders >> [:]
     RequestContext mockCtx = Mock(RequestContext) {
@@ -166,7 +164,7 @@ class GatewayBridgeSpecification extends DDSpecification {
     then:
     11 * mockAppSecCtx.transferCollectedEvents() >> [event]
     11 * mockAppSecCtx.close()
-    11 * eventDispatcher.publishEvent(mockAppSecCtx, EventType.REQUEST_END)
+    11 * mockAppSecCtx.closeAdditive()
     10 * spanInfo.getTags() >> ['http.client_ip':'1.1.1.1']
     10 * traceSegment.setDataTop("appsec", _)
   }
@@ -187,7 +185,7 @@ class GatewayBridgeSpecification extends DDSpecification {
     requestEndedCB.apply(mockCtx, spanInfo)
 
     then:
-    1 * mockAppSecCtx.transferCollectedEvents() >> [Mock(AppSecEvent100)]
+    1 * mockAppSecCtx.transferCollectedEvents() >> [Mock(AppSecEvent)]
     1 * spanInfo.getTags() >> ['http.client_ip':'8.8.8.8']
     1 * traceSegment.setTagTop('actor.ip', '8.8.8.8')
   }
@@ -245,7 +243,8 @@ class GatewayBridgeSpecification extends DDSpecification {
 
     then:
     thrown(IllegalStateException)
-    assert bundle.get(KnownAddresses.HEADERS_NO_COOKIES).isEmpty()
+    def data = bundle.get(KnownAddresses.HEADERS_NO_COOKIES)
+    assert data == null || data.isEmpty()
   }
 
   void 'the socket address is distributed'() {
@@ -393,7 +392,6 @@ class GatewayBridgeSpecification extends DDSpecification {
 
   void callInitAndCaptureCBs() {
     // force all callbacks to be registered
-    _ * eventDispatcher.allSubscribedEvents() >> [EventType.REQUEST_BODY_START, EventType.REQUEST_BODY_END]
     _ * eventDispatcher.allSubscribedDataAddresses() >> [KnownAddresses.REQUEST_PATH_PARAMS, KnownAddresses.REQUEST_BODY_OBJECT]
 
     1 * ig.registerCallback(EVENTS.requestStarted(), _) >> { requestStartedCB = it[1]; null }
@@ -531,7 +529,6 @@ class GatewayBridgeSpecification extends DDSpecification {
     requestBodyStartCB.apply(ctx, supplier)
 
     then:
-    1 * eventDispatcher.publishEvent(ctx.data, EventType.REQUEST_BODY_START)
     ctx.data.storedRequestBody == 'foobar'
   }
 
@@ -549,7 +546,6 @@ class GatewayBridgeSpecification extends DDSpecification {
     requestBodyDoneCB.apply(ctx, supplier)
 
     then:
-    1 * eventDispatcher.publishEvent(ctx.data, EventType.REQUEST_BODY_END)
     bundle.get(KnownAddresses.REQUEST_BODY_RAW) == 'foobar'
   }
 
@@ -567,7 +563,6 @@ class GatewayBridgeSpecification extends DDSpecification {
     then:
     flow == NoopFlow.INSTANCE
     0 * eventDispatcher.getDataSubscribers(KnownAddresses.REQUEST_BODY_RAW)
-    0 * eventDispatcher.publishEvent(ctx.data, EventType.REQUEST_BODY_END)
   }
 
   void 'forward request body processed'() {
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy
index 2d27e08397d..44611653cc3 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy
@@ -8,16 +8,14 @@ import com.datadog.appsec.config.CurrentAppSecConfig
 import com.datadog.appsec.config.TraceSegmentPostProcessor
 import com.datadog.appsec.event.ChangeableFlow
 import com.datadog.appsec.event.DataListener
-import com.datadog.appsec.event.EventListener
-import com.datadog.appsec.event.EventType
+import com.datadog.appsec.event.data.Address
 import com.datadog.appsec.event.data.CaseInsensitiveMap
 import com.datadog.appsec.event.data.DataBundle
 import com.datadog.appsec.event.data.KnownAddresses
 import com.datadog.appsec.event.data.MapDataBundle
 import com.datadog.appsec.gateway.AppSecRequestContext
-import com.datadog.appsec.report.raw.events.AppSecEvent100
-import com.datadog.appsec.report.raw.events.Parameter
-import com.datadog.appsec.report.raw.events.Tags
+import com.datadog.appsec.report.AppSecEvent
+import com.datadog.appsec.report.Parameter
 import com.datadog.appsec.test.StubAppSecConfigService
 import datadog.trace.api.ConfigDefaults
 import datadog.trace.api.internal.TraceSegment
@@ -45,7 +43,6 @@ class PowerWAFModuleSpecification extends DDSpecification {
   StubAppSecConfigService service
   PowerWAFModule pwafModule = new PowerWAFModule()
   DataListener dataListener
-  EventListener eventListener
 
   Additive pwafAdditive
   PowerwafMetrics metrics
@@ -64,7 +61,6 @@ class PowerWAFModuleSpecification extends DDSpecification {
     service.init()
     pwafModule.config(service)
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
   }
 
   void 'use default actions if none defined in config'() {
@@ -134,7 +130,6 @@ class PowerWAFModuleSpecification extends DDSpecification {
     when:
     setupWithStubConfigService('override_actions_config.json')
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
 
     def actions = [
       [
@@ -179,7 +174,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       '1.2.3.4'
       )
     dataListener.onDataAvailable(flow, ctx, newBundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -190,7 +185,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     1 * ctx.getOrCreateAdditive(_ as PowerwafContext, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive()
     1 * flow.isBlocking()
@@ -204,14 +199,14 @@ class PowerWAFModuleSpecification extends DDSpecification {
     when:
     setupWithStubConfigService('rules_with_data_config.json')
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
+    ctx.closeAdditive()
 
     def bundle = MapDataBundle.of(
       KnownAddresses.USER_ID,
       'user-to-block-1'
       )
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * flow.setAction({ Flow.Action.RequestBlockingAction rba ->
@@ -221,9 +216,9 @@ class PowerWAFModuleSpecification extends DDSpecification {
     1 * ctx.getOrCreateAdditive(_ as PowerwafContext, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
-    1 * ctx.closeAdditive()
+    2 * ctx.closeAdditive()
     1 * flow.isBlocking()
     0 * _
 
@@ -232,10 +227,12 @@ class PowerWAFModuleSpecification extends DDSpecification {
       [
         id  : 'blocked_users',
         type: 'data_with_expiration',
-        data: [[
+        data: [
+          [
             value     : 'user-to-block-2',
             expiration: '0',
-          ]]
+          ]
+        ]
       ]
     ]
     service.currentAppSecConfig.with {
@@ -247,7 +244,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -258,7 +255,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     1 * ctx.getOrCreateAdditive(_ as PowerwafContext, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive()
     1 * flow.isBlocking()
@@ -270,7 +267,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       'user-to-block-2'
       )
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * flow.setAction({ Flow.Action.RequestBlockingAction rba ->
@@ -280,7 +277,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     1 * ctx.getOrCreateAdditive(_ as PowerwafContext, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive()
     1 * flow.isBlocking()
@@ -323,7 +320,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       'user-to-block-2'
       )
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -334,7 +331,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     1 * ctx.getOrCreateAdditive(_ as PowerwafContext, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive()
     1 * flow.isBlocking()
@@ -346,7 +343,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       'user-to-block-1'
       )
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_ as PowerwafContext, true) >> {
@@ -366,7 +363,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
     def exclusions = [
       [
-        id          : 1,
+        id          : '1',
         rules_target: [
           [
             tags: [
@@ -402,13 +399,13 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
     when:
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive() >> { pwafAdditive.close() }
     0 * _
@@ -421,7 +418,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       '192.168.0.1'
       )
     dataListener.onDataAvailable(flow, ctx, newBundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, true) >> {
@@ -479,14 +476,14 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
     when:
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
     // we get two events: one for origin rule, and one for the custom one
-    1 * ctx.reportEvents(hasSize(2), _)
+    1 * ctx.reportEvents(hasSize(2))
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive()
     0 * _
@@ -550,7 +547,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
     when:
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     // original rule is replaced; no attack
@@ -559,7 +556,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
         rba.blockingContentType == BlockingContentType.AUTO
     })
     1 * ctx.getOrCreateAdditive(_, true) >> { it[0].openAdditive() }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * ctx.closeAdditive()
     1 * flow.isBlocking()
@@ -573,7 +570,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       new CaseInsensitiveMap<List<String>>(['user-agent': 'redirect' + variant]))
     def flow = new ChangeableFlow()
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, true) >> {
@@ -584,7 +581,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
     1 * ctx.getWafMetrics() >> metrics
     1 * ctx.closeAdditive()
-    1 * ctx.reportEvents(_, _)
+    1 * ctx.reportEvents(_)
     0 * ctx._(*_)
     flow.blocking == true
     flow.action instanceof Flow.Action.RequestBlockingAction
@@ -636,7 +633,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
     when:
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, true) >> {
@@ -647,7 +644,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
     1 * ctx.getWafMetrics() >> metrics
     1 * ctx.closeAdditive()
-    1 * ctx.reportEvents(_, _)
+    1 * ctx.reportEvents(_)
     0 * ctx._(*_)
     flow.blocking == true
     flow.action.statusCode == 418
@@ -663,7 +660,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
     when:
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, false) >> {
@@ -671,7 +668,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
     1 * ctx.getWafMetrics() >> null
     1 * ctx.closeAdditive()
-    1 * ctx.reportEvents(_, _)
+    1 * ctx.reportEvents(_)
     0 * ctx._(*_)
     metrics == null
   }
@@ -686,7 +683,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     setupWithStubConfigService()
     pp = service.traceSegmentPostProcessors[1]
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
     pp.processTraceSegment(segment, ctx, [])
 
     then:
@@ -728,29 +725,26 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
   void 'reports events'() {
     setupWithStubConfigService()
-    AppSecEvent100 event
+    AppSecEvent event
 
     when:
     dataListener.onDataAvailable(Mock(ChangeableFlow), ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    ctx.reportEvents(_ as Collection<AppSecEvent100>, _) >> { event = it[0].iterator().next() }
+    ctx.reportEvents(_ as Collection<AppSecEvent>) >> { event = it[0].iterator().next() }
 
     event.rule.id == 'ua0-600-12x'
     event.rule.name == 'Arachni'
-    event.rule.tags == new Tags.TagsBuilder()
-      .withType('security_scanner')
-      .withCategory('attack_attempt')
-      .build()
+    event.rule.tags == [type: 'security_scanner', category: 'attack_attempt']
 
     event.ruleMatches[0].operator == 'match_regex'
     event.ruleMatches[0].operatorValue == '^Arachni\\/v'
     event.ruleMatches[0].parameters == [
-      new Parameter.ParameterBuilder()
+      new Parameter.Builder()
       .withAddress('server.request.headers.no_cookies')
       .withKeyPath(['user-agent'])
       .withValue('Arachni/v0')
@@ -761,22 +755,22 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
   void 'redaction with default settings'() {
     setupWithStubConfigService()
-    AppSecEvent100 event
+    AppSecEvent event
 
     when:
     def bundle = MapDataBundle.of(KnownAddresses.HEADERS_NO_COOKIES,
       new CaseInsensitiveMap<List<String>>(['user-agent': [password: 'Arachni/v0']]))
     dataListener.onDataAvailable(Mock(ChangeableFlow), ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    ctx.reportEvents(_ as Collection<AppSecEvent100>, _) >> { event = it[0].iterator().next() }
+    ctx.reportEvents(_ as Collection<AppSecEvent>) >> { event = it[0].iterator().next() }
 
     event.ruleMatches[0].parameters == [
-      new Parameter.ParameterBuilder()
+      new Parameter.Builder()
       .withAddress('server.request.headers.no_cookies')
       .withKeyPath(['user-agent', 'password'])
       .withValue('<Redacted>')
@@ -788,22 +782,22 @@ class PowerWAFModuleSpecification extends DDSpecification {
   void 'disabling of key regex'() {
     injectSysConfig(APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP, '')
     setupWithStubConfigService()
-    AppSecEvent100 event
+    AppSecEvent event
 
     when:
     def bundle = MapDataBundle.of(KnownAddresses.HEADERS_NO_COOKIES,
       new CaseInsensitiveMap<List<String>>(['user-agent': [password: 'Arachni/v0']]))
     dataListener.onDataAvailable(Mock(ChangeableFlow), ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    ctx.reportEvents(_ as Collection<AppSecEvent100>, _) >> { event = it[0].iterator().next() }
+    ctx.reportEvents(_ as Collection<AppSecEvent>) >> { event = it[0].iterator().next() }
 
     event.ruleMatches[0].parameters == [
-      new Parameter.ParameterBuilder()
+      new Parameter.Builder()
       .withAddress('server.request.headers.no_cookies')
       .withKeyPath(['user-agent', 'password'])
       .withValue('Arachni/v0')
@@ -816,20 +810,20 @@ class PowerWAFModuleSpecification extends DDSpecification {
     injectSysConfig(APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP, 'Arachni')
 
     setupWithStubConfigService()
-    AppSecEvent100 event
+    AppSecEvent event
 
     when:
     dataListener.onDataAvailable(Mock(ChangeableFlow), ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive()
     }
-    ctx.reportEvents(_ as Collection<AppSecEvent100>, _) >> { event = it[0].iterator().next() }
+    ctx.reportEvents(_ as Collection<AppSecEvent>) >> { event = it[0].iterator().next() }
 
     event.ruleMatches[0].parameters == [
-      new Parameter.ParameterBuilder()
+      new Parameter.Builder()
       .withAddress('server.request.headers.no_cookies')
       .withKeyPath(['user-agent'])
       .withValue('<Redacted>')
@@ -890,12 +884,6 @@ class PowerWAFModuleSpecification extends DDSpecification {
     PowerWAFModule.createLimitsObject()
   }
 
-  void 'subscribes 1 event'() {
-    expect:
-    pwafModule.eventSubscriptions.isEmpty() == false
-    pwafModule.eventSubscriptions.first().eventType == EventType.REQUEST_END
-  }
-
   void 'configuration can be given later'() {
     def cfgService = new StubAppSecConfigService([waf: null])
     AppSecModuleConfigurer.Reconfiguration reconf = Mock()
@@ -910,14 +898,13 @@ class PowerWAFModuleSpecification extends DDSpecification {
     when:
     cfgService.listeners['waf'].onNewSubconfig(defaultConfig['waf'], reconf)
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
     dataListener.onDataAvailable(Mock(ChangeableFlow), ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive() }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * reconf.reloadSubscriptions()
   }
 
@@ -945,15 +932,14 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
     def bundle = MapDataBundle.of(KnownAddresses.REQUEST_INFERRED_CLIENT_IP, '1.2.3.4')
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
     1 * ctx.getOrCreateAdditive(_, true) >> { pwafAdditive = it[0].openAdditive() }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * flow.setAction({ it.blocking })
     1 * ctx.closeAdditive()
@@ -1000,10 +986,9 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
     def bundle = MapDataBundle.of(KnownAddresses.REQUEST_INFERRED_CLIENT_IP, '1.2.3.4')
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then: 'no match; rule is disabled'
     1 * reconf.reloadSubscriptions()
@@ -1025,7 +1010,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then: 'no match; data was cleared (though rule is no longer disabled)'
     1 * ctx.getOrCreateAdditive(_, true) >> {
@@ -1044,13 +1029,13 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then: 'now we have match'
     1 * reconf.reloadSubscriptions()
     1 * ctx.getOrCreateAdditive(_, true) >> {
       pwafAdditive = it[0].openAdditive() }
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.getWafMetrics()
     1 * flow.setAction({ it.blocking })
     1 * ctx.closeAdditive() >> {pwafAdditive.close()}
@@ -1068,7 +1053,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     }
 
     dataListener.onDataAvailable(flow, ctx, bundle, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then: 'nothing again; we disabled the rule'
     1 * reconf.reloadSubscriptions()
@@ -1094,9 +1079,8 @@ class PowerWAFModuleSpecification extends DDSpecification {
       it.dirtyStatus.clearDirty()
     }
     dataListener = pwafModule.dataSubscriptions.first()
-    eventListener = pwafModule.eventSubscriptions.first()
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -1117,7 +1101,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       it.dirtyStatus.clearDirty()
     }
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -1139,7 +1123,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       it.dirtyStatus.clearDirty()
     }
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -1149,7 +1133,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     1 * ctx.getWafMetrics()
     1 * flow.isBlocking()
     1 * flow.setAction({ it.blocking })
-    1 * ctx.reportEvents(_ as Collection<AppSecEvent100>, _)
+    1 * ctx.reportEvents(_ as Collection<AppSecEvent>)
     1 * ctx.closeAdditive() >> {pwafAdditive.close()}
     0 * _
 
@@ -1162,7 +1146,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       it.dirtyStatus.clearDirty()
     }
     dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
-    eventListener.onEvent(ctx, EventType.REQUEST_END)
+    ctx.closeAdditive()
 
     then:
     1 * reconf.reloadSubscriptions()
@@ -1175,6 +1159,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
   }
 
   void 'initial configuration has unknown addresses'() {
+    Address<String> doesNotExistAddress = new Address<>("server.request.headers.does-not-exist")
     def cfgService = new StubAppSecConfigService(waf:
     new CurrentAppSecConfig(
     ddConfig: AppSecConfig.valueOf([
@@ -1192,7 +1177,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
               parameters: [
                 inputs: [
                   [
-                    address: 'server.request.headers.does-not-exist',
+                    address: doesNotExistAddress.key,
                     key_path: ['user-agent']]
                 ],
                 regex: '^Arachni\\/v'
@@ -1209,7 +1194,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
     pwafModule.config(cfgService)
 
     then:
-    pwafModule.dataSubscriptions.first().subscribedAddresses.empty
+    !pwafModule.dataSubscriptions.first().subscribedAddresses.contains(doesNotExistAddress)
   }
 
   void 'bad initial configuration is given results in no subscriptions'() {
@@ -1240,7 +1225,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
   void 'bad ResultWithData - empty list'() {
     def waf = new PowerWAFModule()
-    Powerwaf.ResultWithData rwd = new Powerwaf.ResultWithData(null, "[]")
+    Powerwaf.ResultWithData rwd = new Powerwaf.ResultWithData(null, "[]", null, null)
     Collection ret
 
     when:
@@ -1252,7 +1237,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
 
   void 'bad ResultWithData - empty object'() {
     def waf = new PowerWAFModule()
-    Powerwaf.ResultWithData rwd = new Powerwaf.ResultWithData(null, "[{}]")
+    Powerwaf.ResultWithData rwd = new Powerwaf.ResultWithData(null, "[{}]", null, null)
     Collection ret
 
     when:
@@ -1278,7 +1263,7 @@ class PowerWAFModuleSpecification extends DDSpecification {
       dataListener.onDataAvailable(flow, ctx, ATTACK_BUNDLE, false)
       Thread thread = new Thread({ p ->
         latch.countDown()
-        eventListener.onEvent(ctx, EventType.REQUEST_END)
+        ctx.closeAdditive()
       })
       thread.start()
       latch.await()
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/report/AppSecEventWrapperTest.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/report/AppSecEventWrapperTest.groovy
new file mode 100644
index 00000000000..7b45c1283c1
--- /dev/null
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/report/AppSecEventWrapperTest.groovy
@@ -0,0 +1,45 @@
+package com.datadog.appsec.report
+
+import datadog.trace.test.util.DDSpecification
+
+class AppSecEventWrapperTest extends DDSpecification {
+
+  void 'validate json serialization for AppSecEvent report'() {
+    setup:
+    def event = new AppSecEvent.Builder()
+      .withRule(
+      new Rule.Builder()
+      .withId('rule_id')
+      .withName('rule_name')
+      .withTags([tag: 'value'])
+      .build()
+      )
+      .withRuleMatches(
+      [
+        new RuleMatch.Builder()
+        .withOperator('rule_match_operator')
+        .withOperatorValue("rule_match_operator_value")
+        .withParameters([
+          new Parameter.Builder()
+          .withAddress("parameter_address")
+          .withHighlight(['parameter_highlight'])
+          .withKeyPath(['parameter_key_path'])
+          .withValue('parameter_value')
+          .build()
+        ]
+        )
+        .build()
+      ]
+      )
+      .build()
+
+    def expectedJson = '{"triggers":[{"rule":{"id":"rule_id","name":"rule_name","tags":{"tag":"value"}},"rule_matches":[{"operator":"rule_match_operator","operator_value":"rule_match_operator_value","parameters":[{"address":"parameter_address","highlight":["parameter_highlight"],"key_path":["parameter_key_path"],"value":"parameter_value"}]}]}]}'
+
+    when:
+    def wrapper = new AppSecEventWrapper([event])
+    def json = wrapper.toString()
+
+    then:
+    json == expectedJson
+  }
+}
diff --git a/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecHttpServerTest.groovy b/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecHttpServerTest.groovy
index b3d228aecd1..6182f9e0a4a 100644
--- a/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecHttpServerTest.groovy
+++ b/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecHttpServerTest.groovy
@@ -18,7 +18,7 @@ abstract class AppSecHttpServerTest<SERVER> extends WithHttpServer<SERVER> {
   }
 
   def setupSpec() {
-    SubscriptionService ss = AgentTracer.TracerAPI.get().getSubscriptionService(RequestContextSlot.APPSEC)
+    SubscriptionService ss = AgentTracer.get().getSubscriptionService(RequestContextSlot.APPSEC)
     def sco = new SharedCommunicationObjects()
     def config = Config.get()
     sco.createRemaining(config)
diff --git a/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecInactiveHttpServerTest.groovy b/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecInactiveHttpServerTest.groovy
index 4aa8e246f66..62fe251f33a 100644
--- a/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecInactiveHttpServerTest.groovy
+++ b/dd-java-agent/appsec/src/testFixtures/groovy/com/datadog/appsec/AppSecInactiveHttpServerTest.groovy
@@ -7,7 +7,7 @@ import datadog.trace.agent.test.base.WithHttpServer
 import datadog.trace.api.Config
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.gateway.SubscriptionService
-import datadog.trace.bootstrap.instrumentation.api.AgentTracer.TracerAPI
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer
 import datadog.trace.core.DDSpan
 import okhttp3.FormBody
 import okhttp3.HttpUrl
@@ -31,7 +31,7 @@ abstract class AppSecInactiveHttpServerTest extends WithHttpServer {
   }
 
   void setupSpec() {
-    SubscriptionService ss = TracerAPI.get().getSubscriptionService(RequestContextSlot.APPSEC)
+    SubscriptionService ss = AgentTracer.get().getSubscriptionService(RequestContextSlot.APPSEC)
     def sco = new SharedCommunicationObjects()
     def config = Config.get()
     sco.createRemaining(config)
diff --git a/dd-java-agent/build.gradle b/dd-java-agent/build.gradle
index 9958a0d0671..0e31e9aa07f 100644
--- a/dd-java-agent/build.gradle
+++ b/dd-java-agent/build.gradle
@@ -14,23 +14,29 @@ apply from: "$rootDir/gradle/publish.gradle"
 configurations {
   shadowInclude
   sharedShadowInclude
+  traceShadowInclude
 }
 
 sourceCompatibility = JavaVersion.VERSION_1_7
 targetCompatibility = JavaVersion.VERSION_1_7
 
 /*
- * 7 shadow jars are created
+ * Several shadow jars are created
  * - The main "dd-java-agent" jar that also has the bootstrap project
- * - 5 jars based on projects (instrumentation, jmxfetch, profiling, appsec, iast)
- * - 1 based on the shared dependencies
+ * - Major feature jars (trace, instrumentation, jmxfetch, profiling, appsec, iast, debugger, ci-visibility)
+ * - A shared dependencies jar
  * This general config is shared by all of them
  */
 
 ext.generalShadowJarConfig = {
   mergeServiceFiles()
 
-  exclude '**/META-INF/maven/'
+  duplicatesStrategy = DuplicatesStrategy.FAIL
+
+  // Remove some cruft from the final jar.
+  // These patterns should NOT include **/META-INF/maven/**/pom.properties, which is
+  // used to report our own dependencies.
+  exclude '**/META-INF/maven/**/pom.xml'
   exclude '**/META-INF/proguard/'
   exclude '**/META-INF/*.kotlin_module'
   exclude '**/module-info.class'
@@ -42,6 +48,14 @@ ext.generalShadowJarConfig = {
   // rewrite dependencies calling Logger.getLogger
   relocate 'java.util.logging.Logger', 'datadog.trace.bootstrap.PatchLogger'
 
+  final String projectName = "${project.name}"
+
+  // Prevents conflict with other OkHttp instances, but don't relocate instrumentation
+  if (!projectName.equals('instrumentation')) {
+    relocate 'okhttp3', 'datadog.okhttp3'
+    relocate 'okio',  'datadog.okio'
+  }
+
   if (!project.hasProperty("disableShadowRelocate") || !disableShadowRelocate) {
     // shadow OT impl to prevent casts to implementation
     relocate 'datadog.trace.common', 'datadog.trace.agent.common'
@@ -119,6 +133,15 @@ def sharedShadowJar = tasks.register('sharedShadowJar', ShadowJar) {
 }
 includeShadowJar(sharedShadowJar, 'shared')
 
+// place the tracer in its own shadow jar separate to instrumentation
+def traceShadowJar = tasks.register('traceShadowJar', ShadowJar) {
+  configurations = [project.configurations.traceShadowInclude]
+  it.destinationDirectory.set(file("${project.buildDir}/trace-lib"))
+  archiveClassifier = 'trace'
+  it.dependencies deps.excludeShared
+}
+includeShadowJar(traceShadowJar, 'trace')
+
 shadowJar generalShadowJarConfig >> {
   configurations = [project.configurations.shadowInclude]
 
@@ -169,6 +192,12 @@ tasks.withType(GenerateMavenPom).configureEach { task ->
 }
 
 dependencies {
+  modules {
+    module("com.squareup.okio:okio") {
+      replacedBy("com.datadoghq.okio:okio") // embed our patched fork
+    }
+  }
+
   testImplementation(project(':dd-java-agent:agent-bootstrap')) {
     exclude group: 'com.datadoghq', module: 'agent-logging'
   }
@@ -200,6 +229,7 @@ dependencies {
     // do not bring along slf4j and dependent subprojects
     // (which are loaded on the bootstrap cl)
   }
+  sharedShadowInclude deps.cafe_crypto
   sharedShadowInclude project(':remote-config'), {
     transitive = false
   }
@@ -212,6 +242,10 @@ dependencies {
   sharedShadowInclude project(':utils:version-utils'), {
     transitive = false
   }
+  sharedShadowInclude project(':dd-java-agent:agent-crashtracking'), {
+    transitive = false
+  }
+  traceShadowInclude project(':dd-trace-core')
 }
 
 tasks.withType(Test).configureEach {
diff --git a/dd-java-agent/instrumentation/aerospike-4/src/main/java/datadog/trace/instrumentation/aerospike4/AerospikeClientDecorator.java b/dd-java-agent/instrumentation/aerospike-4/src/main/java/datadog/trace/instrumentation/aerospike4/AerospikeClientDecorator.java
index dce73416df0..96f4f8e031d 100644
--- a/dd-java-agent/instrumentation/aerospike-4/src/main/java/datadog/trace/instrumentation/aerospike4/AerospikeClientDecorator.java
+++ b/dd-java-agent/instrumentation/aerospike-4/src/main/java/datadog/trace/instrumentation/aerospike4/AerospikeClientDecorator.java
@@ -17,10 +17,7 @@
 public class AerospikeClientDecorator extends DBTypeProcessingDatabaseClientDecorator<Node> {
   private static final String DB_TYPE = "aerospike";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
   public static final UTF8BytesString JAVA_AEROSPIKE = UTF8BytesString.create("java-aerospike");
   public static final UTF8BytesString OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/build.gradle b/dd-java-agent/instrumentation/akka-http-10.0/build.gradle
index 33a89187a72..a63f2c4c764 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/build.gradle
+++ b/dd-java-agent/instrumentation/akka-http-10.0/build.gradle
@@ -11,7 +11,10 @@ apply plugin: 'call-site-instrumentation'
 // we put the test classes in the baseTest test set so that the scala
 // version is not inherited
 addTestSuite('baseTest')
+addTestSuiteExtendingForDir('baseForkedTest', 'baseTest', 'baseTest')
 addTestSuiteForDir('version101Test', 'baseTest')
+addTestSuiteExtendingForDir('version101ForkedTest', 'version101Test', 'baseTest')
+addTestSuiteForDir('version102Scala213Test', 'latestDepTest')
 addTestSuite('latestDepTest')
 addTestSuite('lagomTest')
 addTestSuite('iastTest')
@@ -87,6 +90,9 @@ artifacts {
 }
 
 sourceSets {
+  version102Scala213Test.groovy.srcDir sourceSets.baseTest.groovy
+  version102Scala213Test.scala.srcDir sourceSets.baseTest.scala
+
   latestDepTest.groovy.srcDir sourceSets.baseTest.groovy
   latestDepTest.scala.srcDir sourceSets.baseTest.scala
 }
@@ -107,8 +113,9 @@ dependencies {
   // First 10.0.x version with a convenient way to test http2 support
   baseTestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.11', version: '10.0.10'
   baseTestImplementation group: 'com.typesafe.akka', name: 'akka-http2-support_2.11', version: '10.0.10'
+  baseTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.11', version: '10.0.10'
+  baseTestImplementation group: 'com.typesafe.akka', name: 'akka-http-spray-json_2.11', version: '10.0.10'
 
-  iastTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.11', version: '10.0.10'
   iastTestImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
   iastTestCompileOnly group: 'de.thetaphi', name: 'forbiddenapis', version: '3.4'
   iastTestRuntimeOnly project(':dd-java-agent:instrumentation:jackson-core')
@@ -120,8 +127,9 @@ dependencies {
   version101TestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.12', version: '10.1.+'
   version101TestImplementation group: 'com.typesafe.akka', name: 'akka-http2-support_2.12', version: '10.1.+'
   version101TestImplementation group: 'com.typesafe.akka', name: 'akka-stream_2.12', version: '2.5.+'
+  version101TestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.12', version: '10.1.+'
+  version101TestImplementation group: 'com.typesafe.akka', name: 'akka-http-spray-json_2.12', version: '10.1.+'
 
-  version101IastTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.12', version: '10.1.+'
   version101IastTestImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
 
   version102IastTestImplementation deps.scala212
@@ -130,17 +138,28 @@ dependencies {
   version102IastTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.12', version: '10.2.+'
   version102IastTestImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
 
+  version102Scala213TestImplementation deps.scala213
+  version102Scala213TestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.13', version: '10.2.+'
+  version102Scala213TestImplementation group: 'com.typesafe.akka', name: 'akka-stream_2.13', version: '2.6.+'
+  version102Scala213TestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.13', version: '10.2.+'
+  version102Scala213TestImplementation group: 'com.typesafe.akka', name: 'akka-http-spray-json_2.13', version: '10.2.+'
+
   latestDepTestImplementation deps.scala213
-  latestDepTestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.13', version: '10.2.+'
+  latestDepTestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.13', version: '10.5.+'
   // http2 support is included in akka-http since 10.2.x
-  latestDepTestImplementation group: 'com.typesafe.akka', name: 'akka-stream_2.13', version: '2.6.+'
+  latestDepTestImplementation group: 'com.typesafe.akka', name: 'akka-stream_2.13', version: '2.7.0'
+  latestDepTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.13', version: '10.5.+'
+  latestDepTestImplementation group: 'com.typesafe.akka', name: 'akka-http-spray-json_2.13', version: '10.5.+'
 
   // TODO: test with Scala 3
   latestDepIastTestImplementation deps.scala213
-  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.13', version: '10.+'
-  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-stream_2.13', version: '2.+'
-  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-actor_2.13', version: '2.+'
-  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.13', version: '10.+'
+  // Use akka-2.8.+ since latest akka-http release is still not compatible with akka-2.9.0-M1+.
+  // akka-http versions are limited to 10.5.2 as this is the final version with Java 8 support
+  // See: https://github.com/akka/akka-http/releases
+  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-http_2.13', version: '[10.+,10.5.2)'
+  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-stream_2.13', version: '2.8.+'
+  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-actor_2.13', version: '2.8.+'
+  latestDepIastTestImplementation group: 'com.typesafe.akka', name: 'akka-http-jackson_2.13', version: '[10.+,10.5.2)'
   latestDepIastTestImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
 
   lagomTestImplementation deps.scala211
@@ -149,20 +168,12 @@ dependencies {
   lagomTestImplementation group: 'com.lightbend.lagom', name: 'lagom-javadsl-testkit_2.11', version: '1.4.0'
 }
 
-tasks.named("test").configure {
-  dependsOn "baseTest"
-  dependsOn "version101Test"
-  dependsOn "lagomTest"
-  dependsOn "iastTest"
-  dependsOn "version101IastTest"
-  dependsOn "version102IastTest"
-}
-
-tasks.named('latestDepTest').configure {
-  dependsOn "latestDepIastTest"
+compileBaseTestGroovy {
+  classpath = classpath.plus(files(compileBaseTestScala.destinationDirectory))
+  dependsOn "compileBaseTestScala"
 }
 
-compileBaseTestGroovy {
+compileBaseForkedTestGroovy {
   classpath = classpath.plus(files(compileBaseTestScala.destinationDirectory))
   dependsOn "compileBaseTestScala"
 }
@@ -172,6 +183,16 @@ compileVersion101TestGroovy {
   dependsOn "compileVersion101TestScala"
 }
 
+compileVersion101ForkedTestGroovy {
+  classpath = classpath.plus(files(compileVersion101TestScala.destinationDirectory))
+  dependsOn "compileVersion101TestScala"
+}
+
+compileVersion102Scala213TestGroovy {
+  classpath = classpath.plus(files(compileVersion102Scala213TestScala.destinationDirectory))
+  dependsOn "compileVersion102Scala213TestScala"
+}
+
 compileLatestDepTestGroovy {
   classpath = classpath.plus(files(compileLatestDepTestScala.destinationDirectory))
   dependsOn "compileLatestDepTestScala"
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpClientInstrumentationTest.groovy b/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpClientInstrumentationTest.groovy
index 6bb82efb06b..6ae3c72deaf 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpClientInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpClientInstrumentationTest.groovy
@@ -88,21 +88,18 @@ abstract class AkkaHttpClientInstrumentationTest extends HttpClientTest {
         span {
           parent()
           operationName operation()
-          resourceName "akka-http.client.request"
+          resourceName operation() // resource name is not set so defaults to operationName
           spanType DDSpanTypes.HTTP_CLIENT
           errored true
           tags {
             "$Tags.COMPONENT" "akka-http-client"
             "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
             errorTags(exception)
-            defaultTags()
+            defaultTags(false, false)
           }
         }
       }
     }
-
-    where:
-    renameService << [false, true]
   }
 }
 
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpServerInstrumentationTest.groovy b/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpServerInstrumentationTest.groovy
index 4b4160930e1..b49a9a2bfb7 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpServerInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/groovy/AkkaHttpServerInstrumentationTest.groovy
@@ -3,11 +3,21 @@ import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
 import datadog.trace.agent.test.utils.ThreadUtils
 import datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator
+import okhttp3.HttpUrl
+import okhttp3.MultipartBody
 import okhttp3.Request
+import okhttp3.RequestBody
+import okhttp3.Response
 import spock.lang.Shared
 
 import java.util.concurrent.atomic.AtomicInteger
 
+import static datadog.trace.agent.test.base.HttpServerTest.IG_ASK_FOR_RESPONSE_HEADER_TAGS_HEADER
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_JSON
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static org.junit.Assume.assumeTrue
+
 abstract class AkkaHttpServerInstrumentationTest extends HttpServerTest<AkkaHttpTestWebServer> {
 
   @Override
@@ -26,13 +36,13 @@ abstract class AkkaHttpServerInstrumentationTest extends HttpServerTest<AkkaHttp
   }
 
   @Override
-  boolean hasPeerInformation() {
-    return false
+  boolean hasExtraErrorInformation() {
+    return true
   }
 
   @Override
-  boolean hasExtraErrorInformation() {
-    return true
+  protected boolean enabledFinishTimingChecks() {
+    true
   }
 
   @Override
@@ -40,6 +50,41 @@ abstract class AkkaHttpServerInstrumentationTest extends HttpServerTest<AkkaHttp
     true
   }
 
+  @Override
+  boolean testBlocking() {
+    true
+  }
+
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    true
+  }
+
+  @Override
+  boolean testBodyMultipart() {
+    true
+  }
+
+  @Override
+  boolean testBodyJson() {
+    true
+  }
+
+  @Override
+  boolean isRequestBodyNoStreaming() {
+    true
+  }
+
   //@Ignore("https://github.com/DataDog/dd-trace-java/pull/5213")
   @Override
   boolean testBadUrl() {
@@ -73,6 +118,89 @@ abstract class AkkaHttpServerInstrumentationTest extends HttpServerTest<AkkaHttp
     and:
     TEST_WRITER.waitForTraces(totalInvocations)
   }
+
+  def 'test instrumentation gateway multipart request body — strict variant'() {
+    setup:
+    assumeTrue(testBodyMultipart())
+    def body = new MultipartBody.Builder()
+      .setType(MultipartBody.FORM)
+      .addFormDataPart('a', 'x')
+      .build()
+
+    def url = HttpUrl.get(BODY_MULTIPART.resolve(address)).newBuilder()
+      .encodedQuery('variant=strictUnmarshaller')
+      .build()
+    def request = new Request.Builder()
+      .url(url)
+      .method('POST', body)
+      .build()
+    def response = client.newCall(request).execute()
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+    }
+
+    expect:
+    response.body().charStream().text == '[a:[x]]'
+
+    when:
+    TEST_WRITER.waitForTraces(1)
+
+    then:
+    TEST_WRITER.get(0).any {
+      it.getTag('request.body.converted') == '[a:[x]]'
+    }
+  }
+
+  def 'test instrumentation gateway json request body — spray variant'() {
+    assumeTrue(testBodyJson())
+
+    setup:
+    def url = HttpUrl.get(BODY_JSON.resolve(address)).newBuilder()
+      .encodedQuery('variant=spray')
+      .build()
+    def request = new Request.Builder()
+      .url(url)
+      .method('POST', RequestBody.create(okhttp3.MediaType.get('application/json'), '{"a":"x"}\n'))
+      .build()
+    def response = client.newCall(request).execute()
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+    }
+
+    expect:
+    response.body().charStream().text == '{"a":"x"}'
+
+    when:
+    TEST_WRITER.waitForTraces(1)
+
+    then:
+    TEST_WRITER.get(0).any {
+      it.getTag('request.body.converted') == '[a:[x]]'
+    }
+  }
+
+  void 'content length and type are provided to IG on strict responses'() {
+    setup:
+    Request request = request(SUCCESS, 'GET', null)
+      .header(IG_EXTRA_SPAN_NAME_HEADER, 'ig-span')
+      .header(IG_ASK_FOR_RESPONSE_HEADER_TAGS_HEADER, 'true')
+      .build()
+    Response response = client.newCall(request).execute()
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+    }
+
+    expect:
+    response.body().charStream().text == SUCCESS.body
+
+    when:
+    TEST_WRITER.waitForTraces(1)
+    def tags = TEST_WRITER.get(0).find { it.spanName == 'ig-span' }.tags
+
+    then:
+    tags['response.header.content-type'] != null
+    tags['response.header.content-length'] == SUCCESS.body.length() as String
+  }
 }
 
 abstract class AkkaHttpServerInstrumentationSyncTest extends AkkaHttpServerInstrumentationTest {
@@ -85,6 +213,27 @@ abstract class AkkaHttpServerInstrumentationSyncTest extends AkkaHttpServerInstr
   String expectedOperationName() {
     return operation()
   }
+
+  // we test body endpoints only on the async tests
+  @Override
+  boolean testRequestBody() {
+    false
+  }
+
+  @Override
+  boolean testBodyMultipart() {
+    false
+  }
+
+  @Override
+  boolean testBodyJson() {
+    false
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    false
+  }
 }
 
 class AkkaHttpServerInstrumentationSyncV0ForkedTest extends AkkaHttpServerInstrumentationSyncTest {
@@ -115,27 +264,57 @@ class AkkaHttpServerInstrumentationAsyncTest extends AkkaHttpServerInstrumentati
 }
 
 class AkkaHttpServerInstrumentationBindAndHandleTest extends AkkaHttpServerInstrumentationTest {
+  String akkaHttpVersion
+
   @Override
   HttpServer server() {
-    return new AkkaHttpTestWebServer(AkkaHttpTestWebServer.BindAndHandle())
+    AkkaHttpTestWebServer server = new AkkaHttpTestWebServer(AkkaHttpTestWebServer.BindAndHandle())
+    akkaHttpVersion = server.system().settings().config().getString('akka.http.version')
+    server
   }
 
   @Override
   boolean redirectHasBody() {
     return true
   }
+
+  // StrictForm marshaller rejects with providing a Rejection
+  // We can't detect the BlockingException as a consequence
+  @Override
+  boolean testBodyMultipart() {
+    akkaHttpVersion != '10.0.10'
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    akkaHttpVersion != '10.0.10'
+  }
 }
 
 class AkkaHttpServerInstrumentationBindAndHandleAsyncWithRouteAsyncHandlerTest extends AkkaHttpServerInstrumentationTest {
+  String akkaHttpVersion
+
   @Override
   HttpServer server() {
-    return new AkkaHttpTestWebServer(AkkaHttpTestWebServer.BindAndHandleAsyncWithRouteAsyncHandler())
+    AkkaHttpTestWebServer server = new AkkaHttpTestWebServer(AkkaHttpTestWebServer.BindAndHandleAsyncWithRouteAsyncHandler())
+    akkaHttpVersion = server.system().settings().config().getString('akka.http.version')
+    server
   }
 
   @Override
   boolean redirectHasBody() {
     return true
   }
+
+  @Override
+  boolean testBodyMultipart() {
+    akkaHttpVersion != '10.0.10'
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    akkaHttpVersion != '10.0.10'
+  }
 }
 
 class AkkaHttpServerInstrumentationAsyncHttp2Test extends AkkaHttpServerInstrumentationTest {
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/scala/AkkaHttpTestWebServer.scala b/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/scala/AkkaHttpTestWebServer.scala
index a672ee558bb..af0bc91b428 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/scala/AkkaHttpTestWebServer.scala
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/baseTest/scala/AkkaHttpTestWebServer.scala
@@ -1,22 +1,32 @@
 import AkkaHttpTestWebServer.Binder
 import akka.actor.ActorSystem
-import akka.http.scaladsl.Http
+import akka.http.javadsl.marshallers.jackson.Jackson
 import akka.http.scaladsl.Http.ServerBinding
-import akka.http.scaladsl.model.HttpMethods.GET
+import akka.http.scaladsl.marshallers.sprayjson.SprayJsonSupport
+import akka.http.scaladsl.model.HttpEntity.apply
+import akka.http.scaladsl.model.HttpMethods.{GET, POST}
+import akka.http.scaladsl.model.Multipart.FormData
+import akka.http.scaladsl.model.Multipart.FormData.BodyPart
 import akka.http.scaladsl.model._
 import akka.http.scaladsl.model.headers.RawHeader
 import akka.http.scaladsl.server.Directives._
 import akka.http.scaladsl.server._
 import akka.http.scaladsl.settings.ServerSettings
+import akka.http.scaladsl.unmarshalling.PredefinedFromEntityUnmarshallers.defaultUrlEncodedFormDataUnmarshaller
+import akka.http.scaladsl.unmarshalling.Unmarshaller.messageUnmarshallerFromEntityUnmarshaller
+import akka.http.scaladsl.unmarshalling.{FromEntityUnmarshaller, MultipartUnmarshallers, Unmarshal, Unmarshaller}
 import akka.http.scaladsl.util.FastFuture.EnhancedFuture
+import akka.http.scaladsl.{Http, model}
 import akka.stream.{ActorMaterializer, Materializer}
-import com.typesafe.config.Config
+import com.typesafe.config.{Config, ConfigFactory, ConfigValueFactory}
+import datadog.appsec.api.blocking.{Blocking, BlockingException}
 import datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint._
 import datadog.trace.agent.test.base.{HttpServer, HttpServerTest}
 import datadog.trace.agent.test.utils.TraceUtils
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan
 import groovy.lang.Closure
+import spray.json.{JsObject, JsString, JsValue, RootJsonFormat, deserializationError}
 
 import java.net.URI
 import scala.concurrent.duration._
@@ -25,16 +35,16 @@ import scala.language.postfixOps
 import scala.util.control.NonFatal
 
 class AkkaHttpTestWebServer(binder: Binder) extends HttpServer {
-  implicit val system = {
+  implicit val system: ActorSystem = {
     val name = s"${binder.name}"
     binder.config match {
       case None         => ActorSystem(name)
       case Some(config) => ActorSystem(name, config)
     }
   }
-  implicit val materializer                      = ActorMaterializer()
+  implicit val materializer: ActorMaterializer = ActorMaterializer()
   private var port: Int                          = 0
-  private var portBinding: Future[ServerBinding] = null
+  private var portBinding: Future[ServerBinding] = _
 
   override def start(): Unit = {
     portBinding = Await.ready(binder.bind(0), 10 seconds)
@@ -61,8 +71,8 @@ object AkkaHttpTestWebServer {
     def config: Option[Config] = None
 
     def bind(port: Int)(
-        implicit system: ActorSystem,
-        materializer: Materializer
+      implicit system: ActorSystem,
+      materializer: Materializer
     ): Future[ServerBinding]
   }
 
@@ -70,8 +80,8 @@ object AkkaHttpTestWebServer {
     override def name: String = "bind-and-handle"
 
     override def bind(port: Int)(
-        implicit system: ActorSystem,
-        materializer: Materializer
+      implicit system: ActorSystem,
+      materializer: Materializer
     ): Future[ServerBinding] = {
       import materializer.executionContext
       Http().bindAndHandle(route, "localhost", port)
@@ -81,9 +91,15 @@ object AkkaHttpTestWebServer {
   val BindAndHandleAsyncWithRouteAsyncHandler: Binder = new Binder {
     override def name: String = "bind-and-handle-async-with-route-async-handler"
 
+    override def config: Option[Config] = Some(
+      ConfigFactory.load()
+        .withValue("akka.http.server.request-timeout", ConfigValueFactory.fromAnyRef("300 s"))
+        .withValue("akka.http.server.idle-timeout", ConfigValueFactory.fromAnyRef("300 s"))
+    )
+
     override def bind(port: Int)(
-        implicit system: ActorSystem,
-        materializer: Materializer
+      implicit system: ActorSystem,
+      materializer: Materializer
     ): Future[ServerBinding] = {
       import materializer.executionContext
       Http().bindAndHandleAsync(Route.asyncHandler(route), "localhost", port)
@@ -94,8 +110,8 @@ object AkkaHttpTestWebServer {
     override def name: String = "bind-and-handle-sync"
 
     override def bind(port: Int)(
-        implicit system: ActorSystem,
-        materializer: Materializer
+      implicit system: ActorSystem,
+      materializer: Materializer
     ): Future[ServerBinding] = {
       Http().bindAndHandleSync(syncHandler, "localhost", port)
     }
@@ -105,8 +121,8 @@ object AkkaHttpTestWebServer {
     override def name: String = "bind-and-handle-async"
 
     override def bind(port: Int)(
-        implicit system: ActorSystem,
-        materializer: Materializer
+      implicit system: ActorSystem,
+      materializer: Materializer
     ): Future[ServerBinding] = {
       import materializer.executionContext
       Http().bindAndHandleAsync(asyncHandler, "localhost", port)
@@ -117,8 +133,8 @@ object AkkaHttpTestWebServer {
     override def name: String = "bind-and-handle-async-http2"
 
     override def bind(port: Int)(
-        implicit system: ActorSystem,
-        materializer: Materializer
+      implicit system: ActorSystem,
+      materializer: Materializer
     ): Future[ServerBinding] = {
       import materializer.executionContext
       val serverSettings = enableHttp2(ServerSettings(system))
@@ -134,7 +150,7 @@ object AkkaHttpTestWebServer {
   // This part defines the routes using the Scala routing DSL
   // ---------------------------------------------------------------------- //
   private val exceptionHandler = ExceptionHandler {
-    case e: Exception =>
+    case e : Exception if !e.isInstanceOf[BlockingException] =>
       val span = activeSpan()
       TraceUtils.handleException(span, e)
       complete(
@@ -170,50 +186,140 @@ object AkkaHttpTestWebServer {
   private val defaultHeader =
     RawHeader(HttpServerTest.getIG_RESPONSE_HEADER, HttpServerTest.getIG_RESPONSE_HEADER_VALUE)
 
+  // force a rejection due to BlockingException to throw so that the error
+  // can be recorded in the span
+  private val blockingRejectionHandler: RejectionHandler = RejectionHandler.newBuilder()
+    .handle({
+      case MalformedRequestContentRejection(_, cause: BlockingException) =>
+        throw cause
+    }).result()
+
   def route(implicit ec: ExecutionContext): Route = withController {
-    respondWithDefaultHeader(defaultHeader) {
-      get {
-        path(SUCCESS.relativePath) {
-          complete(
-            HttpResponse(status = SUCCESS.getStatus, entity = SUCCESS.getBody)
-          )
-        } ~ path(FORWARDED.relativePath) {
-          headerValueByName("x-forwarded-for") { address =>
+    handleRejections(blockingRejectionHandler) {
+      respondWithDefaultHeader(defaultHeader) {
+        get {
+          path(SUCCESS.relativePath) {
             complete(
-              HttpResponse(status = FORWARDED.getStatus, entity = address)
+              HttpResponse(status = SUCCESS.getStatus, entity = SUCCESS.getBody)
             )
-          }
-        } ~ path(
-          QUERY_PARAM.relativePath | QUERY_ENCODED_BOTH.relativePath | QUERY_ENCODED_QUERY.relativePath
-        ) {
-          parameter("some") { query =>
-            complete(
-              HttpResponse(
-                status = QUERY_PARAM.getStatus,
-                entity = s"some=$query"
+          } ~ path(FORWARDED.relativePath) {
+            headerValueByName("x-forwarded-for") { address =>
+              complete(
+                HttpResponse(status = FORWARDED.getStatus, entity = address)
+              )
+            }
+          } ~ path(
+            QUERY_PARAM.relativePath | QUERY_ENCODED_BOTH.relativePath | QUERY_ENCODED_QUERY.relativePath
+          ) {
+            parameter("some") { query =>
+              complete(
+                HttpResponse(
+                  status = QUERY_PARAM.getStatus,
+                  entity = s"some=$query"
+                )
               )
+            }
+          } ~ path(REDIRECT.relativePath) {
+            redirect(Uri(REDIRECT.getBody), StatusCodes.Found)
+          } ~ path(USER_BLOCK.relativePath) {
+            Blocking.forUser("user-to-block").blockIfMatch()
+            complete(
+              HttpResponse(status = SUCCESS.getStatus, entity = "Should not be reached")
             )
-          }
-        } ~ path(REDIRECT.relativePath) {
-          redirect(Uri(REDIRECT.getBody), StatusCodes.Found)
-        } ~ path(ERROR.relativePath) {
-          complete(HttpResponse(status = ERROR.getStatus, entity = ERROR.getBody))
-        } ~ path(EXCEPTION.relativePath) {
-          throw new Exception(EXCEPTION.getBody)
-        } ~ pathPrefix("injected-id") {
-          path("ping" / IntNumber) { id =>
-            val traceId = AgentTracer.activeSpan().getTraceId
-            complete(s"pong $id -> $traceId")
-          } ~ path("fing" / IntNumber) { id =>
-            // force the response to happen on another thread or in another context
-            onSuccess(Future {
-              Thread.sleep(10);
-              id
-            }) { fid =>
+          } ~ path(ERROR.relativePath) {
+            complete(HttpResponse(status = ERROR.getStatus, entity = ERROR.getBody))
+          } ~ path(EXCEPTION.relativePath) {
+            throw new Exception(EXCEPTION.getBody)
+          } ~ pathPrefix("injected-id") {
+            path("ping" / IntNumber) { id =>
               val traceId = AgentTracer.activeSpan().getTraceId
-              complete(s"fong $fid -> $traceId")
+              complete(s"pong $id -> $traceId")
+            } ~ path("fing" / IntNumber) { id =>
+              // force the response to happen on another thread or in another context
+              onSuccess(Future {
+                Thread.sleep(10)
+                id
+              }) { fid =>
+                val traceId = AgentTracer.activeSpan().getTraceId
+                complete(s"fong $fid -> $traceId")
+              }
             }
+          } ~ path(USER_BLOCK.relativePath()) {
+            Blocking.forUser("user-to-block").blockIfMatch()
+            complete(HttpResponse(status = 200, entity = "should never be reached"))
           }
+        } ~ post {
+          path(CREATED.relativePath()) {
+            entity(as[String]) { s =>
+              complete(
+                HttpResponse(
+                  status = CREATED.getStatus,
+                  entity = s"created: $s"
+                )
+              )
+            }
+          } ~
+            path(BODY_URLENCODED.relativePath()) {
+              formFieldMultiMap { m =>
+                complete(
+                  HttpResponse(
+                    status = BODY_URLENCODED.getStatus,
+                    entity = m.toStringAsGroovy
+                  )
+                )
+              }
+            } ~
+            path(BODY_JSON.relativePath()) {
+              parameter(Symbol("variant") ?) {
+                case Some("spray") =>
+                  entity(Unmarshaller.messageUnmarshallerFromEntityUnmarshaller(sprayMapUnmarshaller)) { m =>
+                    complete(
+                      HttpResponse(
+                        status = BODY_JSON.getStatus,
+                        entity = SprayMapFormat.write(m).compactPrint
+                      )
+                    )
+                  }
+                case _ => // jackson
+                  entity(Unmarshaller.messageUnmarshallerFromEntityUnmarshaller(jacksonMapUnmarshaller)) { m =>
+                    complete(
+                      HttpResponse(
+                        status = BODY_JSON.getStatus,
+                        entity = SprayMapFormat.write(m).compactPrint
+                      )
+                    )
+                  }
+              }
+            } ~
+            path(BODY_MULTIPART.relativePath()) {
+              parameter(Symbol("variant") ?) {
+                case Some("strictUnmarshaller") =>
+                  entity(as[Multipart.FormData.Strict]) { formData =>
+                    val m = formData.strictParts
+                      .groupBy(_.name)
+                      .mapValues(
+                        _.map((bp: BodyPart.Strict) =>
+                          bp.entity.data.utf8String
+                        ).toList
+                      )
+                    complete(
+                      HttpResponse(
+                        status = BODY_MULTIPART.getStatus,
+                        entity = m.toStringAsGroovy
+                      )
+                    )
+                  }
+                case _ =>
+                  formFieldMultiMap { m =>
+                    complete(
+                      HttpResponse(
+                        status = BODY_MULTIPART.getStatus,
+                        entity = m.toStringAsGroovy
+                      )
+                    )
+                  }
+              }
+            }
         }
       }
     }
@@ -223,8 +329,8 @@ object AkkaHttpTestWebServer {
   // ---------------------------------------------------------------------- //
 
   val syncHandler: HttpRequest => HttpResponse = {
-    case HttpRequest(GET, uri: Uri, _, _, _) => {
-      val path     = uri.path.toString()
+    case HttpRequest(GET, uri: Uri, _, _, _) =>
+      val path = uri.path.toString()
       val endpoint = HttpServerTest.ServerEndpoint.forPath(path)
       HttpServerTest
         .controller(
@@ -233,20 +339,25 @@ object AkkaHttpTestWebServer {
             def doCall(): HttpResponse = {
               val resp = HttpResponse(status = endpoint.getStatus)
               endpoint match {
-                case SUCCESS   => resp.withEntity(endpoint.getBody)
+                case SUCCESS => resp.withEntity(endpoint.getBody)
                 case FORWARDED => resp.withEntity(endpoint.getBody) // cheating
                 case QUERY_PARAM | QUERY_ENCODED_BOTH | QUERY_ENCODED_QUERY =>
                   resp.withEntity(uri.queryString().orNull)
                 case REDIRECT =>
                   resp.withHeaders(headers.Location(endpoint.getBody))
-                case ERROR     => resp.withEntity(endpoint.getBody)
+                case ERROR => resp.withEntity(endpoint.getBody)
                 case EXCEPTION => throw new Exception(endpoint.getBody)
+                case USER_BLOCK => {
+                  Blocking.forUser("user-to-block").blockIfMatch()
+                  // should never be output:
+                  resp.withEntity("should never be reached")
+                }
                 case _ =>
                   if (path.startsWith("/injected-id/")) {
                     val groups = path.split('/')
-                    if (groups.size == 4) { // The path starts with a / and has 3 segments
+                    if (groups.length == 4) { // The path starts with a / and has 3 segments
                       val traceId = AgentTracer.activeSpan().getTraceId
-                      val id      = groups(3).toInt
+                      val id = groups(3).toInt
                       groups(2) match {
                         case "ping" =>
                           return HttpResponse(entity = s"pong $id -> $traceId")
@@ -263,13 +374,57 @@ object AkkaHttpTestWebServer {
           }
         )
         .withDefaultHeaders(defaultHeader)
-    }
   }
 
   def asyncHandler(
-      implicit ec: ExecutionContext
-  ): HttpRequest => Future[HttpResponse] = { request =>
-    Future {
+      implicit ec: ExecutionContext,
+      mat: Materializer
+  ): HttpRequest => Future[HttpResponse] = {
+    case request@HttpRequest(POST, uri, _, entity, _) =>
+      val path = request.uri.path.toString
+      val endpoint = HttpServerTest.ServerEndpoint.forPath(path)
+
+      endpoint match {
+        case CREATED =>
+          Unmarshal(entity).to[String].map { bodyStr =>
+            HttpResponse(status = CREATED.getStatus)
+              .withEntity(s"${CREATED.getBody}: $bodyStr")
+          }
+        case BODY_MULTIPART =>
+          uri.query().get("variant") match {
+            case Some("strictUnmarshaller") =>
+              val eventualStrict = Unmarshal(entity).to[FormData.Strict]
+              eventualStrict.map { s =>
+                HttpResponse(status = BODY_MULTIPART.getStatus)
+                  .withEntity(s.toStringAsGroovy)
+              }
+            case _ =>
+              val fd = Unmarshal(entity).to[Multipart.FormData]
+              val eventualStrict = fd.flatMap(_.toStrict(500 millis))
+              eventualStrict.map { s =>
+                HttpResponse(status = BODY_MULTIPART.getStatus)
+                  .withEntity(s.toStringAsGroovy)
+              }
+          }
+        case BODY_URLENCODED =>
+          val eventualData = Unmarshal(entity).to[model.FormData]
+          eventualData.map { d =>
+            HttpResponse(status = BODY_URLENCODED.getStatus)
+              .withEntity(d.toStringAsGroovy)
+          }
+        case BODY_JSON =>
+          val unmarshaller = uri.query().get("variant") match {
+            case Some("spray") => sprayMapUnmarshaller
+            case _ => jacksonMapUnmarshaller
+          }
+          val eventualData = Unmarshal(entity).to[Map[String, String]](unmarshaller, ec, mat)
+          eventualData.map { d =>
+            HttpResponse(status = BODY_URLENCODED.getStatus)
+              .withEntity(SprayMapFormat.write(d).compactPrint)
+          }
+        case _ => Future.successful(HttpResponse(404))
+      }
+    case request => Future {
       syncHandler(request)
     }
   }
@@ -279,4 +434,70 @@ object AkkaHttpTestWebServer {
       serverSettings.previewServerSettings.withEnableHttp2(true)
     serverSettings.withPreviewServerSettings(previewServerSettings)
   }
+
+  implicit class MapExtensions[A](m: Iterable[(String, A)]) {
+    def toStringAsGroovy: String = {
+      def valueToString(value: Object) : String = value match {
+        case seq: Seq[_] => seq.map(x => valueToString(x.asInstanceOf[Object])).mkString("[", ",", "]")
+        case other => other.toString
+      }
+
+      m.map { case (key, value) => s"$key:${valueToString(value.asInstanceOf[Object])}" }
+        .mkString("[", ",", "]")
+    }
+  }
+
+  implicit class MultipartFormDataStrictExtensions(strict: Multipart.FormData.Strict) {
+    def toStringAsGroovy: String =
+      strict.strictParts
+        .groupBy(_.name)
+        .mapValues(
+          _.map((bp: BodyPart.Strict) =>
+            bp.entity.data.utf8String
+          ).toList
+        ).toStringAsGroovy
+  }
+
+  implicit class FormDataExtensions(formData: model.FormData) {
+    def toStringAsGroovy: String = formData.fields.toMultiMap.toStringAsGroovy
+  }
+
+  implicit def strictMultipartFormDataUnmarshaller: FromEntityUnmarshaller[Multipart.FormData.Strict] = {
+    val toStrictUnmarshaller = Unmarshaller.withMaterializer[HttpEntity, HttpEntity.Strict] {
+      implicit ec =>
+        implicit mat =>
+          entity =>
+            entity.toStrict(1000.millis)
+    }
+    val toFormDataUnmarshaller = MultipartUnmarshallers.multipartFormDataUnmarshaller
+    val downcastUnmarshaller = Unmarshaller.strict[Multipart.FormData, Multipart.FormData.Strict] {
+      case strict: Multipart.FormData.Strict => strict
+      case _ => throw new RuntimeException("Expected Strict form data at this point")
+    }
+
+    toStrictUnmarshaller.andThen(toFormDataUnmarshaller).andThen(downcastUnmarshaller)
+  }
+
+  val jacksonMapUnmarshaller: FromEntityUnmarshaller[Map[String,String]] = {
+    Jackson.unmarshaller(classOf[java.util.Map[String, String]]).asScala.map(
+      javaMap => {
+        import scala.collection.JavaConverters._
+        javaMap.asScala.toMap
+      }
+    )
+  }
+
+  object SprayMapFormat extends RootJsonFormat[Map[String, String]] {
+    def write(map: Map[String, String]): JsObject = JsObject(map.mapValues(JsString(_)).toMap)
+
+    def read(value: JsValue): Map[String, String] = value match {
+      case JsObject(fields) => fields.collect {
+        case (k, JsString(v)) => k -> v
+      }
+      case _ => deserializationError("Expected a JSON object")
+    }
+  }
+
+  val sprayMapUnmarshaller: FromEntityUnmarshaller[Map[String, String]] =
+    SprayJsonSupport.sprayJsonUnmarshaller[Map[String, String]](SprayMapFormat)
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/lagomTest/groovy/LagomTest.groovy b/dd-java-agent/instrumentation/akka-http-10.0/src/lagomTest/groovy/LagomTest.groovy
index bd01b081e8b..05dfc1d3eb9 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/lagomTest/groovy/LagomTest.groovy
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/lagomTest/groovy/LagomTest.groovy
@@ -71,6 +71,9 @@ class LagomTest extends AgentTestRunner {
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 101
             "$Tags.HTTP_USER_AGENT" String
+            "$Tags.PEER_HOST_IPV4" '127.0.0.1'
+            "$Tags.PEER_PORT" Integer
+            "$Tags.HTTP_CLIENT_IP" '127.0.0.1'
             defaultTags()
           }
         }
@@ -115,6 +118,9 @@ class LagomTest extends AgentTestRunner {
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 500
             "$Tags.HTTP_USER_AGENT" String
+            "$Tags.PEER_HOST_IPV4" '127.0.0.1'
+            "$Tags.PEER_PORT" Integer
+            "$Tags.HTTP_CLIENT_IP" '127.0.0.1'
             defaultTags()
           }
         }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/latestDepTest/groovy/AkkaHttp102ServerInstrumentationTests.groovy b/dd-java-agent/instrumentation/akka-http-10.0/src/latestDepTest/groovy/AkkaHttp102ServerInstrumentationTests.groovy
index 1b21641eb23..a8c4134f9f5 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/latestDepTest/groovy/AkkaHttp102ServerInstrumentationTests.groovy
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/latestDepTest/groovy/AkkaHttp102ServerInstrumentationTests.groovy
@@ -24,6 +24,27 @@ class AkkaHttp102ServerInstrumentationBindSyncTest extends AkkaHttpServerInstrum
   HttpServer server() {
     return new AkkaHttpTestWebServer(AkkaHttp102TestWebServer.ServerBuilderBindSync())
   }
+
+  // we test body endpoints only on the async tests
+  @Override
+  boolean testRequestBody() {
+    false
+  }
+
+  @Override
+  boolean testBodyMultipart() {
+    false
+  }
+
+  @Override
+  boolean testBodyJson() {
+    false
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    false
+  }
 }
 
 class AkkaHttp102ServerInstrumentationBindAsyncHttp2Test extends AkkaHttpServerInstrumentationTest {
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttp2ServerInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttp2ServerInstrumentation.java
index 3c7091b6fce..e0363d1f130 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttp2ServerInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttp2ServerInstrumentation.java
@@ -9,6 +9,8 @@
 import akka.stream.Materializer;
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.instrumentation.akkahttp.appsec.ScalaListCollectorMuzzleReferences;
 import net.bytebuddy.asm.Advice;
 import scala.Function1;
 import scala.concurrent.Future;
@@ -38,10 +40,19 @@ public String[] helperClassNames() {
       packageName + ".DatadogAsyncHandlerWrapper$2",
       packageName + ".AkkaHttpServerHeaders",
       packageName + ".AkkaHttpServerDecorator",
+      packageName + ".RecoverFromBlockedExceptionPF",
       packageName + ".UriAdapter",
+      packageName + ".appsec.AkkaBlockResponseFunction",
+      packageName + ".appsec.BlockingResponseHelper",
+      packageName + ".appsec.ScalaListCollector",
     };
   }
 
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
@@ -70,7 +81,7 @@ public static void enter(
         @Advice.Argument(value = 0, readOnly = false)
             Function1<HttpRequest, Future<HttpResponse>> handler,
         @Advice.Argument(value = 7) final Materializer materializer) {
-      handler = new DatadogAsyncHandlerWrapper(handler, materializer.executionContext());
+      handler = new DatadogAsyncHandlerWrapper(handler, materializer);
     }
   }
 
@@ -80,7 +91,7 @@ public static void enter(
         @Advice.Argument(value = 0, readOnly = false)
             Function1<HttpRequest, Future<HttpResponse>> handler,
         @Advice.Argument(value = 6) final Materializer materializer) {
-      handler = new DatadogAsyncHandlerWrapper(handler, materializer.executionContext());
+      handler = new DatadogAsyncHandlerWrapper(handler, materializer);
     }
   }
 
@@ -90,7 +101,7 @@ public static void enter(
         @Advice.Argument(value = 0, readOnly = false)
             Function1<HttpRequest, Future<HttpResponse>> handler,
         @Advice.Argument(value = 5) final Materializer materializer) {
-      handler = new DatadogAsyncHandlerWrapper(handler, materializer.executionContext());
+      handler = new DatadogAsyncHandlerWrapper(handler, materializer);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerDecorator.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerDecorator.java
index 8b7290747ef..efa73e608cd 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerDecorator.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerDecorator.java
@@ -1,11 +1,19 @@
 package datadog.trace.instrumentation.akkahttp;
 
+import akka.http.javadsl.model.HttpHeader;
+import akka.http.javadsl.model.headers.RemoteAddress;
 import akka.http.scaladsl.model.HttpRequest;
 import akka.http.scaladsl.model.HttpResponse;
+import datadog.trace.api.gateway.BlockResponseFunction;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
+import datadog.trace.instrumentation.akkahttp.appsec.AkkaBlockResponseFunction;
+import java.net.InetAddress;
+import java.util.Optional;
+import scala.Option;
+import scala.reflect.ClassTag$;
 
 public class AkkaHttpServerDecorator
     extends HttpServerDecorator<HttpRequest, HttpRequest, HttpResponse, HttpRequest> {
@@ -52,11 +60,26 @@ protected URIDataAdapter url(final HttpRequest httpRequest) {
 
   @Override
   protected String peerHostIP(final HttpRequest httpRequest) {
+    Option<HttpHeader> header = httpRequest.header(ClassTag$.MODULE$.apply(RemoteAddress.class));
+    if (!header.isEmpty()) {
+      RemoteAddress httpHeader = (RemoteAddress) header.get();
+      akka.http.javadsl.model.RemoteAddress remAddress = httpHeader.address();
+      Optional<InetAddress> address = remAddress.getAddress();
+      if (address.isPresent()) {
+        return address.get().getHostAddress();
+      }
+    }
     return null;
   }
 
   @Override
   protected int peerPort(final HttpRequest httpRequest) {
+    Option<HttpHeader> header = httpRequest.header(ClassTag$.MODULE$.apply(RemoteAddress.class));
+    if (!header.isEmpty()) {
+      RemoteAddress httpHeader = (RemoteAddress) header.get();
+      akka.http.javadsl.model.RemoteAddress address = httpHeader.address();
+      return address.getPort();
+    }
     return 0;
   }
 
@@ -64,4 +87,15 @@ protected int peerPort(final HttpRequest httpRequest) {
   protected int status(final HttpResponse httpResponse) {
     return httpResponse.status().intValue();
   }
+
+  @Override
+  protected boolean isAppSecOnResponseSeparate() {
+    return true;
+  }
+
+  @Override
+  protected BlockResponseFunction createBlockResponseFunction(
+      HttpRequest httpRequest, HttpRequest httpRequest2) {
+    return new AkkaBlockResponseFunction(httpRequest);
+  }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerHeaders.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerHeaders.java
index 0ddaaeb9ae9..c5aabac9926 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerHeaders.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerHeaders.java
@@ -1,34 +1,69 @@
 package datadog.trace.instrumentation.akkahttp;
 
 import akka.http.javadsl.model.HttpHeader;
+import akka.http.javadsl.model.headers.RawRequestURI;
+import akka.http.javadsl.model.headers.RemoteAddress;
+import akka.http.javadsl.model.headers.TimeoutAccess;
+import akka.http.scaladsl.model.ContentType;
+import akka.http.scaladsl.model.HttpEntity;
 import akka.http.scaladsl.model.HttpMessage;
 import akka.http.scaladsl.model.HttpRequest;
 import akka.http.scaladsl.model.HttpResponse;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 
-public class AkkaHttpServerHeaders<T extends HttpMessage>
-    implements AgentPropagation.ContextVisitor<T> {
+public class AkkaHttpServerHeaders {
+  private AkkaHttpServerHeaders() {}
 
-  @SuppressWarnings("rawtypes")
-  private static final AkkaHttpServerHeaders GETTER = new AkkaHttpServerHeaders();
+  private static final AgentPropagation.ContextVisitor<HttpRequest> GETTER_REQUEST =
+      AkkaHttpServerHeaders::forEachKeyRequest;
+  private static final AgentPropagation.ContextVisitor<HttpResponse> GETTER_RESPONSE =
+      AkkaHttpServerHeaders::forEachKeyResponse;
 
-  @SuppressWarnings("unchecked")
   public static AgentPropagation.ContextVisitor<HttpRequest> requestGetter() {
-    return (AgentPropagation.ContextVisitor<HttpRequest>) GETTER;
+    return GETTER_REQUEST;
   }
 
-  @SuppressWarnings("unchecked")
   public static AgentPropagation.ContextVisitor<HttpResponse> responseGetter() {
-    return (AgentPropagation.ContextVisitor<HttpResponse>) GETTER;
+    return GETTER_RESPONSE;
   }
 
-  @Override
-  public void forEachKey(
-      final HttpMessage carrier, final AgentPropagation.KeyClassifier classifier) {
+  private static void doForEachKey(
+      HttpMessage carrier,
+      akka.http.javadsl.model.HttpEntity entity,
+      AgentPropagation.KeyClassifier classifier) {
+    if (entity instanceof HttpEntity.Strict) {
+      HttpEntity.Strict strictEntity = (HttpEntity.Strict) entity;
+      ContentType contentType = strictEntity.contentType();
+      if (contentType != null) {
+        if (!classifier.accept("content-type", contentType.value())) {
+          return;
+        }
+      }
+      if (!classifier.accept("content-length", Long.toString(strictEntity.contentLength()))) {
+        return;
+      }
+    }
+
     for (final HttpHeader header : carrier.getHeaders()) {
+      // skip synthetic headers
+      if (header instanceof RemoteAddress
+          || header instanceof TimeoutAccess
+          || header instanceof RawRequestURI) {
+        continue;
+      }
       if (!classifier.accept(header.lowercaseName(), header.value())) {
         return;
       }
     }
   }
+
+  private static void forEachKeyRequest(
+      HttpRequest req, AgentPropagation.KeyClassifier classifier) {
+    doForEachKey(req, req.entity(), classifier);
+  }
+
+  private static void forEachKeyResponse(
+      final HttpResponse resp, final AgentPropagation.KeyClassifier classifier) {
+    doForEachKey(resp, resp.entity(), classifier);
+  }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerInstrumentation.java
index 6984362b902..363c3b26805 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/AkkaHttpServerInstrumentation.java
@@ -11,6 +11,8 @@
 import akka.stream.scaladsl.Flow;
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.instrumentation.akkahttp.appsec.ScalaListCollectorMuzzleReferences;
 import net.bytebuddy.asm.Advice;
 
 /**
@@ -71,9 +73,18 @@ public String[] helperClassNames() {
       packageName + ".AkkaHttpServerHeaders",
       packageName + ".AkkaHttpServerDecorator",
       packageName + ".UriAdapter",
+      packageName + ".RecoverFromBlockedExceptionPF",
+      packageName + ".appsec.BlockingResponseHelper",
+      packageName + ".appsec.ScalaListCollector",
+      packageName + ".appsec.AkkaBlockResponseFunction",
     };
   }
 
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
@@ -87,6 +98,7 @@ public static void enter(
         @Advice.Argument(value = 0, readOnly = false)
             Flow<HttpRequest, HttpResponse, NotUsed> handler,
         @Advice.Argument(value = 4, readOnly = false) ServerSettings settings) {
+      handler = handler.asJava().recover(RecoverFromBlockedExceptionPF.INSTANCE).asScala();
       final BidiFlow<HttpResponse, HttpResponse, HttpRequest, HttpRequest, NotUsed> wrapper =
           BidiFlow.fromGraph(new DatadogServerRequestResponseFlowWrapper(settings));
       handler = wrapper.reversed().join(handler.asJava()).asScala();
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogAsyncHandlerWrapper.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogAsyncHandlerWrapper.java
index c59577694d8..56f0e5c44a0 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogAsyncHandlerWrapper.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogAsyncHandlerWrapper.java
@@ -2,52 +2,81 @@
 
 import akka.http.scaladsl.model.HttpRequest;
 import akka.http.scaladsl.model.HttpResponse;
+import akka.http.scaladsl.util.FastFuture$;
+import akka.stream.Materializer;
+import datadog.trace.api.gateway.Flow;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.akkahttp.appsec.BlockingResponseHelper;
 import scala.Function1;
-import scala.concurrent.ExecutionContext;
 import scala.concurrent.Future;
 import scala.runtime.AbstractFunction1;
 
 public class DatadogAsyncHandlerWrapper
     extends AbstractFunction1<HttpRequest, Future<HttpResponse>> {
   private final Function1<HttpRequest, Future<HttpResponse>> userHandler;
-  private final ExecutionContext executionContext;
+  private final Materializer materializer;
 
   public DatadogAsyncHandlerWrapper(
       final Function1<HttpRequest, Future<HttpResponse>> userHandler,
-      final ExecutionContext executionContext) {
+      final Materializer materializer) {
     this.userHandler = userHandler;
-    this.executionContext = executionContext;
+    this.materializer = materializer;
   }
 
   @Override
   public Future<HttpResponse> apply(final HttpRequest request) {
     final AgentScope scope = DatadogWrapperHelper.createSpan(request);
-    Future<HttpResponse> futureResponse = null;
+    AgentSpan span = scope.span();
+    Future<HttpResponse> futureResponse;
+
+    // handle blocking in the beginning of the request
+    Flow.Action.RequestBlockingAction rba;
+    if ((rba = span.getRequestBlockingAction()) != null) {
+      request.discardEntityBytes(materializer);
+      HttpResponse response = BlockingResponseHelper.maybeCreateBlockingResponse(rba, request);
+      span.getRequestContext().getTraceSegment().effectivelyBlocked();
+      DatadogWrapperHelper.finishSpan(span, response);
+      return FastFuture$.MODULE$.<HttpResponse>successful().apply(response);
+    }
+
     try {
       futureResponse = userHandler.apply(request);
     } catch (final Throwable t) {
       scope.close();
-      DatadogWrapperHelper.finishSpan(scope.span(), t);
+      DatadogWrapperHelper.finishSpan(span, t);
       throw t;
     }
+
     final Future<HttpResponse> wrapped =
-        futureResponse.transform(
-            new AbstractFunction1<HttpResponse, HttpResponse>() {
-              @Override
-              public HttpResponse apply(final HttpResponse response) {
-                DatadogWrapperHelper.finishSpan(scope.span(), response);
-                return response;
-              }
-            },
-            new AbstractFunction1<Throwable, Throwable>() {
-              @Override
-              public Throwable apply(final Throwable t) {
-                DatadogWrapperHelper.finishSpan(scope.span(), t);
-                return t;
-              }
-            },
-            executionContext);
+        futureResponse
+            .recoverWith(
+                RecoverFromBlockedExceptionPF.INSTANCE_FUTURE, materializer.executionContext())
+            .transform(
+                new AbstractFunction1<HttpResponse, HttpResponse>() {
+                  @Override
+                  public HttpResponse apply(HttpResponse response) {
+                    // handle blocking at the middle/end of the request
+                    HttpResponse newResponse =
+                        BlockingResponseHelper.handleFinishForWaf(span, response);
+                    if (newResponse != response) {
+                      span.getRequestContext().getTraceSegment().effectivelyBlocked();
+                      response.entity().discardBytes(materializer);
+                      response = newResponse;
+                    }
+
+                    DatadogWrapperHelper.finishSpan(span, response);
+                    return response;
+                  }
+                },
+                new AbstractFunction1<Throwable, Throwable>() {
+                  @Override
+                  public Throwable apply(final Throwable t) {
+                    DatadogWrapperHelper.finishSpan(span, t);
+                    return t;
+                  }
+                },
+                materializer.executionContext());
     scope.close();
     return wrapped;
   }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogServerRequestResponseFlowWrapper.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogServerRequestResponseFlowWrapper.java
index f168a91ba62..45ce4b88c00 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogServerRequestResponseFlowWrapper.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DatadogServerRequestResponseFlowWrapper.java
@@ -13,7 +13,10 @@
 import akka.stream.stage.AbstractOutHandler;
 import akka.stream.stage.GraphStage;
 import akka.stream.stage.GraphStageLogic;
+import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.akkahttp.appsec.BlockingResponseHelper;
 import java.util.Queue;
 import java.util.concurrent.ArrayBlockingQueue;
 
@@ -54,6 +57,7 @@ public GraphStageLogic createLogic(final Attributes inheritedAttributes) throws
         // close the span at the front of the queue when we receive the response
         // from the user code, since it will match up to the request for that span.
         final Queue<AgentScope> scopes = new ArrayBlockingQueue<>(pipeliningLimit);
+        boolean[] skipNextPull = new boolean[] {false};
 
         // This is where the request comes in from the server and TCP layer
         setHandler(
@@ -63,6 +67,23 @@ public GraphStageLogic createLogic(final Attributes inheritedAttributes) throws
               public void onPush() throws Exception {
                 final HttpRequest request = grab(requestInlet);
                 final AgentScope scope = DatadogWrapperHelper.createSpan(request);
+                AgentSpan span = scope.span();
+                RequestContext requestContext = span.getRequestContext();
+                if (requestContext != null) {
+                  HttpResponse response =
+                      BlockingResponseHelper.maybeCreateBlockingResponse(span, request);
+                  if (response != null) {
+                    request.discardEntityBytes(materializer());
+                    skipNextPull[0] = true;
+                    requestContext.getTraceSegment().effectivelyBlocked();
+                    emit(responseOutlet, response);
+                    DatadogWrapperHelper.finishSpan(scope.span(), response);
+                    pull(requestInlet);
+                    scope.close();
+                    return;
+                  }
+                }
+
                 scopes.add(scope);
                 push(requestOutlet, request);
                 // Since we haven't instrumented the akka stream state machine, we can't rely
@@ -109,10 +130,18 @@ public void onDownstreamFinish() throws Exception {
             new AbstractInHandler() {
               @Override
               public void onPush() throws Exception {
-                final HttpResponse response = grab(responseInlet);
+                HttpResponse response = grab(responseInlet);
                 final AgentScope scope = scopes.poll();
                 if (scope != null) {
-                  DatadogWrapperHelper.finishSpan(scope.span(), response);
+                  AgentSpan span = scope.span();
+                  HttpResponse newResponse =
+                      BlockingResponseHelper.handleFinishForWaf(span, response);
+                  if (newResponse != response) {
+                    span.getRequestContext().getTraceSegment().effectivelyBlocked();
+                    response.discardEntityBytes(materializer());
+                    response = newResponse;
+                  }
+                  DatadogWrapperHelper.finishSpan(span, response);
                   // Check if the active scope is still the scope from when the request came in,
                   // and close it. If it's not, then it will be cleaned up actor message
                   // processing instrumentation that drives this state machine
@@ -160,7 +189,17 @@ public void onUpstreamFailure(final Throwable ex) throws Exception {
             new AbstractOutHandler() {
               @Override
               public void onPull() throws Exception {
-                pull(responseInlet);
+                if (isClosed(responseInlet)) {
+                  fail(responseOutlet, new RuntimeException("Failed earlier"));
+                }
+                // condition is needed when we emit() directly to the outlet
+                // The value was not pushed through the response inlet, so we need not
+                // request more data through the inlet
+                if (skipNextPull[0]) {
+                  skipNextPull[0] = false;
+                } else {
+                  pull(responseInlet);
+                }
               }
 
               @Override
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DefaultExceptionHandlerInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DefaultExceptionHandlerInstrumentation.java
new file mode 100644
index 00000000000..5eaabbf87dd
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/DefaultExceptionHandlerInstrumentation.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.akkahttp;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.http.scaladsl.server.ExceptionHandler;
+import akka.http.scaladsl.server.ExceptionHandler$;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class DefaultExceptionHandlerInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public DefaultExceptionHandlerInstrumentation() {
+    super("akka-http", "akka-http-server");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "akka.http.scaladsl.server.ExceptionHandler$";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".MarkSpanAsErroredPF",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(returns(named("akka.http.scaladsl.server.ExceptionHandler")))
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("akka.http.scaladsl.settings.RoutingSettings"))),
+        DefaultExceptionHandlerInstrumentation.class.getName() + "$DefaultHandlerAdvice");
+  }
+
+  static class DefaultHandlerAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(
+        @Advice.This ExceptionHandler$ eh, @Advice.Return(readOnly = false) ExceptionHandler ret) {
+      ret = eh.apply(MarkSpanAsErroredPF.INSTANCE).withFallback(ret);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/MarkSpanAsErroredPF.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/MarkSpanAsErroredPF.java
new file mode 100644
index 00000000000..5709c5025cd
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/MarkSpanAsErroredPF.java
@@ -0,0 +1,31 @@
+package datadog.trace.instrumentation.akkahttp;
+
+import akka.http.scaladsl.server.RequestContext;
+import akka.http.scaladsl.server.RouteResult;
+import akka.japi.JavaPartialFunction;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import scala.Function1;
+import scala.concurrent.Future;
+
+/**
+ * Runs before the default exception handler in {@link
+ * akka.http.scaladsl.server.ExceptionHandler$#default}, which usually completes with a 500, that
+ * the exception may be recorded.
+ */
+public class MarkSpanAsErroredPF
+    extends JavaPartialFunction<Throwable, scala.Function1<RequestContext, Future<RouteResult>>> {
+  public static final JavaPartialFunction INSTANCE = new MarkSpanAsErroredPF();
+
+  private MarkSpanAsErroredPF() {}
+
+  @Override
+  public Function1<RequestContext, Future<RouteResult>> apply(Throwable x, boolean isCheck)
+      throws Exception, Exception {
+    AgentSpan agentSpan = AgentTracer.activeSpan();
+    if (agentSpan != null) {
+      agentSpan.addThrowable(x);
+    }
+    throw noMatch();
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/RecoverFromBlockedExceptionPF.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/RecoverFromBlockedExceptionPF.java
new file mode 100644
index 00000000000..96bfb55194d
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/RecoverFromBlockedExceptionPF.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.akkahttp;
+
+import akka.http.scaladsl.model.HttpEntity$;
+import akka.http.scaladsl.model.HttpProtocols;
+import akka.http.scaladsl.model.HttpResponse;
+import akka.http.scaladsl.model.StatusCode;
+import akka.http.scaladsl.util.FastFuture$;
+import akka.japi.JavaPartialFunction;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import scala.PartialFunction;
+import scala.collection.immutable.List$;
+import scala.compat.java8.JFunction1;
+import scala.concurrent.Future;
+
+public class RecoverFromBlockedExceptionPF extends JavaPartialFunction<Throwable, HttpResponse> {
+  public static final PartialFunction<Throwable, HttpResponse> INSTANCE =
+      new RecoverFromBlockedExceptionPF();
+  public static final PartialFunction<Throwable, Future<HttpResponse>> INSTANCE_FUTURE;
+
+  static {
+    JFunction1<HttpResponse, Future<HttpResponse>> f = RecoverFromBlockedExceptionPF::valueToFuture;
+    INSTANCE_FUTURE = INSTANCE.andThen(f);
+  }
+
+  @Override
+  public HttpResponse apply(Throwable x, boolean isCheck) throws Exception {
+    if (x instanceof BlockingException) {
+      if (isCheck) {
+        return null;
+      }
+      AgentSpan agentSpan = AgentTracer.activeSpan();
+      if (agentSpan != null) {
+        agentSpan.addThrowable(x);
+      }
+
+      // will be replaced anyway
+      return new HttpResponse(
+          StatusCode.int2StatusCode(500),
+          List$.MODULE$.empty(),
+          HttpEntity$.MODULE$.Empty(),
+          HttpProtocols.HTTP$div1$u002E1());
+    } else {
+      throw noMatch();
+    }
+  }
+
+  private static <V> Future<V> valueToFuture(V value) {
+    return FastFuture$.MODULE$.<V>successful().apply(value);
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/AkkaBlockResponseFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/AkkaBlockResponseFunction.java
new file mode 100644
index 00000000000..7421a8f9e01
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/AkkaBlockResponseFunction.java
@@ -0,0 +1,69 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import akka.http.scaladsl.model.HttpRequest;
+import akka.http.scaladsl.model.HttpResponse;
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.Map;
+
+/**
+ * This block response function only saves the request blocking action. Usually the blocking request
+ * function directly commits a response.
+ *
+ * @see BlockingResponseHelper#handleFinishForWaf(AgentSpan, HttpResponse)
+ */
+public class AkkaBlockResponseFunction implements BlockResponseFunction {
+  private final HttpRequest request;
+  private Flow.Action.RequestBlockingAction rba;
+  private boolean unmarshallBlock;
+  private TraceSegment traceSegment;
+
+  public AkkaBlockResponseFunction(HttpRequest request) {
+    this.request = request;
+  }
+
+  public boolean isBlocking() {
+    return rba != null;
+  }
+
+  public boolean isUnmarshallBlock() {
+    return unmarshallBlock;
+  }
+
+  public void setUnmarshallBlock(boolean unmarshallBlock) {
+    this.unmarshallBlock = unmarshallBlock;
+  }
+
+  public HttpResponse maybeCreateAlternativeResponse() {
+    if (!isBlocking()) {
+      return null;
+    }
+
+    HttpResponse httpResponse = BlockingResponseHelper.maybeCreateBlockingResponse(rba, request);
+    if (httpResponse != null) {
+      traceSegment.effectivelyBlocked();
+    }
+    return httpResponse;
+  }
+
+  @Override
+  public boolean tryCommitBlockingResponse(
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType templateType,
+      Map<String, String> extraHeaders) {
+    AgentSpan agentSpan = AgentTracer.activeSpan();
+    if (agentSpan == null) {
+      return false;
+    }
+    if (rba == null) {
+      rba = new Flow.Action.RequestBlockingAction(statusCode, templateType, extraHeaders);
+      this.traceSegment = segment;
+    }
+    return true;
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/BlockingResponseHelper.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/BlockingResponseHelper.java
new file mode 100644
index 00000000000..046d6c96bdb
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/BlockingResponseHelper.java
@@ -0,0 +1,107 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator.DECORATE;
+
+import akka.http.javadsl.model.HttpHeader;
+import akka.http.javadsl.model.headers.RawHeader;
+import akka.http.scaladsl.model.ContentTypes;
+import akka.http.scaladsl.model.HttpEntity$;
+import akka.http.scaladsl.model.HttpRequest;
+import akka.http.scaladsl.model.HttpResponse;
+import akka.http.scaladsl.model.ResponseEntity;
+import akka.http.scaladsl.model.StatusCode;
+import akka.http.scaladsl.model.StatusCodes;
+import akka.util.ByteString;
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders;
+import java.util.Optional;
+import scala.collection.immutable.List;
+
+public class BlockingResponseHelper {
+  private BlockingResponseHelper() {}
+
+  public static HttpResponse handleFinishForWaf(final AgentSpan span, final HttpResponse response) {
+    RequestContext requestContext = span.getRequestContext();
+    BlockResponseFunction brf = requestContext.getBlockResponseFunction();
+    if (brf instanceof AkkaBlockResponseFunction) {
+      HttpResponse altResponse = ((AkkaBlockResponseFunction) brf).maybeCreateAlternativeResponse();
+      if (altResponse != null) {
+        // we already blocked during the request
+        return altResponse;
+      }
+    }
+    Flow<Void> flow =
+        DECORATE.callIGCallbackResponseAndHeaders(
+            span, response, response.status().intValue(), AkkaHttpServerHeaders.responseGetter());
+    Flow.Action action = flow.getAction();
+    if (action instanceof Flow.Action.RequestBlockingAction) {
+      Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+      if (brf instanceof AkkaBlockResponseFunction) {
+        brf.tryCommitBlockingResponse(
+            requestContext.getTraceSegment(),
+            rba.getStatusCode(),
+            rba.getBlockingContentType(),
+            rba.getExtraHeaders());
+        HttpResponse altResponse =
+            ((AkkaBlockResponseFunction) brf).maybeCreateAlternativeResponse();
+        if (altResponse != null) {
+          return altResponse;
+        }
+      }
+    }
+
+    return response;
+  }
+
+  public static HttpResponse maybeCreateBlockingResponse(AgentSpan span, HttpRequest request) {
+    return maybeCreateBlockingResponse(span.getRequestBlockingAction(), request);
+  }
+
+  public static HttpResponse maybeCreateBlockingResponse(
+      Flow.Action.RequestBlockingAction rba, HttpRequest request) {
+    if (rba == null) {
+      return null;
+    }
+    Optional<HttpHeader> accept = request.getHeader("accept");
+    BlockingContentType bct = rba.getBlockingContentType();
+    int httpCode = BlockingActionHelper.getHttpCode(rba.getStatusCode());
+    ResponseEntity entity;
+    if (bct != BlockingContentType.NONE) {
+      BlockingActionHelper.TemplateType tt =
+          BlockingActionHelper.determineTemplateType(bct, accept.map(h -> h.value()).orElse(null));
+      byte[] template = BlockingActionHelper.getTemplate(tt);
+      if (tt == BlockingActionHelper.TemplateType.HTML) {
+        entity =
+            HttpEntity$.MODULE$.apply(
+                ContentTypes.text$divhtml$u0028UTF$minus8$u0029(), ByteString.fromArray(template));
+      } else { // json
+        entity =
+            HttpEntity$.MODULE$.apply(
+                ContentTypes.application$divjson(), ByteString.fromArray(template));
+      }
+    } else {
+      entity = HttpEntity$.MODULE$.Empty();
+    }
+
+    List<akka.http.scaladsl.model.HttpHeader> headersList =
+        rba.getExtraHeaders().entrySet().stream()
+            .map(
+                e ->
+                    (akka.http.scaladsl.model.HttpHeader)
+                        RawHeader.create(e.getKey(), e.getValue()))
+            .collect(ScalaListCollector.toScalaList());
+
+    StatusCode code;
+    try {
+      code = StatusCode.int2StatusCode(httpCode);
+    } catch (RuntimeException e) {
+      code = StatusCodes.custom(httpCode, "Request Blocked", "", false, true);
+    }
+    return HttpResponse.apply(code, headersList, entity, request.protocol());
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/Bug4304Instrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/Bug4304Instrumentation.java
new file mode 100644
index 00000000000..22c4f2bbba1
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/Bug4304Instrumentation.java
@@ -0,0 +1,113 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.declaresField;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.nameStartsWith;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+
+import akka.stream.stage.GraphStageLogic;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.lang.reflect.Field;
+import java.util.regex.Pattern;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+/** See https://github.com/akka/akka-http/issues/4304 */
+@AutoService(Instrumenter.class)
+public class Bug4304Instrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForTypeHierarchy, Instrumenter.WithTypeStructure {
+  public Bug4304Instrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "akka.http.impl.engine.server.HttpServerBluePrint";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return nameStartsWith("akka.http.impl.engine.server.HttpServerBluePrint$ControllerStage$$anon$")
+        .and(HierarchyMatchers.extendsClass(named("akka.stream.stage.GraphStageLogic")))
+        .and(MatchesOneHundredContinueStageAnonClass.INSTANCE);
+  }
+
+  public static class MatchesOneHundredContinueStageAnonClass
+      implements ElementMatcher<TypeDescription> {
+    public static final ElementMatcher<TypeDescription> INSTANCE =
+        new MatchesOneHundredContinueStageAnonClass();
+
+    private MatchesOneHundredContinueStageAnonClass() {}
+
+    private static final Pattern ANON_CLASS_PATTERN =
+        Pattern.compile(
+            "akka\\.http\\.impl\\.engine\\.server\\.HttpServerBluePrint\\$ControllerStage\\$\\$anon\\$"
+                + "\\d+\\$OneHundredContinueStage\\$\\$anon\\$\\d+");
+
+    @Override
+    public boolean matches(TypeDescription td) {
+      return ANON_CLASS_PATTERN.matcher(td.getName()).matches();
+    }
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> structureMatcher() {
+    return declaresField(named("oneHundredContinueSent"));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor(), Bug4304Instrumentation.class.getName() + "$GraphStageLogicAdvice");
+  }
+
+  static class GraphStageLogicAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.This GraphStageLogic thiz)
+        throws NoSuchFieldException, IllegalAccessException {
+      AgentSpan span = activeSpan();
+      RequestContext reqCtx;
+      if (span == null
+          || (reqCtx = span.getRequestContext()) == null
+          || reqCtx.getData(RequestContextSlot.APPSEC) == null) {
+        return;
+      }
+
+      BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
+      if (brf instanceof AkkaBlockResponseFunction) {
+        AkkaBlockResponseFunction abrf = (AkkaBlockResponseFunction) brf;
+        if (abrf.isBlocking() && abrf.isUnmarshallBlock()) {
+          Field f = thiz.getClass().getDeclaredField("oneHundredContinueSent");
+          f.setAccessible(true);
+          f.set(thiz, true);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ConfigProvideRemoteAddressHeaderInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ConfigProvideRemoteAddressHeaderInstrumentation.java
new file mode 100644
index 00000000000..db05a1d73f1
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ConfigProvideRemoteAddressHeaderInstrumentation.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class ConfigProvideRemoteAddressHeaderInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public ConfigProvideRemoteAddressHeaderInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.typesafe.config.impl.SimpleConfig";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(named("getBoolean"))
+            .and(takesArguments(1))
+            .and(takesArgument(0, String.class))
+            .and(returns(boolean.class)),
+        ConfigProvideRemoteAddressHeaderInstrumentation.class.getName()
+            + "$EnableRemoteAddressHeaderAdvice");
+  }
+
+  static class EnableRemoteAddressHeaderAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+    static boolean enter(@Advice.Argument(0) String configName) {
+      // ideally we'd use remote-address-attribute, but that's only available on 10.2,
+      // and doesn't work on http/2 until 10.2.3
+      return "remote-address-header".equals(configName);
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void exit(@Advice.Enter boolean enter, @Advice.Return(readOnly = false) boolean ret) {
+      if (enter) {
+        ret = true;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/FormDataToStrictInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/FormDataToStrictInstrumentation.java
new file mode 100644
index 00000000000..85904233c11
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/FormDataToStrictInstrumentation.java
@@ -0,0 +1,66 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.stream.Materializer;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+import scala.concurrent.duration.FiniteDuration;
+
+/** @see akka.http.scaladsl.model.Multipart.FormData#toStrict(FiniteDuration, Materializer) */
+@AutoService(Instrumenter.class)
+public class FormDataToStrictInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType, ScalaListCollectorMuzzleReferences {
+  public FormDataToStrictInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".UnmarshallerHelpers",
+      packageName + ".UnmarshallerHelpers$UnmarkStrictFormOngoingOnUnsupportedException",
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "akka.http.scaladsl.model.Multipart$FormData";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("toStrict"))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("scala.concurrent.duration.FiniteDuration")))
+            .and(takesArgument(1, named("akka.stream.Materializer")))
+            .and(returns(named("scala.concurrent.Future"))),
+        FormDataToStrictInstrumentation.class.getName() + "$ToStrictAdvice");
+  }
+
+  static class ToStrictAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void before(
+        @Advice.Return(readOnly = false)
+            scala.concurrent.Future<akka.http.scaladsl.model.Multipart$FormData$Strict> fut,
+        @Advice.Argument(1) Materializer mat) {
+      fut = UnmarshallerHelpers.transformMultiPartFormDataToStrictFuture(fut, mat);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/JacksonUnmarshallerInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/JacksonUnmarshallerInstrumentation.java
new file mode 100644
index 00000000000..c63e7e4bcaa
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/JacksonUnmarshallerInstrumentation.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.http.javadsl.unmarshalling.Unmarshaller;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class JacksonUnmarshallerInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+
+  public JacksonUnmarshallerInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".UnmarshallerHelpers",
+      packageName + ".UnmarshallerHelpers$UnmarkStrictFormOngoingOnUnsupportedException",
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "akka.http.javadsl.marshallers.jackson.Jackson";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isStatic())
+            .and(returns(named("akka.http.javadsl.unmarshalling.Unmarshaller")))
+            .and(named("byteStringUnmarshaller").or(named("unmarshaller")))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("com.fasterxml.jackson.databind.ObjectMapper")))
+            .and(takesArgument(1, Class.class)),
+        JacksonUnmarshallerInstrumentation.class.getName() + "$UnmarshallerAdvice");
+  }
+
+  static class UnmarshallerAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) Unmarshaller ret) {
+      ret = UnmarshallerHelpers.transformJacksonUnmarshaller(ret);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/MultipartUnmarshallersInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/MultipartUnmarshallersInstrumentation.java
new file mode 100644
index 00000000000..ab6e90c1517
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/MultipartUnmarshallersInstrumentation.java
@@ -0,0 +1,64 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ScalaTraitMatchers.isTraitMethod;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+
+import akka.http.scaladsl.unmarshalling.MultipartUnmarshallers;
+import akka.http.scaladsl.unmarshalling.Unmarshaller;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+
+/** @see MultipartUnmarshallers */
+@AutoService(Instrumenter.class)
+public class MultipartUnmarshallersInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+
+  private static final String TRAIT_NAME =
+      "akka.http.scaladsl.unmarshalling.MultipartUnmarshallers";
+
+  public MultipartUnmarshallersInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".UnmarshallerHelpers",
+      packageName + ".UnmarshallerHelpers$UnmarkStrictFormOngoingOnUnsupportedException",
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      TRAIT_NAME, TRAIT_NAME + "$class",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isTraitMethod(
+                TRAIT_NAME,
+                "multipartFormDataUnmarshaller",
+                "akka.event.LoggingAdapter",
+                "akka.http.scaladsl.settings.ParserSettings")
+            .and(returns(named("akka.http.scaladsl.unmarshalling.Unmarshaller"))),
+        MultipartUnmarshallersInstrumentation.class.getName() + "$UnmarshallerWrappingAdvice");
+  }
+
+  static class UnmarshallerWrappingAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) Unmarshaller unmarshaller) {
+      unmarshaller = UnmarshallerHelpers.transformMultipartFormDataUnmarshaller(unmarshaller);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/PredefinedFromEntityUnmarshallersInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/PredefinedFromEntityUnmarshallersInstrumentation.java
new file mode 100644
index 00000000000..ab01b6c94a3
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/PredefinedFromEntityUnmarshallersInstrumentation.java
@@ -0,0 +1,89 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ScalaTraitMatchers.isTraitMethod;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+
+import akka.http.scaladsl.unmarshalling.PredefinedFromEntityUnmarshallers;
+import akka.http.scaladsl.unmarshalling.Unmarshaller;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import net.bytebuddy.asm.Advice;
+import scala.collection.Seq;
+
+/**
+ * @see PredefinedFromEntityUnmarshallers#urlEncodedFormDataUnmarshaller(Seq)
+ * @see PredefinedFromEntityUnmarshallers#stringUnmarshaller()
+ */
+@AutoService(Instrumenter.class)
+public class PredefinedFromEntityUnmarshallersInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+
+  private static final String TRAIT_NAME =
+      "akka.http.scaladsl.unmarshalling.PredefinedFromEntityUnmarshallers";
+
+  public PredefinedFromEntityUnmarshallersInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".UnmarshallerHelpers",
+      packageName + ".UnmarshallerHelpers$UnmarkStrictFormOngoingOnUnsupportedException",
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      TRAIT_NAME, TRAIT_NAME + "$class",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isTraitMethod(
+                TRAIT_NAME,
+                "urlEncodedFormDataUnmarshaller",
+                namedOneOf("scala.collection.Seq", "scala.collection.immutable.Seq"))
+            .and(returns(named("akka.http.scaladsl.unmarshalling.Unmarshaller"))),
+        PredefinedFromEntityUnmarshallersInstrumentation.class.getName()
+            + "$UrlEncodedUnmarshallerWrappingAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "stringUnmarshaller")
+            .and(returns(named("akka.http.scaladsl.unmarshalling.Unmarshaller"))),
+        PredefinedFromEntityUnmarshallersInstrumentation.class.getName()
+            + "$StringUnmarshallerWrappingAdvice");
+  }
+
+  static class UrlEncodedUnmarshallerWrappingAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) Unmarshaller unmarshaller) {
+      unmarshaller = UnmarshallerHelpers.transformUrlEncodedUnmarshaller(unmarshaller);
+    }
+  }
+
+  static class StringUnmarshallerWrappingAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(
+        @Advice.Return(readOnly = false)
+            Unmarshaller<akka.http.scaladsl.model.HttpEntity, String> unmarshaller) {
+      unmarshaller = UnmarshallerHelpers.transformStringUnmarshaller(unmarshaller);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ScalaListCollector.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ScalaListCollector.java
new file mode 100644
index 00000000000..6410d125c5d
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ScalaListCollector.java
@@ -0,0 +1,108 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static java.lang.invoke.MethodHandles.lookup;
+import static java.lang.invoke.MethodType.methodType;
+
+import java.lang.invoke.MethodHandle;
+import java.util.Collections;
+import java.util.Set;
+import java.util.function.BiConsumer;
+import java.util.function.BinaryOperator;
+import java.util.function.Function;
+import java.util.function.Supplier;
+import java.util.stream.Collector;
+import scala.collection.immutable.List;
+import scala.collection.mutable.ListBuffer;
+
+public class ScalaListCollector<T> implements Collector<T, ListBuffer<T>, List<T>> {
+
+  private static final Collector INSTANCE_TO_LIST;
+  private static final MethodHandle PLUS_EQ;
+  private static final MethodHandle PLUS_PLUS_EQ;
+
+  static {
+    ClassLoader classLoader = ScalaListCollector.class.getClassLoader();
+    if (classLoader == null) {
+      classLoader = ClassLoader.getSystemClassLoader();
+    }
+
+    MethodHandle plusEq;
+    MethodHandle plusPlusEq;
+    try {
+      plusEq =
+          lookup()
+              .findVirtual(
+                  ListBuffer.class, "$plus$eq", methodType(ListBuffer.class, Object.class));
+      Class traversableOnceCls = classLoader.loadClass("scala.collection.TraversableOnce");
+      plusPlusEq =
+          lookup()
+              .findVirtual(
+                  ListBuffer.class,
+                  "$plus$plus$eq",
+                  methodType(ListBuffer.class, traversableOnceCls));
+    } catch (ClassNotFoundException | NoSuchMethodException | IllegalAccessException e) {
+      try {
+        plusEq =
+            lookup()
+                .findVirtual(
+                    ListBuffer.class, "addOne", methodType(ListBuffer.class, Object.class));
+        Class iterableOnceCls = classLoader.loadClass("scala.collection.IterableOnce");
+        plusPlusEq =
+            lookup()
+                .findVirtual(
+                    ListBuffer.class, "addAll", methodType(ListBuffer.class, iterableOnceCls));
+      } catch (NoSuchMethodException | IllegalAccessException | ClassNotFoundException ex) {
+        throw new RuntimeException(ex);
+      }
+    }
+
+    PLUS_EQ = plusEq;
+    PLUS_PLUS_EQ = plusPlusEq;
+    INSTANCE_TO_LIST = new ScalaListCollector();
+  }
+
+  public static <T> Collector<T, ?, List<T>> toScalaList() {
+    return INSTANCE_TO_LIST;
+  }
+
+  private static <T> ListBuffer<T> addOne(ListBuffer<T> list, T object) {
+    try {
+      return (ListBuffer<T>) PLUS_EQ.invoke(list, object);
+    } catch (Throwable e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  private static <T> ListBuffer<T> addAll(ListBuffer<T> list, ListBuffer<T> otherList) {
+    try {
+      return (ListBuffer<T>) PLUS_PLUS_EQ.invoke(list, otherList);
+    } catch (Throwable e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @Override
+  public Supplier<ListBuffer<T>> supplier() {
+    return scala.collection.mutable.ListBuffer::new;
+  }
+
+  @Override
+  public BiConsumer<ListBuffer<T>, T> accumulator() {
+    return ScalaListCollector::addOne;
+  }
+
+  @Override
+  public BinaryOperator<ListBuffer<T>> combiner() {
+    return ScalaListCollector::addAll;
+  }
+
+  @Override
+  public Function<ListBuffer<T>, List<T>> finisher() {
+    return scala.collection.mutable.ListBuffer::toList;
+  }
+
+  @Override
+  public Set<Characteristics> characteristics() {
+    return Collections.emptySet();
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ScalaListCollectorMuzzleReferences.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ScalaListCollectorMuzzleReferences.java
new file mode 100644
index 00000000000..08f73d2c7fa
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/ScalaListCollectorMuzzleReferences.java
@@ -0,0 +1,38 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+public interface ScalaListCollectorMuzzleReferences {
+  Reference SCALA_LIST_COLLECTOR =
+      new Reference.Builder("scala.collection.mutable.ListBuffer")
+          .withMethod(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC | Reference.EXPECTS_PUBLIC,
+              "$plus$eq",
+              "Lscala/collection/mutable/ListBuffer;",
+              "Ljava/lang/Object;")
+          .withMethod(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC | Reference.EXPECTS_PUBLIC,
+              "$plus$plus$eq",
+              "Lscala/collection/mutable/ListBuffer;",
+              "Lscala/collection/TraversableOnce;")
+          .or()
+          .withMethod(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC | Reference.EXPECTS_PUBLIC,
+              "addOne",
+              "Lscala/collection/mutable/ListBuffer;",
+              "Ljava/lang/Object;")
+          .withMethod(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC | Reference.EXPECTS_PUBLIC,
+              "addAll",
+              "Lscala/collection/mutable/ListBuffer;",
+              "Lscala/collection/IterableOnce;")
+          .build();
+
+  static Reference[] additionalMuzzleReferences() {
+    return new Reference[] {SCALA_LIST_COLLECTOR};
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/SprayUnmarshallerInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/SprayUnmarshallerInstrumentation.java
new file mode 100644
index 00000000000..2e5aa79515f
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/SprayUnmarshallerInstrumentation.java
@@ -0,0 +1,73 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ScalaTraitMatchers.isTraitMethod;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+
+import akka.http.scaladsl.unmarshalling.Unmarshaller;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import net.bytebuddy.asm.Advice;
+
+// TODO: move to separate module and have better support
+@AutoService(Instrumenter.class)
+public class SprayUnmarshallerInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+
+  private static final String TRAIT_NAME =
+      "akka.http.scaladsl.marshallers.sprayjson.SprayJsonSupport";
+
+  public SprayUnmarshallerInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      TRAIT_NAME, TRAIT_NAME + "$class",
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".UnmarshallerHelpers",
+      packageName + ".UnmarshallerHelpers$UnmarkStrictFormOngoingOnUnsupportedException",
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "sprayJsonUnmarshaller", "spray.json.RootJsonReader")
+            .and(returns(named("akka.http.scaladsl.unmarshalling.Unmarshaller")))
+            .or(
+                isTraitMethod(
+                        TRAIT_NAME, "sprayJsonByteStringUnmarshaller", "spray.json.RootJsonReader")
+                    .and(returns(named("akka.http.scaladsl.unmarshalling.Unmarshaller")))),
+        SprayUnmarshallerInstrumentation.class.getName() + "$ArbitraryTypeAdvice");
+    // support is basic:
+    // * Source[T, NotUsed] is not intercepted
+    // * neither is the conversion into JsValue. It would need to wrap the JsValue
+    //   to intercept calls to the methods in play.api.libs.json.JsReadable
+  }
+
+  static class ArbitraryTypeAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) Unmarshaller ret) {
+      ret = UnmarshallerHelpers.transformArbitrarySprayUnmarshaller(ret);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/StrictFormCompanionInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/StrictFormCompanionInstrumentation.java
new file mode 100644
index 00000000000..c7842cf8bb2
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/StrictFormCompanionInstrumentation.java
@@ -0,0 +1,70 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.http.scaladsl.common.StrictForm;
+import akka.http.scaladsl.model.HttpEntity;
+import akka.http.scaladsl.unmarshalling.Unmarshaller;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import net.bytebuddy.asm.Advice;
+
+/** @see akka.http.scaladsl.common.StrictForm$#unmarshaller(Unmarshaller, Unmarshaller) */
+@AutoService(Instrumenter.class)
+public class StrictFormCompanionInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public StrictFormCompanionInstrumentation() {
+    super("akka-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "akka.http.scaladsl.common.StrictForm$";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".UnmarshallerHelpers",
+      packageName + ".UnmarshallerHelpers$UnmarkStrictFormOngoingOnUnsupportedException",
+      packageName + ".AkkaBlockResponseFunction",
+      packageName + ".BlockingResponseHelper",
+      packageName + ".ScalaListCollector",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator",
+      "datadog.trace.instrumentation.akkahttp.AkkaHttpServerHeaders",
+      "datadog.trace.instrumentation.akkahttp.UriAdapter",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return ScalaListCollectorMuzzleReferences.additionalMuzzleReferences();
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("unmarshaller"))
+            .and(returns(named("akka.http.scaladsl.unmarshalling.Unmarshaller")))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("akka.http.scaladsl.unmarshalling.Unmarshaller")))
+            .and(takesArgument(1, named("akka.http.scaladsl.unmarshalling.Unmarshaller"))),
+        StrictFormCompanionInstrumentation.class.getName() + "$UnmarshallerAdvice");
+  }
+
+  static class UnmarshallerAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) Unmarshaller<HttpEntity, StrictForm> ret) {
+      ret = UnmarshallerHelpers.transformStrictFormUnmarshaller(ret);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/UnmarshallerHelpers.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/UnmarshallerHelpers.java
new file mode 100644
index 00000000000..baa82ec95ca
--- /dev/null
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/UnmarshallerHelpers.java
@@ -0,0 +1,487 @@
+package datadog.trace.instrumentation.akkahttp.appsec;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import akka.http.javadsl.model.ContentType;
+import akka.http.javadsl.model.MediaType;
+import akka.http.javadsl.model.MediaTypes;
+import akka.http.scaladsl.common.StrictForm;
+import akka.http.scaladsl.model.FormData;
+import akka.http.scaladsl.model.HttpEntity;
+import akka.http.scaladsl.unmarshalling.Unmarshaller;
+import akka.http.scaladsl.unmarshalling.Unmarshaller$;
+import akka.japi.JavaPartialFunction;
+import akka.stream.Materializer;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.WeakHashMap;
+import java.util.function.BiFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import scala.Function1;
+import scala.PartialFunction;
+import scala.Tuple2;
+import scala.collection.Iterable;
+import scala.collection.Iterator;
+import scala.compat.java8.JFunction1;
+import scala.compat.java8.JFunction2;
+import scala.concurrent.ExecutionContext;
+import scala.concurrent.Future;
+
+public class UnmarshallerHelpers {
+
+  public static final int MAX_CONVERSION_DEPTH = 10;
+  private static final Logger log = LoggerFactory.getLogger(UnmarshallerHelpers.class);
+
+  private static final MediaType APPLICATION_X_WWW_FORM_URLENCODED;
+
+  static {
+    MediaType t = null;
+    try {
+      // subtype of MediaType changes between 10.0 and 10.1
+      Field f = MediaTypes.class.getField("APPLICATION_X_WWW_FORM_URLENCODED");
+      t = (MediaType) f.get(null);
+    } catch (NoSuchFieldException | IllegalAccessException e) {
+    }
+    APPLICATION_X_WWW_FORM_URLENCODED = t;
+  }
+
+  private UnmarshallerHelpers() {}
+
+  public static Unmarshaller<HttpEntity, akka.http.scaladsl.model.FormData>
+      transformUrlEncodedUnmarshaller(
+          Unmarshaller<HttpEntity, akka.http.scaladsl.model.FormData> original) {
+    JFunction1<akka.http.scaladsl.model.FormData, akka.http.scaladsl.model.FormData> mapf =
+        formData -> {
+          try {
+            handleFormData(formData);
+          } catch (Exception e) {
+            handleException(e, "transformUrlEncodedMarshaller");
+          }
+
+          return formData;
+        };
+
+    return original.map(mapf);
+  }
+
+  private static void handleFormData(FormData formData) {
+    AgentSpan span = activeSpan();
+    RequestContext reqCtx;
+    if (span == null
+        || (reqCtx = span.getRequestContext()) == null
+        || reqCtx.getData(RequestContextSlot.APPSEC) == null
+        || isStrictFormOngoing(span)) {
+      return;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Object, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestBodyProcessed());
+    if (callback == null) {
+      return;
+    }
+
+    Iterator<Tuple2<String, String>> fieldsIter = formData.fields().iterator();
+    Map<String, List<String>> conv = new HashMap<>();
+    while (fieldsIter.hasNext()) {
+      Tuple2<String, String> pair = fieldsIter.next();
+
+      String key = pair._1;
+      List<String> values = conv.get(key);
+      if (values == null) {
+        values = new ArrayList<>();
+        conv.put(key, values);
+      }
+      values.add(pair._2);
+    }
+
+    if (conv.isEmpty()) {
+      return;
+    }
+
+    // callback execution
+    executeCallback(reqCtx, callback, conv, "urlEncodedFormDataUnmarshaller");
+  }
+
+  private static void executeCallback(
+      RequestContext reqCtx,
+      BiFunction<RequestContext, Object, Flow<Void>> callback,
+      Object conv,
+      String details) {
+    Flow<Void> flow = callback.apply(reqCtx, conv);
+    Flow.Action action = flow.getAction();
+    if (action instanceof Flow.Action.RequestBlockingAction) {
+      Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+      BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+      if (blockResponseFunction != null) {
+        boolean success =
+            blockResponseFunction.tryCommitBlockingResponse(
+                reqCtx.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
+        if (success) {
+          if (blockResponseFunction instanceof AkkaBlockResponseFunction) {
+            AkkaBlockResponseFunction abrf = (AkkaBlockResponseFunction) blockResponseFunction;
+            abrf.setUnmarshallBlock(true);
+          }
+          throw new BlockingException("Blocked request (for " + details + ")");
+        }
+      }
+    }
+  }
+
+  public static Unmarshaller transformMultipartFormDataUnmarshaller(Unmarshaller original) {
+    JFunction1<
+            akka.http.scaladsl.model.Multipart.FormData,
+            akka.http.scaladsl.model.Multipart.FormData>
+        mapf =
+            t -> {
+              if (!(t instanceof akka.http.scaladsl.model.Multipart$FormData$Strict)) {
+                // data not loaded yet...
+                // it's not practical to wrap the object
+                // rely on instrumentation on toStrict
+                return t;
+              }
+
+              try {
+                handleMultipartStrictFormData(
+                    (akka.http.scaladsl.model.Multipart$FormData$Strict) t);
+              } catch (Exception e) {
+                handleException(e, "Error in handleMultipartStrictFormData");
+              }
+
+              return t;
+            };
+
+    return original.map(mapf);
+  }
+
+  public static scala.concurrent.Future<akka.http.scaladsl.model.Multipart$FormData$Strict>
+      transformMultiPartFormDataToStrictFuture(
+          scala.concurrent.Future<akka.http.scaladsl.model.Multipart$FormData$Strict> future,
+          Materializer materializer) {
+    JFunction1<
+            akka.http.scaladsl.model.Multipart$FormData$Strict,
+            akka.http.scaladsl.model.Multipart$FormData$Strict>
+        mapf =
+            t -> {
+              try {
+                AgentSpan span = activeSpan();
+                if (span != null && !isStrictFormOngoing(span)) {
+                  handleMultipartStrictFormData(t);
+                }
+              } catch (Exception e) {
+                handleException(e, "Error in transformMultiPartFormDataToStrictFuture");
+              }
+              return t;
+            };
+    return future.map(mapf, materializer.executionContext());
+  }
+
+  private static void handleMultipartStrictFormData(
+      akka.http.scaladsl.model.Multipart$FormData$Strict st) {
+    AgentSpan span = activeSpan();
+    RequestContext reqCtx;
+    if (span == null
+        || (reqCtx = span.getRequestContext()) == null
+        || reqCtx.getData(RequestContextSlot.APPSEC) == null) {
+      return;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Object, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestBodyProcessed());
+    if (callback == null) {
+      return;
+    }
+
+    // conversion to map string -> list of string
+    java.lang.Iterable<akka.http.javadsl.model.Multipart.FormData.BodyPart.Strict> strictParts =
+        st.getStrictParts();
+    Map<String, List<String>> conv = new HashMap<>();
+    for (akka.http.javadsl.model.Multipart.FormData.BodyPart.Strict part : strictParts) {
+      akka.http.javadsl.model.HttpEntity.Strict entity = part.getEntity();
+      if (!(entity instanceof HttpEntity.Strict)) {
+        continue;
+      }
+
+      HttpEntity.Strict sentity = (HttpEntity.Strict) entity;
+
+      String name = part.getName();
+      List<String> curStrings = conv.get(name);
+      if (curStrings == null) {
+        curStrings = new ArrayList<>();
+        conv.put(name, curStrings);
+      }
+
+      String s =
+          sentity
+              .getData()
+              .decodeString(
+                  Unmarshaller$.MODULE$.bestUnmarshallingCharsetFor(sentity).nioCharset());
+      curStrings.add(s);
+    }
+
+    // callback execution
+    executeCallback(reqCtx, callback, conv, "multipartFormDataUnmarshaller");
+  }
+
+  public static Unmarshaller<HttpEntity, String> transformStringUnmarshaller(
+      Unmarshaller<HttpEntity, String> original) {
+    Unmarshaller.EnhancedUnmarshaller<HttpEntity, String> enhancedOriginal =
+        new Unmarshaller.EnhancedUnmarshaller<>(original);
+    JFunction2<HttpEntity, String, String> f2 =
+        (entity, str) -> {
+          try {
+            AgentSpan agentSpan = activeSpan();
+            if (agentSpan == null || isStrictFormOngoing(agentSpan)) {
+              return str;
+            }
+
+            ContentType contentType = entity.getContentType();
+            MediaType mediaType = contentType.mediaType();
+            if (mediaType != MediaTypes.APPLICATION_JSON
+                && mediaType != MediaTypes.MULTIPART_FORM_DATA
+                && mediaType != APPLICATION_X_WWW_FORM_URLENCODED) {
+              handleArbitraryPostData(str, "HttpEntity -> String unmarshaller");
+            }
+          } catch (Exception e) {
+            handleException(e, "Error in transformStringUnmarshaller");
+          }
+
+          return str;
+        };
+
+    return enhancedOriginal.mapWithInput(f2);
+  }
+
+  public static akka.http.javadsl.unmarshalling.Unmarshaller transformJacksonUnmarshaller(
+      akka.http.javadsl.unmarshalling.Unmarshaller original) {
+    return original.thenApply(
+        ret -> {
+          try {
+            handleArbitraryPostData(ret, "jackson unmarshaller");
+          } catch (Exception e) {
+            handleException(e, "Error in transformJacksonUnmarshaller");
+          }
+          return ret;
+        });
+  }
+
+  public static Unmarshaller transformArbitrarySprayUnmarshaller(Unmarshaller original) {
+    JFunction1<Object, Object> f =
+        ret -> {
+          Object conv = tryConvertingScalaContainers(ret, MAX_CONVERSION_DEPTH);
+          try {
+            handleArbitraryPostData(conv, "spray unmarshaller");
+          } catch (Exception e) {
+            handleException(e, "Error in transformArbitrarySprayUnmarshaller");
+          }
+          return ret;
+        };
+    return original.map(f);
+  }
+
+  private static final WeakHashMap<RequestContext, Boolean> STRICT_FORM_SERIALIZATION_ONGOING =
+      new WeakHashMap<>();
+
+  // when unmarshalling parts of multipart requests, some other unmarshallers that
+  // we also instrument, like the string unmarshaller, can run. Those runs happen
+  // in a subset of the data, so we are not interested in them: instead we want
+  // to submit all the data at the same time, after having finished fully
+  // unmarshalling the StrictForm. We suppress the sub-runs of unmarshallers by
+  // noticing when the StrictForm unmarshaller starts running
+  private static void markStrictFormOngoing(AgentSpan agentSpan) {
+    synchronized (STRICT_FORM_SERIALIZATION_ONGOING) {
+      STRICT_FORM_SERIALIZATION_ONGOING.put(agentSpan.getRequestContext(), Boolean.TRUE);
+    }
+  }
+
+  private static void unmarkStrictFormOngoing(AgentSpan agentSpan) {
+    synchronized (STRICT_FORM_SERIALIZATION_ONGOING) {
+      STRICT_FORM_SERIALIZATION_ONGOING.remove(agentSpan.getRequestContext());
+    }
+  }
+
+  private static boolean isStrictFormOngoing(AgentSpan agentSpan) {
+    synchronized (STRICT_FORM_SERIALIZATION_ONGOING) {
+      return STRICT_FORM_SERIALIZATION_ONGOING.getOrDefault(
+          agentSpan.getRequestContext(), Boolean.FALSE);
+    }
+  }
+
+  private static JFunction1<StrictForm, StrictForm> STRICT_FORM_DATA_POST_TRANSF =
+      sf -> {
+        try {
+          handleStrictFormData(sf);
+        } catch (Exception e) {
+          handleException(e, "Error in transformStrictFromUnmarshaller");
+        }
+        // we do not remove the span from STRICT_FORM_SERIALIZATION_ONGOING,
+        // as the string unmarshaller can still run afterwards. This way, the
+        // advice will still be skipped
+        return sf;
+      };
+
+  public static class UnmarkStrictFormOngoingOnUnsupportedException
+      extends JavaPartialFunction<Throwable, StrictForm> {
+    public static final PartialFunction<Throwable, StrictForm> INSTANCE =
+        new UnmarkStrictFormOngoingOnUnsupportedException();
+
+    @Override
+    public StrictForm apply(Throwable x, boolean isCheck) throws Exception {
+      if (!(x
+          instanceof
+          akka.http.scaladsl.unmarshalling.Unmarshaller.UnsupportedContentTypeException)) {
+        throw noMatch();
+      }
+      if (isCheck) {
+        return null;
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan != null) {
+        unmarkStrictFormOngoing(agentSpan);
+      }
+      throw (Exception) x;
+    }
+  }
+
+  public static Unmarshaller<HttpEntity, StrictForm> transformStrictFormUnmarshaller(
+      Unmarshaller<HttpEntity, StrictForm> original) {
+    JFunction1<ExecutionContext, Function1<Materializer, Function1<HttpEntity, Future<StrictForm>>>>
+        wrappedBeforeF =
+            ec -> {
+              JFunction1<Materializer, Function1<HttpEntity, Future<StrictForm>>> g =
+                  mat -> {
+                    JFunction1<HttpEntity, Future<StrictForm>> h =
+                        entity -> {
+                          AgentSpan agentSpan = activeSpan();
+                          if (agentSpan != null) {
+                            markStrictFormOngoing(agentSpan);
+                          }
+
+                          Future<StrictForm> resFut = original.apply(entity, ec, mat);
+                          return resFut
+                              .recover(UnmarkStrictFormOngoingOnUnsupportedException.INSTANCE, ec)
+                              .map(STRICT_FORM_DATA_POST_TRANSF, ec);
+                        };
+                    return h;
+                  };
+              return g;
+            };
+    Unmarshaller<HttpEntity, StrictForm> wrapped =
+        Unmarshaller$.MODULE$.withMaterializer(wrappedBeforeF);
+
+    return wrapped;
+  }
+
+  private static void handleStrictFormData(StrictForm sf) {
+    Iterator<Tuple2<String, StrictForm.Field>> iterator = sf.fields().iterator();
+    Map<String, List<String>> conv = new HashMap<>();
+    while (iterator.hasNext()) {
+      Tuple2<String, StrictForm.Field> next = iterator.next();
+      String fieldName = next._1();
+      StrictForm.Field field = next._2();
+
+      List<String> strings = conv.get(fieldName);
+      if (strings == null) {
+        strings = new ArrayList<>();
+        conv.put(fieldName, strings);
+      }
+
+      Object strictFieldValue;
+      try {
+        Field f = field.getClass().getDeclaredField("value");
+        f.setAccessible(true);
+        strictFieldValue = f.get(field);
+      } catch (NoSuchFieldException | IllegalAccessException e) {
+        continue;
+      }
+
+      if (strictFieldValue instanceof String) {
+        strings.add((String) strictFieldValue);
+      } else if (strictFieldValue
+          instanceof akka.http.scaladsl.model.Multipart$FormData$BodyPart$Strict) {
+        HttpEntity.Strict sentity =
+            ((akka.http.scaladsl.model.Multipart$FormData$BodyPart$Strict) strictFieldValue)
+                .entity();
+        String s =
+            sentity
+                .getData()
+                .decodeString(
+                    Unmarshaller$.MODULE$.bestUnmarshallingCharsetFor(sentity).nioCharset());
+        strings.add(s);
+      }
+    }
+
+    handleArbitraryPostData(conv, "HttpEntity -> StrictForm unmarshaller");
+  }
+
+  private static Object tryConvertingScalaContainers(Object obj, int depth) {
+    if (depth == 0) {
+      return obj;
+    }
+    if (obj instanceof scala.collection.Map) {
+      scala.collection.Map map = (scala.collection.Map) obj;
+      Map<Object, Object> ret = new HashMap<>();
+      Iterator<Tuple2> iterator = map.iterator();
+      while (iterator.hasNext()) {
+        Tuple2 next = iterator.next();
+        ret.put(next._1(), tryConvertingScalaContainers(next._2(), depth - 1));
+      }
+      return ret;
+    } else if (obj instanceof scala.collection.Iterable) {
+      List<Object> ret = new ArrayList<>();
+      Iterator iterator = ((Iterable) obj).iterator();
+      while (iterator.hasNext()) {
+        Object next = iterator.next();
+        ret.add(tryConvertingScalaContainers(next, depth - 1));
+      }
+      return ret;
+    }
+    return obj;
+  }
+
+  private static void handleArbitraryPostData(Object o, String source) {
+    AgentSpan span = activeSpan();
+    RequestContext reqCtx;
+    if (span == null
+        || (reqCtx = span.getRequestContext()) == null
+        || reqCtx.getData(RequestContextSlot.APPSEC) == null) {
+      return;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Object, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestBodyProcessed());
+    if (callback == null) {
+      return;
+    }
+
+    // callback execution
+    executeCallback(reqCtx, callback, o, source);
+  }
+
+  private static void handleException(Exception e, String logMessage) {
+    if (e instanceof BlockingException) {
+      throw (BlockingException) e;
+    }
+
+    log.warn(logMessage, e);
+  }
+}
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieDirectivesInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieDirectivesInstrumentation.java
index 623b148fd99..629dbc8f40a 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieDirectivesInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieDirectivesInstrumentation.java
@@ -55,7 +55,7 @@ public void adviceTransformations(AdviceTransformation transformation) {
 
   static class TaintCookieAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive = directive.tmap(TaintCookieFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
     }
@@ -63,7 +63,7 @@ static void after(@Advice.Return(readOnly = false) Directive directive) {
 
   static class TaintOptionalCookieAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive =
           directive.tmap(TaintOptionalCookieFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieHeaderInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieHeaderInstrumentation.java
index 5e1119848c1..1c8b35e4bb3 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieHeaderInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/CookieHeaderInstrumentation.java
@@ -12,13 +12,11 @@
 import akka.http.scaladsl.model.headers.HttpCookiePair;
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
-import java.util.ArrayList;
-import java.util.List;
 import net.bytebuddy.asm.Advice;
 import scala.collection.Iterator;
 import scala.collection.immutable.Seq;
@@ -53,26 +51,25 @@ public void adviceTransformations(AdviceTransformation transformation) {
 
   static class TaintAllCookiesAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     static void after(
         @Advice.This HttpHeader cookie, @Advice.Return Seq<HttpCookiePair> cookiePairs) {
-      WebModule mod = InstrumentationBridge.WEB;
       PropagationModule prop = InstrumentationBridge.PROPAGATION;
-      if (mod == null || prop == null || cookiePairs == null || cookiePairs.isEmpty()) {
+      if (prop == null || cookiePairs == null || cookiePairs.isEmpty()) {
         return;
       }
       if (!prop.isTainted(cookie)) {
         return;
       }
 
+      final IastContext ctx = IastContext.Provider.get();
       Iterator<HttpCookiePair> iterator = cookiePairs.iterator();
-      List<String> cookieNames = new ArrayList<>();
       while (iterator.hasNext()) {
         HttpCookiePair pair = iterator.next();
-        cookieNames.add(pair.name());
-        prop.taint(SourceTypes.REQUEST_COOKIE_VALUE, pair.name(), pair.value());
+        final String name = pair.name(), value = pair.value();
+        prop.taint(ctx, name, SourceTypes.REQUEST_COOKIE_NAME, name);
+        prop.taint(ctx, value, SourceTypes.REQUEST_COOKIE_VALUE, name);
       }
-      mod.onCookieNames(cookieNames);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ExtractDirectivesInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ExtractDirectivesInstrumentation.java
index ff9d10c876f..4c04cf6bd13 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ExtractDirectivesInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ExtractDirectivesInstrumentation.java
@@ -72,7 +72,7 @@ private void instrumentDirective(
 
   static class TaintUriDirectiveAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_QUERY_STRING)
+    @Source(SourceTypes.REQUEST_QUERY)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive = directive.tmap(TaintUriFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
     }
@@ -80,7 +80,7 @@ static void after(@Advice.Return(readOnly = false) Directive directive) {
 
   static class TaintRequestDirectiveAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_BODY_STRING)
+    @Source(SourceTypes.REQUEST_BODY)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive = directive.tmap(TaintRequestFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
     }
@@ -88,7 +88,7 @@ static void after(@Advice.Return(readOnly = false) Directive directive) {
 
   static class TaintRequestContextDirectiveAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_BODY_STRING)
+    @Source(SourceTypes.REQUEST_BODY)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive =
           directive.tmap(TaintRequestContextFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/FormFieldDirectivesInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/FormFieldDirectivesInstrumentation.java
index 6dc51c52502..33b5f753634 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/FormFieldDirectivesInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/FormFieldDirectivesInstrumentation.java
@@ -101,7 +101,7 @@ private void transformDirective(
 
   static class TaintSingleFormFieldDirectiveOldScalaAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(
         @Advice.Return(readOnly = false, typing = Assigner.Typing.DYNAMIC) Directive retval,
         @Advice.Argument(1) FormFieldDirectives.FieldMagnet fmag) {
@@ -116,7 +116,7 @@ static void after(
 
   static class TaintSingleFormFieldDirectiveNewScalaAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(
         @Advice.Return(readOnly = false, typing = Assigner.Typing.DYNAMIC) Directive retval,
         @Advice.Argument(0) FormFieldDirectives.FieldMagnet fmag) {
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HeaderNameCallSite.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HeaderNameCallSite.java
index f673a2b8349..f7f330a14b5 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HeaderNameCallSite.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HeaderNameCallSite.java
@@ -6,16 +6,14 @@
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.Taintable;
-import datadog.trace.api.iast.source.WebModule;
-import java.util.Collections;
+import datadog.trace.api.iast.propagation.PropagationModule;
 
 /**
  * Detects when a header name is directly called from user code. This uses call site instrumentation
  * because there are many calls to {@link HttpHeader#name()} inside akka-http code that we don't
  * care about.
  */
-@Source(value = SourceTypes.REQUEST_HEADER_NAME_STRING)
+@Source(value = SourceTypes.REQUEST_HEADER_NAME)
 @CallSite(spi = IastCallSites.class)
 public class HeaderNameCallSite {
 
@@ -23,18 +21,15 @@ public class HeaderNameCallSite {
   @CallSite.After(
       "java.lang.String akka.http.scaladsl.model.HttpHeader.name()") // subtype of the first
   public static String after(@CallSite.This HttpHeader header, @CallSite.Return String result) {
-    WebModule module = InstrumentationBridge.WEB;
+    PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module == null) {
       return result;
     }
     try {
-      if (header instanceof Taintable && ((Taintable) header).$DD$isTainted()) {
-        module.onHeaderNames(Collections.singletonList(result));
-      }
-      return result;
+      module.taintIfTainted(result, header, SourceTypes.REQUEST_HEADER_NAME, result);
     } catch (final Throwable e) {
       module.onUnexpectedException("onHeaderNames threw", e);
-      return result;
     }
+    return result;
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpHeaderSubclassesInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpHeaderSubclassesInstrumentation.java
index 8e71ae0d0f8..57cd04ce127 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpHeaderSubclassesInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpHeaderSubclassesInstrumentation.java
@@ -14,7 +14,6 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Propagation;
-import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.type.TypeDescription;
@@ -59,11 +58,11 @@ static class HttpHeaderSubclassesAdvice {
     static void onExit(@Advice.This HttpHeader h, @Advice.Return String retVal) {
 
       PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation == null || !(h instanceof Taintable)) {
+      if (propagation == null) {
         return;
       }
 
-      propagation.taintIfInputIsTainted(retVal, h);
+      propagation.taintIfTainted(retVal, h);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpRequestInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpRequestInstrumentation.java
index 775c5d0ab4a..a0c5f432e85 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpRequestInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/HttpRequestInstrumentation.java
@@ -13,11 +13,11 @@
 import akka.http.scaladsl.model.HttpRequest;
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import net.bytebuddy.asm.Advice;
@@ -59,7 +59,7 @@ public void adviceTransformations(AdviceTransformation transformation) {
   @SuppressFBWarnings("BC_IMPOSSIBLE_INSTANCEOF")
   static class RequestHeadersAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     static void onExit(
         @Advice.This HttpRequest thiz, @Advice.Return(readOnly = false) Seq<HttpHeader> headers) {
       PropagationModule propagation = InstrumentationBridge.PROPAGATION;
@@ -67,27 +67,20 @@ static void onExit(
         return;
       }
 
-      if (!((Object) thiz instanceof Taintable)) {
-        return;
-      }
-      if (!((Taintable) (Object) thiz).$DD$isTainted()) {
+      if (!propagation.isTainted(thiz)) {
         return;
       }
 
+      final IastContext ctx = IastContext.Provider.get();
       Iterator<HttpHeader> iterator = headers.iterator();
       while (iterator.hasNext()) {
         HttpHeader h = iterator.next();
-        if (!(h instanceof Taintable)) {
-          continue;
-        }
-
-        Taintable t = (Taintable) h;
-        if (t.$DD$isTainted()) {
+        if (propagation.isTainted(h)) {
           continue;
         }
         // unfortunately, the call to h.value() is instrumented, but
         // because the call to taint() only happens after, the call is a noop
-        propagation.taint(SourceTypes.REQUEST_HEADER_VALUE, h.name(), h.value(), t);
+        propagation.taint(ctx, h, SourceTypes.REQUEST_HEADER_VALUE, h.name(), h.value());
       }
     }
   }
@@ -103,13 +96,11 @@ static void onExit(
         return;
       }
 
-      if (entity instanceof Taintable) {
-        if (((Taintable) entity).$DD$isTainted()) {
-          return;
-        }
+      if (propagation.isTainted(entity)) {
+        return;
       }
 
-      propagation.taintIfInputIsTainted(entity, thiz);
+      propagation.taintIfTainted(entity, thiz);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/MarshallingDirectivesInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/MarshallingDirectivesInstrumentation.java
index b1dc0d68ead..a8a4b557174 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/MarshallingDirectivesInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/MarshallingDirectivesInstrumentation.java
@@ -76,7 +76,7 @@ public void adviceTransformations(AdviceTransformation transformation) {
 
   static class TaintUnmarshallerInputOldScalaAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_BODY_STRING)
+    @Source(SourceTypes.REQUEST_BODY)
     static void before(@Advice.Argument(readOnly = false, value = 1) Unmarshaller unmarshaller) {
       PropagationModule mod = InstrumentationBridge.PROPAGATION;
       if (mod != null) {
@@ -87,7 +87,7 @@ static void before(@Advice.Argument(readOnly = false, value = 1) Unmarshaller un
 
   static class TaintUnmarshallerInputNewScalaAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_BODY_STRING)
+    @Source(SourceTypes.REQUEST_BODY)
     static void before(@Advice.Argument(readOnly = false, value = 0) Unmarshaller unmarshaller) {
       PropagationModule mod = InstrumentationBridge.PROPAGATION;
       if (mod != null) {
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ParameterDirectivesInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ParameterDirectivesInstrumentation.java
index f25c72ffa75..6ddc32aa877 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ParameterDirectivesInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/ParameterDirectivesInstrumentation.java
@@ -100,7 +100,7 @@ private void transformDirective(
 
   static class TaintMultiMapDirectiveAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive = directive.tmap(TaintMultiMapFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
     }
@@ -108,7 +108,7 @@ static void after(@Advice.Return(readOnly = false) Directive directive) {
 
   static class TaintMapDirectiveAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive = directive.tmap(TaintMapFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
     }
@@ -116,7 +116,7 @@ static void after(@Advice.Return(readOnly = false) Directive directive) {
 
   static class TaintSeqDirectiveAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(@Advice.Return(readOnly = false) Directive directive) {
       directive = directive.tmap(TaintSeqFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
     }
@@ -124,7 +124,7 @@ static void after(@Advice.Return(readOnly = false) Directive directive) {
 
   static class TaintSingleParameterDirectiveOldScalaAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(
         @Advice.Return(readOnly = false) Object retval,
         @Advice.Argument(1) ParameterDirectives.ParamMagnet pmag) {
@@ -144,7 +144,7 @@ static void after(
 
   static class TaintSingleParameterDirectiveNewScalaAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(
         @Advice.Return(readOnly = false) Object retval,
         @Advice.Argument(0) ParameterDirectives.ParamMagnet pmag) {
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/PathMatcherInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/PathMatcherInstrumentation.java
index 46371a610d4..80c3b2687f0 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/PathMatcherInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/PathMatcherInstrumentation.java
@@ -11,6 +11,7 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -47,7 +48,7 @@ public void adviceTransformations(AdviceTransformation transformation) {
   @RequiresRequestContext(RequestContextSlot.IAST)
   static class PathMatcherAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+    @Source(SourceTypes.REQUEST_PATH_PARAMETER)
     static void onExit(
         @Advice.Argument(1) Object extractions, @ActiveRequestContext RequestContext reqCtx) {
       if (!(extractions instanceof scala.Tuple1)) {
@@ -68,11 +69,8 @@ static void onExit(
       }
 
       if (value instanceof String) {
-        module.taint(
-            reqCtx.getData(RequestContextSlot.IAST),
-            SourceTypes.REQUEST_PATH_PARAMETER,
-            null,
-            (String) value);
+        final IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
+        module.taint(ctx, value, SourceTypes.REQUEST_PATH_PARAMETER);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/RequestContextInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/RequestContextInstrumentation.java
index 7629fab2538..f18148a7ceb 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/RequestContextInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/RequestContextInstrumentation.java
@@ -13,7 +13,6 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Propagation;
-import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import net.bytebuddy.asm.Advice;
@@ -50,14 +49,11 @@ static void onExit(
         @Advice.This RequestContext requestContext, @Advice.Return HttpRequest request) {
 
       PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation == null
-          || !(requestContext instanceof Taintable)
-          || !((Object) request instanceof Taintable)
-          || ((Taintable) (Object) request).$DD$isTainted()) {
+      if (propagation == null || propagation.isTainted(request)) {
         return;
       }
 
-      propagation.taintIfInputIsTainted(request, requestContext);
+      propagation.taintIfTainted(request, requestContext);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/TraitMethodMatchers.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/TraitMethodMatchers.java
index 2d74073aedf..fb58538102e 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/TraitMethodMatchers.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/TraitMethodMatchers.java
@@ -1,35 +1,16 @@
 package datadog.trace.instrumentation.akkahttp.iast;
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
-import static net.bytebuddy.matcher.ElementMatchers.isMethod;
-import static net.bytebuddy.matcher.ElementMatchers.isStatic;
-import static net.bytebuddy.matcher.ElementMatchers.not;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ScalaTraitMatchers.isTraitMethod;
 import static net.bytebuddy.matcher.ElementMatchers.returns;
-import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
-import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 
 import net.bytebuddy.description.method.MethodDescription;
 import net.bytebuddy.matcher.ElementMatcher;
 
 public class TraitMethodMatchers {
   public static ElementMatcher.Junction<MethodDescription> isTraitDirectiveMethod(
-      String traitName, String name, String... argumentTypes) {
-
-    ElementMatcher.Junction<MethodDescription> scalaOldArgs =
-        isStatic()
-            .and(takesArguments(argumentTypes.length + 1))
-            .and(takesArgument(0, named(traitName)));
-    ElementMatcher.Junction<MethodDescription> scalaNewArgs =
-        not(isStatic()).and(takesArguments(argumentTypes.length));
-
-    for (int i = 0; i < argumentTypes.length; i++) {
-      scalaOldArgs = scalaOldArgs.and(takesArgument(i + 1, named(argumentTypes[i])));
-      scalaNewArgs = scalaNewArgs.and(takesArgument(i, named(argumentTypes[i])));
-    }
-
-    return isMethod()
-        .and(named(name))
-        .and(returns(named("akka.http.scaladsl.server.Directive")))
-        .and(scalaOldArgs.or(scalaNewArgs));
+      String traitName, String name, Object... argumentTypes) {
+    return isTraitMethod(traitName, name, (Object[]) argumentTypes)
+        .and(returns(named("akka.http.scaladsl.server.Directive")));
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/UriInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/UriInstrumentation.java
index 907c565ae1d..49a03c9bf32 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/UriInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/UriInstrumentation.java
@@ -11,13 +11,12 @@
 import akka.http.scaladsl.model.Uri;
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
-import java.util.Collections;
 import net.bytebuddy.asm.Advice;
 import scala.Tuple2;
 import scala.collection.Iterator;
@@ -70,7 +69,7 @@ static void after(@Advice.This Uri uri, @Advice.Return scala.Option<String> ret)
       if (mod == null || ret.isEmpty()) {
         return;
       }
-      mod.taintIfInputIsTainted(ret.get(), uri);
+      mod.taintIfTainted(ret.get(), uri);
     }
   }
 
@@ -78,11 +77,10 @@ public static class TaintQueryAdvice {
     // bind uri to a variable of type Object so that this advice can also
     // be used from FromDataInstrumentaton
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(@Advice.This /*Uri*/ Object uri, @Advice.Return Uri.Query ret) {
-      WebModule web = InstrumentationBridge.WEB;
       PropagationModule prop = InstrumentationBridge.PROPAGATION;
-      if (prop == null || web == null || ret.isEmpty()) {
+      if (prop == null || ret.isEmpty()) {
         return;
       }
 
@@ -90,11 +88,13 @@ static void after(@Advice.This /*Uri*/ Object uri, @Advice.Return Uri.Query ret)
         return;
       }
 
+      final IastContext ctx = IastContext.Provider.get();
       Iterator<Tuple2<String, String>> iterator = ret.iterator();
       while (iterator.hasNext()) {
         Tuple2<String, String> pair = iterator.next();
-        web.onParameterNames(Collections.singleton(pair._1()));
-        prop.taint(SourceTypes.REQUEST_PARAMETER_VALUE, pair._1(), pair._2());
+        final String name = pair._1(), value = pair._2();
+        prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+        prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintCookieFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintCookieFunction.java
index 2d9c23c51ba..0955a0a9e49 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintCookieFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintCookieFunction.java
@@ -16,10 +16,13 @@ public Tuple1<HttpCookiePair> apply(Tuple1<HttpCookiePair> v1) {
     HttpCookiePair httpCookiePair = v1._1();
 
     PropagationModule mod = InstrumentationBridge.PROPAGATION;
-    if (mod == null) {
+    if (mod == null || httpCookiePair == null) {
       return v1;
     }
-    mod.taint(SourceTypes.REQUEST_COOKIE_VALUE, httpCookiePair.name(), httpCookiePair.value());
+    final String name = httpCookiePair.name();
+    final String value = httpCookiePair.value();
+    mod.taint(name, SourceTypes.REQUEST_COOKIE_NAME, name);
+    mod.taint(value, SourceTypes.REQUEST_COOKIE_VALUE, name);
     return v1;
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintFutureHelper.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintFutureHelper.java
index 922397f52f6..c1ff9dbc8c2 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintFutureHelper.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintFutureHelper.java
@@ -10,7 +10,7 @@ public static <T> Future<T> wrapFuture(
       Future<T> f, Object input, PropagationModule mod, ExecutionContext ec) {
     JFunction1<T, T> mapf =
         t -> {
-          mod.taintIfInputIsTainted(t, input);
+          mod.taintIfTainted(t, input);
           return t;
         };
     return f.map(mapf, ec);
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMapFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMapFunction.java
index 40d75a9e15f..705b1921742 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMapFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMapFunction.java
@@ -1,9 +1,9 @@
 package datadog.trace.instrumentation.akkahttp.iast.helpers;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import scala.Tuple1;
 import scala.Tuple2;
 import scala.collection.Iterator;
@@ -19,18 +19,17 @@ public Tuple1<Map<String, String>> apply(Tuple1<Map<String, String>> v1) {
     Map<String, String> m = v1._1;
 
     PropagationModule prop = InstrumentationBridge.PROPAGATION;
-    WebModule web = InstrumentationBridge.WEB;
-    if (web == null || prop == null || m == null) {
+    if (prop == null || m == null || m.isEmpty()) {
       return v1;
     }
 
-    java.util.List<String> keysAsCollection = ScalaToJava.keySetAsCollection(m);
-    web.onParameterNames(keysAsCollection);
-
+    final IastContext ctx = IastContext.Provider.get();
     Iterator<Tuple2<String, String>> iterator = m.iterator();
     while (iterator.hasNext()) {
       Tuple2<String, String> e = iterator.next();
-      prop.taint(SourceTypes.REQUEST_PARAMETER_VALUE, e._1(), e._2());
+      final String name = e._1(), value = e._2();
+      prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+      prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMultiMapFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMultiMapFunction.java
index dcfe919d598..b72ac179c0b 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMultiMapFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintMultiMapFunction.java
@@ -1,7 +1,9 @@
 package datadog.trace.instrumentation.akkahttp.iast.helpers;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.source.WebModule;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
 import scala.Tuple1;
 import scala.Tuple2;
 import scala.collection.Iterator;
@@ -17,19 +19,21 @@ public class TaintMultiMapFunction
   public Tuple1<Map<String, List<String>>> apply(Tuple1<Map<String, List<String>>> v1) {
     Map<String, List<String>> m = v1._1;
 
-    WebModule mod = InstrumentationBridge.WEB;
-    if (mod == null || m == null) {
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null || m == null || m.isEmpty()) {
       return v1;
     }
 
-    java.util.List<String> keysAsCollection = ScalaToJava.keySetAsCollection(m);
-    mod.onParameterNames(keysAsCollection);
-
+    final IastContext ctx = IastContext.Provider.get();
     Iterator<Tuple2<String, List<String>>> entriesIterator = m.iterator();
     while (entriesIterator.hasNext()) {
       Tuple2<String, List<String>> e = entriesIterator.next();
+      final String name = e._1();
+      mod.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
       List<String> values = e._2();
-      mod.onParameterValues(e._1(), ScalaToJava.listAsList(values));
+      for (final String value : ScalaToJava.listAsList(values)) {
+        mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+      }
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintOptionalCookieFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintOptionalCookieFunction.java
index 1f6d8bb62a2..620bea2ebf8 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintOptionalCookieFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintOptionalCookieFunction.java
@@ -17,13 +17,14 @@ public Tuple1<Option<HttpCookiePair>> apply(Tuple1<Option<HttpCookiePair>> v1) {
     Option<HttpCookiePair> httpCookiePair = v1._1();
 
     PropagationModule mod = InstrumentationBridge.PROPAGATION;
-    if (mod == null || httpCookiePair.isEmpty()) {
+    if (mod == null || httpCookiePair == null || httpCookiePair.isEmpty()) {
       return v1;
     }
-    mod.taint(
-        SourceTypes.REQUEST_COOKIE_VALUE,
-        httpCookiePair.get().name(),
-        httpCookiePair.get().value());
+    final HttpCookiePair cookie = httpCookiePair.get();
+    final String name = cookie.name();
+    final String value = cookie.value();
+    mod.taint(name, SourceTypes.REQUEST_COOKIE_NAME, name);
+    mod.taint(value, SourceTypes.REQUEST_COOKIE_VALUE, name);
     return v1;
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestContextFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestContextFunction.java
index 8454bf9445f..bc86e937643 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestContextFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestContextFunction.java
@@ -3,7 +3,6 @@
 import akka.http.scaladsl.server.RequestContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import scala.Tuple1;
 import scala.compat.java8.JFunction1;
@@ -17,10 +16,10 @@ public Tuple1<RequestContext> apply(Tuple1<RequestContext> v1) {
     RequestContext reqCtx = v1._1();
 
     PropagationModule mod = InstrumentationBridge.PROPAGATION;
-    if (mod == null || !(reqCtx instanceof Taintable)) {
+    if (mod == null || reqCtx == null) {
       return v1;
     }
-    mod.taintObject(SourceTypes.REQUEST_BODY, reqCtx);
+    mod.taint(reqCtx, SourceTypes.REQUEST_BODY);
 
     return v1;
   }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestFunction.java
index 6b948f2bd33..7894326ab89 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintRequestFunction.java
@@ -3,7 +3,6 @@
 import akka.http.scaladsl.model.HttpRequest;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import scala.Tuple1;
@@ -18,10 +17,10 @@ public Tuple1<HttpRequest> apply(Tuple1<HttpRequest> v1) {
     HttpRequest httpRequest = v1._1();
 
     PropagationModule mod = InstrumentationBridge.PROPAGATION;
-    if (mod == null || !((Object) httpRequest instanceof Taintable)) {
+    if (mod == null || httpRequest == null) {
       return v1;
     }
-    mod.taintObject(SourceTypes.REQUEST_BODY, httpRequest);
+    mod.taint(httpRequest, SourceTypes.REQUEST_BODY);
 
     return v1;
   }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSeqFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSeqFunction.java
index 0d41fc32e56..fdec8e35b4e 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSeqFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSeqFunction.java
@@ -1,9 +1,9 @@
 package datadog.trace.instrumentation.akkahttp.iast.helpers;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import java.util.Collections;
 import java.util.IdentityHashMap;
 import java.util.Set;
@@ -22,22 +22,22 @@ public class TaintSeqFunction
   public Tuple1<Seq<Tuple2<String, String>>> apply(Tuple1<Seq<Tuple2<String, String>>> v1) {
     Seq<Tuple2<String, String>> seq = v1._1;
 
-    WebModule web = InstrumentationBridge.WEB;
     PropagationModule prop = InstrumentationBridge.PROPAGATION;
-    if (web == null || prop == null || seq == null) {
+    if (prop == null || seq == null || seq.isEmpty()) {
       return v1;
     }
 
+    final IastContext ctx = IastContext.Provider.get();
     Iterator<Tuple2<String, String>> iterator = seq.iterator();
-    Set<String> seenKeys = Collections.newSetFromMap(new IdentityHashMap<String, Boolean>());
+    Set<String> seenKeys = Collections.newSetFromMap(new IdentityHashMap<>());
     while (iterator.hasNext()) {
       Tuple2<String, String> t = iterator.next();
       String name = t._1();
       String value = t._2();
       if (seenKeys.add(name)) {
-        web.onParameterNames(Collections.singleton(name));
+        prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
       }
-      prop.taint(SourceTypes.REQUEST_PARAMETER_VALUE, name, value);
+      prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSingleParameterFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSingleParameterFunction.java
index e3130be8062..f6c1073fff8 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSingleParameterFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSingleParameterFunction.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.akkahttp.iast.helpers;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
@@ -40,15 +41,16 @@ public Tuple1<Object> apply(Tuple1<Object> v1) {
     }
 
     if (value instanceof Iterable) {
-      Iterator iterator = ((Iterable) value).iterator();
+      final IastContext ctx = IastContext.Provider.get();
+      Iterator<?> iterator = ((Iterable<?>) value).iterator();
       while (iterator.hasNext()) {
         Object o = iterator.next();
         if (o instanceof String) {
-          mod.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) o);
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     } else if (value instanceof String) {
-      mod.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) value);
+      mod.taint((String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUnmarshaller.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUnmarshaller.java
index 88d1580643a..d109cc92d9d 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUnmarshaller.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUnmarshaller.java
@@ -28,7 +28,7 @@ public TaintUnmarshaller(PropagationModule propagationModule, Unmarshaller<A, B>
 
   @Override
   public Future<B> apply(A value, ExecutionContext ec, Materializer materializer) {
-    propagationModule.taintObject(SourceTypes.REQUEST_BODY, value);
+    propagationModule.taint(value, SourceTypes.REQUEST_BODY);
     return delegate.apply(value, ec, materializer);
   }
 
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUriFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUriFunction.java
index eae576a422a..5feb8315119 100644
--- a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUriFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintUriFunction.java
@@ -3,7 +3,6 @@
 import akka.http.scaladsl.model.Uri;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.Taintable;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import scala.Tuple1;
 import scala.compat.java8.JFunction1;
@@ -16,10 +15,10 @@ public Tuple1<Uri> apply(Tuple1<Uri> v1) {
     Uri uri = v1._1();
 
     PropagationModule mod = InstrumentationBridge.PROPAGATION;
-    if (mod == null || !(uri instanceof Taintable)) {
+    if (mod == null) {
       return v1;
     }
-    mod.taintObject(SourceTypes.REQUEST_QUERY, uri);
+    mod.taint(uri, SourceTypes.REQUEST_QUERY);
 
     return v1;
   }
diff --git a/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/ParameterDirectivesImplInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/ParameterDirectivesImplInstrumentation.java
index 1be72c41bcb..3ec1eb1ee3c 100644
--- a/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/ParameterDirectivesImplInstrumentation.java
+++ b/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/ParameterDirectivesImplInstrumentation.java
@@ -69,7 +69,7 @@ public void adviceTransformations(AdviceTransformation transformation) {
 
   static class FilterAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(
         @Advice.Argument(0) String paramName,
         @Advice.Return(readOnly = false) Directive /*<Tuple1<?>>*/ retval) {
@@ -84,7 +84,7 @@ static void after(
 
   static class RepeatedFilterAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     static void after(
         @Advice.Argument(0) String paramName,
         @Advice.Return(readOnly = false) Directive /*<Tuple1<Iterable<?>>>*/ retval) {
diff --git a/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/helpers/TaintParametersFunction.java b/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/helpers/TaintParametersFunction.java
index 213ee7638e1..87008ac5ab4 100644
--- a/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/helpers/TaintParametersFunction.java
+++ b/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/helpers/TaintParametersFunction.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.akkahttp102.iast.helpers;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
@@ -33,15 +34,16 @@ public Tuple1<T> apply(Tuple1<T> v1) {
     }
 
     if (value instanceof Iterable) {
-      Iterator iterator = ((Iterable) value).iterator();
+      final IastContext ctx = IastContext.Provider.get();
+      Iterator<?> iterator = ((Iterable<?>) value).iterator();
       while (iterator.hasNext()) {
         Object o = iterator.next();
         if (o instanceof String) {
-          mod.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) o);
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     } else if (value instanceof String) {
-      mod.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) value);
+      mod.taint((String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientDecorator.java b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientDecorator.java
index c16307d1a0e..5f9e44fd6df 100644
--- a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientDecorator.java
+++ b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientDecorator.java
@@ -1,20 +1,18 @@
 package datadog.trace.instrumentation.apachehttpasyncclient;
 
-import datadog.trace.bootstrap.instrumentation.api.URIUtils;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpClientDecorator;
 import java.net.URI;
 import java.net.URISyntaxException;
 import org.apache.http.Header;
-import org.apache.http.HttpRequest;
 import org.apache.http.HttpResponse;
-import org.apache.http.RequestLine;
 import org.apache.http.StatusLine;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.protocol.HttpCoreContext;
 
-public class ApacheHttpAsyncClientDecorator extends HttpClientDecorator<HttpRequest, HttpContext> {
+public class ApacheHttpAsyncClientDecorator
+    extends HttpClientDecorator<HttpUriRequest, HttpContext> {
 
   public static final CharSequence APACHE_HTTPASYNCCLIENT =
       UTF8BytesString.create("apache-httpasyncclient");
@@ -34,28 +32,13 @@ protected CharSequence component() {
   }
 
   @Override
-  protected String method(final HttpRequest request) {
-    if (request instanceof HttpUriRequest) {
-      return ((HttpUriRequest) request).getMethod();
-    } else {
-      final RequestLine requestLine = request.getRequestLine();
-      return requestLine == null ? null : requestLine.getMethod();
-    }
+  protected String method(final HttpUriRequest request) {
+    return request.getMethod();
   }
 
   @Override
-  protected URI url(final HttpRequest request) throws URISyntaxException {
-    /*
-     * Note: this is essentially an optimization: HttpUriRequest allows quicker access to required information.
-     * The downside is that we need to load HttpUriRequest which essentially means we depend on httpasyncclient
-     * library depending on httpclient library. Currently this seems to be the case.
-     */
-    if (request instanceof HttpUriRequest) {
-      return ((HttpUriRequest) request).getURI();
-    } else {
-      final RequestLine requestLine = request.getRequestLine();
-      return requestLine == null ? null : URIUtils.safeParse(requestLine.getUri());
-    }
+  protected URI url(final HttpUriRequest request) throws URISyntaxException {
+    return request.getURI();
   }
 
   @Override
@@ -71,7 +54,7 @@ protected int status(final HttpContext context) {
   }
 
   @Override
-  protected String getRequestHeader(HttpRequest request, String headerName) {
+  protected String getRequestHeader(HttpUriRequest request, String headerName) {
     Header header = request.getFirstHeader(headerName);
     if (header != null) {
       return header.getValue();
diff --git a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientInstrumentation.java b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientInstrumentation.java
index 228e97a3524..815737bfb9f 100644
--- a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientInstrumentation.java
+++ b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/ApacheHttpAsyncClientInstrumentation.java
@@ -63,7 +63,8 @@ public String[] helperClassNames() {
       packageName + ".HttpHeadersInjectAdapter",
       packageName + ".DelegatingRequestProducer",
       packageName + ".TraceContinuedFutureCallback",
-      packageName + ".ApacheHttpAsyncClientDecorator"
+      packageName + ".ApacheHttpAsyncClientDecorator",
+      packageName + ".HostAndRequestAsHttpUriRequest"
     };
   }
 
diff --git a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/DelegatingRequestProducer.java b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/DelegatingRequestProducer.java
index 3c4a4b8f18f..c39f1d54fa3 100644
--- a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/DelegatingRequestProducer.java
+++ b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/DelegatingRequestProducer.java
@@ -32,7 +32,7 @@ public HttpHost getTarget() {
   @Override
   public HttpRequest generateRequest() throws IOException, HttpException {
     final HttpRequest request = delegate.generateRequest();
-    DECORATE.onRequest(span, request);
+    DECORATE.onRequest(span, new HostAndRequestAsHttpUriRequest(delegate.getTarget(), request));
 
     propagate().inject(span, request, SETTER);
     propagate()
diff --git a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/HostAndRequestAsHttpUriRequest.java b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/HostAndRequestAsHttpUriRequest.java
new file mode 100644
index 00000000000..7bf1f316b60
--- /dev/null
+++ b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/main/java/datadog/trace/instrumentation/apachehttpasyncclient/HostAndRequestAsHttpUriRequest.java
@@ -0,0 +1,78 @@
+package datadog.trace.instrumentation.apachehttpasyncclient;
+
+import datadog.trace.api.Config;
+import datadog.trace.bootstrap.instrumentation.api.URIUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequest;
+import org.apache.http.ProtocolVersion;
+import org.apache.http.RequestLine;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.message.AbstractHttpMessage;
+
+/** Wraps HttpHost and HttpRequest into a HttpUriRequest for decorators and injectors */
+public class HostAndRequestAsHttpUriRequest extends AbstractHttpMessage implements HttpUriRequest {
+  // other versions are not affected by this url parsing bug
+  private static final boolean legacyTracingEnabled =
+      Config.get().isLegacyTracingEnabled(false, "httpasyncclient4");
+  private final String method;
+  private final RequestLine requestLine;
+  private final ProtocolVersion protocolVersion;
+  private final java.net.URI uri;
+  private final HttpRequest actualRequest;
+
+  public HostAndRequestAsHttpUriRequest(final HttpHost httpHost, final HttpRequest httpRequest) {
+    method = httpRequest.getRequestLine().getMethod();
+    requestLine = httpRequest.getRequestLine();
+    protocolVersion = requestLine.getProtocolVersion();
+    uri =
+        legacyTracingEnabled
+            ? URIUtils.safeParse(requestLine.getUri())
+            : URIUtils.safeConcat(httpHost.toURI(), requestLine.getUri());
+    actualRequest = httpRequest;
+  }
+
+  @Override
+  public void abort() throws UnsupportedOperationException {
+    throw new UnsupportedOperationException();
+  }
+
+  @Override
+  public boolean isAborted() {
+    return false;
+  }
+
+  @Override
+  public void setHeader(final String name, final String value) {
+    actualRequest.setHeader(name, value);
+  }
+
+  @Override
+  public String getMethod() {
+    return method;
+  }
+
+  @Override
+  public RequestLine getRequestLine() {
+    return requestLine;
+  }
+
+  @Override
+  public ProtocolVersion getProtocolVersion() {
+    return protocolVersion;
+  }
+
+  @Override
+  public java.net.URI getURI() {
+    return uri;
+  }
+
+  @Override
+  public Header getFirstHeader(String name) {
+    return actualRequest.getFirstHeader(name);
+  }
+
+  public HttpRequest getActualRequest() {
+    return actualRequest;
+  }
+}
diff --git a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/test/groovy/ApacheHttpAsyncClientTest.groovy b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/test/groovy/ApacheHttpAsyncClientTest.groovy
index 2a778d568cf..bc57def64cf 100644
--- a/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/test/groovy/ApacheHttpAsyncClientTest.groovy
+++ b/dd-java-agent/instrumentation/apache-httpasyncclient-4/src/test/groovy/ApacheHttpAsyncClientTest.groovy
@@ -1,8 +1,11 @@
+import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.base.HttpClientTest
 import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
 import datadog.trace.instrumentation.apachehttpasyncclient.ApacheHttpAsyncClientDecorator
+import org.apache.http.HttpHost
 import org.apache.http.HttpResponse
 import org.apache.http.client.config.RequestConfig
+import org.apache.http.client.utils.URIBuilder
 import org.apache.http.concurrent.FutureCallback
 import org.apache.http.impl.nio.client.HttpAsyncClients
 import org.apache.http.message.BasicHeader
@@ -29,9 +32,17 @@ abstract class ApacheHttpAsyncClientTest extends HttpClientTest {
     client.start()
   }
 
+  protected HttpUriRequest createRequest(String method, URI uri) {
+    new HttpUriRequest(method, uri)
+  }
+
+  protected HttpResponse executeRequest(HttpUriRequest request, URI uri, FutureCallback<HttpResponse> handler) {
+    client.execute(request, handler).get()
+  }
+
   @Override
   int doRequest(String method, URI uri, Map<String, String> headers, String body, Closure callback) {
-    def request = new HttpUriRequest(method, uri)
+    def request = createRequest(method, uri)
     headers.entrySet().each {
       request.addHeader(new BasicHeader(it.key, it.value))
     }
@@ -58,7 +69,7 @@ abstract class ApacheHttpAsyncClientTest extends HttpClientTest {
       }
 
     try {
-      def response = client.execute(request, handler).get()
+      def response = executeRequest(request, uri, handler)
       response.entity?.content?.close() // Make sure the connection is closed.
       latch.await()
       response.statusLine.statusCode
@@ -83,8 +94,49 @@ abstract class ApacheHttpAsyncClientTest extends HttpClientTest {
   }
 }
 
-class ApacheHttpAsyncClientV0ForkedTest extends ApacheHttpAsyncClientTest implements TestingGenericHttpNamingConventions.ClientV0 {
+class ApacheHttpAsyncClientV0Test extends ApacheHttpAsyncClientTest implements TestingGenericHttpNamingConventions.ClientV0 {
 }
 
 class ApacheHttpAsyncClientV1ForkedTest extends ApacheHttpAsyncClientTest implements TestingGenericHttpNamingConventions.ClientV1 {
 }
+
+class ApacheHttpAsyncClientHostRequestTest extends ApacheHttpAsyncClientV0Test {
+
+  def relativizeUri(URI uri) {
+    new URIBuilder(uri).setHost(null).setPort(-1).setScheme(null).build()
+  }
+
+  @Override
+  protected HttpUriRequest createRequest(String method, URI uri) {
+    new HttpUriRequest(method, relativizeUri(uri))
+  }
+
+  @Override
+  protected HttpResponse executeRequest(HttpUriRequest request, URI uri, FutureCallback<HttpResponse> handler) {
+    client.execute(new HttpHost(uri.getHost(), uri.getPort()), request, handler).get()
+  }
+}
+
+class ApacheHttpAsyncClientHostRequestLegacyForkedTest extends ApacheHttpAsyncClientHostRequestTest {
+  @Override
+  void setup() {
+    injectSysConfig("httpasyncclient4.legacy.tracing.enabled", "true")
+  }
+
+  @Override
+  void clientSpan(
+    TraceAssert trace,
+    Object parentSpan,
+    String method,
+    boolean renameService,
+    boolean tagQueryString,
+    URI uri,
+    Integer status,
+    boolean error,
+    Throwable exception,
+    boolean ignorePeer,
+    Map<String, Serializable> extraTags) {
+    super.clientSpan(trace, parentSpan, method, false,  // spit-by-host is also buggy since host info is missing
+      tagQueryString, relativizeUri(uri), status, error, exception, true, extraTags)
+  }
+}
diff --git a/dd-java-agent/instrumentation/apache-httpclient-4/src/main/java/datadog/trace/instrumentation/apachehttpclient/HostAndRequestAsHttpUriRequest.java b/dd-java-agent/instrumentation/apache-httpclient-4/src/main/java/datadog/trace/instrumentation/apachehttpclient/HostAndRequestAsHttpUriRequest.java
index 87ec223000b..4d7a7ffc929 100644
--- a/dd-java-agent/instrumentation/apache-httpclient-4/src/main/java/datadog/trace/instrumentation/apachehttpclient/HostAndRequestAsHttpUriRequest.java
+++ b/dd-java-agent/instrumentation/apache-httpclient-4/src/main/java/datadog/trace/instrumentation/apachehttpclient/HostAndRequestAsHttpUriRequest.java
@@ -1,7 +1,6 @@
 package datadog.trace.instrumentation.apachehttpclient;
 
-import java.net.URI;
-import java.net.URISyntaxException;
+import datadog.trace.bootstrap.instrumentation.api.URIUtils;
 import org.apache.http.Header;
 import org.apache.http.HttpHost;
 import org.apache.http.HttpRequest;
@@ -25,14 +24,7 @@ public HostAndRequestAsHttpUriRequest(final HttpHost httpHost, final HttpRequest
     method = httpRequest.getRequestLine().getMethod();
     requestLine = httpRequest.getRequestLine();
     protocolVersion = requestLine.getProtocolVersion();
-
-    URI calculatedURI;
-    try {
-      calculatedURI = new URI(httpHost.toURI() + httpRequest.getRequestLine().getUri());
-    } catch (final URISyntaxException e) {
-      calculatedURI = null;
-    }
-    uri = calculatedURI;
+    uri = URIUtils.safeConcat(httpHost.toURI(), requestLine.getUri());
     actualRequest = httpRequest;
   }
 
diff --git a/dd-java-agent/instrumentation/armeria-grpc/build.gradle b/dd-java-agent/instrumentation/armeria-grpc/build.gradle
new file mode 100644
index 00000000000..f6a9d253ee3
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/build.gradle
@@ -0,0 +1,65 @@
+plugins {
+  id 'com.google.protobuf' version '0.8.18'
+}
+
+muzzle {
+  pass {
+    group = "com.linecorp.armeria"
+    module = "armeria-grpc"
+    versions = "[0.84.0,)"
+    assertInverse true
+    skipVersions += "1.3.0" // com.linecorp.armeria.common.grpc.protocol.ArmeriaMessageDeframer is missing in this one version
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'idea'
+
+// First version with Mac M1 support
+def protocVersion = '3.17.3'
+def grpcVersion = '1.42.2'
+protobuf {
+  protoc {
+    // Download compiler rather than using locally installed version:
+    // First version with Mac M1 support
+    artifact = "com.google.protobuf:protoc:${protocVersion}"
+  }
+  plugins {
+    // First version with aarch support
+    grpc {
+      artifact = "io.grpc:protoc-gen-grpc-java:${grpcVersion}"
+    }
+  }
+  generateProtoTasks {
+    all()*.plugins {
+      grpc {}
+    }
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+addTestSuiteExtendingForDir('latestDepForkedTest', 'latestDepTest', 'test')
+
+apply from: "$rootDir/gradle/configure_tests.gradle"
+
+latestDepTest {
+  finalizedBy 'latestDepForkedTest'
+}
+
+dependencies {
+  compileOnly group: 'com.linecorp.armeria', name: 'armeria-grpc', version: '0.84.0'
+  compileOnly group: 'com.linecorp.armeria', name: 'armeria-grpc-protocol', version: '0.84.0'
+
+  testImplementation group: 'com.linecorp.armeria', name: 'armeria-grpc', version: '1.0.0'
+  testImplementation group: 'com.linecorp.armeria', name: 'armeria-junit4', version: '1.0.0'
+  testImplementation group: 'com.google.protobuf', name: 'protobuf-java', version: protocVersion
+  testImplementation group: 'io.grpc', name: 'grpc-stub', version: grpcVersion
+  testImplementation group: 'javax.annotation', name: 'javax.annotation-api', version: '1.3.2'
+  testImplementation project(':dd-java-agent:instrumentation:grpc-1.5')
+  testImplementation project(':dd-java-agent:instrumentation:netty-3.8')
+  testImplementation project(':dd-java-agent:instrumentation:netty-4.0')
+  testImplementation project(':dd-java-agent:instrumentation:netty-4.1')
+
+  latestDepTestImplementation sourceSets.test.output // include the protobuf generated classes
+  latestDepTestImplementation group: 'com.linecorp.armeria', name: 'armeria-grpc', version: '1.+'
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/ArmeriaMessageDeframerInstrumentation.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/ArmeriaMessageDeframerInstrumentation.java
new file mode 100644
index 00000000000..d9253f2244d
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/ArmeriaMessageDeframerInstrumentation.java
@@ -0,0 +1,119 @@
+package datadog.trace.instrumentation.armeria.grpc.client;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import com.linecorp.armeria.common.grpc.protocol.ArmeriaMessageDeframer;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.grpc.ClientCall;
+import java.util.HashMap;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class ArmeriaMessageDeframerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+  public ArmeriaMessageDeframerInstrumentation() {
+    super("armeria-grpc-client", "armeria-grpc", "armeria", "grpc-client", "grpc");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "com.linecorp.armeria.common.grpc.protocol.ArmeriaMessageDeframer";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return named(hierarchyMarkerType()).or(extendsClass(named(hierarchyMarkerType())));
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStore = new HashMap<>(4);
+    contextStore.put("io.grpc.ClientCall", AgentSpan.class.getName());
+    contextStore.put(hierarchyMarkerType(), "io.grpc.ClientCall");
+    return contextStore;
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(
+                takesArgument(
+                    0,
+                    named(
+                        "com.linecorp.armeria.common.grpc.protocol.ArmeriaMessageDeframer$Listener"))),
+        getClass().getName() + "$CaptureClientCallArg0");
+    transformation.applyAdvice(
+        isConstructor()
+            .and(
+                takesArgument(
+                    2, named("com.linecorp.armeria.internal.common.grpc.TransportStatusListener"))),
+        getClass().getName() + "$CaptureClientCallArg2");
+    transformation.applyAdvice(
+        isMethod().and(named("process").or(named("deframe"))),
+        getClass().getName() + "$ActivateSpan");
+  }
+
+  public static final class CaptureClientCallArg0 {
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodExit
+    public static void capture(
+        @Advice.This ArmeriaMessageDeframer messageDeframer,
+        @Advice.Argument(0) Object clientCall) {
+      if (clientCall instanceof ClientCall) {
+        InstrumentationContext.get(ArmeriaMessageDeframer.class, ClientCall.class)
+            .put(messageDeframer, (ClientCall) clientCall);
+      }
+    }
+  }
+
+  public static final class CaptureClientCallArg2 {
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodExit
+    public static void capture(
+        @Advice.This ArmeriaMessageDeframer messageDeframer,
+        @Advice.Argument(2) Object clientCall) {
+      if (clientCall instanceof ClientCall) {
+        InstrumentationContext.get(ArmeriaMessageDeframer.class, ClientCall.class)
+            .put(messageDeframer, (ClientCall) clientCall);
+      }
+    }
+  }
+
+  public static final class ActivateSpan {
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.This ArmeriaMessageDeframer messageDeframer) {
+      ClientCall clientCall =
+          InstrumentationContext.get(ArmeriaMessageDeframer.class, ClientCall.class)
+              .get(messageDeframer);
+      if (clientCall != null) {
+        AgentSpan span =
+            InstrumentationContext.get(ClientCall.class, AgentSpan.class).get(clientCall);
+        if (null != span) {
+          return activateSpan(span);
+        }
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Enter AgentScope scope) {
+      if (null != scope) {
+        scope.close();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/ClientCallImplInstrumentation.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/ClientCallImplInstrumentation.java
new file mode 100644
index 00000000000..1c0eaa475b9
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/ClientCallImplInstrumentation.java
@@ -0,0 +1,237 @@
+package datadog.trace.instrumentation.armeria.grpc.client;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.instrumentation.armeria.grpc.client.GrpcClientDecorator.CLIENT_PATHWAY_EDGE_TAGS;
+import static datadog.trace.instrumentation.armeria.grpc.client.GrpcClientDecorator.DECORATE;
+import static datadog.trace.instrumentation.armeria.grpc.client.GrpcClientDecorator.GRPC_MESSAGE;
+import static datadog.trace.instrumentation.armeria.grpc.client.GrpcClientDecorator.OPERATION_NAME;
+import static datadog.trace.instrumentation.armeria.grpc.client.GrpcInjectAdapter.SETTER;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.grpc.ClientCall;
+import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
+import io.grpc.Status;
+import io.grpc.StatusException;
+import java.util.Collections;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public final class ClientCallImplInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public ClientCallImplInstrumentation() {
+    super("armeria-grpc-client", "armeria-grpc", "armeria", "grpc-client", "grpc");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap("io.grpc.ClientCall", AgentSpan.class.getName());
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.linecorp.armeria.internal.client.grpc.ArmeriaClientCall";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return new Reference[] {
+      new Reference(
+          new String[0],
+          1,
+          "com.linecorp.armeria.common.grpc.protocol.ArmeriaMessageDeframer",
+          null,
+          new String[0],
+          new Reference.Field[0],
+          new Reference.Method[0])
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".GrpcClientDecorator",
+      packageName + ".GrpcClientDecorator$1",
+      packageName + ".GrpcInjectAdapter"
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor().and(takesArgument(4, named("io.grpc.MethodDescriptor"))),
+        getClass().getName() + "$CaptureCall");
+    transformation.applyAdvice(named("start").and(isMethod()), getClass().getName() + "$Start");
+    transformation.applyAdvice(named("cancel").and(isMethod()), getClass().getName() + "$Cancel");
+    transformation.applyAdvice(
+        named("request")
+            .and(isMethod())
+            .and(takesArguments(int.class))
+            .or(isMethod().and(named("halfClose").and(takesArguments(0)))),
+        getClass().getName() + "$ActivateSpan");
+    transformation.applyAdvice(
+        named("sendMessage").and(isMethod()), getClass().getName() + "$SendMessage");
+    transformation.applyAdvice(
+        named("close").and(isMethod().and(takesArguments(2))),
+        getClass().getName() + "$CloseObserver");
+    transformation.applyAdvice(
+        named("onNext").or(named("messageRead")), getClass().getName() + "$ReceiveMessages");
+  }
+
+  public static final class CaptureCall {
+    @Advice.OnMethodExit
+    public static void capture(
+        @Advice.This ClientCall<?, ?> call, @Advice.Argument(4) MethodDescriptor<?, ?> method) {
+      AgentSpan span = DECORATE.startCall(method);
+      if (null != span) {
+        InstrumentationContext.get(ClientCall.class, AgentSpan.class).put(call, span);
+      }
+    }
+  }
+
+  public static final class Start {
+    @Advice.OnMethodEnter
+    public static <T> AgentScope before(
+        @Advice.This ClientCall<?, ?> call,
+        @Advice.Argument(0) ClientCall.Listener<T> responseListener,
+        @Advice.Argument(1) Metadata headers,
+        @Advice.Local("$$ddSpan") AgentSpan span) {
+      if (null != responseListener && null != headers) {
+        span = InstrumentationContext.get(ClientCall.class, AgentSpan.class).get(call);
+        if (null != span) {
+          propagate().inject(span, headers, SETTER);
+          propagate().injectPathwayContext(span, headers, SETTER, CLIENT_PATHWAY_EDGE_TAGS);
+          return activateSpan(span);
+        }
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(
+        @Advice.Enter AgentScope scope,
+        @Advice.Thrown Throwable error,
+        @Advice.Local("$$ddSpan") AgentSpan span)
+        throws Throwable {
+      if (null != scope) {
+        scope.close();
+      }
+      if (null != error && null != span) {
+        DECORATE.onError(span, error);
+        DECORATE.beforeFinish(span);
+        span.finish();
+        throw error;
+      }
+    }
+  }
+
+  public static final class ActivateSpan {
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.This ClientCall<?, ?> call) {
+      AgentSpan span = InstrumentationContext.get(ClientCall.class, AgentSpan.class).get(call);
+      if (null != span) {
+        return activateSpan(span);
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Enter AgentScope scope) {
+      if (null != scope) {
+        scope.close();
+      }
+    }
+  }
+
+  public static final class SendMessage {
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.This ClientCall<?, ?> call) {
+      // could create a message span here for the request
+      AgentSpan span = InstrumentationContext.get(ClientCall.class, AgentSpan.class).get(call);
+      if (span != null) {
+        return activateSpan(span);
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Enter AgentScope scope) {
+      if (null != scope) {
+        scope.close();
+      }
+    }
+  }
+
+  public static final class Cancel {
+    @Advice.OnMethodEnter
+    public static void before(
+        @Advice.This ClientCall<?, ?> call, @Advice.Argument(1) Throwable cause) {
+      AgentSpan span = InstrumentationContext.get(ClientCall.class, AgentSpan.class).remove(call);
+      if (null != span) {
+        if (cause instanceof StatusException) {
+          DECORATE.onClose(span, ((StatusException) cause).getStatus());
+        }
+        span.finish();
+      }
+    }
+  }
+
+  public static final class CloseObserver {
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.This ClientCall<?, ?> call) {
+      // could create a message span here for the request
+      AgentSpan span = InstrumentationContext.get(ClientCall.class, AgentSpan.class).remove(call);
+      if (span != null) {
+        return activateSpan(span);
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void closeObserver(
+        @Advice.Enter AgentScope scope, @Advice.Argument(0) Status status) {
+      if (null != scope) {
+        DECORATE.onClose(scope.span(), status);
+        scope.span().finish();
+        scope.close();
+      }
+    }
+  }
+
+  public static final class ReceiveMessages {
+    @Advice.OnMethodEnter
+    public static AgentScope before() {
+      AgentSpan clientSpan = activeSpan();
+      if (clientSpan != null && OPERATION_NAME.equals(clientSpan.getOperationName())) {
+        AgentSpan messageSpan =
+            startSpan(GRPC_MESSAGE).setTag("message.type", clientSpan.getTag("response.type"));
+        DECORATE.afterStart(messageSpan);
+        return activateSpan(messageSpan);
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Enter AgentScope scope) {
+      if (null != scope) {
+        scope.span().finish();
+        scope.close();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcClientDecorator.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcClientDecorator.java
new file mode 100644
index 00000000000..7a6f76d200a
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcClientDecorator.java
@@ -0,0 +1,124 @@
+package datadog.trace.instrumentation.armeria.grpc.client;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_OUT;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.GenericClassValue;
+import datadog.trace.api.cache.DDCache;
+import datadog.trace.api.cache.DDCaches;
+import datadog.trace.api.naming.SpanNaming;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.ClientDecorator;
+import io.grpc.MethodDescriptor;
+import io.grpc.Status;
+import java.util.BitSet;
+import java.util.LinkedHashMap;
+import java.util.Set;
+import java.util.function.Function;
+
+public class GrpcClientDecorator extends ClientDecorator {
+  public static final CharSequence OPERATION_NAME =
+      UTF8BytesString.create(
+          SpanNaming.instance().namingSchema().client().operationForProtocol("grpc"));
+  public static final CharSequence COMPONENT_NAME = UTF8BytesString.create("armeria-grpc-client");
+  public static final CharSequence GRPC_MESSAGE = UTF8BytesString.create("grpc.message");
+
+  private static LinkedHashMap<String, String> createClientPathwaySortedTags() {
+    LinkedHashMap<String, String> result = new LinkedHashMap<>();
+    result.put(DIRECTION_TAG, DIRECTION_OUT);
+    result.put(TYPE_TAG, "grpc");
+    return result;
+  }
+
+  public static final LinkedHashMap<String, String> CLIENT_PATHWAY_EDGE_TAGS =
+      createClientPathwaySortedTags();
+
+  public static final GrpcClientDecorator DECORATE = new GrpcClientDecorator();
+
+  private static final Set<String> IGNORED_METHODS = Config.get().getGrpcIgnoredOutboundMethods();
+  private static final BitSet CLIENT_ERROR_STATUSES = Config.get().getGrpcClientErrorStatuses();
+
+  private static final ClassValue<UTF8BytesString> MESSAGE_TYPES =
+      GenericClassValue.of(
+          // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
+          new Function<Class<?>, UTF8BytesString>() {
+            @Override
+            public UTF8BytesString apply(Class<?> input) {
+              return UTF8BytesString.create(input.getName());
+            }
+          });
+
+  private static final DDCache<String, String> RPC_SERVICE_CACHE = DDCaches.newFixedSizeCache(64);
+
+  public UTF8BytesString requestMessageType(MethodDescriptor<?, ?> method) {
+    return messageType(method.getRequestMarshaller());
+  }
+
+  public UTF8BytesString responseMessageType(MethodDescriptor<?, ?> method) {
+    return messageType(method.getResponseMarshaller());
+  }
+
+  private UTF8BytesString messageType(MethodDescriptor.Marshaller<?> marshaller) {
+    return marshaller instanceof MethodDescriptor.ReflectableMarshaller
+        ? MESSAGE_TYPES.get(
+            ((MethodDescriptor.ReflectableMarshaller<?>) marshaller).getMessageClass())
+        : null;
+  }
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"armeria-grpc-client", "armeria-grpc", "armeria", "grpc-client", "grpc"};
+  }
+
+  @Override
+  protected CharSequence component() {
+    return COMPONENT_NAME;
+  }
+
+  @Override
+  protected CharSequence spanType() {
+    return InternalSpanTypes.RPC;
+  }
+
+  @Override
+  protected String service() {
+    return null;
+  }
+
+  public <ReqT, RespT> AgentSpan startCall(MethodDescriptor<ReqT, RespT> method) {
+    if (IGNORED_METHODS.contains(method.getFullMethodName())) {
+      return null;
+    }
+    AgentSpan span =
+        startSpan(OPERATION_NAME)
+            .setTag("request.type", requestMessageType(method))
+            .setTag("response.type", responseMessageType(method))
+            // method.getServiceName() may not be available on some grpc versions
+            .setTag(
+                Tags.RPC_SERVICE,
+                RPC_SERVICE_CACHE.computeIfAbsent(
+                    method.getFullMethodName(), MethodDescriptor::extractFullServiceName));
+    span.setResourceName(method.getFullMethodName());
+    return afterStart(span);
+  }
+
+  public AgentSpan onClose(final AgentSpan span, final Status status) {
+
+    span.setTag("status.code", status.getCode().name());
+    span.setTag("status.description", status.getDescription());
+
+    // TODO why is there a mismatch between client / server for calling the onError method?
+    onError(span, status.getCause());
+    if (CLIENT_ERROR_STATUSES.get(status.getCode().value())) {
+      span.setError(true);
+    }
+
+    return span;
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcInjectAdapter.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcInjectAdapter.java
new file mode 100644
index 00000000000..829035ae383
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/client/GrpcInjectAdapter.java
@@ -0,0 +1,14 @@
+package datadog.trace.instrumentation.armeria.grpc.client;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import io.grpc.Metadata;
+
+public final class GrpcInjectAdapter implements AgentPropagation.Setter<Metadata> {
+
+  public static final GrpcInjectAdapter SETTER = new GrpcInjectAdapter();
+
+  @Override
+  public void set(final Metadata carrier, final String key, final String value) {
+    carrier.put(Metadata.Key.of(key, Metadata.ASCII_STRING_MARSHALLER), value);
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/GrpcExtractAdapter.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/GrpcExtractAdapter.java
new file mode 100644
index 00000000000..e358e7a0632
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/GrpcExtractAdapter.java
@@ -0,0 +1,21 @@
+package datadog.trace.instrumentation.armeria.grpc.server;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import io.grpc.Metadata;
+
+public final class GrpcExtractAdapter implements AgentPropagation.ContextVisitor<Metadata> {
+
+  public static final GrpcExtractAdapter GETTER = new GrpcExtractAdapter();
+
+  @Override
+  public void forEachKey(Metadata carrier, AgentPropagation.KeyClassifier classifier) {
+    for (String key : carrier.keys()) {
+      if (!key.endsWith(Metadata.BINARY_HEADER_SUFFIX) && !key.startsWith(":")) {
+        if (!classifier.accept(
+            key, carrier.get(Metadata.Key.of(key, Metadata.ASCII_STRING_MARSHALLER)))) {
+          return;
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/GrpcServerDecorator.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/GrpcServerDecorator.java
new file mode 100644
index 00000000000..de5058948e2
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/GrpcServerDecorator.java
@@ -0,0 +1,111 @@
+package datadog.trace.instrumentation.armeria.grpc.server;
+
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_IN;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.cache.DDCache;
+import datadog.trace.api.cache.DDCaches;
+import datadog.trace.api.naming.SpanNaming;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.ServerDecorator;
+import io.grpc.ServerCall;
+import io.grpc.Status;
+import java.util.BitSet;
+import java.util.LinkedHashMap;
+import java.util.function.Function;
+
+public class GrpcServerDecorator extends ServerDecorator {
+
+  private static final boolean TRIM_RESOURCE_PACKAGE_NAME =
+      Config.get().isGrpcServerTrimPackageResource();
+  private static final BitSet SERVER_ERROR_STATUSES = Config.get().getGrpcServerErrorStatuses();
+
+  public static final CharSequence GRPC_SERVER =
+      UTF8BytesString.create(
+          SpanNaming.instance().namingSchema().server().operationForProtocol("grpc"));
+  public static final CharSequence COMPONENT_NAME = UTF8BytesString.create("armeria-grpc-server");
+  public static final CharSequence GRPC_MESSAGE = UTF8BytesString.create("grpc.message");
+
+  private static final LinkedHashMap<String, String> createServerPathwaySortedTags() {
+    LinkedHashMap<String, String> result = new LinkedHashMap<>();
+    result.put(DIRECTION_TAG, DIRECTION_IN);
+    result.put(TYPE_TAG, "grpc");
+    return result;
+  }
+
+  public static final LinkedHashMap<String, String> SERVER_PATHWAY_EDGE_TAGS =
+      createServerPathwaySortedTags();
+  public static final GrpcServerDecorator DECORATE = new GrpcServerDecorator();
+
+  private static final Function<String, String> NORMALIZE =
+      // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
+      new Function<String, String>() {
+        @Override
+        public String apply(String fullName) {
+          int index = fullName.lastIndexOf(".");
+          if (index > 0) {
+            return fullName.substring(index + 1);
+          } else {
+            return fullName;
+          }
+        }
+      };
+
+  private final DDCache<String, String> cachedResourceNames;
+
+  public GrpcServerDecorator() {
+    if (TRIM_RESOURCE_PACKAGE_NAME) {
+      cachedResourceNames = DDCaches.newFixedSizeCache(512);
+    } else {
+      cachedResourceNames = null;
+    }
+  }
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"armeria-grpc-server", "armeria-grpc", "armeria", "grpc-server", "grpc"};
+  }
+
+  @Override
+  protected CharSequence spanType() {
+    return InternalSpanTypes.RPC;
+  }
+
+  @Override
+  protected CharSequence component() {
+    return COMPONENT_NAME;
+  }
+
+  @Override
+  public AgentSpan afterStart(final AgentSpan span) {
+    span.setMeasured(true);
+    return super.afterStart(span);
+  }
+
+  public <RespT, ReqT> AgentSpan onCall(final AgentSpan span, ServerCall<ReqT, RespT> call) {
+    if (TRIM_RESOURCE_PACKAGE_NAME) {
+      span.setResourceName(
+          cachedResourceNames.computeIfAbsent(
+              call.getMethodDescriptor().getFullMethodName(), NORMALIZE));
+    } else {
+      span.setResourceName(call.getMethodDescriptor().getFullMethodName());
+    }
+    return span;
+  }
+
+  public AgentSpan onClose(final AgentSpan span, final Status status) {
+    span.setTag("status.code", status.getCode().name());
+    span.setTag("status.description", status.getDescription());
+
+    if (SERVER_ERROR_STATUSES.get(status.getCode().value())) {
+      onError(span, status.getCause());
+      span.setError(true);
+    }
+
+    return span;
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/HandlerRegistryBuilderInstrumentation.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/HandlerRegistryBuilderInstrumentation.java
new file mode 100644
index 00000000000..521c54d83d5
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/HandlerRegistryBuilderInstrumentation.java
@@ -0,0 +1,70 @@
+package datadog.trace.instrumentation.armeria.grpc.server;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import io.grpc.ServerInterceptors;
+import io.grpc.ServerServiceDefinition;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class HandlerRegistryBuilderInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public HandlerRegistryBuilderInstrumentation() {
+    super("armeria-grpc-server", "armeria-grpc", "armeria", "grpc-server", "grpc");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.linecorp.armeria.server.grpc.HandlerRegistry$Builder";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return new Reference[] {
+      new Reference(
+          new String[0],
+          1,
+          "com.linecorp.armeria.common.grpc.protocol.ArmeriaMessageDeframer",
+          null,
+          new String[0],
+          new Reference.Field[0],
+          new Reference.Method[0])
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".GrpcServerDecorator",
+      packageName + ".GrpcServerDecorator$1",
+      packageName + ".GrpcExtractAdapter",
+      packageName + ".TracingServerInterceptor",
+      packageName + ".TracingServerInterceptor$TracingServerCall",
+      packageName + ".TracingServerInterceptor$TracingServerCallListener",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("addService"))
+            .and(takesArgument(0, named("io.grpc.ServerServiceDefinition"))),
+        getClass().getName() + "$AddService");
+  }
+
+  public static final class AddService {
+    @Advice.OnMethodEnter
+    public static void before(
+        @Advice.Argument(value = 0, readOnly = false)
+            ServerServiceDefinition serverServiceDefinition) {
+      serverServiceDefinition =
+          ServerInterceptors.intercept(serverServiceDefinition, TracingServerInterceptor.INSTANCE);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/TracingServerInterceptor.java b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/TracingServerInterceptor.java
new file mode 100644
index 00000000000..158c7c72d01
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/main/java/datadog/trace/instrumentation/armeria/grpc/server/TracingServerInterceptor.java
@@ -0,0 +1,349 @@
+package datadog.trace.instrumentation.armeria.grpc.server;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.instrumentation.armeria.grpc.server.GrpcExtractAdapter.GETTER;
+import static datadog.trace.instrumentation.armeria.grpc.server.GrpcServerDecorator.DECORATE;
+import static datadog.trace.instrumentation.armeria.grpc.server.GrpcServerDecorator.GRPC_MESSAGE;
+import static datadog.trace.instrumentation.armeria.grpc.server.GrpcServerDecorator.GRPC_SERVER;
+import static datadog.trace.instrumentation.armeria.grpc.server.GrpcServerDecorator.SERVER_PATHWAY_EDGE_TAGS;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.function.TriConsumer;
+import datadog.trace.api.function.TriFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.IGSpanInfo;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.TagContext;
+import io.grpc.ForwardingServerCall;
+import io.grpc.ForwardingServerCallListener;
+import io.grpc.Grpc;
+import io.grpc.Metadata;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
+import io.grpc.Status;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.util.Set;
+import java.util.concurrent.CancellationException;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import java.util.function.Supplier;
+import javax.annotation.Nonnull;
+
+public class TracingServerInterceptor implements ServerInterceptor {
+
+  public static final TracingServerInterceptor INSTANCE = new TracingServerInterceptor();
+  private static final Set<String> IGNORED_METHODS = Config.get().getGrpcIgnoredInboundMethods();
+
+  private TracingServerInterceptor() {}
+
+  protected static AgentTracer.TracerAPI tracer() {
+    return AgentTracer.get();
+  }
+
+  @Override
+  public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
+      final ServerCall<ReqT, RespT> call,
+      final Metadata headers,
+      final ServerCallHandler<ReqT, RespT> next) {
+    if (IGNORED_METHODS.contains(call.getMethodDescriptor().getFullMethodName())) {
+      return next.startCall(call, headers);
+    }
+
+    Context spanContext = propagate().extract(headers, GETTER);
+    AgentTracer.TracerAPI tracer = tracer();
+    spanContext = callIGCallbackRequestStarted(tracer, spanContext);
+
+    CallbackProvider cbp = tracer.getCallbackProvider(RequestContextSlot.APPSEC);
+    final AgentSpan span =
+        startSpan(DECORATE.instrumentationNames()[0], GRPC_SERVER, spanContext).setMeasured(true);
+
+    AgentTracer.get()
+        .getDataStreamsMonitoring()
+        .setCheckpoint(span, SERVER_PATHWAY_EDGE_TAGS, 0, 0);
+
+    RequestContext reqContext = span.getRequestContext();
+    if (reqContext != null) {
+      callIGCallbackClientAddress(cbp, reqContext, call);
+      callIGCallbackHeaders(cbp, reqContext, headers);
+    }
+
+    DECORATE.afterStart(span);
+    DECORATE.onCall(span, call);
+
+    final ServerCall.Listener<ReqT> result;
+    try (AgentScope scope = activateSpan(span)) {
+      // Wrap the server call so that we can decorate the span
+      // with the resulting status
+      final TracingServerCall<ReqT, RespT> tracingServerCall = new TracingServerCall<>(span, call);
+      // call other interceptors
+      result = next.startCall(tracingServerCall, headers);
+    } catch (final Throwable e) {
+      if (span.phasedFinish()) {
+        DECORATE.onError(span, e);
+        DECORATE.beforeFinish(span);
+        callIGCallbackRequestEnded(span);
+        span.publish();
+      }
+      throw e;
+    }
+
+    // This ensures the server implementation can see the span in scope
+    return new TracingServerCallListener<>(span, result);
+  }
+
+  static final class TracingServerCall<ReqT, RespT>
+      extends ForwardingServerCall.SimpleForwardingServerCall<ReqT, RespT> {
+    final AgentSpan span;
+
+    TracingServerCall(final AgentSpan span, final ServerCall<ReqT, RespT> delegate) {
+      super(delegate);
+      this.span = span;
+    }
+
+    @Override
+    public void close(final Status status, final Metadata trailers) {
+      DECORATE.onClose(span, status);
+      try (final AgentScope scope = activateSpan(span)) {
+        delegate().close(status, trailers);
+      } catch (final Throwable e) {
+        DECORATE.onError(span, e);
+        throw e;
+      } finally {
+        if (span.phasedFinish()) {
+          DECORATE.beforeFinish(span);
+          callIGCallbackRequestEnded(span);
+          span.publish();
+        }
+      }
+    }
+  }
+
+  public static final class TracingServerCallListener<ReqT>
+      extends ForwardingServerCallListener.SimpleForwardingServerCallListener<ReqT> {
+    private final AgentSpan span;
+
+    TracingServerCallListener(final AgentSpan span, final ServerCall.Listener<ReqT> delegate) {
+      super(delegate);
+      this.span = span;
+    }
+
+    @Override
+    public void onMessage(final ReqT message) {
+      final AgentSpan msgSpan =
+          startSpan(DECORATE.instrumentationNames()[0], GRPC_MESSAGE, this.span.context())
+              .setTag("message.type", message.getClass().getName());
+      DECORATE.afterStart(msgSpan);
+      try (AgentScope scope = activateSpan(msgSpan)) {
+        callIGCallbackGrpcMessage(msgSpan, message);
+        delegate().onMessage(message);
+      } catch (final Throwable e) {
+        // I'm not convinced we should actually be finishing the span here...
+        if (span.phasedFinish()) {
+          DECORATE.onError(msgSpan, e);
+          DECORATE.beforeFinish(span);
+          callIGCallbackRequestEnded(span);
+          span.publish();
+        }
+        throw e;
+      } finally {
+        DECORATE.beforeFinish(msgSpan);
+        msgSpan.finish();
+      }
+    }
+
+    @Override
+    public void onHalfClose() {
+      try (final AgentScope scope = activateSpan(span)) {
+        delegate().onHalfClose();
+      } catch (final Throwable e) {
+        if (span.phasedFinish()) {
+          DECORATE.onError(span, e);
+          DECORATE.beforeFinish(span);
+          callIGCallbackRequestEnded(span);
+          span.publish();
+        }
+        throw e;
+      }
+    }
+
+    @Override
+    public void onCancel() {
+      // Finishes span.
+      try (final AgentScope scope = activateSpan(span)) {
+        delegate().onCancel();
+        span.setTag("canceled", true);
+      } catch (CancellationException e) {
+        // No need to report an exception or mark as error that it was canceled.
+        throw e;
+      } catch (final Throwable e) {
+        DECORATE.onError(span, e);
+        throw e;
+      } finally {
+        if (span.phasedFinish()) {
+          DECORATE.beforeFinish(span);
+          callIGCallbackRequestEnded(span);
+          span.publish();
+        }
+      }
+    }
+
+    @Override
+    public void onComplete() {
+      // Finishes span.
+      try (final AgentScope scope = activateSpan(span)) {
+        delegate().onComplete();
+      } catch (final Throwable e) {
+        DECORATE.onError(span, e);
+        throw e;
+      } finally {
+        /**
+         * grpc has quite a few states that can finish the span. rather than track down the correct
+         * combination of them to exclusively finish the span, use phasedFinish.
+         */
+        if (span.phasedFinish()) {
+          DECORATE.beforeFinish(span);
+          callIGCallbackRequestEnded(span);
+          span.publish();
+        }
+      }
+    }
+
+    @Override
+    public void onReady() {
+      try (final AgentScope scope = activateSpan(span)) {
+        delegate().onReady();
+      } catch (final Throwable e) {
+        if (span.phasedFinish()) {
+          DECORATE.onError(span, e);
+          DECORATE.beforeFinish(span);
+          callIGCallbackRequestEnded(span);
+          span.publish();
+        }
+        throw e;
+      }
+    }
+  }
+
+  // IG helpers follow
+
+  private static Context callIGCallbackRequestStarted(AgentTracer.TracerAPI cbp, Context context) {
+    Supplier<Flow<Object>> startedCbAppSec =
+        cbp.getCallbackProvider(RequestContextSlot.APPSEC).getCallback(EVENTS.requestStarted());
+    Supplier<Flow<Object>> startedCbIast =
+        cbp.getCallbackProvider(RequestContextSlot.IAST).getCallback(EVENTS.requestStarted());
+
+    if (startedCbAppSec == null && startedCbIast == null) {
+      return context;
+    }
+
+    TagContext tagContext = null;
+    if (context == null) {
+      tagContext = new TagContext();
+    } else if (context instanceof TagContext) {
+      tagContext = (TagContext) context;
+    }
+    if (tagContext != null) {
+      if (startedCbAppSec != null) {
+        Flow<Object> flowAppSec = startedCbAppSec.get();
+        tagContext.withRequestContextDataAppSec(flowAppSec.getResult());
+      }
+      if (startedCbIast != null) {
+        Flow<Object> flowIast = startedCbIast.get();
+        tagContext.withRequestContextDataIast(flowIast.getResult());
+      }
+      return tagContext;
+    }
+
+    return context;
+  }
+
+  private static <ReqT, RespT> void callIGCallbackClientAddress(
+      CallbackProvider cbp, RequestContext ctx, ServerCall<ReqT, RespT> call) {
+    SocketAddress socketAddress = call.getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR);
+    TriFunction<RequestContext, String, Integer, Flow<Void>> cb =
+        cbp.getCallback(EVENTS.requestClientSocketAddress());
+    if (socketAddress == null || !(socketAddress instanceof InetSocketAddress) || cb == null) {
+      return;
+    }
+
+    InetSocketAddress inetSockAddr = (InetSocketAddress) socketAddress;
+    cb.apply(ctx, inetSockAddr.getHostString(), inetSockAddr.getPort());
+  }
+
+  private static void callIGCallbackHeaders(
+      CallbackProvider cbp, RequestContext reqCtx, Metadata metadata) {
+    TriConsumer<RequestContext, String, String> headerCb = cbp.getCallback(EVENTS.requestHeader());
+    Function<RequestContext, Flow<Void>> headerEndCb = cbp.getCallback(EVENTS.requestHeaderDone());
+    if (headerCb == null || headerEndCb == null) {
+      return;
+    }
+    for (String key : metadata.keys()) {
+      if (!key.endsWith(Metadata.BINARY_HEADER_SUFFIX) && !key.startsWith(":")) {
+        Metadata.Key<String> mdKey = Metadata.Key.of(key, Metadata.ASCII_STRING_MARSHALLER);
+        for (String value : metadata.getAll(mdKey)) {
+          headerCb.accept(reqCtx, key, value);
+        }
+      }
+    }
+
+    headerEndCb.apply(reqCtx);
+  }
+
+  private static void callIGCallbackRequestEnded(@Nonnull final AgentSpan span) {
+    CallbackProvider cbp = tracer().getUniversalCallbackProvider();
+    if (cbp == null) {
+      return;
+    }
+    RequestContext requestContext = span.getRequestContext();
+    if (requestContext != null) {
+      BiFunction<RequestContext, IGSpanInfo, Flow<Void>> callback =
+          cbp.getCallback(EVENTS.requestEnded());
+      if (callback != null) {
+        callback.apply(requestContext, span);
+      }
+    }
+  }
+
+  private static void callIGCallbackGrpcMessage(@Nonnull final AgentSpan span, Object obj) {
+    if (obj == null) {
+      return;
+    }
+
+    CallbackProvider cbpAppsec = tracer().getCallbackProvider(RequestContextSlot.APPSEC);
+    CallbackProvider cbpIast = tracer().getCallbackProvider(RequestContextSlot.IAST);
+    if (cbpAppsec == null && cbpIast == null) {
+      return;
+    }
+    RequestContext requestContext = span.getRequestContext();
+    if (requestContext == null) {
+      return;
+    }
+
+    if (cbpAppsec != null) {
+      BiFunction<RequestContext, Object, Flow<Void>> callback =
+          cbpAppsec.getCallback(EVENTS.grpcServerRequestMessage());
+      if (callback != null) {
+        callback.apply(requestContext, obj);
+      }
+    }
+
+    if (cbpIast != null) {
+      BiFunction<RequestContext, Object, Flow<Void>> callback =
+          cbpIast.getCallback(EVENTS.grpcServerRequestMessage());
+      if (callback != null) {
+        callback.apply(requestContext, obj);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/test/groovy/ArmeriaGrpcStreamingTest.groovy b/dd-java-agent/instrumentation/armeria-grpc/src/test/groovy/ArmeriaGrpcStreamingTest.groovy
new file mode 100644
index 00000000000..f07e6bdbd9d
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/test/groovy/ArmeriaGrpcStreamingTest.groovy
@@ -0,0 +1,283 @@
+import com.linecorp.armeria.client.Clients
+import com.linecorp.armeria.common.SessionProtocol
+import com.linecorp.armeria.common.grpc.GrpcSerializationFormats
+import com.linecorp.armeria.server.Server
+import com.linecorp.armeria.server.ServerBuilder
+import com.linecorp.armeria.server.grpc.GrpcService
+import com.linecorp.armeria.testing.junit4.server.ServerRule
+import datadog.trace.agent.test.naming.VersionedNamingTestBase
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import example.GreeterGrpc
+import example.Helloworld
+import io.grpc.stub.StreamObserver
+
+import java.time.Duration
+import java.util.concurrent.CopyOnWriteArrayList
+import java.util.concurrent.atomic.AtomicReference
+
+abstract class ArmeriaGrpcStreamingTest extends VersionedNamingTestBase {
+
+  @Override
+  final String service() {
+    return null
+  }
+
+  @Override
+  final String operation() {
+    return null
+  }
+
+  final Duration timeoutDuration() {
+    return Duration.ofSeconds(5)
+  }
+
+  protected abstract String clientOperation()
+
+  protected abstract String serverOperation()
+
+  @Override
+  boolean useStrictTraceWrites() {
+    false
+  }
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig("dd.trace.grpc.ignored.inbound.methods", "example.Greeter/IgnoreInbound")
+    injectSysConfig("dd.trace.grpc.ignored.outbound.methods", "example.Greeter/Ignore")
+    // here to trigger wrapping to record scheduling time - the logic is trivial so it's enough to verify
+    // that ClassCastExceptions do not arise from the wrapping
+    injectSysConfig("dd.profiling.enabled", "true")
+  }
+
+  def "test conversation #name"() {
+    setup:
+
+    def msgCount = serverMessageCount
+    def serverReceived = new CopyOnWriteArrayList<>()
+    def clientReceived = new CopyOnWriteArrayList<>()
+    def error = new AtomicReference()
+
+    ServerRule serverRule = new ServerRule() {
+        @Override
+        protected void configure(ServerBuilder sb) throws Exception {
+          sb.service(GrpcService.builder().addService(new GreeterGrpc.GreeterImplBase() {
+              @Override
+              StreamObserver<Helloworld.Response> conversation(StreamObserver<Helloworld.Response> observer) {
+                return new StreamObserver<Helloworld.Response>() {
+                    @Override
+                    void onNext(Helloworld.Response value) {
+
+                      serverReceived << value.message
+
+                      (1..msgCount).each {
+                        if (TEST_TRACER.activeScope().isAsyncPropagating()) {
+                          observer.onNext(value)
+                        } else {
+                          observer.onError(new IllegalStateException("not async propagating!"))
+                        }
+                      }
+                    }
+
+                    @Override
+                    void onError(Throwable t) {
+                      if (TEST_TRACER.activeScope().isAsyncPropagating()) {
+                        error.set(t)
+                        observer.onError(t)
+                      } else {
+                        observer.onError(new IllegalStateException("not async propagating!"))
+                      }
+                    }
+
+                    @Override
+                    void onCompleted() {
+                      if (TEST_TRACER.activeScope().isAsyncPropagating()) {
+                        observer.onCompleted()
+                      } else {
+                        observer.onError(new IllegalStateException("not async propagating!"))
+                      }
+                    }
+                  }
+              }
+            }).build())
+        }
+      }
+    serverRule.configure(Server.builder().requestTimeout(timeoutDuration()))
+    serverRule.start()
+
+    GreeterGrpc.GreeterStub client = Clients.builder(serverRule.uri(SessionProtocol.HTTP, GrpcSerializationFormats.PROTO))
+      .writeTimeout(timeoutDuration())
+      .responseTimeout(timeoutDuration())
+      .build(GreeterGrpc.GreeterStub)
+
+    when:
+    def streamObserver = client.conversation(new StreamObserver<Helloworld.Response>() {
+        @Override
+        void onNext(Helloworld.Response value) {
+          if (TEST_TRACER.activeScope().isAsyncPropagating()) {
+            clientReceived << value.message
+          } else {
+            error.set(new IllegalStateException("not async propagating!"))
+          }
+        }
+
+        @Override
+        void onError(Throwable t) {
+          if (TEST_TRACER.activeScope().isAsyncPropagating()) {
+            error.set(t)
+          } else {
+            error.set(new IllegalStateException("not async propagating!"))
+          }
+        }
+
+        @Override
+        void onCompleted() {
+          if (!TEST_TRACER.activeScope().isAsyncPropagating()) {
+            error.set(new IllegalStateException("not async propagating!"))
+          }
+        }
+      })
+
+    clientRange.each {
+      def message = Helloworld.Response.newBuilder().setMessage("call $it").build()
+      streamObserver.onNext(message)
+    }
+    streamObserver.onCompleted()
+
+    then:
+    error.get() == null
+    TEST_WRITER.waitForTraces(2)
+    error.get() == null
+    serverReceived == clientRange.collect { "call $it" }
+    clientReceived == serverRange.collect {
+      clientRange.collect {
+        "call $it"
+      }
+    }.flatten().sort()
+
+    assertTraces(2) {
+      trace((clientMessageCount * serverMessageCount) + 1) {
+        sortSpansByStart()
+        span {
+          operationName clientOperation()
+          resourceName "example.Greeter/Conversation"
+          spanType DDSpanTypes.RPC
+          parent()
+          errored false
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.RPC_SERVICE" "example.Greeter"
+            "status.code" "OK"
+            "request.type" "example.Helloworld\$Response"
+            "response.type" "example.Helloworld\$Response"
+            peerServiceFrom(Tags.RPC_SERVICE)
+            defaultTags()
+          }
+        }
+        (1..(clientMessageCount * serverMessageCount)).each {
+          span {
+            operationName "grpc.message"
+            resourceName "grpc.message"
+            spanType DDSpanTypes.RPC
+            childOf span(0)
+            errored false
+            tags {
+              "$Tags.COMPONENT" "armeria-grpc-client"
+              "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+              "message.type" "example.Helloworld\$Response"
+              defaultTagsNoPeerService()
+            }
+          }
+        }
+      }
+      trace(clientMessageCount + 1) {
+        sortSpansByStart()
+        span {
+          operationName serverOperation()
+          resourceName "example.Greeter/Conversation"
+          spanType DDSpanTypes.RPC
+          childOf trace(0).get(0)
+          errored false
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "status.code" "OK"
+            defaultTags(true)
+          }
+        }
+        clientRange.each {
+          span {
+            operationName "grpc.message"
+            resourceName "grpc.message"
+            spanType DDSpanTypes.RPC
+            childOf span(0)
+            errored false
+            tags {
+              "$Tags.COMPONENT" "armeria-grpc-server"
+              "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+              "message.type" "example.Helloworld\$Response"
+              defaultTags()
+            }
+          }
+        }
+      }
+    }
+
+    cleanup:
+    serverRule.stop()
+
+    where:
+    name | clientMessageCount | serverMessageCount
+    "A"  | 1                  | 1
+    "B"  | 2                  | 1
+    "C"  | 1                  | 2
+    "D"  | 2                  | 2
+    "E"  | 3                  | 3
+    "A"  | 1                  | 1
+    "B"  | 2                  | 1
+    "C"  | 1                  | 2
+    "D"  | 2                  | 2
+    "E"  | 3                  | 3
+
+    clientRange = 1..clientMessageCount
+    serverRange = 1..serverMessageCount
+  }
+}
+
+class ArmeriaGrpcStreamingV0ForkedTest extends ArmeriaGrpcStreamingTest {
+
+  @Override
+  int version() {
+    return 0
+  }
+
+  @Override
+  protected String clientOperation() {
+    return "grpc.client"
+  }
+
+  @Override
+  protected String serverOperation() {
+    return "grpc.server"
+  }
+}
+
+class ArmeriaGrpcStreamingV1ForkedTest extends ArmeriaGrpcStreamingTest {
+
+  @Override
+  int version() {
+    return 1
+  }
+
+  @Override
+  protected String clientOperation() {
+    return "grpc.client.request"
+  }
+
+  @Override
+  protected String serverOperation() {
+    return "grpc.server.request"
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/test/groovy/ArmeriaGrpcTest.groovy b/dd-java-agent/instrumentation/armeria-grpc/src/test/groovy/ArmeriaGrpcTest.groovy
new file mode 100644
index 00000000000..4f93259bedb
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/test/groovy/ArmeriaGrpcTest.groovy
@@ -0,0 +1,730 @@
+import com.google.common.util.concurrent.ListenableFuture
+import com.linecorp.armeria.client.Clients
+import com.linecorp.armeria.common.SessionProtocol
+import com.linecorp.armeria.common.grpc.GrpcSerializationFormats
+import com.linecorp.armeria.server.Server
+import com.linecorp.armeria.server.ServerBuilder
+import com.linecorp.armeria.server.grpc.GrpcService
+import com.linecorp.armeria.testing.junit4.server.ServerRule
+import datadog.trace.agent.test.naming.VersionedNamingTestBase
+import datadog.trace.api.DDSpanId
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.DDTags
+import datadog.trace.api.function.TriConsumer
+import datadog.trace.api.gateway.Flow
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.datastreams.StatsGroup
+import datadog.trace.instrumentation.armeria.grpc.server.GrpcExtractAdapter
+import example.GreeterGrpc
+import example.Helloworld
+import io.grpc.Metadata
+import io.grpc.Status
+import io.grpc.StatusRuntimeException
+import io.grpc.stub.StreamObserver
+import spock.lang.Shared
+
+import java.time.Duration
+import java.util.concurrent.ExecutorService
+import java.util.concurrent.Executors
+import java.util.function.BiFunction
+import java.util.function.Function
+import java.util.function.Supplier
+
+import static datadog.trace.agent.test.utils.TraceUtils.basicSpan
+import static datadog.trace.agent.test.utils.TraceUtils.runUnderTrace
+import static datadog.trace.api.gateway.Events.EVENTS
+
+abstract class ArmeriaGrpcTest extends VersionedNamingTestBase {
+
+  @Shared
+  def ig
+
+  def collectedAppSecHeaders = [:]
+  boolean appSecHeaderDone = false
+  def collectedAppSecReqMsgs = []
+
+  final Duration timeoutDuration() {
+    return Duration.ofSeconds(5)
+  }
+
+  @Override
+  final String service() {
+    return null
+  }
+
+  @Override
+  final String operation() {
+    return null
+  }
+
+  protected abstract String clientOperation()
+
+  protected abstract String serverOperation()
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig("dd.trace.grpc.ignored.inbound.methods", "example.Greeter/IgnoreInbound")
+    injectSysConfig("dd.trace.grpc.ignored.outbound.methods", "example.Greeter/Ignore")
+    // here to trigger wrapping to record scheduling time - the logic is trivial so it's enough to verify
+    // that ClassCastExceptions do not arise from the wrapping
+    injectSysConfig("dd.profiling.enabled", "true")
+  }
+
+  @Override
+  boolean useStrictTraceWrites() {
+    false
+  }
+
+  def setupSpec() {
+    ig = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC)
+  }
+
+  def setup() {
+    ig.registerCallback(EVENTS.requestStarted(), { -> new Flow.ResultFlow(new Object()) } as Supplier<Flow>)
+    ig.registerCallback(EVENTS.requestHeader(), { reqCtx, name, value ->
+      collectedAppSecHeaders[name] = value
+    } as TriConsumer<RequestContext, String, String>)
+    ig.registerCallback(EVENTS.requestHeaderDone(), {
+      appSecHeaderDone = true
+      Flow.ResultFlow.empty()
+    } as Function<RequestContext, Flow<Void>>)
+    ig.registerCallback(EVENTS.grpcServerRequestMessage(), { reqCtx, obj ->
+      collectedAppSecReqMsgs << obj
+      Flow.ResultFlow.empty()
+    } as BiFunction<RequestContext, Object, Flow<Void>>)
+  }
+
+  def cleanup() {
+    ig.reset()
+  }
+
+  def "test request-response"() {
+    setup:
+    ExecutorService responseExecutor = Executors.newSingleThreadExecutor()
+    ServerRule serverRule = new ServerRule() {
+        @Override
+        protected void configure(ServerBuilder sb) throws Exception {
+          sb.service(GrpcService.builder().addService(new GreeterGrpc.GreeterImplBase() {
+              @Override
+              void sayHello(
+                final Helloworld.Request req, final StreamObserver<Helloworld.Response> responseObserver) {
+                final Helloworld.Response reply = Helloworld.Response.newBuilder().setMessage("Hello $req.name").build()
+                responseExecutor.execute {
+                  if (TEST_TRACER.activeSpan() == null) {
+                    responseObserver.onError(new IllegalStateException("no active span"))
+                  } else {
+                    responseObserver.onNext(reply)
+                    responseObserver.onCompleted()
+                  }
+                }
+              }
+            }).build())
+        }
+      }
+    serverRule.configure(Server.builder().requestTimeout(timeoutDuration()))
+    serverRule.start()
+
+    GreeterGrpc.GreeterFutureStub client = Clients.builder(serverRule.uri(SessionProtocol.HTTP, GrpcSerializationFormats.PROTO))
+      .writeTimeout(timeoutDuration())
+      .responseTimeout(timeoutDuration())
+      .build(GreeterGrpc.GreeterFutureStub)
+
+
+    def response = null
+
+    when:
+    runUnderTrace("parent") {
+      ListenableFuture<Helloworld.Response> responseListenableFuture = client.sayHello(Helloworld.Request.newBuilder().setName(name).build())
+      response = responseListenableFuture.get()
+    }
+    // wait here to make checkpoint asserts deterministic
+    TEST_WRITER.waitForTraces(2)
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(2)
+    }
+
+    then:
+    response.message == "Hello $name"
+    assertTraces(2) {
+      sortSpansByStart()
+      trace(3) {
+        basicSpan(it, "parent")
+        span {
+          operationName clientOperation()
+          resourceName "example.Greeter/SayHello"
+          spanType DDSpanTypes.RPC
+          childOf span(0)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.RPC_SERVICE" "example.Greeter"
+            "status.code" "OK"
+            "request.type" "example.Helloworld\$Request"
+            "response.type" "example.Helloworld\$Response"
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            peerServiceFrom(Tags.RPC_SERVICE)
+            defaultTags()
+          }
+        }
+        span {
+          operationName "grpc.message"
+          resourceName "grpc.message"
+          spanType DDSpanTypes.RPC
+          childOf span(1)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "message.type" "example.Helloworld\$Response"
+            defaultTagsNoPeerService()
+          }
+        }
+      }
+      trace(2) {
+        span {
+          operationName serverOperation()
+          resourceName "example.Greeter/SayHello"
+          spanType DDSpanTypes.RPC
+          childOf trace(0).get(1)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "status.code" "OK"
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            defaultTags(true)
+          }
+        }
+        span {
+          operationName "grpc.message"
+          resourceName "grpc.message"
+          spanType DDSpanTypes.RPC
+          childOf span(0)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "message.type" "example.Helloworld\$Request"
+            defaultTags()
+          }
+        }
+      }
+    }
+
+    and:
+    def traceId = TEST_WRITER[0].traceId.first()
+    traceId.toLong() as String == collectedAppSecHeaders['x-datadog-trace-id']
+    collectedAppSecReqMsgs.size() == 1
+    collectedAppSecReqMsgs.first().name == name
+
+    and:
+    if (isDataStreamsEnabled()) {
+      StatsGroup first = TEST_DATA_STREAMS_WRITER.groups.find { it.parentHash == 0 }
+      verifyAll(first) {
+        edgeTags.containsAll(["direction:out", "type:grpc"])
+        edgeTags.size() == 2
+      }
+
+      StatsGroup second = TEST_DATA_STREAMS_WRITER.groups.find { it.parentHash == first.hash }
+      verifyAll(second) {
+        edgeTags.containsAll(["direction:in", "type:grpc"])
+        edgeTags.size() == 2
+      }
+    }
+
+    cleanup:
+    serverRule.stop().get()
+
+    where:
+    name << ["some name", "some other name"]
+  }
+
+  def "test error - #name"() {
+    setup:
+    def error = status.asException()
+    ServerRule serverRule = new ServerRule() {
+        @Override
+        protected void configure(ServerBuilder sb) throws Exception {
+          sb.service(GrpcService.builder().addService(new GreeterGrpc.GreeterImplBase() {
+              @Override
+              void sayHello(
+                final Helloworld.Request req, final StreamObserver<Helloworld.Response> responseObserver) {
+                responseObserver.onError(error)
+              }
+            }).build())
+        }
+      }
+    serverRule.configure(Server.builder().requestTimeout(timeoutDuration()))
+    serverRule.start()
+
+    GreeterGrpc.GreeterBlockingStub client = Clients.builder(serverRule.uri(SessionProtocol.HTTP, GrpcSerializationFormats.PROTO))
+      .writeTimeout(timeoutDuration())
+      .responseTimeout(timeoutDuration())
+      .build(GreeterGrpc.GreeterBlockingStub)
+
+    when:
+    client.sayHello(Helloworld.Request.newBuilder().setName(name).build())
+    // wait here to make checkpoint asserts deterministic
+    TEST_WRITER.waitForTraces(2)
+
+    then:
+    thrown StatusRuntimeException
+
+    assertTraces(2) {
+      sortSpansByStart()
+      trace(1) {
+        span {
+          operationName clientOperation()
+          resourceName "example.Greeter/SayHello"
+          spanType DDSpanTypes.RPC
+          parent()
+          errored true
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.RPC_SERVICE" "example.Greeter"
+            "status.code" "${status.code.name()}"
+            "status.description" description
+            "request.type" "example.Helloworld\$Request"
+            "response.type" "example.Helloworld\$Response"
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            peerServiceFrom(Tags.RPC_SERVICE)
+            defaultTags()
+          }
+        }
+      }
+      trace(2) {
+        span {
+          operationName serverOperation()
+          resourceName "example.Greeter/SayHello"
+          spanType DDSpanTypes.RPC
+          childOf trace(0).get(0)
+          errored true
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "status.code" "${status.code.name()}"
+            "status.description" description
+            "canceled" { true } // 1.0.0 handles cancellation incorrectly so accesting any value
+            if (status.cause != null) {
+              errorTags status.cause.class, status.cause.message
+            }
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            defaultTags(true)
+          }
+        }
+        span {
+          operationName "grpc.message"
+          resourceName "grpc.message"
+          spanType DDSpanTypes.RPC
+          childOf span(0)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "message.type" "example.Helloworld\$Request"
+            defaultTags()
+          }
+        }
+      }
+    }
+
+    cleanup:
+    serverRule.stop().get()
+
+    where:
+    name                          | status                                                                 | description
+    "Runtime - cause"             | Status.UNKNOWN.withCause(new RuntimeException("some error"))           | null
+    "Status - cause"              | Status.PERMISSION_DENIED.withCause(new RuntimeException("some error")) | null
+    "StatusRuntime - cause"       | Status.UNIMPLEMENTED.withCause(new RuntimeException("some error"))     | null
+    "Runtime - description"       | Status.UNKNOWN.withDescription("some description")                     | "some description"
+    "Status - description"        | Status.PERMISSION_DENIED.withDescription("some description")           | "some description"
+    "StatusRuntime - description" | Status.UNIMPLEMENTED.withDescription("some description")               | "some description"
+  }
+
+  def "test error thrown - #name"() {
+    setup:
+
+    def error = status.asRuntimeException()
+    ServerRule serverRule = new ServerRule() {
+        @Override
+        protected void configure(ServerBuilder sb) throws Exception {
+          sb.service(GrpcService.builder().addService(new GreeterGrpc.GreeterImplBase() {
+              @Override
+              void sayHello(
+                final Helloworld.Request req, final StreamObserver<Helloworld.Response> responseObserver) {
+                throw error
+              }
+            }).build())
+        }
+      }
+    serverRule.configure(Server.builder().requestTimeout(timeoutDuration()))
+    serverRule.start()
+
+    GreeterGrpc.GreeterBlockingStub client = Clients.builder(serverRule.uri(SessionProtocol.HTTP, GrpcSerializationFormats.PROTO))
+      .writeTimeout(timeoutDuration())
+      .responseTimeout(timeoutDuration())
+      .build(GreeterGrpc.GreeterBlockingStub)
+
+    when:
+    client.sayHello(Helloworld.Request.newBuilder().setName(name).build())
+    // wait here to make checkpoint asserts deterministic
+    TEST_WRITER.waitForTraces(2)
+
+    then:
+    thrown StatusRuntimeException
+
+    assertTraces(2) {
+      sortSpansByStart()
+      trace(1) {
+        span {
+          operationName clientOperation()
+          resourceName "example.Greeter/SayHello"
+          spanType DDSpanTypes.RPC
+          parent()
+          errored true
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.RPC_SERVICE" "example.Greeter"
+            "status.code" status.code.name()
+            if (status.description != null) {
+              "status.description" status.description
+            }
+            "request.type" "example.Helloworld\$Request"
+            "response.type" "example.Helloworld\$Response"
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            peerServiceFrom(Tags.RPC_SERVICE)
+            defaultTags()
+          }
+        }
+      }
+      trace(2) {
+        span {
+          operationName serverOperation()
+          resourceName "example.Greeter/SayHello"
+          spanType DDSpanTypes.RPC
+          childOf trace(0).get(0)
+          errored true
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            errorTags error.class, error.message
+            "canceled" { true } // 1.0.0 handles cancellation incorrectly so accesting any value
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            defaultTags(true)
+          }
+        }
+        span {
+          operationName "grpc.message"
+          resourceName "grpc.message"
+          spanType DDSpanTypes.RPC
+          childOf span(0)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "message.type" "example.Helloworld\$Request"
+            defaultTags()
+          }
+        }
+      }
+    }
+
+    cleanup:
+    serverRule.stop().get()
+
+    where:
+    name                          | status
+    "Runtime - cause"             | Status.UNKNOWN.withCause(new RuntimeException("some error"))
+    "Status - cause"              | Status.PERMISSION_DENIED.withCause(new RuntimeException("some error"))
+    "StatusRuntime - cause"       | Status.UNIMPLEMENTED.withCause(new RuntimeException("some error"))
+    "Runtime - description"       | Status.UNKNOWN.withDescription("some description")
+    "Status - description"        | Status.PERMISSION_DENIED.withDescription("some description")
+    "StatusRuntime - description" | Status.UNIMPLEMENTED.withDescription("some description")
+  }
+
+  def "skip binary headers"() {
+    setup:
+    def meta = new Metadata()
+    meta.put(Metadata.Key.<String> of("test", Metadata.ASCII_STRING_MARSHALLER), "val")
+    meta.put(Metadata.Key.<byte[]> of("test-bin", Metadata.BINARY_BYTE_MARSHALLER), "bin-val".bytes)
+
+    when:
+    def keys = new ArrayList()
+    GrpcExtractAdapter.GETTER.forEachKey(meta, new AgentPropagation.KeyClassifier() {
+
+        @Override
+        boolean accept(String key, String value) {
+          keys.add(key.toLowerCase())
+          return true
+        }
+      })
+
+    then:
+    keys == ["test"]
+  }
+
+  def "test ignore ignored methods"() {
+    setup:
+
+    ExecutorService responseExecutor = Executors.newSingleThreadExecutor()
+    ServerRule serverRule = new ServerRule() {
+        @Override
+        protected void configure(ServerBuilder sb) throws Exception {
+          sb.service(GrpcService.builder().addService(new GreeterGrpc.GreeterImplBase() {
+              @Override
+              void ignore(
+                final Helloworld.Request req, final StreamObserver<Helloworld.Response> responseObserver) {
+                final Helloworld.Response reply = Helloworld.Response.newBuilder().setMessage("Hello $req.name").build()
+                responseExecutor.execute {
+                  responseObserver.onNext(reply)
+                  responseObserver.onCompleted()
+                }
+              }
+            }).build())
+        }
+      }
+    serverRule.configure(Server.builder().requestTimeout(timeoutDuration()))
+    serverRule.start()
+
+    GreeterGrpc.GreeterBlockingStub client = Clients.builder(serverRule.uri(SessionProtocol.HTTP, GrpcSerializationFormats.PROTO))
+      .writeTimeout(timeoutDuration())
+      .responseTimeout(timeoutDuration())
+      .build(GreeterGrpc.GreeterBlockingStub)
+
+    when:
+    def response = runUnderTrace("parent") {
+      def resp = client.ignore(Helloworld.Request.newBuilder().setName("whatever").build())
+      return resp
+    }
+
+    then:
+    response.message == "Hello whatever"
+    assertTraces(2) {
+      sortSpansByStart()
+      trace(1) {
+        basicSpan(it, "parent")
+      }
+      trace(2) {
+        span {
+          operationName serverOperation()
+          resourceName "example.Greeter/Ignore"
+          spanType DDSpanTypes.RPC
+          parentSpanId DDSpanId.ZERO
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "status.code" "OK"
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            defaultTags(true)
+          }
+        }
+        span {
+          operationName "grpc.message"
+          resourceName "grpc.message"
+          spanType DDSpanTypes.RPC
+          childOf span(0)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-server"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+            "message.type" "example.Helloworld\$Request"
+            defaultTags()
+          }
+        }
+      }
+    }
+
+    cleanup:
+    serverRule.stop()
+  }
+
+  def "test ignore ignored inbound methods"() {
+    setup:
+
+    ExecutorService responseExecutor = Executors.newSingleThreadExecutor()
+    ServerRule serverRule = new ServerRule() {
+        @Override
+        protected void configure(ServerBuilder sb) throws Exception {
+          sb.service(GrpcService.builder().addService(new GreeterGrpc.GreeterImplBase() {
+              @Override
+              void ignoreInbound(
+                final Helloworld.Request req, final StreamObserver<Helloworld.Response> responseObserver) {
+                final Helloworld.Response reply = Helloworld.Response.newBuilder().setMessage("Hello $req.name").build()
+                responseExecutor.execute {
+                  responseObserver.onNext(reply)
+                  responseObserver.onCompleted()
+                }
+              }
+            }).build())
+        }
+      }
+    serverRule.configure(Server.builder().requestTimeout(timeoutDuration()))
+    serverRule.start()
+
+    GreeterGrpc.GreeterBlockingStub client = Clients.builder(serverRule.uri(SessionProtocol.HTTP, GrpcSerializationFormats.PROTO))
+      .writeTimeout(timeoutDuration())
+      .responseTimeout(timeoutDuration())
+      .build(GreeterGrpc.GreeterBlockingStub)
+
+    when:
+    def response = client.ignoreInbound(Helloworld.Request.newBuilder().setName("whatever").build())
+
+    then:
+    response.message == "Hello whatever"
+    assertTraces(1) {
+      sortSpansByStart()
+      trace(2) {
+        span {
+          operationName clientOperation()
+          resourceName "example.Greeter/IgnoreInbound"
+          spanType DDSpanTypes.RPC
+          parent()
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.RPC_SERVICE" "example.Greeter"
+            "status.code" "OK"
+            "request.type" "example.Helloworld\$Request"
+            "response.type" "example.Helloworld\$Response"
+            if ({ isDataStreamsEnabled() }) {
+              "$DDTags.PATHWAY_HASH" { String }
+            }
+            peerServiceFrom(Tags.RPC_SERVICE)
+            defaultTags()
+          }
+        }
+        span {
+          operationName "grpc.message"
+          resourceName "grpc.message"
+          spanType DDSpanTypes.RPC
+          childOf span(0)
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "armeria-grpc-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "message.type" "example.Helloworld\$Response"
+            defaultTagsNoPeerService()
+          }
+        }
+      }
+    }
+
+    cleanup:
+    serverRule.stop()
+  }
+}
+
+abstract class ArmeriaGrpcDataStreamsEnabledForkedTest extends ArmeriaGrpcTest {
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig("dd.data.streams.enabled", "true")
+  }
+
+  @Override
+  protected boolean isDataStreamsEnabled() {
+    return true
+  }
+}
+
+class ArmeriaGrpcDataStreamsEnabledV0ForkedTest extends ArmeriaGrpcDataStreamsEnabledForkedTest {
+
+  @Override
+  int version() {
+    return 0
+  }
+
+  @Override
+  protected String clientOperation() {
+    return "grpc.client"
+  }
+
+  @Override
+  protected String serverOperation() {
+    return "grpc.server"
+  }
+}
+
+class ArmeriaGrpcDataStreamsEnabledV1ForkedTest extends ArmeriaGrpcDataStreamsEnabledForkedTest {
+
+  @Override
+  int version() {
+    return 1
+  }
+
+  @Override
+  protected String clientOperation() {
+    return "grpc.client.request"
+  }
+
+  @Override
+  protected String serverOperation() {
+    return "grpc.server.request"
+  }
+}
+
+class ArmeriaGrpcDataStreamsDisabledForkedTest extends ArmeriaGrpcTest {
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig("dd.data.streams.enabled", "false")
+  }
+
+  @Override
+  protected boolean isDataStreamsEnabled() {
+    return false
+  }
+
+  @Override
+  int version() {
+    return 0
+  }
+
+  @Override
+  protected String clientOperation() {
+    return "grpc.client"
+  }
+
+  @Override
+  protected String serverOperation() {
+    return "grpc.server"
+  }
+}
diff --git a/dd-java-agent/instrumentation/armeria-grpc/src/test/proto/helloworld.proto b/dd-java-agent/instrumentation/armeria-grpc/src/test/proto/helloworld.proto
new file mode 100644
index 00000000000..26d9919e53e
--- /dev/null
+++ b/dd-java-agent/instrumentation/armeria-grpc/src/test/proto/helloworld.proto
@@ -0,0 +1,25 @@
+syntax = "proto3";
+
+package example;
+
+service Greeter {
+  rpc SayHello (Request) returns (Response) {
+  }
+
+  rpc Conversation (stream Response) returns (stream Response) {
+  }
+
+  rpc Ignore (Request) returns (Response) {
+  }
+
+  rpc IgnoreInbound (Request) returns (Response) {
+  }
+}
+
+message Request {
+  string name = 1;
+}
+
+message Response {
+  string message = 1;
+}
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/build.gradle b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/build.gradle
index 82bf01ca4a5..2e036a050e1 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/build.gradle
+++ b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/build.gradle
@@ -23,7 +23,15 @@ apply from: "$rootDir/gradle/java.gradle"
 // We test older version in separate test set to test newer version and latest deps in the 'default'
 // test dir. Otherwise we get strange warnings in Idea.
 addTestSuite('test_before_1_11_106')
+addTestSuiteExtendingForDir('test_before_1_11_106ForkedTest', 'test_before_1_11_106', 'test_before_1_11_106')
+
 addTestSuiteForDir('latestDepTest', 'test')
+addTestSuiteExtendingForDir('latestDepForkedTest', 'latestDepTest', 'test')
+
+addTestSuite('kinesisDsmTest')
+addTestSuiteExtendingForDir('kinesisDsmForkedTest', 'kinesisDsmTest', 'kinesisDsmTest')
+addTestSuiteForDir('latestKinesisDsmTest', 'kinesisDsmTest')
+addTestSuiteExtendingForDir('latestKinesisDsmForkedTest', 'latestKinesisDsmTest', 'kinesisDsmTest')
 
 dependencies {
   compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.0'
@@ -78,6 +86,9 @@ dependencies {
     }
   }
 
+  kinesisDsmTestImplementation group: 'com.amazonaws', name: 'aws-java-sdk-kinesis', version: '1.12.366'
+  latestKinesisDsmTestImplementation group: 'com.amazonaws', name: 'aws-java-sdk-kinesis', version: '+'
+
   latestDepTestImplementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '+'
   latestDepTestImplementation group: 'com.amazonaws', name: 'aws-java-sdk-rds', version: '+'
   latestDepTestImplementation group: 'com.amazonaws', name: 'aws-java-sdk-ec2', version: '+'
@@ -90,3 +101,7 @@ dependencies {
 tasks.named("test").configure {
   dependsOn "test_before_1_11_106"
 }
+
+tasks.named("forkedTest").configure {
+  dependsOn "test_before_1_11_106ForkedTest"
+}
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/kinesisDsmTest/groovy/AWS1KinesisClientTest.groovy b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/kinesisDsmTest/groovy/AWS1KinesisClientTest.groovy
new file mode 100644
index 00000000000..738b2ac1bb2
--- /dev/null
+++ b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/kinesisDsmTest/groovy/AWS1KinesisClientTest.groovy
@@ -0,0 +1,225 @@
+import com.amazonaws.auth.AWSStaticCredentialsProvider
+import com.amazonaws.auth.AnonymousAWSCredentials
+import com.amazonaws.client.builder.AwsClientBuilder
+import com.amazonaws.services.kinesis.AmazonKinesis
+import com.amazonaws.services.kinesis.AmazonKinesisClientBuilder
+import com.amazonaws.services.kinesis.model.GetRecordsRequest
+import com.amazonaws.services.kinesis.model.PutRecordRequest
+import com.amazonaws.services.kinesis.model.PutRecordsRequest
+import com.amazonaws.services.kinesis.model.PutRecordsRequestEntry
+import datadog.trace.agent.test.naming.VersionedNamingTestBase
+import datadog.trace.api.Config
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.DDTags
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.datastreams.StatsGroup
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+import spock.util.concurrent.PollingConditions
+
+import java.nio.ByteBuffer
+import java.nio.charset.Charset
+import java.time.Instant
+import java.util.concurrent.atomic.AtomicReference
+
+import static datadog.trace.agent.test.server.http.TestHttpServer.httpServer
+
+abstract class AWS1KinesisClientTest extends VersionedNamingTestBase {
+
+  @Shared
+  def credentialsProvider = new AWSStaticCredentialsProvider(new AnonymousAWSCredentials())
+  @Shared
+  def responseBody = new AtomicReference<String>()
+  @AutoCleanup
+  @Shared
+  def server = httpServer {
+    handlers {
+      all {
+        response.status(200).send(responseBody.get())
+      }
+    }
+  }
+  @Shared
+  def endpoint = new AwsClientBuilder.EndpointConfiguration("http://localhost:$server.address.port", "us-west-2")
+
+  @Shared
+  final String streamName = "somestream"
+
+  @Shared
+  final String streamArn = "arnprefix:stream/" + streamName
+
+  @Shared
+  def timestamp = Instant.now().minusSeconds(60)
+
+  @Shared
+  def timestamp2 = timestamp.plusSeconds(1)
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    // the actual service returns cbor encoded json
+    System.setProperty("com.amazonaws.sdk.disableCbor", "true")
+  }
+
+  @Override
+  protected boolean isDataStreamsEnabled() {
+    return true
+  }
+
+  @Override
+  String operation() {
+    null
+  }
+
+  @Override
+  String service() {
+    null
+  }
+
+  abstract String expectedOperation(String awsService, String awsOperation)
+
+  abstract String expectedService(String awsService, String awsOperation)
+
+  def "send #operation request with mocked response produces #dsmStatCount stat points"() {
+    setup:
+    def conditions = new PollingConditions(timeout: 1)
+    responseBody.set(body)
+    AmazonKinesis client = AmazonKinesisClientBuilder.standard()
+      .withEndpointConfiguration(endpoint)
+      .withCredentials(credentialsProvider)
+      .build()
+
+    when:
+    def response = call.call(client)
+
+    TEST_WRITER.waitForTraces(1)
+    TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+
+    then:
+    response != null
+
+    conditions.eventually {
+      List<StatsGroup> results = TEST_DATA_STREAMS_WRITER.groups.findAll { it.parentHash == 0 }
+      assert results.size() >= 1
+      def pathwayLatencyCount = 0
+      def edgeLatencyCount = 0
+      results.each { group ->
+        pathwayLatencyCount += group.pathwayLatency.count
+        edgeLatencyCount += group.edgeLatency.count
+        verifyAll(group) {
+          edgeTags.containsAll(["direction:" + dsmDirection, "topic:" + streamArn, "type:kinesis"])
+          edgeTags.size() == 3
+        }
+      }
+      verifyAll {
+        pathwayLatencyCount == dsmStatCount
+        edgeLatencyCount == dsmStatCount
+      }
+    }
+
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService(service, operation)
+          operationName expectedOperation(service, operation)
+          resourceName "$service.$operation"
+          spanType DDSpanTypes.HTTP_CLIENT
+          errored false
+          measured true
+          parent()
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.HTTP_URL" "$server.address/"
+            "$Tags.HTTP_METHOD" "$method"
+            "$Tags.HTTP_STATUS" 200
+            "$Tags.PEER_PORT" server.address.port
+            "$Tags.PEER_HOSTNAME" "localhost"
+            "aws.service" { it.contains(service) }
+            "aws_service" { it.contains(service.toLowerCase()) }
+            "aws.endpoint" "$server.address"
+            "aws.operation" "${operation}Request"
+            "aws.agent" "java-aws-sdk"
+            "aws.stream.name" streamName
+            "streamname" streamName
+            "$DDTags.PATHWAY_HASH" { String }
+            peerServiceFrom("aws.stream.name")
+            defaultTags()
+          }
+        }
+      }
+    }
+
+    where:
+    service   | operation    | dsmDirection | dsmStatCount | method | path | call                                                                                                                                                                                                                                                                                                          | body
+    "Kinesis" | "GetRecords" | "in"         | 1            | "POST" | "/"  | { AmazonKinesis c -> c.getRecords(new GetRecordsRequest().withStreamARN(streamArn)) }                                                                                                                                                                                                                         | """{
+  "MillisBehindLatest": 2100,
+  "NextShardIterator": "AAA",
+  "Records": [
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    }
+  ]
+}"""
+    "Kinesis" | "GetRecords" | "in"         | 2            | "POST" | "/"  | { AmazonKinesis c -> c.getRecords(new GetRecordsRequest().withStreamARN(streamArn)) }                                                                                                                                                                                                                         | """{
+  "MillisBehindLatest": 2100,
+  "NextShardIterator": "AAA",
+  "Records": [
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    },
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp2.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    }
+  ]
+}"""
+    "Kinesis" | "PutRecord"  | "out"        | 1            | "POST" | "/"  | { AmazonKinesis c -> c.putRecord(new PutRecordRequest().withStreamARN(streamArn).withData(ByteBuffer.wrap("message".getBytes(Charset.forName("UTF-8"))))) }                                                                                                                                                   | ""
+    "Kinesis" | "PutRecords" | "out"        | 1            | "POST" | "/"  | { AmazonKinesis c -> c.putRecords(new PutRecordsRequest().withStreamARN(streamArn).withRecords(new PutRecordsRequestEntry().withData(ByteBuffer.wrap("message".getBytes(Charset.forName("UTF-8")))))) }                                                                                                       | ""
+    "Kinesis" | "PutRecords" | "out"        | 2            | "POST" | "/"  | { AmazonKinesis c -> c.putRecords(new PutRecordsRequest().withStreamARN(streamArn).withRecords(new PutRecordsRequestEntry().withData(ByteBuffer.wrap("message".getBytes(Charset.forName("UTF-8")))), new PutRecordsRequestEntry().withData(ByteBuffer.wrap("message".getBytes(Charset.forName("UTF-8")))))) } | ""
+  }
+}
+
+class AWS1KinesisClientV0Test extends AWS1KinesisClientTest {
+
+  @Override
+  String expectedOperation(String awsService, String awsOperation) {
+    "aws.http"
+  }
+
+  @Override
+  String expectedService(String awsService, String awsOperation) {
+    return "java-aws-sdk"
+  }
+
+  @Override
+  int version() {
+    0
+  }
+}
+
+class AWS1KinesisClientV1ForkedTest extends AWS1KinesisClientTest {
+
+  @Override
+  String expectedOperation(String awsService, String awsOperation) {
+    return "aws.${awsService.toLowerCase()}.request"
+  }
+
+  @Override
+  String expectedService(String awsService, String awsOperation) {
+    Config.get().getServiceName()
+  }
+
+  @Override
+  int version() {
+    1
+  }
+}
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/AwsSdkClientDecorator.java b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/AwsSdkClientDecorator.java
index 178e182795a..b1a7850d1a7 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/AwsSdkClientDecorator.java
+++ b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/AwsSdkClientDecorator.java
@@ -10,14 +10,18 @@
 import datadog.trace.api.DDTags;
 import datadog.trace.api.cache.DDCache;
 import datadog.trace.api.cache.DDCaches;
+import datadog.trace.api.experimental.DataStreamsContextCarrier.NoOp;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.bootstrap.instrumentation.api.InstrumentationTags;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpClientDecorator;
 import java.net.URI;
+import java.util.List;
 import java.util.Locale;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -46,6 +50,9 @@ public class AwsSdkClientDecorator extends HttpClientDecorator<Request, Response
   private static final DDCache<String, String> serviceNameCache = DDCaches.newFixedSizeCache(128);
   private static final Pattern AWS_SERVICE_NAME_PATTERN = Pattern.compile("Amazon\\s?(\\w+)");
 
+  private static final String PUT_RECORD_OPERATION_NAME = "PutRecordRequest";
+  private static final String PUT_RECORDS_OPERATION_NAME = "PutRecordsRequest";
+
   private static String simplifyServiceName(String awsServiceName) {
     return serviceNameCache.computeIfAbsent(
         awsServiceName, AwsSdkClientDecorator::applyServiceNamePattern);
@@ -69,6 +76,7 @@ public AgentSpan onRequest(final AgentSpan span, final Request request) {
     final String awsServiceName = request.getServiceName();
     final AmazonWebServiceRequest originalRequest = request.getOriginalRequest();
     final Class<?> awsOperation = originalRequest.getClass();
+    final GetterAccess access = GetterAccess.of(originalRequest);
 
     span.setTag(InstrumentationTags.AWS_AGENT, COMPONENT_NAME);
     span.setTag(InstrumentationTags.AWS_SERVICE, awsServiceName);
@@ -86,20 +94,26 @@ public AgentSpan onRequest(final AgentSpan span, final Request request) {
       case "SQS.ReceiveMessage":
       case "SQS.DeleteMessage":
       case "SQS.DeleteMessageBatch":
-        span.setServiceName(SQS_SERVICE_NAME);
+        if (SQS_SERVICE_NAME != null) {
+          span.setServiceName(SQS_SERVICE_NAME);
+        }
         break;
       case "SNS.Publish":
-        span.setServiceName(SNS_SERVICE_NAME);
+        if (SNS_SERVICE_NAME != null) {
+          span.setServiceName(SNS_SERVICE_NAME);
+        }
         break;
       default:
-        span.setServiceName(GENERIC_SERVICE_NAME);
+        if (GENERIC_SERVICE_NAME != null) {
+          span.setServiceName(GENERIC_SERVICE_NAME);
+        }
         break;
     }
 
-    RequestAccess access = RequestAccess.of(originalRequest);
-    String bucketName = access.getBucketName(originalRequest);
     String bestPrecursor = null;
     String bestPeerService = null;
+
+    String bucketName = access.getBucketName(originalRequest);
     if (null != bucketName) {
       span.setTag(InstrumentationTags.AWS_BUCKET_NAME, bucketName);
       span.setTag(InstrumentationTags.BUCKET_NAME, bucketName);
@@ -134,6 +148,17 @@ public AgentSpan onRequest(final AgentSpan span, final Request request) {
       bestPrecursor = InstrumentationTags.AWS_STREAM_NAME;
       bestPeerService = streamName;
     }
+    String streamArn = access.getStreamARN(originalRequest);
+    if (null != streamArn) {
+      int streamNameStart = streamArn.indexOf(":stream/");
+      if (streamNameStart >= 0) {
+        streamName = streamArn.substring(streamNameStart + 8);
+        span.setTag(InstrumentationTags.AWS_STREAM_NAME, streamName);
+        span.setTag(InstrumentationTags.STREAM_NAME, streamName);
+        bestPrecursor = InstrumentationTags.AWS_STREAM_NAME;
+        bestPeerService = streamName;
+      }
+    }
     String tableName = access.getTableName(originalRequest);
     if (null != tableName) {
       span.setTag(InstrumentationTags.AWS_TABLE_NAME, tableName);
@@ -149,6 +174,32 @@ public AgentSpan onRequest(final AgentSpan span, final Request request) {
       span.setTag(DDTags.PEER_SERVICE_SOURCE, bestPrecursor);
     }
 
+    if (span.traceConfig().isDataStreamsEnabled()
+        && null != streamArn
+        && "AmazonKinesis".equals(awsServiceName)) {
+      switch (awsOperation.getSimpleName()) {
+        case PUT_RECORD_OPERATION_NAME:
+          try (AgentScope scope = AgentTracer.activateSpan(span)) {
+            AgentTracer.get()
+                .getDataStreamsMonitoring()
+                .setProduceCheckpoint("kinesis", streamArn, NoOp.INSTANCE);
+          }
+          break;
+        case PUT_RECORDS_OPERATION_NAME:
+          try (AgentScope scope = AgentTracer.activateSpan(span)) {
+            List records = access.getRecords(originalRequest);
+            for (Object ignored : records) {
+              AgentTracer.get()
+                  .getDataStreamsMonitoring()
+                  .setProduceCheckpoint("kinesis", streamArn, NoOp.INSTANCE);
+            }
+          }
+          break;
+        default:
+          break;
+      }
+    }
+
     return span;
   }
 
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/GetterAccess.java b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/GetterAccess.java
new file mode 100644
index 00000000000..972864839cf
--- /dev/null
+++ b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/GetterAccess.java
@@ -0,0 +1,158 @@
+package datadog.trace.instrumentation.aws.v0;
+
+import datadog.trace.api.GenericClassValue;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+import java.util.Date;
+import java.util.List;
+import java.util.function.Function;
+import java.util.regex.Pattern;
+
+final class GetterAccess {
+  private static final ClassValue<GetterAccess> GETTER_ACCESS =
+      GenericClassValue.of(
+          // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
+          new Function<Class<?>, GetterAccess>() {
+            @Override
+            public GetterAccess apply(final Class<?> requestType) {
+              return new GetterAccess(requestType);
+            }
+          });
+
+  static GetterAccess of(final Object request) {
+    return GETTER_ACCESS.get(request.getClass());
+  }
+
+  private static final Pattern REQUEST_OPERATION_NAME_PATTERN =
+      Pattern.compile("Request", Pattern.LITERAL);
+
+  private final String operationName;
+  private final MethodHandle getBucketName;
+  private final MethodHandle getQueueUrl;
+  private final MethodHandle getQueueName;
+  private final MethodHandle getTopicArn;
+  private final MethodHandle getStreamName;
+  private final MethodHandle getStreamARN;
+  private final MethodHandle getRecords;
+  private final MethodHandle getApproximateArrivalTimestamp;
+  private final MethodHandle getTableName;
+
+  private GetterAccess(final Class<?> objectType) {
+    operationName =
+        REQUEST_OPERATION_NAME_PATTERN.matcher(objectType.getSimpleName()).replaceAll("");
+    getBucketName = findStringGetter(objectType, "getBucketName");
+    getQueueUrl = findStringGetter(objectType, "getQueueUrl");
+    getQueueName = findStringGetter(objectType, "getQueueName");
+    getTopicArn = findStringGetter(objectType, "getTopicArn");
+    getStreamName = findStringGetter(objectType, "getStreamName");
+    getStreamARN = findStringGetter(objectType, "getStreamARN");
+    getRecords = findListGetter(objectType, "getRecords");
+    getApproximateArrivalTimestamp =
+        findGetter(objectType, "getApproximateArrivalTimestamp", Date.class);
+    getTableName = findStringGetter(objectType, "getTableName");
+  }
+
+  String getOperationNameFromType() {
+    return operationName;
+  }
+
+  String getBucketName(final Object object) {
+    return invokeForString(getBucketName, object);
+  }
+
+  String getQueueUrl(final Object object) {
+    return invokeForString(getQueueUrl, object);
+  }
+
+  String getQueueName(final Object object) {
+    return invokeForString(getQueueName, object);
+  }
+
+  String getTopicArn(final Object object) {
+    return invokeForString(getTopicArn, object);
+  }
+
+  String getStreamName(final Object object) {
+    return invokeForString(getStreamName, object);
+  }
+
+  String getStreamARN(final Object object) {
+    return invokeForString(getStreamARN, object);
+  }
+
+  List getRecords(final Object object) {
+    return invokeForList(getRecords, object);
+  }
+
+  String getTableName(final Object object) {
+    return invokeForString(getTableName, object);
+  }
+
+  Date getApproximateArrivalTimestamp(final Object object) {
+    return invoke(getApproximateArrivalTimestamp, object);
+  }
+
+  private static String invokeForString(final MethodHandle method, final Object object) {
+    if (null == method) {
+      return null;
+    }
+    try {
+      return (String) method.invoke(object);
+    } catch (Throwable e) {
+      return null;
+    }
+  }
+
+  private static List invokeForList(final MethodHandle method, final Object object) {
+    if (null == method) {
+      return null;
+    }
+    try {
+      return (List) method.invoke(object);
+    } catch (Throwable e) {
+      return null;
+    }
+  }
+
+  private static <T> T invoke(final MethodHandle method, final Object object) {
+    if (null == method) {
+      return null;
+    }
+    try {
+      return (T) method.invoke(object);
+    } catch (Throwable e) {
+      return null;
+    }
+  }
+
+  private static final MethodHandles.Lookup PUBLIC_LOOKUP = MethodHandles.publicLookup();
+  private static final MethodType STRING_RETURN_TYPE = MethodType.methodType(String.class);
+  private static final MethodType LIST_RETURN_TYPE = MethodType.methodType(List.class);
+
+  private static MethodHandle findStringGetter(
+      final Class<?> requestType, final String methodName) {
+    try {
+      return PUBLIC_LOOKUP.findVirtual(requestType, methodName, STRING_RETURN_TYPE);
+    } catch (Throwable e) {
+      return null;
+    }
+  }
+
+  private static MethodHandle findListGetter(final Class<?> requestType, final String methodName) {
+    try {
+      return PUBLIC_LOOKUP.findVirtual(requestType, methodName, LIST_RETURN_TYPE);
+    } catch (Throwable e) {
+      return null;
+    }
+  }
+
+  private static MethodHandle findGetter(
+      final Class<?> pojoType, final String methodName, final Class<?> returnType) {
+    try {
+      return PUBLIC_LOOKUP.findVirtual(pojoType, methodName, MethodType.methodType(returnType));
+    } catch (Throwable e) {
+      return null;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/HandlerChainFactoryInstrumentation.java b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/HandlerChainFactoryInstrumentation.java
index 7bd51250a2c..0393dcd76c9 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/HandlerChainFactoryInstrumentation.java
+++ b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/HandlerChainFactoryInstrumentation.java
@@ -33,8 +33,8 @@ public String instrumentedType() {
   public String[] helperClassNames() {
     return new String[] {
       packageName + ".AwsSdkClientDecorator",
-      packageName + ".RequestAccess",
-      packageName + ".RequestAccess$1",
+      packageName + ".GetterAccess",
+      packageName + ".GetterAccess$1",
       packageName + ".TracingRequestHandler",
       packageName + ".AwsNameCache",
     };
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/RequestAccess.java b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/RequestAccess.java
deleted file mode 100644
index da28418660d..00000000000
--- a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/RequestAccess.java
+++ /dev/null
@@ -1,85 +0,0 @@
-package datadog.trace.instrumentation.aws.v0;
-
-import datadog.trace.api.GenericClassValue;
-import java.lang.invoke.MethodHandle;
-import java.lang.invoke.MethodHandles;
-import java.lang.invoke.MethodType;
-import java.util.function.Function;
-
-final class RequestAccess {
-  private static final ClassValue<RequestAccess> REQUEST_ACCESS =
-      GenericClassValue.of(
-          // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
-          new Function<Class<?>, RequestAccess>() {
-            @Override
-            public RequestAccess apply(final Class<?> requestType) {
-              return new RequestAccess(requestType);
-            }
-          });
-
-  static RequestAccess of(final Object request) {
-    return REQUEST_ACCESS.get(request.getClass());
-  }
-
-  private final MethodHandle getBucketName;
-  private final MethodHandle getQueueUrl;
-  private final MethodHandle getQueueName;
-  private final MethodHandle getTopicArn;
-  private final MethodHandle getStreamName;
-  private final MethodHandle getTableName;
-
-  private RequestAccess(final Class<?> requestType) {
-    getBucketName = findGetter(requestType, "getBucketName");
-    getQueueUrl = findGetter(requestType, "getQueueUrl");
-    getQueueName = findGetter(requestType, "getQueueName");
-    getTopicArn = findGetter(requestType, "getTopicArn");
-    getStreamName = findGetter(requestType, "getStreamName");
-    getTableName = findGetter(requestType, "getTableName");
-  }
-
-  String getBucketName(final Object request) {
-    return invoke(getBucketName, request);
-  }
-
-  String getQueueUrl(final Object request) {
-    return invoke(getQueueUrl, request);
-  }
-
-  String getQueueName(final Object request) {
-    return invoke(getQueueName, request);
-  }
-
-  String getTopicArn(final Object request) {
-    return invoke(getTopicArn, request);
-  }
-
-  String getStreamName(final Object request) {
-    return invoke(getStreamName, request);
-  }
-
-  String getTableName(final Object request) {
-    return invoke(getTableName, request);
-  }
-
-  private static String invoke(final MethodHandle method, final Object request) {
-    if (null == method) {
-      return null;
-    }
-    try {
-      return (String) method.invoke(request);
-    } catch (Throwable e) {
-      return null;
-    }
-  }
-
-  private static final MethodHandles.Lookup PUBLIC_LOOKUP = MethodHandles.publicLookup();
-  private static final MethodType STRING_RETURN_TYPE = MethodType.methodType(String.class);
-
-  private static MethodHandle findGetter(final Class<?> requestType, final String methodName) {
-    try {
-      return PUBLIC_LOOKUP.findVirtual(requestType, methodName, STRING_RETURN_TYPE);
-    } catch (Throwable e) {
-      return null;
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/TracingRequestHandler.java b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/TracingRequestHandler.java
index fd66500b04b..557e8aa3f23 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/TracingRequestHandler.java
+++ b/dd-java-agent/instrumentation/aws-java-sdk-1.11.0/src/main/java/datadog/trace/instrumentation/aws/v0/TracingRequestHandler.java
@@ -4,6 +4,10 @@
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.noopSpan;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_IN;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TOPIC_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
 import static datadog.trace.instrumentation.aws.v0.AwsSdkClientDecorator.AWS_LEGACY_TRACING;
 import static datadog.trace.instrumentation.aws.v0.AwsSdkClientDecorator.DECORATE;
 
@@ -15,7 +19,13 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.TracePropagationStyle;
 import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.instrumentation.api.AgentDataStreamsMonitoring;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
+import java.util.Date;
+import java.util.LinkedHashMap;
+import java.util.List;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -72,17 +82,44 @@ public void afterResponse(final Request<?> request, final Response<?> response)
       DECORATE.beforeFinish(span);
       span.finish();
     }
+    AmazonWebServiceRequest originalRequest = request.getOriginalRequest();
+    GetterAccess requestAccess = GetterAccess.of(originalRequest);
     if (!AWS_LEGACY_TRACING && isPollingResponse(response.getAwsResponse())) {
       try {
         // store queueUrl inside response for SqsReceiveResultInstrumentation
-        AmazonWebServiceRequest originalRequest = request.getOriginalRequest();
         responseQueueStore.put(
-            response.getAwsResponse(),
-            RequestAccess.of(originalRequest).getQueueUrl(originalRequest));
+            response.getAwsResponse(), requestAccess.getQueueUrl(originalRequest));
       } catch (Throwable e) {
         log.debug("Unable to extract queueUrl from ReceiveMessageRequest", e);
       }
     }
+    if (span != null
+        && span.traceConfig().isDataStreamsEnabled()
+        && "AmazonKinesis".equals(request.getServiceName())
+        && "GetRecords".equals(requestAccess.getOperationNameFromType())) {
+      String streamArn = requestAccess.getStreamARN(originalRequest);
+      if (null != streamArn) {
+        List records =
+            GetterAccess.of(response.getAwsResponse()).getRecords(response.getAwsResponse());
+        if (null != records) {
+          LinkedHashMap<String, String> sortedTags = new LinkedHashMap<>();
+          sortedTags.put(DIRECTION_TAG, DIRECTION_IN);
+          sortedTags.put(TOPIC_TAG, streamArn);
+          sortedTags.put(TYPE_TAG, "kinesis");
+          for (Object record : records) {
+            Date arrivalTime = GetterAccess.of(record).getApproximateArrivalTimestamp(record);
+            AgentDataStreamsMonitoring dataStreamsMonitoring =
+                AgentTracer.get().getDataStreamsMonitoring();
+            PathwayContext pathwayContext = dataStreamsMonitoring.newPathwayContext();
+            pathwayContext.setCheckpoint(
+                sortedTags, dataStreamsMonitoring::add, arrivalTime.getTime());
+            if (!span.context().getPathwayContext().isStarted()) {
+              span.context().mergePathwayContext(pathwayContext);
+            }
+          }
+        }
+      }
+    }
   }
 
   @Override
@@ -90,7 +127,14 @@ public void afterError(final Request<?> request, final Response<?> response, fin
     final AgentSpan span = request.getHandlerContext(SPAN_CONTEXT_KEY);
     if (span != null) {
       request.addHandlerContext(SPAN_CONTEXT_KEY, null);
-      DECORATE.onError(span, e);
+      if (response != null) {
+        DECORATE.onResponse(span, response);
+        if (span.isError()) {
+          DECORATE.onError(span, e);
+        }
+      } else {
+        DECORATE.onError(span, e);
+      }
       DECORATE.beforeFinish(span);
       span.finish();
     }
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-2.2/build.gradle b/dd-java-agent/instrumentation/aws-java-sdk-2.2/build.gradle
index 1335d28286d..c5fe90b2312 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-2.2/build.gradle
+++ b/dd-java-agent/instrumentation/aws-java-sdk-2.2/build.gradle
@@ -1,4 +1,3 @@
-
 muzzle {
   pass {
     group = "software.amazon.awssdk"
@@ -11,7 +10,14 @@ muzzle {
 
 apply from: "$rootDir/gradle/java.gradle"
 
-addTestSuite('latestDepTest')
+addTestSuiteForDir('latestDepTest', 'test')
+// Broken: at some point S3 moved the bucket name to the hostname resulting in host not found somebucket.localhost on all S3 tests
+// addTestSuiteExtendingForDir('latestDepForkedTest', 'latestDepTest', 'test')
+
+addTestSuite('kinesisDsmTest')
+addTestSuiteExtendingForDir('kinesisDsmForkedTest', 'kinesisDsmTest', 'kinesisDsmTest')
+addTestSuiteForDir('latestKinesisDsmTest', 'kinesisDsmTest')
+addTestSuiteExtendingForDir('latestKinesisDsmForkedTest', 'latestKinesisDsmTest', 'kinesisDsmTest')
 
 def fixedSdkVersion = '2.20.33' // 2.20.34 is missing and breaks IDEA import
 
@@ -31,6 +37,15 @@ dependencies {
   testImplementation group: 'software.amazon.awssdk', name: 'dynamodb', version: '2.2.0'
   testImplementation group: 'software.amazon.awssdk', name: 'kinesis', version: '2.2.0'
 
+  testImplementation group: 'org.eclipse.jetty', name: 'jetty-server', version: '9.3.0.v20150612'
+  testImplementation group: 'org.eclipse.jetty.http2', name: 'http2-server', version: '9.3.0.v20150612'
+
+  // First version where dsm traced operations have required StreamARN parameter
+  kinesisDsmTestImplementation group: 'software.amazon.awssdk', name: 'apache-client', version: '2.18.40'
+  kinesisDsmTestImplementation group: 'software.amazon.awssdk', name: 'kinesis', version: '2.18.40'
+  latestKinesisDsmTestImplementation group: 'software.amazon.awssdk', name: 'apache-client', version: '+'
+  latestKinesisDsmTestImplementation group: 'software.amazon.awssdk', name: 'kinesis', version: '+'
+
   latestDepTestImplementation project(':dd-java-agent:instrumentation:apache-httpclient-4')
   latestDepTestImplementation project(':dd-java-agent:instrumentation:netty-4.1')
 
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/kinesisDsmTest/groovy/Aws2KinesisDataStreamsTest.groovy b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/kinesisDsmTest/groovy/Aws2KinesisDataStreamsTest.groovy
new file mode 100644
index 00000000000..2c5f808d857
--- /dev/null
+++ b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/kinesisDsmTest/groovy/Aws2KinesisDataStreamsTest.groovy
@@ -0,0 +1,369 @@
+import datadog.trace.agent.test.naming.VersionedNamingTestBase
+import datadog.trace.api.Config
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.DDTags
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.datastreams.StatsGroup
+import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory
+import org.eclipse.jetty.server.HttpConfiguration
+import org.eclipse.jetty.server.HttpConnectionFactory
+import org.eclipse.jetty.server.Server
+import org.eclipse.jetty.server.ServerConnector
+import org.eclipse.jetty.server.SslConnectionFactory
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.core.ResponseInputStream
+import software.amazon.awssdk.core.SdkBytes
+import software.amazon.awssdk.core.interceptor.Context
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes
+import software.amazon.awssdk.core.interceptor.ExecutionInterceptor
+import software.amazon.awssdk.regions.Region
+import software.amazon.awssdk.services.kinesis.KinesisAsyncClient
+import software.amazon.awssdk.services.kinesis.KinesisClient
+import software.amazon.awssdk.services.kinesis.model.GetRecordsRequest
+import software.amazon.awssdk.services.kinesis.model.PutRecordRequest
+import software.amazon.awssdk.services.kinesis.model.PutRecordsRequest
+import software.amazon.awssdk.services.kinesis.model.PutRecordsRequestEntry
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+import spock.lang.Unroll
+
+import java.time.Instant
+import java.util.concurrent.Future
+import java.util.concurrent.atomic.AtomicReference
+
+import static datadog.trace.agent.test.server.http.TestHttpServer.httpServer
+
+abstract class Aws2KinesisDataStreamsTest extends VersionedNamingTestBase {
+
+  private static final StaticCredentialsProvider CREDENTIALS_PROVIDER = StaticCredentialsProvider
+  .create(AwsBasicCredentials.create("my-access-key", "my-secret-key"))
+
+  @Shared
+  def responseBody = new AtomicReference<String>()
+  @Shared
+  def servedRequestId = new AtomicReference<String>()
+
+  @Shared
+  def timestamp = Instant.now().minusSeconds(60)
+
+  @Shared
+  def timestamp2 = timestamp.plusSeconds(1)
+
+  @AutoCleanup
+  @Shared
+  def server = httpServer {
+    customizer { {
+        Server server -> {
+          ServerConnector httpConnector = server.getConnectors().find {
+            !it.connectionFactories.any {
+              it instanceof SslConnectionFactory
+            }
+          }
+          HttpConfiguration config = (httpConnector.connectionFactories.find {
+            it instanceof HttpConnectionFactory
+          }
+          as HttpConnectionFactory).getHttpConfiguration()
+          httpConnector.addConnectionFactory(new HTTP2CServerConnectionFactory(config))
+        }
+      }
+    }
+    handlers {
+      all {
+        response
+        .status(200)
+        .addHeader("x-amzn-RequestId", servedRequestId.get())
+        .sendWithType("application/x-amz-json-1.1", responseBody.get())
+      }
+    }
+  }
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    // the actual service returns cbor encoded json
+    System.setProperty("aws.cborEnabled", "false")
+  }
+
+  @Override
+  String operation() {
+    null
+  }
+
+  @Override
+  String service() {
+    null
+  }
+
+  @Override
+  protected boolean isDataStreamsEnabled() {
+    true
+  }
+
+  abstract String expectedOperation(String awsService, String awsOperation)
+
+  abstract String expectedService(String awsService, String awsOperation)
+
+  def watch(builder, callback) {
+    builder.addExecutionInterceptor(new ExecutionInterceptor() {
+      @Override
+      void afterExecution(Context.AfterExecution context, ExecutionAttributes executionAttributes) {
+        callback.call()
+      }
+    })
+  }
+
+  @Unroll
+  def "send #operation request with builder #builder.class.getSimpleName() mocked response"() {
+    setup:
+    boolean executed = false
+    def client = builder
+    // tests that our instrumentation doesn't disturb any overridden configuration
+    .overrideConfiguration({ watch(it, { executed = true }) })
+    .endpointOverride(server.address)
+    .region(Region.AP_NORTHEAST_1)
+    .credentialsProvider(CREDENTIALS_PROVIDER)
+    .build()
+    responseBody.set(body)
+    servedRequestId.set(requestId)
+    when:
+    def response = call.call(client)
+
+    if (response instanceof Future) {
+      response = response.get()
+    }
+    TEST_WRITER.waitForTraces(1)
+    TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+
+    then:
+    executed
+    response != null
+    response.class.simpleName.startsWith(operation) || response instanceof ResponseInputStream
+
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService(service, operation)
+          operationName expectedOperation(service, operation)
+          resourceName "$service.$operation"
+          spanType DDSpanTypes.HTTP_CLIENT
+          errored false
+          measured true
+          parent()
+          tags {
+            def checkPeerService = false
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.PEER_HOSTNAME" "localhost"
+            "$Tags.PEER_PORT" server.address.port
+            "$Tags.HTTP_URL" "${server.address}${path}"
+            "$Tags.HTTP_METHOD" "$method"
+            "$Tags.HTTP_STATUS" 200
+            "aws.service" "$service"
+            "aws_service" "$service"
+            "aws.operation" "${operation}"
+            "aws.agent" "java-aws-sdk"
+            "aws.requestId" "$requestId"
+            "aws.stream.name" "somestream"
+            "streamname" "somestream"
+            "$DDTags.PATHWAY_HASH" { String }
+            peerServiceFrom("aws.stream.name")
+            checkPeerService = true
+            defaultTags(false, checkPeerService)
+          }
+        }
+      }
+    }
+
+    and:
+    StatsGroup first = TEST_DATA_STREAMS_WRITER.groups.find { it.parentHash == 0 }
+    verifyAll(first) {
+      edgeTags.containsAll(["direction:" + dsmDirection, "topic:arnprefix:stream/somestream", "type:kinesis"])
+      edgeTags.size() == 3
+      pathwayLatency.count == dsmStatCount
+      edgeLatency.count == dsmStatCount
+    }
+
+    cleanup:
+    servedRequestId.set(null)
+
+    where:
+    service   | operation    | dsmDirection | dsmStatCount | method | path | requestId                              | builder                 | call                                                                                                                                                                                                                                                                                            | body
+    "Kinesis" | "GetRecords" | "in"         | 1            | "POST" | "/"  | "7a62c49f-347e-4fc4-9331-6e8e7a96aa73" | KinesisClient.builder() | { KinesisClient c -> c.getRecords(GetRecordsRequest.builder().streamARN("arnprefix:stream/somestream").build()) }                                                                                                                                                                               | """{
+  "MillisBehindLatest": 2100,
+  "NextShardIterator": "AAA",
+  "Records": [
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    }
+  ]
+}"""
+    "Kinesis" | "GetRecords" | "in"         | 2            | "POST" | "/"  | "7a62c49f-347e-4fc4-9331-6e8e7a96aa73" | KinesisClient.builder() | { KinesisClient c -> c.getRecords(GetRecordsRequest.builder().streamARN("arnprefix:stream/somestream").build()) }                                                                                                                                                                               | """{
+  "MillisBehindLatest": 2100,
+  "NextShardIterator": "AAA",
+  "Records": [
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    },
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp2.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    }
+  ]
+}"""
+    "Kinesis" | "PutRecord"  | "out"        | 1            | "POST" | "/"  | "UNKNOWN"                              | KinesisClient.builder() | { KinesisClient c -> c.putRecord(PutRecordRequest.builder().streamARN("arnprefix:stream/somestream").data(SdkBytes.fromUtf8String("message")).build()) }                                                                                                                                        | ""
+    "Kinesis" | "PutRecords" | "out"        | 1            | "POST" | "/"  | "UNKNOWN"                              | KinesisClient.builder() | { KinesisClient c -> c.putRecords(PutRecordsRequest.builder().streamARN("arnprefix:stream/somestream").records(PutRecordsRequestEntry.builder().data(SdkBytes.fromUtf8String("message")).build()).build()) }                                                                                    | ""
+    "Kinesis" | "PutRecords" | "out"        | 2            | "POST" | "/"  | "UNKNOWN"                              | KinesisClient.builder() | { KinesisClient c -> c.putRecords(PutRecordsRequest.builder().streamARN("arnprefix:stream/somestream").records(PutRecordsRequestEntry.builder().data(SdkBytes.fromUtf8String("message")).build(), PutRecordsRequestEntry.builder().data(SdkBytes.fromUtf8String("message")).build()).build()) } | ""
+  }
+
+  def "send #operation async request with builder #builder.class.getSimpleName() mocked response"() {
+    setup:
+    boolean executed = false
+    def client = builder
+    // tests that our instrumentation doesn't disturb any overridden configuration
+    .overrideConfiguration({ watch(it, { executed = true }) })
+    .endpointOverride(server.address)
+    .region(Region.AP_NORTHEAST_1)
+    .credentialsProvider(CREDENTIALS_PROVIDER)
+    .build()
+    responseBody.set(body)
+    servedRequestId.set(requestId)
+    when:
+    def response = call.call(client)
+
+    if (response instanceof Future) {
+      response = response.get()
+    }
+    TEST_WRITER.waitForTraces(1)
+    TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+
+    then:
+    executed
+    response != null
+
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService(service, operation)
+          operationName expectedOperation(service, operation)
+          resourceName "$service.$operation"
+          spanType DDSpanTypes.HTTP_CLIENT
+          errored false
+          measured true
+          parent()
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            "$Tags.PEER_HOSTNAME" "localhost"
+            "$Tags.PEER_PORT" server.address.port
+            "$Tags.HTTP_URL" "${server.address}${path}"
+            "$Tags.HTTP_METHOD" "$method"
+            "$Tags.HTTP_STATUS" 200
+            "aws.service" "$service"
+            "aws_service" "$service"
+            "aws.operation" "${operation}"
+            "aws.agent" "java-aws-sdk"
+            "aws.requestId" "$requestId"
+            "aws.stream.name" "somestream"
+            "streamname" "somestream"
+            "$DDTags.PATHWAY_HASH" { String }
+            peerServiceFrom("aws.stream.name")
+            defaultTags(false, true)
+          }
+        }
+      }
+    }
+
+    and:
+    StatsGroup first = TEST_DATA_STREAMS_WRITER.groups.find { it.parentHash == 0 }
+    verifyAll(first) {
+      edgeTags.containsAll(["direction:" + dsmDirection, "topic:arnprefix:stream/somestream", "type:kinesis"])
+      edgeTags.size() == 3
+      pathwayLatency.count == dsmStatCount
+      edgeLatency.count == dsmStatCount
+    }
+
+    cleanup:
+    servedRequestId.set(null)
+
+    where:
+    service   | operation    | dsmDirection | dsmStatCount | method | path | requestId                              | builder                      | call                                                                                                                                                                                                                                                                                                 | body
+    "Kinesis" | "GetRecords" | "in"         | 1            | "POST" | "/"  | "7a62c49f-347e-4fc4-9331-6e8e7a96aa73" | KinesisAsyncClient.builder() | { KinesisAsyncClient c -> c.getRecords(GetRecordsRequest.builder().streamARN("arnprefix:stream/somestream").build()) }                                                                                                                                                                               | """{
+  "MillisBehindLatest": 2100,
+  "NextShardIterator": "AAA",
+  "Records": [
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    }
+  ]
+}"""
+    "Kinesis" | "GetRecords" | "in"         | 2            | "POST" | "/"  | "7a62c49f-347e-4fc4-9331-6e8e7a96aa73" | KinesisAsyncClient.builder() | { KinesisAsyncClient c -> c.getRecords(GetRecordsRequest.builder().streamARN("arnprefix:stream/somestream").build()) }                                                                                                                                                                               | """{
+  "MillisBehindLatest": 2100,
+  "NextShardIterator": "AAA",
+  "Records": [
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    },
+    {
+      "Data": "XzxkYXRhPl8w",
+      "PartitionKey": "partitionKey",
+      "ApproximateArrivalTimestamp": ${timestamp2.toEpochMilli()},
+      "SequenceNumber": "21269319989652663814458848515492872193"
+    }
+  ]
+}"""
+    "Kinesis" | "PutRecord"  | "out"        | 1            | "POST" | "/"  | "UNKNOWN"                              | KinesisAsyncClient.builder() | { KinesisAsyncClient c -> c.putRecord(PutRecordRequest.builder().streamARN("arnprefix:stream/somestream").data(SdkBytes.fromUtf8String("message")).build()) }                                                                                                                                        | ""
+    "Kinesis" | "PutRecords" | "out"        | 1            | "POST" | "/"  | "UNKNOWN"                              | KinesisAsyncClient.builder() | { KinesisAsyncClient c -> c.putRecords(PutRecordsRequest.builder().streamARN("arnprefix:stream/somestream").records(PutRecordsRequestEntry.builder().data(SdkBytes.fromUtf8String("message")).build()).build()) }                                                                                    | ""
+    "Kinesis" | "PutRecords" | "out"        | 2            | "POST" | "/"  | "UNKNOWN"                              | KinesisAsyncClient.builder() | { KinesisAsyncClient c -> c.putRecords(PutRecordsRequest.builder().streamARN("arnprefix:stream/somestream").records(PutRecordsRequestEntry.builder().data(SdkBytes.fromUtf8String("message")).build(), PutRecordsRequestEntry.builder().data(SdkBytes.fromUtf8String("message")).build()).build()) } | ""
+  }
+}
+
+class Aws2KinesisDataStreamsV0Test extends Aws2KinesisDataStreamsTest {
+
+  @Override
+  String expectedOperation(String awsService, String awsOperation) {
+    "aws.http"
+  }
+
+  @Override
+  String expectedService(String awsService, String awsOperation) {
+    return "java-aws-sdk"
+  }
+
+  @Override
+  int version() {
+    0
+  }
+}
+
+class Aws2KinesisDataStreamsV1ForkedTest extends Aws2KinesisDataStreamsTest {
+
+  @Override
+  String expectedOperation(String awsService, String awsOperation) {
+    return "aws.${awsService.toLowerCase()}.request"
+  }
+
+  @Override
+  String expectedService(String awsService, String awsOperation) {
+    Config.get().getServiceName()
+  }
+
+  @Override
+  int version() {
+    1
+  }
+}
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/AwsSdkClientDecorator.java b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/AwsSdkClientDecorator.java
index f9a4b51581f..bc50763d0ff 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/AwsSdkClientDecorator.java
+++ b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/AwsSdkClientDecorator.java
@@ -1,22 +1,42 @@
 package datadog.trace.instrumentation.aws.v2;
 
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_IN;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TOPIC_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
+
 import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.cache.DDCache;
 import datadog.trace.api.cache.DDCaches;
+import datadog.trace.api.experimental.DataStreamsContextCarrier.NoOp;
 import datadog.trace.api.naming.SpanNaming;
+import datadog.trace.bootstrap.InstanceStore;
+import datadog.trace.bootstrap.instrumentation.api.AgentDataStreamsMonitoring;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.bootstrap.instrumentation.api.InstrumentationTags;
+import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
 import datadog.trace.bootstrap.instrumentation.api.ResourceNamePriorities;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpClientDecorator;
 import java.net.URI;
+import java.time.Instant;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
 import javax.annotation.Nonnull;
 import software.amazon.awssdk.awscore.AwsResponse;
+import software.amazon.awssdk.core.SdkField;
+import software.amazon.awssdk.core.SdkPojo;
 import software.amazon.awssdk.core.SdkRequest;
 import software.amazon.awssdk.core.SdkResponse;
+import software.amazon.awssdk.core.interceptor.ExecutionAttribute;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
 import software.amazon.awssdk.http.SdkHttpRequest;
@@ -46,6 +66,22 @@ public class AwsSdkClientDecorator extends HttpClientDecorator<SdkHttpRequest, S
   private static final String GENERIC_SERVICE_NAME =
       SpanNaming.instance().namingSchema().cloud().serviceForRequest("aws", null);
 
+  private static final Set<String> KINESIS_PUT_RECORD_OPERATION_NAMES;
+
+  static {
+    KINESIS_PUT_RECORD_OPERATION_NAMES = new HashSet<>();
+    KINESIS_PUT_RECORD_OPERATION_NAMES.add("PutRecord");
+    KINESIS_PUT_RECORD_OPERATION_NAMES.add("PutRecords");
+  }
+
+  public static final ExecutionAttribute<String> KINESIS_STREAM_ARN_ATTRIBUTE =
+      InstanceStore.of(ExecutionAttribute.class)
+          .putIfAbsent("KinesisStreamArn", () -> new ExecutionAttribute<>("KinesisStreamArn"));
+
+  // not static because this object would be ClassLoader specific if multiple SDK instances were
+  // loaded by different loaders
+  private SdkField<Instant> kinesisApproximateArrivalTimestampField = null;
+
   public CharSequence spanName(final ExecutionAttributes attributes) {
     final String awsServiceName = attributes.getAttribute(SdkExecutionAttribute.SERVICE_NAME);
     final String awsOperationName = attributes.getAttribute(SdkExecutionAttribute.OPERATION_NAME);
@@ -62,7 +98,12 @@ public CharSequence spanName(final ExecutionAttributes attributes) {
                     "aws", attributes.getAttribute(SdkExecutionAttribute.SERVICE_NAME), s));
   }
 
-  public AgentSpan onSdkRequest(final AgentSpan span, final SdkRequest request) {
+  public AgentSpan onSdkRequest(
+      final AgentSpan span, final SdkRequest request, final ExecutionAttributes attributes) {
+    final String awsServiceName = attributes.getAttribute(SdkExecutionAttribute.SERVICE_NAME);
+    final String awsOperationName = attributes.getAttribute(SdkExecutionAttribute.OPERATION_NAME);
+    onOperation(span, awsServiceName, awsOperationName);
+
     // S3
     request.getValueForField("Bucket", String.class).ifPresent(name -> setBucketName(span, name));
     request
@@ -89,10 +130,74 @@ public AgentSpan onSdkRequest(final AgentSpan span, final SdkRequest request) {
     request
         .getValueForField("StreamName", String.class)
         .ifPresent(name -> setStreamName(span, name));
+    Optional<String> kinesisStreamArn = request.getValueForField("StreamARN", String.class);
+    kinesisStreamArn.ifPresent(
+        streamArn -> {
+          if (span.traceConfig().isDataStreamsEnabled()) {
+            attributes.putAttribute(KINESIS_STREAM_ARN_ATTRIBUTE, streamArn);
+          }
+          int streamNameStart = streamArn.indexOf(":stream/");
+          if (streamNameStart >= 0) {
+            setStreamName(span, streamArn.substring(streamNameStart + 8));
+          }
+        });
 
     // DynamoDB
     request.getValueForField("TableName", String.class).ifPresent(name -> setTableName(span, name));
 
+    // DSM
+    if (span.traceConfig().isDataStreamsEnabled()
+        && kinesisStreamArn.isPresent()
+        && "kinesis".equalsIgnoreCase(awsServiceName)
+        && KINESIS_PUT_RECORD_OPERATION_NAMES.contains(awsOperationName)) {
+      // https://github.com/DataDog/dd-trace-py/blob/864abb6c99e1cb0449904260bac93e8232261f2a/ddtrace/contrib/botocore/patch.py#L368
+      List records =
+          request
+              .getValueForField("Records", List.class)
+              .orElse(Collections.singletonList(request)); // For PutRecord use request
+
+      for (Object ignored : records) {
+        AgentTracer.get()
+            .getDataStreamsMonitoring()
+            .setProduceCheckpoint("kinesis", kinesisStreamArn.get(), NoOp.INSTANCE);
+      }
+    }
+
+    return span;
+  }
+
+  private static AgentSpan onOperation(
+      final AgentSpan span, final String awsServiceName, final String awsOperationName) {
+    String awsRequestName = awsServiceName + "." + awsOperationName;
+    span.setResourceName(awsRequestName, RESOURCE_NAME_PRIORITY);
+
+    switch (awsRequestName) {
+      case "Sqs.SendMessage":
+      case "Sqs.SendMessageBatch":
+      case "Sqs.ReceiveMessage":
+      case "Sqs.DeleteMessage":
+      case "Sqs.DeleteMessageBatch":
+        if (SQS_SERVICE_NAME != null) {
+          span.setServiceName(SQS_SERVICE_NAME);
+        }
+        break;
+      case "Sns.PublishBatch":
+      case "Sns.Publish":
+        if (SNS_SERVICE_NAME != null) {
+          span.setServiceName(SNS_SERVICE_NAME);
+        }
+        break;
+      default:
+        if (GENERIC_SERVICE_NAME != null) {
+          span.setServiceName(GENERIC_SERVICE_NAME);
+        }
+        break;
+    }
+    span.setTag(InstrumentationTags.AWS_AGENT, COMPONENT_NAME);
+    span.setTag(InstrumentationTags.AWS_SERVICE, awsServiceName);
+    span.setTag(InstrumentationTags.TOP_LEVEL_AWS_SERVICE, awsServiceName);
+    span.setTag(InstrumentationTags.AWS_OPERATION, awsOperationName);
+
     return span;
   }
 
@@ -134,43 +239,62 @@ private static void setTableName(AgentSpan span, String name) {
     setPeerService(span, InstrumentationTags.AWS_TABLE_NAME, name);
   }
 
-  public AgentSpan onAttributes(final AgentSpan span, final ExecutionAttributes attributes) {
-    final String awsServiceName = attributes.getAttribute(SdkExecutionAttribute.SERVICE_NAME);
-    final String awsOperationName = attributes.getAttribute(SdkExecutionAttribute.OPERATION_NAME);
-
-    String awsRequestName = awsServiceName + "." + awsOperationName;
-    span.setResourceName(awsRequestName, RESOURCE_NAME_PRIORITY);
-
-    switch (awsRequestName) {
-      case "Sqs.SendMessage":
-      case "Sqs.SendMessageBatch":
-      case "Sqs.ReceiveMessage":
-      case "Sqs.DeleteMessage":
-      case "Sqs.DeleteMessageBatch":
-        span.setServiceName(SQS_SERVICE_NAME);
-        break;
-      case "Sns.PublishBatch":
-      case "Sns.Publish":
-        span.setServiceName(SNS_SERVICE_NAME);
-        break;
-      default:
-        span.setServiceName(GENERIC_SERVICE_NAME);
-        break;
-    }
-    span.setTag(InstrumentationTags.AWS_AGENT, COMPONENT_NAME);
-    span.setTag(InstrumentationTags.AWS_SERVICE, awsServiceName);
-    span.setTag(InstrumentationTags.TOP_LEVEL_AWS_SERVICE, awsServiceName);
-    span.setTag(InstrumentationTags.AWS_OPERATION, awsOperationName);
-
-    return span;
-  }
-
-  // Not overriding the super.  Should call both with each type of response.
-  public AgentSpan onResponse(final AgentSpan span, final SdkResponse response) {
+  public AgentSpan onSdkResponse(
+      final AgentSpan span, final SdkResponse response, final ExecutionAttributes attributes) {
     if (response instanceof AwsResponse) {
       span.setTag(
           InstrumentationTags.AWS_REQUEST_ID,
           ((AwsResponse) response).responseMetadata().requestId());
+
+      final String awsServiceName = attributes.getAttribute(SdkExecutionAttribute.SERVICE_NAME);
+      final String awsOperationName = attributes.getAttribute(SdkExecutionAttribute.OPERATION_NAME);
+      if (span.traceConfig().isDataStreamsEnabled()
+          && "kinesis".equalsIgnoreCase(awsServiceName)
+          && "GetRecords".equals(awsOperationName)) {
+        // https://github.com/DataDog/dd-trace-py/blob/864abb6c99e1cb0449904260bac93e8232261f2a/ddtrace/contrib/botocore/patch.py#L350
+        String streamArn = attributes.getAttribute(KINESIS_STREAM_ARN_ATTRIBUTE);
+        if (null != streamArn) {
+          response
+              .getValueForField("Records", List.class)
+              .ifPresent(
+                  recordsRaw -> {
+                    //noinspection unchecked
+                    List<SdkPojo> records = (List<SdkPojo>) recordsRaw;
+                    if (!records.isEmpty()) {
+                      LinkedHashMap<String, String> sortedTags = new LinkedHashMap<>();
+                      sortedTags.put(DIRECTION_TAG, DIRECTION_IN);
+                      sortedTags.put(TOPIC_TAG, streamArn);
+                      sortedTags.put(TYPE_TAG, "kinesis");
+                      if (null == kinesisApproximateArrivalTimestampField) {
+                        Optional<SdkField<?>> maybeField =
+                            records.get(0).sdkFields().stream()
+                                .filter(f -> f.locationName().equals("ApproximateArrivalTimestamp"))
+                                .findFirst();
+                        if (maybeField.isPresent()) {
+                          //noinspection unchecked
+                          kinesisApproximateArrivalTimestampField =
+                              (SdkField<Instant>) maybeField.get();
+                        } else {
+                          // shouldn't be possible
+                          return;
+                        }
+                      }
+                      for (SdkPojo record : records) {
+                        Instant arrivalTime =
+                            kinesisApproximateArrivalTimestampField.getValueOrDefault(record);
+                        AgentDataStreamsMonitoring dataStreamsMonitoring =
+                            AgentTracer.get().getDataStreamsMonitoring();
+                        PathwayContext pathwayContext = dataStreamsMonitoring.newPathwayContext();
+                        pathwayContext.setCheckpoint(
+                            sortedTags, dataStreamsMonitoring::add, arrivalTime.toEpochMilli());
+                        if (!span.context().getPathwayContext().isStarted()) {
+                          span.context().mergePathwayContext(pathwayContext);
+                        }
+                      }
+                    }
+                  });
+        }
+      }
     }
     return span;
   }
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/TracingExecutionInterceptor.java b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/TracingExecutionInterceptor.java
index 2dbc7cca6c2..6713a594c51 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/TracingExecutionInterceptor.java
+++ b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/main/java/datadog/trace/instrumentation/aws/v2/TracingExecutionInterceptor.java
@@ -11,7 +11,9 @@
 import datadog.trace.api.TracePropagationStyle;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.InstanceStore;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.util.Optional;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.core.SdkRequest;
@@ -54,9 +56,10 @@ public void afterMarshalling(
       final Context.AfterMarshalling context, final ExecutionAttributes executionAttributes) {
     final AgentSpan span = executionAttributes.getAttribute(SPAN_ATTRIBUTE);
     if (span != null) {
-      DECORATE.onRequest(span, context.httpRequest());
-      DECORATE.onSdkRequest(span, context.request());
-      DECORATE.onAttributes(span, executionAttributes);
+      try (AgentScope ignored = activateSpan(span)) {
+        DECORATE.onRequest(span, context.httpRequest());
+        DECORATE.onSdkRequest(span, context.request(), executionAttributes);
+      }
     }
   }
 
@@ -103,7 +106,7 @@ public void afterExecution(
     if (span != null) {
       executionAttributes.putAttribute(SPAN_ATTRIBUTE, null);
       // Call onResponse on both types of responses:
-      DECORATE.onResponse(span, context.response());
+      DECORATE.onSdkResponse(span, context.response(), executionAttributes);
       DECORATE.onResponse(span, context.httpResponse());
       DECORATE.beforeFinish(span);
       span.finish();
@@ -123,7 +126,17 @@ public void onExecutionFailure(
     final AgentSpan span = executionAttributes.getAttribute(SPAN_ATTRIBUTE);
     if (span != null) {
       executionAttributes.putAttribute(SPAN_ATTRIBUTE, null);
-      DECORATE.onError(span, context.exception());
+      Optional<SdkResponse> responseOpt = context.response();
+      if (responseOpt.isPresent()) {
+        SdkResponse response = responseOpt.get();
+        DECORATE.onSdkResponse(span, response, executionAttributes);
+        DECORATE.onResponse(span, response.sdkHttpResponse());
+        if (span.isError()) {
+          DECORATE.onError(span, context.exception());
+        }
+      } else {
+        DECORATE.onError(span, context.exception());
+      }
       DECORATE.beforeFinish(span);
       span.finish();
     }
diff --git a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/test/groovy/Aws2ClientTest.groovy b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/test/groovy/Aws2ClientTest.groovy
index 997827b3f21..b9a6ec826fd 100644
--- a/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/test/groovy/Aws2ClientTest.groovy
+++ b/dd-java-agent/instrumentation/aws-java-sdk-2.2/src/test/groovy/Aws2ClientTest.groovy
@@ -408,7 +408,7 @@ abstract class Aws2ClientTest extends VersionedNamingTestBase {
   }
 }
 
-class Aws2ClientV0Test extends Aws2ClientTest {
+class Aws2ClientV0ForkedTest extends Aws2ClientTest {
 
   @Override
   String expectedOperation(String awsService, String awsOperation) {
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/MessageExtractAdapter.java b/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/MessageExtractAdapter.java
index 669f7cd1780..bea9bdd3c54 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/MessageExtractAdapter.java
+++ b/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/MessageExtractAdapter.java
@@ -1,7 +1,9 @@
 package datadog.trace.instrumentation.aws.v1.sqs;
 
 import com.amazonaws.services.sqs.model.Message;
+import com.amazonaws.services.sqs.model.MessageAttributeValue;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.messaging.DatadogAttributeParser;
 import java.util.Map;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -13,22 +15,27 @@ public final class MessageExtractAdapter implements AgentPropagation.ContextVisi
 
   @Override
   public void forEachKey(Message carrier, AgentPropagation.KeyClassifier classifier) {
-    for (Map.Entry<String, String> entry : carrier.getAttributes().entrySet()) {
-      String key = entry.getKey();
-      if ("AWSTraceHeader".equalsIgnoreCase(key)) {
-        key = "X-Amzn-Trace-Id";
-      }
-      if (!classifier.accept(key, entry.getValue())) {
-        return;
+    Map<String, String> systemAttributes = carrier.getAttributes();
+    if (systemAttributes.containsKey("AWSTraceHeader")) {
+      // alias 'AWSTraceHeader' to 'X-Amzn-Trace-Id' because it uses the same format
+      classifier.accept("X-Amzn-Trace-Id", systemAttributes.get("AWSTraceHeader"));
+    }
+    Map<String, MessageAttributeValue> messageAttributes = carrier.getMessageAttributes();
+    if (messageAttributes.containsKey("_datadog")) {
+      MessageAttributeValue datadog = messageAttributes.get("_datadog");
+      if ("String".equals(datadog.getDataType())) {
+        DatadogAttributeParser.forEachProperty(classifier, datadog.getStringValue());
+      } else if ("Binary".equals(datadog.getDataType())) {
+        DatadogAttributeParser.forEachProperty(classifier, datadog.getBinaryValue());
       }
     }
   }
 
   public long extractTimeInQueueStart(final Message carrier) {
     try {
-      Map<String, String> attributes = carrier.getAttributes();
-      if (attributes.containsKey("SentTimestamp")) {
-        return Long.parseLong(attributes.get("SentTimestamp"));
+      Map<String, String> systemAttributes = carrier.getAttributes();
+      if (systemAttributes.containsKey("SentTimestamp")) {
+        return Long.parseLong(systemAttributes.get("SentTimestamp"));
       }
     } catch (Exception e) {
       log.debug("Unable to get SQS sent time", e);
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/SqsDecorator.java b/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/SqsDecorator.java
index 1a9f3433636..2c05ccd0cdf 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/SqsDecorator.java
+++ b/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/SqsDecorator.java
@@ -27,11 +27,14 @@ public class SqsDecorator extends MessagingClientDecorator {
   private final CharSequence spanType;
   private final String serviceName;
 
-  private static final String LOCAL_SERVICE_NAME =
-      SQS_LEGACY_TRACING ? "sqs" : Config.get().getServiceName();
-
   public static final SqsDecorator CONSUMER_DECORATE =
-      new SqsDecorator(SPAN_KIND_CONSUMER, MESSAGE_CONSUMER, LOCAL_SERVICE_NAME);
+      new SqsDecorator(
+          SPAN_KIND_CONSUMER,
+          MESSAGE_CONSUMER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService("sqs", SQS_LEGACY_TRACING));
 
   public static final SqsDecorator BROKER_DECORATE =
       new SqsDecorator(
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/test/groovy/SqsClientTest.groovy b/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/test/groovy/SqsClientTest.groovy
index 583915eb396..4eace5c0114 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/test/groovy/SqsClientTest.groovy
+++ b/dd-java-agent/instrumentation/aws-java-sqs-1.0/src/test/groovy/SqsClientTest.groovy
@@ -1,4 +1,5 @@
 import static datadog.trace.agent.test.utils.TraceUtils.basicSpan
+import static java.nio.charset.StandardCharsets.UTF_8
 
 import com.amazon.sqs.javamessaging.ProviderConfiguration
 import com.amazon.sqs.javamessaging.SQSConnectionFactory
@@ -7,6 +8,8 @@ import com.amazonaws.auth.AWSStaticCredentialsProvider
 import com.amazonaws.auth.AnonymousAWSCredentials
 import com.amazonaws.client.builder.AwsClientBuilder
 import com.amazonaws.services.sqs.AmazonSQSClientBuilder
+import com.amazonaws.services.sqs.model.Message
+import com.amazonaws.services.sqs.model.MessageAttributeValue
 import datadog.trace.agent.test.naming.VersionedNamingTestBase
 import datadog.trace.agent.test.utils.TraceUtils
 import datadog.trace.api.Config
@@ -16,6 +19,7 @@ import datadog.trace.api.config.GeneralConfig
 import datadog.trace.api.naming.SpanNaming
 import datadog.trace.bootstrap.instrumentation.api.InstrumentationTags
 import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.instrumentation.aws.v1.sqs.TracingList
 import org.elasticmq.rest.sqs.SQSRestServerBuilder
 import spock.lang.Shared
 
@@ -147,6 +151,86 @@ abstract class SqsClientTest extends VersionedNamingTestBase {
     client.shutdown()
   }
 
+  def "trace details propagated via embedded SQS message attribute (string)"() {
+    setup:
+    TEST_WRITER.clear()
+
+    when:
+    def message = new Message()
+    message.addMessageAttributesEntry('_datadog', new MessageAttributeValue().withDataType('String').withStringValue(
+      "{\"x-datadog-trace-id\": \"4948377316357291421\", \"x-datadog-parent-id\": \"6746998015037429512\", \"x-datadog-sampling-priority\": \"1\"}"
+      ))
+    def messages = new TracingList([message], "http://localhost:${address.port}/000000000000/somequeue")
+
+    messages.forEach {/* consume to create message spans */ }
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService("SQS", "ReceiveMessage")
+          operationName expectedOperation("SQS", "ReceiveMessage")
+          resourceName "SQS.ReceiveMessage"
+          spanType DDSpanTypes.MESSAGE_CONSUMER
+          errored false
+          measured true
+          traceId(4948377316357291421 as BigInteger)
+          parentSpanId(6746998015037429512 as BigInteger)
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CONSUMER
+            "aws.service" "AmazonSQS"
+            "aws_service" "sqs"
+            "aws.operation" "ReceiveMessageRequest"
+            "aws.agent" "java-aws-sdk"
+            "aws.queue.url" "http://localhost:${address.port}/000000000000/somequeue"
+            defaultTags(true)
+          }
+        }
+      }
+    }
+  }
+
+  def "trace details propagated via embedded SQS message attribute (binary)"() {
+    setup:
+    TEST_WRITER.clear()
+
+    when:
+    def message = new Message()
+    message.addMessageAttributesEntry('_datadog', new MessageAttributeValue().withDataType('Binary').withBinaryValue(
+      UTF_8.encode('eyJ4LWRhdGFkb2ctdHJhY2UtaWQiOiI0OTQ4Mzc3MzE2MzU3MjkxNDIxIiwieC1kYXRhZG9nLXBhcmVudC1pZCI6IjY3NDY5OTgwMTUwMzc0Mjk1MTIiLCJ4LWRhdGFkb2ctc2FtcGxpbmctcHJpb3JpdHkiOiIxIn0=')
+      ))
+    def messages = new TracingList([message], "http://localhost:${address.port}/000000000000/somequeue")
+
+    messages.forEach {/* consume to create message spans */ }
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService("SQS", "ReceiveMessage")
+          operationName expectedOperation("SQS", "ReceiveMessage")
+          resourceName "SQS.ReceiveMessage"
+          spanType DDSpanTypes.MESSAGE_CONSUMER
+          errored false
+          measured true
+          traceId(4948377316357291421 as BigInteger)
+          parentSpanId(6746998015037429512 as BigInteger)
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CONSUMER
+            "aws.service" "AmazonSQS"
+            "aws_service" "sqs"
+            "aws.operation" "ReceiveMessageRequest"
+            "aws.agent" "java-aws-sdk"
+            "aws.queue.url" "http://localhost:${address.port}/000000000000/somequeue"
+            defaultTags(true)
+          }
+        }
+      }
+    }
+  }
+
   def "trace details propagated from SQS to JMS"() {
     setup:
     def client = AmazonSQSClientBuilder.standard()
@@ -272,7 +356,7 @@ abstract class SqsClientTest extends VersionedNamingTestBase {
       }
       trace(1) {
         span {
-          serviceName SpanNaming.instance().namingSchema().messaging().inboundService(Config.get().getServiceName(), "jms")
+          serviceName SpanNaming.instance().namingSchema().messaging().inboundService("jms", Config.get().isLegacyTracingEnabled(true, "jms")) ?: Config.get().getServiceName()
           operationName SpanNaming.instance().namingSchema().messaging().inboundOperation("jms")
           resourceName "Consumed from Queue somequeue"
           spanType DDSpanTypes.MESSAGE_CONSUMER
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/MessageExtractAdapter.java b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/MessageExtractAdapter.java
index d07d68074d8..18ed90ff4a2 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/MessageExtractAdapter.java
+++ b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/MessageExtractAdapter.java
@@ -1,11 +1,8 @@
 package datadog.trace.instrumentation.aws.v2.sqs;
 
-import static datadog.trace.bootstrap.instrumentation.api.PathwayContext.DATADOG_KEY;
-
-import datadog.trace.api.Config;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.messaging.DatadogAttributeParser;
 import java.util.Map;
-import java.util.Optional;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.services.sqs.model.Message;
@@ -18,38 +15,27 @@ public final class MessageExtractAdapter implements AgentPropagation.ContextVisi
 
   @Override
   public void forEachKey(Message carrier, AgentPropagation.KeyClassifier classifier) {
-
-    for (Map.Entry<String, String> entry : carrier.attributesAsStrings().entrySet()) {
-      String key = entry.getKey();
-      if ("AWSTraceHeader".equalsIgnoreCase(key)) {
-        key = "X-Amzn-Trace-Id";
-      }
-      if (!classifier.accept(key, entry.getValue())) {
-        return;
-      }
+    Map<String, String> systemAttributes = carrier.attributesAsStrings();
+    if (systemAttributes.containsKey("AWSTraceHeader")) {
+      // alias 'AWSTraceHeader' to 'X-Amzn-Trace-Id' because it uses the same format
+      classifier.accept("X-Amzn-Trace-Id", systemAttributes.get("AWSTraceHeader"));
     }
-
-    if (Config.get().isDataStreamsEnabled()) {
-      for (Map.Entry<String, MessageAttributeValue> entry :
-          carrier.messageAttributes().entrySet()) {
-        String key = entry.getKey();
-        if (key.equalsIgnoreCase(DATADOG_KEY)) {
-          Optional<String> value = entry.getValue().getValueForField("StringValue", String.class);
-          if (value.isPresent()) {
-            if (!classifier.accept(key, value.get())) {
-              return;
-            }
-          }
-        }
+    Map<String, MessageAttributeValue> messageAttributes = carrier.messageAttributes();
+    if (messageAttributes.containsKey("_datadog")) {
+      MessageAttributeValue datadog = messageAttributes.get("_datadog");
+      if ("String".equals(datadog.dataType())) {
+        DatadogAttributeParser.forEachProperty(classifier, datadog.stringValue());
+      } else if ("Binary".equals(datadog.dataType()) && null != datadog.binaryValue()) {
+        DatadogAttributeParser.forEachProperty(classifier, datadog.binaryValue().asByteBuffer());
       }
     }
   }
 
   public long extractTimeInQueueStart(final Message carrier) {
     try {
-      Map<String, String> attributes = carrier.attributesAsStrings();
-      if (attributes.containsKey("SentTimestamp")) {
-        return Long.parseLong(attributes.get("SentTimestamp"));
+      Map<String, String> systemAttributes = carrier.attributesAsStrings();
+      if (systemAttributes.containsKey("SentTimestamp")) {
+        return Long.parseLong(systemAttributes.get("SentTimestamp"));
       }
     } catch (Exception e) {
       log.debug("Unable to get SQS sent time", e);
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/SqsDecorator.java b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/SqsDecorator.java
index 65e4bdf08a1..914fb33bfe4 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/SqsDecorator.java
+++ b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/SqsDecorator.java
@@ -28,11 +28,14 @@ public class SqsDecorator extends MessagingClientDecorator {
   private final CharSequence spanType;
   private final String serviceName;
 
-  private static final String LOCAL_SERVICE_NAME =
-      SQS_LEGACY_TRACING ? "sqs" : Config.get().getServiceName();
-
   public static final SqsDecorator CONSUMER_DECORATE =
-      new SqsDecorator(SPAN_KIND_CONSUMER, MESSAGE_CONSUMER, LOCAL_SERVICE_NAME);
+      new SqsDecorator(
+          SPAN_KIND_CONSUMER,
+          MESSAGE_CONSUMER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService("sqs", SQS_LEGACY_TRACING));
 
   public static final SqsDecorator BROKER_DECORATE =
       new SqsDecorator(
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/TracingIterator.java b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/TracingIterator.java
index a81ba720195..ee58cbf3538 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/TracingIterator.java
+++ b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/TracingIterator.java
@@ -91,7 +91,7 @@ protected void startNewMessageSpan(Message message) {
         sortedTags.put(DIRECTION_TAG, DIRECTION_IN);
         sortedTags.put(TOPIC_TAG, urlFileName(queueUrl));
         sortedTags.put(TYPE_TAG, "sqs");
-        AgentTracer.get().setDataStreamCheckpoint(span, sortedTags, 0);
+        AgentTracer.get().getDataStreamsMonitoring().setCheckpoint(span, sortedTags, 0, 0);
 
         CONSUMER_DECORATE.afterStart(span);
         CONSUMER_DECORATE.onConsume(span, queueUrl, requestId);
diff --git a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/test/groovy/SqsClientTest.groovy b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/test/groovy/SqsClientTest.groovy
index c471dfa31f1..05b5b5a0971 100644
--- a/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/test/groovy/SqsClientTest.groovy
+++ b/dd-java-agent/instrumentation/aws-java-sqs-2.0/src/test/groovy/SqsClientTest.groovy
@@ -1,28 +1,32 @@
-import datadog.trace.api.DDTags
-import datadog.trace.core.datastreams.StatsGroup
-import spock.lang.IgnoreIf
-
 import static datadog.trace.agent.test.utils.TraceUtils.basicSpan
+import static java.nio.charset.StandardCharsets.UTF_8
 
 import com.amazon.sqs.javamessaging.ProviderConfiguration
 import com.amazon.sqs.javamessaging.SQSConnectionFactory
 import datadog.trace.agent.test.naming.VersionedNamingTestBase
 import datadog.trace.agent.test.utils.TraceUtils
 import datadog.trace.api.Config
+import datadog.trace.api.DDTags
 import datadog.trace.api.DDSpanId
 import datadog.trace.api.DDSpanTypes
 import datadog.trace.api.config.GeneralConfig
 import datadog.trace.api.naming.SpanNaming
 import datadog.trace.bootstrap.instrumentation.api.InstrumentationTags
 import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.datastreams.StatsGroup
+import datadog.trace.instrumentation.aws.v2.sqs.TracingList
 import org.elasticmq.rest.sqs.SQSRestServerBuilder
 import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider
+import software.amazon.awssdk.core.SdkBytes
 import software.amazon.awssdk.core.SdkSystemSetting
 import software.amazon.awssdk.regions.Region
 import software.amazon.awssdk.services.sqs.SqsClient
 import software.amazon.awssdk.services.sqs.model.CreateQueueRequest
 import software.amazon.awssdk.services.sqs.model.ReceiveMessageRequest
 import software.amazon.awssdk.services.sqs.model.SendMessageRequest
+import software.amazon.awssdk.services.sqs.model.Message
+import software.amazon.awssdk.services.sqs.model.MessageAttributeValue
+import spock.lang.IgnoreIf
 import spock.lang.Shared
 
 import javax.jms.Session
@@ -182,6 +186,92 @@ abstract class SqsClientTest extends VersionedNamingTestBase {
     client.close()
   }
 
+  @IgnoreIf({instance.isDataStreamsEnabled()})
+  def "trace details propagated via embedded SQS message attribute (string)"() {
+    setup:
+    TEST_WRITER.clear()
+
+    when:
+    def message = Message.builder().messageAttributes(['_datadog': MessageAttributeValue.builder().dataType('String').stringValue(
+      "{\"x-datadog-trace-id\": \"4948377316357291421\", \"x-datadog-parent-id\": \"6746998015037429512\", \"x-datadog-sampling-priority\": \"1\"}"
+      ).build()]).build()
+    def messages = new TracingList([message],
+    "http://localhost:${address.port}/000000000000/somequeue",
+    "00000000-0000-0000-0000-000000000000")
+
+    messages.forEach {/* consume to create message spans */ }
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService("Sqs", "ReceiveMessage")
+          operationName expectedOperation("Sqs", "ReceiveMessage")
+          resourceName "Sqs.ReceiveMessage"
+          spanType DDSpanTypes.MESSAGE_CONSUMER
+          errored false
+          measured true
+          traceId(4948377316357291421 as BigInteger)
+          parentSpanId(6746998015037429512 as BigInteger)
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CONSUMER
+            "aws.service" "Sqs"
+            "aws_service" "Sqs"
+            "aws.operation" "ReceiveMessage"
+            "aws.agent" "java-aws-sdk"
+            "aws.queue.url" "http://localhost:${address.port}/000000000000/somequeue"
+            "aws.requestId" "00000000-0000-0000-0000-000000000000"
+            defaultTags(true)
+          }
+        }
+      }
+    }
+  }
+
+  @IgnoreIf({instance.isDataStreamsEnabled()})
+  def "trace details propagated via embedded SQS message attribute (binary)"() {
+    setup:
+    TEST_WRITER.clear()
+
+    when:
+    def message = Message.builder().messageAttributes(['_datadog': MessageAttributeValue.builder().dataType('Binary').binaryValue(SdkBytes.fromByteBuffer(
+      UTF_8.encode('eyJ4LWRhdGFkb2ctdHJhY2UtaWQiOiI0OTQ4Mzc3MzE2MzU3MjkxNDIxIiwieC1kYXRhZG9nLXBhcmVudC1pZCI6IjY3NDY5OTgwMTUwMzc0Mjk1MTIiLCJ4LWRhdGFkb2ctc2FtcGxpbmctcHJpb3JpdHkiOiIxIn0=')
+      )).build()]).build()
+    def messages = new TracingList([message],
+    "http://localhost:${address.port}/000000000000/somequeue",
+    "00000000-0000-0000-0000-000000000000")
+
+    messages.forEach {/* consume to create message spans */ }
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName expectedService("Sqs", "ReceiveMessage")
+          operationName expectedOperation("Sqs", "ReceiveMessage")
+          resourceName "Sqs.ReceiveMessage"
+          spanType DDSpanTypes.MESSAGE_CONSUMER
+          errored false
+          measured true
+          traceId(4948377316357291421 as BigInteger)
+          parentSpanId(6746998015037429512 as BigInteger)
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CONSUMER
+            "aws.service" "Sqs"
+            "aws_service" "Sqs"
+            "aws.operation" "ReceiveMessage"
+            "aws.agent" "java-aws-sdk"
+            "aws.queue.url" "http://localhost:${address.port}/000000000000/somequeue"
+            "aws.requestId" "00000000-0000-0000-0000-000000000000"
+            defaultTags(true)
+          }
+        }
+      }
+    }
+  }
+
   @IgnoreIf({instance.isDataStreamsEnabled()})
   def "trace details propagated from SQS to JMS"() {
     setup:
@@ -311,7 +401,7 @@ abstract class SqsClientTest extends VersionedNamingTestBase {
       }
       trace(1) {
         span {
-          serviceName SpanNaming.instance().namingSchema().messaging().inboundService(Config.get().getServiceName(), "jms")
+          serviceName SpanNaming.instance().namingSchema().messaging().inboundService("jms", Config.get().isLegacyTracingEnabled(true, "jms")) ?: Config.get().getServiceName()
           operationName SpanNaming.instance().namingSchema().messaging().inboundOperation("jms")
           resourceName "Consumed from Queue somequeue"
           spanType DDSpanTypes.MESSAGE_CONSUMER
@@ -386,13 +476,6 @@ class SqsClientV1ForkedTest extends SqsClientTest {
 }
 
 class SqsClientV0DataStreamsTest extends SqsClientTest {
-
-  @Override
-  protected void configurePreAgent() {
-    super.configurePreAgent()
-    injectSysConfig("dd.data.streams.enabled", "true")
-  }
-
   @Override
   String expectedOperation(String awsService, String awsOperation) {
     "aws.http"
diff --git a/dd-java-agent/instrumentation/build.gradle b/dd-java-agent/instrumentation/build.gradle
index 16a54bb5e3f..3847c8b9dd0 100644
--- a/dd-java-agent/instrumentation/build.gradle
+++ b/dd-java-agent/instrumentation/build.gradle
@@ -14,6 +14,7 @@ plugins {
 }
 apply from: "$rootDir/gradle/java.gradle"
 
+
 tasks.register("latestDepTest")
 
 Project parent_project = project
@@ -120,8 +121,23 @@ dependencies {
   implementation project(':dd-java-agent:agent-builder')
 }
 
+if (project.gradle.startParameter.taskNames.any {it.endsWith("generateMuzzleReport")}) {
+  apply plugin: 'muzzle'
+  task("muzzleInstrumentationReport") {
+    dependsOn(project.getAllTasks(true).values().flatten().findAll { it.name.endsWith("generateMuzzleReport") })
+    finalizedBy(tasks.named('mergeMuzzleReports'))
+  }
+}
+
+
 tasks.named('shadowJar').configure {
   duplicatesStrategy = DuplicatesStrategy.FAIL
+  dependencies {
+    // the tracer is now in a separate shadow jar
+    exclude(project(":dd-trace-core"))
+    exclude(dependency('com.datadoghq:sketches-java'))
+    exclude(dependency('com.google.re2j:re2j'))
+  }
   dependencies deps.excludeShared
 }
 
diff --git a/dd-java-agent/instrumentation/commons-httpclient-2/src/main/java/datadog/trace/instrumentation/commonshttpclient/IastHttpMethodBaseInstrumentation.java b/dd-java-agent/instrumentation/commons-httpclient-2/src/main/java/datadog/trace/instrumentation/commonshttpclient/IastHttpMethodBaseInstrumentation.java
index 8371ad69442..11522f224fd 100644
--- a/dd-java-agent/instrumentation/commons-httpclient-2/src/main/java/datadog/trace/instrumentation/commonshttpclient/IastHttpMethodBaseInstrumentation.java
+++ b/dd-java-agent/instrumentation/commons-httpclient-2/src/main/java/datadog/trace/instrumentation/commonshttpclient/IastHttpMethodBaseInstrumentation.java
@@ -51,7 +51,7 @@ public static void afterCtor(
         @Advice.This final Object self, @Advice.Argument(0) final Object argument) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(self, argument);
+        module.taintIfTainted(self, argument);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/commons-httpclient-2/src/test/groovy/IastCommonsHttpClientInstrumentationTest.groovy b/dd-java-agent/instrumentation/commons-httpclient-2/src/test/groovy/IastCommonsHttpClientInstrumentationTest.groovy
index 3624973f60e..0a3f5ba5bc7 100644
--- a/dd-java-agent/instrumentation/commons-httpclient-2/src/test/groovy/IastCommonsHttpClientInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/commons-httpclient-2/src/test/groovy/IastCommonsHttpClientInstrumentationTest.groovy
@@ -51,7 +51,7 @@ class IastCommonsHttpClientInstrumentationTest extends AgentTestRunner {
 
   private void mockPropagation() {
     final propagation = Mock(PropagationModule) {
-      taintIfInputIsTainted(_, _) >> {
+      taintIfTainted(_, _) >> {
         if (tainteds.containsKey(it[1])) {
           tainteds.put(it[0], null)
         }
diff --git a/dd-java-agent/instrumentation/commons-lang-2/src/main/java/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSite.java b/dd-java-agent/instrumentation/commons-lang-2/src/main/java/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSite.java
index 63e71ac0325..d7fdd84417d 100644
--- a/dd-java-agent/instrumentation/commons-lang-2/src/main/java/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSite.java
+++ b/dd-java-agent/instrumentation/commons-lang-2/src/main/java/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSite.java
@@ -6,7 +6,7 @@
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.VulnerabilityMarks;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 @Propagation
 @CallSite(spi = IastCallSites.class)
@@ -21,11 +21,11 @@ public class StringEscapeUtilsCallSite {
   @CallSite.After(
       "java.lang.String org.apache.commons.lang.StringEscapeUtils.escapeXml(java.lang.String)")
   public static String afterEscape(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.XSS_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEscape threw", e);
       }
@@ -36,11 +36,11 @@ public static String afterEscape(
   @CallSite.After(
       "java.lang.String org.apache.commons.lang.StringEscapeUtils.escapeSql(java.lang.String)")
   public static String afterEscapeSQL(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.SQL_INJECTION_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.SQL_INJECTION_MARK);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEscapeSQL threw", e);
       }
diff --git a/dd-java-agent/instrumentation/commons-lang-2/src/test/groovy/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSiteTest.groovy b/dd-java-agent/instrumentation/commons-lang-2/src/test/groovy/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSiteTest.groovy
index 7a4d9457619..348aaa57503 100644
--- a/dd-java-agent/instrumentation/commons-lang-2/src/test/groovy/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSiteTest.groovy
+++ b/dd-java-agent/instrumentation/commons-lang-2/src/test/groovy/datadog/trace/instrumentation/commonslang/StringEscapeUtilsCallSiteTest.groovy
@@ -27,7 +27,7 @@ class StringEscapeUtilsCallSiteTest extends AgentTestRunner {
 
     then:
     result == expected
-    1 * module.taintIfInputIsTaintedWithMarks(_ as String, args[0], mark)
+    1 * module.taintIfTainted(_ as String, args[0], false, mark)
     0 * _
 
     where:
diff --git a/dd-java-agent/instrumentation/commons-lang-3/src/main/java/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSite.java b/dd-java-agent/instrumentation/commons-lang-3/src/main/java/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSite.java
index e151128f760..b52f57c57e9 100644
--- a/dd-java-agent/instrumentation/commons-lang-3/src/main/java/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSite.java
+++ b/dd-java-agent/instrumentation/commons-lang-3/src/main/java/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSite.java
@@ -6,7 +6,7 @@
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.VulnerabilityMarks;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 @Propagation
 @CallSite(spi = IastCallSites.class)
@@ -23,11 +23,11 @@ public class StringEscapeUtilsCallSite {
   @CallSite.After(
       "java.lang.String org.apache.commons.lang3.StringEscapeUtils.escapeEcmaScript(java.lang.String)")
   public static String afterEscape(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.XSS_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEscape threw", e);
       }
@@ -38,11 +38,11 @@ public static String afterEscape(
   @CallSite.After(
       "java.lang.String org.apache.commons.lang3.StringEscapeUtils.escapeJson(java.lang.String)")
   public static String afterEscapeJson(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTainted(result, input);
+        module.taintIfTainted(result, input);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEscapeJson threw", e);
       }
diff --git a/dd-java-agent/instrumentation/commons-lang-3/src/test/groovy/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSiteTest.groovy b/dd-java-agent/instrumentation/commons-lang-3/src/test/groovy/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSiteTest.groovy
index dc7147fe6e4..18730b70612 100644
--- a/dd-java-agent/instrumentation/commons-lang-3/src/test/groovy/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSiteTest.groovy
+++ b/dd-java-agent/instrumentation/commons-lang-3/src/test/groovy/datadog/trace/instrumentation/commonslang3/StringEscapeUtilsCallSiteTest.groovy
@@ -25,7 +25,7 @@ class StringEscapeUtilsCallSiteTest extends AgentTestRunner {
 
     then:
     result == expected
-    1 * module.taintIfInputIsTaintedWithMarks(_ as String, args[0], VulnerabilityMarks.XSS_MARK)
+    1 * module.taintIfTainted(_ as String, args[0], false, VulnerabilityMarks.XSS_MARK)
     0 * _
 
     where:
@@ -47,7 +47,7 @@ class StringEscapeUtilsCallSiteTest extends AgentTestRunner {
 
     then:
     result == expected
-    1 * module.taintIfInputIsTainted(_ as String, args[0])
+    1 * module.taintIfTainted(_ as String, args[0])
     0 * _
 
     where:
diff --git a/dd-java-agent/instrumentation/commons-text/src/main/java/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSite.java b/dd-java-agent/instrumentation/commons-text/src/main/java/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSite.java
index 68620efd078..ebd592fa241 100644
--- a/dd-java-agent/instrumentation/commons-text/src/main/java/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSite.java
+++ b/dd-java-agent/instrumentation/commons-text/src/main/java/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSite.java
@@ -6,7 +6,7 @@
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.VulnerabilityMarks;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 @Propagation
 @CallSite(spi = IastCallSites.class)
@@ -25,11 +25,11 @@ public class StringEscapeUtilsCallSite {
   @CallSite.After(
       "java.lang.String org.apache.commons.text.StringEscapeUtils.escapeXml11(java.lang.String)")
   public static String afterEscape(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.XSS_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEscape threw", e);
       }
@@ -40,11 +40,11 @@ public static String afterEscape(
   @CallSite.After(
       "java.lang.String org.apache.commons.text.StringEscapeUtils.escapeJson(java.lang.String)")
   public static String afterEscapeJson(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTainted(result, input);
+        module.taintIfTainted(result, input);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEscapeJson threw", e);
       }
diff --git a/dd-java-agent/instrumentation/commons-text/src/test/groovy/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSiteTest.groovy b/dd-java-agent/instrumentation/commons-text/src/test/groovy/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSiteTest.groovy
index 12296ad58c2..440e31ea3be 100644
--- a/dd-java-agent/instrumentation/commons-text/src/test/groovy/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSiteTest.groovy
+++ b/dd-java-agent/instrumentation/commons-text/src/test/groovy/datadog/trace/instrumentation/commonstext/StringEscapeUtilsCallSiteTest.groovy
@@ -25,7 +25,7 @@ class StringEscapeUtilsCallSiteTest extends AgentTestRunner {
 
     then:
     result == expected
-    1 * module.taintIfInputIsTaintedWithMarks(_ as String, args[0], VulnerabilityMarks.XSS_MARK)
+    1 * module.taintIfTainted(_ as String, args[0], false, VulnerabilityMarks.XSS_MARK)
     0 * _
 
     where:
@@ -48,7 +48,7 @@ class StringEscapeUtilsCallSiteTest extends AgentTestRunner {
 
     then:
     result == expected
-    1 * module.taintIfInputIsTainted(_ as String, args[0])
+    1 * module.taintIfTainted(_ as String, args[0])
     0 * _
 
     where:
diff --git a/dd-java-agent/instrumentation/couchbase/couchbase-2.0/src/main/java/datadog/trace/instrumentation/couchbase/client/CouchbaseClientDecorator.java b/dd-java-agent/instrumentation/couchbase/couchbase-2.0/src/main/java/datadog/trace/instrumentation/couchbase/client/CouchbaseClientDecorator.java
index 7afffe39500..cd592761951 100644
--- a/dd-java-agent/instrumentation/couchbase/couchbase-2.0/src/main/java/datadog/trace/instrumentation/couchbase/client/CouchbaseClientDecorator.java
+++ b/dd-java-agent/instrumentation/couchbase/couchbase-2.0/src/main/java/datadog/trace/instrumentation/couchbase/client/CouchbaseClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.couchbase.client;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -11,10 +10,7 @@ class CouchbaseClientDecorator extends DBTypeProcessingDatabaseClientDecorator {
   private static final String DB_TYPE = "couchbase";
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
 
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
diff --git a/dd-java-agent/instrumentation/couchbase/couchbase-3.1/src/main/java/datadog/trace/instrumentation/couchbase_31/client/CouchbaseClientDecorator.java b/dd-java-agent/instrumentation/couchbase/couchbase-3.1/src/main/java/datadog/trace/instrumentation/couchbase_31/client/CouchbaseClientDecorator.java
index 8d697120966..a1e62890976 100644
--- a/dd-java-agent/instrumentation/couchbase/couchbase-3.1/src/main/java/datadog/trace/instrumentation/couchbase_31/client/CouchbaseClientDecorator.java
+++ b/dd-java-agent/instrumentation/couchbase/couchbase-3.1/src/main/java/datadog/trace/instrumentation/couchbase_31/client/CouchbaseClientDecorator.java
@@ -2,7 +2,6 @@
 
 import static datadog.trace.bootstrap.instrumentation.api.Tags.DB_TYPE;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -11,10 +10,7 @@
 class CouchbaseClientDecorator extends DBTypeProcessingDatabaseClientDecorator {
   private static final String DB_TYPE = "couchbase";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
   public static final CharSequence COUCHBASE_CLIENT = UTF8BytesString.create("couchbase-client");
diff --git a/dd-java-agent/instrumentation/couchbase/couchbase-3.2/src/main/java/datadog/trace/instrumentation/couchbase_32/client/CouchbaseClientDecorator.java b/dd-java-agent/instrumentation/couchbase/couchbase-3.2/src/main/java/datadog/trace/instrumentation/couchbase_32/client/CouchbaseClientDecorator.java
index 854a67b6c75..2b84ad23c07 100644
--- a/dd-java-agent/instrumentation/couchbase/couchbase-3.2/src/main/java/datadog/trace/instrumentation/couchbase_32/client/CouchbaseClientDecorator.java
+++ b/dd-java-agent/instrumentation/couchbase/couchbase-3.2/src/main/java/datadog/trace/instrumentation/couchbase_32/client/CouchbaseClientDecorator.java
@@ -2,7 +2,6 @@
 
 import static datadog.trace.bootstrap.instrumentation.api.Tags.DB_TYPE;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -11,10 +10,7 @@
 class CouchbaseClientDecorator extends DBTypeProcessingDatabaseClientDecorator {
   private static final String DB_TYPE = "couchbase";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
   public static final CharSequence COUCHBASE_CLIENT = UTF8BytesString.create("couchbase-client");
diff --git a/dd-java-agent/instrumentation/cucumber/build.gradle b/dd-java-agent/instrumentation/cucumber/build.gradle
index 1b5f78a252d..0f8f883d533 100644
--- a/dd-java-agent/instrumentation/cucumber/build.gradle
+++ b/dd-java-agent/instrumentation/cucumber/build.gradle
@@ -8,31 +8,18 @@ muzzle {
   }
 }
 
+addTestSuiteForDir('latestDepTest', 'test')
+
 dependencies {
   compileOnly group: 'io.cucumber', name: 'cucumber-core', version: '5.4.0'
 
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-launcher') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-engine') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-suite') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-suite-engine') {
-    version {
-      strictly '1.8.2'
-    }
-  }
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.9.2'
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-suite', version: '1.9.2'
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-suite-engine', version: '1.9.2'
 
-  testImplementation group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
   testImplementation group: 'io.cucumber', name: 'cucumber-junit-platform-engine', version: '5.4.0'
-  testImplementation group: 'io.cucumber', name: 'cucumber-junit', version: '5.4.0'
+  testImplementation group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
+
+  latestDepTestImplementation group: 'io.cucumber', name: 'cucumber-java', version: '+'
+  latestDepTestImplementation group: 'io.cucumber', name: 'cucumber-junit-platform-engine', version: '+'
 }
diff --git a/dd-java-agent/instrumentation/datastax-cassandra-3/src/main/java/datadog/trace/instrumentation/datastax/cassandra/CassandraClientDecorator.java b/dd-java-agent/instrumentation/datastax-cassandra-3/src/main/java/datadog/trace/instrumentation/datastax/cassandra/CassandraClientDecorator.java
index 67ce02a29d1..28d5b32eddf 100644
--- a/dd-java-agent/instrumentation/datastax-cassandra-3/src/main/java/datadog/trace/instrumentation/datastax/cassandra/CassandraClientDecorator.java
+++ b/dd-java-agent/instrumentation/datastax-cassandra-3/src/main/java/datadog/trace/instrumentation/datastax/cassandra/CassandraClientDecorator.java
@@ -3,7 +3,6 @@
 import com.datastax.driver.core.Host;
 import com.datastax.driver.core.ResultSet;
 import com.datastax.driver.core.Session;
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -13,10 +12,7 @@
 public class CassandraClientDecorator extends DBTypeProcessingDatabaseClientDecorator<Session> {
   private static final String DB_TYPE = "cassandra";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
   public static final CharSequence JAVA_CASSANDRA = UTF8BytesString.create("java-cassandra");
diff --git a/dd-java-agent/instrumentation/datastax-cassandra-4/src/main/java/datadog/trace/instrumentation/datastax/cassandra4/CassandraClientDecorator.java b/dd-java-agent/instrumentation/datastax-cassandra-4/src/main/java/datadog/trace/instrumentation/datastax/cassandra4/CassandraClientDecorator.java
index e453f28ed35..98817ca2b5d 100644
--- a/dd-java-agent/instrumentation/datastax-cassandra-4/src/main/java/datadog/trace/instrumentation/datastax/cassandra4/CassandraClientDecorator.java
+++ b/dd-java-agent/instrumentation/datastax-cassandra-4/src/main/java/datadog/trace/instrumentation/datastax/cassandra4/CassandraClientDecorator.java
@@ -5,7 +5,6 @@
 import com.datastax.oss.driver.api.core.metadata.Node;
 import com.datastax.oss.driver.api.core.servererrors.CoordinatorException;
 import com.datastax.oss.driver.api.core.session.Session;
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -18,10 +17,7 @@
 public class CassandraClientDecorator extends DBTypeProcessingDatabaseClientDecorator<Session> {
   private static final String DB_TYPE = "cassandra";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
   public static final CharSequence JAVA_CASSANDRA = UTF8BytesString.create("java-cassandra");
diff --git a/dd-java-agent/instrumentation/elasticsearch/rest-5/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy b/dd-java-agent/instrumentation/elasticsearch/rest-5/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy
index eb646f790a8..012a4aa4c30 100644
--- a/dd-java-agent/instrumentation/elasticsearch/rest-5/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy
+++ b/dd-java-agent/instrumentation/elasticsearch/rest-5/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy
@@ -96,14 +96,16 @@ class Elasticsearch6RestClientTest extends AgentTestRunner {
         }
         span {
           serviceName "elasticsearch"
-          resourceName "GET _cluster/health"
+          resourceName "GET /_cluster/health"
           operationName "http.request"
           spanType DDSpanTypes.HTTP_CLIENT
           childOf span(0)
           tags {
             "$Tags.COMPONENT" "apache-httpasyncclient"
             "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
-            "$Tags.HTTP_URL" "_cluster/health"
+            "$Tags.PEER_HOSTNAME" httpTransportAddress.address
+            "$Tags.PEER_PORT" httpTransportAddress.port
+            "$Tags.HTTP_URL" "http://${httpTransportAddress.address}:${httpTransportAddress.port}/_cluster/health"
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 200
             defaultTags()
diff --git a/dd-java-agent/instrumentation/elasticsearch/rest-5/src/test/groovy/Elasticsearch5RestClientTest.groovy b/dd-java-agent/instrumentation/elasticsearch/rest-5/src/test/groovy/Elasticsearch5RestClientTest.groovy
index 8cdfcdb82ba..5d971c1f028 100644
--- a/dd-java-agent/instrumentation/elasticsearch/rest-5/src/test/groovy/Elasticsearch5RestClientTest.groovy
+++ b/dd-java-agent/instrumentation/elasticsearch/rest-5/src/test/groovy/Elasticsearch5RestClientTest.groovy
@@ -104,17 +104,20 @@ abstract class Elasticsearch5RestClientTest extends VersionedNamingTestBase {
         }
         span {
           serviceName service()
-          resourceName "GET _cluster/health"
+          resourceName "GET /_cluster/health"
           operationName SpanNaming.instance().namingSchema().client().operationForComponent("apache-httpasyncclient")
           spanType DDSpanTypes.HTTP_CLIENT
           childOf span(0)
           tags {
             "$Tags.COMPONENT" "apache-httpasyncclient"
             "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
-            "$Tags.HTTP_URL" "_cluster/health"
+            "$Tags.PEER_HOSTNAME" httpTransportAddress.address
+            "$Tags.PEER_PORT" httpTransportAddress.port
+            "$Tags.HTTP_URL" "http://${httpTransportAddress.address}:${httpTransportAddress.port}/_cluster/health"
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 200
-            defaultTagsNoPeerService()
+            peerServiceFrom(Tags.PEER_HOSTNAME)
+            defaultTags()
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy b/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy
index fdd68212459..72fbcc66a21 100644
--- a/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy
+++ b/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/latestDepTest/groovy/Elasticsearch6RestClientTest.groovy
@@ -6,7 +6,6 @@ import groovy.json.JsonSlurper
 import org.apache.http.HttpHost
 import org.apache.http.client.config.RequestConfig
 import org.apache.http.util.EntityUtils
-import org.elasticsearch.client.Request
 import org.elasticsearch.client.Response
 import org.elasticsearch.client.RestClient
 import org.elasticsearch.client.RestClientBuilder
@@ -71,9 +70,9 @@ class Elasticsearch6RestClientTest extends AgentTestRunner {
 
   def "test elasticsearch status"() {
     setup:
+    injectSysConfig("httpasyncclient4.legacy.tracing.enabled",  "true")
 
-    Request request = new Request("GET", "_cluster/health")
-    Response response = client.performRequest(request)
+    Response response = client.performRequest("GET", "_cluster/health")
 
     Map result = new JsonSlurper().parseText(EntityUtils.toString(response.entity))
 
@@ -111,7 +110,7 @@ class Elasticsearch6RestClientTest extends AgentTestRunner {
             "$Tags.HTTP_URL" "_cluster/health"
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 200
-            defaultTags()
+            defaultTagsNoPeerService()
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/test/groovy/Elasticsearch6RestClientTest.groovy b/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/test/groovy/Elasticsearch6RestClientTest.groovy
index eb646f790a8..bc95893a81a 100644
--- a/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/test/groovy/Elasticsearch6RestClientTest.groovy
+++ b/dd-java-agent/instrumentation/elasticsearch/rest-6.4/src/test/groovy/Elasticsearch6RestClientTest.groovy
@@ -33,7 +33,6 @@ class Elasticsearch6RestClientTest extends AgentTestRunner {
   RestClient client
 
   def setupSpec() {
-
     esWorkingDir = File.createTempDir("test-es-working-dir-", "")
     esWorkingDir.deleteOnExit()
     println "ES work dir: $esWorkingDir"
@@ -67,6 +66,7 @@ class Elasticsearch6RestClientTest extends AgentTestRunner {
 
   def "test elasticsearch status"() {
     setup:
+    injectSysConfig("httpasyncclient4.legacy.tracing.enabled",  "true")
 
     Response response = client.performRequest("GET", "_cluster/health")
 
@@ -106,7 +106,7 @@ class Elasticsearch6RestClientTest extends AgentTestRunner {
             "$Tags.HTTP_URL" "_cluster/health"
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 200
-            defaultTags()
+            defaultTagsNoPeerService()
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/elasticsearch/rest-7/src/test/groovy/Elasticsearch7RestClientTest.groovy b/dd-java-agent/instrumentation/elasticsearch/rest-7/src/test/groovy/Elasticsearch7RestClientTest.groovy
index 346cb12c567..e1f527a01f9 100644
--- a/dd-java-agent/instrumentation/elasticsearch/rest-7/src/test/groovy/Elasticsearch7RestClientTest.groovy
+++ b/dd-java-agent/instrumentation/elasticsearch/rest-7/src/test/groovy/Elasticsearch7RestClientTest.groovy
@@ -132,14 +132,16 @@ class Elasticsearch7RestClientTest extends AgentTestRunner {
         }
         span {
           serviceName "elasticsearch"
-          resourceName "GET _cluster/health"
+          resourceName "GET /_cluster/health"
           operationName "http.request"
           spanType DDSpanTypes.HTTP_CLIENT
           childOf span(0)
           tags {
             "$Tags.COMPONENT" "apache-httpasyncclient"
             "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
-            "$Tags.HTTP_URL" "_cluster/health"
+            "$Tags.PEER_HOSTNAME" httpTransportAddress.address
+            "$Tags.PEER_PORT" httpTransportAddress.port
+            "$Tags.HTTP_URL" "http://${httpTransportAddress.address}:${httpTransportAddress.port}/_cluster/health"
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 200
             defaultTags()
diff --git a/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchRestClientDecorator.java b/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchRestClientDecorator.java
index ac9750c4a8e..0741e14a39e 100644
--- a/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchRestClientDecorator.java
+++ b/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchRestClientDecorator.java
@@ -21,10 +21,7 @@ public class ElasticsearchRestClientDecorator extends DBTypeProcessingDatabaseCl
   private static final int MAX_ELASTICSEARCH_BODY_CONTENT_LENGTH = 25000;
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), "elasticsearch");
+      SpanNaming.instance().namingSchema().database().service("elasticsearch");
 
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(
@@ -97,7 +94,9 @@ public AgentSpan onRequest(
       final Map<String, String> parameters) {
     span.setTag(Tags.HTTP_METHOD, method);
     span.setTag(Tags.HTTP_URL, endpoint);
-    if (Config.get().isElasticsearchBodyAndParamsEnabled()) {
+
+    final Config config = Config.get();
+    if (config.isElasticsearchBodyEnabled() || config.isElasticsearchBodyAndParamsEnabled()) {
       if (entity != null) {
         long contentLength = entity.getContentLength();
         if (contentLength <= MAX_ELASTICSEARCH_BODY_CONTENT_LENGTH) {
@@ -112,6 +111,9 @@ public AgentSpan onRequest(
                   + ">");
         }
       }
+    }
+
+    if (config.isElasticsearchParamsEnabled() || config.isElasticsearchBodyAndParamsEnabled()) {
       if (parameters != null) {
         StringBuilder queryParametersStringBuilder = new StringBuilder();
         for (Map.Entry<String, String> parameter : parameters.entrySet()) {
diff --git a/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchTransportClientDecorator.java b/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchTransportClientDecorator.java
index 590c0edc6a1..172a7a56ef8 100644
--- a/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchTransportClientDecorator.java
+++ b/dd-java-agent/instrumentation/elasticsearch/src/main/java/datadog/trace/instrumentation/elasticsearch/ElasticsearchTransportClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.elasticsearch;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -11,10 +10,7 @@ public class ElasticsearchTransportClientDecorator extends DBTypeProcessingDatab
 
   private static final String DB_TYPE = "elasticsearch";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
 
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
diff --git a/dd-java-agent/instrumentation/exception-profiling/src/main/java/datadog/exceptions/instrumentation/ThrowableInstrumentation.java b/dd-java-agent/instrumentation/exception-profiling/src/main/java/datadog/exceptions/instrumentation/ThrowableInstrumentation.java
index 08a9b11997c..8f37f033e23 100644
--- a/dd-java-agent/instrumentation/exception-profiling/src/main/java/datadog/exceptions/instrumentation/ThrowableInstrumentation.java
+++ b/dd-java-agent/instrumentation/exception-profiling/src/main/java/datadog/exceptions/instrumentation/ThrowableInstrumentation.java
@@ -1,21 +1,15 @@
 package datadog.exceptions.instrumentation;
 
-import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.declaresField;
-import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.Platform;
-import net.bytebuddy.description.type.TypeDescription;
-import net.bytebuddy.matcher.ElementMatcher;
 
-/** Provides instrumentation of {@linkplain Throwable} constructor. */
+/** Provides instrumentation of {@linkplain Exception} and {@linkplain Error} constructors. */
 @AutoService(Instrumenter.class)
 public final class ThrowableInstrumentation extends Instrumenter.Profiling
-    implements Instrumenter.ForBootstrap,
-        Instrumenter.ForSingleType,
-        Instrumenter.WithTypeStructure {
+    implements Instrumenter.ForBootstrap, Instrumenter.ForKnownTypes {
 
   public ThrowableInstrumentation() {
     super("throwables");
@@ -27,17 +21,14 @@ public boolean isEnabled() {
   }
 
   @Override
-  public String instrumentedType() {
-    return "java.lang.Throwable";
-  }
-
-  @Override
-  public ElementMatcher<TypeDescription> structureMatcher() {
-    return declaresField(named("stackTrace"));
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(isConstructor(), packageName + ".ThrowableInstanceAdvice");
   }
 
   @Override
-  public void adviceTransformations(AdviceTransformation transformation) {
-    transformation.applyAdvice(isConstructor(), packageName + ".ThrowableInstanceAdvice");
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "java.lang.Exception", "java.lang.Error", "kotlin.Exception", "kotlin.Error"
+    };
   }
 }
diff --git a/dd-java-agent/instrumentation/exception-profiling/src/main/java11/datadog/exceptions/instrumentation/ThrowableInstanceAdvice.java b/dd-java-agent/instrumentation/exception-profiling/src/main/java11/datadog/exceptions/instrumentation/ThrowableInstanceAdvice.java
index 32072e031ed..3c2623f5a48 100644
--- a/dd-java-agent/instrumentation/exception-profiling/src/main/java11/datadog/exceptions/instrumentation/ThrowableInstanceAdvice.java
+++ b/dd-java-agent/instrumentation/exception-profiling/src/main/java11/datadog/exceptions/instrumentation/ThrowableInstanceAdvice.java
@@ -11,12 +11,7 @@
 
 public class ThrowableInstanceAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  public static void onExit(
-      @Advice.This final Throwable t,
-      @Advice.FieldValue("stackTrace") StackTraceElement[] stackTrace) {
-    if (t.getClass().getName().endsWith(".ResourceLeakDetector$TraceRecord")) {
-      return;
-    }
+  public static void onExit(@Advice.This final Object t) {
     /*
      * This instrumentation handler is sensitive to any throwables thrown from its body -
      * it will go into infinite loop of trying to handle the new throwable instance and generating
@@ -31,24 +26,23 @@ public static void onExit(
     }
     try {
       /*
-       * Exclude internal agent threads from exception profiling.
+       * We may get into a situation when this is called before exception sampling is active.
        */
-      if (Config.get().isProfilingExcludeAgentThreads()
-          && AGENT_THREAD_GROUP.equals(Thread.currentThread().getThreadGroup())) {
+      if (!InstrumentationBasedProfiling.isJFRReady()) {
         return;
       }
       /*
-       * We may get into a situation when this is called before exception sampling is active.
+       * Exclude internal agent threads from exception profiling.
        */
-      if (!InstrumentationBasedProfiling.isJFRReady()) {
+      if (Config.get().isProfilingExcludeAgentThreads()
+          && AGENT_THREAD_GROUP.equals(Thread.currentThread().getThreadGroup())) {
         return;
       }
       /*
        * JFR will assign the stacktrace depending on the place where the event is committed.
        * Therefore we need to commit the event here, right in the 'Exception' constructor
        */
-      final ExceptionSampleEvent event =
-          ExceptionProfiling.getInstance().process(t, stackTrace == null ? 0 : stackTrace.length);
+      final ExceptionSampleEvent event = ExceptionProfiling.getInstance().process((Throwable) t);
       if (event != null && event.shouldCommit()) {
         event.commit();
       }
diff --git a/dd-java-agent/instrumentation/freemarker/build.gradle b/dd-java-agent/instrumentation/freemarker/build.gradle
new file mode 100644
index 00000000000..f2d5ef612aa
--- /dev/null
+++ b/dd-java-agent/instrumentation/freemarker/build.gradle
@@ -0,0 +1,23 @@
+muzzle {
+  pass {
+    group = 'org.freemarker'
+    module = 'freemarker'
+    versions = '[2.3.32,]'
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'call-site-instrumentation'
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'org.freemarker', name: 'freemarker', version: '2.3.32'
+
+  testImplementation group: 'org.freemarker', name: 'freemarker', version: '2.3.32'
+
+  testRuntimeOnly project(':dd-java-agent:instrumentation:iast-instrumenter')
+
+  latestDepTestImplementation group: 'org.freemarker', name: 'freemarker', version: '+'
+}
diff --git a/dd-java-agent/instrumentation/freemarker/src/main/java/datadog/trace/instrumentation/freemarker/StringUtilCallSite.java b/dd-java-agent/instrumentation/freemarker/src/main/java/datadog/trace/instrumentation/freemarker/StringUtilCallSite.java
new file mode 100644
index 00000000000..391339f528b
--- /dev/null
+++ b/dd-java-agent/instrumentation/freemarker/src/main/java/datadog/trace/instrumentation/freemarker/StringUtilCallSite.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.freemarker;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.VulnerabilityMarks;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import javax.annotation.Nullable;
+
+@Propagation
+@CallSite(spi = IastCallSites.class)
+public class StringUtilCallSite {
+
+  @CallSite.After(
+      "java.lang.String freemarker.template.utility.StringUtil.HTMLEnc(java.lang.String)")
+  @CallSite.After(
+      "java.lang.String freemarker.template.utility.StringUtil.XMLEnc(java.lang.String)")
+  @CallSite.After(
+      "java.lang.String freemarker.template.utility.StringUtil.XHTMLEnc(java.lang.String)")
+  @CallSite.After(
+      "java.lang.String freemarker.template.utility.StringUtil.javaStringEnc(java.lang.String)")
+  @CallSite.After(
+      "java.lang.String freemarker.template.utility.StringUtil.javaScriptStringEnc(java.lang.String)")
+  @CallSite.After(
+      "java.lang.String freemarker.template.utility.StringUtil.jsonStringEnc(java.lang.String)")
+  public static String afterEscape(
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterEscape threw", e);
+      }
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/freemarker/src/test/groovy/datadog/trace/instrumentation/freemarker/StringUtilCallSiteTest.groovy b/dd-java-agent/instrumentation/freemarker/src/test/groovy/datadog/trace/instrumentation/freemarker/StringUtilCallSiteTest.groovy
new file mode 100644
index 00000000000..18d86d6aef5
--- /dev/null
+++ b/dd-java-agent/instrumentation/freemarker/src/test/groovy/datadog/trace/instrumentation/freemarker/StringUtilCallSiteTest.groovy
@@ -0,0 +1,61 @@
+package datadog.trace.instrumentation.freemarker
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.VulnerabilityMarks
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.TestStringUtilSuite
+
+class StringUtilCallSiteTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  void 'test #method'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    final result = TestStringUtilSuite.&"$method".call(args)
+
+    then:
+    result == expected
+    1 * module.taintIfTainted(_ as String, args[0], false, VulnerabilityMarks.XSS_MARK)
+    0 * _
+
+    where:
+    method                | args                                                            | expected
+    'HTMLEnc'             | ['<htmlTag>"escape this < </htmlTag>']                          | '&lt;htmlTag&gt;&quot;escape this &lt; &lt;/htmlTag&gt;'
+    'XMLEnc'              | ['<xmlTag>"escape this < </xmlTag>']                            | '&lt;xmlTag&gt;&quot;escape this &lt; &lt;/xmlTag&gt;'
+    'XHTMLEnc'            | ['<htmlTag>"escape this < </htmlTag>']                          | '&lt;htmlTag&gt;&quot;escape this &lt; &lt;/htmlTag&gt;'
+    'javaStringEnc'       | ['<script>function a(){console.log("escape this < ")}<script>'] | '<script>function a(){console.log(\\"escape this < \\")}<script>'
+    'javaScriptStringEnc' | ['<script>function a(){console.log("escape this < ")}<script>'] | '<script>function a(){console.log(\\"escape this < \\")}<script>'
+    'jsonStringEnc'       | ['["a":{"b":2}]']                                               | '[\\"a\\":{\\"b\\":2}]'
+  }
+
+  void 'test #method with null args'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    TestStringUtilSuite.&"$method".call(null)
+
+    then:
+    def thrownException = thrown (Exception)
+    assert  thrownException.stackTrace[0].getClassName().startsWith('freemarker')
+    0 * _
+
+    where:
+    method                | ex
+    'HTMLEnc'             | _
+    'XMLEnc'              | _
+    'XHTMLEnc'            | _
+    'javaStringEnc'       | _
+    'javaScriptStringEnc' | _
+    'jsonStringEnc'       | _
+  }
+}
diff --git a/dd-java-agent/instrumentation/freemarker/src/test/java/foo/bar/TestStringUtilSuite.java b/dd-java-agent/instrumentation/freemarker/src/test/java/foo/bar/TestStringUtilSuite.java
new file mode 100644
index 00000000000..70f5bb67425
--- /dev/null
+++ b/dd-java-agent/instrumentation/freemarker/src/test/java/foo/bar/TestStringUtilSuite.java
@@ -0,0 +1,30 @@
+package foo.bar;
+
+import freemarker.template.utility.StringUtil;
+
+public class TestStringUtilSuite {
+
+  public static String HTMLEnc(String input) {
+    return StringUtil.HTMLEnc(input);
+  }
+
+  public static String XMLEnc(String input) {
+    return StringUtil.XMLEnc(input);
+  }
+
+  public static String XHTMLEnc(String input) {
+    return StringUtil.XHTMLEnc(input);
+  }
+
+  public static String javaStringEnc(String input) {
+    return StringUtil.javaStringEnc(input);
+  }
+
+  public static String javaScriptStringEnc(String input) {
+    return StringUtil.javaScriptStringEnc(input);
+  }
+
+  public static String jsonStringEnc(String input) {
+    return StringUtil.jsonStringEnc(input);
+  }
+}
diff --git a/dd-java-agent/instrumentation/glassfish/src/test/groovy/GlassFishServerTest.groovy b/dd-java-agent/instrumentation/glassfish/src/test/groovy/GlassFishServerTest.groovy
index 8a8f86421bf..8f9d3502271 100644
--- a/dd-java-agent/instrumentation/glassfish/src/test/groovy/GlassFishServerTest.groovy
+++ b/dd-java-agent/instrumentation/glassfish/src/test/groovy/GlassFishServerTest.groovy
@@ -124,11 +124,14 @@ class GlassFishServerTest extends HttpServerTest<GlassFish> {
 
   @Override
   boolean testBlocking() {
-    true
-  }
-
-  @Override
-  boolean testUserBlocking() {
+    // TODO: the servlet instrumentation has no blocking request function yet
+    // Relying on grizzly or grizzly-filterchain instrumentations doesn't work
+    // for different reasons: the version of grizzly-http is too old for
+    // glassfish 4 and for glassfish 5 the span is created after the servlet span.
+    // The grizzly instrumentation doesn't work for a different reason: the blocking
+    // exception throw on parseRequestParameters is gobbled inside
+    // org.glassfish.grizzly.http.server.Request#parseRequestParameters and never
+    // propagates.
     false
   }
 
diff --git a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/AnnotationSubstitutionProcessorInstrumentation.java b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/AnnotationSubstitutionProcessorInstrumentation.java
index e7870be9ff8..8a75e238c08 100644
--- a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/AnnotationSubstitutionProcessorInstrumentation.java
+++ b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/AnnotationSubstitutionProcessorInstrumentation.java
@@ -6,6 +6,8 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import java.util.List;
+import net.bytebuddy.asm.Advice;
 
 @AutoService(Instrumenter.class)
 public final class AnnotationSubstitutionProcessorInstrumentation
@@ -23,11 +25,37 @@ public void adviceTransformations(AdviceTransformation transformation) {
             .and(named("lookup"))
             .and(takesArgument(0, named("jdk.vm.ci.meta.ResolvedJavaField"))),
         packageName + ".DeleteFieldAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("findTargetClasses")),
+        AnnotationSubstitutionProcessorInstrumentation.class.getName()
+            + "$FindTargetClassesAdvice");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".Target_org_jctools_counters_FixedSizeStripedLongCounterFields",
+      packageName + ".Target_org_jctools_util_UnsafeRefArrayAccess"
+    };
   }
 
   @Override
   public String[] muzzleIgnoredClassNames() {
-    // ignore JVMCI classes which are part of GraalVM but aren't available in public repositories
-    return new String[] {"jdk.vm.ci.meta.ResolvedJavaType", "jdk.vm.ci.meta.ResolvedJavaField"};
+    // JVMCI classes which are part of GraalVM but aren't available in public repositories
+    return new String[] {
+      "jdk.vm.ci.meta.ResolvedJavaType",
+      "jdk.vm.ci.meta.ResolvedJavaField",
+      // ignore helper class names as usual
+      packageName + ".Target_org_jctools_counters_FixedSizeStripedLongCounterFields",
+      packageName + ".Target_org_jctools_util_UnsafeRefArrayAccess"
+    };
+  }
+
+  public static class FindTargetClassesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void onExit(@Advice.Return(readOnly = false) List<Class<?>> result) {
+      result.add(Target_org_jctools_counters_FixedSizeStripedLongCounterFields.class);
+      result.add(Target_org_jctools_util_UnsafeRefArrayAccess.class);
+    }
   }
 }
diff --git a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/LinkAtBuildTimeInstrumentation.java b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/LinkAtBuildTimeInstrumentation.java
index 9edb16614c1..b38880ec6db 100644
--- a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/LinkAtBuildTimeInstrumentation.java
+++ b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/LinkAtBuildTimeInstrumentation.java
@@ -30,7 +30,7 @@ public static void onExit(
         @Advice.Argument(0) Class<?> declaringClass,
         @Advice.Return(readOnly = false) boolean linkAtBuildTime) {
       // skip AndroidPlatform from build-time linking because we're not building on Android
-      if ("okhttp3.internal.platform.AndroidPlatform".equals(declaringClass.getName())) {
+      if ("datadog.okhttp3.internal.platform.AndroidPlatform".equals(declaringClass.getName())) {
         linkAtBuildTime = false;
       }
     }
diff --git a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/ResourcesFeatureInstrumentation.java b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/ResourcesFeatureInstrumentation.java
index 31bbeed8d12..5495d1ea758 100644
--- a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/ResourcesFeatureInstrumentation.java
+++ b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/ResourcesFeatureInstrumentation.java
@@ -29,15 +29,15 @@ public static class InjectResourcesAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
     public static void onExit() {
       // the tracer jar is not listed on the image classpath, so manually inject its resources
-      // (drop inst/shared prefixes from embedded resources, so we can find them in native-image
+      // (drop trace/shared prefixes from embedded resources, so we can find them in native-image
       // as the final executable won't have our isolating class-loader to map these resources)
 
       String[] tracerResources = {
         "dd-java-agent.version",
         "dd-trace-api.version",
-        "inst/dd-trace-core.version",
+        "trace/dd-trace-core.version",
         "shared/dogstatsd/version.properties",
-        "shared/okhttp3/internal/publicsuffix/publicsuffixes.gz"
+        "shared/datadog/okhttp3/internal/publicsuffix/publicsuffixes.gz"
       };
 
       for (String original : tracerResources) {
diff --git a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/Target_org_jctools_counters_FixedSizeStripedLongCounterFields.java b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/Target_org_jctools_counters_FixedSizeStripedLongCounterFields.java
new file mode 100644
index 00000000000..6eedbae2acd
--- /dev/null
+++ b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/Target_org_jctools_counters_FixedSizeStripedLongCounterFields.java
@@ -0,0 +1,12 @@
+package datadog.trace.instrumentation.graal.nativeimage;
+
+import com.oracle.svm.core.annotate.Alias;
+import com.oracle.svm.core.annotate.RecomputeFieldValue;
+import com.oracle.svm.core.annotate.TargetClass;
+
+@TargetClass(className = "org.jctools.counters.FixedSizeStripedLongCounterFields")
+public final class Target_org_jctools_counters_FixedSizeStripedLongCounterFields {
+  @Alias
+  @RecomputeFieldValue(kind = RecomputeFieldValue.Kind.ArrayBaseOffset, declClass = long[].class)
+  public static long COUNTER_ARRAY_BASE;
+}
diff --git a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/Target_org_jctools_util_UnsafeRefArrayAccess.java b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/Target_org_jctools_util_UnsafeRefArrayAccess.java
new file mode 100644
index 00000000000..9ac8984b5c7
--- /dev/null
+++ b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/Target_org_jctools_util_UnsafeRefArrayAccess.java
@@ -0,0 +1,12 @@
+package datadog.trace.instrumentation.graal.nativeimage;
+
+import com.oracle.svm.core.annotate.Alias;
+import com.oracle.svm.core.annotate.RecomputeFieldValue;
+import com.oracle.svm.core.annotate.TargetClass;
+
+@TargetClass(className = "org.jctools.util.UnsafeRefArrayAccess")
+public final class Target_org_jctools_util_UnsafeRefArrayAccess {
+  @Alias
+  @RecomputeFieldValue(kind = RecomputeFieldValue.Kind.ArrayIndexShift, declClass = Object[].class)
+  public static int REF_ELEMENT_SHIFT;
+}
diff --git a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/VMRuntimeInstrumentation.java b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/VMRuntimeInstrumentation.java
index 9b75410f184..277c2260aba 100644
--- a/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/VMRuntimeInstrumentation.java
+++ b/dd-java-agent/instrumentation/graal/native-image/src/main/java/datadog/trace/instrumentation/graal/nativeimage/VMRuntimeInstrumentation.java
@@ -1,20 +1,27 @@
 package datadog.trace.instrumentation.graal.nativeimage;
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter.ExcludeType.RUNNABLE;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
 import static net.bytebuddy.matcher.ElementMatchers.isMethod;
 
 import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.ExcludeFilterProvider;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.Config;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter;
 import datadog.trace.logging.GlobalLogLevelSwitcher;
 import datadog.trace.logging.LogLevel;
+import java.util.Collection;
+import java.util.Map;
 import net.bytebuddy.asm.Advice;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 @AutoService(Instrumenter.class)
 public final class VMRuntimeInstrumentation extends AbstractNativeImageInstrumentation
-    implements Instrumenter.ForSingleType {
+    implements Instrumenter.ForSingleType, ExcludeFilterProvider {
 
   @Override
   public String instrumentedType() {
@@ -38,6 +45,12 @@ public boolean injectHelperDependencies() {
     return true;
   }
 
+  @Override
+  public Map<ExcludeFilter.ExcludeType, ? extends Collection<String>> excludedClasses() {
+    return singletonMap(
+        RUNNABLE, singletonList("com.oracle.svm.core.thread.VMOperationControl$VMOperationThread"));
+  }
+
   public static class InitializeAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void onEnter() {
diff --git a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleBuildListener.java b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleBuildListener.java
index 08c695bedd9..6a6019b2d91 100644
--- a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleBuildListener.java
+++ b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleBuildListener.java
@@ -6,10 +6,12 @@
 import datadog.trace.api.civisibility.events.BuildEventsHandler;
 import datadog.trace.api.config.CiVisibilityConfig;
 import datadog.trace.util.Strings;
+import java.io.File;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.gradle.BuildAdapter;
@@ -104,6 +106,8 @@ private void configureTestExecutions(
     for (Task testExecution : testExecutions) {
       GradleProjectConfigurator.INSTANCE.configureTracer(
           testExecution, moduleExecutionSettings.getSystemProperties());
+      GradleProjectConfigurator.INSTANCE.configureJacoco(
+          testExecution.getProject(), moduleExecutionSettings);
     }
   }
 
@@ -139,9 +143,13 @@ public void beforeExecute(Task task) {
       Project project = task.getProject();
       Gradle gradle = project.getGradle();
       String taskPath = task.getPath();
-      String startCommand = GradleUtils.recreateStartCommand(gradle.getStartParameter());
+
+      List<String> sourceSetNames = Config.get().getCiVisibilityJacocoGradleSourceSets();
+      Collection<File> outputClassesDirs =
+          GradleUtils.getOutputClassesDirs(project, sourceSetNames);
+
       BuildEventsHandler.ModuleInfo moduleInfo =
-          buildEventsHandler.onTestModuleStart(gradle, taskPath, startCommand, null);
+          buildEventsHandler.onTestModuleStart(gradle, taskPath, outputClassesDirs, null);
 
       JavaForkOptions taskForkOptions = (JavaForkOptions) task;
       taskForkOptions.jvmArgs(
diff --git a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleDaemonLoggingInstrumentation.java b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleDaemonLoggingInstrumentation.java
new file mode 100644
index 00000000000..71a77303807
--- /dev/null
+++ b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleDaemonLoggingInstrumentation.java
@@ -0,0 +1,47 @@
+package datadog.trace.instrumentation.gradle;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.logging.GlobalLogLevelSwitcher;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class GradleDaemonLoggingInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForSingleType {
+
+  public GradleDaemonLoggingInstrumentation() {
+    super("gradle", "gradle-daemon-logging");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.gradle.launcher.daemon.bootstrap.DaemonMain";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("initialiseLogging"),
+        GradleDaemonLoggingInstrumentation.class.getName() + "$ReinitialiseLogging");
+  }
+
+  /**
+   * Gradle Daemon closes original {@link System.out} and {@link System.err} streams (see {@link
+   * org.gradle.launcher.daemon.bootstrap.DaemonMain#daemonStarted}), and replaces them with Gradle
+   * Daemon log streams (see {@link
+   * org.gradle.launcher.daemon.bootstrap.DaemonMain#initialiseLogging}).
+   *
+   * <p>{@link datadog.trace.logging.simplelogger.SLCompatFactory} that contains logging settings
+   * gets initialized before Gradle Daemon, so DD logging settings refer to the original streams
+   * that the daemon closes. They need to refer to the new streams created by the daemon, so here we
+   * reset the settings letting them re-initialize to capture the new streams.
+   */
+  public static class ReinitialiseLogging {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void reinitialiseTracerLogging() {
+      GlobalLogLevelSwitcher.get().reinitialize();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleProjectConfigurator.groovy b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleProjectConfigurator.groovy
index 84d788e94d8..650f578e893 100644
--- a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleProjectConfigurator.groovy
+++ b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleProjectConfigurator.groovy
@@ -1,7 +1,9 @@
 package datadog.trace.instrumentation.gradle
 
 import datadog.trace.api.Config
+import datadog.trace.api.civisibility.config.ModuleExecutionSettings
 import datadog.trace.bootstrap.DatadogClassLoader
+import datadog.trace.util.Strings
 import org.gradle.api.Project
 import org.gradle.api.Task
 import org.gradle.internal.jvm.Jvm
@@ -11,6 +13,7 @@ import org.slf4j.LoggerFactory
 import java.nio.file.Files
 import java.nio.file.Path
 import java.nio.file.Paths
+import java.util.regex.Matcher
 import java.util.regex.Pattern
 
 /**
@@ -43,6 +46,8 @@ class GradleProjectConfigurator {
 
   public static final GradleProjectConfigurator INSTANCE = new GradleProjectConfigurator()
 
+  private static final String JACOCO_PLUGIN_ID = 'jacoco'
+
   void configureTracer(Task task, Map<String, String> propagatedSystemProperties) {
     List<String> jvmArgs = new ArrayList<>(task.jvmArgs != null ? task.jvmArgs : Collections.<String> emptyList())
 
@@ -51,18 +56,42 @@ class GradleProjectConfigurator {
       jvmArgs.add("-D" + e.key + '=' + e.value)
     }
 
-    def ciVisibilityDebugPort = Config.get().ciVisibilityDebugPort
+    def config = Config.get()
+    def ciVisibilityDebugPort = config.ciVisibilityDebugPort
     if (ciVisibilityDebugPort != null) {
       jvmArgs.add(
         "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address="
         + ciVisibilityDebugPort)
     }
 
-    jvmArgs.add("-javaagent:" + Config.get().ciVisibilityAgentJarFile.toPath())
+    String additionalArgs = config.ciVisibilityAdditionalChildProcessJvmArgs
+    if (additionalArgs != null) {
+      def project = task.getProject()
+      def projectProperties = project.getProperties()
+      def processedArgs = replaceProjectProperties(additionalArgs, projectProperties)
+      def splitArgs = processedArgs.split(" ")
+      jvmArgs.addAll(splitArgs)
+    }
+
+    jvmArgs.add("-javaagent:" + config.ciVisibilityAgentJarFile.toPath())
 
     task.jvmArgs(jvmArgs)
   }
 
+  private static final Pattern PROJECT_PROPERTY_REFERENCE = Pattern.compile("\\\$\\{([^}]+)\\}")
+
+  static String replaceProjectProperties(String s, Map<String, ?> projectProperties) {
+    StringBuffer output = new StringBuffer()
+    Matcher matcher = PROJECT_PROPERTY_REFERENCE.matcher(s)
+    while (matcher.find()) {
+      def propertyName = matcher.group(1)
+      def propertyValue = projectProperties.get(propertyName)
+      matcher.appendReplacement(output, Matcher.quoteReplacement(String.valueOf(propertyValue)))
+    }
+    matcher.appendTail(output)
+    return output.toString()
+  }
+
   void configureCompilerPlugin(Project project, String compilerPluginVersion) {
     def moduleName = getModuleName(project)
 
@@ -140,15 +169,13 @@ class GradleProjectConfigurator {
     return null
   }
 
-  void configureJacoco(Project project) {
-    def config = Config.get()
-    String jacocoPluginVersion = config.getCiVisibilityJacocoPluginVersion()
-    if (jacocoPluginVersion == null) {
+  void configureJacoco(Project project, ModuleExecutionSettings moduleExecutionSettings) {
+    if (!moduleExecutionSettings.codeCoverageEnabled || project.plugins.hasPlugin(JACOCO_PLUGIN_ID)) {
       return
     }
 
-    project.apply("plugin": "jacoco")
-    project.jacoco.toolVersion = jacocoPluginVersion
+    project.apply("plugin": JACOCO_PLUGIN_ID)
+    project.jacoco.toolVersion = Config.get().ciVisibilityJacocoPluginVersion
 
     // if instrumented project does dependency verification,
     // we need to exclude configurations added by Jacoco
@@ -160,16 +187,13 @@ class GradleProjectConfigurator {
       }
     }
 
+    def coverageEnabledPackages = moduleExecutionSettings.getCoverageEnabledPackages()
     forEveryTestTask project, { task ->
       task.jacoco.excludeClassLoaders += [DatadogClassLoader.name]
 
-      Collection<String> instrumentedPackages = config.ciVisibilityJacocoPluginIncludes
-      if (instrumentedPackages != null && !instrumentedPackages.empty) {
-        task.jacoco.includes += instrumentedPackages
-      } else {
-        Collection<String> excludedPackages = config.ciVisibilityJacocoPluginExcludes
-        if (excludedPackages != null && !excludedPackages.empty) {
-          task.jacoco.excludes += excludedPackages
+      for (String coverageEnabledPackage : coverageEnabledPackages) {
+        if (Strings.isNotBlank(coverageEnabledPackage)) {
+          task.jacoco.includes += coverageEnabledPackage
         }
       }
     }
@@ -197,8 +221,6 @@ class GradleProjectConfigurator {
       configureCompilerPlugin(project, compilerPluginVersion)
     }
 
-    configureJacoco(project)
-
     Map<Path, Collection<Task>> testExecutions = new HashMap<>()
     for (Task task : project.tasks) {
       if (GradleUtils.isTestTask(task)) {
diff --git a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleUtils.groovy b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleUtils.groovy
new file mode 100644
index 00000000000..b5336aeb6f1
--- /dev/null
+++ b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleUtils.groovy
@@ -0,0 +1,81 @@
+package datadog.trace.instrumentation.gradle
+
+import org.gradle.StartParameter
+import org.gradle.api.Project
+import org.gradle.api.Task
+import org.gradle.process.JavaForkOptions
+
+abstract class GradleUtils {
+
+  private static final String TEST_TASK_CLASS_NAME = "org.gradle.api.tasks.testing.Test"
+
+  static boolean isTestTask(Task task) {
+    if (!(task instanceof JavaForkOptions)) {
+      return false
+    }
+    Class<?> taskClass = task.getClass()
+    while (taskClass != null) {
+      // class name can contain suffix "_Decorated"
+      if (taskClass.getName().startsWith(TEST_TASK_CLASS_NAME)) {
+        return true
+      }
+      taskClass = taskClass.getSuperclass()
+    }
+    return false
+  }
+
+  /**
+   * Returns command line used to start the build. We instrument Gradle daemon process, not the
+   * client process that is launched from the command line, so the result of this method is an
+   * approximation of what the actual command could look like
+   */
+  static String recreateStartCommand(StartParameter startParameter) {
+    StringBuilder command = new StringBuilder("gradle")
+
+    for (String taskName : startParameter.getTaskNames()) {
+      command.append(' ').append(taskName)
+    }
+
+    for (String excludedTaskName : startParameter.getExcludedTaskNames()) {
+      command.append(" -x").append(excludedTaskName)
+    }
+
+    for (Map.Entry<String, String> e : startParameter.getProjectProperties().entrySet()) {
+      String propertyKey = e.getKey()
+      String propertyValue = e.getValue()
+      command.append(" -P").append(propertyKey)
+      if (propertyValue != null && !propertyValue.isEmpty()) {
+        command.append('=').append(propertyValue)
+      }
+    }
+
+    for (Map.Entry<String, String> e : startParameter.getSystemPropertiesArgs().entrySet()) {
+      String propertyKey = e.getKey()
+      String propertyValue = e.getValue()
+      command.append(" -D").append(propertyKey)
+      if (propertyValue != null && !propertyValue.isEmpty()) {
+        command.append('=').append(propertyValue)
+      }
+    }
+
+    return command.toString()
+  }
+
+  /**
+   * Returns folders where compiled classes are stored
+   */
+  static Collection<File> getOutputClassesDirs(Project project, List<String> sourceSetNames) {
+    def sourceSets = project.sourceSets
+    Collection<File> allOutputClassesDirs = new HashSet<>()
+    for (String sourceSetName : sourceSetNames) {
+      def sourceSet = sourceSets.getByName(sourceSetName)
+      def sourceSetOutput = sourceSet.output
+
+      if (sourceSetOutput.hasProperty('classesDirs')) {
+        def outputClassesDirs = sourceSetOutput.classesDirs
+        allOutputClassesDirs.addAll(outputClassesDirs.files)
+      }
+    }
+    return allOutputClassesDirs
+  }
+}
diff --git a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleUtils.java b/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleUtils.java
deleted file mode 100644
index cc7fab1e2a8..00000000000
--- a/dd-java-agent/instrumentation/gradle/src/main/groovy/datadog/trace/instrumentation/gradle/GradleUtils.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package datadog.trace.instrumentation.gradle;
-
-import java.util.Map;
-import org.gradle.StartParameter;
-import org.gradle.api.Task;
-import org.gradle.process.JavaForkOptions;
-
-public abstract class GradleUtils {
-
-  private static final String TEST_TASK_CLASS_NAME = "org.gradle.api.tasks.testing.Test";
-
-  public static boolean isTestTask(Task task) {
-    if (!(task instanceof JavaForkOptions)) {
-      return false;
-    }
-    Class<?> taskClass = task.getClass();
-    while (taskClass != null) {
-      // class name can contain suffix "_Decorated"
-      if (taskClass.getName().startsWith(TEST_TASK_CLASS_NAME)) {
-        return true;
-      }
-      taskClass = taskClass.getSuperclass();
-    }
-    return false;
-  }
-
-  /**
-   * Returns command line used to start the build. We instrument Gradle daemon process, not the
-   * client process that is launched from the command line, so the result of this method is an
-   * approximation of what the actual command could look like
-   */
-  public static String recreateStartCommand(StartParameter startParameter) {
-    StringBuilder command = new StringBuilder("gradle");
-
-    for (String taskName : startParameter.getTaskNames()) {
-      command.append(' ').append(taskName);
-    }
-
-    for (String excludedTaskName : startParameter.getExcludedTaskNames()) {
-      command.append(" -x").append(excludedTaskName);
-    }
-
-    for (Map.Entry<String, String> e : startParameter.getProjectProperties().entrySet()) {
-      String propertyKey = e.getKey();
-      String propertyValue = e.getValue();
-      command.append(" -P").append(propertyKey);
-      if (propertyValue != null && !propertyValue.isEmpty()) {
-        command.append('=').append(propertyValue);
-      }
-    }
-
-    for (Map.Entry<String, String> e : startParameter.getSystemPropertiesArgs().entrySet()) {
-      String propertyKey = e.getKey();
-      String propertyValue = e.getValue();
-      command.append(" -D").append(propertyKey);
-      if (propertyValue != null && !propertyValue.isEmpty()) {
-        command.append('=').append(propertyValue);
-      }
-    }
-
-    return command.toString();
-  }
-}
diff --git a/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyBlockingHelper.java b/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyBlockingHelper.java
index 67f6d28a9c1..a6c2dd0dd71 100644
--- a/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyBlockingHelper.java
+++ b/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyBlockingHelper.java
@@ -77,6 +77,7 @@ public static boolean block(
       os.close();
       response.finish();
 
+      scope.span().getRequestContext().getTraceSegment().effectivelyBlocked();
       SpanClosingListener.LISTENER.onAfterService(request);
     } catch (Throwable e) {
       log.info("Error committing blocking response", e);
diff --git a/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyDecorator.java b/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyDecorator.java
index eee7f1280e9..ecc3f5bd223 100644
--- a/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyDecorator.java
+++ b/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyDecorator.java
@@ -2,6 +2,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
@@ -85,7 +86,10 @@ public GrizzlyBlockResponseFunction(Request request) {
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType templateType,
+        Map<String, String> extraHeaders) {
       AgentScope agentScope = AgentTracer.get().activeScope();
       if (agentScope == null) {
         log.warn("Can't block: no active scope");
diff --git a/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyHttpHandlerInstrumentation.java b/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyHttpHandlerInstrumentation.java
index a37445a0982..188d48b23ca 100644
--- a/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyHttpHandlerInstrumentation.java
+++ b/dd-java-agent/instrumentation/grizzly-2/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyHttpHandlerInstrumentation.java
@@ -88,7 +88,6 @@ public static class HandleAdvice {
       if (rba != null) {
         boolean success = GrizzlyBlockingHelper.block(request, response, rba, scope);
         if (success) {
-          span.getRequestContext().getTraceSegment().effectivelyBlocked();
           return true; /* skip body */
         }
       }
diff --git a/dd-java-agent/instrumentation/grizzly-2/src/test/groovy/GrizzlyTest.groovy b/dd-java-agent/instrumentation/grizzly-2/src/test/groovy/GrizzlyTest.groovy
index 425d79dd707..7ab2a10e26d 100644
--- a/dd-java-agent/instrumentation/grizzly-2/src/test/groovy/GrizzlyTest.groovy
+++ b/dd-java-agent/instrumentation/grizzly-2/src/test/groovy/GrizzlyTest.groovy
@@ -97,6 +97,11 @@ class GrizzlyTest extends HttpServerTest<HttpServer> {
     return GrizzlyDecorator.GRIZZLY_REQUEST.toString()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testBlocking() {
     true
diff --git a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyDecorator.java b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyDecorator.java
index e30095acd81..0d2978953ab 100644
--- a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyDecorator.java
+++ b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyDecorator.java
@@ -6,6 +6,7 @@
 import datadog.trace.api.gateway.BlockResponseFunction;
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.ActiveSubsystems;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
@@ -169,12 +170,15 @@ public GrizzlyHttpBlockResponseFunction(String acceptHeader) {
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType templateType,
+        Map<String, String> extraHeaders) {
       if (ctx == null) {
         return false;
       }
       return GrizzlyHttpBlockingHelper.block(
-          ctx, acceptHeader, statusCode, templateType, extraHeaders);
+          ctx, acceptHeader, statusCode, templateType, extraHeaders, segment);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyHttpBlockingHelper.java b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyHttpBlockingHelper.java
index 92ad81a9678..d16cee1bbff 100644
--- a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyHttpBlockingHelper.java
+++ b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyHttpBlockingHelper.java
@@ -4,6 +4,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import java.lang.invoke.MethodHandle;
 import java.lang.invoke.MethodHandles;
@@ -35,6 +36,7 @@
 public class GrizzlyHttpBlockingHelper {
   private static final Logger log = LoggerFactory.getLogger(GrizzlyHttpBlockingHelper.class);
 
+  /** @see HttpServerFilter#encodeHttpPacket(FilterChainContext, HttpPacket) */
   private static final MethodHandle ENCODE_HTTP_PACKET;
 
   private static final CompletionHandler CLOSE_COMPLETION_HANDLER = new CloseCompletionHandler();
@@ -134,7 +136,8 @@ public static boolean block(
       String acceptHeader,
       int statusCode,
       BlockingContentType templateType,
-      Map<String, String> extraHeaders) {
+      Map<String, String> extraHeaders,
+      TraceSegment segment) {
     if (ENCODE_HTTP_PACKET == null) {
       return false;
     }
@@ -171,6 +174,7 @@ public static boolean block(
 
     Buffer buff;
     try {
+      segment.effectivelyBlocked(); // last opportunity before HttpServerFilterAdvice runs
       buff = (Buffer) ENCODE_HTTP_PACKET.invoke(httpServerFilter, ctx, httpContent);
     } catch (Throwable e) {
       log.error("Failure serializing http response for blocking", e);
diff --git a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/ParsedBodyParametersInstrumentation.java b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/ParsedBodyParametersInstrumentation.java
index 81483c3a7e0..12f22a34304 100644
--- a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/ParsedBodyParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/ParsedBodyParametersInstrumentation.java
@@ -111,7 +111,10 @@ static void after(
           BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
           if (blockResponseFunction != null) {
             blockResponseFunction.tryCommitBlockingResponse(
-                rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                reqCtx.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
             if (t == null) {
               t = new BlockingException("Blocked request (for Parameters/processParameters)");
             }
diff --git a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/test/groovy/GrizzlyTest.groovy b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/test/groovy/GrizzlyTest.groovy
index c622bf86b81..2e1a4f9c85f 100644
--- a/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/test/groovy/GrizzlyTest.groovy
+++ b/dd-java-agent/instrumentation/grizzly-http-2.3.20/src/test/groovy/GrizzlyTest.groovy
@@ -22,6 +22,11 @@ class GrizzlyTest extends HttpServerTest<HttpServer> {
     return GrizzlyDecorator.GRIZZLY_REQUEST.toString()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testRequestBody() {
     true
diff --git a/dd-java-agent/instrumentation/grpc-1.5/build.gradle b/dd-java-agent/instrumentation/grpc-1.5/build.gradle
index 8559c980973..9674f76ec38 100644
--- a/dd-java-agent/instrumentation/grpc-1.5/build.gradle
+++ b/dd-java-agent/instrumentation/grpc-1.5/build.gradle
@@ -41,6 +41,7 @@ dependencies {
   testImplementation group: 'javax.annotation', name: 'javax.annotation-api', version: '1.3.2'
 
   latestDepTestImplementation sourceSets.test.output // include the protobuf generated classes
+  latestDepTestImplementation group: 'io.grpc', name: 'grpc-inprocess', version: '1.+'
   latestDepTestImplementation group: 'io.grpc', name: 'grpc-netty', version: '1.+'
   latestDepTestImplementation group: 'io.grpc', name: 'grpc-protobuf', version: '1.+'
   latestDepTestImplementation group: 'io.grpc', name: 'grpc-stub', version: '1.+'
diff --git a/dd-java-agent/instrumentation/grpc-1.5/src/main/java/datadog/trace/instrumentation/grpc/server/TracingServerInterceptor.java b/dd-java-agent/instrumentation/grpc-1.5/src/main/java/datadog/trace/instrumentation/grpc/server/TracingServerInterceptor.java
index cd7c4eb1da2..a238d7ac5f6 100644
--- a/dd-java-agent/instrumentation/grpc-1.5/src/main/java/datadog/trace/instrumentation/grpc/server/TracingServerInterceptor.java
+++ b/dd-java-agent/instrumentation/grpc-1.5/src/main/java/datadog/trace/instrumentation/grpc/server/TracingServerInterceptor.java
@@ -67,7 +67,9 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
     CallbackProvider cbp = tracer.getCallbackProvider(RequestContextSlot.APPSEC);
     final AgentSpan span = startSpan(GRPC_SERVER, spanContext).setMeasured(true);
 
-    AgentTracer.get().setDataStreamCheckpoint(span, SERVER_PATHWAY_EDGE_TAGS, 0);
+    AgentTracer.get()
+        .getDataStreamsMonitoring()
+        .setCheckpoint(span, SERVER_PATHWAY_EDGE_TAGS, 0, 0);
 
     RequestContext reqContext = span.getRequestContext();
     if (reqContext != null) {
@@ -316,20 +318,30 @@ private static void callIGCallbackGrpcMessage(@Nonnull final AgentSpan span, Obj
     if (obj == null) {
       return;
     }
-
-    CallbackProvider cbp = tracer().getCallbackProvider(RequestContextSlot.APPSEC);
-    if (cbp == null) {
-      return;
-    }
-    BiFunction<RequestContext, Object, Flow<Void>> callback =
-        cbp.getCallback(EVENTS.grpcServerRequestMessage());
-    if (callback == null) {
+    CallbackProvider cbpAppsec = tracer().getCallbackProvider(RequestContextSlot.APPSEC);
+    CallbackProvider cbpIast = tracer().getCallbackProvider(RequestContextSlot.IAST);
+    if (cbpAppsec == null && cbpIast == null) {
       return;
     }
     RequestContext requestContext = span.getRequestContext();
     if (requestContext == null) {
       return;
     }
-    callback.apply(requestContext, obj);
+
+    if (cbpAppsec != null) {
+      BiFunction<RequestContext, Object, Flow<Void>> callback =
+          cbpAppsec.getCallback(EVENTS.grpcServerRequestMessage());
+      if (callback != null) {
+        callback.apply(requestContext, obj);
+      }
+    }
+
+    if (cbpIast != null) {
+      BiFunction<RequestContext, Object, Flow<Void>> callback =
+          cbpIast.getCallback(EVENTS.grpcServerRequestMessage());
+      if (callback != null) {
+        callback.apply(requestContext, obj);
+      }
+    }
   }
 }
diff --git a/dd-java-agent/instrumentation/grpc-1.5/src/test/groovy/GrpcTest.groovy b/dd-java-agent/instrumentation/grpc-1.5/src/test/groovy/GrpcTest.groovy
index 8aebdfb42a3..ce7d28b785a 100644
--- a/dd-java-agent/instrumentation/grpc-1.5/src/test/groovy/GrpcTest.groovy
+++ b/dd-java-agent/instrumentation/grpc-1.5/src/test/groovy/GrpcTest.groovy
@@ -619,12 +619,6 @@ abstract class GrpcTest extends VersionedNamingTestBase {
 }
 
 abstract class GrpcDataStreamsEnabledForkedTest extends GrpcTest {
-  @Override
-  protected void configurePreAgent() {
-    super.configurePreAgent()
-    injectSysConfig("dd.data.streams.enabled", "true")
-  }
-
   @Override
   protected boolean isDataStreamsEnabled() {
     return true
@@ -668,12 +662,6 @@ class GrpcDataStreamsEnabledV1ForkedTest extends GrpcDataStreamsEnabledForkedTes
 }
 
 class GrpcDataStreamsDisabledForkedTest extends GrpcTest {
-  @Override
-  protected void configurePreAgent() {
-    super.configurePreAgent()
-    injectSysConfig("dd.data.streams.enabled", "false")
-  }
-
   @Override
   protected boolean isDataStreamsEnabled() {
     return false
diff --git a/dd-java-agent/instrumentation/gson-1.6/build.gradle b/dd-java-agent/instrumentation/gson-1.6/build.gradle
new file mode 100644
index 00000000000..953d6dec9b9
--- /dev/null
+++ b/dd-java-agent/instrumentation/gson-1.6/build.gradle
@@ -0,0 +1,23 @@
+muzzle {
+  pass {
+    group = 'com.google.code.gson'
+    module = 'gson'
+    versions = '[1.6, ]'
+    skipVersions = ['1.7'] //only has html
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'com.google.code.gson', name: 'gson', version: '1.6'
+
+  testImplementation group: 'com.google.code.gson', name: 'gson', version: '1.6'
+
+  testRuntimeOnly project(':dd-java-agent:instrumentation:iast-instrumenter')
+
+  latestDepTestImplementation group: 'com.google.code.gson', name: 'gson', version: '+'
+}
diff --git a/dd-java-agent/instrumentation/gson-1.6/src/main/java/datadog/trace/instrumentation/gson/JsonReaderInstrumentation.java b/dd-java-agent/instrumentation/gson-1.6/src/main/java/datadog/trace/instrumentation/gson/JsonReaderInstrumentation.java
new file mode 100644
index 00000000000..cffcd7787f4
--- /dev/null
+++ b/dd-java-agent/instrumentation/gson-1.6/src/main/java/datadog/trace/instrumentation/gson/JsonReaderInstrumentation.java
@@ -0,0 +1,76 @@
+package datadog.trace.instrumentation.gson;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ClassLoaderMatchers.hasClassNamed;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class JsonReaderInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+
+  public JsonReaderInstrumentation() {
+    super("gson");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.google.gson.stream.JsonReader";
+  }
+
+  @Override
+  public ElementMatcher<ClassLoader> classLoaderMatcher() {
+    return hasClassNamed("com.google.gson.stream.JsonReader");
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor().and(takesArguments(1)).and(takesArgument(0, named("java.io.Reader"))),
+        getClass().getName() + "$ConstructAdvice");
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(returns(String.class))
+            .and(namedOneOf("nextName", "nextString"))
+            .and(takesNoArguments()),
+        getClass().getName() + "$MethodAdvice");
+  }
+
+  public static class ConstructAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    public static void afterInit(
+        @Advice.This Object self, @Advice.Argument(0) final java.io.Reader input) {
+      final PropagationModule iastModule = InstrumentationBridge.PROPAGATION;
+      if (iastModule != null && input != null) {
+        iastModule.taintIfTainted(self, input);
+      }
+    }
+  }
+
+  public static class MethodAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    public static void afterMethod(@Advice.This Object self, @Advice.Return final String result) {
+      final PropagationModule iastModule = InstrumentationBridge.PROPAGATION;
+      if (iastModule != null && result != null) {
+        iastModule.taintIfTainted(result, self);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/gson-1.6/src/test/groovy/datadog/trace/instrumentation/gson/JsonReaderInstrumentationTest.groovy b/dd-java-agent/instrumentation/gson-1.6/src/test/groovy/datadog/trace/instrumentation/gson/JsonReaderInstrumentationTest.groovy
new file mode 100644
index 00000000000..58e3621e92e
--- /dev/null
+++ b/dd-java-agent/instrumentation/gson-1.6/src/test/groovy/datadog/trace/instrumentation/gson/JsonReaderInstrumentationTest.groovy
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.gson
+
+import com.google.gson.Gson
+import com.google.gson.stream.JsonReader
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.propagation.PropagationModule
+
+class JsonReaderInstrumentationTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  void 'test'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final gson = new Gson()
+
+    when:
+    final reader = new JsonReader(new StringReader(json))
+
+    then:
+    1 * module.taintIfTainted(_ as JsonReader, _ as StringReader)
+
+    when:
+    gson.fromJson(reader, clazz)
+
+    then:
+    calls * module.taintIfTainted(_ as String, _ as JsonReader)
+    0 * _
+
+    where:
+    json | clazz | calls
+    '"Test"' | String | 1
+    '{"name": "nameTest", "value" : "valueTest"}' | TestBean | 4
+    '[{"name": "nameTest", "value" : "valueTest"}]' | TestBean[] | 4
+    '[{"name": "nameTest", "value" : "valueTest"}, {"name": "nameTest2", "value" : "valueTest2"}]' | TestBean[].class | 8
+  }
+
+
+  static final class TestBean {
+
+    @SuppressWarnings('CodeNarc')
+    private String name
+
+    @SuppressWarnings('CodeNarc')
+    private String value
+  }
+}
diff --git a/dd-java-agent/instrumentation/guava-10/build.gradle b/dd-java-agent/instrumentation/guava-10/build.gradle
index 99c63cec335..f81b5aa8a2c 100644
--- a/dd-java-agent/instrumentation/guava-10/build.gradle
+++ b/dd-java-agent/instrumentation/guava-10/build.gradle
@@ -17,8 +17,10 @@ addTestSuiteForDir('latestDepTest', 'test')
 dependencies {
   compileOnly group: 'com.google.guava', name: 'guava', version: '10.0'
 
+  testImplementation project(':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.20')
   testImplementation group: 'com.google.guava', name: 'guava', version: '16.0'
   // ^ first version with com.google.common.reflect.ClassPath.getAllClasses()
+  testImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: '1.28.0'
 
   latestDepTestImplementation group: 'com.google.guava', name: 'guava', version: '+'
 }
diff --git a/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/GuavaAsyncResultSupportExtension.java b/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/GuavaAsyncResultSupportExtension.java
new file mode 100644
index 00000000000..7d79fe052bc
--- /dev/null
+++ b/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/GuavaAsyncResultSupportExtension.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.guava10;
+
+import com.google.common.util.concurrent.ListenableFuture;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator;
+import java.util.concurrent.CancellationException;
+import java.util.concurrent.ExecutionException;
+
+public class GuavaAsyncResultSupportExtension
+    implements AsyncResultDecorator.AsyncResultSupportExtension {
+  static {
+    AsyncResultDecorator.registerExtension(new GuavaAsyncResultSupportExtension());
+  }
+
+  /**
+   * Register the extension as an {@link AsyncResultDecorator.AsyncResultSupportExtension} using
+   * static class initialization.<br>
+   * It uses an empty static method call to ensure the class loading and the one-time-only static
+   * class initialization. This will ensure this extension will only be registered once to the
+   * {@link AsyncResultDecorator}.
+   */
+  public static void initialize() {}
+
+  @Override
+  public boolean supports(Class<?> result) {
+    return ListenableFuture.class.isAssignableFrom(result);
+  }
+
+  @Override
+  public Object apply(Object result, AgentSpan span) {
+    if (result instanceof ListenableFuture) {
+      ListenableFuture<?> listenableFuture = (ListenableFuture<?>) result;
+      if (!listenableFuture.isDone() && !listenableFuture.isCancelled()) {
+        listenableFuture.addListener(
+            () -> {
+              // Get value to check for execution exception
+              try {
+                listenableFuture.get();
+              } catch (ExecutionException e) {
+                span.addThrowable(e.getCause());
+              } catch (CancellationException | InterruptedException e) {
+                // Ignored
+              }
+              span.finish();
+            },
+            Runnable::run);
+        return result;
+      }
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/ListenableFutureInstrumentation.java b/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/ListenableFutureInstrumentation.java
index 198aafab415..d09871a4e6d 100644
--- a/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/ListenableFutureInstrumentation.java
+++ b/dd-java-agent/instrumentation/guava-10/src/main/java/datadog/trace/instrumentation/guava10/ListenableFutureInstrumentation.java
@@ -3,6 +3,7 @@
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeScope;
 import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
 import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 
 import com.google.auto.service.AutoService;
@@ -31,6 +32,13 @@ public String instrumentedType() {
     return "com.google.common.util.concurrent.AbstractFuture";
   }
 
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      this.packageName + ".GuavaAsyncResultSupportExtension",
+    };
+  }
+
   @Override
   public Map<String, String> contextStore() {
     return singletonMap(Runnable.class.getName(), State.class.getName());
@@ -38,11 +46,20 @@ public Map<String, String> contextStore() {
 
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor(), ListenableFutureInstrumentation.class.getName() + "$AbstractFutureAdvice");
     transformation.applyAdvice(
         named("addListener").and(takesArguments(Runnable.class, Executor.class)),
         ListenableFutureInstrumentation.class.getName() + "$AddListenerAdvice");
   }
 
+  public static class AbstractFutureAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void init() {
+      GuavaAsyncResultSupportExtension.initialize();
+    }
+  }
+
   public static class AddListenerAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     public static State addListenerEnter(
diff --git a/dd-java-agent/instrumentation/guava-10/src/test/groovy/GuavaAsyncResultSupportExtensionTest.groovy b/dd-java-agent/instrumentation/guava-10/src/test/groovy/GuavaAsyncResultSupportExtensionTest.groovy
new file mode 100644
index 00000000000..38c44289538
--- /dev/null
+++ b/dd-java-agent/instrumentation/guava-10/src/test/groovy/GuavaAsyncResultSupportExtensionTest.groovy
@@ -0,0 +1,113 @@
+import annotatedsample.GuavaTracedMethods
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import spock.lang.Shared
+
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.ExecutionException
+import java.util.concurrent.ExecutorService
+import java.util.concurrent.Executors
+
+class GuavaAsyncResultSupportExtensionTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.20.enabled", "true")
+  }
+
+  @Shared
+  ExecutorService executor
+
+  def setupSpec() {
+    this.executor = Executors.newSingleThreadExecutor()
+  }
+
+  def cleanupSpec() {
+    this.executor.shutdownNow()
+  }
+
+  def "test WithSpan annotated async method (ListenableFuture)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def listenableFuture = GuavaTracedMethods.traceAsyncListenableFuture(executor, latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    listenableFuture.get()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "GuavaTracedMethods.traceAsyncListenableFuture"
+          operationName "GuavaTracedMethods.traceAsyncListenableFuture"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (cancelled ListenableFuture)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def listenableFuture = GuavaTracedMethods.traceAsyncCancelledListenableFuture(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    listenableFuture.cancel(true)
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "GuavaTracedMethods.traceAsyncCancelledListenableFuture"
+          operationName "GuavaTracedMethods.traceAsyncCancelledListenableFuture"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (failing ListenableFuture)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new IllegalStateException("Test exception")
+    def listenableFuture = GuavaTracedMethods.traceAsyncFailingListenableFuture(executor, latch, expectedException)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    listenableFuture.get()
+
+    then:
+    thrown(ExecutionException)
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "GuavaTracedMethods.traceAsyncFailingListenableFuture"
+          operationName "GuavaTracedMethods.traceAsyncFailingListenableFuture"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/guava-10/src/test/java/annotatedsample/GuavaTracedMethods.java b/dd-java-agent/instrumentation/guava-10/src/test/java/annotatedsample/GuavaTracedMethods.java
new file mode 100644
index 00000000000..4bb6550b57b
--- /dev/null
+++ b/dd-java-agent/instrumentation/guava-10/src/test/java/annotatedsample/GuavaTracedMethods.java
@@ -0,0 +1,67 @@
+package annotatedsample;
+
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import com.google.common.util.concurrent.AbstractFuture;
+import com.google.common.util.concurrent.ListenableFuture;
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+
+public class GuavaTracedMethods {
+  @WithSpan
+  public static ListenableFuture<String> traceAsyncListenableFuture(
+      ExecutorService executor, CountDownLatch latch) {
+    TestFuture listenableFuture = TestFuture.ofComplete(latch, "hello");
+    executor.submit(listenableFuture::start);
+    return listenableFuture;
+  }
+
+  @WithSpan
+  public static ListenableFuture<?> traceAsyncCancelledListenableFuture(CountDownLatch latch) {
+    return TestFuture.ofComplete(latch, "hello");
+  }
+
+  @WithSpan
+  public static ListenableFuture<?> traceAsyncFailingListenableFuture(
+      ExecutorService executor, CountDownLatch latch, Throwable exception) {
+    TestFuture listenableFuture = TestFuture.ofFailing(latch, exception);
+    executor.submit(listenableFuture::start);
+    return listenableFuture;
+  }
+
+  private static class TestFuture extends AbstractFuture<String> {
+    private final CountDownLatch latch;
+    private final String value;
+    private final Throwable exception;
+
+    private TestFuture(CountDownLatch latch, String value, Throwable exception) {
+      this.latch = latch;
+      this.value = value;
+      this.exception = exception;
+    }
+
+    private void start() {
+      try {
+        if (!this.latch.await(5, SECONDS)) {
+          throw new IllegalStateException("Latch still locked");
+        }
+      } catch (InterruptedException e) {
+        throw new RuntimeException(e);
+      }
+      if (this.exception != null) {
+        setException(this.exception);
+      } else {
+        set(this.value);
+      }
+    }
+
+    private static TestFuture ofComplete(CountDownLatch latch, String value) {
+      return new TestFuture(latch, value, null);
+    }
+
+    private static TestFuture ofFailing(CountDownLatch latch, Throwable exception) {
+      return new TestFuture(latch, null, exception);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/hazelcast-3.6/src/main/java/datadog/trace/instrumentation/hazelcast36/DistributedObjectDecorator.java b/dd-java-agent/instrumentation/hazelcast-3.6/src/main/java/datadog/trace/instrumentation/hazelcast36/DistributedObjectDecorator.java
index 17572932155..d4823ac7aec 100644
--- a/dd-java-agent/instrumentation/hazelcast-3.6/src/main/java/datadog/trace/instrumentation/hazelcast36/DistributedObjectDecorator.java
+++ b/dd-java-agent/instrumentation/hazelcast-3.6/src/main/java/datadog/trace/instrumentation/hazelcast36/DistributedObjectDecorator.java
@@ -7,7 +7,6 @@
 import static datadog.trace.instrumentation.hazelcast36.HazelcastConstants.INSTRUMENTATION_NAME;
 
 import com.hazelcast.core.DistributedObject;
-import datadog.trace.api.Config;
 import datadog.trace.api.Pair;
 import datadog.trace.api.cache.DDCache;
 import datadog.trace.api.cache.DDCaches;
@@ -28,10 +27,7 @@ public class DistributedObjectDecorator extends ClientDecorator {
       DDCaches.newFixedSizeCache(64);
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .cache()
-          .service(Config.get().getServiceName(), INSTRUMENTATION_NAME);
+      SpanNaming.instance().namingSchema().cache().service(INSTRUMENTATION_NAME);
 
   private static final Function<Pair<String, String>, String> COMPUTE_QUALIFIED_NAME =
       // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
diff --git a/dd-java-agent/instrumentation/hazelcast-3.9/src/main/java/datadog/trace/instrumentation/hazelcast39/ClientInvocationDecorator.java b/dd-java-agent/instrumentation/hazelcast-3.9/src/main/java/datadog/trace/instrumentation/hazelcast39/ClientInvocationDecorator.java
index 6d1c0db032a..095c9a200fc 100644
--- a/dd-java-agent/instrumentation/hazelcast-3.9/src/main/java/datadog/trace/instrumentation/hazelcast39/ClientInvocationDecorator.java
+++ b/dd-java-agent/instrumentation/hazelcast-3.9/src/main/java/datadog/trace/instrumentation/hazelcast39/ClientInvocationDecorator.java
@@ -8,7 +8,6 @@
 import static datadog.trace.instrumentation.hazelcast39.HazelcastConstants.HAZELCAST_SERVICE;
 import static datadog.trace.instrumentation.hazelcast39.HazelcastConstants.INSTRUMENTATION_NAME;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -20,10 +19,7 @@
 public class ClientInvocationDecorator extends ClientDecorator {
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .cache()
-          .service(Config.get().getServiceName(), INSTRUMENTATION_NAME);
+      SpanNaming.instance().namingSchema().cache().service(INSTRUMENTATION_NAME);
 
   public static final ClientInvocationDecorator DECORATE = new ClientInvocationDecorator();
 
diff --git a/dd-java-agent/instrumentation/hazelcast-4.0/src/main/java/datadog/trace/instrumentation/hazelcast4/HazelcastDecorator.java b/dd-java-agent/instrumentation/hazelcast-4.0/src/main/java/datadog/trace/instrumentation/hazelcast4/HazelcastDecorator.java
index 442d1ad7456..5e10c98fe40 100644
--- a/dd-java-agent/instrumentation/hazelcast-4.0/src/main/java/datadog/trace/instrumentation/hazelcast4/HazelcastDecorator.java
+++ b/dd-java-agent/instrumentation/hazelcast-4.0/src/main/java/datadog/trace/instrumentation/hazelcast4/HazelcastDecorator.java
@@ -7,7 +7,6 @@
 import static datadog.trace.instrumentation.hazelcast4.HazelcastConstants.HAZELCAST_SERVICE;
 import static datadog.trace.instrumentation.hazelcast4.HazelcastConstants.INSTRUMENTATION_NAME;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -19,10 +18,7 @@
 public class HazelcastDecorator extends ClientDecorator {
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .cache()
-          .service(Config.get().getServiceName(), INSTRUMENTATION_NAME);
+      SpanNaming.instance().namingSchema().cache().service(INSTRUMENTATION_NAME);
 
   public static final HazelcastDecorator DECORATE = new HazelcastDecorator();
 
diff --git a/dd-java-agent/instrumentation/http-url-connection/src/main/java/datadog/trace/instrumentation/http_url_connection/HttpUrlConnectionInstrumentation.java b/dd-java-agent/instrumentation/http-url-connection/src/main/java/datadog/trace/instrumentation/http_url_connection/HttpUrlConnectionInstrumentation.java
index 261c7a59cf7..dbe30a2df06 100644
--- a/dd-java-agent/instrumentation/http-url-connection/src/main/java/datadog/trace/instrumentation/http_url_connection/HttpUrlConnectionInstrumentation.java
+++ b/dd-java-agent/instrumentation/http-url-connection/src/main/java/datadog/trace/instrumentation/http_url_connection/HttpUrlConnectionInstrumentation.java
@@ -11,6 +11,7 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
 import datadog.trace.bootstrap.CallDepthThreadLocalMap;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.InstrumentationContext;
@@ -23,7 +24,9 @@
 
 @AutoService(Instrumenter.class)
 public class HttpUrlConnectionInstrumentation extends Instrumenter.Tracing
-    implements Instrumenter.ForBootstrap, Instrumenter.ForKnownTypes {
+    implements Instrumenter.ForBootstrap,
+        Instrumenter.ForKnownTypes,
+        Instrumenter.ForConfiguredType {
 
   public HttpUrlConnectionInstrumentation() {
     super("httpurlconnection");
@@ -33,10 +36,18 @@ public HttpUrlConnectionInstrumentation() {
   public String[] knownMatchingTypes() {
     // we deliberately exclude various subclasses that are simple delegators
     return new String[] {
-      "sun.net.www.protocol.http.HttpURLConnection", "java.net.HttpURLConnection"
+      "sun.net.www.protocol.http.HttpURLConnection",
+      "java.net.HttpURLConnection",
+      "weblogic.net.http.HttpURLConnection"
     };
   }
 
+  @Override
+  public String configuredMatchingType() {
+    // this won't match any class unless the property is set
+    return InstrumenterConfig.get().getHttpURLConnectionClassName();
+  }
+
   @Override
   public Map<String, String> contextStore() {
     return singletonMap("java.net.HttpURLConnection", HttpUrlState.class.getName());
diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
index bca6239bf47..05e3234670b 100644
--- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
+++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
@@ -75,6 +75,8 @@
 1 com.github.benmanes.caffeine.*
 1 com.github.jknack.handlebars.*
 1 com.google.*
+#Need for gson propagation
+2 com.google.gson.Gson
 1 com.googlecode.*
 1 com.hazelcast.*
 1 com.hdivsecurity.*
@@ -161,6 +163,8 @@
 1 nano.xml.*
 1 net.bytebuddy.*
 1 net.jcip.*
+# Amusing weak randomness false positive in XXHashFactory
+1 net.jpountz.xxhash.*
 1 net.logstash.*
 1 net.nicholaswilliams.*
 1 net.sf.beanlib.*
diff --git a/dd-java-agent/instrumentation/ignite-2.0/src/main/java/datadog/trace/instrumentation/ignite/v2/cache/IgniteCacheDecorator.java b/dd-java-agent/instrumentation/ignite-2.0/src/main/java/datadog/trace/instrumentation/ignite/v2/cache/IgniteCacheDecorator.java
index ff04b6d9f96..ef372f24a06 100644
--- a/dd-java-agent/instrumentation/ignite-2.0/src/main/java/datadog/trace/instrumentation/ignite/v2/cache/IgniteCacheDecorator.java
+++ b/dd-java-agent/instrumentation/ignite-2.0/src/main/java/datadog/trace/instrumentation/ignite/v2/cache/IgniteCacheDecorator.java
@@ -38,10 +38,7 @@ protected String[] instrumentationNames() {
 
   @Override
   protected String service() {
-    return SpanNaming.instance()
-        .namingSchema()
-        .cache()
-        .service(Config.get().getServiceName(), DB_TYPE);
+    return SpanNaming.instance().namingSchema().cache().service(DB_TYPE);
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1FactoryInstrumentation.java b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1FactoryInstrumentation.java
index 39a63861b39..0b32bc6f012 100644
--- a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1FactoryInstrumentation.java
+++ b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1FactoryInstrumentation.java
@@ -52,7 +52,7 @@ public static void onExit(
       if (input != null) {
         final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
         if (propagation != null) {
-          propagation.taintIfInputIsTainted(parser, input);
+          propagation.taintIfTainted(parser, input);
         }
         if (input instanceof URL) {
           final SsrfModule ssrf = InstrumentationBridge.SSRF;
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1ParserInstrumentation.java b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1ParserInstrumentation.java
index c230e513382..1f9eba240cc 100644
--- a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1ParserInstrumentation.java
+++ b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/main/java/datadog/trace/instrumentation/jackson/codehouse/core/Json1ParserInstrumentation.java
@@ -61,7 +61,7 @@ public static void onExit(@Advice.This JsonParser jsonParser, @Advice.Return Str
       if (jsonParser != null && result != null) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          module.taintIfInputIsTainted(result, jsonParser);
+          module.taintIfTainted(result, jsonParser);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1FactoryInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1FactoryInstrumentationTest.groovy
index ab38630beef..287967222f3 100644
--- a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1FactoryInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1FactoryInstrumentationTest.groovy
@@ -40,7 +40,7 @@ class Json1FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     result != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, content)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, content)
     0 * _
   }
 
@@ -55,7 +55,7 @@ class Json1FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     result != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, is)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, is)
     2 * is.read(_,_,_)
     0 * _
   }
@@ -72,7 +72,7 @@ class Json1FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     result != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, reader)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, reader)
     0 * _
   }
 
@@ -88,7 +88,7 @@ class Json1FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     parser != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, url)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, url)
     1 * ssrfModule.onURLConnection(url)
     0 * _
   }
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1ParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1ParserInstrumentationTest.groovy
index f7fa84db25a..cd7e9e098ce 100644
--- a/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1ParserInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/jackson-core/jackson-core-1/src/test/groovy/Json1ParserInstrumentationTest.groovy
@@ -25,7 +25,7 @@ class Json1ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'key1'
-    1 * propagationModule.taintIfInputIsTainted('key1', jsonParser)
+    1 * propagationModule.taintIfTainted('key1', jsonParser)
     0 * _
 
     where:
@@ -46,7 +46,7 @@ class Json1ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'key1'
-    1 * propagationModule.taintIfInputIsTainted('key1', jsonParser)
+    1 * propagationModule.taintIfTainted('key1', jsonParser)
     0 * _
 
     where:
@@ -67,7 +67,7 @@ class Json1ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'value1'
-    1 * propagationModule.taintIfInputIsTainted('value1', jsonParser)
+    1 * propagationModule.taintIfTainted('value1', jsonParser)
     0 * _
 
     where:
diff --git a/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2FactoryInstrumentation.java b/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2FactoryInstrumentation.java
index a3503994918..354ab309e8b 100644
--- a/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2FactoryInstrumentation.java
+++ b/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2FactoryInstrumentation.java
@@ -52,7 +52,7 @@ public static void onExit(
       if (input != null) {
         final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
         if (propagation != null) {
-          propagation.taintIfInputIsTainted(parser, input);
+          propagation.taintIfTainted(parser, input);
         }
         if (input instanceof URL) {
           final SsrfModule ssrf = InstrumentationBridge.SSRF;
diff --git a/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2ParserInstrumentation.java b/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2ParserInstrumentation.java
index e1342316f4f..fd2d28b3b2d 100644
--- a/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2ParserInstrumentation.java
+++ b/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/Json2ParserInstrumentation.java
@@ -80,7 +80,7 @@ public static void onExit(@Advice.This JsonParser jsonParser, @Advice.Return Str
       if (jsonParser != null && result != null) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          module.taintIfInputIsTainted(result, jsonParser);
+          module.taintIfTainted(result, jsonParser);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/TokenBufferInstrumentation.java b/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/TokenBufferInstrumentation.java
index 5d1a3bc9bb0..60320765f37 100644
--- a/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/TokenBufferInstrumentation.java
+++ b/dd-java-agent/instrumentation/jackson-core/src/main/java/datadog/trace/instrumentation/jackson/core/TokenBufferInstrumentation.java
@@ -49,7 +49,7 @@ public static void onExit(
         @Advice.This TokenBuffer tokenBuffer, @Advice.Return JsonParser parser) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(parser, tokenBuffer);
+        module.taintIfTainted(parser, tokenBuffer);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2FactoryInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2FactoryInstrumentationTest.groovy
index a3618b95ec9..50b5bb119dd 100644
--- a/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2FactoryInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2FactoryInstrumentationTest.groovy
@@ -43,7 +43,7 @@ class Json2FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     result != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, content)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, content)
     0 * _
   }
 
@@ -59,7 +59,7 @@ class Json2FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     result != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, is)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, is)
     2 * is.read(_, _, _)
     0 * _
   }
@@ -76,7 +76,7 @@ class Json2FactoryInstrumentationTest extends AgentTestRunner {
 
     then:
     result != null
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, reader)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, reader)
     0 * _
   }
 
@@ -95,9 +95,9 @@ class Json2FactoryInstrumentationTest extends AgentTestRunner {
     then:
     parser != null
     json == [key: 'value']
-    1 * propagationModule.taintIfInputIsTainted(_ as JsonParser, url)
-    1 * propagationModule.taintIfInputIsTainted('key', _ as JsonParser)
-    1 * propagationModule.taintIfInputIsTainted('value', _ as JsonParser)
+    1 * propagationModule.taintIfTainted(_ as JsonParser, url)
+    1 * propagationModule.taintIfTainted('key', _ as JsonParser)
+    1 * propagationModule.taintIfTainted('value', _ as JsonParser)
     1 * ssrfModule.onURLConnection(url)
     0 * _
   }
diff --git a/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2ParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2ParserInstrumentationTest.groovy
index 9bb11aeca63..86f9cc707bb 100644
--- a/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2ParserInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/jackson-core/src/test/groovy/Json2ParserInstrumentationTest.groovy
@@ -27,7 +27,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'key1'
-    1 * propagationModule.taintIfInputIsTainted('key1', jsonParser)
+    1 * propagationModule.taintIfTainted('key1', jsonParser)
     0 * _
 
     where:
@@ -48,7 +48,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'key1'
-    1 * propagationModule.taintIfInputIsTainted('key1', jsonParser)
+    1 * propagationModule.taintIfTainted('key1', jsonParser)
     0 * _
 
     where:
@@ -69,7 +69,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'key1'
-    1 * propagationModule.taintIfInputIsTainted('key1', jsonParser)
+    1 * propagationModule.taintIfTainted('key1', jsonParser)
     0 * _
 
     where:
@@ -90,7 +90,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'value1'
-    1 * propagationModule.taintIfInputIsTainted('value1', jsonParser)
+    1 * propagationModule.taintIfTainted('value1', jsonParser)
     0 * _
 
     where:
@@ -111,7 +111,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'key1'
-    1 * propagationModule.taintIfInputIsTainted('key1', jsonParser)
+    1 * propagationModule.taintIfTainted('key1', jsonParser)
     0 * _
 
     where:
@@ -132,7 +132,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
 
     then:
     result == 'value1'
-    1 * propagationModule.taintIfInputIsTainted('value1', jsonParser)
+    1 * propagationModule.taintIfTainted('value1', jsonParser)
     0 * _
 
     where:
diff --git a/dd-java-agent/instrumentation/jacoco/build.gradle b/dd-java-agent/instrumentation/jacoco/build.gradle
index c563ef1cae5..c975c3d1f14 100644
--- a/dd-java-agent/instrumentation/jacoco/build.gradle
+++ b/dd-java-agent/instrumentation/jacoco/build.gradle
@@ -5,11 +5,11 @@ muzzle {
     group = 'org.jacoco'
     module = 'org.jacoco.agent'
     classifier = 'runtime'
-    versions = "[0.5,)"
-    assertInverse = true
+    versions = "[0.6.2,)"
   }
 }
 
 dependencies {
   implementation deps.asm
+  compileOnly group: 'org.jacoco', name: 'org.jacoco.agent', version: '0.8.9', classifier: 'runtime'
 }
diff --git a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ClassInstrumenterInstrumentation.java b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ClassInstrumenterInstrumentation.java
index 15a4da34471..e6cfc86c951 100644
--- a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ClassInstrumenterInstrumentation.java
+++ b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ClassInstrumenterInstrumentation.java
@@ -51,7 +51,7 @@ public static class VisitTotalProbeCountAdvice {
     static void enter(
         @Advice.FieldValue(value = "className") final String className,
         @Advice.Argument(0) int count) {
-      InstrumentationBridge.getCoverageProbeStoreFactory().setTotalProbeCount(className, count);
+      InstrumentationBridge.getCoverageProbeStoreRegistry().setTotalProbeCount(className, count);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/CoverageDataInjector.java b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/CoverageDataInjector.java
new file mode 100644
index 00000000000..81a6e5655ce
--- /dev/null
+++ b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/CoverageDataInjector.java
@@ -0,0 +1,28 @@
+package datadog.trace.instrumentation.jacoco;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import org.jacoco.agent.rt.IAgent;
+import org.jacoco.agent.rt.RT;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class CoverageDataInjector {
+
+  private static final Logger log = LoggerFactory.getLogger(CoverageDataInjector.class);
+
+  static {
+    try {
+      if (Config.get().isCiVisibilityCodeCoveragePercentageCalculationEnabled()) {
+        IAgent agent = RT.getAgent();
+        InstrumentationBridge.registerCoverageDataSupplier(() -> agent.getExecutionData(false));
+      }
+    } catch (Exception e) {
+      log.info("Could not register coverage execution data factory", e);
+    }
+  }
+
+  public static void init() {
+    // this is just to trigger evaluation of the static block above
+  }
+}
diff --git a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/InstrumenterInstrumentation.java b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/InstrumenterInstrumentation.java
index e870fa3f435..4d480439681 100644
--- a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/InstrumenterInstrumentation.java
+++ b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/InstrumenterInstrumentation.java
@@ -23,7 +23,7 @@ public InstrumenterInstrumentation() {
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return super.isApplicable(enabledSystems) && Config.get().isCiVisibilityCodeCoverageEnabled();
+    return super.isApplicable(enabledSystems) && Config.get().isCiVisibilityEnabled();
   }
 
   @Override
@@ -39,6 +39,13 @@ public ElementMatcher<TypeDescription> hierarchyMatcher() {
         .and(nameEndsWith(".core.instr.Instrumenter"));
   }
 
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".CoverageDataInjector",
+    };
+  }
+
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
@@ -49,6 +56,20 @@ public void adviceTransformations(AdviceTransformation transformation) {
   public static class InstrumentAdvice {
     @Advice.OnMethodEnter(skipOn = Advice.OnNonDefaultValue.class)
     static byte[] enter(@Advice.Argument(0) byte[] bytes) {
+      // Jacoco initialization runs inside preMain of their agent which,
+      // depending on how a specific project is set up,
+      // can happen either after or _before_ our preMain.
+
+      // It means we cannot hook into Jacoco's init methods:
+      // even if we redefine them it will not help,
+      // as it is possible that they have already been executed
+      // by the time we do it.
+
+      // Therefore, we have to repeatedly call this "init" method here:
+      // when it is called the first time its class will be initialized,
+      // and our "should-run-once" logic will be triggered
+      CoverageDataInjector.init();
+
       // we cannot insert our custom Jacoco probes into classes compiled with Java older than 1.5
       // because there is no support for pushing types onto the stack
       int majorVersion = ((bytes[6] & 0xFF) << 8) | (bytes[7] & 0xFF);
diff --git a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/MethodVisitorWrapper.java b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/MethodVisitorWrapper.java
new file mode 100644
index 00000000000..762f6c6936c
--- /dev/null
+++ b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/MethodVisitorWrapper.java
@@ -0,0 +1,128 @@
+package datadog.trace.instrumentation.jacoco;
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import org.jacoco.agent.rt.IAgent;
+import org.jacoco.agent.rt.RT;
+import org.objectweb.asm.Opcodes;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MethodVisitorWrapper {
+
+  private static final Logger log = LoggerFactory.getLogger(MethodVisitorWrapper.class);
+
+  private static final MethodHandle visitMethodInsnHandle;
+  private static final MethodHandle visitInsnHandle;
+  private static final MethodHandle visitIntInsnHandle;
+  private static final MethodHandle visitLdcInsnHandle;
+  private static final MethodHandle getTypeHandle;
+
+  static {
+    IAgent agent = RT.getAgent();
+    Class<? extends IAgent> agentClass = agent.getClass();
+    Package jacocoPackage = agentClass.getPackage();
+    String jacocoPackageName = jacocoPackage.getName();
+    ClassLoader jacocoClassLoader = agentClass.getClassLoader();
+
+    MethodHandles.Lookup lookup = MethodHandles.lookup();
+    Class<?> shadedMethodVisitorClass =
+        getJacocoClass(jacocoClassLoader, jacocoPackageName, ".asm.MethodVisitor");
+    visitMethodInsnHandle =
+        accessMethod(
+            lookup,
+            shadedMethodVisitorClass,
+            "visitMethodInsn",
+            int.class,
+            String.class,
+            String.class,
+            String.class,
+            boolean.class);
+    visitInsnHandle = accessMethod(lookup, shadedMethodVisitorClass, "visitInsn", int.class);
+    visitIntInsnHandle =
+        accessMethod(lookup, shadedMethodVisitorClass, "visitIntInsn", int.class, int.class);
+    visitLdcInsnHandle =
+        accessMethod(lookup, shadedMethodVisitorClass, "visitLdcInsn", Object.class);
+
+    Class<?> shadedTypeClass = getJacocoClass(jacocoClassLoader, jacocoPackageName, ".asm.Type");
+    getTypeHandle = accessMethod(lookup, shadedTypeClass, "getType", String.class);
+  }
+
+  private static Class<?> getJacocoClass(
+      ClassLoader classLoader, String jacocoPackageName, String classNameSuffix) {
+    String className = jacocoPackageName + classNameSuffix;
+    try {
+      return classLoader.loadClass(className);
+
+    } catch (Throwable throwable) {
+      log.error("Could not load Jacoco class: " + className, throwable);
+      return null;
+    }
+  }
+
+  private static MethodHandle accessMethod(
+      MethodHandles.Lookup lookup, Class<?> clazz, String methodName, Class<?>... arguments) {
+    if (clazz == null) {
+      return null;
+    }
+    try {
+      Method method = clazz.getMethod(methodName, arguments);
+      method.setAccessible(true);
+      return lookup.unreflect(method);
+    } catch (Throwable throwable) {
+      log.error(
+          "Could not find method "
+              + methodName
+              + " with arguments "
+              + Arrays.toString(arguments)
+              + " in class "
+              + clazz.getName(),
+          throwable);
+      return null;
+    }
+  }
+
+  public static MethodVisitorWrapper wrap(Object mv) {
+    return new MethodVisitorWrapper(mv);
+  }
+
+  private final Object mv;
+
+  MethodVisitorWrapper(Object mv) {
+    this.mv = mv;
+  }
+
+  public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean itf)
+      throws Throwable {
+    visitMethodInsnHandle.invoke(mv, opcode, owner, name, desc, itf);
+  }
+
+  public void visitLdcInsn(Object cst) throws Throwable {
+    visitLdcInsnHandle.invoke(mv, cst);
+  }
+
+  /**
+   * Generates the instruction to push the given int value on the stack. Implementation taken from
+   * {@link org.objectweb.asm.commons.GeneratorAdapter#push(int)}.
+   *
+   * @param value the value to be pushed on the stack.
+   */
+  public void push(int value) throws Throwable {
+    if (value >= -1 && value <= 5) {
+      visitInsnHandle.invoke(mv, Opcodes.ICONST_0 + value);
+    } else if (value >= Byte.MIN_VALUE && value <= Byte.MAX_VALUE) {
+      visitIntInsnHandle.invoke(mv, Opcodes.BIPUSH, value);
+    } else if (value >= Short.MIN_VALUE && value <= Short.MAX_VALUE) {
+      visitIntInsnHandle.invoke(mv, Opcodes.SIPUSH, value);
+    } else {
+      visitLdcInsnHandle.invoke(mv, value);
+    }
+  }
+
+  public void pushClass(String className) throws Throwable {
+    Object clazz = getTypeHandle.invoke('L' + className + ';');
+    visitLdcInsnHandle.invoke(mv, clazz);
+  }
+}
diff --git a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ProbeInserterInstrumentation.java b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ProbeInserterInstrumentation.java
index d26090526f7..23cbc198d76 100644
--- a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ProbeInserterInstrumentation.java
+++ b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ProbeInserterInstrumentation.java
@@ -17,7 +17,6 @@
 import datadog.trace.api.Config;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
 import java.util.Set;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.field.FieldDescription;
@@ -39,7 +38,7 @@ public boolean isApplicable(Set<TargetSystem> enabledSystems) {
 
   @Override
   public String[] helperClassNames() {
-    return new String[] {packageName + ".ReflectiveMethodVisitor"};
+    return new String[] {packageName + ".MethodVisitorWrapper"};
   }
 
   @SuppressForbidden
@@ -134,8 +133,7 @@ static void exit(
         @Advice.FieldValue(value = "mv") final Object mv,
         @Advice.FieldValue(value = "arrayStrategy") final Object arrayStrategy,
         @Advice.Argument(0) final int id)
-        throws NoSuchMethodException, InvocationTargetException, IllegalAccessException,
-            NoSuchFieldException, ClassNotFoundException {
+        throws Throwable {
       Field classNameField = arrayStrategy.getClass().getDeclaredField("className");
       classNameField.setAccessible(true);
       String className = (String) classNameField.get(arrayStrategy);
@@ -151,7 +149,7 @@ static void exit(
       classIdField.setAccessible(true);
       Long classId = classIdField.getLong(arrayStrategy);
 
-      ReflectiveMethodVisitor methodVisitor = ReflectiveMethodVisitor.wrap(mv);
+      MethodVisitorWrapper methodVisitor = MethodVisitorWrapper.wrap(mv);
 
       methodVisitor.visitLdcInsn(classId);
       methodVisitor.visitLdcInsn(className);
diff --git a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ReflectiveMethodVisitor.java b/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ReflectiveMethodVisitor.java
deleted file mode 100644
index 9c5f4a7b705..00000000000
--- a/dd-java-agent/instrumentation/jacoco/src/main/java/datadog/trace/instrumentation/jacoco/ReflectiveMethodVisitor.java
+++ /dev/null
@@ -1,92 +0,0 @@
-package datadog.trace.instrumentation.jacoco;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import org.objectweb.asm.Opcodes;
-
-public class ReflectiveMethodVisitor {
-  private static Class methodVisitorClass;
-  private static Method visitMethodInsnMethod;
-  private static Method visitInsnMethod;
-  private static Method visitIntInsnMethod;
-  private static Method visitLdcInsnMethod;
-  private static Method getTypeMethod;
-
-  public static ReflectiveMethodVisitor wrap(Object mv)
-      throws NoSuchMethodException, ClassNotFoundException {
-    if (null == methodVisitorClass) {
-      methodVisitorClass = mv.getClass();
-      visitMethodInsnMethod =
-          methodVisitorClass.getMethod(
-              "visitMethodInsn",
-              int.class,
-              String.class,
-              String.class,
-              String.class,
-              boolean.class);
-      visitMethodInsnMethod.setAccessible(true);
-      visitInsnMethod = methodVisitorClass.getMethod("visitInsn", int.class);
-      visitInsnMethod.setAccessible(true);
-      visitIntInsnMethod = methodVisitorClass.getMethod("visitIntInsn", int.class, int.class);
-      visitIntInsnMethod.setAccessible(true);
-      visitLdcInsnMethod = methodVisitorClass.getMethod("visitLdcInsn", Object.class);
-      visitLdcInsnMethod.setAccessible(true);
-
-      getTypeMethod = findGetTypeMethod();
-    }
-    return new ReflectiveMethodVisitor(mv);
-  }
-
-  private static Method findGetTypeMethod() throws ClassNotFoundException, NoSuchMethodException {
-    String methodVisitorClassName = methodVisitorClass.getName();
-    Matcher matcher = Pattern.compile(".*?\\.internal_.+?\\.").matcher(methodVisitorClassName);
-    if (!matcher.find()) {
-      throw new IllegalArgumentException("Unexpected class name format: " + methodVisitorClassName);
-    }
-
-    String basePackageName = matcher.group();
-    String typeClassName = basePackageName + "asm.Type";
-    Class typeClass = methodVisitorClass.getClassLoader().loadClass(typeClassName);
-    return typeClass.getDeclaredMethod("getType", String.class);
-  }
-
-  private final Object mv;
-
-  ReflectiveMethodVisitor(Object mv) {
-    this.mv = mv;
-  }
-
-  public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean itf)
-      throws InvocationTargetException, IllegalAccessException {
-    visitMethodInsnMethod.invoke(mv, opcode, owner, name, desc, itf);
-  }
-
-  public void visitLdcInsn(Object cst) throws InvocationTargetException, IllegalAccessException {
-    visitLdcInsnMethod.invoke(mv, cst);
-  }
-
-  /**
-   * Generates the instruction to push the given int value on the stack. Implementation taken from
-   * {@link org.objectweb.asm.commons.GeneratorAdapter#push(int)}.
-   *
-   * @param value the value to be pushed on the stack.
-   */
-  public void push(int value) throws InvocationTargetException, IllegalAccessException {
-    if (value >= -1 && value <= 5) {
-      visitInsnMethod.invoke(mv, Opcodes.ICONST_0 + value);
-    } else if (value >= Byte.MIN_VALUE && value <= Byte.MAX_VALUE) {
-      visitIntInsnMethod.invoke(mv, Opcodes.BIPUSH, value);
-    } else if (value >= Short.MIN_VALUE && value <= Short.MAX_VALUE) {
-      visitIntInsnMethod.invoke(mv, Opcodes.SIPUSH, value);
-    } else {
-      visitLdcInsnMethod.invoke(mv, value);
-    }
-  }
-
-  public void pushClass(String className) throws InvocationTargetException, IllegalAccessException {
-    Object clazz = getTypeMethod.invoke(null, 'L' + className + ';');
-    visitLdcInsnMethod.invoke(mv, clazz);
-  }
-}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/build.gradle b/dd-java-agent/instrumentation/jakarta-jms/build.gradle
new file mode 100644
index 00000000000..2f6b9f32c6c
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/build.gradle
@@ -0,0 +1,38 @@
+ext {
+  minJavaVersionForTests = JavaVersion.VERSION_17
+}
+
+muzzle {
+  pass {
+    group = "jakarta.jms"
+    module = "jakarta.jms-api"
+    versions = "[3.0.0,4)"
+    javaVersion = "17"
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+apply from: "$rootDir/gradle/configure_tests.gradle"
+
+repositories {
+  maven {
+    // only place that has org.jboss.naming:jnpserver:5.0.3.GA publicly accessible
+    name 'jboss-releases'
+    url 'https://repository.jboss.org/nexus/content/repositories/releases/'
+  }
+}
+
+compileTestGroovy {
+  it.javaLauncher = getJavaLauncherFor(17)
+}
+
+dependencies {
+  compileOnly 'jakarta.jms:jakarta.jms-api:3.0.0'
+  testImplementation 'jakarta.jms:jakarta.jms-api:3.0.0'
+  testImplementation group: 'org.springframework', name: 'spring-jms', version: '6.0.11'
+  testImplementation group: 'org.springframework', name: 'spring-context', version: '6.0.11'
+  testImplementation group: 'jakarta.annotation', name: 'jakarta.annotation-api', version: '2.1.1'
+  testImplementation group: 'org.hornetq', name: 'hornetq-jakarta-client', version: '2.4.9.Final'
+  testImplementation group: 'org.hornetq', name: 'hornetq-jms-server', version: '2.4.9.Final'
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/DatadogMessageListener.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/DatadogMessageListener.java
new file mode 100644
index 00000000000..9ddab9f436c
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/DatadogMessageListener.java
@@ -0,0 +1,84 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.BROKER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.CONSUMER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_CONSUME;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_DELIVER;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.TIME_IN_QUEUE_ENABLED;
+import static datadog.trace.instrumentation.jakarta.jms.MessageExtractAdapter.GETTER;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.jms.MessageConsumerState;
+import datadog.trace.bootstrap.instrumentation.jms.SessionState;
+import jakarta.jms.Message;
+import jakarta.jms.MessageListener;
+
+public class DatadogMessageListener implements MessageListener {
+
+  private final ContextStore<Message, SessionState> messageAckStore;
+  private final MessageConsumerState consumerState;
+  private final MessageListener messageListener;
+
+  public DatadogMessageListener(
+      ContextStore<Message, SessionState> messageAckStore,
+      MessageConsumerState consumerState,
+      MessageListener messageListener) {
+    this.messageAckStore = messageAckStore;
+    this.consumerState = consumerState;
+    this.messageListener = messageListener;
+  }
+
+  @Override
+  public void onMessage(Message message) {
+    AgentSpan span;
+    AgentSpan.Context propagatedContext = null;
+    if (!consumerState.isPropagationDisabled()) {
+      propagatedContext = propagate().extract(message, GETTER);
+    }
+    long startMillis = GETTER.extractTimeInQueueStart(message);
+    if (startMillis == 0 || !TIME_IN_QUEUE_ENABLED) {
+      span = startSpan(JMS_CONSUME, propagatedContext);
+    } else {
+      long batchId = GETTER.extractMessageBatchId(message);
+      AgentSpan timeInQueue = consumerState.getTimeInQueueSpan(batchId);
+      if (null == timeInQueue) {
+        timeInQueue = startSpan(JMS_DELIVER, propagatedContext, MILLISECONDS.toMicros(startMillis));
+        BROKER_DECORATE.afterStart(timeInQueue);
+        BROKER_DECORATE.onTimeInQueue(
+            timeInQueue,
+            consumerState.getBrokerResourceName(),
+            consumerState.getBrokerServiceName());
+        consumerState.setTimeInQueueSpan(batchId, timeInQueue);
+      }
+      span = startSpan(JMS_CONSUME, timeInQueue.context());
+    }
+    CONSUMER_DECORATE.afterStart(span);
+    CONSUMER_DECORATE.onConsume(span, message, consumerState.getConsumerResourceName());
+    SessionState sessionState = consumerState.getSessionState();
+    if (sessionState.isClientAcknowledge()) {
+      // consumed spans will be finished by a call to Message.acknowledge
+      sessionState.finishOnAcknowledge(span);
+      messageAckStore.put(message, sessionState);
+    } else if (sessionState.isTransactedSession()) {
+      // span will be finished by Session.commit/rollback/close
+      sessionState.finishOnCommit(span);
+    }
+    try (AgentScope scope = activateSpan(span)) {
+      messageListener.onMessage(message);
+    } catch (RuntimeException | Error thrown) {
+      CONSUMER_DECORATE.onError(span, thrown);
+      throw thrown;
+    } finally {
+      if (sessionState.isAutoAcknowledge()) {
+        span.finish();
+        consumerState.finishTimeInQueueSpan(false);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSDecorator.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSDecorator.java
new file mode 100644
index 00000000000..c5642ab010e
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSDecorator.java
@@ -0,0 +1,219 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.bootstrap.instrumentation.api.InstrumentationTags.RECORD_QUEUE_TIME_MS;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.Functions.Join;
+import datadog.trace.api.Functions.PrefixJoin;
+import datadog.trace.api.cache.DDCache;
+import datadog.trace.api.cache.DDCaches;
+import datadog.trace.api.naming.SpanNaming;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.MessagingClientDecorator;
+import jakarta.jms.Destination;
+import jakarta.jms.Message;
+import jakarta.jms.Queue;
+import jakarta.jms.TemporaryQueue;
+import jakarta.jms.TemporaryTopic;
+import jakarta.jms.Topic;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Function;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class JMSDecorator extends MessagingClientDecorator {
+  private static final Logger log = LoggerFactory.getLogger(JMSDecorator.class);
+
+  public static final CharSequence JMS = UTF8BytesString.create("jms");
+  public static final CharSequence JMS_CONSUME =
+      UTF8BytesString.create(
+          SpanNaming.instance().namingSchema().messaging().inboundOperation(JMS.toString()));
+  public static final CharSequence JMS_PRODUCE =
+      UTF8BytesString.create(
+          SpanNaming.instance().namingSchema().messaging().outboundOperation(JMS.toString()));
+  public static final CharSequence JMS_DELIVER = UTF8BytesString.create("jms.deliver");
+
+  public static final boolean JMS_LEGACY_TRACING = Config.get().isLegacyTracingEnabled(true, "jms");
+
+  public static final boolean TIME_IN_QUEUE_ENABLED =
+      Config.get().isTimeInQueueEnabled(!JMS_LEGACY_TRACING, "jms");
+  public static final String JMS_PRODUCED_KEY = "x_datadog_jms_produced";
+  public static final String JMS_BATCH_ID_KEY = "x_datadog_jms_batch_id";
+
+  private static final Join QUEUE_JOINER = PrefixJoin.of("Queue ");
+  private static final Join TOPIC_JOINER = PrefixJoin.of("Topic ");
+
+  private final DDCache<CharSequence, CharSequence> resourceNameCache =
+      DDCaches.newFixedSizeCache(32);
+
+  private final String resourcePrefix;
+
+  private final UTF8BytesString queueTempResourceName;
+  private final UTF8BytesString topicTempResourceName;
+
+  private final Function<CharSequence, CharSequence> queueResourceJoiner;
+  private final Function<CharSequence, CharSequence> topicResourceJoiner;
+
+  private final String spanKind;
+  private final CharSequence spanType;
+  private final String serviceName;
+
+  public static final JMSDecorator PRODUCER_DECORATE =
+      new JMSDecorator(
+          "Produced for ",
+          Tags.SPAN_KIND_PRODUCER,
+          InternalSpanTypes.MESSAGE_PRODUCER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .outboundService(JMS.toString(), JMS_LEGACY_TRACING));
+
+  public static final JMSDecorator CONSUMER_DECORATE =
+      new JMSDecorator(
+          "Consumed from ",
+          Tags.SPAN_KIND_CONSUMER,
+          InternalSpanTypes.MESSAGE_CONSUMER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService(JMS.toString(), JMS_LEGACY_TRACING));
+  public static final JMSDecorator BROKER_DECORATE =
+      new JMSDecorator(
+          "",
+          Tags.SPAN_KIND_BROKER,
+          InternalSpanTypes.MESSAGE_BROKER,
+          SpanNaming.instance().namingSchema().messaging().timeInQueueService(JMS.toString()));
+
+  public JMSDecorator(
+      String resourcePrefix, String spanKind, CharSequence spanType, String serviceName) {
+    this.resourcePrefix = resourcePrefix;
+
+    this.queueTempResourceName = UTF8BytesString.create(resourcePrefix + "Temporary Queue");
+    this.topicTempResourceName = UTF8BytesString.create(resourcePrefix + "Temporary Topic");
+
+    this.queueResourceJoiner = QUEUE_JOINER.curry(resourcePrefix);
+    this.topicResourceJoiner = TOPIC_JOINER.curry(resourcePrefix);
+
+    this.spanKind = spanKind;
+    this.spanType = spanType;
+    this.serviceName = serviceName;
+  }
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"jakarta-jms"};
+  }
+
+  @Override
+  protected CharSequence spanType() {
+    return spanType;
+  }
+
+  @Override
+  protected String service() {
+    return serviceName;
+  }
+
+  @Override
+  protected CharSequence component() {
+    return JMS;
+  }
+
+  @Override
+  protected String spanKind() {
+    return spanKind;
+  }
+
+  public void onConsume(AgentSpan span, Message message, CharSequence resourceName) {
+    if (null != resourceName) {
+      span.setResourceName(resourceName);
+    }
+
+    try {
+      final long produceTime = message.getJMSTimestamp();
+      if (produceTime > 0) {
+        final long consumeTime = TimeUnit.NANOSECONDS.toMillis(span.getStartTime());
+        span.setTag(RECORD_QUEUE_TIME_MS, Math.max(0L, consumeTime - produceTime));
+      }
+    } catch (Exception e) {
+      log.debug("Unable to get jms timestamp", e);
+    }
+  }
+
+  public void onProduce(AgentSpan span, CharSequence resourceName) {
+    if (null != resourceName) {
+      span.setResourceName(resourceName);
+    }
+  }
+
+  public static boolean canInject(Message message) {
+    // JMS->SQS already stores the trace context in 'X-Amzn-Trace-Id' / 'AWSTraceHeader',
+    // so skip storing same context again to avoid SQS limit of 10 attributes per message.
+    return !message.getClass().getName().startsWith("com.amazon.sqs.javamessaging");
+  }
+
+  public void onTimeInQueue(AgentSpan span, CharSequence resourceName, String serviceName) {
+    if (null != resourceName) {
+      span.setResourceName(resourceName);
+    }
+    if (null != serviceName) {
+      span.setServiceName(serviceName);
+    }
+  }
+
+  private static final String TIBCO_TMP_PREFIX = "$TMP$";
+
+  public CharSequence toResourceName(String destinationName, boolean isQueue) {
+    if (null == destinationName) {
+      return isQueue ? queueTempResourceName : topicTempResourceName;
+    }
+    Function<CharSequence, CharSequence> joiner =
+        isQueue ? queueResourceJoiner : topicResourceJoiner;
+    // some systems may have queues and topics with the same name - since we won't know which was
+    // cached first we check the character after the initial prefix to see if it's Q (for Queue) -
+    // if that's what we expect we can use the cached value, otherwise generate the correct name
+    CharSequence resourceName = resourceNameCache.computeIfAbsent(destinationName, joiner);
+    if ((resourceName.charAt(resourcePrefix.length()) == 'Q') == isQueue) {
+      return resourceName;
+    }
+    return joiner.apply(destinationName);
+  }
+
+  public String getDestinationName(Destination destination) {
+    String name = null;
+    try {
+      if (destination instanceof Queue) {
+        // WebLogic mixes all JMS Destination interfaces in a single base type which means we can't
+        // rely on instanceof and have to instead check the result of getQueueName vs getTopicName
+        if (!(destination instanceof TemporaryQueue) || isWebLogicDestination(destination)) {
+          name = ((Queue) destination).getQueueName();
+        }
+      }
+      // check Topic name if Queue name is null because this might be a WebLogic destination
+      if (null == name && destination instanceof Topic) {
+        if (!(destination instanceof TemporaryTopic) || isWebLogicDestination(destination)) {
+          name = ((Topic) destination).getTopicName();
+        }
+      }
+    } catch (Exception e) {
+      log.debug("Unable to get jms destination name", e);
+    }
+    return null != name && !name.startsWith(TIBCO_TMP_PREFIX) ? name : null;
+  }
+
+  public boolean isQueue(Destination destination) {
+    try {
+      // handle WebLogic by treating everything as a Queue unless it's a Topic with a name
+      return !(destination instanceof Topic) || null == ((Topic) destination).getTopicName();
+    } catch (Exception e) {
+      return true; // assume it's a Queue if we can't check the details
+    }
+  }
+
+  private static boolean isWebLogicDestination(Destination destination) {
+    return destination.getClass().getName().startsWith("weblogic.jms.common.");
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSMessageConsumerInstrumentation.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSMessageConsumerInstrumentation.java
new file mode 100644
index 00000000000..a26cf776c6a
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSMessageConsumerInstrumentation.java
@@ -0,0 +1,218 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.hasInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateNext;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.closePrevious;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.BROKER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.CONSUMER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_CONSUME;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_DELIVER;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.TIME_IN_QUEUE_ENABLED;
+import static datadog.trace.instrumentation.jakarta.jms.MessageExtractAdapter.GETTER;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.jms.MessageConsumerState;
+import datadog.trace.bootstrap.instrumentation.jms.SessionState;
+import jakarta.jms.Message;
+import jakarta.jms.MessageConsumer;
+import jakarta.jms.MessageListener;
+import java.util.HashMap;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public final class JMSMessageConsumerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+
+  public JMSMessageConsumerInstrumentation() {
+    super("jakarta-jms");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "jakarta.jms.MessageConsumer";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".JMSDecorator",
+      packageName + ".MessageExtractAdapter",
+      packageName + ".MessageExtractAdapter$1",
+      packageName + ".DatadogMessageListener"
+    };
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStore = new HashMap<>(4);
+    contextStore.put("jakarta.jms.MessageConsumer", MessageConsumerState.class.getName());
+    contextStore.put("jakarta.jms.Message", SessionState.class.getName());
+    return contextStore;
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("receive").and(takesArguments(0).or(takesArguments(1))).and(isPublic()),
+        JMSMessageConsumerInstrumentation.class.getName() + "$ConsumerAdvice");
+    transformation.applyAdvice(
+        named("receiveNoWait").and(takesArguments(0)).and(isPublic()),
+        JMSMessageConsumerInstrumentation.class.getName() + "$ConsumerAdvice");
+    transformation.applyAdvice(
+        named("close").and(takesArguments(0)).and(isPublic()),
+        JMSMessageConsumerInstrumentation.class.getName() + "$Close");
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("setMessageListener"))
+            .and(takesArgument(0, hasInterface(named("jakarta.jms.MessageListener")))),
+        getClass().getName() + "$DecorateMessageListener");
+  }
+
+  public static class ConsumerAdvice {
+
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static MessageConsumerState beforeReceive(@Advice.This final MessageConsumer consumer) {
+      MessageConsumerState consumerState =
+          InstrumentationContext.get(MessageConsumer.class, MessageConsumerState.class)
+              .get(consumer);
+
+      // ignore consumers who aren't bound to a tracked session via consumerState
+      if (null == consumerState) {
+        return null;
+      }
+
+      boolean finishSpan = consumerState.getSessionState().isAutoAcknowledge();
+      closePrevious(finishSpan);
+      if (finishSpan) {
+        consumerState.finishTimeInQueueSpan(false);
+      }
+
+      // don't create spans for nested receive calls, even if different consumers are involved
+      final int callDepth = CallDepthThreadLocalMap.incrementCallDepth(MessageConsumer.class);
+      if (callDepth > 0) {
+        return null;
+      }
+
+      return consumerState;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void afterReceive(
+        @Advice.Enter final MessageConsumerState consumerState,
+        @Advice.This final MessageConsumer consumer,
+        @Advice.Return final Message message,
+        @Advice.Thrown final Throwable throwable) {
+
+      if (consumerState == null) {
+        // either we're not tracking the consumer or this is a nested receive
+        return;
+      }
+
+      // outermost receive call - make sure we reset call-depth before returning
+      CallDepthThreadLocalMap.reset(MessageConsumer.class);
+
+      if (message == null) {
+        // don't create spans (traces) for each poll if the queue is empty
+        return;
+      }
+
+      AgentSpan span;
+      AgentSpan.Context propagatedContext = null;
+      if (!consumerState.isPropagationDisabled()) {
+        propagatedContext = propagate().extract(message, GETTER);
+      }
+      long startMillis = GETTER.extractTimeInQueueStart(message);
+      if (startMillis == 0 || !TIME_IN_QUEUE_ENABLED) {
+        span = startSpan(JMS_CONSUME, propagatedContext);
+      } else {
+        long batchId = GETTER.extractMessageBatchId(message);
+        AgentSpan timeInQueue = consumerState.getTimeInQueueSpan(batchId);
+        if (null == timeInQueue) {
+          timeInQueue =
+              startSpan(JMS_DELIVER, propagatedContext, MILLISECONDS.toMicros(startMillis));
+          BROKER_DECORATE.afterStart(timeInQueue);
+          BROKER_DECORATE.onTimeInQueue(
+              timeInQueue,
+              consumerState.getBrokerResourceName(),
+              consumerState.getBrokerServiceName());
+          consumerState.setTimeInQueueSpan(batchId, timeInQueue);
+        }
+        span = startSpan(JMS_CONSUME, timeInQueue.context());
+      }
+
+      CONSUMER_DECORATE.afterStart(span);
+      CONSUMER_DECORATE.onConsume(span, message, consumerState.getConsumerResourceName());
+      CONSUMER_DECORATE.onError(span, throwable);
+
+      activateNext(span); // scope is left open until next message or it times out
+
+      SessionState sessionState = consumerState.getSessionState();
+      if (sessionState.isClientAcknowledge()) {
+        // consumed spans will be finished by a call to Message.acknowledge
+        sessionState.finishOnAcknowledge(span);
+        InstrumentationContext.get(Message.class, SessionState.class).put(message, sessionState);
+      } else if (sessionState.isTransactedSession()) {
+        // span will be finished by Session.commit/rollback/close
+        sessionState.finishOnCommit(span);
+      }
+      // for AUTO_ACKNOWLEDGE, span is not finished until next call to receive, or close
+    }
+  }
+
+  public static class Close {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void beforeClose(@Advice.This final MessageConsumer consumer) {
+      MessageConsumerState consumerState =
+          InstrumentationContext.get(MessageConsumer.class, MessageConsumerState.class)
+              .get(consumer);
+      if (null != consumerState) {
+        boolean finishSpan = consumerState.getSessionState().isAutoAcknowledge();
+        closePrevious(finishSpan);
+        if (finishSpan) {
+          consumerState.finishTimeInQueueSpan(true);
+        }
+      }
+    }
+  }
+
+  public static class DecorateMessageListener {
+    @Advice.OnMethodEnter
+    public static void setMessageListener(
+        @Advice.This MessageConsumer messageConsumer,
+        @Advice.Argument(value = 0, readOnly = false) MessageListener listener) {
+      if (null != listener && !(listener instanceof DatadogMessageListener)) {
+        MessageConsumerState consumerState =
+            InstrumentationContext.get(MessageConsumer.class, MessageConsumerState.class)
+                .get(messageConsumer);
+        if (null != consumerState) {
+          listener =
+              new DatadogMessageListener(
+                  InstrumentationContext.get(Message.class, SessionState.class),
+                  consumerState,
+                  listener);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSMessageProducerInstrumentation.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSMessageProducerInstrumentation.java
new file mode 100644
index 00000000000..3f6b0999f6a
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/JMSMessageProducerInstrumentation.java
@@ -0,0 +1,183 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_PRODUCE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.PRODUCER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.TIME_IN_QUEUE_ENABLED;
+import static datadog.trace.instrumentation.jakarta.jms.MessageInjectAdapter.SETTER;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.Config;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.jms.MessageProducerState;
+import jakarta.jms.Destination;
+import jakarta.jms.Message;
+import jakarta.jms.MessageProducer;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public final class JMSMessageProducerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+
+  public JMSMessageProducerInstrumentation() {
+    super("jakarta-jms");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "jakarta.jms.MessageProducer";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {packageName + ".JMSDecorator", packageName + ".MessageInjectAdapter"};
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("jakarta.jms.MessageProducer", MessageProducerState.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("send").and(takesArgument(0, named("jakarta.jms.Message"))).and(isPublic()),
+        JMSMessageProducerInstrumentation.class.getName() + "$ProducerAdvice");
+    transformation.applyAdvice(
+        named("send")
+            .and(takesArgument(0, named("jakarta.jms.Destination")))
+            .and(takesArgument(1, named("jakarta.jms.Message")))
+            .and(isPublic()),
+        JMSMessageProducerInstrumentation.class.getName() + "$ProducerWithDestinationAdvice");
+  }
+
+  public static class ProducerAdvice {
+
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope beforeSend(
+        @Advice.Argument(0) final Message message, @Advice.This final MessageProducer producer) {
+      final int callDepth = CallDepthThreadLocalMap.incrementCallDepth(MessageProducer.class);
+      if (callDepth > 0) {
+        return null;
+      }
+
+      MessageProducerState producerState =
+          InstrumentationContext.get(MessageProducer.class, MessageProducerState.class)
+              .get(producer);
+
+      CharSequence resourceName;
+
+      if (null != producerState) {
+        resourceName = producerState.getResourceName();
+      } else {
+        try {
+          // fall-back when producer wasn't created via standard Session.createProducer API
+          Destination destination = producer.getDestination();
+          boolean isQueue = PRODUCER_DECORATE.isQueue(destination);
+          String destinationName = PRODUCER_DECORATE.getDestinationName(destination);
+          resourceName = PRODUCER_DECORATE.toResourceName(destinationName, isQueue);
+        } catch (Exception ignored) {
+          resourceName = "Unknown Destination";
+        }
+      }
+
+      final AgentSpan span = startSpan(JMS_PRODUCE);
+      PRODUCER_DECORATE.afterStart(span);
+      PRODUCER_DECORATE.onProduce(span, resourceName);
+      if (JMSDecorator.canInject(message)) {
+        if (Config.get().isJmsPropagationEnabled()
+            && (null == producerState || !producerState.isPropagationDisabled())) {
+          propagate().inject(span, message, SETTER);
+        }
+        if (TIME_IN_QUEUE_ENABLED) {
+          if (null != producerState) {
+            SETTER.injectTimeInQueue(message, producerState);
+          }
+        }
+      }
+      return activateSpan(span);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void afterSend(
+        @Advice.Enter final AgentScope scope, @Advice.Thrown final Throwable throwable) {
+      if (scope == null) {
+        return;
+      }
+      PRODUCER_DECORATE.onError(scope, throwable);
+      PRODUCER_DECORATE.beforeFinish(scope);
+      scope.close();
+      scope.span().finish();
+      CallDepthThreadLocalMap.reset(MessageProducer.class);
+    }
+  }
+
+  public static class ProducerWithDestinationAdvice {
+
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope beforeSend(
+        @Advice.Argument(0) final Destination destination,
+        @Advice.Argument(1) final Message message,
+        @Advice.This final MessageProducer producer) {
+      final int callDepth = CallDepthThreadLocalMap.incrementCallDepth(MessageProducer.class);
+      if (callDepth > 0) {
+        return null;
+      }
+
+      boolean isQueue = PRODUCER_DECORATE.isQueue(destination);
+      String destinationName = PRODUCER_DECORATE.getDestinationName(destination);
+      CharSequence resourceName = PRODUCER_DECORATE.toResourceName(destinationName, isQueue);
+
+      final AgentSpan span = startSpan(JMS_PRODUCE);
+      PRODUCER_DECORATE.afterStart(span);
+      PRODUCER_DECORATE.onProduce(span, resourceName);
+      if (JMSDecorator.canInject(message)) {
+        if (Config.get().isJmsPropagationEnabled()
+            && !Config.get().isJmsPropagationDisabledForDestination(destinationName)) {
+          propagate().inject(span, message, SETTER);
+        }
+        if (TIME_IN_QUEUE_ENABLED) {
+          MessageProducerState producerState =
+              InstrumentationContext.get(MessageProducer.class, MessageProducerState.class)
+                  .get(producer);
+          if (null != producerState) {
+            SETTER.injectTimeInQueue(message, producerState);
+          }
+        }
+      }
+      return activateSpan(span);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void afterSend(
+        @Advice.Enter final AgentScope scope, @Advice.Thrown final Throwable throwable) {
+      if (scope == null) {
+        return;
+      }
+      PRODUCER_DECORATE.onError(scope, throwable);
+      PRODUCER_DECORATE.beforeFinish(scope);
+      scope.close();
+      scope.span().finish();
+      CallDepthThreadLocalMap.reset(MessageProducer.class);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageExtractAdapter.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageExtractAdapter.java
new file mode 100644
index 00000000000..456ad0a063b
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageExtractAdapter.java
@@ -0,0 +1,73 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_BATCH_ID_KEY;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_PRODUCED_KEY;
+
+import datadog.trace.api.cache.DDCache;
+import datadog.trace.api.cache.DDCaches;
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import de.thetaphi.forbiddenapis.SuppressForbidden;
+import jakarta.jms.JMSException;
+import jakarta.jms.Message;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.function.Function;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class MessageExtractAdapter implements AgentPropagation.ContextVisitor<Message> {
+  private static final Logger log = LoggerFactory.getLogger(MessageExtractAdapter.class);
+  private static final Function<String, String> KEY_MAPPER =
+      new Function<String, String>() {
+        @SuppressForbidden
+        @Override
+        public String apply(String key) {
+          return key.replace("__dash__", "-").replace('$', '-').toLowerCase(Locale.ROOT);
+        }
+      };
+
+  private final DDCache<String, String> cache = DDCaches.newFixedSizeCache(32);
+
+  public static final MessageExtractAdapter GETTER = new MessageExtractAdapter();
+
+  @Override
+  public void forEachKey(Message carrier, AgentPropagation.KeyClassifier classifier) {
+    try {
+      final Enumeration<?> enumeration = carrier.getPropertyNames();
+      if (null != enumeration) {
+        while (enumeration.hasMoreElements()) {
+          String key = ((String) enumeration.nextElement());
+          String lowerCaseKey = cache.computeIfAbsent(key, KEY_MAPPER);
+          Object value = carrier.getObjectProperty(key);
+          if (value instanceof String && !classifier.accept(lowerCaseKey, (String) value)) {
+            return;
+          }
+        }
+      }
+    } catch (JMSException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public long extractTimeInQueueStart(final Message carrier) {
+    try {
+      if (carrier.propertyExists(JMS_PRODUCED_KEY)) {
+        return carrier.getLongProperty(JMS_PRODUCED_KEY);
+      }
+    } catch (Exception e) {
+      log.debug("Unable to get jms produced time", e);
+    }
+    return 0;
+  }
+
+  public long extractMessageBatchId(final Message carrier) {
+    try {
+      if (carrier.propertyExists(JMS_BATCH_ID_KEY)) {
+        return carrier.getLongProperty(JMS_BATCH_ID_KEY);
+      }
+    } catch (Exception e) {
+      log.debug("Unable to get jms batch id", e);
+    }
+    return 0;
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageInjectAdapter.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageInjectAdapter.java
new file mode 100644
index 00000000000..b5c3b5800c0
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageInjectAdapter.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_BATCH_ID_KEY;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_PRODUCED_KEY;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.jms.MessageBatchState;
+import datadog.trace.bootstrap.instrumentation.jms.MessageProducerState;
+import de.thetaphi.forbiddenapis.SuppressForbidden;
+import jakarta.jms.Message;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MessageInjectAdapter implements AgentPropagation.Setter<Message> {
+  private static final Logger log = LoggerFactory.getLogger(MessageInjectAdapter.class);
+
+  public static final MessageInjectAdapter SETTER = new MessageInjectAdapter();
+
+  @SuppressForbidden
+  @Override
+  public void set(final Message carrier, final String key, final String value) {
+    final String propName = key.replace("-", "__dash__");
+    try {
+      carrier.setStringProperty(propName, value);
+    } catch (Exception e) {
+      log.debug("Failure setting jms property: {}", propName, e);
+    }
+  }
+
+  public void injectTimeInQueue(final Message carrier, final MessageProducerState producerState) {
+    try {
+      if (producerState.getSessionState().isTransactedSession()) {
+        MessageBatchState batchState = producerState.currentBatchState();
+        carrier.setLongProperty(JMS_BATCH_ID_KEY, batchState.getBatchId());
+        carrier.setLongProperty(JMS_PRODUCED_KEY, batchState.getStartMillis());
+      } else {
+        carrier.setLongProperty(JMS_PRODUCED_KEY, System.currentTimeMillis());
+      }
+    } catch (Exception e) {
+      log.debug("Failure setting jms batch details", e);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageInstrumentation.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageInstrumentation.java
new file mode 100644
index 00000000000..677f6160ca1
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/MessageInstrumentation.java
@@ -0,0 +1,60 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.nameStartsWith;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jms.SessionState;
+import jakarta.jms.Message;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class MessageInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+  public MessageInstrumentation() {
+    super("jakarta-jms");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "jakarta.jms.Message";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("jakarta.jms.Message", SessionState.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        nameStartsWith("acknowledge").and(isMethod()).and(isPublic()).and(takesNoArguments()),
+        getClass().getName() + "$Acknowledge");
+  }
+
+  public static final class Acknowledge {
+    @Advice.OnMethodExit
+    public static void acknowledge(@Advice.This Message message) {
+      SessionState sessionState =
+          InstrumentationContext.get(Message.class, SessionState.class).get(message);
+      if (null != sessionState && sessionState.isClientAcknowledge()) {
+        sessionState.onAcknowledgeOrRecover();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/SessionInstrumentation.java b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/SessionInstrumentation.java
new file mode 100644
index 00000000000..7479cd7c6cb
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/main/java/datadog/trace/instrumentation/jakarta/jms/SessionInstrumentation.java
@@ -0,0 +1,232 @@
+package datadog.trace.instrumentation.jakarta.jms;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.BROKER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.CONSUMER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.JMS_LEGACY_TRACING;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.PRODUCER_DECORATE;
+import static datadog.trace.instrumentation.jakarta.jms.JMSDecorator.TIME_IN_QUEUE_ENABLED;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.Config;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jms.MessageConsumerState;
+import datadog.trace.bootstrap.instrumentation.jms.MessageProducerState;
+import datadog.trace.bootstrap.instrumentation.jms.SessionState;
+import jakarta.jms.Destination;
+import jakarta.jms.MessageConsumer;
+import jakarta.jms.MessageProducer;
+import jakarta.jms.Session;
+import java.util.HashMap;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class SessionInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+  public SessionInstrumentation() {
+    super("jakarta-jms");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "jakarta.jms.Session";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {packageName + ".JMSDecorator"};
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStore = new HashMap<>(4);
+    contextStore.put("jakarta.jms.MessageConsumer", MessageConsumerState.class.getName());
+    contextStore.put("jakarta.jms.MessageProducer", MessageProducerState.class.getName());
+    contextStore.put("jakarta.jms.Session", SessionState.class.getName());
+    return contextStore;
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("createProducer"))
+            .and(isPublic())
+            .and(takesArgument(0, named("jakarta.jms.Destination"))),
+        getClass().getName() + "$CreateProducer");
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("createSender"))
+            .and(isPublic())
+            .and(takesArgument(0, named("jakarta.jms.Queue"))),
+        getClass().getName() + "$CreateProducer");
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("createPublisher"))
+            .and(isPublic())
+            .and(takesArgument(0, named("jakarta.jms.Topic"))),
+        getClass().getName() + "$CreateProducer");
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("createConsumer"))
+            .and(isPublic())
+            .and(takesArgument(0, named("jakarta.jms.Destination"))),
+        getClass().getName() + "$CreateConsumer");
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("createReceiver"))
+            .and(isPublic())
+            .and(takesArgument(0, named("jakarta.jms.Queue"))),
+        getClass().getName() + "$CreateConsumer");
+    transformation.applyAdvice(
+        isMethod()
+            .and(namedOneOf("createSubscriber", "createDurableSubscriber"))
+            .and(isPublic())
+            .and(takesArgument(0, named("jakarta.jms.Topic"))),
+        getClass().getName() + "$CreateConsumer");
+
+    transformation.applyAdvice(
+        namedOneOf("recover").and(takesNoArguments()), getClass().getName() + "$Recover");
+    transformation.applyAdvice(
+        namedOneOf("commit", "rollback").and(takesNoArguments()), getClass().getName() + "$Commit");
+    transformation.applyAdvice(
+        named("close").and(takesNoArguments()), getClass().getName() + "$Close");
+  }
+
+  public static final class CreateProducer {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void bindProducerState(
+        @Advice.This Session session,
+        @Advice.Argument(0) Destination destination,
+        @Advice.Return MessageProducer producer) {
+
+      ContextStore<MessageProducer, MessageProducerState> producerStateStore =
+          InstrumentationContext.get(MessageProducer.class, MessageProducerState.class);
+
+      // avoid doing the same thing more than once when there is delegation to overloads
+      if (producerStateStore.get(producer) == null) {
+        ContextStore<Session, SessionState> sessionStateStore =
+            InstrumentationContext.get(Session.class, SessionState.class);
+
+        SessionState sessionState = sessionStateStore.get(session);
+        if (null == sessionState) {
+          int ackMode;
+          try {
+            ackMode = session.getAcknowledgeMode();
+          } catch (Exception ignored) {
+            ackMode = Session.AUTO_ACKNOWLEDGE;
+          }
+          sessionState =
+              sessionStateStore.putIfAbsent(
+                  session, new SessionState(ackMode, TIME_IN_QUEUE_ENABLED));
+        }
+
+        boolean isQueue = PRODUCER_DECORATE.isQueue(destination);
+        String destinationName = PRODUCER_DECORATE.getDestinationName(destination);
+        CharSequence resourceName = PRODUCER_DECORATE.toResourceName(destinationName, isQueue);
+
+        boolean propagationDisabled =
+            Config.get().isJmsPropagationDisabledForDestination(destinationName);
+
+        producerStateStore.put(
+            producer, new MessageProducerState(sessionState, resourceName, propagationDisabled));
+      }
+    }
+  }
+
+  public static final class CreateConsumer {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void bindConsumerState(
+        @Advice.This Session session,
+        @Advice.Argument(0) Destination destination,
+        @Advice.Return MessageConsumer consumer) {
+
+      ContextStore<MessageConsumer, MessageConsumerState> consumerStateStore =
+          InstrumentationContext.get(MessageConsumer.class, MessageConsumerState.class);
+
+      // avoid doing the same thing more than once when there is delegation to overloads
+      if (consumerStateStore.get(consumer) == null) {
+        ContextStore<Session, SessionState> sessionStateStore =
+            InstrumentationContext.get(Session.class, SessionState.class);
+
+        SessionState sessionState = sessionStateStore.get(session);
+        if (null == sessionState) {
+          int ackMode;
+          try {
+            ackMode = session.getAcknowledgeMode();
+          } catch (Exception ignored) {
+            ackMode = Session.AUTO_ACKNOWLEDGE;
+          }
+          sessionState =
+              sessionStateStore.putIfAbsent(
+                  session, new SessionState(ackMode, TIME_IN_QUEUE_ENABLED));
+        }
+
+        boolean isQueue = CONSUMER_DECORATE.isQueue(destination);
+        String destinationName = CONSUMER_DECORATE.getDestinationName(destination);
+        CharSequence brokerResourceName =
+            JMS_LEGACY_TRACING ? "jms" : BROKER_DECORATE.toResourceName(destinationName, isQueue);
+        CharSequence consumerResourceName =
+            CONSUMER_DECORATE.toResourceName(destinationName, isQueue);
+
+        boolean propagationDisabled =
+            Config.get().isJmsPropagationDisabledForDestination(destinationName);
+
+        consumerStateStore.put(
+            consumer,
+            new MessageConsumerState(
+                sessionState, brokerResourceName, consumerResourceName, propagationDisabled));
+      }
+    }
+  }
+
+  public static final class Recover {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void recover(@Advice.This Session session) {
+      SessionState sessionState =
+          InstrumentationContext.get(Session.class, SessionState.class).get(session);
+      if (null != sessionState && sessionState.isClientAcknowledge()) {
+        sessionState.onAcknowledgeOrRecover();
+      }
+    }
+  }
+
+  public static final class Commit {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void commit(@Advice.This Session session) {
+      SessionState sessionState =
+          InstrumentationContext.get(Session.class, SessionState.class).get(session);
+      if (null != sessionState && sessionState.isTransactedSession()) {
+        sessionState.onCommitOrRollback();
+      }
+    }
+  }
+
+  public static final class Close {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void close(@Advice.This Session session) {
+      SessionState sessionState =
+          InstrumentationContext.get(Session.class, SessionState.class).get(session);
+      if (null != sessionState) {
+        sessionState.onClose();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/JMS2Test.groovy b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/JMS2Test.groovy
new file mode 100644
index 00000000000..ba6b9c76704
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/JMS2Test.groovy
@@ -0,0 +1,257 @@
+import com.google.common.io.Files
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.agent.test.asserts.ListWriterAssert
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.bootstrap.instrumentation.api.InstrumentationTags
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.DDSpan
+import org.hornetq.api.core.TransportConfiguration
+import org.hornetq.api.core.client.HornetQClient
+import org.hornetq.api.jms.HornetQJMSClient
+import org.hornetq.api.jms.JMSFactoryType
+import org.hornetq.core.config.Configuration
+import org.hornetq.core.config.CoreQueueConfiguration
+import org.hornetq.core.config.impl.ConfigurationImpl
+import org.hornetq.core.remoting.impl.invm.InVMAcceptorFactory
+import org.hornetq.core.remoting.impl.invm.InVMConnectorFactory
+import org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory
+import org.hornetq.core.server.HornetQServer
+import org.hornetq.core.server.HornetQServers
+import spock.lang.Shared
+
+import jakarta.jms.Message
+import jakarta.jms.MessageListener
+import jakarta.jms.Session
+import jakarta.jms.TextMessage
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.atomic.AtomicReference
+
+class JMS2Test extends AgentTestRunner {
+  @Shared
+  HornetQServer server
+  @Shared
+  String messageText = "a message"
+  @Shared
+  Session session
+
+  TextMessage message = session.createTextMessage(messageText)
+
+  def setupSpec() {
+    def tempDir = Files.createTempDir()
+    tempDir.deleteOnExit()
+
+    Configuration config = new ConfigurationImpl()
+    config.bindingsDirectory = tempDir.path
+    config.journalDirectory = tempDir.path
+    config.createBindingsDir = false
+    config.createJournalDir = false
+    config.securityEnabled = false
+    config.persistenceEnabled = false
+    config.setQueueConfigurations([new CoreQueueConfiguration("someQueue", "someQueue", null, true)])
+    config.setAcceptorConfigurations([
+      new TransportConfiguration(NettyAcceptorFactory.name),
+      new TransportConfiguration(InVMAcceptorFactory.name)
+    ].toSet())
+
+    server = HornetQServers.newHornetQServer(config)
+    server.start()
+
+    def serverLocator = HornetQClient.createServerLocatorWithoutHA(new TransportConfiguration(InVMConnectorFactory.name))
+    def sf = serverLocator.createSessionFactory()
+    def clientSession = sf.createSession(false, false, false)
+    clientSession.createQueue("jms.queue.someQueue", "jms.queue.someQueue", true)
+    clientSession.createQueue("jms.topic.someTopic", "jms.topic.someTopic", true)
+    clientSession.close()
+    sf.close()
+    serverLocator.close()
+
+    def connectionFactory = HornetQJMSClient.createConnectionFactoryWithoutHA(JMSFactoryType.CF,
+      new TransportConfiguration(InVMConnectorFactory.name))
+
+    def connection = connectionFactory.createConnection()
+    connection.start()
+    session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE)
+    session.run()
+  }
+
+  def cleanupSpec() {
+    server.stop()
+  }
+
+  def "sending a message to #jmsResourceName generates spans"() {
+    setup:
+    def producer = session.createProducer(destination)
+    def consumer = session.createConsumer(destination)
+
+    producer.send(message)
+
+    Message receivedMessage = consumer.receive()
+    // required to finish auto-acknowledged spans
+    consumer.receiveNoWait()
+
+    expect:
+    receivedMessage.text == messageText
+    assertTraces(2) {
+      producerTrace(it, jmsResourceName)
+      consumerTrace(it, jmsResourceName, trace(0)[0])
+    }
+
+    cleanup:
+    producer.close()
+    consumer.close()
+
+    where:
+    destination                      | jmsResourceName
+    session.createQueue("someQueue") | "Queue someQueue"
+    session.createTopic("someTopic") | "Topic someTopic"
+    session.createTemporaryQueue()   | "Temporary Queue"
+    session.createTemporaryTopic()   | "Temporary Topic"
+  }
+
+  def "sending to a MessageListener on #jmsResourceName generates a span"() {
+    setup:
+    def lock = new CountDownLatch(1)
+    def messageRef = new AtomicReference<Message>()
+    def producer = session.createProducer(destination)
+    def consumer = session.createConsumer(destination)
+    consumer.setMessageListener new MessageListener() {
+        @Override
+        void onMessage(Message message) {
+          lock.await() // ensure the producer trace is reported first.
+          messageRef.set(message)
+        }
+      }
+
+    producer.send(message)
+    lock.countDown()
+
+    expect:
+    assertTraces(2) {
+      producerTrace(it, jmsResourceName)
+      consumerTrace(it, jmsResourceName, trace(0)[0])
+    }
+    // This check needs to go after all traces have been accounted for
+    messageRef.get().text == messageText
+
+    cleanup:
+    producer.close()
+    consumer.close()
+
+    where:
+    destination                      | jmsResourceName
+    session.createQueue("someQueue") | "Queue someQueue"
+    session.createTopic("someTopic") | "Topic someTopic"
+    session.createTemporaryQueue()   | "Temporary Queue"
+    session.createTemporaryTopic()   | "Temporary Topic"
+  }
+
+  def "failing to receive message with receiveNoWait on #jmsResourceName works"() {
+    setup:
+    def consumer = session.createConsumer(destination)
+
+    // Receive with timeout
+    Message receivedMessage = consumer.receiveNoWait()
+    // required to finish auto-acknowledged spans
+    consumer.receiveNoWait()
+
+    expect:
+    receivedMessage == null
+    assertTraces(0) {}
+
+    cleanup:
+    consumer.close()
+
+    where:
+    destination                      | jmsResourceName
+    session.createQueue("someQueue") | "Queue someQueue"
+    session.createTopic("someTopic") | "Topic someTopic"
+  }
+
+  def "failing to receive message with wait(timeout) on #jmsResourceName works"() {
+    setup:
+    def consumer = session.createConsumer(destination)
+
+    // Receive with timeout
+    Message receivedMessage = consumer.receive(1)
+    // required to finish auto-acknowledged spans
+    consumer.receiveNoWait()
+
+    expect:
+    receivedMessage == null
+    assertTraces(0) {}
+
+    cleanup:
+    consumer.close()
+
+    where:
+    destination                      | jmsResourceName
+    session.createQueue("someQueue") | "Queue someQueue"
+    session.createTopic("someTopic") | "Topic someTopic"
+  }
+
+  def "sending a message with disabled timestamp generates spans without specific tag"() {
+    setup:
+    def producer = session.createProducer(session.createQueue("someQueue"))
+    def consumer = session.createConsumer(session.createQueue("someQueue"))
+
+    producer.setDisableMessageTimestamp(true)
+    boolean isTimeStampDisabled = producer.getDisableMessageTimestamp()
+    producer.send(message)
+
+    consumer.receive()
+    // required to finish auto-acknowledged spans
+    consumer.receiveNoWait()
+
+    expect:
+    assertTraces(2) {
+      producerTrace(it, "Queue someQueue")
+      consumerTrace(it, "Queue someQueue", trace(0)[0], isTimeStampDisabled)
+    }
+
+    cleanup:
+    producer.close()
+    consumer.close()
+
+  }
+
+  static producerTrace(ListWriterAssert writer, String jmsResourceName) {
+    writer.trace(1) {
+      span {
+        parent()
+        serviceName "jms"
+        operationName "jms.produce"
+        resourceName "Produced for $jmsResourceName"
+        spanType DDSpanTypes.MESSAGE_PRODUCER
+        errored false
+
+        tags {
+          "$Tags.COMPONENT" "jms"
+          "$Tags.SPAN_KIND" Tags.SPAN_KIND_PRODUCER
+          defaultTagsNoPeerService()
+        }
+      }
+    }
+  }
+
+  static consumerTrace(ListWriterAssert writer, String jmsResourceName, DDSpan parentSpan, boolean isTimestampDisabled = false) {
+    writer.trace(1) {
+      span {
+        childOf parentSpan
+        serviceName "jms"
+        operationName "jms.consume"
+        resourceName "Consumed from $jmsResourceName"
+        spanType DDSpanTypes.MESSAGE_CONSUMER
+        errored false
+
+        tags {
+          "${Tags.COMPONENT}" "jms"
+          "${Tags.SPAN_KIND}" "consumer"
+          if (!isTimestampDisabled) {
+            "$InstrumentationTags.RECORD_QUEUE_TIME_MS" {it >= 0 }
+          }
+          defaultTagsNoPeerService(true)
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/SpringListenerJMS2Test.groovy b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/SpringListenerJMS2Test.groovy
new file mode 100644
index 00000000000..13e768888f1
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/SpringListenerJMS2Test.groovy
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2020, OpenTelemetry Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import datadog.trace.agent.test.AgentTestRunner
+import listener.Config
+import org.springframework.context.annotation.AnnotationConfigApplicationContext
+import org.springframework.jms.core.JmsTemplate
+
+import jakarta.jms.ConnectionFactory
+
+import static JMS2Test.consumerTrace
+import static JMS2Test.producerTrace
+
+class SpringListenerJMS2Test extends AgentTestRunner {
+
+  def "receiving message in spring listener generates spans"() {
+    setup:
+    def context = new AnnotationConfigApplicationContext(Config)
+    def factory = context.getBean(ConnectionFactory)
+    def template = new JmsTemplate(factory)
+    template.convertAndSend("SpringListenerJMS2", "a message")
+
+    expect:
+    assertTraces(2) {
+      producerTrace(it, "Queue SpringListenerJMS2")
+      consumerTrace(it, "Queue SpringListenerJMS2", trace(0)[0])
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/SpringTemplateJMS2Test.groovy b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/SpringTemplateJMS2Test.groovy
new file mode 100644
index 00000000000..f92de5f63a8
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/SpringTemplateJMS2Test.groovy
@@ -0,0 +1,127 @@
+import com.google.common.io.Files
+import datadog.trace.agent.test.AgentTestRunner
+
+import org.hornetq.api.core.TransportConfiguration
+import org.hornetq.api.core.client.HornetQClient
+import org.hornetq.api.jms.HornetQJMSClient
+import org.hornetq.api.jms.JMSFactoryType
+import org.hornetq.core.config.Configuration
+import org.hornetq.core.config.CoreQueueConfiguration
+import org.hornetq.core.config.impl.ConfigurationImpl
+import org.hornetq.core.remoting.impl.invm.InVMAcceptorFactory
+import org.hornetq.core.remoting.impl.invm.InVMConnectorFactory
+import org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory
+import org.hornetq.core.server.HornetQServer
+import org.hornetq.core.server.HornetQServers
+import org.springframework.jms.core.JmsTemplate
+import spock.lang.Shared
+
+import jakarta.jms.Session
+import jakarta.jms.Message
+
+import java.util.concurrent.TimeUnit
+
+import static JMS2Test.consumerTrace
+import static JMS2Test.producerTrace
+
+class SpringTemplateJMS2Test extends AgentTestRunner {
+  @Shared
+  HornetQServer server
+  @Shared
+  String messageText = "a message"
+  @Shared
+  JmsTemplate template
+  @Shared
+  Session session
+
+  def setupSpec() {
+    def tempDir = Files.createTempDir()
+    tempDir.deleteOnExit()
+
+    Configuration config = new ConfigurationImpl()
+    config.bindingsDirectory = tempDir.path
+    config.journalDirectory = tempDir.path
+    config.createBindingsDir = false
+    config.createJournalDir = false
+    config.securityEnabled = false
+    config.persistenceEnabled = false
+    config.setQueueConfigurations([new CoreQueueConfiguration("someQueue", "someQueue", null, true)])
+    config.setAcceptorConfigurations([
+      new TransportConfiguration(NettyAcceptorFactory.name),
+      new TransportConfiguration(InVMAcceptorFactory.name)
+    ].toSet())
+
+    server = HornetQServers.newHornetQServer(config)
+    server.start()
+
+    def serverLocator = HornetQClient.createServerLocatorWithoutHA(new TransportConfiguration(InVMConnectorFactory.name))
+    def sf = serverLocator.createSessionFactory()
+    def clientSession = sf.createSession(false, false, false)
+    clientSession.createQueue("jms.queue.SpringTemplateJMS2", "jms.queue.SpringTemplateJMS2", true)
+    clientSession.close()
+    sf.close()
+    serverLocator.close()
+
+    def connectionFactory = HornetQJMSClient.createConnectionFactoryWithoutHA(JMSFactoryType.CF,
+      new TransportConfiguration(InVMConnectorFactory.name))
+
+    def connection = connectionFactory.createConnection()
+    connection.start()
+    session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE)
+    session.run()
+
+    template = new JmsTemplate(connectionFactory)
+    template.receiveTimeout = TimeUnit.SECONDS.toMillis(10)
+  }
+
+  def cleanupSpec() {
+    server.stop()
+  }
+
+  def "sending a message to #jmsResourceName generates spans"() {
+    setup:
+    template.convertAndSend(destination, messageText)
+    Message receivedMessage = template.receive(destination)
+
+    expect:
+    receivedMessage.text == messageText
+    assertTraces(2) {
+      producerTrace(it, jmsResourceName)
+      consumerTrace(it, jmsResourceName, trace(0)[0])
+    }
+
+    where:
+    destination                               | jmsResourceName
+    session.createQueue("SpringTemplateJMS2") | "Queue SpringTemplateJMS2"
+  }
+
+  def "send and receive message generates spans"() {
+    setup:
+    Thread.start {
+      TEST_WRITER.waitForTraces(1)
+      Message msg = template.receive(destination)
+      assert msg.text == messageText
+
+      // There's a chance this might be reported last, messing up the assertion.
+      template.send(msg.getJMSReplyTo()) { session ->
+        template.getMessageConverter().toMessage("responded!", session)
+      }
+    }
+    Message receivedMessage = template.sendAndReceive(destination) { session ->
+      template.getMessageConverter().toMessage(messageText, session)
+    }
+
+    expect:
+    receivedMessage.text == "responded!"
+    assertTraces(4) {
+      producerTrace(it, jmsResourceName)
+      consumerTrace(it, jmsResourceName, trace(0)[0])
+      producerTrace(it, "Temporary Queue") // receive doesn't propagate the trace, so this is a root
+      consumerTrace(it, "Temporary Queue", trace(2)[0])
+    }
+
+    where:
+    destination                               | jmsResourceName
+    session.createQueue("SpringTemplateJMS2") | "Queue SpringTemplateJMS2"
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/listener/Config.groovy b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/listener/Config.groovy
new file mode 100644
index 00000000000..16de4f012e0
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/listener/Config.groovy
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2020, OpenTelemetry Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package listener
+
+import com.google.common.io.Files
+import org.hornetq.api.core.TransportConfiguration
+import org.hornetq.api.core.client.HornetQClient
+import org.hornetq.api.jms.HornetQJMSClient
+import org.hornetq.api.jms.JMSFactoryType
+import org.hornetq.core.config.CoreQueueConfiguration
+import org.hornetq.core.config.impl.ConfigurationImpl
+import org.hornetq.core.remoting.impl.invm.InVMAcceptorFactory
+import org.hornetq.core.remoting.impl.invm.InVMConnectorFactory
+import org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory
+import org.hornetq.core.server.HornetQServer
+import org.hornetq.core.server.HornetQServers
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.ComponentScan
+import org.springframework.context.annotation.Configuration
+import org.springframework.jms.annotation.EnableJms
+import org.springframework.jms.config.DefaultJmsListenerContainerFactory
+import org.springframework.jms.config.JmsListenerContainerFactory
+
+import jakarta.annotation.PreDestroy
+import jakarta.jms.ConnectionFactory
+
+@Configuration
+@ComponentScan
+@EnableJms
+class Config {
+
+  private HornetQServer server
+
+  @Bean
+  ConnectionFactory connectionFactory() {
+    def tempDir = Files.createTempDir()
+    tempDir.deleteOnExit()
+
+    org.hornetq.core.config.Configuration config = new ConfigurationImpl()
+    config.bindingsDirectory = tempDir.path
+    config.journalDirectory = tempDir.path
+    config.createBindingsDir = false
+    config.createJournalDir = false
+    config.securityEnabled = false
+    config.persistenceEnabled = false
+    config.setQueueConfigurations([new CoreQueueConfiguration("someQueue", "someQueue", null, true)])
+    config.setAcceptorConfigurations([
+      new TransportConfiguration(NettyAcceptorFactory.name),
+      new TransportConfiguration(InVMAcceptorFactory.name)
+    ].toSet())
+
+    server = HornetQServers.newHornetQServer(config)
+    server.start()
+
+    def serverLocator = HornetQClient.createServerLocatorWithoutHA(new TransportConfiguration(InVMConnectorFactory.name))
+    def sf = serverLocator.createSessionFactory()
+    def clientSession = sf.createSession(false, false, false)
+    clientSession.createQueue("jms.queue.SpringListenerJMS2", "jms.queue.SpringListenerJMS2", true)
+    clientSession.close()
+    sf.close()
+    serverLocator.close()
+
+    return HornetQJMSClient.createConnectionFactoryWithoutHA(JMSFactoryType.CF,
+      new TransportConfiguration(InVMConnectorFactory.name))
+  }
+
+  @Bean
+  JmsListenerContainerFactory<?> containerFactory(ConnectionFactory connectionFactory) {
+    DefaultJmsListenerContainerFactory factory = new DefaultJmsListenerContainerFactory()
+    factory.setConnectionFactory(connectionFactory)
+    return factory
+  }
+
+  @PreDestroy
+  void destroy() {
+    server.stop()
+  }
+}
diff --git a/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/listener/TestListener.groovy b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/listener/TestListener.groovy
new file mode 100644
index 00000000000..e2eccd25449
--- /dev/null
+++ b/dd-java-agent/instrumentation/jakarta-jms/src/test/groovy/listener/TestListener.groovy
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2020, OpenTelemetry Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package listener
+
+import org.springframework.jms.annotation.JmsListener
+import org.springframework.stereotype.Component
+
+@Component
+class TestListener {
+
+  @JmsListener(destination = "SpringListenerJMS2", containerFactory = "containerFactory")
+  void receiveMessage(String message) {
+    println "received: " + message
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-concurrent/src/main/java/datadog/trace/instrumentation/java/concurrent/JavaTimerInstrumentation.java b/dd-java-agent/instrumentation/java-concurrent/src/main/java/datadog/trace/instrumentation/java/concurrent/JavaTimerInstrumentation.java
new file mode 100644
index 00000000000..bb1a943c964
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-concurrent/src/main/java/datadog/trace/instrumentation/java/concurrent/JavaTimerInstrumentation.java
@@ -0,0 +1,74 @@
+package datadog.trace.instrumentation.java.concurrent;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.cancelTask;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.capture;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.QueueTimerHelper.startQueuingTimer;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPrivate;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import java.util.Map;
+import java.util.Timer;
+import java.util.TimerTask;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class JavaTimerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForBootstrap, Instrumenter.ForSingleType {
+  public JavaTimerInstrumentation() {
+    super("java_timer", "java_concurrent", "runnable");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "java.util.Timer";
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("java.lang.Runnable", State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPrivate())
+            .and(
+                named("sched")
+                    .and(takesArguments(3))
+                    .and(takesArgument(0, named("java.util.TimerTask")))
+                    .and(takesArgument(1, long.class))
+                    .and(takesArgument(2, long.class))),
+        getClass().getName() + "$TimerScheduleAdvice");
+  }
+
+  public static final class TimerScheduleAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void before(@Advice.Argument(0) TimerTask task, @Advice.Argument(2) long period) {
+      // don't propagate fixed time / rate executions
+      if (period != 0) {
+        return;
+      }
+      ContextStore<Runnable, State> contextStore =
+          InstrumentationContext.get(Runnable.class, State.class);
+      capture(contextStore, task, true);
+      startQueuingTimer(contextStore, Timer.class, task);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Argument(0) TimerTask task, @Advice.Thrown Throwable thrown) {
+      if (null != thrown) {
+        cancelTask(InstrumentationContext.get(Runnable.class, State.class), task);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-concurrent/src/main/java/datadog/trace/instrumentation/java/concurrent/TimerTaskInstrumentation.java b/dd-java-agent/instrumentation/java-concurrent/src/main/java/datadog/trace/instrumentation/java/concurrent/TimerTaskInstrumentation.java
new file mode 100644
index 00000000000..8f315f48bfa
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-concurrent/src/main/java/datadog/trace/instrumentation/java/concurrent/TimerTaskInstrumentation.java
@@ -0,0 +1,62 @@
+package datadog.trace.instrumentation.java.concurrent;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import java.util.Map;
+import java.util.TimerTask;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+/**
+ * Instrument {@link java.util.TimerTask}
+ *
+ * <p>Only the cancel part is handled here because the execution is handled by the {@link
+ * RunnableInstrumentation}
+ */
+@AutoService(Instrumenter.class)
+public final class TimerTaskInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForBootstrap, Instrumenter.ForTypeHierarchy {
+
+  public TimerTaskInstrumentation() {
+    super("java_timer", AbstractExecutorInstrumentation.EXEC_NAME, "runnable");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return null; // bootstrap type
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return extendsClass(named(TimerTask.class.getName()));
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap(Runnable.class.getName(), State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("cancel").and(takesArguments(0)).and(isPublic()),
+        TimerTaskInstrumentation.class.getName() + "$CancelAdvice");
+  }
+
+  public static class CancelAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void onCancel(@Advice.This TimerTask self) {
+      AdviceUtils.cancelTask(InstrumentationContext.get(Runnable.class, State.class), self);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TaskUnwrappingForkedTest.groovy b/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TaskUnwrappingForkedTest.groovy
index 9f06064dfc7..706dfabc509 100644
--- a/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TaskUnwrappingForkedTest.groovy
+++ b/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TaskUnwrappingForkedTest.groovy
@@ -1,5 +1,5 @@
 import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.bootstrap.TaskWrapper
+import datadog.trace.bootstrap.instrumentation.api.TaskWrapper
 
 import java.util.concurrent.Callable
 import java.util.concurrent.ForkJoinTask
diff --git a/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TimerTaskContinuationTest.groovy b/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TimerTaskContinuationTest.groovy
new file mode 100644
index 00000000000..77f0e052947
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-concurrent/src/test/groovy/TimerTaskContinuationTest.groovy
@@ -0,0 +1,112 @@
+import static datadog.trace.agent.test.utils.TraceUtils.basicSpan
+import static datadog.trace.agent.test.utils.TraceUtils.runUnderTrace
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.AgentScope
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+import spock.lang.Shared
+
+import java.time.Instant
+import java.util.concurrent.CountDownLatch
+
+class TimerTaskContinuationTest extends AgentTestRunner {
+  @Shared
+  Timer timer = new Timer()
+
+  TimerTask timerTask
+
+  CountDownLatch runLatch = new CountDownLatch(1)
+
+  @Override
+  boolean useStrictTraceWrites() {
+    false
+  }
+
+  @Override
+  def setup() {
+    timerTask = new TimerTask() {
+        @Override
+        void run() {
+          AgentSpan span = startSpan("test", "child")
+          AgentScope scope = activateSpan(span)
+          try {
+            span.finish()
+          } finally {
+            scope.close()
+            runLatch.countDown()
+          }
+        }
+      }
+  }
+
+  def "test continuation activated when TimerTask runs (long)"() {
+    when:
+    runUnderTrace("parent", {
+      timer.schedule(timerTask, 100)
+    })
+    runLatch.await()
+
+
+    then:
+    assertTraces(1) {
+      sortSpansByStart()
+      trace(2) {
+        basicSpan(it, "parent")
+        basicSpan(it, "child", trace(0).get(0))
+      }
+    }
+  }
+
+  def "test continuation activated when TimerTask runs (date)"() {
+    when:
+    runUnderTrace("parent", {
+      timer.schedule(timerTask, Instant.now().plusMillis(100).toDate())
+    })
+    runLatch.await()
+
+    then:
+    assertTraces(1) {
+      sortSpansByStart()
+      trace(2) {
+        basicSpan(it, "parent")
+        basicSpan(it, "child", trace(0).get(0))
+      }
+    }
+  }
+
+  def "test continuation canceled when TimerTask is canceled"() {
+    when:
+    runUnderTrace("parent", {
+      timer.schedule(timerTask, 1000)
+    })
+
+    then:
+    assert timerTask.cancel()
+    assertTraces(1) {
+      trace(1) {
+        basicSpan(it, "parent")
+      }
+    }
+  }
+
+  def "test not propagated when scheduled more than once"() {
+    when:
+    runUnderTrace("parent", {
+      timer.schedule(timerTask, 100, 1000)
+    })
+    runLatch.await()
+    timerTask.cancel()
+
+    then:
+    assertTraces(2) {
+      trace(1) {
+        basicSpan(it, "parent")
+      }
+      trace(1) {
+        basicSpan(it, "child")
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-directbytebuffer/build.gradle b/dd-java-agent/instrumentation/java-directbytebuffer/build.gradle
index 5a6fe5e869e..453c95e476c 100644
--- a/dd-java-agent/instrumentation/java-directbytebuffer/build.gradle
+++ b/dd-java-agent/instrumentation/java-directbytebuffer/build.gradle
@@ -1,5 +1,6 @@
 ext {
   minJavaVersionForTests = JavaVersion.VERSION_11
+  excludeJdk = ['SEMERU11', 'SEMERU17']
 }
 muzzle {
   pass {
diff --git a/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/InputStreamInstrumentation.java b/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/InputStreamInstrumentation.java
index caf72cff507..424138d6942 100644
--- a/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/InputStreamInstrumentation.java
+++ b/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/InputStreamInstrumentation.java
@@ -56,7 +56,7 @@ public static void onExit(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       try {
         if (module != null) {
-          module.taintIfInputIsTainted(self, param);
+          module.taintIfTainted(self, param);
         }
       } catch (final Throwable e) {
         module.onUnexpectedException("InputStreamAdvice onExit threw", e);
diff --git a/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/StringReaderCallSite.java b/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/StringReaderCallSite.java
new file mode 100644
index 00000000000..09f203efa60
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/StringReaderCallSite.java
@@ -0,0 +1,25 @@
+package datadog.trace.instrumentation.java.lang;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.io.StringReader;
+import javax.annotation.Nonnull;
+
+@Propagation
+@CallSite(spi = IastCallSites.class)
+public class StringReaderCallSite {
+
+  @CallSite.After("void java.io.StringReader.<init>(java.lang.String)")
+  public static StringReader afterInit(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final StringReader result) {
+    final PropagationModule propagationModule = InstrumentationBridge.PROPAGATION;
+    if (propagationModule != null) {
+      propagationModule.taintIfTainted(result, params[0]);
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/InputStreamInstrumentationTest.groovy b/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/InputStreamInstrumentationTest.groovy
index 12e3f9fecf2..a73e5f5e524 100644
--- a/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/InputStreamInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/InputStreamInstrumentationTest.groovy
@@ -23,6 +23,6 @@ class InputStreamInstrumentationTest extends AgentTestRunner {
     TestInputStreamSuite.pushbackInputStreamFromIS(is)
 
     then:
-    (1.._) * propagationModule.taintIfInputIsTainted(_ as InputStream, is)
+    (1.._) * propagationModule.taintIfTainted(_ as InputStream, is)
   }
 }
diff --git a/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/StringReaderCallSiteTest.groovy b/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/StringReaderCallSiteTest.groovy
new file mode 100644
index 00000000000..f99dca913f4
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-io/src/test/groovy/datadog/trace/instrumentation/java/io/StringReaderCallSiteTest.groovy
@@ -0,0 +1,21 @@
+package datadog.trace.instrumentation.java.io
+
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.TestStringReaderSuite
+
+class StringReaderCallSiteTest extends  BaseIoCallSiteTest{
+
+  void 'test StringReader.<init>'(){
+    given:
+    PropagationModule iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final input = 'Test input'
+
+    when:
+    TestStringReaderSuite.init(input)
+
+    then:
+    1 * iastModule.taintIfTainted(_ as StringReader, input)
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-io/src/test/java/foo/bar/TestStringReaderSuite.java b/dd-java-agent/instrumentation/java-io/src/test/java/foo/bar/TestStringReaderSuite.java
new file mode 100644
index 00000000000..36d5e9b330a
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-io/src/test/java/foo/bar/TestStringReaderSuite.java
@@ -0,0 +1,10 @@
+package foo.bar;
+
+import java.io.StringReader;
+
+public class TestStringReaderSuite {
+
+  public static void init(String input) {
+    new StringReader(input);
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-9/src/test/groovy/datadog/trace/instrumentation/java/lang/invoke/StringConcatFactoryCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-9/src/test/groovy/datadog/trace/instrumentation/java/lang/invoke/StringConcatFactoryCallSiteTest.groovy
index 5d444723d3f..a5b6d6ed901 100644
--- a/dd-java-agent/instrumentation/java-lang/java-lang-9/src/test/groovy/datadog/trace/instrumentation/java/lang/invoke/StringConcatFactoryCallSiteTest.groovy
+++ b/dd-java-agent/instrumentation/java-lang/java-lang-9/src/test/groovy/datadog/trace/instrumentation/java/lang/invoke/StringConcatFactoryCallSiteTest.groovy
@@ -1,10 +1,12 @@
 package datadog.trace.instrumentation.java.lang.invoke
 
 import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.Platform
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.propagation.StringModule
 import foo.bar.TestStringConcatFactorySuite
 import groovy.transform.CompileDynamic
+import spock.lang.IgnoreIf
 import spock.lang.Requires
 
 import static foo.bar.TestStringConcatFactorySuite.stringPlusWithPrimitive
@@ -12,6 +14,9 @@ import static foo.bar.TestStringConcatFactorySuite.stringPlusWithPrimitive
 @Requires({
   jvm.java9Compatible
 })
+@IgnoreIf(reason = "https://github.com/DataDog/dd-trace-java/issues/5715", value = {
+  Platform.isJ9()
+})
 @CompileDynamic
 class StringConcatFactoryCallSiteTest extends AgentTestRunner {
 
diff --git a/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java b/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java
index a46594b8aa9..eaa00a0d469 100644
--- a/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java
+++ b/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java
@@ -1,5 +1,7 @@
 package datadog.trace.instrumentation.java.lang;
 
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
 import datadog.trace.agent.tooling.csi.CallSite;
 import datadog.trace.api.iast.IastCallSites;
 import datadog.trace.api.iast.InstrumentationBridge;
@@ -327,7 +329,7 @@ public static char[] afterToCharArray(
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintObjectIfInputIsTaintedKeepingRanges(result, self);
+        module.taintIfTainted(result, self, true, NOT_MARKED);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterToCharArray threw", e);
       }
diff --git a/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URICallSite.java b/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URICallSite.java
index f28c86e8b79..66bc25d625f 100644
--- a/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URICallSite.java
+++ b/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URICallSite.java
@@ -20,7 +20,7 @@ public static URI afterCreate(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfAnyInputIsTainted(result, value);
+          module.taintIfTainted(result, value);
         } catch (final Throwable e) {
           module.onUnexpectedException("create threw", e);
         }
@@ -43,7 +43,7 @@ public static URI afterCtor(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfAnyInputIsTainted(result, args);
+          module.taintIfAnyTainted(result, args);
         } catch (final Throwable e) {
           module.onUnexpectedException("ctor threw", e);
         }
@@ -59,7 +59,7 @@ public static String afterToString(
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTainted(result, url);
+        module.taintIfTainted(result, url);
       } catch (final Throwable e) {
         module.onUnexpectedException("After toString threw", e);
       }
@@ -73,7 +73,7 @@ public static URI afterNormalize(
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTainted(result, url);
+        module.taintIfTainted(result, url);
       } catch (final Throwable e) {
         module.onUnexpectedException("After toString threw", e);
       }
diff --git a/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLCallSite.java b/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLCallSite.java
index 285de99c329..da954219bf4 100644
--- a/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLCallSite.java
+++ b/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLCallSite.java
@@ -32,7 +32,7 @@ public static URL afterCtor(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfAnyInputIsTainted(result, args);
+          module.taintIfAnyTainted(result, args);
         } catch (final Throwable e) {
           module.onUnexpectedException("ctor threw", e);
         }
@@ -49,7 +49,7 @@ public static String afterToString(
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTainted(result, url);
+        module.taintIfTainted(result, url);
       } catch (final Throwable e) {
         module.onUnexpectedException("After toString threw", e);
       }
@@ -63,7 +63,7 @@ public static URI afterToURI(@CallSite.This final URL url, @CallSite.Return fina
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTainted(result, url);
+        module.taintIfTainted(result, url);
       } catch (final Throwable e) {
         module.onUnexpectedException("After toURI threw", e);
       }
diff --git a/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLEncoderCallSite.java b/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLEncoderCallSite.java
new file mode 100644
index 00000000000..7c219bcf6ba
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-net/src/main/java/datadog/trace/instrumentation/java/net/URLEncoderCallSite.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.java.net;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.VulnerabilityMarks;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import javax.annotation.Nullable;
+
+@Propagation
+@CallSite(spi = IastCallSites.class)
+public class URLEncoderCallSite {
+
+  @CallSite.After("java.lang.String java.net.URLEncoder.encode(java.lang.String)")
+  public static String afterEncode(
+      @CallSite.Argument @Nullable final String value,
+      @CallSite.Return @Nullable final String result) {
+    return encode(result, value);
+  }
+
+  @CallSite.After("java.lang.String java.net.URLEncoder.encode(java.lang.String, java.lang.String)")
+  public static String afterEncode(
+      @CallSite.Argument @Nullable final String value,
+      @CallSite.Argument @Nullable final String encoding,
+      @CallSite.Return @Nullable final String result) {
+    return encode(result, value);
+  }
+
+  private static String encode(final String result, final String value) {
+    if (value != null && result != null) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        try {
+          module.taintIfTainted(result, value, false, VulnerabilityMarks.XSS_MARK);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("afterEncode threw", e);
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URICallSIteTest.groovy b/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URICallSIteTest.groovy
index 067e4241b01..398d94779d7 100644
--- a/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URICallSIteTest.groovy
+++ b/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URICallSIteTest.groovy
@@ -24,16 +24,32 @@ class URICallSIteTest extends AgentTestRunner {
 
     then:
     uri.toString() == expected
-    1 * module.taintIfAnyInputIsTainted(_ as URI, args as Object[])
+    1 * module.taintIfAnyTainted(_ as URI, args as Object[])
 
     where:
-    method   | args                                                                          | expected
-    'uri'    | ['http://test.com/index?name=value#fragment']                                 | 'http://test.com/index?name=value#fragment'
-    'uri'    | ['http', 'user:password', 'test.com', 80, '/index', 'name=value', 'fragment'] | 'http://user:password@test.com:80/index?name=value#fragment'
-    'uri'    | ['http', 'user:password@test.com', '/index', 'name=value', 'fragment']        | 'http://user:password@test.com/index?name=value#fragment'
-    'uri'    | ['http', 'test.com', '/index', 'fragment']                                    | 'http://test.com/index#fragment'
-    'uri'    | ['http', '//test.com/index?name=value', 'fragment']                           | 'http://test.com/index?name=value#fragment'
-    'create' | ['http://test.com/index?name=value#fragment']                                 | 'http://test.com/index?name=value#fragment'
+    method | args                                                                          | expected
+    'uri'  | ['http://test.com/index?name=value#fragment']                                 | 'http://test.com/index?name=value#fragment'
+    'uri'  | ['http', 'user:password', 'test.com', 80, '/index', 'name=value', 'fragment'] | 'http://user:password@test.com:80/index?name=value#fragment'
+    'uri'  | ['http', 'user:password@test.com', '/index', 'name=value', 'fragment']        | 'http://user:password@test.com/index?name=value#fragment'
+    'uri'  | ['http', 'test.com', '/index', 'fragment']                                    | 'http://test.com/index#fragment'
+    'uri'  | ['http', '//test.com/index?name=value', 'fragment']                           | 'http://test.com/index?name=value#fragment'
+  }
+
+  void 'test uri create propagation'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    final uri = TestURICallSiteSuite.&"$method".call(args as Object[])
+
+    then:
+    uri.toString() == expected
+    1 * module.taintIfTainted(_ as URI, args[0])
+
+    where:
+    method   | args                                          | expected
+    'create' | ['http://test.com/index?name=value#fragment'] | 'http://test.com/index?name=value#fragment'
   }
 
   void 'test uri propagation'() {
@@ -45,7 +61,7 @@ class URICallSIteTest extends AgentTestRunner {
     TestURICallSiteSuite.&"$method".call(args as Object[])
 
     then:
-    1 * module.taintIfInputIsTainted(_, _ as URI)
+    1 * module.taintIfTainted(_, _ as URI)
 
     where:
     method          | args
diff --git a/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLCallSiteTest.groovy b/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLCallSiteTest.groovy
index 5417c00a03f..a51038e769c 100644
--- a/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLCallSiteTest.groovy
+++ b/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLCallSiteTest.groovy
@@ -23,7 +23,7 @@ class URLCallSiteTest extends AgentTestRunner {
 
     then:
     uri.toString() == expected
-    1 * module.taintIfAnyInputIsTainted(_ as URL, args as Object[])
+    1 * module.taintIfAnyTainted(_ as URL, args as Object[])
 
     where:
     method | args                                                                             | expected
@@ -44,7 +44,7 @@ class URLCallSiteTest extends AgentTestRunner {
     TestURLCallSiteSuite.&"$method".call(args as Object[])
 
     then:
-    1 * module.taintIfInputIsTainted(_, _ as URL)
+    1 * module.taintIfTainted(_, _ as URL)
 
     where:
     method           | args
diff --git a/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLEncoderCallSiteTest.groovy b/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLEncoderCallSiteTest.groovy
new file mode 100644
index 00000000000..aefc594c745
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-net/src/test/groovy/datadog/trace/instrumentation/java/net/URLEncoderCallSiteTest.groovy
@@ -0,0 +1,53 @@
+package datadog.trace.instrumentation.java.net
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.VulnerabilityMarks
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.TestURLEncoderCallSiteSuite
+
+class URLEncoderCallSiteTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  def 'test encode with args: #args'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = TestURLEncoderCallSiteSuite.&encode.call(*args)
+
+    then:
+    result == expected
+    1 * iastModule.taintIfTainted(_ as String, args[0], false, VulnerabilityMarks.XSS_MARK)
+    0 * _
+
+    where:
+    args                                         | expected
+    ['my test.asp?name=ståle&car=saab']          | 'my+test.asp%3Fname%3Dst%C3%A5le%26car%3Dsaab'
+    ['my test.asp?name=ståle&car=saab', 'UTF-8'] | 'my+test.asp%3Fname%3Dst%C3%A5le%26car%3Dsaab'
+  }
+
+  void 'test encode with null args'() {
+    given:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    TestURLEncoderCallSiteSuite.&encode.call(*args)
+
+    then:
+    def ex = thrown(Exception)
+    assert ex.stackTrace[0].getClassName().startsWith('java.net.')
+    0 * _
+
+    where:
+    args         | _
+    [null, null] | _
+    [null]       | _
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-net/src/test/java/foo/bar/TestURLEncoderCallSiteSuite.java b/dd-java-agent/instrumentation/java-net/src/test/java/foo/bar/TestURLEncoderCallSiteSuite.java
new file mode 100644
index 00000000000..2ab644fb1dc
--- /dev/null
+++ b/dd-java-agent/instrumentation/java-net/src/test/java/foo/bar/TestURLEncoderCallSiteSuite.java
@@ -0,0 +1,27 @@
+package foo.bar;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TestURLEncoderCallSiteSuite {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(TestURLEncoderCallSiteSuite.class);
+
+  public static String encode(final String value) {
+    LOGGER.debug("Before encode {}", value);
+    @SuppressWarnings("deprecation")
+    final String result = URLEncoder.encode(value);
+    LOGGER.debug("After encode {}", result);
+    return result;
+  }
+
+  public static String encode(final String value, final String encoding)
+      throws UnsupportedEncodingException {
+    LOGGER.debug("Before encode {} {}", value, encoding);
+    final String result = URLEncoder.encode(value, encoding);
+    LOGGER.debug("After encode {}", result);
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/java-security/src/main/java/datadog/trace/instrumentation/java/security/WeakCipherInstrumentationCallSite.java b/dd-java-agent/instrumentation/java-security/src/main/java/datadog/trace/instrumentation/java/security/WeakCipherInstrumentationCallSite.java
index 9af837bb062..d34a73e874d 100644
--- a/dd-java-agent/instrumentation/java-security/src/main/java/datadog/trace/instrumentation/java/security/WeakCipherInstrumentationCallSite.java
+++ b/dd-java-agent/instrumentation/java-security/src/main/java/datadog/trace/instrumentation/java/security/WeakCipherInstrumentationCallSite.java
@@ -6,28 +6,29 @@
 import datadog.trace.api.iast.Sink;
 import datadog.trace.api.iast.VulnerabilityTypes;
 import datadog.trace.api.iast.sink.WeakCipherModule;
-import java.security.Provider;
 
 @Sink(VulnerabilityTypes.WEAK_CIPHER)
 @CallSite(spi = IastCallSites.class)
 public class WeakCipherInstrumentationCallSite {
 
   @CallSite.Before("javax.crypto.Cipher javax.crypto.Cipher.getInstance(java.lang.String)")
-  public static void beforeGetInstance(@CallSite.Argument final String algo) {
-    onCipherAlgorithm(algo);
-  }
-
   @CallSite.Before(
       "javax.crypto.Cipher javax.crypto.Cipher.getInstance(java.lang.String, java.lang.String)")
-  public static void beforeGetInstance(
-      @CallSite.Argument final String algo, @CallSite.Argument final String provider) {
-    onCipherAlgorithm(algo);
-  }
-
   @CallSite.Before(
       "javax.crypto.Cipher javax.crypto.Cipher.getInstance(java.lang.String, java.security.Provider)")
-  public static void beforeGetInstance(
-      @CallSite.Argument final String algo, @CallSite.Argument final Provider provider) {
+  @CallSite.Before(
+      "javax.crypto.KeyGenerator  javax.crypto.KeyGenerator.getInstance(java.lang.String)")
+  @CallSite.Before(
+      "javax.crypto.KeyGenerator  javax.crypto.KeyGenerator.getInstance(java.lang.String, java.lang.String)")
+  @CallSite.Before(
+      "javax.crypto.KeyGenerator javax.crypto.KeyGenerator.getInstance(java.lang.String, java.security.Provider)")
+  @CallSite.Before(
+      "javax.crypto.SecretKeyFactory  javax.crypto.SecretKeyFactory.getInstance(java.lang.String)")
+  @CallSite.Before(
+      "javax.crypto.SecretKeyFactory  javax.crypto.SecretKeyFactory.getInstance(java.lang.String, java.lang.String)")
+  @CallSite.Before(
+      "javax.crypto.SecretKeyFactory javax.crypto.SecretKeyFactory.getInstance(java.lang.String, java.security.Provider)")
+  public static void beforeGetInstance(@CallSite.Argument final String algo) {
     onCipherAlgorithm(algo);
   }
 
diff --git a/dd-java-agent/instrumentation/java-security/src/test/groovy/test/WeakCipherTest.groovy b/dd-java-agent/instrumentation/java-security/src/test/groovy/test/WeakCipherTest.groovy
index d57eea16fe2..1c9e5639841 100644
--- a/dd-java-agent/instrumentation/java-security/src/test/groovy/test/WeakCipherTest.groovy
+++ b/dd-java-agent/instrumentation/java-security/src/test/groovy/test/WeakCipherTest.groovy
@@ -62,6 +62,45 @@ class WeakCipherTest extends AgentTestRunner {
     1 * module.onCipherAlgorithm(_)
   }
 
+  // Key Generator
+  def "test weak cipher instrumentation"() {
+    setup:
+    WeakCipherModule module = Mock(WeakCipherModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    new TestSuite().getKeyGeneratorInstance("DES")
+
+    then:
+    1 * module.onCipherAlgorithm(_)
+  }
+
+  def "test weak cipher instrumentation with provider"() {
+    setup:
+    WeakCipherModule module = Mock(WeakCipherModule)
+    InstrumentationBridge.registerIastModule(module)
+    final provider = providerFor('DES')
+
+    when:
+    new TestSuite().getKeyGeneratorInstance("DES", provider)
+
+    then:
+    1 * module.onCipherAlgorithm(_)
+  }
+
+  def "test weak cipher instrumentation with provider string"() {
+    setup:
+    WeakCipherModule module = Mock(WeakCipherModule)
+    InstrumentationBridge.registerIastModule(module)
+    final provider = providerFor('DES')
+
+    when:
+    new TestSuite().getKeyGeneratorInstance('DES', provider.getName())
+
+    then:
+    1 * module.onCipherAlgorithm(_)
+  }
+
   def "weak cipher instrumentation with null argument"() {
     setup:
     WeakCipherModule module = Mock(WeakCipherModule)
diff --git a/dd-java-agent/instrumentation/java-security/src/test/java/foo/bar/TestSuite.java b/dd-java-agent/instrumentation/java-security/src/test/java/foo/bar/TestSuite.java
index 573d16aae33..2908049eab6 100644
--- a/dd-java-agent/instrumentation/java-security/src/test/java/foo/bar/TestSuite.java
+++ b/dd-java-agent/instrumentation/java-security/src/test/java/foo/bar/TestSuite.java
@@ -5,7 +5,9 @@
 import java.security.NoSuchProviderException;
 import java.security.Provider;
 import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
 import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKeyFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -28,6 +30,54 @@ public Cipher getCipherInstance(String algo, String provider)
     return c;
   }
 
+  public KeyGenerator getKeyGeneratorInstance(String algo, Provider provider)
+      throws NoSuchPaddingException, NoSuchAlgorithmException {
+    log.debug("Before KeyGenerator.getInstance");
+    KeyGenerator c = KeyGenerator.getInstance(algo, provider);
+    log.debug("after KeyGenerator.getInstance");
+    return c;
+  }
+
+  public KeyGenerator getKeyGeneratorInstance(String algo)
+      throws NoSuchPaddingException, NoSuchAlgorithmException {
+    log.debug("Before KeyGenerator.getInstance");
+    KeyGenerator c = KeyGenerator.getInstance(algo);
+    log.debug("after KeyGenerator.getInstance");
+    return c;
+  }
+
+  public KeyGenerator getKeyGeneratorInstance(String algo, String provider)
+      throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
+    log.debug("Before KeyGenerator.getInstance");
+    KeyGenerator c = KeyGenerator.getInstance(algo, provider);
+    log.debug("after KeyGenerator.getInstance");
+    return c;
+  }
+
+  public SecretKeyFactory getSecretKeyFactoryInstance(String algo, Provider provider)
+      throws NoSuchPaddingException, NoSuchAlgorithmException {
+    log.debug("Before SecretKeyFactory.getInstance");
+    SecretKeyFactory c = SecretKeyFactory.getInstance(algo, provider);
+    log.debug("after SecretKeyFactory.getInstance");
+    return c;
+  }
+
+  public SecretKeyFactory getSecretKeyFactoryInstance(String algo)
+      throws NoSuchPaddingException, NoSuchAlgorithmException {
+    log.debug("Before SecretKeyFactory.getInstance");
+    SecretKeyFactory c = SecretKeyFactory.getInstance(algo);
+    log.debug("after SecretKeyFactory.getInstance");
+    return c;
+  }
+
+  public SecretKeyFactory getSecretKeyFactoryInstance(String algo, String provider)
+      throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
+    log.debug("Before SecretKeyFactory.getInstance");
+    SecretKeyFactory c = SecretKeyFactory.getInstance(algo, provider);
+    log.debug("after SecretKeyFactory.getInstance");
+    return c;
+  }
+
   public Cipher getCipherInstance(String algo, Provider provider)
       throws NoSuchPaddingException, NoSuchAlgorithmException {
     log.debug("Before Cipher.getInstance");
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/build.gradle b/dd-java-agent/instrumentation/jax-rs-client-2.0/build.gradle
index 97cfa468a56..a5bcca5ea1f 100644
--- a/dd-java-agent/instrumentation/jax-rs-client-2.0/build.gradle
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/build.gradle
@@ -8,6 +8,7 @@ muzzle {
     // We want to support the dropwizard clients too.
     group = 'io.dropwizard'
     module = 'dropwizard-client'
+    skipVersions = ['3.0.2', '4.0.2']
     versions = "[0.8.0,4)" // dropwizard-client 4+ uses jakarta
     assertInverse = true
   }
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/build.gradle b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/build.gradle
index 312af6333b7..8ede7159e5f 100644
--- a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/build.gradle
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/build.gradle
@@ -12,4 +12,8 @@ dependencies {
   compileOnly group: 'org.glassfish.jersey.core', name: 'jersey-client', version: '2.0'
 
   compileOnly project(':dd-java-agent:instrumentation:jax-rs-client-2.0')
+
+  testImplementation group: 'org.glassfish.jersey.core', name: 'jersey-client', version: '2.0'
+
+  testImplementation project(':dd-java-agent:instrumentation:jax-rs-client-2.0')
 }
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/main/java/org/glassfish/jersey/client/WrappingResponseCallback.java b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/main/java/org/glassfish/jersey/client/WrappingResponseCallback.java
index d59e180c406..6cf90a985e3 100644
--- a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/main/java/org/glassfish/jersey/client/WrappingResponseCallback.java
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/main/java/org/glassfish/jersey/client/WrappingResponseCallback.java
@@ -1,5 +1,6 @@
 package org.glassfish.jersey.client;
 
+import datadog.trace.api.Config;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.instrumentation.jaxrs.ClientTracingFilter;
 import javax.ws.rs.ProcessingException;
@@ -30,8 +31,12 @@ public static void handleProcessingException(ClientRequest request, ProcessingEx
     final Object prop = request.getProperty(ClientTracingFilter.SPAN_PROPERTY_NAME);
     if (prop instanceof AgentSpan) {
       final AgentSpan span = (AgentSpan) prop;
-      span.setError(true);
       span.addThrowable(error);
+
+      @SuppressWarnings("deprecation")
+      final boolean isJaxRsExceptionAsErrorEnabled = Config.get().isJaxRsExceptionAsErrorEnabled();
+      span.setError(isJaxRsExceptionAsErrorEnabled);
+
       span.finish();
     }
   }
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/test/groovy/WrappingResponseCallbackTest.groovy b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/test/groovy/WrappingResponseCallbackTest.groovy
new file mode 100644
index 00000000000..3decbeb0044
--- /dev/null
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-jersey/src/test/groovy/WrappingResponseCallbackTest.groovy
@@ -0,0 +1,46 @@
+import static datadog.trace.api.config.TraceInstrumentationConfig.JAX_RS_EXCEPTION_AS_ERROR_ENABLED
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.instrumentation.jaxrs.ClientTracingFilter
+import javax.ws.rs.ProcessingException
+import org.glassfish.jersey.client.ClientConfig
+import org.glassfish.jersey.client.ClientRequest
+import org.glassfish.jersey.client.JerseyClient
+import org.glassfish.jersey.client.WrappingResponseCallback
+import org.glassfish.jersey.internal.MapPropertiesDelegate
+
+class WrappingResponseCallbackTest extends AgentTestRunner {
+  def "handleProcessingException properly utilizes the config"() {
+    setup:
+    if (jaxRsExceptionAsErrorEnabled != null) {
+      injectSysConfig(JAX_RS_EXCEPTION_AS_ERROR_ENABLED, "$jaxRsExceptionAsErrorEnabled")
+    }
+    def testSpan = TEST_TRACER.buildSpan("testInstrumentation", "testSpan").start()
+    def props = [(ClientTracingFilter.SPAN_PROPERTY_NAME): testSpan]
+    def propertiesDelegate = new MapPropertiesDelegate(props)
+    def clientConfig = new ClientConfig(new JerseyClient())
+
+    def clientRequest = new ClientRequest(new URI("https://www.google.com/"), clientConfig, propertiesDelegate)
+    def processingException = new ProcessingException("test")
+
+    when:
+    WrappingResponseCallback.handleProcessingException(clientRequest, processingException)
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          operationName "testSpan"
+          resourceName "testSpan"
+          errored isErrored
+        }
+      }
+    }
+
+    where:
+    jaxRsExceptionAsErrorEnabled | isErrored
+    true                         | true
+    false                        | false
+    null                         | true
+  }
+}
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/build.gradle b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/build.gradle
index 3f7d770790d..063ce129aa0 100644
--- a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/build.gradle
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/build.gradle
@@ -12,4 +12,8 @@ dependencies {
   compileOnly group: 'org.jboss.resteasy', name: 'resteasy-client', version: '3.0.0.Final'
 
   compileOnly project(':dd-java-agent:instrumentation:jax-rs-client-2.0')
+
+  testImplementation group: 'org.jboss.resteasy', name: 'resteasy-client', version: '3.0.0.Final'
+
+  testImplementation project(':dd-java-agent:instrumentation:jax-rs-client-2.0')
 }
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/ResteasyClientConnectionErrorInstrumentation.java b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/ResteasyClientConnectionErrorInstrumentation.java
index cdc885c610b..b8b316fd073 100644
--- a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/ResteasyClientConnectionErrorInstrumentation.java
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/ResteasyClientConnectionErrorInstrumentation.java
@@ -7,6 +7,7 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.Config;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.instrumentation.jaxrs.ClientTracingFilter;
 import java.util.concurrent.Future;
@@ -58,8 +59,13 @@ public static void handleError(
         final Object prop = context.getProperty(ClientTracingFilter.SPAN_PROPERTY_NAME);
         if (prop instanceof AgentSpan) {
           final AgentSpan span = (AgentSpan) prop;
-          span.setError(true);
           span.addThrowable(throwable);
+
+          @SuppressWarnings("deprecation")
+          final boolean isJaxRsExceptionAsErrorEnabled =
+              Config.get().isJaxRsExceptionAsErrorEnabled();
+          span.setError(isJaxRsExceptionAsErrorEnabled);
+
           span.finish();
         }
       }
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/WrappedFuture.java b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/WrappedFuture.java
index 066b7546cd1..9f2ea0de202 100644
--- a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/WrappedFuture.java
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/main/java/datadog/trace/instrumentation/connection_error/resteasy/WrappedFuture.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.connection_error.resteasy;
 
+import datadog.trace.api.Config;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.instrumentation.jaxrs.ClientTracingFilter;
 import java.util.concurrent.ExecutionException;
@@ -38,13 +39,7 @@ public T get() throws InterruptedException, ExecutionException {
     try {
       return wrapped.get();
     } catch (final ExecutionException e) {
-      final Object prop = context.getProperty(ClientTracingFilter.SPAN_PROPERTY_NAME);
-      if (prop instanceof AgentSpan) {
-        final AgentSpan span = (AgentSpan) prop;
-        span.setError(true);
-        span.addThrowable(e.getCause());
-        span.finish();
-      }
+      handleExecutionException(e);
       throw e;
     }
   }
@@ -55,14 +50,22 @@ public T get(final long timeout, final TimeUnit unit)
     try {
       return wrapped.get(timeout, unit);
     } catch (final ExecutionException e) {
-      final Object prop = context.getProperty(ClientTracingFilter.SPAN_PROPERTY_NAME);
-      if (prop instanceof AgentSpan) {
-        final AgentSpan span = (AgentSpan) prop;
-        span.setError(true);
-        span.addThrowable(e.getCause());
-        span.finish();
-      }
+      handleExecutionException(e);
       throw e;
     }
   }
+
+  private void handleExecutionException(ExecutionException e) {
+    final Object prop = context.getProperty(ClientTracingFilter.SPAN_PROPERTY_NAME);
+    if (prop instanceof AgentSpan) {
+      final AgentSpan span = (AgentSpan) prop;
+      span.addThrowable(e.getCause());
+
+      @SuppressWarnings("deprecation")
+      final boolean isJaxRsExceptionAsErrorEnabled = Config.get().isJaxRsExceptionAsErrorEnabled();
+      span.setError(isJaxRsExceptionAsErrorEnabled);
+
+      span.finish();
+    }
+  }
 }
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/test/groovy/ResteasyClientConnectionErrorsInstrumentationTest.groovy b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/test/groovy/ResteasyClientConnectionErrorsInstrumentationTest.groovy
new file mode 100644
index 00000000000..53a87922730
--- /dev/null
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/test/groovy/ResteasyClientConnectionErrorsInstrumentationTest.groovy
@@ -0,0 +1,65 @@
+import static datadog.trace.api.config.TraceInstrumentationConfig.JAX_RS_EXCEPTION_AS_ERROR_ENABLED
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.instrumentation.connection_error.resteasy.ResteasyClientConnectionErrorInstrumentation
+import datadog.trace.instrumentation.jaxrs.ClientTracingFilter
+import org.jboss.resteasy.client.jaxrs.internal.ClientConfiguration
+import org.jboss.resteasy.spi.ResteasyProviderFactory
+
+class ResteasyClientConnectionErrorsInstrumentationTest extends AgentTestRunner {
+  def "handleError does not generate traces for non-exceptions"() {
+    setup:
+    if (jaxRsExceptionAsErrorEnabled != null) {
+      injectSysConfig(JAX_RS_EXCEPTION_AS_ERROR_ENABLED, "$jaxRsExceptionAsErrorEnabled")
+    }
+    def testSpan = TEST_TRACER.buildSpan("testInstrumentation", "testSpan").start()
+    def props = [(ClientTracingFilter.SPAN_PROPERTY_NAME): testSpan]
+
+    def clientConfig = new ClientConfiguration(new ResteasyProviderFactory())
+    clientConfig.setProperties(props)
+
+    when:
+    ResteasyClientConnectionErrorInstrumentation.InvokeAdvice.handleError(clientConfig, null)
+
+    then:
+    assertTraces(0) {}
+
+    where:
+    jaxRsExceptionAsErrorEnabled | isErrored
+    true                         | true
+    false                        | false
+    null                         | true
+  }
+
+  def "handleError properly utilizes the config"() {
+    setup:
+    if (jaxRsExceptionAsErrorEnabled != null) {
+      injectSysConfig(JAX_RS_EXCEPTION_AS_ERROR_ENABLED, "$jaxRsExceptionAsErrorEnabled")
+    }
+    def testSpan = TEST_TRACER.buildSpan("testInstrumentation", "testSpan").start()
+    def props = [(ClientTracingFilter.SPAN_PROPERTY_NAME): testSpan]
+
+    def clientConfig = new ClientConfiguration(new ResteasyProviderFactory())
+    clientConfig.setProperties(props)
+
+    when:
+    ResteasyClientConnectionErrorInstrumentation.InvokeAdvice.handleError(clientConfig, new RuntimeException("failed"))
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          operationName "testSpan"
+          resourceName "testSpan"
+          errored isErrored
+        }
+      }
+    }
+
+    where:
+    jaxRsExceptionAsErrorEnabled | isErrored
+    true                         | true
+    false                        | false
+    null                         | true
+  }
+}
diff --git a/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/test/groovy/WrappedFutureTest.groovy b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/test/groovy/WrappedFutureTest.groovy
new file mode 100644
index 00000000000..59f1fe1de68
--- /dev/null
+++ b/dd-java-agent/instrumentation/jax-rs-client-2.0/connection-error-handling-resteasy/src/test/groovy/WrappedFutureTest.groovy
@@ -0,0 +1,79 @@
+import static datadog.trace.api.config.TraceInstrumentationConfig.JAX_RS_EXCEPTION_AS_ERROR_ENABLED
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.instrumentation.connection_error.resteasy.WrappedFuture
+import datadog.trace.instrumentation.jaxrs.ClientTracingFilter
+import java.util.concurrent.CompletableFuture
+import org.jboss.resteasy.client.jaxrs.internal.ClientConfiguration
+import org.jboss.resteasy.spi.ResteasyProviderFactory
+
+class WrappedFutureTest extends AgentTestRunner {
+  def "wrappedFuture does not generate traces for non-exceptions"() {
+    setup:
+    if (jaxRsExceptionAsErrorEnabled != null) {
+      injectSysConfig(JAX_RS_EXCEPTION_AS_ERROR_ENABLED, "$jaxRsExceptionAsErrorEnabled")
+    }
+    def testSpan = TEST_TRACER.buildSpan("testInstrumentation", "testSpan").start()
+    def props = [(ClientTracingFilter.SPAN_PROPERTY_NAME): testSpan]
+
+    def completedFuture = CompletableFuture.completedFuture("passed")
+
+    def clientConfig = new ClientConfiguration(new ResteasyProviderFactory())
+    clientConfig.setProperties(props)
+    def wrappedFuture = new WrappedFuture(completedFuture, clientConfig)
+
+    when:
+    try {
+      wrappedFuture.get()
+    } catch (ignored) {
+    }
+
+    then:
+    assertTraces(0) {}
+
+    where:
+    jaxRsExceptionAsErrorEnabled | isErrored
+    true                         | true
+    false                        | false
+    null                         | true
+  }
+
+  def "wrappedFuture handleProcessingException properly utilizes the config"() {
+    setup:
+    if (jaxRsExceptionAsErrorEnabled != null) {
+      injectSysConfig(JAX_RS_EXCEPTION_AS_ERROR_ENABLED, "$jaxRsExceptionAsErrorEnabled")
+    }
+    def testSpan = TEST_TRACER.buildSpan("testInstrumentation", "testSpan").start()
+    def props = [(ClientTracingFilter.SPAN_PROPERTY_NAME): testSpan]
+
+    def future = new CompletableFuture()
+    future.completeExceptionally(new RuntimeException("failed"))
+
+    def clientConfig = new ClientConfiguration(new ResteasyProviderFactory())
+    clientConfig.setProperties(props)
+    def wrappedFuture = new WrappedFuture(future, clientConfig)
+
+    when:
+    try {
+      wrappedFuture.get()
+    } catch (ignored) {
+    }
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          operationName "testSpan"
+          resourceName "testSpan"
+          errored isErrored
+        }
+      }
+    }
+
+    where:
+    jaxRsExceptionAsErrorEnabled | isErrored
+    true                         | true
+    false                        | false
+    null                         | true
+  }
+}
diff --git a/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/JDBCDecorator.java b/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/JDBCDecorator.java
index 7deebf83b68..f8416b978df 100644
--- a/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/JDBCDecorator.java
+++ b/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/JDBCDecorator.java
@@ -4,6 +4,7 @@
 
 import datadog.trace.api.Config;
 import datadog.trace.api.DDSpanId;
+import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -34,7 +35,8 @@ public class JDBCDecorator extends DatabaseClientDecorator<DBInfo> {
       UTF8BytesString.create("java-jdbc-statement");
   private static final UTF8BytesString JDBC_PREPARED_STATEMENT =
       UTF8BytesString.create("java-jdbc-prepared_statement");
-
+  private static final String DEFAULT_SERVICE_NAME =
+      SpanNaming.instance().namingSchema().database().service("jdbc");
   public static final String DBM_PROPAGATION_MODE_STATIC = "service";
   public static final String DBM_PROPAGATION_MODE_FULL = "full";
 
@@ -78,7 +80,7 @@ protected String[] instrumentationNames() {
 
   @Override
   protected String service() {
-    return "jdbc"; // Overridden by onConnection
+    return DEFAULT_SERVICE_NAME; // Overridden by onConnection
   }
 
   @Override
@@ -226,7 +228,9 @@ public String traceParent(AgentSpan span, int samplingPriority) {
   @Override
   protected void postProcessServiceAndOperationName(
       AgentSpan span, DatabaseClientDecorator.NamingEntry namingEntry) {
-    span.setServiceName(namingEntry.getService());
+    if (namingEntry.getService() != null) {
+      span.setServiceName(namingEntry.getService());
+    }
     span.setOperationName(namingEntry.getOperation());
   }
 }
diff --git a/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/SQLCommenter.java b/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/SQLCommenter.java
index 0ac3bb6335d..58a58a09c6f 100644
--- a/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/SQLCommenter.java
+++ b/dd-java-agent/instrumentation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/SQLCommenter.java
@@ -19,8 +19,8 @@ public class SQLCommenter {
   private static final char EQUALS = '=';
   private static final char COMMA = ',';
   private static final char QUOTE = '\'';
-  private static final String OPEN_COMMENT = "/*";
-  private static final String CLOSE_COMMENT = "*/ ";
+  private static final String OPEN_COMMENT = " /*";
+  private static final String CLOSE_COMMENT = "*/";
   private static final int INITIAL_CAPACITY = computeInitialCapacity();
 
   public static String inject(final String sql, final String dbService) {
@@ -44,26 +44,25 @@ public static String inject(
     final String version = config.getVersion();
     final int commentSize = capacity(traceParent, parentService, dbService, env, version);
     StringBuilder sb = new StringBuilder(sql.length() + commentSize);
+    sb.append(sql);
     sb.append(OPEN_COMMENT);
     toComment(sb, injectTrace, parentService, dbService, env, version, traceParent);
-    if (sb.length() == 2) {
+    if (sb.length() == OPEN_COMMENT.length() + sql.length()) {
       return sql;
     }
     sb.append(CLOSE_COMMENT);
-    sb.append(sql);
     return sb.toString();
   }
 
   private static boolean hasDDComment(String sql) {
-    // first check to see if sql starts with a comment
-    if (!(sql.startsWith("/*"))) {
+    // first check to see if sql ends with a comment
+    if (!(sql.endsWith("*/"))) {
       return false;
     }
     // else check to see if it's a DBM trace sql comment
-    int i = 2;
     boolean found = false;
-    if (sql.length() > 2) {
-      // check if the next word starts with one of the specified keys
+    int i = sql.lastIndexOf("/*") + 2;
+    if (i >= 2) {
       if (hasMatchingSubstring(sql, i, PARENT_SERVICE)) {
         found = true;
       } else if (hasMatchingSubstring(sql, i, DATABASE_SERVICE)) {
diff --git a/dd-java-agent/instrumentation/jdbc/src/test/groovy/IastJDBCTest.groovy b/dd-java-agent/instrumentation/jdbc/src/test/groovy/IastJDBCTest.groovy
index 4907b9a690d..bf2631f4939 100644
--- a/dd-java-agent/instrumentation/jdbc/src/test/groovy/IastJDBCTest.groovy
+++ b/dd-java-agent/instrumentation/jdbc/src/test/groovy/IastJDBCTest.groovy
@@ -1,3 +1,4 @@
+import com.datadog.iast.taint.Ranges
 import com.datadog.iast.test.IastAgentTestRunner
 import com.datadog.iast.model.VulnerabilityBatch
 import datadog.trace.core.DDSpan
@@ -46,7 +47,7 @@ class IastJDBCTest extends IastAgentTestRunner {
     def valueRead
     DDSpan span = runUnderIastTrace {
       String taintedString = 'SELECT id FROM TEST LIMIT 1'
-      localTaintedObjects.taintInputString(taintedString, EMPTY_SOURCE)
+      localTaintedObjects.taint(taintedString, Ranges.forCharSequence(taintedString, EMPTY_SOURCE))
       Connection constWrapper = new IastInstrumentedConnection(conn: connection)
 
       constWrapper.prepareStatement(taintedString).withCloseable { stmt ->
@@ -99,7 +100,7 @@ class IastJDBCTest extends IastAgentTestRunner {
     def valueRead
     DDSpan span = runUnderIastTrace {
       String taintedString = 'SELECT id FROM TEST LIMIT 1'
-      localTaintedObjects.taintInputString(taintedString, EMPTY_SOURCE)
+      localTaintedObjects.taint(taintedString, Ranges.forCharSequence(taintedString, EMPTY_SOURCE))
 
       connection.createStatement().withCloseable { stmt ->
         Statement stmtWrapper = new IastInstrumentedStatement(stmt: stmt)
diff --git a/dd-java-agent/instrumentation/jdbc/src/test/groovy/JDBCConnectionUrlParserTest.groovy b/dd-java-agent/instrumentation/jdbc/src/test/groovy/JDBCConnectionUrlParserTest.groovy
index 2f1b2f287af..c2f34c8f610 100644
--- a/dd-java-agent/instrumentation/jdbc/src/test/groovy/JDBCConnectionUrlParserTest.groovy
+++ b/dd-java-agent/instrumentation/jdbc/src/test/groovy/JDBCConnectionUrlParserTest.groovy
@@ -192,6 +192,8 @@ class JDBCConnectionUrlParserTest extends AgentTestRunner {
     "jdbc:jtds:sqlserver://dbhostname.com"                                                                                                                                                                                                      | null     | "jtds"       | "sqlserver"   | null          | "dbhostname.com"                                                    | 1433  | null                               | null
     "jdbc:jtds:sybase://dbhostname.com"                                                                                                                                                                                                         | null     | "jtds"       | "sybase"      | null          | "dbhostname.com"                                                    | 7100  | null                               | null
 
+    // redshift
+    "jdbc:redshift://redshift-cluster-1.c7arcolffyvk.us-east-2.redshift.amazonaws.com:5439/dev"                                                                                                                                                 | null     | "redshift"   | null          | null          | "redshift-cluster-1.c7arcolffyvk.us-east-2.redshift.amazonaws.com"  | 5439  | "redshift-cluster-1"               | "dev"
 
     expected = new DBInfo.Builder().type(type).subtype(subtype).user(user).instance(instance).db(db).host(host).port(port).build()
   }
diff --git a/dd-java-agent/instrumentation/jdbc/src/test/groovy/SQLCommenterTest.groovy b/dd-java-agent/instrumentation/jdbc/src/test/groovy/SQLCommenterTest.groovy
index 686880c5317..d3c3e370b95 100644
--- a/dd-java-agent/instrumentation/jdbc/src/test/groovy/SQLCommenterTest.groovy
+++ b/dd-java-agent/instrumentation/jdbc/src/test/groovy/SQLCommenterTest.groovy
@@ -24,25 +24,26 @@ class SQLCommenterTest extends AgentTestRunner {
 
     where:
     query                                                                                         | ddService      | ddEnv  | dbService    | ddVersion     | injectTrace | traceParent                                               | expected
-    "SELECT * FROM foo"                                                                           | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/ SELECT * FROM foo"
-    "SELECT * FROM foo"                                                                           | ""             | "Test" | ""           | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "/*dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/ SELECT * FROM foo"
-    "SELECT * FROM foo"                                                                           | ""             | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "/*dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/ SELECT * FROM foo"
-    "SELECT * FROM foo"                                                                           | ""             | "Test" | ""           | ""            | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "/*dde='Test',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/ SELECT * FROM foo"
-    "SELECT * FROM foo"                                                                           | ""             | ""     | ""           | ""            | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "/*traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/ SELECT * FROM foo"
-    "SELECT * from FOO -- test query"                                                             | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-01" | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/ SELECT * from FOO -- test query"
-    "SELECT /* customer-comment */ * FROM foo"                                                    | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-01" | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/ SELECT /* customer-comment */ * FROM foo"
-    "SELECT * FROM foo"                                                                           | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/ SELECT * FROM foo"
-    "SELECT /* customer-comment */ * FROM foo"                                                    | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/ SELECT /* customer-comment */ * FROM foo"
-    "SELECT * from FOO -- test query"                                                             | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/ SELECT * from FOO -- test query"
+    "SELECT * FROM foo"                                                                           | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "SELECT * FROM foo /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/"
+    "{call dogshelterProc(?, ?)}"                                                                 | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "{call dogshelterProc(?, ?)} /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/"
+    "SELECT * FROM foo"                                                                           | ""             | "Test" | ""           | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "SELECT * FROM foo /*dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/"
+    "SELECT * FROM foo"                                                                           | ""             | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "SELECT * FROM foo /*dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/"
+    "SELECT * FROM foo"                                                                           | ""             | "Test" | ""           | ""            | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "SELECT * FROM foo /*dde='Test',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/"
+    "SELECT * FROM foo"                                                                           | ""             | ""     | ""           | ""            | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | "SELECT * FROM foo /*traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-00'*/"
+    "SELECT * from FOO -- test query"                                                             | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-01" | "SELECT * from FOO -- test query /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/"
+    "SELECT /* customer-comment */ * FROM foo"                                                    | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-01" | "SELECT /* customer-comment */ * FROM foo /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/"
+    "SELECT * FROM foo"                                                                           | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * FROM foo /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/"
+    "SELECT /* customer-comment */ * FROM foo"                                                    | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT /* customer-comment */ * FROM foo /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/"
+    "SELECT * from FOO -- test query"                                                             | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * from FOO -- test query /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/"
     ""                                                                                            | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-00" | ""
-    "   "                                                                                         | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-01" | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/    "
-    "/*dddbs='my-service',dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/ SELECT * FROM foo"  | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*dddbs='my-service',dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/ SELECT * FROM foo"
-    "/*dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/ SELECT * FROM foo"                     | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/ SELECT * FROM foo"
-    "/*ddps='SqlCommenter',ddpv='TestVersion'*/ SELECT * FROM foo"                                | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',ddpv='TestVersion'*/ SELECT * FROM foo"
-    "/*ddpv='TestVersion'*/ SELECT * FROM foo"                                                    | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddpv='TestVersion'*/ SELECT * FROM foo"
-    "/*ddjk its a customer */ SELECT * FROM foo"                                                  | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/ /*ddjk its a customer */ SELECT * FROM foo"
-    "/*traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/ SELECT * FROM foo" | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/ SELECT * FROM foo"
-    "/*customer-comment*/ SELECT * FROM foo"                                                      | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/ /*customer-comment*/ SELECT * FROM foo"
-    "/*traceparent"                                                                               | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/ /*traceparent"
+    "   "                                                                                         | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | true        | "00-00000000000000007fffffffffffffff-000000024cb016ea-01" | "    /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion',traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/"
+    "SELECT * FROM foo /*dddbs='my-service',dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/"  | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * FROM foo /*dddbs='my-service',dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/"
+    "SELECT * FROM foo /*dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/"                     | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * FROM foo /*dde='Test',ddps='SqlCommenter',ddpv='TestVersion'*/"
+    "SELECT * FROM foo /*ddps='SqlCommenter',ddpv='TestVersion'*/"                                | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * FROM foo /*ddps='SqlCommenter',ddpv='TestVersion'*/"
+    "SELECT * FROM foo /*ddpv='TestVersion'*/"                                                    | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * FROM foo /*ddpv='TestVersion'*/"
+    "/*ddjk its a customer */ SELECT * FROM foo"                                                  | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*ddjk its a customer */ SELECT * FROM foo /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/"
+    "SELECT * FROM foo /*traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/" | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "SELECT * FROM foo /*traceparent='00-00000000000000007fffffffffffffff-000000024cb016ea-01'*/"
+    "/*customer-comment*/ SELECT * FROM foo"                                                      | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*customer-comment*/ SELECT * FROM foo /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/"
+    "/*traceparent"                                                                               | "SqlCommenter" | "Test" | "my-service" | "TestVersion" | false       | null                                                      | "/*traceparent /*ddps='SqlCommenter',dddbs='my-service',dde='Test',ddpv='TestVersion'*/"
   }
 }
diff --git a/dd-java-agent/instrumentation/jedis-1.4/src/main/java/datadog/trace/instrumentation/jedis/JedisClientDecorator.java b/dd-java-agent/instrumentation/jedis-1.4/src/main/java/datadog/trace/instrumentation/jedis/JedisClientDecorator.java
index 8b8463c4416..f85167f6ba2 100644
--- a/dd-java-agent/instrumentation/jedis-1.4/src/main/java/datadog/trace/instrumentation/jedis/JedisClientDecorator.java
+++ b/dd-java-agent/instrumentation/jedis-1.4/src/main/java/datadog/trace/instrumentation/jedis/JedisClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.jedis;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -13,7 +12,7 @@ public class JedisClientDecorator extends DBTypeProcessingDatabaseClientDecorato
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation(REDIS));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), REDIS);
+      SpanNaming.instance().namingSchema().cache().service(REDIS);
   public static final JedisClientDecorator DECORATE = new JedisClientDecorator();
 
   @Override
diff --git a/dd-java-agent/instrumentation/jedis-3.0/src/main/java/datadog/trace/instrumentation/jedis30/JedisClientDecorator.java b/dd-java-agent/instrumentation/jedis-3.0/src/main/java/datadog/trace/instrumentation/jedis30/JedisClientDecorator.java
index fb82b45d33f..edaaa9278b3 100644
--- a/dd-java-agent/instrumentation/jedis-3.0/src/main/java/datadog/trace/instrumentation/jedis30/JedisClientDecorator.java
+++ b/dd-java-agent/instrumentation/jedis-3.0/src/main/java/datadog/trace/instrumentation/jedis30/JedisClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.jedis30;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -14,7 +13,7 @@ public class JedisClientDecorator extends DBTypeProcessingDatabaseClientDecorato
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation(REDIS));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), REDIS);
+      SpanNaming.instance().namingSchema().cache().service(REDIS);
   private static final CharSequence COMPONENT_NAME = UTF8BytesString.create("redis-command");
 
   @Override
diff --git a/dd-java-agent/instrumentation/jedis-4.0/src/main/java/redis/clients/jedis/JedisClientDecorator.java b/dd-java-agent/instrumentation/jedis-4.0/src/main/java/redis/clients/jedis/JedisClientDecorator.java
index e12a078da66..ccbfc3d3418 100644
--- a/dd-java-agent/instrumentation/jedis-4.0/src/main/java/redis/clients/jedis/JedisClientDecorator.java
+++ b/dd-java-agent/instrumentation/jedis-4.0/src/main/java/redis/clients/jedis/JedisClientDecorator.java
@@ -1,6 +1,5 @@
 package redis.clients.jedis;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -13,7 +12,7 @@ public class JedisClientDecorator extends DBTypeProcessingDatabaseClientDecorato
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation(REDIS));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), REDIS);
+      SpanNaming.instance().namingSchema().cache().service(REDIS);
   private static final CharSequence COMPONENT_NAME = UTF8BytesString.create("redis-command");
 
   @Override
diff --git a/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MessageBodyReaderInstrumentation.java b/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MessageBodyReaderInstrumentation.java
index 313d59b61f8..4793366b91d 100644
--- a/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MessageBodyReaderInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MessageBodyReaderInstrumentation.java
@@ -86,7 +86,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for ReaderInterceptorExecutor/proceed)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MultiPartReaderServerSideInstrumentation.java b/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MultiPartReaderServerSideInstrumentation.java
index cc81fb27cb7..302697fb587 100644
--- a/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MultiPartReaderServerSideInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/MultiPartReaderServerSideInstrumentation.java
@@ -105,7 +105,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for MultiPartReaderClientSide/readFrom)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/UriRoutingContextInstrumentation.java b/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/UriRoutingContextInstrumentation.java
index 369170f67b4..9e0ff6a7dbd 100644
--- a/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/UriRoutingContextInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey-2-appsec/src/main/java/datadog/trace/instrumentation/jersey2/UriRoutingContextInstrumentation.java
@@ -70,7 +70,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t =
               new BlockingException(
                   "Blocked request (for UriRoutingContextInstrumentation/getPathParameters)");
diff --git a/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MessageBodyReaderInstrumentation.java b/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MessageBodyReaderInstrumentation.java
index be42aa6950c..49a8644c758 100644
--- a/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MessageBodyReaderInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MessageBodyReaderInstrumentation.java
@@ -85,7 +85,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for ReaderInterceptorExecutor/proceed)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MultiPartReaderServerSideInstrumentation.java b/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MultiPartReaderServerSideInstrumentation.java
index 45be30db99b..6958aa16531 100644
--- a/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MultiPartReaderServerSideInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey-3-appsec/src/main/java/datadog/trace/instrumentation/jersey3/MultiPartReaderServerSideInstrumentation.java
@@ -105,7 +105,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for MultiPartReaderClientSide/readFrom)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/jersey/src/jersey2JettyTest/groovy/datadog/trace/instrumentation/jersey2/Jersey2JettyTest.groovy b/dd-java-agent/instrumentation/jersey/src/jersey2JettyTest/groovy/datadog/trace/instrumentation/jersey2/Jersey2JettyTest.groovy
index 37024d942c5..a1d8873c63b 100644
--- a/dd-java-agent/instrumentation/jersey/src/jersey2JettyTest/groovy/datadog/trace/instrumentation/jersey2/Jersey2JettyTest.groovy
+++ b/dd-java-agent/instrumentation/jersey/src/jersey2JettyTest/groovy/datadog/trace/instrumentation/jersey2/Jersey2JettyTest.groovy
@@ -24,6 +24,11 @@ class Jersey2JettyTest extends HttpServerTest<JettyServer> {
     'servlet.request'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testBlocking() {
     true
diff --git a/dd-java-agent/instrumentation/jersey/src/jersey3JettyTest/groovy/datadog/trace/instrumentation/jersey3/Jersey3JettyTest.groovy b/dd-java-agent/instrumentation/jersey/src/jersey3JettyTest/groovy/datadog/trace/instrumentation/jersey3/Jersey3JettyTest.groovy
index a1138b787c1..16a83a380a0 100644
--- a/dd-java-agent/instrumentation/jersey/src/jersey3JettyTest/groovy/datadog/trace/instrumentation/jersey3/Jersey3JettyTest.groovy
+++ b/dd-java-agent/instrumentation/jersey/src/jersey3JettyTest/groovy/datadog/trace/instrumentation/jersey3/Jersey3JettyTest.groovy
@@ -23,6 +23,11 @@ class Jersey3JettyTest extends HttpServerTest<JettyServer> {
     'servlet.request'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testBlocking() {
     true
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractFormProviderInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractFormProviderInstrumentation.java
index b31877f09e2..891a3c5969f 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractFormProviderInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractFormProviderInstrumentation.java
@@ -6,11 +6,11 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import java.util.List;
 import java.util.Map;
 import net.bytebuddy.asm.Advice;
@@ -37,16 +37,18 @@ public String instrumentedType() {
 
   public static class InstrumenterAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void onExit(@Advice.Return Map<String, List<String>> result) {
-      final WebModule module = InstrumentationBridge.WEB;
       final PropagationModule prop = InstrumentationBridge.PROPAGATION;
-      if (module != null && prop != null) {
-        module.onParameterNames(result.keySet());
-        for (Map.Entry<String, List<String>> entry : result.entrySet()) {
-          for (String value : entry.getValue()) {
-            prop.taint(SourceTypes.REQUEST_PARAMETER_VALUE, entry.getKey(), value);
-          }
+      if (prop == null || result == null || result.isEmpty()) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (Map.Entry<String, List<String>> entry : result.entrySet()) {
+        final String name = entry.getKey();
+        prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+        for (String value : entry.getValue()) {
+          prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractParamValueExtractorInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractParamValueExtractorInstrumentation.java
index 7f41647e1d5..f3fc78e2136 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractParamValueExtractorInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractParamValueExtractorInstrumentation.java
@@ -44,7 +44,7 @@ public static void onExit(
       if (result instanceof String) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          module.taint(ThreadLocalSourceType.get(), parameterName, (String) result);
+          module.taint(result, ThreadLocalSourceType.get(), parameterName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractStringReaderAdvice.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractStringReaderAdvice.java
index 3c5aea0ee51..a90dd72004e 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractStringReaderAdvice.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractStringReaderAdvice.java
@@ -8,12 +8,12 @@
 
 public class AbstractStringReaderAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  public static void onExit(@Advice.Return(readOnly = true) Object result) {
+  @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+  public static void onExit(@Advice.Return Object result) {
     if (result instanceof String) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, null, (String) result);
+        module.taint(result, SourceTypes.REQUEST_PARAMETER_VALUE);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieInstrumentation.java
index a00066cfea2..45d88c77e96 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieInstrumentation.java
@@ -37,25 +37,25 @@ public String[] knownMatchingTypes() {
 
   public static class InstrumenterAdviceGetName {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_NAME_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_NAME)
     public static void onExit(@Advice.Return String cookieName, @Advice.This Object self) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, cookieName, cookieName, self);
+        module.taintIfTainted(cookieName, self, SourceTypes.REQUEST_COOKIE_NAME, cookieName);
       }
     }
   }
 
   public static class GetValueAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onExit(
         @Advice.Return String cookieValue,
         @Advice.FieldValue("name") String name,
         @Advice.This Object self) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_VALUE, name, cookieValue, self);
+        module.taintIfTainted(cookieValue, self, SourceTypes.REQUEST_COOKIE_VALUE, name);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieParamValueFactoryInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieParamValueFactoryInstrumentation.java
index 86c9d28ebdf..8bb13a7b7ea 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieParamValueFactoryInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/CookieParamValueFactoryInstrumentation.java
@@ -37,7 +37,7 @@ public String instrumentedType() {
 
   public static class InstrumenterAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onExit() {
       ThreadLocalSourceType.set(SourceTypes.REQUEST_COOKIE_VALUE);
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/HeaderParamValueFactoryInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/HeaderParamValueFactoryInstrumentation.java
index 3b1558871d3..e926212a980 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/HeaderParamValueFactoryInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/HeaderParamValueFactoryInstrumentation.java
@@ -37,7 +37,7 @@ public String instrumentedType() {
 
   public static class InstrumenterAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onExit() {
       ThreadLocalSourceType.set(SourceTypes.REQUEST_HEADER_VALUE);
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/InboundMessageContextInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/InboundMessageContextInstrumentation.java
index 576593f9ac4..e75c53e222e 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/InboundMessageContextInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/InboundMessageContextInstrumentation.java
@@ -6,11 +6,11 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import java.util.List;
 import java.util.Map;
 import net.bytebuddy.asm.Advice;
@@ -42,15 +42,16 @@ public String instrumentedType() {
 
   public static class InstrumenterAdviceGetHeaders {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onExit(@Advice.Return Map<String, List<String>> headers) {
       final PropagationModule prop = InstrumentationBridge.PROPAGATION;
-      final WebModule web = InstrumentationBridge.WEB;
-      if (prop != null && web != null) {
-        web.onHeaderNames(headers.keySet());
+      if (prop != null && headers != null && !headers.isEmpty()) {
+        final IastContext ctx = IastContext.Provider.get();
         for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
+          final String name = entry.getKey();
+          prop.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
           for (String value : entry.getValue()) {
-            prop.taint(SourceTypes.REQUEST_HEADER_VALUE, entry.getKey(), value);
+            prop.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
           }
         }
       }
@@ -59,12 +60,15 @@ public static void onExit(@Advice.Return Map<String, List<String>> headers) {
 
   public static class InstrumenterAdviceGetRequestCookies {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onExit(@Advice.Return Map<String, Object> cookies) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
-      if (module != null) {
-        for (Object cookie : cookies.values()) {
-          module.taintObject(SourceTypes.REQUEST_COOKIE_VALUE, cookie);
+      if (module != null && cookies != null && !cookies.isEmpty()) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (Map.Entry<String, Object> entry : cookies.entrySet()) {
+          final String name = entry.getKey();
+          module.taint(ctx, name, SourceTypes.REQUEST_COOKIE_NAME, name);
+          module.taint(ctx, entry.getValue(), SourceTypes.REQUEST_COOKIE_VALUE, name);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/PathParamValueFactoryInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/PathParamValueFactoryInstrumentation.java
index 1c23edc4dfb..9513b80fab8 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/PathParamValueFactoryInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/PathParamValueFactoryInstrumentation.java
@@ -36,7 +36,7 @@ public String instrumentedType() {
 
   public static class InstrumenterAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+    @Source(SourceTypes.REQUEST_PATH_PARAMETER)
     public static void onExit() {
       ThreadLocalSourceType.set(SourceTypes.REQUEST_PATH_PARAMETER);
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/ReaderInterceptorExecutorInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/ReaderInterceptorExecutorInstrumentation.java
index 47a10d32bf3..5b52459bee5 100644
--- a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/ReaderInterceptorExecutorInstrumentation.java
+++ b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/ReaderInterceptorExecutorInstrumentation.java
@@ -36,7 +36,7 @@ public static class InstrumenterAdvice {
     static void after(@Advice.Return final InputStream inputStream) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintObject(SourceTypes.REQUEST_BODY, inputStream);
+        module.taint(inputStream, SourceTypes.REQUEST_BODY);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/jetty-11/build.gradle b/dd-java-agent/instrumentation/jetty-11/build.gradle
index af27d9e38d4..db5fd868903 100644
--- a/dd-java-agent/instrumentation/jetty-11/build.gradle
+++ b/dd-java-agent/instrumentation/jetty-11/build.gradle
@@ -6,7 +6,7 @@ muzzle {
   pass {
     group = "org.eclipse.jetty"
     module = 'jetty-server'
-    versions = "[11,)"
+    versions = "[11,12)"
   }
 }
 
@@ -57,6 +57,10 @@ dependencies {
   latestDepTestImplementation group: 'org.eclipse.jetty', name: 'jetty-servlet', version: '11.+',  {
     exclude group: 'org.slf4j', module: 'slf4j-api'
   }
+
+  // just to mix things up, see if there's no conflict
+  latestDepTestRuntimeOnly group: 'javax.servlet', name: 'javax.servlet-api', version: '4.0.1'
+  latestDepTestRuntimeOnly project(':dd-java-agent:instrumentation:jetty-9')
 }
 
 idea {
diff --git a/dd-java-agent/instrumentation/jetty-11/src/main/java11/datadog/trace/instrumentation/jetty11/JettyServerAdvice.java b/dd-java-agent/instrumentation/jetty-11/src/main/java11/datadog/trace/instrumentation/jetty11/JettyServerAdvice.java
index 0cef33c64ad..f5899f56e3f 100644
--- a/dd-java-agent/instrumentation/jetty-11/src/main/java11/datadog/trace/instrumentation/jetty11/JettyServerAdvice.java
+++ b/dd-java-agent/instrumentation/jetty-11/src/main/java11/datadog/trace/instrumentation/jetty11/JettyServerAdvice.java
@@ -43,6 +43,10 @@ public static AgentScope onEnter(
     public static void closeScope(@Advice.Enter final AgentScope scope) {
       scope.close();
     }
+
+    private void muzzleCheck(Request r) {
+      r.getAsyncContext(); // there must be a getAsyncContext returning a jakarta AsyncContext
+    }
   }
 
   /**
diff --git a/dd-java-agent/instrumentation/jetty-11/src/test/groovy/Jetty11Test.groovy b/dd-java-agent/instrumentation/jetty-11/src/test/groovy/Jetty11Test.groovy
index 9bb4bdcbcde..ccfc6721012 100644
--- a/dd-java-agent/instrumentation/jetty-11/src/test/groovy/Jetty11Test.groovy
+++ b/dd-java-agent/instrumentation/jetty-11/src/test/groovy/Jetty11Test.groovy
@@ -35,6 +35,11 @@ abstract class Jetty11Test extends HttpServerTest<Server> {
     'context-path'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/jetty-12/build.gradle b/dd-java-agent/instrumentation/jetty-12/build.gradle
new file mode 100644
index 00000000000..055b55347ef
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/build.gradle
@@ -0,0 +1,86 @@
+ext {
+  minJavaVersionForTests = JavaVersion.VERSION_17
+}
+
+muzzle {
+  pass {
+    group = "org.eclipse.jetty"
+    module = 'jetty-server'
+    versions = "[12,]"
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+// ee8
+addTestSuiteForDir('ee8Test', 'test/ee8')
+addTestSuiteExtendingForDir('ee8LatestDepTest', 'latestDepTest', 'test/ee8')
+// ee9
+addTestSuiteForDir('ee9Test', 'test/ee9')
+addTestSuiteExtendingForDir('ee9LatestDepTest', 'latestDepTest', 'test/ee9')
+// ee10
+addTestSuiteForDir('ee10Test', 'test/ee10')
+addTestSuiteExtendingForDir('ee10LatestDepTest', 'latestDepTest', 'test/ee10')
+
+[compileMain_java17Java, compileTestJava].each {
+  it.configure {
+    setJavaVersion(it, 17)
+    sourceCompatibility = JavaVersion.VERSION_1_8
+    targetCompatibility = JavaVersion.VERSION_1_8
+  }
+}
+
+compileTestGroovy {
+  javaLauncher = getJavaLauncherFor(17)
+}
+dependencies {
+  main_java17CompileOnly ("org.eclipse.jetty:jetty-server:12.0.0") {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+  main_java17Implementation project(':dd-java-agent:instrumentation:jetty-common')
+  implementation project(':dd-java-agent:instrumentation:jetty-common')
+
+  // Don't want to conflict with jetty from the test server.
+  testImplementation(project(':dd-java-agent:testing')) {
+    exclude group: 'org.eclipse.jetty', module: 'jetty-server'
+  }
+  testImplementation ("org.eclipse.jetty:jetty-server:12.0.0") {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+
+  testImplementation(project(':dd-java-agent:instrumentation:jetty-appsec-9.3'))
+  testImplementation testFixtures(project(':dd-java-agent:instrumentation:servlet:request-5'))
+  testImplementation testFixtures(project(':dd-java-agent:instrumentation:servlet:request-3'))
+  testImplementation testFixtures(project(':dd-java-agent:appsec'))
+  testRuntimeOnly project(':dd-java-agent:instrumentation:jetty-9')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:servlet:request-5')
+  testRuntimeOnly(project(':dd-java-agent:instrumentation:jetty-11'))
+  testRuntimeOnly(project(':dd-java-agent:instrumentation:jetty-util'))
+
+  latestDepTestImplementation ("org.eclipse.jetty:jetty-server:12.+") {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+
+  ee8TestImplementation group: 'org.eclipse.jetty.ee8', name: 'jetty-ee8-servlet', version: '12.0.0' , {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+  ee8LatestDepTestImplementation group: 'org.eclipse.jetty.ee8', name: 'jetty-ee8-servlet', version: '12.+' , {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+
+  ee9TestImplementation group: 'org.eclipse.jetty.ee9', name: 'jetty-ee9-servlet', version: '12.0.0' , {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+  ee9LatestDepTestImplementation group: 'org.eclipse.jetty.ee9', name: 'jetty-ee9-servlet', version: '12.+' , {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+
+  ee10TestImplementation group: 'org.eclipse.jetty.ee10', name: 'jetty-ee10-servlet', version: '12.0.0' , {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+  ee10LatestDepTestImplementation group: 'org.eclipse.jetty.ee10', name: 'jetty-ee10-servlet', version: '12.+' , {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java/datadog/trace/instrumentation/jetty12/ContextHandlerInstrumentation.java b/dd-java-agent/instrumentation/jetty-12/src/main/java/datadog/trace/instrumentation/jetty12/ContextHandlerInstrumentation.java
new file mode 100644
index 00000000000..3eeef962b55
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java/datadog/trace/instrumentation/jetty12/ContextHandlerInstrumentation.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.jetty12;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public final class ContextHandlerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+
+  public ContextHandlerInstrumentation() {
+    super("jetty");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "org.eclipse.jetty.server.handler.ContextHandler";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return extendsClass(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("handle")
+            .and(takesArguments(3))
+            .and(takesArgument(0, named("org.eclipse.jetty.server.Request"))),
+        packageName + ".SetContextPathAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java/datadog/trace/instrumentation/jetty12/JettyServerInstrumentation.java b/dd-java-agent/instrumentation/jetty-12/src/main/java/datadog/trace/instrumentation/jetty12/JettyServerInstrumentation.java
new file mode 100644
index 00000000000..9a1c907dad1
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java/datadog/trace/instrumentation/jetty12/JettyServerInstrumentation.java
@@ -0,0 +1,65 @@
+package datadog.trace.instrumentation.jetty12;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter.ExcludeType.RUNNABLE;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.ExcludeFilterProvider;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public final class JettyServerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType, ExcludeFilterProvider {
+
+  public JettyServerInstrumentation() {
+    super("jetty");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.eclipse.jetty.server.internal.HttpChannelState";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".ExtractAdapter",
+      packageName + ".ExtractAdapter$Request",
+      packageName + ".ExtractAdapter$Response",
+      packageName + ".JettyDecorator",
+      packageName + ".RequestURIDataAdapter",
+      packageName + ".JettyServerAdvice",
+      packageName + ".JettyServerAdvice$HandleAdvice",
+      packageName + ".JettyServerAdvice$ResetAdvice",
+      packageName + ".JettyRunnableWrapper"
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("onRequest").and(takesArguments(1)), packageName + ".JettyServerAdvice$HandleAdvice");
+    transformation.applyAdvice(
+        named("recycle").and(takesNoArguments()), packageName + ".JettyServerAdvice$ResetAdvice");
+  }
+
+  @Override
+  public Map<ExcludeFilter.ExcludeType, ? extends Collection<String>> excludedClasses() {
+    return Collections.singletonMap(
+        RUNNABLE,
+        Arrays.asList(
+            "org.eclipse.jetty.util.thread.strategy.ProduceConsume",
+            "org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume",
+            "org.eclipse.jetty.io.ManagedSelector",
+            "org.eclipse.jetty.util.thread.TimerScheduler",
+            "org.eclipse.jetty.util.thread.TimerScheduler$SimpleTask",
+            "org.eclipse.jetty.util.thread.SerializedInvoker$NamedRunnable"));
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/ExtractAdapter.java b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/ExtractAdapter.java
new file mode 100644
index 00000000000..ab932e3abc1
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/ExtractAdapter.java
@@ -0,0 +1,41 @@
+package datadog.trace.instrumentation.jetty12;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import org.eclipse.jetty.http.HttpField;
+import org.eclipse.jetty.http.HttpFields;
+
+public abstract class ExtractAdapter<T> implements AgentPropagation.ContextVisitor<T> {
+  abstract HttpFields getHttpFields(T t);
+
+  @Override
+  public void forEachKey(T carrier, AgentPropagation.KeyClassifier classifier) {
+    HttpFields headers = getHttpFields(carrier);
+    if (headers == null) {
+      return;
+    }
+    for (int i = 0; i < headers.size(); ++i) {
+      HttpField field = headers.getField(i);
+      if (field != null && !classifier.accept(field.getName(), field.getValue())) {
+        return;
+      }
+    }
+  }
+
+  public static final class Request extends ExtractAdapter<org.eclipse.jetty.server.Request> {
+    public static final Request GETTER = new Request();
+
+    @Override
+    HttpFields getHttpFields(org.eclipse.jetty.server.Request request) {
+      return request.getHeaders();
+    }
+  }
+
+  public static final class Response extends ExtractAdapter<org.eclipse.jetty.server.Response> {
+    public static final Response GETTER = new Response();
+
+    @Override
+    HttpFields getHttpFields(org.eclipse.jetty.server.Response response) {
+      return response.getHeaders();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyDecorator.java b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyDecorator.java
new file mode 100644
index 00000000000..979cb5d62a5
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyDecorator.java
@@ -0,0 +1,112 @@
+package datadog.trace.instrumentation.jetty12;
+
+import datadog.trace.api.Config;
+import datadog.trace.api.DDTags;
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.server.internal.HttpChannelState;
+
+public class JettyDecorator extends HttpServerDecorator<Request, Request, Response, Request> {
+  public static final CharSequence JETTY_SERVER = UTF8BytesString.create("jetty-server");
+  public static final JettyDecorator DECORATE = new JettyDecorator();
+  public static final CharSequence SERVLET_REQUEST =
+      UTF8BytesString.create(DECORATE.operationName());
+
+  public static final String DD_CONTEXT_PATH_ATTRIBUTE = "datadog.context.path";
+  public static final String DD_SERVLET_PATH_ATTRIBUTE = "datadog.servlet.path";
+
+  private static final Class<?> JAVAX_SERVLET_EXCEPTION_CLS =
+      findClassIfExists("javax.servlet.ServletException");
+  private static final Class<?> JAKARTA_SERVLET_EXCEPTION_CLS =
+      findClassIfExists("jakarta.servlet.ServletException");
+
+  private static Class<?> findClassIfExists(final String name) {
+    try {
+      return Class.forName(name, false, JettyDecorator.class.getClassLoader());
+    } catch (ClassNotFoundException e) {
+    }
+    return null;
+  }
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"jetty"};
+  }
+
+  @Override
+  protected CharSequence component() {
+    return JETTY_SERVER;
+  }
+
+  @Override
+  protected AgentPropagation.ContextVisitor<Request> getter() {
+    return ExtractAdapter.Request.GETTER;
+  }
+
+  @Override
+  protected AgentPropagation.ContextVisitor<Response> responseGetter() {
+    return ExtractAdapter.Response.GETTER;
+  }
+
+  @Override
+  public CharSequence spanName() {
+    return SERVLET_REQUEST;
+  }
+
+  @Override
+  protected String method(final Request request) {
+    return request.getMethod();
+  }
+
+  @Override
+  protected URIDataAdapter url(final Request request) {
+    return new RequestURIDataAdapter(request);
+  }
+
+  @Override
+  protected String peerHostIP(final Request request) {
+    return Request.getRemoteAddr(request);
+  }
+
+  @Override
+  protected int peerPort(final Request request) {
+    return Request.getRemotePort(request);
+  }
+
+  @Override
+  protected int status(final Response response) {
+    return response.getStatus();
+  }
+
+  public AgentSpan onResponse(AgentSpan span, HttpChannelState channel) {
+    Request request = channel.getRequest();
+    Response response = channel.getResponse();
+    if (Config.get().isServletPrincipalEnabled()) {
+      final Request.AuthenticationState authenticationState =
+          Request.getAuthenticationState(request);
+      if (authenticationState != null && authenticationState.getUserPrincipal() != null) {
+        span.setTag(DDTags.USER_NAME, authenticationState.getUserPrincipal().getName());
+      }
+    }
+    Object ex = request.getAttribute("jakarta.servlet.error.exception");
+    if (ex == null) {
+      ex = request.getAttribute("javax.servlet.error.exception");
+    }
+    if (ex instanceof Throwable) {
+      Throwable throwable = (Throwable) ex;
+      if ((JAVAX_SERVLET_EXCEPTION_CLS != null && JAVAX_SERVLET_EXCEPTION_CLS.isInstance(throwable))
+          || (JAKARTA_SERVLET_EXCEPTION_CLS != null
+              && JAKARTA_SERVLET_EXCEPTION_CLS.isInstance(throwable))) {
+        // unwrap using getCause that's equivalent to servletException.getRootCause
+        throwable = throwable.getCause();
+      }
+      onError(span, throwable);
+    }
+    return super.onResponse(span, response);
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyRunnableWrapper.java b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyRunnableWrapper.java
new file mode 100644
index 00000000000..4c802f61e91
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyRunnableWrapper.java
@@ -0,0 +1,36 @@
+package datadog.trace.instrumentation.jetty12;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeScope;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter.ExcludeType.RUNNABLE;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter.exclude;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+
+public class JettyRunnableWrapper implements Runnable {
+
+  private Runnable runnable;
+  private AgentScope.Continuation continuation;
+
+  public JettyRunnableWrapper(Runnable runnable, AgentScope.Continuation continuation) {
+    this.runnable = runnable;
+    this.continuation = continuation;
+  }
+
+  @Override
+  public void run() {
+    try (AgentScope scope = continuation.activate()) {
+      runnable.run();
+    }
+  }
+
+  public static Runnable wrapIfNeeded(final Runnable task) {
+    if (task instanceof JettyRunnableWrapper || exclude(RUNNABLE, task)) {
+      return task;
+    }
+    AgentScope scope = activeScope();
+    if (null != scope) {
+      return new JettyRunnableWrapper(task, scope.capture());
+    }
+    return task; // don't wrap unless there is a scope to propagate
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyServerAdvice.java b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyServerAdvice.java
new file mode 100644
index 00000000000..44d4e00cb7a
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/JettyServerAdvice.java
@@ -0,0 +1,63 @@
+package datadog.trace.instrumentation.jetty12;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_SPAN_ATTRIBUTE;
+
+import datadog.trace.api.CorrelationIdentifier;
+import datadog.trace.api.GlobalTracer;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import net.bytebuddy.asm.Advice;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.internal.HttpChannelState;
+
+public class JettyServerAdvice {
+  public static class HandleAdvice {
+
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void onExit(
+        @Advice.This final HttpChannelState channel,
+        @Advice.Return(readOnly = false) Runnable ret) {
+      Request req = channel.getRequest();
+      Object existingSpan = req.getAttribute(DD_SPAN_ATTRIBUTE);
+      if (existingSpan instanceof AgentSpan) {
+        try (final AgentScope scope = activateSpan((AgentSpan) existingSpan)) {
+          ret = JettyRunnableWrapper.wrapIfNeeded(ret);
+          return;
+        }
+      }
+
+      final AgentSpan.Context.Extracted extractedContext = JettyDecorator.DECORATE.extract(req);
+      final AgentSpan span = JettyDecorator.DECORATE.startSpan(req, extractedContext);
+      try (final AgentScope scope = activateSpan(span)) {
+        scope.setAsyncPropagation(true);
+        span.setMeasured(true);
+        JettyDecorator.DECORATE.afterStart(span);
+        JettyDecorator.DECORATE.onRequest(span, req, req, extractedContext);
+
+        req.setAttribute(DD_SPAN_ATTRIBUTE, span);
+        req.setAttribute(CorrelationIdentifier.getTraceIdKey(), GlobalTracer.get().getTraceId());
+        req.setAttribute(CorrelationIdentifier.getSpanIdKey(), GlobalTracer.get().getSpanId());
+        ret = JettyRunnableWrapper.wrapIfNeeded(ret);
+      }
+    }
+  }
+
+  /**
+   * Jetty ensures that connections are reset immediately after the response is sent. This provides
+   * a reliable point to finish the server span at the last possible moment.
+   */
+  public static class ResetAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void stopSpan(@Advice.This final HttpChannelState channel) {
+      Request req = channel.getRequest();
+      Object spanObj = req.getAttribute(DD_SPAN_ATTRIBUTE);
+      if (spanObj instanceof AgentSpan) {
+        final AgentSpan span = (AgentSpan) spanObj;
+        JettyDecorator.DECORATE.onResponse(span, channel);
+        JettyDecorator.DECORATE.beforeFinish(span);
+        span.finish();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/RequestURIDataAdapter.java b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/RequestURIDataAdapter.java
new file mode 100644
index 00000000000..5b1a5c14a69
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/RequestURIDataAdapter.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.jetty12;
+
+import datadog.trace.bootstrap.instrumentation.api.URIRawDataAdapter;
+import org.eclipse.jetty.server.Request;
+
+final class RequestURIDataAdapter extends URIRawDataAdapter {
+
+  private final Request request;
+
+  RequestURIDataAdapter(Request request) {
+    this.request = request;
+  }
+
+  @Override
+  public String scheme() {
+    return request.getHttpURI().getScheme();
+  }
+
+  @Override
+  public String host() {
+    return Request.getServerName(request);
+  }
+
+  @Override
+  public int port() {
+    return Request.getServerPort(request);
+  }
+
+  @Override
+  protected String innerRawPath() {
+    return Request.getPathInContext(request);
+  }
+
+  @Override
+  public String fragment() {
+    return null;
+  }
+
+  @Override
+  protected String innerRawQuery() {
+    return request.getHttpURI().getQuery();
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/SetContextPathAdvice.java b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/SetContextPathAdvice.java
new file mode 100644
index 00000000000..0d6d39b0f45
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/main/java17/datadog/trace/instrumentation/jetty12/SetContextPathAdvice.java
@@ -0,0 +1,49 @@
+package datadog.trace.instrumentation.jetty12;
+
+import static datadog.trace.bootstrap.instrumentation.api.InstrumentationTags.SERVLET_CONTEXT;
+import static datadog.trace.bootstrap.instrumentation.api.InstrumentationTags.SERVLET_PATH;
+import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_DISPATCH_SPAN_ATTRIBUTE;
+import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_SPAN_ATTRIBUTE;
+import static datadog.trace.instrumentation.jetty12.JettyDecorator.DD_CONTEXT_PATH_ATTRIBUTE;
+import static datadog.trace.instrumentation.jetty12.JettyDecorator.DD_SERVLET_PATH_ATTRIBUTE;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import net.bytebuddy.asm.Advice;
+import org.eclipse.jetty.http.HttpURI;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.handler.ContextHandler;
+
+/**
+ * Because we are processing the initial request before the contextPath is set, we must update it
+ * when it is actually set.
+ */
+public class SetContextPathAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  public static void updateContextPath(
+      @Advice.This final ContextHandler contextHandler, @Advice.Argument(0) final Request req) {
+    Object span = req.getAttribute(DD_SPAN_ATTRIBUTE);
+    // Don't want to update while being dispatched to new servlet
+    if (span instanceof AgentSpan && req.getAttribute(DD_DISPATCH_SPAN_ATTRIBUTE) == null) {
+      if (contextHandler != null && contextHandler.getContextPath() != null) {
+        final String servletContext = contextHandler.getContextPath();
+        final String pathInContext;
+        final HttpURI uri = req.getHttpURI();
+        if (contextHandler.getContext() != null && uri != null && uri.getDecodedPath() != null) {
+          pathInContext = contextHandler.getContext().getPathInContext(uri.getDecodedPath());
+        } else {
+          pathInContext = null;
+        }
+        ((AgentSpan) span).setTag(SERVLET_CONTEXT, servletContext);
+        req.setAttribute(DD_CONTEXT_PATH_ATTRIBUTE, servletContext);
+        if (pathInContext != null) {
+          final String relativePath =
+              pathInContext.startsWith(servletContext)
+                  ? pathInContext.substring(servletContext.length())
+                  : pathInContext;
+          ((AgentSpan) span).setTag(SERVLET_PATH, relativePath);
+          req.setAttribute(DD_SERVLET_PATH_ATTRIBUTE, relativePath);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/test/ee10/groovy/Jetty12Test.groovy b/dd-java-agent/instrumentation/jetty-12/src/test/ee10/groovy/Jetty12Test.groovy
new file mode 100644
index 00000000000..f0c015dc0dd
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/test/ee10/groovy/Jetty12Test.groovy
@@ -0,0 +1,52 @@
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+import datadog.trace.instrumentation.servlet5.TestServlet5
+import org.eclipse.jetty.server.Server
+
+class Jetty12Test extends HttpServerTest<Server> implements TestingGenericHttpNamingConventions.ServerV0 {
+  @Override
+  HttpServer server() {
+    new JettyServer(JettyServer.servletHandler(TestServlet5))
+  }
+
+  @Override
+  Map<String, Serializable> expectedExtraServerTags(ServerEndpoint endpoint) {
+    ['servlet.context': '/context-path', 'servlet.path': endpoint.path]
+  }
+
+  @Override
+  String component() {
+    'jetty-server'
+  }
+
+  @Override
+  String expectedOperationName() {
+    operation()
+  }
+
+  @Override
+  String expectedServiceName() {
+    'context-path'
+  }
+
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean testRequestBodyISVariant() {
+    true
+  }
+
+  @Override
+  boolean testExceptionBody() {
+    false
+  }
+
+  @Override
+  boolean hasExtraErrorInformation() {
+    true
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/test/ee10/groovy/JettyServer.groovy b/dd-java-agent/instrumentation/jetty-12/src/test/ee10/groovy/JettyServer.groovy
new file mode 100644
index 00000000000..27bc9ee3aa1
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/test/ee10/groovy/JettyServer.groovy
@@ -0,0 +1,68 @@
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.UNKNOWN
+
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import jakarta.servlet.Servlet
+import jakarta.servlet.ServletException
+import jakarta.servlet.http.HttpServletRequest
+import org.eclipse.jetty.ee10.servlet.ErrorHandler
+import org.eclipse.jetty.ee10.servlet.ServletContextHandler
+import org.eclipse.jetty.server.Handler
+import org.eclipse.jetty.server.Server
+
+class JettyServer implements HttpServer {
+  def port = 0
+  final server = new Server(0) // select random open port
+
+  JettyServer(Handler handler) {
+    server.handler = handler
+    server.addBean(errorHandler)
+  }
+
+  @Override
+  void start() {
+    server.start()
+    port = server.connectors[0].localPort
+    assert port > 0
+  }
+
+  @Override
+  void stop() {
+    server.stop()
+  }
+
+  @Override
+  URI address() {
+    return new URI("http://localhost:$port/context-path/")
+  }
+
+  @Override
+  String toString() {
+    return this.class.name
+  }
+
+  static Handler servletHandler(Class<? extends Servlet> servlet) {
+    // defaults to jakarta servlet
+    ServletContextHandler handler = new ServletContextHandler("/context-path")
+    handler.errorHandler = errorHandler
+    HttpServerTest.ServerEndpoint.values()
+      .findAll { !(it in [NOT_FOUND, UNKNOWN]) }
+      .each {
+        handler.servletHandler.addServletWithMapping(servlet, it.path)
+      }
+    handler
+  }
+
+  static errorHandler = new ErrorHandler() {
+    @Override
+    protected void writeErrorPage(HttpServletRequest request, Writer writer, int code,
+      String message, boolean showStacks) throws IOException {
+      Throwable th = (Throwable) request.getAttribute("jakarta.servlet.error.exception")
+      message = th == null ? message : th instanceof ServletException ? th.getRootCause().message : th.message
+      if (message) {
+        writer.write(message)
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/test/ee8/groovy/Jetty12Test.groovy b/dd-java-agent/instrumentation/jetty-12/src/test/ee8/groovy/Jetty12Test.groovy
new file mode 100644
index 00000000000..aecdac1b4e4
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/test/ee8/groovy/Jetty12Test.groovy
@@ -0,0 +1,75 @@
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+import datadog.trace.instrumentation.servlet3.TestServlet3
+import org.eclipse.jetty.server.Server
+
+import javax.servlet.Servlet
+
+abstract class Jetty12Test extends HttpServerTest<Server> implements TestingGenericHttpNamingConventions.ServerV0 {
+  @Override
+  HttpServer server() {
+    new JettyServer(JettyServer.servletHandler(servletClass()))
+  }
+
+  protected abstract Class<Servlet> servletClass()
+
+  @Override
+  Map<String, Serializable> expectedExtraServerTags(ServerEndpoint endpoint) {
+    ['servlet.context': '/context-path', 'servlet.path': endpoint.path]
+  }
+
+  @Override
+  String component() {
+    'jetty-server'
+  }
+
+  @Override
+  String expectedOperationName() {
+    operation()
+  }
+
+  @Override
+  String expectedServiceName() {
+    'context-path'
+  }
+
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean testRequestBodyISVariant() {
+    true
+  }
+
+  @Override
+  boolean hasExtraErrorInformation() {
+    true
+  }
+}
+
+class Jetty12SyncTest extends Jetty12Test {
+  @Override
+  protected Class<Servlet> servletClass() {
+    TestServlet3.Sync
+  }
+}
+
+class Jetty12AsyncTest extends Jetty12Test {
+  @Override
+  protected Class<Servlet> servletClass() {
+    TestServlet3.Async
+  }
+  // See JettyServlet3Test
+  @Override
+  boolean testException() {
+    false
+  }
+
+  @Override
+  boolean testTimeout() {
+    true
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/test/ee8/groovy/JettyServer.groovy b/dd-java-agent/instrumentation/jetty-12/src/test/ee8/groovy/JettyServer.groovy
new file mode 100644
index 00000000000..405a674fea4
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/test/ee8/groovy/JettyServer.groovy
@@ -0,0 +1,69 @@
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.UNKNOWN
+
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import org.eclipse.jetty.ee8.nested.ErrorHandler
+import org.eclipse.jetty.ee8.servlet.ServletContextHandler
+import org.eclipse.jetty.server.Handler
+import org.eclipse.jetty.server.Server
+
+import javax.servlet.Servlet
+import javax.servlet.ServletException
+import javax.servlet.http.HttpServletRequest
+
+class JettyServer implements HttpServer {
+  def port = 0
+  final server = new Server(0) // select random open port
+
+  JettyServer(Handler handler) {
+    server.handler = handler
+    server.addBean(errorHandler)
+  }
+
+  @Override
+  void start() {
+    server.start()
+    port = server.connectors[0].localPort
+    assert port > 0
+  }
+
+  @Override
+  void stop() {
+    server.stop()
+  }
+
+  @Override
+  URI address() {
+    return new URI("http://localhost:$port/context-path/")
+  }
+
+  @Override
+  String toString() {
+    return this.class.name
+  }
+
+  static Handler servletHandler(Class<? extends Servlet> servlet) {
+    // defaults to jakarta servlet
+    ServletContextHandler handler = new ServletContextHandler(null, "/context-path")
+    handler.errorHandler = errorHandler
+    HttpServerTest.ServerEndpoint.values()
+      .findAll { !(it in [NOT_FOUND, UNKNOWN]) }
+      .each {
+        handler.servletHandler.addServletWithMapping(servlet, it.path)
+      }
+    handler.get()
+  }
+
+  static errorHandler = new ErrorHandler() {
+    @Override
+    protected void writeErrorPage(HttpServletRequest request, Writer writer, int code,
+      String message, boolean showStacks) throws IOException {
+      ServletException th = (ServletException) request.getAttribute("javax.servlet.error.exception")
+      message = th ? th.getRootCause().message : message
+      if (message) {
+        writer.write(message)
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/test/ee9/groovy/Jetty12Test.groovy b/dd-java-agent/instrumentation/jetty-12/src/test/ee9/groovy/Jetty12Test.groovy
new file mode 100644
index 00000000000..56088d10ca8
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/test/ee9/groovy/Jetty12Test.groovy
@@ -0,0 +1,52 @@
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+import datadog.trace.instrumentation.servlet5.TestServlet5
+import org.eclipse.jetty.server.Server
+
+class Jetty12Test extends HttpServerTest<Server> implements TestingGenericHttpNamingConventions.ServerV1 {
+  @Override
+  HttpServer server() {
+    new JettyServer(JettyServer.servletHandler(TestServlet5))
+  }
+
+  @Override
+  Map<String, Serializable> expectedExtraServerTags(ServerEndpoint endpoint) {
+    ['servlet.context': '/context-path', 'servlet.path': endpoint.path]
+  }
+
+  @Override
+  String component() {
+    'jetty-server'
+  }
+
+  @Override
+  String expectedOperationName() {
+    operation()
+  }
+
+  @Override
+  String expectedServiceName() {
+    'context-path'
+  }
+
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean testRequestBodyISVariant() {
+    true
+  }
+
+  @Override
+  boolean hasExtraErrorInformation() {
+    true
+  }
+
+  @Override
+  boolean testExceptionBody() {
+    false
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-12/src/test/ee9/groovy/JettyServer.groovy b/dd-java-agent/instrumentation/jetty-12/src/test/ee9/groovy/JettyServer.groovy
new file mode 100644
index 00000000000..246542bb1fc
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-12/src/test/ee9/groovy/JettyServer.groovy
@@ -0,0 +1,68 @@
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.UNKNOWN
+
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import jakarta.servlet.Servlet
+import jakarta.servlet.ServletException
+import jakarta.servlet.http.HttpServletRequest
+import org.eclipse.jetty.ee9.nested.ErrorHandler
+import org.eclipse.jetty.ee9.servlet.ServletContextHandler
+import org.eclipse.jetty.server.Handler
+import org.eclipse.jetty.server.Server
+
+class JettyServer implements HttpServer {
+  def port = 0
+  final server = new Server(0) // select random open port
+
+  JettyServer(Handler handler) {
+    server.handler = handler
+    server.addBean(errorHandler)
+  }
+
+  @Override
+  void start() {
+    server.start()
+    port = server.connectors[0].localPort
+    assert port > 0
+  }
+
+  @Override
+  void stop() {
+    server.stop()
+  }
+
+  @Override
+  URI address() {
+    return new URI("http://localhost:$port/context-path/")
+  }
+
+  @Override
+  String toString() {
+    return this.class.name
+  }
+
+  static Handler servletHandler(Class<? extends Servlet> servlet) {
+    // defaults to jakarta servlet
+    ServletContextHandler handler = new ServletContextHandler(null, "/context-path")
+    handler.errorHandler = errorHandler
+    HttpServerTest.ServerEndpoint.values()
+      .findAll { !(it in [NOT_FOUND, UNKNOWN]) }
+      .each {
+        handler.servletHandler.addServletWithMapping(servlet, it.path)
+      }
+    handler.get()
+  }
+
+  static errorHandler = new ErrorHandler() {
+    @Override
+    protected void writeErrorPage(HttpServletRequest request, Writer writer, int code,
+      String message, boolean showStacks) throws IOException {
+      Throwable th = (Throwable) request.getAttribute("jakarta.servlet.error.exception")
+      message = th == null ? message : th instanceof ServletException ? th.getRootCause().message : th.message
+      if (message) {
+        writer.write(message)
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java b/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java
index dd8bc7a5311..a06a0507ef6 100644
--- a/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java
@@ -91,7 +91,10 @@ static class CommitResponseAdvice {
         if (brf != null) {
           boolean res =
               brf.tryCommitBlockingResponse(
-                  rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                  requestContext.getTraceSegment(),
+                  rba.getStatusCode(),
+                  rba.getBlockingContentType(),
+                  rba.getExtraHeaders());
           if (res) {
             requestContext.getTraceSegment().effectivelyBlocked();
             return true;
diff --git a/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/ServerHandleInstrumentation.java b/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/ServerHandleInstrumentation.java
index 7b0ac6b0f95..2b6a9e422ea 100644
--- a/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/ServerHandleInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-7.0/src/main/java/datadog/trace/instrumentation/jetty70/ServerHandleInstrumentation.java
@@ -53,8 +53,10 @@ public void adviceTransformations(AdviceTransformation transformation) {
   static class HandleAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     static AgentScope onEnter(
-        @Advice.Argument(0) HttpConnection connection, @Advice.Local("agentSpan") AgentSpan span) {
-      Request req = connection.getRequest();
+        @Advice.Argument(0) HttpConnection connection,
+        @Advice.Local("request") Request req,
+        @Advice.Local("agentSpan") AgentSpan span) {
+      req = connection.getRequest();
 
       // see comments in HandleRequestAdvice for jetty-9
       Object dispatchSpan;
@@ -73,6 +75,7 @@ static AgentScope onEnter(
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
     public static void onExit(
         @Advice.Enter final AgentScope scope,
+        @Advice.Local("request") Request req,
         @Advice.Local("agentSpan") AgentSpan span,
         @Advice.Thrown Throwable t) {
       if (scope == null) {
@@ -82,9 +85,16 @@ public static void onExit(
       if (t != null) {
         DECORATE.onError(span, t);
       }
-      DECORATE.beforeFinish(span);
-      span.finish();
+      if (!req.getAsyncContinuation().isAsyncStarted()) {
+        // finish will be handled by the async listener
+        DECORATE.beforeFinish(span);
+        span.finish();
+      }
       scope.close();
+
+      synchronized (req) {
+        req.removeAttribute(DD_DISPATCH_SPAN_ATTRIBUTE);
+      }
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/jetty-7.0/src/test/groovy/Jetty70Test.groovy b/dd-java-agent/instrumentation/jetty-7.0/src/test/groovy/Jetty70Test.groovy
index 58c90fee2dd..1a0b4693d67 100644
--- a/dd-java-agent/instrumentation/jetty-7.0/src/test/groovy/Jetty70Test.groovy
+++ b/dd-java-agent/instrumentation/jetty-7.0/src/test/groovy/Jetty70Test.groovy
@@ -78,6 +78,11 @@ abstract class Jetty70Test extends HttpServerTest<Server> {
     return component()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/jetty-7.6/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java b/dd-java-agent/instrumentation/jetty-7.6/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java
deleted file mode 100644
index cf5ef3a40e7..00000000000
--- a/dd-java-agent/instrumentation/jetty-7.6/main/java/datadog/trace/instrumentation/jetty70/JettyCommitResponseInstrumentation.java
+++ /dev/null
@@ -1,123 +0,0 @@
-package datadog.trace.instrumentation.jetty70;
-
-import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
-import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_IGNORE_COMMIT_ATTRIBUTE;
-import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_SPAN_ATTRIBUTE;
-import static datadog.trace.instrumentation.jetty70.JettyDecorator.DECORATE;
-import static java.util.Collections.singletonMap;
-import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
-import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
-import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
-import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
-
-import com.google.auto.service.AutoService;
-import datadog.trace.agent.tooling.Instrumenter;
-import datadog.trace.api.Config;
-import datadog.trace.api.CorrelationIdentifier;
-import datadog.trace.api.GlobalTracer;
-import datadog.trace.api.ProductActivation;
-import datadog.trace.api.gateway.BlockResponseFunction;
-import datadog.trace.api.gateway.Flow;
-import datadog.trace.api.gateway.RequestContext;
-import datadog.trace.bootstrap.InstrumentationContext;
-import datadog.trace.bootstrap.instrumentation.api.AgentScope;
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.instrumentation.jetty.ConnectionHandleRequestVisitor;
-import java.util.Map;
-import net.bytebuddy.asm.Advice;
-import net.bytebuddy.asm.AsmVisitorWrapper;
-import net.bytebuddy.description.field.FieldDescription;
-import net.bytebuddy.description.field.FieldList;
-import net.bytebuddy.description.method.MethodList;
-import net.bytebuddy.description.type.TypeDescription;
-import net.bytebuddy.implementation.Implementation;
-import net.bytebuddy.jar.asm.ClassVisitor;
-import net.bytebuddy.jar.asm.ClassWriter;
-import net.bytebuddy.jar.asm.Opcodes;
-import net.bytebuddy.pool.TypePool;
-import org.eclipse.jetty.http.Generator;
-import org.eclipse.jetty.server.HttpConnection;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.Response;
-
-@AutoService(Instrumenter.class)
-public final class JettyCommitResponseInstrumentation extends Instrumenter.AppSec
-    implements Instrumenter.ForSingleType {
-
-  public JettyCommitResponseInstrumentation() {
-    super("jetty");
-  }
-
-  @Override
-  public String instrumentedType() {
-    return "org.eclipse.jetty.server.HttpConnection";
-  }
-
-  @Override
-  public String[] helperClassNames() {
-    return new String[] {
-      packageName + ".ExtractAdapter",
-      packageName + ".ExtractAdapter$Request",
-      packageName + ".ExtractAdapter$Response",
-      packageName + ".JettyDecorator",
-      packageName + ".RequestURIDataAdapter",
-      "datadog.trace.instrumentation.jetty.JettyBlockResponseFunction",
-      "datadog.trace.instrumentation.jetty.JettyBlockingHelper",
-    };
-  }
-
-  @Override
-  public void adviceTransformations(AdviceTransformation transformation) {
-    transformation.applyAdvice(
-        named("commitResponse").and(takesArguments(1)).and(takesArgument(0, boolean.class)).or(
-            named("completeResponse").and(takesArguments(0))
-        ),
-        JettyCommitResponseInstrumentation.class.getName() + "$CommitResponseAdvice"
-    );
-  }
-
-  static class CommitResponseAdvice {
-    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
-    static boolean /* skip */ before(@Advice.This HttpConnection connection) {
-      Generator generator = connection.getGenerator();
-      if (generator.isCommitted()) {
-        return false;
-      }
-
-      Request req = connection.getRequest();
-
-      if (req.getAttribute(DD_IGNORE_COMMIT_ATTRIBUTE) != null) {
-        return false;
-      }
-
-      Object existingSpan = req.getAttribute(DD_SPAN_ATTRIBUTE);
-      if (!(existingSpan instanceof AgentSpan)) {
-        return false;
-      }
-      AgentSpan span = (AgentSpan) existingSpan;
-      RequestContext requestContext = span.getRequestContext();
-      if (requestContext == null) {
-        return false;
-      }
-
-      Response resp = connection.getResponse();
-
-      Flow<Void> flow = DECORATE.callIGCallbackResponseAndHeaders(
-          span, resp, resp.getStatus(), ExtractAdapter.Response.GETTER);
-      Flow.Action action = flow.getAction();
-      if (action instanceof Flow.Action.RequestBlockingAction) {
-        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
-        BlockResponseFunction brf = requestContext.getBlockResponseFunction();
-        if (brf != null) {
-          boolean res = brf.tryCommitBlockingResponse(rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          if (res) {
-            return true;
-          }
-        }
-      }
-
-      return false;
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/jetty-7.6/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java b/dd-java-agent/instrumentation/jetty-7.6/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java
deleted file mode 100644
index 6ae42d9e7c3..00000000000
--- a/dd-java-agent/instrumentation/jetty-7.6/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java
+++ /dev/null
@@ -1,123 +0,0 @@
-package datadog.trace.instrumentation.jetty76;
-
-import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
-import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_IGNORE_COMMIT_ATTRIBUTE;
-import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_SPAN_ATTRIBUTE;
-import static datadog.trace.instrumentation.jetty76.JettyDecorator.DECORATE;
-import static java.util.Collections.singletonMap;
-import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
-import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
-import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
-import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
-
-import com.google.auto.service.AutoService;
-import datadog.trace.agent.tooling.Instrumenter;
-import datadog.trace.api.Config;
-import datadog.trace.api.CorrelationIdentifier;
-import datadog.trace.api.GlobalTracer;
-import datadog.trace.api.ProductActivation;
-import datadog.trace.api.gateway.BlockResponseFunction;
-import datadog.trace.api.gateway.Flow;
-import datadog.trace.api.gateway.RequestContext;
-import datadog.trace.bootstrap.InstrumentationContext;
-import datadog.trace.bootstrap.instrumentation.api.AgentScope;
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.instrumentation.jetty.ConnectionHandleRequestVisitor;
-import java.util.Map;
-import net.bytebuddy.asm.Advice;
-import net.bytebuddy.asm.AsmVisitorWrapper;
-import net.bytebuddy.description.field.FieldDescription;
-import net.bytebuddy.description.field.FieldList;
-import net.bytebuddy.description.method.MethodList;
-import net.bytebuddy.description.type.TypeDescription;
-import net.bytebuddy.implementation.Implementation;
-import net.bytebuddy.jar.asm.ClassVisitor;
-import net.bytebuddy.jar.asm.ClassWriter;
-import net.bytebuddy.jar.asm.Opcodes;
-import net.bytebuddy.pool.TypePool;
-import org.eclipse.jetty.http.Generator;
-import org.eclipse.jetty.server.HttpConnection;
-import org.eclipse.jetty.server.Request;
-import org.eclipse.jetty.server.Response;
-
-@AutoService(Instrumenter.class)
-public final class JettyCommitResponseInstrumentation extends Instrumenter.AppSec
-    implements Instrumenter.ForSingleType {
-
-  public JettyCommitResponseInstrumentation() {
-    super("jetty");
-  }
-
-  @Override
-  public String instrumentedType() {
-    return "org.eclipse.jetty.server.HttpConnection";
-  }
-
-  @Override
-  public String[] helperClassNames() {
-    return new String[] {
-      packageName + ".ExtractAdapter",
-      packageName + ".ExtractAdapter$Request",
-      packageName + ".ExtractAdapter$Response",
-      packageName + ".JettyDecorator",
-      packageName + ".RequestURIDataAdapter",
-      "datadog.trace.instrumentation.jetty.JettyBlockResponseFunction",
-      "datadog.trace.instrumentation.jetty.JettyBlockingHelper",
-    };
-  }
-
-  @Override
-  public void adviceTransformations(AdviceTransformation transformation) {
-    transformation.applyAdvice(
-        named("commitResponse").and(takesArguments(1)).and(takesArgument(0, boolean.class)).or(
-            named("completeResponse").and(takesArguments(0))
-        ),
-        JettyCommitResponseInstrumentation.class.getName() + "$CommitResponseAdvice"
-    );
-  }
-
-  static class CommitResponseAdvice {
-    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
-    static boolean /* skip */ before(@Advice.This HttpConnection connection) {
-      Generator generator = connection.getGenerator();
-      if (generator.isCommitted()) {
-        return false;
-      }
-
-      Request req = connection.getRequest();
-
-      if (req.getAttribute(DD_IGNORE_COMMIT_ATTRIBUTE) != null) {
-        return false;
-      }
-
-      Object existingSpan = req.getAttribute(DD_SPAN_ATTRIBUTE);
-      if (!(existingSpan instanceof AgentSpan)) {
-        return false;
-      }
-      AgentSpan span = (AgentSpan) existingSpan;
-      RequestContext requestContext = span.getRequestContext();
-      if (requestContext == null) {
-        return false;
-      }
-
-      Response resp = connection.getResponse();
-
-      Flow<Void> flow = DECORATE.callIGCallbackResponseAndHeaders(
-          span, resp, resp.getStatus(), ExtractAdapter.Response.GETTER);
-      Flow.Action action = flow.getAction();
-      if (action instanceof Flow.Action.RequestBlockingAction) {
-        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
-        BlockResponseFunction brf = requestContext.getBlockResponseFunction();
-        if (brf != null) {
-          boolean res = brf.tryCommitBlockingResponse(rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          if (res) {
-            return true;
-          }
-        }
-      }
-
-      return false;
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java b/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java
index 24f88203acd..6ba73ddc29a 100644
--- a/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/JettyCommitResponseInstrumentation.java
@@ -103,13 +103,11 @@ static class CommitResponseAdvice {
         Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
         BlockResponseFunction brf = requestContext.getBlockResponseFunction();
         if (brf != null) {
-          boolean res =
-              brf.tryCommitBlockingResponse(
-                  rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          if (res) {
-            requestContext.getTraceSegment().effectivelyBlocked();
-            return true;
-          }
+          return brf.tryCommitBlockingResponse(
+              requestContext.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
         }
       }
 
diff --git a/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/ServerHandleInstrumentation.java b/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/ServerHandleInstrumentation.java
index a5af4e209ee..c17980b2c1d 100644
--- a/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/ServerHandleInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-7.6/src/main/java/datadog/trace/instrumentation/jetty76/ServerHandleInstrumentation.java
@@ -54,8 +54,9 @@ static class HandleAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     static AgentScope onEnter(
         @Advice.Argument(0) AbstractHttpConnection connection,
+        @Advice.Local("request") Request req,
         @Advice.Local("agentSpan") AgentSpan span) {
-      Request req = connection.getRequest();
+      req = connection.getRequest();
 
       // see comments in HandleRequestAdvice for jetty-9
       Object dispatchSpan;
@@ -75,6 +76,7 @@ static AgentScope onEnter(
     public static void onExit(
         @Advice.Enter final AgentScope scope,
         @Advice.Local("agentSpan") AgentSpan span,
+        @Advice.Local("request") Request req,
         @Advice.Thrown Throwable t) {
       if (scope == null) {
         return;
@@ -83,9 +85,16 @@ public static void onExit(
       if (t != null) {
         DECORATE.onError(span, t);
       }
-      DECORATE.beforeFinish(span);
-      span.finish();
+      if (!req.getAsyncContinuation().isAsyncStarted()) {
+        // finish will be handled by the async listener
+        DECORATE.beforeFinish(span);
+        span.finish();
+      }
       scope.close();
+
+      synchronized (req) {
+        req.removeAttribute(DD_DISPATCH_SPAN_ATTRIBUTE);
+      }
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/jetty-7.6/src/test/groovy/Jetty76Test.groovy b/dd-java-agent/instrumentation/jetty-7.6/src/test/groovy/Jetty76Test.groovy
index 75a25f74120..9a5747a5605 100644
--- a/dd-java-agent/instrumentation/jetty-7.6/src/test/groovy/Jetty76Test.groovy
+++ b/dd-java-agent/instrumentation/jetty-7.6/src/test/groovy/Jetty76Test.groovy
@@ -73,6 +73,12 @@ abstract class Jetty76Test extends HttpServerTest<Server> {
     return "jetty-server"
   }
 
+
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   String expectedOperationName() {
     return operation()
diff --git a/dd-java-agent/instrumentation/jetty-9/build.gradle b/dd-java-agent/instrumentation/jetty-9/build.gradle
index 78713213a55..9d847ef0d6a 100644
--- a/dd-java-agent/instrumentation/jetty-9/build.gradle
+++ b/dd-java-agent/instrumentation/jetty-9/build.gradle
@@ -43,10 +43,18 @@ muzzle {
     javaVersion = 11
   }
   pass {
-    name = 'after_10'
+    name = 'named_dispatches'
+    group = 'org.eclipse.jetty'
+    module = 'jetty-server'
+    versions = "[10.0.16,11),[11.0.16,12)"
+    assertInverse = true
+    javaVersion = 11
+  }
+  pass {
+    name = 'between_10_and_12'
     group = "org.eclipse.jetty"
     module = 'jetty-server'
-    versions = "[10,)"
+    versions = "[10,12)"
     assertInverse = true
     javaVersion = 11
   }
diff --git a/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty10/DispatchableInstrumentation.java b/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty10/DispatchableInstrumentation.java
new file mode 100644
index 00000000000..89bf6044a76
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty10/DispatchableInstrumentation.java
@@ -0,0 +1,65 @@
+package datadog.trace.instrumentation.jetty10;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+@AutoService(Instrumenter.class)
+public class DispatchableInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+  public DispatchableInstrumentation() {
+    super("jetty");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "named_dispatches";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return new Reference[] {
+      new Reference.Builder("org.eclipse.jetty.server.HttpChannel$RequestDispatchable")
+          .withField(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC,
+              "this$0",
+              "Lorg/eclipse/jetty/server/HttpChannel;")
+          .build(),
+      new Reference.Builder("org.eclipse.jetty.server.HttpChannel$AsyncDispatchable")
+          .withField(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC,
+              "this$0",
+              "Lorg/eclipse/jetty/server/HttpChannel;")
+          .build(),
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      "datadog.trace.instrumentation.jetty.JettyBlockingHelper",
+    };
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "org.eclipse.jetty.server.HttpChannel$RequestDispatchable",
+      "org.eclipse.jetty.server.HttpChannel$RequestAsyncDispatchable",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("dispatch")).and(isPublic()).and(takesArguments(0)),
+        packageName + ".DispatchableAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/JettyCommitResponseInstrumentation.java b/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/JettyCommitResponseInstrumentation.java
index f33f693be08..8e57b590e30 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/JettyCommitResponseInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/JettyCommitResponseInstrumentation.java
@@ -127,7 +127,10 @@ static class CommitResponseAdvice {
           _committed.set(false);
           boolean res =
               brf.tryCommitBlockingResponse(
-                  rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                  requestContext.getTraceSegment(),
+                  rba.getStatusCode(),
+                  rba.getBlockingContentType(),
+                  rba.getExtraHeaders());
           if (res && _committed.get()) {
             requestContext.getTraceSegment().effectivelyBlocked();
             return true;
diff --git a/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/ServerHandleInstrumentation.java b/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/ServerHandleInstrumentation.java
index 9744acaab52..efab382aa98 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/ServerHandleInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-9/src/main/java/datadog/trace/instrumentation/jetty9/ServerHandleInstrumentation.java
@@ -3,6 +3,7 @@
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
 import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_DISPATCH_SPAN_ATTRIBUTE;
+import static datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator.DD_FIN_DISP_LIST_SPAN_ATTRIBUTE;
 import static datadog.trace.instrumentation.jetty9.JettyDecorator.DECORATE;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
 import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
@@ -15,6 +16,16 @@
 import org.eclipse.jetty.server.HttpChannel;
 import org.eclipse.jetty.server.Request;
 
+/**
+ * Deals with dispatch spans created in the Servlet instrumentation but that further down the line
+ * are not handled by servlets (see AsyncContextInstrumentation).
+ *
+ * <p>This does not create new dispatch spans. Not all dispatches in jetty involve AsyncContext.
+ * There are, for instance, internal error dispatches that won't be detected.
+ *
+ * <p>One possibility for detecting these is using HttpChannel.Listener's onBeforeDispatch/
+ * onDispatchFailure/onAfterDispatch. These are only available starting in 9.4 though.
+ */
 @AutoService(Instrumenter.class)
 public class ServerHandleInstrumentation extends Instrumenter.Tracing
     implements Instrumenter.ForSingleType {
@@ -58,15 +69,22 @@ public void adviceTransformations(AdviceTransformation transformation) {
   static class HandleAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     static AgentScope onEnter(
-        @Advice.Argument(0) HttpChannel<?> channel, @Advice.Local("agentSpan") AgentSpan span) {
-      Request req = channel.getRequest();
+        @Advice.Argument(0) HttpChannel<?> channel,
+        @Advice.Local("agentSpan") AgentSpan span,
+        @Advice.Local("request") Request req) {
+      req = channel.getRequest();
 
       // same logic as in Servlet3Advice. We need to activate/finish the dispatch span here
       // because we don't know if a servlet is going to be called and therefore whether
       // Servlet3Advice will have an opportunity to run.
       // If there is no servlet involved, the span would not be finished.
+
       Object dispatchSpan;
       synchronized (req) {
+        // see AsyncContextInstrumentation on the servlet instrumentation for the creation
+        // of this dispatch span.
+        // Unfortunately, not all jetty dispatches are detected by the servlet
+        // instrumentation, like internal error dispatches
         dispatchSpan = req.getAttribute(DD_DISPATCH_SPAN_ATTRIBUTE);
       }
       if (dispatchSpan instanceof AgentSpan) {
@@ -86,17 +104,35 @@ static AgentScope onEnter(
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
     public static void onExit(
         @Advice.Enter final AgentScope scope,
+        @Advice.Local("request") Request req,
         @Advice.Local("agentSpan") AgentSpan span,
         @Advice.Thrown Throwable t) {
       if (scope == null) {
         return;
       }
 
+      boolean registeredFinishListener;
+      synchronized (req) {
+        req.removeAttribute(DD_DISPATCH_SPAN_ATTRIBUTE);
+        // the async finish listener may not have been registered. The listener
+        // is not registered upon dispatch to avoid ConcurrentModificationException
+        // (see AsyncContextInstrumentation), only when the dispatch is handled
+        // (see Servlet3Advice).
+        // However, it's possible that the dispatch never passes through servlets,
+        // so the listener is never registered. In that case, we handle the dispatch
+        // finish here (the reason we cannot handle dispatch finish solely here is
+        // because we can't detect async timeouts here)
+        registeredFinishListener = req.getAttribute(DD_FIN_DISP_LIST_SPAN_ATTRIBUTE) != null;
+      }
+
       if (t != null) {
         DECORATE.onError(span, t);
       }
-      DECORATE.beforeFinish(span);
-      span.finish();
+      if (!(req.isAsyncStarted() && registeredFinishListener)) {
+        // finish will be handled by the async listener
+        DECORATE.beforeFinish(span);
+        span.finish();
+      }
       scope.close();
     }
   }
diff --git a/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/DispatchableAdvice.java b/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/DispatchableAdvice.java
new file mode 100644
index 00000000000..b0f0b53f037
--- /dev/null
+++ b/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/DispatchableAdvice.java
@@ -0,0 +1,26 @@
+package datadog.trace.instrumentation.jetty10;
+
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.instrumentation.jetty.JettyBlockingHelper;
+import net.bytebuddy.asm.Advice;
+import org.eclipse.jetty.server.HttpChannel;
+
+public class DispatchableAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+  public static boolean /* skip */ before(@Advice.FieldValue("this$0") HttpChannel channel) {
+    AgentSpan span = AgentTracer.activeSpan();
+    if (span == null) {
+      return false;
+    }
+    Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
+    if (rba == null) {
+      return false;
+    }
+
+    boolean blocked =
+        JettyBlockingHelper.block(channel.getRequest(), channel.getResponse(), rba, span);
+    return blocked;
+  }
+}
diff --git a/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/HandleAdvice.java b/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/HandleAdvice.java
index c62b36410d1..b6554d3c7c1 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/HandleAdvice.java
+++ b/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/HandleAdvice.java
@@ -41,4 +41,8 @@ public static AgentScope onEnter(
   public static void closeScope(@Advice.Enter final AgentScope scope) {
     scope.close();
   }
+
+  private void muzzleCheck(Request r) {
+    r.getAsyncContext(); // there must be a getAsyncContext returning a javax AsyncContext
+  }
 }
diff --git a/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/ServerHandleAdvice.java b/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/ServerHandleAdvice.java
index 6ff29e3e364..4c759e94ea0 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/ServerHandleAdvice.java
+++ b/dd-java-agent/instrumentation/jetty-9/src/main/java_jetty10/datadog/trace/instrumentation/jetty10/ServerHandleAdvice.java
@@ -13,8 +13,10 @@
 class ServerHandleAdvice {
   @Advice.OnMethodEnter(suppress = Throwable.class)
   static AgentScope onEnter(
-      @Advice.Argument(0) HttpChannel channel, @Advice.Local("agentSpan") AgentSpan span) {
-    Request req = channel.getRequest();
+      @Advice.Argument(0) HttpChannel channel,
+      @Advice.Local("request") Request req,
+      @Advice.Local("agentSpan") AgentSpan span) {
+    req = channel.getRequest();
 
     // same logic as in Servlet3Advice. We need to activate/finish the dispatch span here
     // because we don't know if a servlet is going to be called and therefore whether
@@ -41,6 +43,7 @@ static AgentScope onEnter(
   @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
   public static void onExit(
       @Advice.Enter final AgentScope scope,
+      @Advice.Local("request") Request req,
       @Advice.Local("agentSpan") AgentSpan span,
       @Advice.Thrown Throwable t) {
     if (scope == null) {
@@ -50,8 +53,15 @@ public static void onExit(
     if (t != null) {
       DECORATE.onError(span, t);
     }
-    DECORATE.beforeFinish(span);
-    span.finish();
+    if (!req.isAsyncStarted()) {
+      // finish will be handled by the async listener
+      DECORATE.beforeFinish(span);
+      span.finish();
+    }
     scope.close();
+
+    synchronized (req) {
+      req.removeAttribute(DD_DISPATCH_SPAN_ATTRIBUTE);
+    }
   }
 }
diff --git a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/Jetty9InactiveAppSecTest.groovy b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/Jetty9InactiveAppSecTest.groovy
similarity index 84%
rename from dd-java-agent/instrumentation/jetty-9/src/test/groovy/Jetty9InactiveAppSecTest.groovy
rename to dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/Jetty9InactiveAppSecTest.groovy
index 3282463121b..f50269f55bf 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/Jetty9InactiveAppSecTest.groovy
+++ b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/Jetty9InactiveAppSecTest.groovy
@@ -1,3 +1,5 @@
+package datadog.trace.instrumentation.jetty9
+
 import com.datadog.appsec.AppSecInactiveHttpServerTest
 import datadog.trace.agent.test.base.HttpServer
 
diff --git a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/Jetty9Test.groovy b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/Jetty9Test.groovy
similarity index 91%
rename from dd-java-agent/instrumentation/jetty-9/src/test/groovy/Jetty9Test.groovy
rename to dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/Jetty9Test.groovy
index 2014ed999e8..240bc5333cb 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/Jetty9Test.groovy
+++ b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/Jetty9Test.groovy
@@ -1,3 +1,5 @@
+package datadog.trace.instrumentation.jetty9
+
 import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
@@ -25,6 +27,12 @@ abstract class Jetty9Test extends HttpServerTest<Server> {
     operation()
   }
 
+
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/JettyContinuationHandlerTest.groovy b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/JettyContinuationHandlerTest.groovy
similarity index 98%
rename from dd-java-agent/instrumentation/jetty-9/src/test/groovy/JettyContinuationHandlerTest.groovy
rename to dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/JettyContinuationHandlerTest.groovy
index eedc05e72e6..5be31bff28d 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/JettyContinuationHandlerTest.groovy
+++ b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/JettyContinuationHandlerTest.groovy
@@ -1,3 +1,5 @@
+package datadog.trace.instrumentation.jetty9
+
 import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
 import datadog.trace.bootstrap.instrumentation.api.Tags
diff --git a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/JettyServer.groovy b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/JettyServer.groovy
similarity index 93%
rename from dd-java-agent/instrumentation/jetty-9/src/test/groovy/JettyServer.groovy
rename to dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/JettyServer.groovy
index 48b6eec5555..b18c1aebe7b 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/JettyServer.groovy
+++ b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/JettyServer.groovy
@@ -1,3 +1,5 @@
+package datadog.trace.instrumentation.jetty9
+
 import datadog.trace.agent.test.base.HttpServer
 import org.eclipse.jetty.server.Server
 import org.eclipse.jetty.server.handler.AbstractHandler
diff --git a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/TestHandler.groovy b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/TestHandler.groovy
similarity index 98%
rename from dd-java-agent/instrumentation/jetty-9/src/test/groovy/TestHandler.groovy
rename to dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/TestHandler.groovy
index 3129a3671a2..ff250ac8160 100644
--- a/dd-java-agent/instrumentation/jetty-9/src/test/groovy/TestHandler.groovy
+++ b/dd-java-agent/instrumentation/jetty-9/src/test/groovy/datadog/trace/instrumentation/jetty9/TestHandler.groovy
@@ -1,3 +1,5 @@
+package datadog.trace.instrumentation.jetty9
+
 import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.instrumentation.servlet3.TestServlet3
 import groovy.transform.CompileStatic
diff --git a/dd-java-agent/instrumentation/jetty-appsec-7/src/main/java/datadog/trace/instrumentation/jetty70/UrlEncodedInstrumentation.java b/dd-java-agent/instrumentation/jetty-appsec-7/src/main/java/datadog/trace/instrumentation/jetty70/UrlEncodedInstrumentation.java
index 04d82a41bb3..44ae76678e6 100644
--- a/dd-java-agent/instrumentation/jetty-appsec-7/src/main/java/datadog/trace/instrumentation/jetty70/UrlEncodedInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-appsec-7/src/main/java/datadog/trace/instrumentation/jetty70/UrlEncodedInstrumentation.java
@@ -100,7 +100,10 @@ static void after(
           BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
           if (blockResponseFunction != null) {
             blockResponseFunction.tryCommitBlockingResponse(
-                rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                reqCtx.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
             if (t == null) {
               t = new BlockingException("Blocked request (for UrlEncoded/decodeTo)");
               reqCtx.getTraceSegment().effectivelyBlocked();
diff --git a/dd-java-agent/instrumentation/jetty-appsec-8.1.3/src/main/java/datadog/trace/instrumentation/jetty8/RequestGetPartsInstrumentation.java b/dd-java-agent/instrumentation/jetty-appsec-8.1.3/src/main/java/datadog/trace/instrumentation/jetty8/RequestGetPartsInstrumentation.java
index 3ba890eb07e..2ce0ccf2bd2 100644
--- a/dd-java-agent/instrumentation/jetty-appsec-8.1.3/src/main/java/datadog/trace/instrumentation/jetty8/RequestGetPartsInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-appsec-8.1.3/src/main/java/datadog/trace/instrumentation/jetty8/RequestGetPartsInstrumentation.java
@@ -181,8 +181,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          reqCtx.getTraceSegment().effectivelyBlocked();
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           if (t == null) {
             t = new BlockingException("Blocked request (for Request/parsePart(s))");
           }
diff --git a/dd-java-agent/instrumentation/jetty-appsec-9.2/src/main/java/datadog/trace/instrumentation/jetty92/RequestExtractContentParametersInstrumentation.java b/dd-java-agent/instrumentation/jetty-appsec-9.2/src/main/java/datadog/trace/instrumentation/jetty92/RequestExtractContentParametersInstrumentation.java
index 838bc37a389..562fec5578c 100644
--- a/dd-java-agent/instrumentation/jetty-appsec-9.2/src/main/java/datadog/trace/instrumentation/jetty92/RequestExtractContentParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-appsec-9.2/src/main/java/datadog/trace/instrumentation/jetty92/RequestExtractContentParametersInstrumentation.java
@@ -84,7 +84,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for Request/extractContentParameters)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
@@ -127,7 +130,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           if (t == null) {
             t = new BlockingException("Blocked request (for Request/getParts)");
             reqCtx.getTraceSegment().effectivelyBlocked();
diff --git a/dd-java-agent/instrumentation/jetty-appsec-9.3/build.gradle b/dd-java-agent/instrumentation/jetty-appsec-9.3/build.gradle
index fc0df591f77..69bad38c12b 100644
--- a/dd-java-agent/instrumentation/jetty-appsec-9.3/build.gradle
+++ b/dd-java-agent/instrumentation/jetty-appsec-9.3/build.gradle
@@ -2,7 +2,7 @@ muzzle {
   pass {
     group = 'org.eclipse.jetty'
     module = 'jetty-server'
-    versions = '[9.3,]'
+    versions = '[9.3,12)'
     assertInverse = true
   }
 }
diff --git a/dd-java-agent/instrumentation/jetty-appsec-9.3/src/main/java/datadog/trace/instrumentation/jetty93/RequestExtractContentParametersInstrumentation.java b/dd-java-agent/instrumentation/jetty-appsec-9.3/src/main/java/datadog/trace/instrumentation/jetty93/RequestExtractContentParametersInstrumentation.java
index 3937371af60..45aa17415ca 100644
--- a/dd-java-agent/instrumentation/jetty-appsec-9.3/src/main/java/datadog/trace/instrumentation/jetty93/RequestExtractContentParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/jetty-appsec-9.3/src/main/java/datadog/trace/instrumentation/jetty93/RequestExtractContentParametersInstrumentation.java
@@ -90,7 +90,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           if (t == null) {
             t = new BlockingException("Blocked request (for Request/extractContentParameters)");
             reqCtx.getTraceSegment().effectivelyBlocked();
diff --git a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/HandleRequestVisitor.java b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/HandleRequestVisitor.java
index 38110cc7c52..a1924d4a4b5 100644
--- a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/HandleRequestVisitor.java
+++ b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/HandleRequestVisitor.java
@@ -16,7 +16,7 @@
  *
  * <pre>
  * if (span != null && span.getRequestBlockingAction() &&
- *     JettyBlockingHelper.blockAndMarkBlocked(
+ *     JettyBlockingHelper.block(
  *         this.getRequest(), this.getResponse(),
  *         span.getRequestBlockingAction(), span) {
  *   // nothing
@@ -116,7 +116,7 @@ public void visitMethodInsn(
       super.visitMethodInsn(
           Opcodes.INVOKESTATIC,
           Type.getInternalName(JettyBlockingHelper.class),
-          "blockAndMarkBlocked",
+          "block",
           "(Lorg/eclipse/jetty/server/Request;Lorg/eclipse/jetty/server/Response;"
               + Type.getDescriptor(Flow.Action.RequestBlockingAction.class)
               + Type.getDescriptor(AgentSpan.class)
diff --git a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockResponseFunction.java b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockResponseFunction.java
index 886314dcfd1..6ad591576a0 100644
--- a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockResponseFunction.java
+++ b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockResponseFunction.java
@@ -2,6 +2,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import java.util.Map;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Response;
@@ -15,8 +16,12 @@ public JettyBlockResponseFunction(Request request) {
 
   @Override
   public boolean tryCommitBlockingResponse(
-      int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType templateType,
+      Map<String, String> extraHeaders) {
     Response response = request.getResponse();
-    return JettyBlockingHelper.block(request, response, statusCode, templateType, extraHeaders);
+    return JettyBlockingHelper.block(
+        segment, request, response, statusCode, templateType, extraHeaders);
   }
 }
diff --git a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockingHelper.java b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockingHelper.java
index 5e02ca7a759..983b53ec9a4 100644
--- a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockingHelper.java
+++ b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockingHelper.java
@@ -7,7 +7,7 @@
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.appsec.api.blocking.BlockingException;
 import datadog.trace.api.gateway.Flow;
-import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
@@ -154,6 +154,7 @@ public class JettyBlockingHelper {
   private JettyBlockingHelper() {}
 
   public static boolean block(
+      TraceSegment segment,
       Request request,
       Response response,
       int statusCode,
@@ -201,6 +202,7 @@ public static boolean block(
           writer.close();
         }
       }
+      segment.effectivelyBlocked();
       CLOSE_OUTPUT.invoke(response);
       if (ABORT != null) {
         // needed by jetty 9.0.0-9.1.3
@@ -223,26 +225,20 @@ public static boolean block(
     return true;
   }
 
-  public static boolean blockAndMarkBlocked(
+  public static boolean block(
       Request request, Response response, Flow.Action.RequestBlockingAction rba, AgentSpan span) {
-    if (block(
+    return block(
+        span.getRequestContext().getTraceSegment(),
         request,
         response,
         rba.getStatusCode(),
         rba.getBlockingContentType(),
-        rba.getExtraHeaders())) {
-      RequestContext requestContext = span.getRequestContext();
-      if (requestContext != null) {
-        requestContext.getTraceSegment().effectivelyBlocked();
-      }
-      return true;
-    }
-    return false;
+        rba.getExtraHeaders());
   }
 
-  public static void blockAndMarkBlockedThrowOnFailure(
+  public static void blockAndThrowOnFailure(
       Request request, Response response, Flow.Action.RequestBlockingAction rba, AgentSpan span) {
-    if (!blockAndMarkBlocked(request, response, rba, span)) {
+    if (!block(request, response, rba, span)) {
       throw new BlockingException("Throwing after being unable to commit blocking response");
     }
   }
diff --git a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty9/HandleVisitor.java b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty9/HandleVisitor.java
index 537f0531625..d8391130ce6 100644
--- a/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty9/HandleVisitor.java
+++ b/dd-java-agent/instrumentation/jetty-common/src/main/java/datadog/trace/instrumentation/jetty9/HandleVisitor.java
@@ -49,7 +49,7 @@
  *       Request req = getRequest(); // actually on the stack only
  *       Response resp = getResponse(); // idem
  *       dispatch(DispatcherType.REQUEST, () -> {
- *         JettyBlockingHelper.blockAndMarkBlockedThrowOnFailure(
+ *         JettyBlockingHelper.blockAndThrowOnFailure(
  *             request, response, span.getBlockingAction(), span);
  *       });
  *     } else {
@@ -149,7 +149,7 @@ public void visitMethodInsn(
       super.visitMethodInsn(
           Opcodes.INVOKESTATIC,
           Type.getInternalName(JettyBlockingHelper.class),
-          "blockAndMarkBlocked",
+          "block",
           "(Lorg/eclipse/jetty/server/Request;Lorg/eclipse/jetty/server/Response;"
               + Type.getDescriptor(Flow.Action.RequestBlockingAction.class)
               + Type.getDescriptor(AgentSpan.class)
@@ -267,7 +267,7 @@ public void visitMethodInsn(
             new Handle(
                 Opcodes.H_INVOKESTATIC,
                 Type.getInternalName(JettyBlockingHelper.class),
-                "blockAndMarkBlockedThrowOnFailure",
+                "blockAndThrowOnFailure",
                 "(Lorg/eclipse/jetty/server/Request;Lorg/eclipse/jetty/server/Response;"
                     + Type.getDescriptor(Flow.Action.RequestBlockingAction.class)
                     + Type.getDescriptor(AgentSpan.class)
diff --git a/dd-java-agent/instrumentation/jetty-common/src/test/groovy/datadog/trace/instrumentation/jetty/JettyBlockingHelperSpecification.groovy b/dd-java-agent/instrumentation/jetty-common/src/test/groovy/datadog/trace/instrumentation/jetty/JettyBlockingHelperSpecification.groovy
index 6c9000c4d4e..7f8f29129e4 100644
--- a/dd-java-agent/instrumentation/jetty-common/src/test/groovy/datadog/trace/instrumentation/jetty/JettyBlockingHelperSpecification.groovy
+++ b/dd-java-agent/instrumentation/jetty-common/src/test/groovy/datadog/trace/instrumentation/jetty/JettyBlockingHelperSpecification.groovy
@@ -1,6 +1,7 @@
 package datadog.trace.instrumentation.jetty
 
 import datadog.trace.api.gateway.Flow
+import datadog.trace.api.internal.TraceSegment
 import datadog.trace.test.util.DDSpecification
 import org.eclipse.jetty.server.Request
 import org.eclipse.jetty.server.Response
@@ -15,9 +16,10 @@ class JettyBlockingHelperSpecification extends DDSpecification {
     Request req = Mock()
     Response resp = Mock()
     ServletOutputStream os = Mock()
+    TraceSegment seg = Mock()
 
     when:
-    JettyBlockingHelper.block(req, resp, new Flow.Action.RequestBlockingAction(402, AUTO))
+    JettyBlockingHelper.block(seg, req, resp, new Flow.Action.RequestBlockingAction(402, AUTO))
 
     then:
     1 * resp.isCommitted() >> false
@@ -33,5 +35,6 @@ class JettyBlockingHelperSpecification extends DDSpecification {
     } else {
       1 * resp.closeOutput()
     }
+    1 * seg.effectivelyBlocked()
   }
 }
diff --git a/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSDecorator.java b/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSDecorator.java
index 113117081b2..8246bf494f5 100644
--- a/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSDecorator.java
+++ b/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSDecorator.java
@@ -46,9 +46,6 @@ public final class JMSDecorator extends MessagingClientDecorator {
   private static final Join QUEUE_JOINER = PrefixJoin.of("Queue ");
   private static final Join TOPIC_JOINER = PrefixJoin.of("Topic ");
 
-  private static final String LOCAL_SERVICE_NAME =
-      JMS_LEGACY_TRACING ? "jms" : Config.get().getServiceName();
-
   private final DDCache<CharSequence, CharSequence> resourceNameCache =
       DDCaches.newFixedSizeCache(32);
 
@@ -69,14 +66,20 @@ public final class JMSDecorator extends MessagingClientDecorator {
           "Produced for ",
           Tags.SPAN_KIND_PRODUCER,
           InternalSpanTypes.MESSAGE_PRODUCER,
-          LOCAL_SERVICE_NAME);
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .outboundService("jms", JMS_LEGACY_TRACING));
 
   public static final JMSDecorator CONSUMER_DECORATE =
       new JMSDecorator(
           "Consumed from ",
           Tags.SPAN_KIND_CONSUMER,
           InternalSpanTypes.MESSAGE_CONSUMER,
-          LOCAL_SERVICE_NAME);
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService("jms", JMS_LEGACY_TRACING));
 
   public static final JMSDecorator BROKER_DECORATE =
       new JMSDecorator(
diff --git a/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSMessageConsumerInstrumentation.java b/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSMessageConsumerInstrumentation.java
index 295e72b4586..f38af0bf3ad 100644
--- a/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSMessageConsumerInstrumentation.java
+++ b/dd-java-agent/instrumentation/jms/src/main/java/datadog/trace/instrumentation/jms/JMSMessageConsumerInstrumentation.java
@@ -21,6 +21,7 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
 import datadog.trace.bootstrap.InstrumentationContext;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.jms.MessageConsumerState;
@@ -91,32 +92,48 @@ public void adviceTransformations(AdviceTransformation transformation) {
   public static class ConsumerAdvice {
 
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    public static void beforeReceive(@Advice.This final MessageConsumer consumer) {
+    public static MessageConsumerState beforeReceive(@Advice.This final MessageConsumer consumer) {
       MessageConsumerState consumerState =
           InstrumentationContext.get(MessageConsumer.class, MessageConsumerState.class)
               .get(consumer);
-      if (null != consumerState) {
-        boolean finishSpan = consumerState.getSessionState().isAutoAcknowledge();
-        closePrevious(finishSpan);
-        if (finishSpan) {
-          consumerState.finishTimeInQueueSpan(false);
-        }
+
+      // ignore consumers who aren't bound to a tracked session via consumerState
+      if (null == consumerState) {
+        return null;
+      }
+
+      boolean finishSpan = consumerState.getSessionState().isAutoAcknowledge();
+      closePrevious(finishSpan);
+      if (finishSpan) {
+        consumerState.finishTimeInQueueSpan(false);
       }
+
+      // don't create spans for nested receive calls, even if different consumers are involved
+      final int callDepth = CallDepthThreadLocalMap.incrementCallDepth(MessageConsumer.class);
+      if (callDepth > 0) {
+        return null;
+      }
+
+      return consumerState;
     }
 
     @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
     public static void afterReceive(
+        @Advice.Enter final MessageConsumerState consumerState,
         @Advice.This final MessageConsumer consumer,
         @Advice.Return final Message message,
         @Advice.Thrown final Throwable throwable) {
-      if (message == null) {
-        // don't create spans (traces) for each poll if the queue is empty
+
+      if (consumerState == null) {
+        // either we're not tracking the consumer or this is a nested receive
         return;
       }
-      MessageConsumerState consumerState =
-          InstrumentationContext.get(MessageConsumer.class, MessageConsumerState.class)
-              .get(consumer);
-      if (null == consumerState) {
+
+      // outermost receive call - make sure we reset call-depth before returning
+      CallDepthThreadLocalMap.reset(MessageConsumer.class);
+
+      if (message == null) {
+        // don't create spans (traces) for each poll if the queue is empty
         return;
       }
 
diff --git a/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JSONObjectUtilsInstrumentation.java b/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JSONObjectUtilsInstrumentation.java
index d711a29f7d0..40005d5e18a 100644
--- a/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JSONObjectUtilsInstrumentation.java
+++ b/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JSONObjectUtilsInstrumentation.java
@@ -36,16 +36,18 @@ public String instrumentedType() {
   public static class InstrumenterAdvice {
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onEnter(@Advice.Return Map<String, Object> map) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
 
       if (module != null) {
-        for (Map.Entry entry : map.entrySet()) {
-          if (entry.getValue() instanceof String) {
+        for (Map.Entry<String, Object> entry : map.entrySet()) {
+          final String name = entry.getKey();
+          final Object value = entry.getValue();
+          if (value instanceof String) {
             // TODO: We could represent this source more accurately, perhaps tracking the original
             // source, or using a special name.
-            module.taint(SourceTypes.REQUEST_HEADER_VALUE, null, (String) entry.getValue());
+            module.taint(value, SourceTypes.REQUEST_HEADER_VALUE, name);
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JWTParserInstrumentation.java b/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JWTParserInstrumentation.java
index dd4cf5d7f85..932857c7902 100644
--- a/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JWTParserInstrumentation.java
+++ b/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JWTParserInstrumentation.java
@@ -35,14 +35,14 @@ public String instrumentedType() {
   public static class InstrumenterAdvice {
 
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onEnter(@Advice.Argument(0) String json) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
 
       if (module != null) {
         // TODO: We could represent this source more accurately, perhaps tracking the original
         // source, or using a special name.
-        module.taint(SourceTypes.REQUEST_HEADER_VALUE, null, json);
+        module.taint(json, SourceTypes.REQUEST_HEADER_VALUE);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/jose-jwt/src/test/groovy/JWTParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jose-jwt/src/test/groovy/JWTParserInstrumentationTest.groovy
index c54039d2dd8..c18c77ca48b 100644
--- a/dd-java-agent/instrumentation/jose-jwt/src/test/groovy/JWTParserInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/jose-jwt/src/test/groovy/JWTParserInstrumentationTest.groovy
@@ -19,7 +19,7 @@ class JWTParserInstrumentationTest  extends AgentTestRunner {
     new com.auth0.jwt.impl.JWTParser().parsePayload(payload)
 
     then:
-    1 * propagationModule.taint(SourceTypes.REQUEST_HEADER_VALUE, null, payload)
+    1 * propagationModule.taint(payload, SourceTypes.REQUEST_HEADER_VALUE)
     0 * _
   }
 
@@ -33,11 +33,11 @@ class JWTParserInstrumentationTest  extends AgentTestRunner {
     com.nimbusds.jose.util.JSONObjectUtils.parse(json)
 
     then:
-    1 * propagationModule.taint(SourceTypes.REQUEST_HEADER_VALUE, null, "http://foobar.com")
-    1 * propagationModule.taint(SourceTypes.REQUEST_HEADER_VALUE, null, "foo")
-    1 * propagationModule.taint(SourceTypes.REQUEST_HEADER_VALUE, null, "foobar")
-    1 * propagationModule.taint(SourceTypes.REQUEST_HEADER_VALUE, null, "Mr Foo Bar")
-    1 * propagationModule.taint(SourceTypes.REQUEST_HEADER_VALUE, null, "read")
+    1 * propagationModule.taint('http://foobar.com', SourceTypes.REQUEST_HEADER_VALUE, 'iss')
+    1 * propagationModule.taint('foo', SourceTypes.REQUEST_HEADER_VALUE, 'sub')
+    1 * propagationModule.taint('foobar', SourceTypes.REQUEST_HEADER_VALUE, 'aud')
+    1 * propagationModule.taint('Mr Foo Bar', SourceTypes.REQUEST_HEADER_VALUE, 'name')
+    1 * propagationModule.taint('read', SourceTypes.REQUEST_HEADER_VALUE, 'scope')
     0 * _
   }
 }
diff --git a/dd-java-agent/instrumentation/jsp-2.3/src/main/java/datadog/trace/instrumentation/jsp/JSPDecorator.java b/dd-java-agent/instrumentation/jsp-2.3/src/main/java/datadog/trace/instrumentation/jsp/JSPDecorator.java
index 03b8ea222ab..a3dc226cd16 100644
--- a/dd-java-agent/instrumentation/jsp-2.3/src/main/java/datadog/trace/instrumentation/jsp/JSPDecorator.java
+++ b/dd-java-agent/instrumentation/jsp-2.3/src/main/java/datadog/trace/instrumentation/jsp/JSPDecorator.java
@@ -72,7 +72,7 @@ public void onRender(final AgentSpan span, final HttpServletRequest req) {
           "jsp.requestURL", (new URI(req.getRequestURL().toString())).normalize().toString());
     } catch (final URISyntaxException uriSE) {
       LoggerFactory.getLogger(HttpJspPage.class)
-          .debug("Failed to get and normalize request URL: " + uriSE.getMessage());
+          .debug("Failed to get and normalize request URL: {}", uriSE.getMessage());
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/junit-4.10/build.gradle b/dd-java-agent/instrumentation/junit-4.10/build.gradle
index b155f403e55..840abe46e7d 100644
--- a/dd-java-agent/instrumentation/junit-4.10/build.gradle
+++ b/dd-java-agent/instrumentation/junit-4.10/build.gradle
@@ -9,20 +9,16 @@ muzzle {
   }
 }
 
+addTestSuiteForDir('latestDepTest', 'test')
+
 dependencies {
   compileOnly group: 'junit', name: 'junit', version: '4.10'
 
   testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
 
   // version used below is not the minimum one that we support,
-  // but the tests need to use it in order to be compliant with Spock 2.0
-  testImplementation(group: 'junit', name: 'junit') {
-    version {
-      strictly '4.13.2'
-    }
-  }
+  // but the tests need to use it in order to be compliant with Spock 2.x
+  testImplementation group: 'junit', name: 'junit', version: '4.13.2'
 
-  testImplementation group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
-  testImplementation group: 'io.cucumber', name: 'cucumber-junit', version: '5.4.0'
-  testImplementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.1'
+  latestDepTestImplementation group: 'junit', name: 'junit', version: '+'
 }
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/build.gradle b/dd-java-agent/instrumentation/junit-4.10/cucumber/build.gradle
new file mode 100644
index 00000000000..871afe9b522
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/build.gradle
@@ -0,0 +1,33 @@
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = 'io.cucumber'
+    module = 'cucumber-junit'
+    versions = '[5.4.0,)'
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  implementation project(':dd-java-agent:instrumentation:junit-4.10')
+  compileOnly group: 'io.cucumber', name: 'cucumber-junit', version: '5.4.0'
+
+  testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
+
+  // version used below is not the minimum one that we support,
+  // but the tests need to use it in order to be compliant with Spock 2.x
+  testImplementation(group: 'junit', name: 'junit') {
+    version {
+      strictly '4.13.2'
+    }
+  }
+
+  testImplementation group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
+  testImplementation group: 'io.cucumber', name: 'cucumber-junit', version: '5.4.0'
+  testImplementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.1'
+
+  latestDepTestImplementation group: 'io.cucumber', name: 'cucumber-java', version: '+'
+  latestDepTestImplementation group: 'io.cucumber', name: 'cucumber-junit', version: '+'
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/CucumberTracingListener.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/CucumberTracingListener.java
new file mode 100644
index 00000000000..d9657dd2a12
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/CucumberTracingListener.java
@@ -0,0 +1,193 @@
+package datadog.trace.instrumentation.junit4;
+
+import datadog.trace.util.MethodHandles;
+import datadog.trace.util.Strings;
+import io.cucumber.core.gherkin.Feature;
+import io.cucumber.core.gherkin.Pickle;
+import io.cucumber.core.resource.ClassLoaders;
+import java.io.InputStream;
+import java.lang.invoke.MethodHandle;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import org.junit.Ignore;
+import org.junit.runner.Description;
+import org.junit.runner.notification.Failure;
+import org.junit.runner.notification.RunListener;
+import org.junit.runners.ParentRunner;
+
+@RunListener.ThreadSafe
+public class CucumberTracingListener extends TracingListener {
+
+  public static final String FRAMEWORK_NAME = "cucumber";
+  public static final String FRAMEWORK_VERSION = getVersion();
+
+  private static String getVersion() {
+    ClassLoader cucumberClassLoader = ClassLoaders.getDefaultClassLoader();
+    try (InputStream cucumberPropsStream =
+        cucumberClassLoader.getResourceAsStream(
+            "META-INF/maven/io.cucumber/cucumber-junit/pom.properties")) {
+      Properties cucumberProps = new Properties();
+      cucumberProps.load(cucumberPropsStream);
+      String version = cucumberProps.getProperty("version");
+      if (Strings.isNotBlank(version)) {
+        return version;
+      }
+    } catch (Exception e) {
+      // fallback below
+    }
+    return "unknown";
+  }
+
+  private static final MethodHandles REFLECTION =
+      new MethodHandles(ClassLoaders.getDefaultClassLoader());
+  private static final MethodHandle PICKLE_ID_CONSTRUCTOR =
+      REFLECTION.constructor("io.cucumber.junit.PickleRunners$PickleId", Pickle.class);
+
+  private static final MethodHandle FEATURE_GETTER =
+      REFLECTION.privateFieldGetter("io.cucumber.junit.FeatureRunner", "feature");
+
+  private final Map<Object, Pickle> pickleById = new HashMap<>();
+
+  public CucumberTracingListener(List<ParentRunner<?>> featureRunners) {
+    for (ParentRunner<?> featureRunner : featureRunners) {
+      Feature feature = (Feature) REFLECTION.invoke(FEATURE_GETTER, featureRunner);
+      for (Pickle pickle : feature.getPickles()) {
+        Object pickleId = REFLECTION.invoke(PICKLE_ID_CONSTRUCTOR, pickle);
+        pickleById.put(pickleId, pickle);
+      }
+    }
+  }
+
+  @Override
+  public void testSuiteStarted(final Description description) {
+    if (isFeature(description)) {
+      String testSuiteName = description.getClassName();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+          testSuiteName, FRAMEWORK_NAME, FRAMEWORK_VERSION, null, Collections.emptyList(), false);
+    }
+  }
+
+  @Override
+  public void testSuiteFinished(final Description description) {
+    if (isFeature(description)) {
+      String testSuiteName = description.getClassName();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, null);
+    }
+  }
+
+  @Override
+  public void testStarted(final Description description) {
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+    List<String> categories = getCategories(description);
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+        testSuiteName,
+        testName,
+        null,
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        null,
+        categories,
+        null,
+        null,
+        null);
+  }
+
+  @Override
+  public void testFinished(final Description description) {
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+        testSuiteName, null, testName, null, null);
+  }
+
+  // same callback is executed both for test cases and test suites (for setup/teardown errors)
+  @Override
+  public void testFailure(final Failure failure) {
+    Description description = failure.getDescription();
+    if (isFeature(description)) {
+      String testSuiteName = description.getClassName();
+      Throwable throwable = failure.getException();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
+          testSuiteName, null, throwable);
+    } else {
+      String testSuiteName = description.getClassName();
+      String testName = description.getMethodName();
+      Throwable throwable = failure.getException();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
+          testSuiteName, null, testName, null, null, throwable);
+    }
+  }
+
+  @Override
+  public void testAssumptionFailure(final Failure failure) {
+    String reason;
+    Throwable throwable = failure.getException();
+    if (throwable != null) {
+      reason = throwable.getMessage();
+    } else {
+      reason = null;
+    }
+
+    Description description = failure.getDescription();
+    if (isFeature(description)) {
+      String testSuiteName = description.getClassName();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, null, reason);
+    } else {
+      String testSuiteName = description.getClassName();
+      String testName = description.getMethodName();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+          testSuiteName, null, testName, null, null, reason);
+    }
+  }
+
+  @Override
+  public void testIgnored(final Description description) {
+    Ignore ignore = description.getAnnotation(Ignore.class);
+    String reason = ignore != null ? ignore.value() : null;
+
+    if (isFeature(description)) {
+      String testSuiteName = description.getClassName();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+          testSuiteName, FRAMEWORK_NAME, FRAMEWORK_VERSION, null, Collections.emptyList(), false);
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, null, reason);
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, null);
+    } else {
+      String testSuiteName = description.getClassName();
+      String testName = description.getMethodName();
+      List<String> categories = getCategories(description);
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
+          testSuiteName,
+          testName,
+          null,
+          FRAMEWORK_NAME,
+          FRAMEWORK_VERSION,
+          null,
+          categories,
+          null,
+          null,
+          null,
+          reason);
+    }
+  }
+
+  private static boolean isFeature(final Description description) {
+    Object uniqueId = JUnit4Utils.getUniqueId(description);
+    return uniqueId != null && uniqueId.toString().endsWith(".feature");
+  }
+
+  private List<String> getCategories(Description description) {
+    Pickle pickle = pickleById.get(JUnit4Utils.getUniqueId(description));
+    List<String> pickleTags = pickle.getTags();
+    List<String> categories = new ArrayList<>(pickleTags.size());
+    for (String tag : pickleTags) {
+      categories.add(tag.substring(1)); // remove leading "@"
+    }
+    return categories;
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/JUnit4CucumberInstrumentation.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/JUnit4CucumberInstrumentation.java
new file mode 100644
index 00000000000..16cddf4ea54
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/JUnit4CucumberInstrumentation.java
@@ -0,0 +1,70 @@
+package datadog.trace.instrumentation.junit4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.List;
+import net.bytebuddy.asm.Advice;
+import org.junit.runner.notification.RunListener;
+import org.junit.runner.notification.RunNotifier;
+import org.junit.runners.ParentRunner;
+
+@AutoService(Instrumenter.class)
+public class JUnit4CucumberInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForSingleType {
+
+  public JUnit4CucumberInstrumentation() {
+    super("ci-visibility", "junit-4", "junit-4-cucumber");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.cucumber.junit.Cucumber";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".TestEventsHandlerHolder",
+      packageName + ".SkippedByItr",
+      packageName + ".JUnit4Utils",
+      packageName + ".TracingListener",
+      packageName + ".CucumberTracingListener",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("childrenInvoker")
+            .and(takesArgument(0, named("org.junit.runner.notification.RunNotifier"))),
+        JUnit4CucumberInstrumentation.class.getName() + "$CucumberAdvice");
+  }
+
+  public static class CucumberAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void addTracingListener(
+        @Advice.FieldValue("children") List<ParentRunner<?>> children,
+        @Advice.Argument(value = 0, readOnly = false) RunNotifier runNotifier) {
+
+      RunNotifier replacedNotifier = new RunNotifier();
+
+      // copy listeners to new notifier
+      List<RunListener> runListeners = JUnit4Utils.runListenersFromRunNotifier(runNotifier);
+      if (runListeners != null) {
+        for (RunListener listener : runListeners) {
+          RunListener tracingListener = JUnit4Utils.toTracingListener(listener);
+          // skip JUnit 4 listener, we will install Cucumber listener instead
+          if (tracingListener == null) {
+            replacedNotifier.addListener(listener);
+          }
+        }
+      }
+
+      replacedNotifier.addListener(new CucumberTracingListener(children));
+      runNotifier = replacedNotifier;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/JUnit4CucumberItrInstrumentation.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/JUnit4CucumberItrInstrumentation.java
new file mode 100644
index 00000000000..dccb9462d49
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/main/java/datadog/trace/instrumentation/junit4/JUnit4CucumberItrInstrumentation.java
@@ -0,0 +1,92 @@
+package datadog.trace.instrumentation.junit4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import io.cucumber.core.gherkin.Pickle;
+import java.util.List;
+import java.util.Set;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.junit.AssumptionViolatedException;
+import org.junit.runner.Description;
+import org.junit.runner.notification.Failure;
+import org.junit.runner.notification.RunNotifier;
+
+@AutoService(Instrumenter.class)
+public class JUnit4CucumberItrInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForTypeHierarchy {
+
+  public JUnit4CucumberItrInstrumentation() {
+    super("ci-visibility", "junit-4", "junit-4-cucumber");
+  }
+
+  @Override
+  public boolean isApplicable(Set<TargetSystem> enabledSystems) {
+    return super.isApplicable(enabledSystems) && Config.get().isCiVisibilityItrEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "io.cucumber.junit.PickleRunners$PickleRunner";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".TestEventsHandlerHolder",
+      packageName + ".SkippedByItr",
+      packageName + ".JUnit4Utils",
+      packageName + ".TracingListener",
+      packageName + ".CucumberTracingListener",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("run").and(takesArgument(0, named("org.junit.runner.notification.RunNotifier"))),
+        JUnit4CucumberItrInstrumentation.class.getName() + "$CucumberItrAdvice");
+  }
+
+  public static class CucumberItrAdvice {
+    @SuppressFBWarnings("NP_BOOLEAN_RETURN_NULL")
+    @Advice.OnMethodEnter(skipOn = Boolean.class)
+    public static Boolean run(
+        @Advice.FieldValue("pickle") Pickle pickle,
+        @Advice.FieldValue("description") Description description,
+        @Advice.Argument(0) RunNotifier notifier) {
+
+      List<String> tags = pickle.getTags();
+      for (String tag : tags) {
+        if (tag.endsWith(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)) {
+          return null;
+        }
+      }
+
+      SkippableTest test = JUnit4Utils.toSkippableTest(description);
+      if (TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(test)) {
+        notifier.fireTestAssumptionFailed(
+            new Failure(
+                description,
+                new AssumptionViolatedException(InstrumentationBridge.ITR_SKIP_REASON)));
+        return Boolean.FALSE;
+      } else {
+        return null;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/CucumberTest.groovy b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/groovy/CucumberTest.groovy
similarity index 51%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/groovy/CucumberTest.groovy
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/groovy/CucumberTest.groovy
index d27b7a7a878..237dfac86a3 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/CucumberTest.groovy
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/groovy/CucumberTest.groovy
@@ -6,9 +6,13 @@ import datadog.trace.api.civisibility.CIConstants
 import datadog.trace.api.civisibility.config.SkippableTest
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.CiVisibilityTest
+import datadog.trace.instrumentation.junit4.CucumberTracingListener
 import datadog.trace.instrumentation.junit4.TestEventsHandlerHolder
-import org.example.TestSucceedCucumber
-import org.example.TestSucceedExamplesCucumber
+import org.example.cucumber.TestFailedCucumber
+import org.example.cucumber.TestSucceedCucumber
+import org.example.cucumber.TestSucceedCucumberUnskippable
+import org.example.cucumber.TestSucceedCucumberUnskippableSuite
+import org.example.cucumber.TestSucceedExamplesCucumber
 import org.junit.runner.JUnitCore
 
 @DisableTestTrace(reason = "avoid self-tracing")
@@ -31,7 +35,8 @@ class CucumberTest extends CiVisibilityTest {
         testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_PASS)
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_PASS)
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_PASS,
+          null, null, false, ["foo"])
       }
     })
   }
@@ -51,20 +56,55 @@ class CucumberTest extends CiVisibilityTest {
         testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic With Examples", CIConstants.TEST_PASS)
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions", CIConstants.TEST_PASS)
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions" + getOutlineTestNameSuffix(1), CIConstants.TEST_PASS,
+          null, null, false, ["foo"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions", CIConstants.TEST_PASS)
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions" + getOutlineTestNameSuffix(2), CIConstants.TEST_PASS,
+          null, null, false, ["foo"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions", CIConstants.TEST_PASS)
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions" + getOutlineTestNameSuffix(3), CIConstants.TEST_PASS,
+          null, null, false, ["foo"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions", CIConstants.TEST_PASS)
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions" + getOutlineTestNameSuffix(4), CIConstants.TEST_PASS,
+          null, null, false, ["foo"])
       }
     })
   }
 
+  /**
+   * Later Cucumber versions add a suffix to outline test execution names
+   */
+  private String getOutlineTestNameSuffix(int idx) {
+    return expectedTestFrameworkVersion() > "7" ? " #${idx}" : ""
+  }
+
+  def "test failure generates spans"() {
+    setup:
+    runTestClasses(TestFailedCucumber)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_FAIL)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_FAIL)
+        testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_FAIL)
+      }
+      trace(1) {
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_FAIL,
+          null, exception, false, ["foo"])
+      }
+    })
+
+    where:
+    exception = new AssertionError("expected:<42.0> but was:<9.0>")
+  }
+
   def "test ITR test skipping"() {
     setup:
     givenSkippableTests([new SkippableTest("Basic Arithmetic", "Addition", null, null),])
@@ -85,7 +125,8 @@ class CucumberTest extends CiVisibilityTest {
         testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_SKIP)
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_SKIP, testTags)
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_SKIP,
+          testTags, null, false , ["foo"])
       }
     })
 
@@ -93,6 +134,60 @@ class CucumberTest extends CiVisibilityTest {
     testTags = [(Tags.TEST_SKIP_REASON): "Skipped by Datadog Intelligent Test Runner", (Tags.TEST_SKIPPED_BY_ITR): true]
   }
 
+  def "test ITR test unskippable"() {
+    setup:
+    givenSkippableTests([new SkippableTest("Basic Arithmetic", "Addition", null, null),])
+    runTestClasses(TestSucceedCucumberUnskippable)
+
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_PASS, testTags, null, false, ["datadog_itr_unskippable"])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test ITR test unskippable suite"() {
+    setup:
+    givenSkippableTests([new SkippableTest("Basic Arithmetic", "Addition", null, null),])
+    runTestClasses(TestSucceedCucumberUnskippableSuite)
+
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_PASS, testTags, null, false, ["datadog_itr_unskippable"])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
   private void runTestClasses(Class<?>... tests) {
     TestEventsHandlerHolder.start()
     runner.run(tests)
@@ -124,26 +219,26 @@ class CucumberTest extends CiVisibilityTest {
     final Throwable exception = null,
     final boolean emptyDuration = false,
     final Collection<String> categories = null) {
-    testSpan(trace, index, testSessionId, testModuleId, testSuiteId, testSuite, testName, null, testStatus, testTags, exception, emptyDuration, categories, false)
+    testSpan(trace, index, testSessionId, testModuleId, testSuiteId, testSuite, testName, null, testStatus, testTags, exception, emptyDuration, categories, false, false)
   }
 
   @Override
   String expectedOperationPrefix() {
-    return "junit"
+    "junit"
   }
 
   @Override
   String expectedTestFramework() {
-    return "cucumber"
+    CucumberTracingListener.FRAMEWORK_NAME
   }
 
   @Override
   String expectedTestFrameworkVersion() {
-    return "5.4.0"
+    CucumberTracingListener.FRAMEWORK_VERSION
   }
 
   @Override
   String component() {
-    return "junit"
+    "junit"
   }
 }
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestFailedCucumber.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestFailedCucumber.java
new file mode 100644
index 00000000000..3896dab9143
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestFailedCucumber.java
@@ -0,0 +1,11 @@
+package org.example.cucumber;
+
+import io.cucumber.junit.Cucumber;
+import io.cucumber.junit.CucumberOptions;
+import org.junit.runner.RunWith;
+
+@RunWith(Cucumber.class)
+@CucumberOptions(
+    features = "classpath:org/example/cucumber/calculator/basic_arithmetic_failed.feature",
+    glue = "org.example.cucumber.calculator")
+public class TestFailedCucumber {}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedCucumber.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumber.java
similarity index 76%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedCucumber.java
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumber.java
index bc829ff3e54..d24b0b3059b 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedCucumber.java
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumber.java
@@ -1,4 +1,4 @@
-package org.example;
+package org.example.cucumber;
 
 import io.cucumber.junit.Cucumber;
 import io.cucumber.junit.CucumberOptions;
@@ -7,6 +7,5 @@
 @RunWith(Cucumber.class)
 @CucumberOptions(
     features = "classpath:org/example/cucumber/calculator/basic_arithmetic.feature",
-    glue = "org.example.cucumber.calculator",
-    strict = true)
+    glue = "org.example.cucumber.calculator")
 public class TestSucceedCucumber {}
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumberUnskippable.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumberUnskippable.java
new file mode 100644
index 00000000000..ac7953c9641
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumberUnskippable.java
@@ -0,0 +1,11 @@
+package org.example.cucumber;
+
+import io.cucumber.junit.Cucumber;
+import io.cucumber.junit.CucumberOptions;
+import org.junit.runner.RunWith;
+
+@RunWith(Cucumber.class)
+@CucumberOptions(
+    features = "classpath:org/example/cucumber/calculator/basic_arithmetic_unskippable.feature",
+    glue = "org.example.cucumber.calculator")
+public class TestSucceedCucumberUnskippable {}
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumberUnskippableSuite.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumberUnskippableSuite.java
new file mode 100644
index 00000000000..6fcb8b318ed
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedCucumberUnskippableSuite.java
@@ -0,0 +1,12 @@
+package org.example.cucumber;
+
+import io.cucumber.junit.Cucumber;
+import io.cucumber.junit.CucumberOptions;
+import org.junit.runner.RunWith;
+
+@RunWith(Cucumber.class)
+@CucumberOptions(
+    features =
+        "classpath:org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature",
+    glue = "org.example.cucumber.calculator")
+public class TestSucceedCucumberUnskippableSuite {}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedExamplesCucumber.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedExamplesCucumber.java
similarity index 91%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedExamplesCucumber.java
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedExamplesCucumber.java
index c4a2ce20e55..96cebe5431d 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedExamplesCucumber.java
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/TestSucceedExamplesCucumber.java
@@ -1,4 +1,4 @@
-package org.example;
+package org.example.cucumber;
 
 import io.cucumber.junit.Cucumber;
 import io.cucumber.junit.CucumberOptions;
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/cucumber/calculator/ParameterTypes.java b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/calculator/ParameterTypes.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/cucumber/calculator/ParameterTypes.java
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/java/org/example/cucumber/calculator/ParameterTypes.java
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_failed.feature b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_failed.feature
new file mode 100644
index 00000000000..d49dfabeac2
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_failed.feature
@@ -0,0 +1,10 @@
+@foo
+Feature: Basic Arithmetic
+
+  Background: A Calculator
+    Given a calculator I just turned on
+
+  Scenario: Addition
+  # Try to change one of the values below to provoke a failure
+    When I add 4 and 5
+    Then the result is 42
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable.feature b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable.feature
new file mode 100644
index 00000000000..a72a357f287
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable.feature
@@ -0,0 +1,10 @@
+Feature: Basic Arithmetic
+
+  Background: A Calculator
+    Given a calculator I just turned on
+
+  @datadog_itr_unskippable
+  Scenario: Addition
+  # Try to change one of the values below to provoke a failure
+    When I add 4 and 5
+    Then the result is 9
diff --git a/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature
new file mode 100644
index 00000000000..b897853eaa8
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature
@@ -0,0 +1,10 @@
+@datadog_itr_unskippable
+Feature: Basic Arithmetic
+
+  Background: A Calculator
+    Given a calculator I just turned on
+
+  Scenario: Addition
+  # Try to change one of the values below to provoke a failure
+    When I add 4 and 5
+    Then the result is 9
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature b/dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature
rename to dd-java-agent/instrumentation/junit-4.10/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/build.gradle b/dd-java-agent/instrumentation/junit-4.10/munit/build.gradle
new file mode 100644
index 00000000000..e3cda16d277
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/build.gradle
@@ -0,0 +1,41 @@
+apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'scala'
+
+muzzle {
+  pass {
+    group = 'org.scalameta'
+    module = 'munit_2.13'
+    versions = '[0.7.28,)'
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  implementation project(':dd-java-agent:instrumentation:junit-4.10')
+  compileOnly group: 'org.scalameta', name: 'munit_2.13', version: '0.7.28'
+
+  testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
+
+  // version used below is not the minimum one that we support,
+  // but the tests need to use it in order to be compliant with Spock 2.x
+  testImplementation(group: 'junit', name: 'junit') {
+    version {
+      strictly '4.13.2'
+    }
+  }
+
+  testImplementation group: 'org.scala-lang', name: 'scala-library', version: '2.13.10'
+  testImplementation group: 'org.scalameta', name: 'munit_2.13', version: '0.7.28'
+
+  latestDepTestImplementation group: 'org.scalameta', name: 'munit_2.13', version: '+'
+}
+
+compileTestGroovy {
+  dependsOn compileTestScala
+  classpath += files(sourceSets.test.scala.destinationDirectory)
+}
+compileLatestDepTestGroovy {
+  dependsOn compileLatestDepTestScala
+  classpath += files(sourceSets.latestDepTest.scala.destinationDirectory)
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/main/java/datadog/trace/instrumentation/junit4/MUnitInstrumentation.java b/dd-java-agent/instrumentation/junit-4.10/munit/src/main/java/datadog/trace/instrumentation/junit4/MUnitInstrumentation.java
new file mode 100644
index 00000000000..043144bb8d3
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/main/java/datadog/trace/instrumentation/junit4/MUnitInstrumentation.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.junit4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.List;
+import net.bytebuddy.asm.Advice;
+import org.junit.runner.notification.RunListener;
+import org.junit.runner.notification.RunNotifier;
+
+@AutoService(Instrumenter.class)
+public class MUnitInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForSingleType {
+
+  public MUnitInstrumentation() {
+    super("ci-visibility", "junit-4", "junit-4-munit");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "munit.MUnitRunner";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".TestEventsHandlerHolder",
+      packageName + ".SkippedByItr",
+      packageName + ".JUnit4Utils",
+      packageName + ".TracingListener",
+      packageName + ".MUnitTracingListener",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("run").and(takesArgument(0, named("org.junit.runner.notification.RunNotifier"))),
+        MUnitInstrumentation.class.getName() + "$MUnitAdvice");
+  }
+
+  public static class MUnitAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void addTracingListener(
+        @Advice.Argument(value = 0, readOnly = false) RunNotifier runNotifier) {
+
+      RunNotifier replacedNotifier = new RunNotifier();
+
+      // copy listeners to new notifier
+      List<RunListener> runListeners = JUnit4Utils.runListenersFromRunNotifier(runNotifier);
+      if (runListeners != null) {
+        for (RunListener listener : runListeners) {
+          RunListener tracingListener = JUnit4Utils.toTracingListener(listener);
+          // skip JUnit 4 listener, we will install MUnit listener instead
+          if (tracingListener == null) {
+            replacedNotifier.addListener(listener);
+          }
+        }
+      }
+
+      replacedNotifier.addListener(new MUnitTracingListener());
+      runNotifier = replacedNotifier;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/main/java/datadog/trace/instrumentation/junit4/MUnitTracingListener.java b/dd-java-agent/instrumentation/junit-4.10/munit/src/main/java/datadog/trace/instrumentation/junit4/MUnitTracingListener.java
new file mode 100644
index 00000000000..68420e71e17
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/main/java/datadog/trace/instrumentation/junit4/MUnitTracingListener.java
@@ -0,0 +1,215 @@
+package datadog.trace.instrumentation.junit4;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.util.Strings;
+import java.lang.annotation.Annotation;
+import java.util.ArrayList;
+import java.util.List;
+import munit.Suite;
+import munit.Tag;
+import org.junit.runner.Description;
+import org.junit.runner.notification.Failure;
+
+public class MUnitTracingListener extends TracingListener {
+
+  public static final String FRAMEWORK_NAME = "munit";
+  public static final String FRAMEWORK_VERSION = getVersion();
+
+  public static String getVersion() {
+    Package munitPackage = Suite.class.getPackage();
+    return munitPackage.getImplementationVersion();
+  }
+
+  public void testSuiteStarted(final Description description) {
+    if (!isSuiteContainingChildren(description)) {
+      // Not all test suites contain tests.
+      // Given that test suites can be nested in other test suites,
+      // we are only interested in the innermost ones where the actual test cases reside
+      return;
+    }
+
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = description.getClassName();
+    List<String> categories = getCategories(description);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+        testSuiteName, FRAMEWORK_NAME, FRAMEWORK_VERSION, testClass, categories, false);
+  }
+
+  public void testSuiteFinished(final Description description) {
+    if (!isSuiteContainingChildren(description)) {
+      // Not all test suites contain tests.
+      // Given that test suites can be nested in other test suites,
+      // we are only interested in the innermost ones where the actual test cases reside
+      return;
+    }
+
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = description.getClassName();
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
+  }
+
+  @Override
+  public void testStarted(final Description description) {
+    String testSuiteName = description.getClassName();
+    Class<?> testClass = description.getTestClass();
+    String testName = description.getMethodName();
+    List<String> categories = getCategories(description);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+        testSuiteName,
+        testName,
+        null,
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        null,
+        categories,
+        testClass,
+        null,
+        null);
+  }
+
+  @Override
+  public void testFinished(final Description description) {
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+        testSuiteName, testClass, testName, null, null);
+  }
+
+  // same callback is executed both for test cases and test suites (for setup/teardown errors)
+  @Override
+  public void testFailure(final Failure failure) {
+    Throwable throwable = failure.getException();
+    Description description = failure.getDescription();
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+
+    if (Strings.isNotBlank(testName)) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
+          testSuiteName, testClass, testName, null, null, throwable);
+    } else {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
+          testSuiteName, testClass, throwable);
+    }
+  }
+
+  @Override
+  public void testAssumptionFailure(final Failure failure) {
+    String reason;
+    Throwable throwable = failure.getException();
+    if (throwable != null) {
+      reason = throwable.getMessage();
+    } else {
+      reason = null;
+    }
+
+    Description description = failure.getDescription();
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+
+    if (Strings.isNotBlank(testName)) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+          testSuiteName, testClass, testName, null, null, reason);
+
+    } else if (testClass != null) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
+      for (Description child : description.getChildren()) {
+        testCaseIgnored(child);
+      }
+    }
+  }
+
+  @Override
+  public void testIgnored(final Description description) {
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+
+    if (Strings.isNotBlank(testName)) {
+      if (!isTestInProgress()) {
+        // earlier versions of MUnit (e.g. 0.7.28) trigger "testStarted" event for ignored tests,
+        // while newer versions don't
+        List<String> categories = getCategories(description);
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+            testSuiteName,
+            testName,
+            null,
+            FRAMEWORK_NAME,
+            FRAMEWORK_VERSION,
+            null,
+            categories,
+            testClass,
+            null,
+            null);
+      }
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+          testSuiteName, testClass, testName, null, null, null);
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+          testSuiteName, testClass, testName, null, null);
+
+    } else if (testClass != null) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, null);
+      for (Description child : description.getChildren()) {
+        testCaseIgnored(child);
+      }
+    }
+  }
+
+  private boolean isTestInProgress() {
+    final AgentScope scope = AgentTracer.activeScope();
+    if (scope == null) {
+      return false;
+    }
+    AgentSpan scopeSpan = scope.span();
+    String spanType = scopeSpan.getSpanType();
+    return spanType != null && spanType.contentEquals(InternalSpanTypes.TEST);
+  }
+
+  private void testCaseIgnored(final Description description) {
+    String testSuiteName = description.getClassName();
+    String testName = description.getMethodName();
+    Class<?> testClass = description.getTestClass();
+    List<String> categories = getCategories(description);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
+        testSuiteName,
+        testName,
+        null,
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        null,
+        categories,
+        testClass,
+        null,
+        null,
+        null);
+  }
+
+  private static boolean isSuiteContainingChildren(final Description description) {
+    Class<?> testClass = description.getTestClass();
+    if (testClass == null) {
+      return false;
+    }
+    for (Description child : description.getChildren()) {
+      if (Strings.isNotBlank(child.getMethodName())) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  private static List<String> getCategories(Description description) {
+    List<String> categories = new ArrayList<>();
+    for (Annotation annotation : description.getAnnotations()) {
+      if (annotation.annotationType() == Tag.class) {
+        Tag tag = (Tag) annotation;
+        categories.add(tag.value());
+      }
+    }
+    return categories;
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/test/groovy/MUnitTest.groovy b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/groovy/MUnitTest.groovy
new file mode 100644
index 00000000000..db172a3e9bc
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/groovy/MUnitTest.groovy
@@ -0,0 +1,138 @@
+import datadog.trace.agent.test.asserts.ListWriterAssert
+import datadog.trace.api.DisableTestTrace
+import datadog.trace.api.civisibility.CIConstants
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.civisibility.CiVisibilityTest
+import datadog.trace.instrumentation.junit4.MUnitTracingListener
+import datadog.trace.instrumentation.junit4.TestEventsHandlerHolder
+import org.example.TestFailedAssumptionMUnit
+import org.example.TestSkippedMUnit
+import org.example.TestSkippedSuiteMUnit
+import org.example.TestSucceedMUnit
+import org.junit.runner.JUnitCore
+
+@DisableTestTrace(reason = "avoid self-tracing")
+class MUnitTest extends CiVisibilityTest {
+
+  def runner = new JUnitCore()
+
+  def "test success generates spans"() {
+    setup:
+    runTests(TestSucceedMUnit)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedMUnit", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedMUnit", "Calculator.add", null, CIConstants.TEST_PASS, null, null, false, ["myTag"], true, false)
+      }
+    })
+  }
+
+  def "test skipped generates spans"() {
+    setup:
+    runTests(TestSkippedMUnit)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_SKIP)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_SKIP)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSkippedMUnit", CIConstants.TEST_SKIP)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSkippedMUnit", "Calculator.add", null, CIConstants.TEST_SKIP, null, null, false, ["Ignore"], true, false)
+      }
+    })
+  }
+
+  def "test skipped suite generates spans"() {
+    setup:
+    runTests(TestSkippedSuiteMUnit)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_SKIP)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_SKIP)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSkippedSuiteMUnit", CIConstants.TEST_SKIP)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSkippedSuiteMUnit", "Calculator.add", null, CIConstants.TEST_SKIP, null, null, false, ["Ignore"], true, false)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSkippedSuiteMUnit", "Calculator.subtract", null, CIConstants.TEST_SKIP, null, null, false, ["Ignore"], true, false)
+      }
+    })
+  }
+
+  def "test failed assumption generates spans"() {
+    setup:
+    runTests(TestFailedAssumptionMUnit)
+
+    def expectedStatus
+    def testTags
+    // earlier versions of MUnit (e.g. 0.7.28) do not trigger "testAssumptionFailure" event, while newer versions do
+    if (expectedTestFrameworkVersion() > "1") {
+      expectedStatus = CIConstants.TEST_SKIP
+      testTags = [(Tags.TEST_SKIP_REASON): "this test always assumes the wrong thing"]
+    } else {
+      expectedStatus = CIConstants.TEST_PASS
+      testTags = [:]
+    }
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, expectedStatus)
+        testModuleId = testModuleSpan(it, 0, testSessionId, expectedStatus)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestFailedAssumptionMUnit", expectedStatus)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestFailedAssumptionMUnit", "Calculator.add", null, expectedStatus, testTags, null, false, null, true, false)
+      }
+    })
+  }
+
+  private void runTests(Class<?>... tests) {
+    TestEventsHandlerHolder.start()
+    runner.run(tests)
+    TestEventsHandlerHolder.stop()
+  }
+
+  @Override
+  String expectedOperationPrefix() {
+    "junit"
+  }
+
+  @Override
+  String expectedTestFramework() {
+    MUnitTracingListener.FRAMEWORK_NAME
+  }
+
+  @Override
+  String expectedTestFrameworkVersion() {
+    MUnitTracingListener.FRAMEWORK_VERSION
+  }
+
+  @Override
+  String component() {
+    "junit"
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestFailedAssumptionMUnit.scala b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestFailedAssumptionMUnit.scala
new file mode 100644
index 00000000000..680068adb97
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestFailedAssumptionMUnit.scala
@@ -0,0 +1,10 @@
+package org.example
+
+import munit.FunSuite
+
+class TestFailedAssumptionMUnit extends FunSuite {
+  test("Calculator.add") {
+    assume(2 + 2 == 5, "this test always assumes the wrong thing")
+    assertEquals(1 + 2, 3)
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSkippedMUnit.scala b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSkippedMUnit.scala
new file mode 100644
index 00000000000..5a102007f96
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSkippedMUnit.scala
@@ -0,0 +1,9 @@
+package org.example
+
+import munit.FunSuite
+
+class TestSkippedMUnit extends FunSuite {
+  test("Calculator.add".ignore) {
+    assertEquals(1 + 2, 3)
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSkippedSuiteMUnit.scala b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSkippedSuiteMUnit.scala
new file mode 100644
index 00000000000..46fb0665ed1
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSkippedSuiteMUnit.scala
@@ -0,0 +1,14 @@
+package org.example
+
+import munit.FunSuite
+
+@munit.IgnoreSuite
+class TestSkippedSuiteMUnit extends FunSuite {
+  test("Calculator.add".ignore) {
+    assertEquals(1 + 2, 3)
+  }
+
+  test("Calculator.subtract".ignore) {
+    assertEquals(5 - 3, 18)
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSucceedMUnit.scala b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSucceedMUnit.scala
new file mode 100644
index 00000000000..41cce245b5d
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/munit/src/test/scala/org/example/TestSucceedMUnit.scala
@@ -0,0 +1,9 @@
+package org.example
+
+import munit.FunSuite
+
+class TestSucceedMUnit extends FunSuite {
+  test("Calculator.add".tag(new munit.Tag("myTag"))) {
+    assertEquals(1 + 2, 3)
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Instrumentation.java b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Instrumentation.java
index 4bc14e894e6..a604d1ab3b7 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Instrumentation.java
+++ b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Instrumentation.java
@@ -2,6 +2,7 @@
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.not;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
 
 import com.google.auto.service.AutoService;
@@ -20,7 +21,7 @@ public class JUnit4Instrumentation extends Instrumenter.CiVisibility
     implements Instrumenter.ForTypeHierarchy {
 
   public JUnit4Instrumentation() {
-    super("junit", "junit-4");
+    super("ci-visibility", "junit-4");
   }
 
   @Override
@@ -30,16 +31,23 @@ public String hierarchyMarkerType() {
 
   @Override
   public ElementMatcher<TypeDescription> hierarchyMatcher() {
-    return extendsClass(named(hierarchyMarkerType()));
+    return extendsClass(named(hierarchyMarkerType()))
+        // do not instrument our internal runner
+        // that is used to run instrumentation integration tests
+        .and(not(extendsClass(named("datadog.trace.agent.test.SpockRunner"))))
+        // do not instrument Karate JUnit 4 runner
+        // since Karate has a dedicated instrumentation
+        .and(not(extendsClass(named("com.intuit.karate.junit4.Karate"))));
   }
 
   @Override
   public String[] helperClassNames() {
     return new String[] {
+      packageName + ".TestEventsHandlerHolder",
       packageName + ".SkippedByItr",
       packageName + ".JUnit4Utils",
-      packageName + ".TestEventsHandlerHolder",
       packageName + ".TracingListener",
+      packageName + ".JUnit4TracingListener",
     };
   }
 
@@ -54,9 +62,12 @@ public static class JUnit4Advice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void addTracingListener(
         @Advice.This final Runner runner, @Advice.Argument(0) final RunNotifier runNotifier) {
-      if (runner.getClass().getName().equals("datadog.trace.agent.test.SpockRunner")) {
-        // do not instrument our internal runner
-        // that is used to run instrumentation integration tests
+      String runnerClassName = runner.getClass().getName();
+      if ("datadog.trace.agent.test.SpockRunner".equals(runnerClassName)
+          || "com.intuit.karate.junit4.Karate".equals(runnerClassName)) {
+        // checking class names in hierarchyMatcher alone is not enough:
+        // for example, Karate calls #run method of its super class,
+        // that was transformed
         return;
       }
 
@@ -68,20 +79,14 @@ public static void addTracingListener(
       }
 
       for (final RunListener listener : runListeners) {
-        RunListener unwrappedListener = JUnit4Utils.unwrapListener(listener);
-        // prevents installing TracingListener multiple times
-        if (JUnit4Utils.isTracingListener(unwrappedListener)) {
-          return;
-        }
-        // prevents installing TracingListener if we're running in JUnit 5 vintage compatibility
-        // mode
-        // (in that case JUnit 5 instrumentation will install its own TracingListener)
-        if (JUnit4Utils.isJUnitVintageListener(unwrappedListener)) {
+        RunListener tracingListener = JUnit4Utils.toTracingListener(listener);
+        if (tracingListener != null) {
+          // prevents installing TracingListener multiple times
           return;
         }
       }
 
-      final TracingListener tracingListener = new TracingListener();
+      final TracingListener tracingListener = new JUnit4TracingListener();
       runNotifier.addListener(tracingListener);
     }
 
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4ItrInstrumentation.java b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4ItrInstrumentation.java
index f32759a777e..d60f7a49ac9 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4ItrInstrumentation.java
+++ b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4ItrInstrumentation.java
@@ -2,14 +2,18 @@
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.not;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
 import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.InstrumentationBridge;
 import datadog.trace.api.civisibility.config.SkippableTest;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.lang.reflect.Method;
+import java.util.List;
 import java.util.Set;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.type.TypeDescription;
@@ -25,7 +29,7 @@ public class JUnit4ItrInstrumentation extends Instrumenter.CiVisibility
     implements Instrumenter.ForTypeHierarchy {
 
   public JUnit4ItrInstrumentation() {
-    super("junit", "junit-4", "junit-4-itr");
+    super("ci-visibility", "junit-4");
   }
 
   @Override
@@ -40,16 +44,19 @@ public String hierarchyMarkerType() {
 
   @Override
   public ElementMatcher<TypeDescription> hierarchyMatcher() {
-    return extendsClass(named(hierarchyMarkerType()));
+    return extendsClass(named(hierarchyMarkerType()))
+        // ITR skipping for Cucumber is done in a dedicated instrumentation
+        .and(not(extendsClass(named("io.cucumber.junit.FeatureRunner"))));
   }
 
   @Override
   public String[] helperClassNames() {
     return new String[] {
+      packageName + ".TestEventsHandlerHolder",
       packageName + ".SkippedByItr",
       packageName + ".JUnit4Utils",
-      packageName + ".TestEventsHandlerHolder",
       packageName + ".TracingListener",
+      packageName + ".JUnit4TracingListener",
     };
   }
 
@@ -81,6 +88,15 @@ public static Boolean runChild(
         return null;
       }
 
+      Class<?> testClass = description.getTestClass();
+      Method testMethod = JUnit4Utils.getTestMethod(description);
+      List<String> categories = JUnit4Utils.getCategories(testClass, testMethod);
+      for (String category : categories) {
+        if (category.endsWith(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)) {
+          return null;
+        }
+      }
+
       SkippableTest test = JUnit4Utils.toSkippableTest(description);
       if (TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(test)) {
         Description skippedDescription = JUnit4Utils.getSkippedDescription(description);
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4SuiteEventsInstrumentation.java b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4SuiteEventsInstrumentation.java
index ab52ba3cbe2..1865f61a96f 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4SuiteEventsInstrumentation.java
+++ b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4SuiteEventsInstrumentation.java
@@ -1,7 +1,9 @@
 package datadog.trace.instrumentation.junit4;
 
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.declaresMethod;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.not;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
 
 import com.google.auto.service.AutoService;
@@ -20,7 +22,7 @@ public class JUnit4SuiteEventsInstrumentation extends Instrumenter.CiVisibility
     implements Instrumenter.ForTypeHierarchy {
 
   public JUnit4SuiteEventsInstrumentation() {
-    super("junit-4-suite-events");
+    super("ci-visibility", "junit-4");
   }
 
   @Override
@@ -36,17 +38,23 @@ public ElementMatcher<TypeDescription> hierarchyMatcher() {
   @Override
   public String[] helperClassNames() {
     return new String[] {
+      packageName + ".TestEventsHandlerHolder",
       packageName + ".SkippedByItr",
       packageName + ".JUnit4Utils",
-      packageName + ".TestEventsHandlerHolder",
       packageName + ".TracingListener",
+      packageName + ".JUnit4TracingListener",
     };
   }
 
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
-        named("run").and(takesArgument(0, named("org.junit.runner.notification.RunNotifier"))),
+        named("run")
+            .and(
+                takesArgument(
+                    0,
+                    named("org.junit.runner.notification.RunNotifier")
+                        .and(not(declaresMethod(named("fireTestSuiteStarted")))))),
         JUnit4SuiteEventsInstrumentation.class.getName() + "$JUnit4SuiteEventsAdvice");
   }
 
@@ -63,7 +71,7 @@ public static void fireSuiteStartedEvent(
       for (final RunListener listener : runListeners) {
         TracingListener tracingListener = JUnit4Utils.toTracingListener(listener);
         if (tracingListener != null) {
-          tracingListener.testSuiteStarted(runner.getTestClass(), runner.getDescription());
+          tracingListener.testSuiteStarted(runner.getDescription());
         }
       }
     }
@@ -80,7 +88,7 @@ public static void fireSuiteFinishedEvent(
       for (final RunListener listener : runListeners) {
         TracingListener tracingListener = JUnit4Utils.toTracingListener(listener);
         if (tracingListener != null) {
-          tracingListener.testSuiteFinished(runner.getTestClass(), runner.getDescription());
+          tracingListener.testSuiteFinished(runner.getDescription());
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4TracingListener.java b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4TracingListener.java
new file mode 100644
index 00000000000..879894d2a6d
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4TracingListener.java
@@ -0,0 +1,182 @@
+package datadog.trace.instrumentation.junit4;
+
+import java.lang.reflect.Method;
+import java.util.List;
+import junit.runner.Version;
+import org.junit.Ignore;
+import org.junit.runner.Description;
+import org.junit.runner.notification.Failure;
+
+public class JUnit4TracingListener extends TracingListener {
+
+  private static final String FRAMEWORK_NAME = "junit4";
+  private static final String FRAMEWORK_VERSION = Version.id();
+
+  public void testSuiteStarted(final Description description) {
+    if (!JUnit4Utils.isSuiteContainingChildren(description)) {
+      // Not all test suites contain tests.
+      // Given that test suites can be nested in other test suites,
+      // we are only interested in the innermost ones where the actual test cases reside
+      return;
+    }
+
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+    List<String> categories = JUnit4Utils.getCategories(testClass, null);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+        testSuiteName, FRAMEWORK_NAME, FRAMEWORK_VERSION, testClass, categories, false);
+  }
+
+  public void testSuiteFinished(final Description description) {
+    if (!JUnit4Utils.isSuiteContainingChildren(description)) {
+      // Not all test suites contain tests.
+      // Given that test suites can be nested in other test suites,
+      // we are only interested in the innermost ones where the actual test cases reside
+      return;
+    }
+
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
+  }
+
+  @Override
+  public void testStarted(final Description description) {
+    Class<?> testClass = description.getTestClass();
+    Method testMethod = JUnit4Utils.getTestMethod(description);
+    String testMethodName = testMethod != null ? testMethod.getName() : null;
+
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+    String testName = JUnit4Utils.getTestName(description, testMethod);
+
+    String testParameters = JUnit4Utils.getParameters(description);
+    List<String> categories = JUnit4Utils.getCategories(testClass, testMethod);
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+        testSuiteName,
+        testName,
+        null,
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        testParameters,
+        categories,
+        testClass,
+        testMethodName,
+        testMethod);
+  }
+
+  @Override
+  public void testFinished(final Description description) {
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+    Method testMethod = JUnit4Utils.getTestMethod(description);
+    String testName = JUnit4Utils.getTestName(description, testMethod);
+    String testParameters = JUnit4Utils.getParameters(description);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+        testSuiteName, testClass, testName, null, testParameters);
+  }
+
+  // same callback is executed both for test cases and test suites (for setup/teardown errors)
+  @Override
+  public void testFailure(final Failure failure) {
+    Description description = failure.getDescription();
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+    if (JUnit4Utils.isTestSuiteDescription(description)) {
+      Throwable throwable = failure.getException();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
+          testSuiteName, testClass, throwable);
+    } else {
+      Method testMethod = JUnit4Utils.getTestMethod(description);
+      String testName = JUnit4Utils.getTestName(description, testMethod);
+      String testParameters = JUnit4Utils.getParameters(description);
+      Throwable throwable = failure.getException();
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
+          testSuiteName, testClass, testName, null, testParameters, throwable);
+    }
+  }
+
+  @Override
+  public void testAssumptionFailure(final Failure failure) {
+    String reason;
+    Throwable throwable = failure.getException();
+    if (throwable != null) {
+      reason = throwable.getMessage();
+    } else {
+      reason = null;
+    }
+
+    Description description = failure.getDescription();
+    Class<?> testClass = description.getTestClass();
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+
+    if (JUnit4Utils.isTestSuiteDescription(description)) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
+
+      List<Method> testMethods = JUnit4Utils.getTestMethods(description.getTestClass());
+      for (Method testMethod : testMethods) {
+        testIgnored(description, testMethod, reason);
+      }
+    } else {
+      Method testMethod = JUnit4Utils.getTestMethod(description);
+      String testName = JUnit4Utils.getTestName(description, testMethod);
+      String testParameters = JUnit4Utils.getParameters(description);
+
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+          testSuiteName, testClass, testName, null, testParameters, reason);
+    }
+  }
+
+  @Override
+  public void testIgnored(final Description description) {
+    final Ignore ignore = description.getAnnotation(Ignore.class);
+    final String reason = ignore != null ? ignore.value() : null;
+
+    if (JUnit4Utils.isTestCaseDescription(description)) {
+      Method testMethod = JUnit4Utils.getTestMethod(description);
+      testIgnored(description, testMethod, reason);
+
+    } else if (JUnit4Utils.isTestSuiteDescription(description)) {
+
+      Class<?> testClass = description.getTestClass();
+      String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+
+      List<String> categories = JUnit4Utils.getCategories(testClass, null);
+
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+          testSuiteName, FRAMEWORK_NAME, FRAMEWORK_VERSION, testClass, categories, false);
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
+
+      List<Method> testMethods = JUnit4Utils.getTestMethods(testClass);
+      for (Method testMethod : testMethods) {
+        testIgnored(description, testMethod, reason);
+      }
+
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
+    }
+  }
+
+  private void testIgnored(Description description, Method testMethod, String reason) {
+    Class<?> testClass = description.getTestClass();
+    String testMethodName = testMethod != null ? testMethod.getName() : null;
+
+    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
+    String testName = JUnit4Utils.getTestName(description, testMethod);
+
+    String testParameters = JUnit4Utils.getParameters(description);
+    List<String> categories = JUnit4Utils.getCategories(testClass, testMethod);
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
+        testSuiteName,
+        testName,
+        null,
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        testParameters,
+        categories,
+        testClass,
+        testMethodName,
+        testMethod,
+        reason);
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Utils.java b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Utils.java
index 382338a5126..23dec8dba88 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Utils.java
+++ b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/JUnit4Utils.java
@@ -2,8 +2,6 @@
 
 import datadog.trace.api.civisibility.config.SkippableTest;
 import datadog.trace.util.Strings;
-import java.io.InputStream;
-import java.io.Serializable;
 import java.lang.annotation.Annotation;
 import java.lang.invoke.MethodHandle;
 import java.lang.invoke.MethodHandles;
@@ -12,7 +10,6 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
-import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.annotation.Nullable;
@@ -22,7 +19,6 @@
 import org.junit.runner.notification.RunListener;
 import org.junit.runner.notification.RunNotifier;
 import org.junit.runners.ParentRunner;
-import org.junit.runners.model.TestClass;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,9 +38,6 @@ public abstract class JUnit4Utils {
   private static final MethodHandle RUN_NOTIFIER_LISTENERS;
   private static final MethodHandle INNER_SYNCHRONIZED_LISTENER;
   private static final MethodHandle DESCRIPTION_UNIQUE_ID;
-  private static final MethodHandle CREATE_DESCRIPTION_WITH_UNIQUE_ID;
-  public static final String JUNIT_4_FRAMEWORK = "junit4";
-  public static final String CUCUMBER_FRAMEWORK = "cucumber";
 
   static {
     MethodHandles.Lookup lookup = MethodHandles.lookup();
@@ -52,7 +45,6 @@ public abstract class JUnit4Utils {
     RUN_NOTIFIER_LISTENERS = accessListenersFieldInRunNotifier(lookup);
     INNER_SYNCHRONIZED_LISTENER = accessListenerFieldInSynchronizedListener(lookup);
     DESCRIPTION_UNIQUE_ID = accessUniqueIdInDescription(lookup);
-    CREATE_DESCRIPTION_WITH_UNIQUE_ID = accessCreateDescriptionWithUniqueId(lookup);
   }
 
   private static MethodHandle accessDescribeChildMethodInParentRunner(MethodHandles.Lookup lookup) {
@@ -118,17 +110,6 @@ private static MethodHandle accessUniqueIdInDescription(MethodHandles.Lookup loo
     }
   }
 
-  private static MethodHandle accessCreateDescriptionWithUniqueId(MethodHandles.Lookup lookup) {
-    try {
-      Method createDescription =
-          Description.class.getDeclaredMethod(
-              "createSuiteDescription", String.class, Serializable.class, Annotation[].class);
-      return lookup.unreflect(createDescription);
-    } catch (Throwable throwable) {
-      return null;
-    }
-  }
-
   public static List<RunListener> runListenersFromRunNotifier(final RunNotifier runNotifier) {
     try {
       if (RUN_NOTIFIER_LISTENERS != null) {
@@ -161,32 +142,6 @@ public static TracingListener toTracingListener(final RunListener listener) {
     return null;
   }
 
-  public static boolean isTracingListener(final RunListener listener) {
-    return listener instanceof TracingListener;
-  }
-
-  public static boolean isJUnitVintageListener(final RunListener listener) {
-    Class<? extends RunListener> listenerClass = listener.getClass();
-    String listenerClassName = listenerClass.getName();
-    return listenerClassName.startsWith("org.junit.vintage");
-  }
-
-  public static RunListener unwrapListener(final RunListener listener) {
-    if (SYNCHRONIZED_LISTENER.equals(listener.getClass().getName())) {
-      try {
-        if (INNER_SYNCHRONIZED_LISTENER != null) {
-          Object innerListener = INNER_SYNCHRONIZED_LISTENER.invoke(listener);
-          if (innerListener instanceof TracingListener) {
-            return (TracingListener) innerListener;
-          }
-        }
-      } catch (final Throwable e) {
-        log.debug("Could not get inner listener from SynchronizedRunListener", e);
-      }
-    }
-    return listener;
-  }
-
   @Nullable
   public static Method getTestMethod(final Description description) {
     Class<?> testClass = description.getTestClass();
@@ -305,7 +260,6 @@ public static String getParameters(final Description description) {
 
   public static List<String> getCategories(Class<?> testClass, @Nullable Method testMethod) {
     List<String> categories = new ArrayList<>();
-
     while (testClass != null) {
       Category categoryAnnotation = testClass.getAnnotation(Category.class);
       if (categoryAnnotation != null) {
@@ -337,17 +291,17 @@ public static boolean isTestSuiteDescription(final Description description) {
     return description.getTestClass() != null && !isTestCaseDescription(description);
   }
 
-  public static boolean isSuiteContainingChildren(
-      final TestClass testClass, final Description description) {
-    if (!testClass.getAnnotatedMethods(Test.class).isEmpty()) {
-      return true;
+  public static boolean isSuiteContainingChildren(final Description description) {
+    Class<?> testClass = description.getTestClass();
+    for (Method method : testClass.getMethods()) {
+      if (method.getAnnotation(Test.class) != null) {
+        return true;
+      }
     }
-    // check if this is a Cucumber feature
-    Object uniqueId = getUniqueId(description);
-    return uniqueId != null && uniqueId.toString().endsWith(".feature");
+    return false;
   }
 
-  private static Object getUniqueId(final Description description) {
+  public static Object getUniqueId(final Description description) {
     try {
       if (DESCRIPTION_UNIQUE_ID != null) {
         return DESCRIPTION_UNIQUE_ID.invoke(description);
@@ -374,10 +328,10 @@ public static List<Method> getTestMethods(final Class<?> testClass) {
     return testMethods;
   }
 
-  public static Description getDescription(ParentRunner runner, Object child) {
+  public static Description getDescription(ParentRunner<?> runner, Object child) {
     try {
       if (PARENT_RUNNER_DESCRIBE_CHILD != null) {
-        return (Description) PARENT_RUNNER_DESCRIBE_CHILD.invoke(runner, child);
+        return (Description) PARENT_RUNNER_DESCRIBE_CHILD.invokeWithArguments(runner, child);
       }
     } catch (Throwable e) {
       log.error("Could not describe child: " + child, e);
@@ -395,30 +349,10 @@ public static Description getSkippedDescription(Description description) {
     updatedAnnotations[idx] = new SkippedByItr();
 
     String displayName = description.getDisplayName();
-
     Class<?> testClass = description.getTestClass();
-    if (testClass != null) {
-      Matcher matcher = METHOD_AND_CLASS_NAME_PATTERN.matcher(displayName);
-      String name = matcher.matches() ? matcher.group(1) : getTestName(description, null);
-      return Description.createTestDescription(testClass, name, updatedAnnotations);
-
-    } else {
-      // Cucumber
-      if (CREATE_DESCRIPTION_WITH_UNIQUE_ID != null) {
-        // Try to preserve unique ID
-        // since we use it to determine framework.
-        // The factory method that accepts unique ID
-        // is only available in JUnit 4.12+
-        try {
-          Object uniqueId = getUniqueId(description);
-          return (Description)
-              CREATE_DESCRIPTION_WITH_UNIQUE_ID.invoke(displayName, uniqueId, updatedAnnotations);
-        } catch (Throwable throwable) {
-          // ignored
-        }
-      }
-      return Description.createSuiteDescription(displayName, updatedAnnotations);
-    }
+    Matcher matcher = METHOD_AND_CLASS_NAME_PATTERN.matcher(displayName);
+    String name = matcher.matches() ? matcher.group(1) : getTestName(description, null);
+    return Description.createTestDescription(testClass, name, updatedAnnotations);
   }
 
   public static SkippableTest toSkippableTest(Description description) {
@@ -428,42 +362,4 @@ public static SkippableTest toSkippableTest(Description description) {
     String parameters = JUnit4Utils.getParameters(description);
     return new SkippableTest(suite, name, parameters, null);
   }
-
-  public static String getTestFramework(final Description description) {
-    Object uniqueId = JUnit4Utils.getUniqueId(description);
-    if (uniqueId != null && uniqueId.getClass().getName().startsWith("io.cucumber.")) {
-      return CUCUMBER_FRAMEWORK;
-    } else {
-      return JUNIT_4_FRAMEWORK;
-    }
-  }
-
-  private static volatile String CUCUMBER_VERSION;
-
-  public static String getCucumberVersion(Description description) {
-    if (CUCUMBER_VERSION == null) {
-      String version = null;
-      Object cucumberId = JUnit4Utils.getUniqueId(description);
-      try (InputStream cucumberPropsStream =
-          cucumberId
-              .getClass()
-              .getClassLoader()
-              .getResourceAsStream("META-INF/maven/io.cucumber/cucumber-junit/pom.properties")) {
-        Properties cucumberProps = new Properties();
-        cucumberProps.load(cucumberPropsStream);
-        version = cucumberProps.getProperty("version");
-      } catch (Exception e) {
-        // fallback below
-      }
-      if (version != null) {
-        CUCUMBER_VERSION = version;
-      } else {
-        // Shouldn't happen normally.
-        // Put here as a guard against running the code above for every test case
-        // if version cannot be determined for whatever reason
-        CUCUMBER_VERSION = "unknown";
-      }
-    }
-    return CUCUMBER_VERSION;
-  }
 }
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/TracingListener.java b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/TracingListener.java
index 6fa3192a4c5..f29084e8c8a 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/TracingListener.java
+++ b/dd-java-agent/instrumentation/junit-4.10/src/main/java/datadog/trace/instrumentation/junit4/TracingListener.java
@@ -1,223 +1,11 @@
 package datadog.trace.instrumentation.junit4;
 
-import java.lang.reflect.Method;
-import java.util.List;
-import junit.runner.Version;
-import org.junit.Ignore;
 import org.junit.runner.Description;
-import org.junit.runner.Result;
-import org.junit.runner.notification.Failure;
 import org.junit.runner.notification.RunListener;
-import org.junit.runners.model.TestClass;
 
-public class TracingListener extends RunListener {
+public abstract class TracingListener extends RunListener {
 
-  private final String version;
+  public abstract void testSuiteStarted(final Description description);
 
-  public TracingListener() {
-    version = Version.id();
-  }
-
-  @Override
-  public void testRunStarted(Description description) {
-    // on op
-  }
-
-  @Override
-  public void testRunFinished(Result result) {
-    // on op
-  }
-
-  public void testSuiteStarted(final TestClass junitTestClass, final Description description) {
-    if (!JUnit4Utils.isSuiteContainingChildren(junitTestClass, description)) {
-      // Not all test suites contain tests.
-      // Given that test suites can be nested in other test suites,
-      // we are only interested in the innermost ones where the actual test cases reside
-      return;
-    }
-
-    Class<?> testClass = junitTestClass.getJavaClass();
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-
-    String testFramework = JUnit4Utils.getTestFramework(description);
-    String testFrameworkVersion =
-        !JUnit4Utils.CUCUMBER_FRAMEWORK.equals(testFramework)
-            ? version
-            : JUnit4Utils.getCucumberVersion(description);
-
-    List<String> categories = JUnit4Utils.getCategories(testClass, null);
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
-        testSuiteName, testFramework, testFrameworkVersion, testClass, categories, false);
-  }
-
-  public void testSuiteFinished(final TestClass junitTestClass, final Description description) {
-    if (!JUnit4Utils.isSuiteContainingChildren(junitTestClass, description)) {
-      // Not all test suites contain tests.
-      // Given that test suites can be nested in other test suites,
-      // we are only interested in the innermost ones where the actual test cases reside
-      return;
-    }
-
-    Class<?> testClass = junitTestClass.getJavaClass();
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
-  }
-
-  @Override
-  public void testStarted(final Description description) {
-    Class<?> testClass = description.getTestClass();
-    Method testMethod = JUnit4Utils.getTestMethod(description);
-    String testMethodName = testMethod != null ? testMethod.getName() : null;
-
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-    String testName = JUnit4Utils.getTestName(description, testMethod);
-
-    String testFramework = JUnit4Utils.getTestFramework(description);
-    String testFrameworkVersion =
-        !JUnit4Utils.CUCUMBER_FRAMEWORK.equals(testFramework)
-            ? version
-            : JUnit4Utils.getCucumberVersion(description);
-
-    String testParameters = JUnit4Utils.getParameters(description);
-    List<String> categories = JUnit4Utils.getCategories(testClass, testMethod);
-
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
-        testSuiteName,
-        testName,
-        null,
-        testFramework,
-        testFrameworkVersion,
-        testParameters,
-        categories,
-        testClass,
-        testMethodName,
-        testMethod);
-  }
-
-  @Override
-  public void testFinished(final Description description) {
-    Class<?> testClass = description.getTestClass();
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-    Method testMethod = JUnit4Utils.getTestMethod(description);
-    String testName = JUnit4Utils.getTestName(description, testMethod);
-    String testParameters = JUnit4Utils.getParameters(description);
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
-        testSuiteName, testClass, testName, null, testParameters);
-  }
-
-  // same callback is executed both for test cases and test suites (for setup/teardown errors)
-  @Override
-  public void testFailure(final Failure failure) {
-    Description description = failure.getDescription();
-    Class<?> testClass = description.getTestClass();
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-    if (JUnit4Utils.isTestSuiteDescription(description)) {
-      Throwable throwable = failure.getException();
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
-          testSuiteName, testClass, throwable);
-    } else {
-      Method testMethod = JUnit4Utils.getTestMethod(description);
-      String testName = JUnit4Utils.getTestName(description, testMethod);
-      String testParameters = JUnit4Utils.getParameters(description);
-      Throwable throwable = failure.getException();
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
-          testSuiteName, testClass, testName, null, testParameters, throwable);
-    }
-  }
-
-  @Override
-  public void testAssumptionFailure(final Failure failure) {
-    String reason;
-    Throwable throwable = failure.getException();
-    if (throwable != null) {
-      reason = throwable.getMessage();
-    } else {
-      reason = null;
-    }
-
-    Description description = failure.getDescription();
-    Class<?> testClass = description.getTestClass();
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-
-    if (JUnit4Utils.isTestSuiteDescription(description)) {
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
-
-      List<Method> testMethods = JUnit4Utils.getTestMethods(description.getTestClass());
-      for (Method testMethod : testMethods) {
-        testIgnored(description, testMethod, reason);
-      }
-    } else {
-      Method testMethod = JUnit4Utils.getTestMethod(description);
-      String testName = JUnit4Utils.getTestName(description, testMethod);
-      String testParameters = JUnit4Utils.getParameters(description);
-
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
-          testSuiteName, testClass, testName, null, testParameters, reason);
-    }
-  }
-
-  @Override
-  public void testIgnored(final Description description) {
-    final Ignore ignore = description.getAnnotation(Ignore.class);
-    final String reason = ignore != null ? ignore.value() : null;
-
-    if (JUnit4Utils.isTestCaseDescription(description)) {
-      Method testMethod = JUnit4Utils.getTestMethod(description);
-      testIgnored(description, testMethod, reason);
-
-    } else if (JUnit4Utils.isTestSuiteDescription(description)) {
-
-      Class<?> testClass = description.getTestClass();
-      String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-
-      String testFramework = JUnit4Utils.getTestFramework(description);
-      String testFrameworkVersion =
-          !JUnit4Utils.CUCUMBER_FRAMEWORK.equals(testFramework)
-              ? version
-              : JUnit4Utils.getCucumberVersion(description);
-
-      List<String> categories = JUnit4Utils.getCategories(testClass, null);
-
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
-          testSuiteName, testFramework, testFrameworkVersion, testClass, categories, false);
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
-
-      List<Method> testMethods = JUnit4Utils.getTestMethods(testClass);
-      for (Method testMethod : testMethods) {
-        testIgnored(description, testMethod, reason);
-      }
-
-      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
-    }
-  }
-
-  private void testIgnored(Description description, Method testMethod, String reason) {
-    Class<?> testClass = description.getTestClass();
-    String testMethodName = testMethod != null ? testMethod.getName() : null;
-
-    String testSuiteName = JUnit4Utils.getSuiteName(testClass, description);
-    String testName = JUnit4Utils.getTestName(description, testMethod);
-
-    String testFramework = JUnit4Utils.getTestFramework(description);
-    String testFrameworkVersion =
-        !JUnit4Utils.CUCUMBER_FRAMEWORK.equals(testFramework)
-            ? version
-            : JUnit4Utils.getCucumberVersion(description);
-
-    String testParameters = JUnit4Utils.getParameters(description);
-    List<String> categories = JUnit4Utils.getCategories(testClass, testMethod);
-
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
-        testSuiteName,
-        testName,
-        null,
-        testFramework,
-        testFrameworkVersion,
-        testParameters,
-        categories,
-        testClass,
-        testMethodName,
-        testMethod,
-        reason);
-  }
+  public abstract void testSuiteFinished(final Description description);
 }
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4Test.groovy b/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4Test.groovy
index eb840754c02..951987863c9 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4Test.groovy
+++ b/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4Test.groovy
@@ -12,6 +12,7 @@ import org.example.TestAssumptionAndSucceed
 import org.example.TestError
 import org.example.TestFailed
 import org.example.TestFailedAndSucceed
+import org.example.TestFailedSuiteSetUpAssumption
 import org.example.TestFailedSuiteSetup
 import org.example.TestFailedSuiteTearDown
 import org.example.TestInheritance
@@ -20,8 +21,10 @@ import org.example.TestSkipped
 import org.example.TestSkippedClass
 import org.example.TestSucceed
 import org.example.TestSucceedAndSkipped
+import org.example.TestSucceedSuite
+import org.example.TestSucceedUnskippable
+import org.example.TestSucceedUnskippableSuite
 import org.example.TestSucceedWithCategories
-import org.example.TestSuiteSetUpAssumption
 import org.junit.runner.JUnitCore
 
 @DisableTestTrace(reason = "avoid self-tracing")
@@ -319,7 +322,7 @@ class JUnit4Test extends CiVisibilityTest {
 
   def "test assumption failure during suite setup"() {
     setup:
-    runTests(TestSuiteSetUpAssumption)
+    runTests(TestFailedSuiteSetUpAssumption)
 
     expect:
     ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
@@ -329,10 +332,10 @@ class JUnit4Test extends CiVisibilityTest {
       trace(3, true) {
         testSessionId = testSessionSpan(it, 1, CIConstants.TEST_SKIP)
         testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_SKIP)
-        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSuiteSetUpAssumption", CIConstants.TEST_SKIP, testTags)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestFailedSuiteSetUpAssumption", CIConstants.TEST_SKIP, testTags)
       }
       trace(1) {
-        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSuiteSetUpAssumption", "test_succeed", "test_succeed()V", CIConstants.TEST_SKIP, testTags, null)
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestFailedSuiteSetUpAssumption", "test_succeed", "test_succeed()V", CIConstants.TEST_SKIP, testTags, null)
       }
     })
 
@@ -533,6 +536,121 @@ class JUnit4Test extends CiVisibilityTest {
     testTags_1 = [(Tags.TEST_PARAMETERS): '{"metadata":{"test_name":"parameterized_test_succeed[1]"}}']
   }
 
+  def "test ITR unskippable"() {
+    setup:
+    givenSkippableTests([new SkippableTest("org.example.TestSucceedUnskippable", "test_succeed", null, null),])
+    runTests(TestSucceedUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippable", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippable", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+          testTags, null, false, [TestSucceedUnskippable.datadog_itr_unskippable.name])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test ITR unskippable suite"() {
+    setup:
+    givenSkippableTests([
+      new SkippableTest("org.example.TestSucceedUnskippableSuite", "test_succeed", null, null),
+    ])
+    runTests(TestSucceedUnskippableSuite)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippableSuite", CIConstants.TEST_PASS,
+          null, null, false, [TestSucceedUnskippableSuite.datadog_itr_unskippable.name])
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippableSuite", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+          testTags, null, false, [TestSucceedUnskippableSuite.datadog_itr_unskippable.name])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test unskippable ITR test that is not supposed to be skipped"() {
+    setup:
+    givenSkippableTests([])
+    runTests(TestSucceedUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippable", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippable", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+          testTags, null, false, [TestSucceedUnskippable.datadog_itr_unskippable.name])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true]
+  }
+
+  def "test suite runner"() {
+    setup:
+    runTests(TestSucceedSuite)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long firstSuiteId
+      long secondSuiteId
+      trace(4, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS)
+        firstSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedSuite\$FirstTest", CIConstants.TEST_PASS)
+        secondSuiteId = testSuiteSpan(it, 3, testSessionId, testModuleId, "org.example.TestSucceedSuite\$SecondTest", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, firstSuiteId, "org.example.TestSucceedSuite\$FirstTest", "testAddition", "testAddition()V", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, secondSuiteId, "org.example.TestSucceedSuite\$SecondTest", "testSubtraction", "testSubtraction()V", CIConstants.TEST_PASS)
+      }
+    })
+  }
+
   private void runTests(Class<?>... tests) {
     TestEventsHandlerHolder.start()
     runner.run(tests)
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4UtilsTest.groovy b/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4UtilsTest.groovy
deleted file mode 100644
index d908403c176..00000000000
--- a/dd-java-agent/instrumentation/junit-4.10/src/test/groovy/JUnit4UtilsTest.groovy
+++ /dev/null
@@ -1,28 +0,0 @@
-import datadog.trace.instrumentation.junit4.JUnit4Utils
-import org.junit.runner.Description
-import spock.lang.Specification
-
-class JUnit4UtilsTest extends Specification {
-
-  def "test get test name: #methodName"() {
-    setup:
-    def description = Stub(Description)
-    description.getMethodName() >> methodName
-
-    when:
-    def testName = JUnit4Utils.getTestName(description, null)
-
-    then:
-    testName == expectedTestName
-
-    where:
-    methodName                       | expectedTestName
-    null                             | null
-    ""                               | null
-    "sample"                         | "sample"
-    "sample[0]"                      | "sample"
-    "[0]sample"                      | "[0]sample"
-    "other[0]sample"                 | "other[0]sample"
-    "[0] 2, 2, 4 (actualMethodName)" | "actualMethodName"
-  }
-}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSuiteSetUpAssumption.java b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestFailedSuiteSetUpAssumption.java
similarity index 87%
rename from dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSuiteSetUpAssumption.java
rename to dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestFailedSuiteSetUpAssumption.java
index f27bcc5344a..9c6b72ddf5d 100644
--- a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSuiteSetUpAssumption.java
+++ b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestFailedSuiteSetUpAssumption.java
@@ -6,7 +6,7 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 
-public class TestSuiteSetUpAssumption {
+public class TestFailedSuiteSetUpAssumption {
 
   @BeforeClass
   public static void suiteSetup() {
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedSuite.java b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedSuite.java
new file mode 100644
index 00000000000..de7b67ba250
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedSuite.java
@@ -0,0 +1,26 @@
+package org.example;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+@RunWith(Suite.class)
+@Suite.SuiteClasses({TestSucceedSuite.FirstTest.class, TestSucceedSuite.SecondTest.class})
+public class TestSucceedSuite {
+  public static class FirstTest {
+    @Test
+    public void testAddition() {
+      assertEquals(5, 2 + 3);
+    }
+  }
+
+  public static class SecondTest {
+    @Test
+    public void testSubtraction() {
+      assertNotEquals(1, 5 - 3);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedUnskippable.java b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedUnskippable.java
new file mode 100644
index 00000000000..5f0242e164c
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedUnskippable.java
@@ -0,0 +1,17 @@
+package org.example;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+public class TestSucceedUnskippable {
+
+  @Category(datadog_itr_unskippable.class)
+  @Test
+  public void test_succeed() {
+    assertTrue(true);
+  }
+
+  public interface datadog_itr_unskippable {}
+}
diff --git a/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedUnskippableSuite.java b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedUnskippableSuite.java
new file mode 100644
index 00000000000..974f52cc24c
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-4.10/src/test/java/org/example/TestSucceedUnskippableSuite.java
@@ -0,0 +1,17 @@
+package org.example;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(TestSucceedUnskippableSuite.datadog_itr_unskippable.class)
+public class TestSucceedUnskippableSuite {
+
+  @Test
+  public void test_succeed() {
+    assertTrue(true);
+  }
+
+  public interface datadog_itr_unskippable {}
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/build.gradle b/dd-java-agent/instrumentation/junit-5.3/build.gradle
index 1748f7030f0..132c4805010 100644
--- a/dd-java-agent/instrumentation/junit-5.3/build.gradle
+++ b/dd-java-agent/instrumentation/junit-5.3/build.gradle
@@ -14,8 +14,17 @@ muzzle {
     assertInverse = true
     extraDependency "org.junit.jupiter:junit-jupiter-api:$jupiterVersion"
   }
+  pass {
+    group = 'org.junit.jupiter'
+    module = 'junit-jupiter-api'
+    versions = "[$jupiterVersion,)"
+    assertInverse = true
+    extraDependency "org.junit.platform:junit-platform-launcher:$platformVersion"
+  }
 }
 
+addTestSuiteForDir('latestDepTest', 'test')
+
 dependencies {
   compileOnly group: 'org.junit.platform', name: 'junit-platform-launcher', version: "$platformVersion"
   compileOnly group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: "$jupiterVersion"
@@ -23,44 +32,20 @@ dependencies {
   testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
 
   // versions used below are not the minimum ones that we support,
-  // but the tests need to use them in order to be compliant with Spock 2.0
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-launcher') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-engine') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-suite') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.platform', name: 'junit-platform-suite-engine') {
-    version {
-      strictly '1.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.jupiter', name: 'junit-jupiter-api') {
-    version {
-      strictly '5.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.jupiter', name: 'junit-jupiter-engine') {
-    version {
-      strictly '5.8.2'
-    }
-  }
-  testImplementation(group: 'org.junit.jupiter', name: 'junit-jupiter-params') {
-    version {
-      strictly '5.8.2'
-    }
-  }
+  // but the tests need to use them in order to be compliant with Spock 2.x
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.8.2'
+  testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.2'
+  testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-params', version: '5.8.2'
 
-  testImplementation group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
-  testImplementation group: 'io.cucumber', name: 'cucumber-junit-platform-engine', version: '5.4.0'
-  testImplementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.1'
+  latestDepTestImplementation group: 'org.junit.platform', name: 'junit-platform-launcher', version: '+'
+  latestDepTestImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '+'
+  latestDepTestImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-params', version: '+'
 }
+
+configurations.matching({ it.name.startsWith('test') }).each({
+  it.resolutionStrategy {
+    force group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.8.2'
+    force group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.2'
+    force group: 'org.junit.jupiter', name: 'junit-jupiter-params', version: '5.8.2'
+  }
+})
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/build.gradle b/dd-java-agent/instrumentation/junit-5.3/cucumber/build.gradle
new file mode 100644
index 00000000000..40057b40131
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/build.gradle
@@ -0,0 +1,39 @@
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = 'io.cucumber'
+    module = 'cucumber-junit-platform-engine'
+    versions = '[5.4.0,)'
+    extraDependency "org.junit.platform:junit-platform-launcher:1.9.2"
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  implementation project(':dd-java-agent:instrumentation:junit-5.3')
+  compileOnly group: 'io.cucumber', name: 'cucumber-junit-platform-engine', version: '5.4.0'
+  compileOnly group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
+
+  testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
+
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.9.2'
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-suite', version: '1.9.2'
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-suite-engine', version: '1.9.2'
+
+  testImplementation group: 'io.cucumber', name: 'cucumber-junit-platform-engine', version: '5.4.0'
+  testImplementation group: 'io.cucumber', name: 'cucumber-java', version: '5.4.0'
+  testImplementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.1'
+
+  latestDepTestImplementation group: 'io.cucumber', name: 'cucumber-java', version: '+'
+  latestDepTestImplementation group: 'io.cucumber', name: 'cucumber-junit-platform-engine', version: '+'
+}
+
+configurations.matching({ it.name.startsWith('test') }).each({
+  it.resolutionStrategy {
+    force group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.9.2'
+    force group: 'org.junit.platform', name: 'junit-platform-suite', version: '1.9.2'
+    force group: 'org.junit.platform', name: 'junit-platform-suite', version: '1.9.2'
+  }
+})
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/CucumberTracingListener.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/CucumberTracingListener.java
new file mode 100644
index 00000000000..6a8602efc49
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/CucumberTracingListener.java
@@ -0,0 +1,192 @@
+package datadog.trace.instrumentation.junit5;
+
+import datadog.trace.api.Pair;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestEngine;
+import org.junit.platform.engine.TestExecutionResult;
+import org.junit.platform.engine.TestSource;
+import org.junit.platform.engine.TestTag;
+import org.junit.platform.engine.reporting.ReportEntry;
+import org.junit.platform.engine.support.descriptor.ClasspathResourceSource;
+
+public class CucumberTracingListener implements EngineExecutionListener {
+
+  private final String testFramework;
+  private final String testFrameworkVersion;
+
+  public CucumberTracingListener(TestEngine testEngine) {
+    testFramework = testEngine.getId();
+    testFrameworkVersion = CucumberUtils.getCucumberVersion(testEngine);
+  }
+
+  @Override
+  public void dynamicTestRegistered(TestDescriptor testDescriptor) {
+    // no op
+  }
+
+  @Override
+  public void reportingEntryPublished(TestDescriptor testDescriptor, ReportEntry entry) {
+    // no op
+  }
+
+  @Override
+  public void executionStarted(final TestDescriptor testDescriptor) {
+    if (testDescriptor.isContainer()) {
+      containerExecutionStarted(testDescriptor);
+    } else if (testDescriptor.isTest()) {
+      testCaseExecutionStarted(testDescriptor);
+    }
+  }
+
+  @Override
+  public void executionFinished(
+      TestDescriptor testDescriptor, TestExecutionResult testExecutionResult) {
+    if (testDescriptor.isContainer()) {
+      containerExecutionFinished(testDescriptor, testExecutionResult);
+    } else if (testDescriptor.isTest()) {
+      testCaseExecutionFinished(testDescriptor, testExecutionResult);
+    }
+  }
+
+  private void containerExecutionStarted(final TestDescriptor testDescriptor) {
+    if (!CucumberUtils.isFeature(testDescriptor.getUniqueId())) {
+      return;
+    }
+
+    String testSuiteName = testDescriptor.getLegacyReportingName();
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+        testSuiteName, testFramework, testFrameworkVersion, null, tags, false);
+  }
+
+  private void containerExecutionFinished(
+      final TestDescriptor testDescriptor, final TestExecutionResult testExecutionResult) {
+    if (!CucumberUtils.isFeature(testDescriptor.getUniqueId())) {
+      return;
+    }
+
+    String testSuiteName = testDescriptor.getLegacyReportingName();
+    Throwable throwable = testExecutionResult.getThrowable().orElse(null);
+    if (throwable != null) {
+      if (JUnitPlatformUtils.isAssumptionFailure(throwable)) {
+
+        String reason = throwable.getMessage();
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, null, reason);
+
+        for (TestDescriptor child : testDescriptor.getChildren()) {
+          executionSkipped(child, reason);
+        }
+
+      } else {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
+            testSuiteName, null, throwable);
+      }
+    }
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, null);
+  }
+
+  private void testCaseExecutionStarted(final TestDescriptor testDescriptor) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof ClasspathResourceSource) {
+      testResourceExecutionStarted(testDescriptor, (ClasspathResourceSource) testSource);
+    }
+  }
+
+  private void testResourceExecutionStarted(
+      TestDescriptor testDescriptor, ClasspathResourceSource testSource) {
+    String classpathResourceName = testSource.getClasspathResourceName();
+
+    Pair<String, String> names =
+        CucumberUtils.getFeatureAndScenarioNames(testDescriptor, classpathResourceName);
+    String testSuiteName = names.getLeft();
+    String testName = names.getRight();
+
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+        testSuiteName,
+        testName,
+        null,
+        testFramework,
+        testFrameworkVersion,
+        null,
+        tags,
+        null,
+        null,
+        null);
+  }
+
+  private void testCaseExecutionFinished(
+      final TestDescriptor testDescriptor, final TestExecutionResult testExecutionResult) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof ClasspathResourceSource) {
+      testResourceExecutionFinished(
+          testDescriptor, testExecutionResult, (ClasspathResourceSource) testSource);
+    }
+  }
+
+  private void testResourceExecutionFinished(
+      TestDescriptor testDescriptor,
+      TestExecutionResult testExecutionResult,
+      ClasspathResourceSource testSource) {
+    String classpathResourceName = testSource.getClasspathResourceName();
+
+    Pair<String, String> names =
+        CucumberUtils.getFeatureAndScenarioNames(testDescriptor, classpathResourceName);
+    String testSuiteName = names.getLeft();
+    String testName = names.getRight();
+
+    Throwable throwable = testExecutionResult.getThrowable().orElse(null);
+    if (throwable != null) {
+      if (JUnitPlatformUtils.isAssumptionFailure(throwable)) {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+            testSuiteName, null, testName, null, null, throwable.getMessage());
+      } else {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
+            testSuiteName, null, testName, null, null, throwable);
+      }
+    }
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+        testSuiteName, null, testName, null, null);
+  }
+
+  @Override
+  public void executionSkipped(final TestDescriptor testDescriptor, final String reason) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof ClasspathResourceSource) {
+      testResourceExecutionSkipped(testDescriptor, (ClasspathResourceSource) testSource, reason);
+    }
+  }
+
+  private void testResourceExecutionSkipped(
+      TestDescriptor testDescriptor, ClasspathResourceSource testSource, String reason) {
+    String classpathResourceName = testSource.getClasspathResourceName();
+    Pair<String, String> names =
+        CucumberUtils.getFeatureAndScenarioNames(testDescriptor, classpathResourceName);
+    String testSuiteName = names.getLeft();
+    String testName = names.getRight();
+
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
+        testSuiteName,
+        testName,
+        null,
+        testFramework,
+        testFrameworkVersion,
+        null,
+        tags,
+        null,
+        null,
+        null,
+        reason);
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/CucumberUtils.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/CucumberUtils.java
new file mode 100644
index 00000000000..ea3ea5c7ce3
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/CucumberUtils.java
@@ -0,0 +1,98 @@
+package datadog.trace.instrumentation.junit5;
+
+import datadog.trace.api.Pair;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import java.io.InputStream;
+import java.util.ArrayDeque;
+import java.util.Deque;
+import java.util.List;
+import java.util.Optional;
+import java.util.Properties;
+import javax.annotation.Nullable;
+import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestEngine;
+import org.junit.platform.engine.TestSource;
+import org.junit.platform.engine.UniqueId;
+import org.junit.platform.engine.support.descriptor.ClasspathResourceSource;
+
+public abstract class CucumberUtils {
+
+  public static @Nullable String getCucumberVersion(TestEngine cucumberEngine) {
+    try (InputStream cucumberPropsStream =
+        cucumberEngine
+            .getClass()
+            .getClassLoader()
+            .getResourceAsStream(
+                "META-INF/maven/io.cucumber/cucumber-junit-platform-engine/pom.properties")) {
+      Properties cucumberProps = new Properties();
+      cucumberProps.load(cucumberPropsStream);
+      String version = cucumberProps.getProperty("version");
+      if (version != null) {
+        return version;
+      }
+    } catch (Exception e) {
+      // fallback below
+    }
+    return cucumberEngine.getVersion().orElse(null);
+  }
+
+  public static Pair<String, String> getFeatureAndScenarioNames(
+      TestDescriptor testDescriptor, String fallbackFeatureName) {
+    String featureName = fallbackFeatureName;
+
+    Deque<TestDescriptor> scenarioDescriptors = new ArrayDeque<>();
+    scenarioDescriptors.push(testDescriptor);
+
+    TestDescriptor current = testDescriptor;
+    while (true) {
+      Optional<TestDescriptor> parent = current.getParent();
+      if (!parent.isPresent()) {
+        break;
+      }
+
+      current = parent.get();
+      UniqueId currentId = current.getUniqueId();
+      if (isFeature(currentId)) {
+        featureName = current.getDisplayName();
+        break;
+
+      } else {
+        scenarioDescriptors.push(current);
+      }
+    }
+
+    StringBuilder scenarioName = new StringBuilder();
+    while (!scenarioDescriptors.isEmpty()) {
+      TestDescriptor descriptor = scenarioDescriptors.pop();
+      scenarioName.append(descriptor.getDisplayName());
+      if (!scenarioDescriptors.isEmpty()) {
+        scenarioName.append('.');
+      }
+    }
+
+    return Pair.of(featureName, scenarioName.toString());
+  }
+
+  public static boolean isFeature(UniqueId uniqueId) {
+    List<UniqueId.Segment> segments = uniqueId.getSegments();
+    UniqueId.Segment lastSegment = segments.listIterator(segments.size()).previous();
+    return "feature".equals(lastSegment.getType());
+  }
+
+  public static SkippableTest toSkippableTest(TestDescriptor testDescriptor) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof ClasspathResourceSource) {
+      ClasspathResourceSource classpathResourceSource = (ClasspathResourceSource) testSource;
+      String classpathResourceName = classpathResourceSource.getClasspathResourceName();
+
+      Pair<String, String> names =
+          getFeatureAndScenarioNames(testDescriptor, classpathResourceName);
+      String testSuiteName = names.getLeft();
+      String testName = names.getRight();
+      return new SkippableTest(testSuiteName, testName, null, null);
+
+    } else {
+      return null;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/JUnit5CucumberInstrumentation.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/JUnit5CucumberInstrumentation.java
new file mode 100644
index 00000000000..2f437e1c196
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/JUnit5CucumberInstrumentation.java
@@ -0,0 +1,94 @@
+package datadog.trace.instrumentation.junit5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ClassLoaderMatchers.hasClassNamed;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import io.cucumber.junit.platform.engine.CucumberTestEngine;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.ExecutionRequest;
+import org.junit.platform.engine.TestEngine;
+import org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService;
+
+@AutoService(Instrumenter.class)
+public class JUnit5CucumberInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForSingleType {
+
+  public JUnit5CucumberInstrumentation() {
+    super("ci-visibility", "junit-5", "junit-5-cucumber");
+  }
+
+  @Override
+  public ElementMatcher<ClassLoader> classLoaderMatcher() {
+    return hasClassNamed("io.cucumber.junit.platform.engine.CucumberTestEngine");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".JUnitPlatformUtils",
+      packageName + ".CucumberUtils",
+      packageName + ".TestEventsHandlerHolder",
+      packageName + ".CucumberTracingListener",
+      packageName + ".CompositeEngineListener",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("execute").and(takesArgument(0, named("org.junit.platform.engine.ExecutionRequest"))),
+        JUnit5CucumberInstrumentation.class.getName() + "$CucumberAdvice");
+  }
+
+  @SuppressFBWarnings(
+      value = "UC_USELESS_OBJECT",
+      justification = "executionRequest is the argument of the original method")
+  public static class CucumberAdvice {
+
+    @Advice.OnMethodEnter
+    public static void addTracingListener(
+        @Advice.This TestEngine testEngine,
+        @Advice.Argument(value = 0, readOnly = false) ExecutionRequest executionRequest) {
+      if (!(testEngine instanceof CucumberTestEngine)) {
+        // wrong test engine
+        return;
+      }
+
+      if (JUnitPlatformUtils.isTestInProgress()) {
+        // a test case that is in progress starts a new JUnit instance.
+        // It might be done in order to achieve classloader isolation
+        // (for example, spring-boot uses this technique).
+        // We are already tracking the active test case,
+        // and do not want to report the "embedded" JUnit execution
+        // as a separate module
+        return;
+      }
+
+      CucumberTracingListener tracingListener = new CucumberTracingListener(testEngine);
+      EngineExecutionListener originalListener = executionRequest.getEngineExecutionListener();
+      EngineExecutionListener compositeListener =
+          new CompositeEngineListener(tracingListener, originalListener);
+      executionRequest =
+          new ExecutionRequest(
+              executionRequest.getRootTestDescriptor(),
+              compositeListener,
+              executionRequest.getConfigurationParameters());
+    }
+
+    // JUnit 5.3.0 and above
+    public static void muzzleCheck(final SameThreadHierarchicalTestExecutorService service) {
+      service.invokeAll(null);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/JUnit5CucumberItrInstrumentation.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/JUnit5CucumberItrInstrumentation.java
new file mode 100644
index 00000000000..38b60572779
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/main/java/datadog/trace/instrumentation/junit5/JUnit5CucumberItrInstrumentation.java
@@ -0,0 +1,110 @@
+package datadog.trace.instrumentation.junit5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ClassLoaderMatchers.hasClassNamed;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.util.Collection;
+import java.util.Set;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestTag;
+import org.junit.platform.engine.support.hierarchical.Node;
+import org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService;
+
+@AutoService(Instrumenter.class)
+public class JUnit5CucumberItrInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForTypeHierarchy {
+
+  public JUnit5CucumberItrInstrumentation() {
+    super("ci-visibility", "junit-5", "junit-5-cucumber");
+  }
+
+  @Override
+  public ElementMatcher<ClassLoader> classLoaderMatcher() {
+    return hasClassNamed("io.cucumber.junit.platform.engine.CucumberTestEngine");
+  }
+
+  @Override
+  public boolean isApplicable(Set<TargetSystem> enabledSystems) {
+    return super.isApplicable(enabledSystems) && Config.get().isCiVisibilityItrEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "io.cucumber.junit.platform.engine.CucumberTestEngine";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return extendsClass(named("io.cucumber.junit.platform.engine.NodeDescriptor"))
+        // legacy Cucumber versions
+        .or(extendsClass(named("io.cucumber.junit.platform.engine.PickleDescriptor")));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".CucumberUtils", packageName + ".TestEventsHandlerHolder",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("shouldBeSkipped").and(takesArguments(1)),
+        JUnit5CucumberItrInstrumentation.class.getName() + "$JUnit5ItrAdvice");
+  }
+
+  /**
+   * !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!! Do not use or refer to any classes from {@code
+   * org.junit.platform.launcher} package in here: in some Gradle projects this package is not
+   * available in CL where this instrumentation is injected
+   */
+  public static class JUnit5ItrAdvice {
+
+    @SuppressFBWarnings(
+        value = "UC_USELESS_OBJECT",
+        justification = "skipResult is the return value of the instrumented method")
+    @Advice.OnMethodExit
+    public static void shouldBeSkipped(
+        @Advice.This TestDescriptor testDescriptor,
+        @Advice.Return(readOnly = false) Node.SkipResult skipResult) {
+      if (skipResult.isSkipped()) {
+        return;
+      }
+
+      if (TestEventsHandlerHolder.TEST_EVENTS_HANDLER == null) {
+        // should only happen in integration tests
+        // because we cannot avoid instrumenting ourselves
+        return;
+      }
+
+      Collection<TestTag> tags = testDescriptor.getTags();
+      for (TestTag tag : tags) {
+        if (InstrumentationBridge.ITR_UNSKIPPABLE_TAG.equals(tag.getName())) {
+          return;
+        }
+      }
+
+      SkippableTest test = CucumberUtils.toSkippableTest(testDescriptor);
+      if (test != null && TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(test)) {
+        skipResult = Node.SkipResult.skip(InstrumentationBridge.ITR_SKIP_REASON);
+      }
+    }
+
+    // JUnit 5.3.0 and above
+    public static void muzzleCheck(final SameThreadHierarchicalTestExecutorService service) {
+      service.invokeAll(null);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/CucumberTest.groovy b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/groovy/CucumberTest.groovy
similarity index 70%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/groovy/CucumberTest.groovy
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/groovy/CucumberTest.groovy
index 90f39d57971..e95fe626ddd 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/CucumberTest.groovy
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/groovy/CucumberTest.groovy
@@ -7,11 +7,14 @@ import datadog.trace.api.civisibility.config.SkippableTest
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.CiVisibilityTest
 import datadog.trace.instrumentation.junit5.TestEventsHandlerHolder
+import io.cucumber.core.api.TypeRegistry
 import io.cucumber.junit.platform.engine.CucumberTestEngine
 import org.example.TestSkippedCucumber
 import org.example.TestSkippedExamplesCucumber
 import org.example.TestSkippedFeatureCucumber
 import org.example.TestSucceedCucumber
+import org.example.TestSucceedCucumberUnskippable
+import org.example.TestSucceedCucumberUnskippableSuite
 import org.example.TestSucceedExamplesCucumber
 import org.junit.platform.engine.DiscoverySelector
 import org.junit.platform.launcher.core.LauncherConfig
@@ -59,20 +62,27 @@ class CucumberTest extends CiVisibilityTest {
         testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic With Examples", CIConstants.TEST_PASS)
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example #1", CIConstants.TEST_PASS, null, null, false, ["foo"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example" + getOutlineTestNameSuffix(2, 1), CIConstants.TEST_PASS, null, null, false, ["foo"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example #2", CIConstants.TEST_PASS, null, null, false, ["foo"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example" + getOutlineTestNameSuffix(2, 2), CIConstants.TEST_PASS, null, null, false, ["foo"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example #1", CIConstants.TEST_PASS, null, null, false, ["foo"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example" + getOutlineTestNameSuffix(1, 1), CIConstants.TEST_PASS, null, null, false, ["foo"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example #2", CIConstants.TEST_PASS, null, null, false, ["foo"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example" + getOutlineTestNameSuffix(1, 2), CIConstants.TEST_PASS, null, null, false, ["foo"])
       }
     })
   }
 
+  /**
+   * Later Cucumber versions report different example execution names
+   */
+  private String getOutlineTestNameSuffix(int exampleIdx, int rowIdx) {
+    return expectedTestFrameworkVersion() > "7" ? " #${exampleIdx}.${rowIdx}" : " #${rowIdx}"
+  }
+
   def "test skipped generates spans"() {
     setup:
     runTestClasses(TestSkippedCucumber)
@@ -134,16 +144,16 @@ class CucumberTest extends CiVisibilityTest {
         testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic With Examples", CIConstants.TEST_SKIP)
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example #1", CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example" + getOutlineTestNameSuffix(2, 1), CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example #2", CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Double digits.Example" + getOutlineTestNameSuffix(2, 2), CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example #1", CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example" + getOutlineTestNameSuffix(1, 1), CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
       }
       trace(1) {
-        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example #2", CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic With Examples", "Many additions.Single digits.Example" + getOutlineTestNameSuffix(1, 2), CIConstants.TEST_SKIP, [(Tags.TEST_SKIP_REASON): "'cucumber.filter.tags=not ( @Disabled )' did not match this scenario"], null, false, ["foo", "Disabled"])
       }
     })
   }
@@ -176,6 +186,60 @@ class CucumberTest extends CiVisibilityTest {
     testTags = [(Tags.TEST_SKIP_REASON): "Skipped by Datadog Intelligent Test Runner", (Tags.TEST_SKIPPED_BY_ITR): true]
   }
 
+  def "test ITR test unskippable"() {
+    setup:
+    givenSkippableTests([new SkippableTest("Basic Arithmetic", "Addition", null, null),])
+    runTestClasses(TestSucceedCucumberUnskippable)
+
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_PASS, testTags, null, false, ["datadog_itr_unskippable"])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test ITR test unskippable suite"() {
+    setup:
+    givenSkippableTests([new SkippableTest("Basic Arithmetic", "Addition", null, null),])
+    runTestClasses(TestSucceedCucumberUnskippableSuite)
+
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testFeatureSpan(it, 2, testSessionId, testModuleId, "Basic Arithmetic", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testScenarioSpan(it, 0, testSessionId, testModuleId, testSuiteId, "Basic Arithmetic", "Addition", CIConstants.TEST_PASS, testTags, null, false, ["datadog_itr_unskippable"])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
   private static void runTestClasses(Class<?>... classes) {
     TestEventsHandlerHolder.start()
 
@@ -225,7 +289,7 @@ class CucumberTest extends CiVisibilityTest {
     final Throwable exception = null,
     final boolean emptyDuration = false,
     final Collection<String> categories = null) {
-    testSpan(trace, index, testSessionId, testModuleId, testSuiteId, testSuite, testName, null, testStatus, testTags, exception, emptyDuration, categories, false)
+    testSpan(trace, index, testSessionId, testModuleId, testSuiteId, testSuite, testName, null, testStatus, testTags, exception, emptyDuration, categories, false, false)
   }
 
   @Override
@@ -240,7 +304,8 @@ class CucumberTest extends CiVisibilityTest {
 
   @Override
   String expectedTestFrameworkVersion() {
-    return "5.4.0"
+    def version = TypeRegistry.package.getImplementationVersion()
+    return version != null ? version : "5.4.0" // older releases do not have package version populated
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSkippedCucumber.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSkippedCucumber.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSkippedCucumber.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSkippedCucumber.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSkippedExamplesCucumber.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSkippedExamplesCucumber.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSkippedExamplesCucumber.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSkippedExamplesCucumber.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSkippedFeatureCucumber.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSkippedFeatureCucumber.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSkippedFeatureCucumber.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSkippedFeatureCucumber.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedCucumber.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumber.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedCucumber.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumber.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumberUnskippable.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumberUnskippable.java
new file mode 100644
index 00000000000..f5da5b7f28f
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumberUnskippable.java
@@ -0,0 +1,15 @@
+package org.example;
+
+import io.cucumber.core.options.Constants;
+import org.junit.platform.suite.api.ConfigurationParameter;
+import org.junit.platform.suite.api.IncludeEngines;
+import org.junit.platform.suite.api.SelectClasspathResource;
+import org.junit.platform.suite.api.Suite;
+
+@Suite
+@IncludeEngines("cucumber")
+@SelectClasspathResource("org/example/cucumber/calculator/basic_arithmetic_unskippable.feature")
+@ConfigurationParameter(
+    key = Constants.GLUE_PROPERTY_NAME,
+    value = "org.example.cucumber.calculator")
+public class TestSucceedCucumberUnskippable {}
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumberUnskippableSuite.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumberUnskippableSuite.java
new file mode 100644
index 00000000000..6ac3d9140a2
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedCucumberUnskippableSuite.java
@@ -0,0 +1,16 @@
+package org.example;
+
+import io.cucumber.core.options.Constants;
+import org.junit.platform.suite.api.ConfigurationParameter;
+import org.junit.platform.suite.api.IncludeEngines;
+import org.junit.platform.suite.api.SelectClasspathResource;
+import org.junit.platform.suite.api.Suite;
+
+@Suite
+@IncludeEngines("cucumber")
+@SelectClasspathResource(
+    "org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature")
+@ConfigurationParameter(
+    key = Constants.GLUE_PROPERTY_NAME,
+    value = "org.example.cucumber.calculator")
+public class TestSucceedCucumberUnskippableSuite {}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedExamplesCucumber.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedExamplesCucumber.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedExamplesCucumber.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/TestSucceedExamplesCucumber.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/cucumber/calculator/CalculatorSteps.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/cucumber/calculator/ParameterTypes.java b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/cucumber/calculator/ParameterTypes.java
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/cucumber/calculator/ParameterTypes.java
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/java/org/example/cucumber/calculator/ParameterTypes.java
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic.feature
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped.feature
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped.feature
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped_feature.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped_feature.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped_feature.feature
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_skipped_feature.feature
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable.feature
new file mode 100644
index 00000000000..a72a357f287
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable.feature
@@ -0,0 +1,10 @@
+Feature: Basic Arithmetic
+
+  Background: A Calculator
+    Given a calculator I just turned on
+
+  @datadog_itr_unskippable
+  Scenario: Addition
+  # Try to change one of the values below to provoke a failure
+    When I add 4 and 5
+    Then the result is 9
diff --git a/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature
new file mode 100644
index 00000000000..b897853eaa8
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_unskippable_suite.feature
@@ -0,0 +1,10 @@
+@datadog_itr_unskippable
+Feature: Basic Arithmetic
+
+  Background: A Calculator
+    Given a calculator I just turned on
+
+  Scenario: Addition
+  # Try to change one of the values below to provoke a failure
+    When I add 4 and 5
+    Then the result is 9
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples.feature
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples_skipped.feature b/dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples_skipped.feature
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples_skipped.feature
rename to dd-java-agent/instrumentation/junit-5.3/cucumber/src/test/resources/org/example/cucumber/calculator/basic_arithmetic_with_examples_skipped.feature
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/build.gradle b/dd-java-agent/instrumentation/junit-5.3/spock/build.gradle
new file mode 100644
index 00000000000..69a2cb2f59a
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/build.gradle
@@ -0,0 +1,43 @@
+apply from: "$rootDir/gradle/java.gradle"
+
+def spockGroovyVersion = '3.0'
+
+muzzle {
+  pass {
+    group = 'org.spockframework'
+    module = 'spock-core'
+    versions = "[2.0-groovy-${spockGroovyVersion},)"
+    extraDependency "org.junit.platform:junit-platform-launcher:1.9.2"
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  implementation project(':dd-java-agent:instrumentation:junit-5.3')
+  compileOnly group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.7.2'
+  compileOnly group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.7.2'
+  compileOnly group: 'org.spockframework', name: 'spock-core', version: "2.0-groovy-${spockGroovyVersion}"
+
+  testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
+
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.9.2'
+  testImplementation group: 'org.spockframework', name: 'spock-core', version: "2.2-groovy-${spockGroovyVersion}"
+
+  latestDepTestImplementation group: 'org.spockframework', name: 'spock-core', version: '2.+'
+}
+
+configurations.matching({ it.name.startsWith('test') }).each({
+  it.resolutionStrategy {
+    force group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.9.2'
+    force group: 'org.spockframework', name: 'spock-core', version: "2.2-groovy-${spockGroovyVersion}"
+  }
+})
+
+configurations.matching({ it.name.startsWith('latestDepTest') }).each({
+  it.resolutionStrategy.componentSelection.all { ComponentSelection selection ->
+    if (selection.candidate.group == 'org.spockframework' && selection.candidate.module == 'spock-core' && !selection.candidate.version.endsWith("-groovy-${spockGroovyVersion}")) {
+      selection.reject('Spock groovy version mismatch')
+    }
+  }
+})
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/JUnit5SpockInstrumentation.java b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/JUnit5SpockInstrumentation.java
new file mode 100644
index 00000000000..329ab1e19df
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/JUnit5SpockInstrumentation.java
@@ -0,0 +1,94 @@
+package datadog.trace.instrumentation.junit5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ClassLoaderMatchers.hasClassNamed;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.ExecutionRequest;
+import org.junit.platform.engine.TestEngine;
+import org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService;
+import org.spockframework.runtime.SpockEngine;
+
+@AutoService(Instrumenter.class)
+public class JUnit5SpockInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForSingleType {
+
+  public JUnit5SpockInstrumentation() {
+    super("ci-visibility", "junit-5", "junit-5-spock");
+  }
+
+  @Override
+  public ElementMatcher<ClassLoader> classLoaderMatcher() {
+    return hasClassNamed("org.spockframework.runtime.SpockEngine");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".JUnitPlatformUtils",
+      packageName + ".SpockUtils",
+      packageName + ".TestEventsHandlerHolder",
+      packageName + ".SpockTracingListener",
+      packageName + ".CompositeEngineListener",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("execute").and(takesArgument(0, named("org.junit.platform.engine.ExecutionRequest"))),
+        JUnit5SpockInstrumentation.class.getName() + "$SpockAdvice");
+  }
+
+  @SuppressFBWarnings(
+      value = "UC_USELESS_OBJECT",
+      justification = "executionRequest is the argument of the original method")
+  public static class SpockAdvice {
+
+    @Advice.OnMethodEnter
+    public static void addTracingListener(
+        @Advice.This TestEngine testEngine,
+        @Advice.Argument(value = 0, readOnly = false) ExecutionRequest executionRequest) {
+      if (!(testEngine instanceof SpockEngine)) {
+        // wrong test engine
+        return;
+      }
+
+      if (JUnitPlatformUtils.isTestInProgress()) {
+        // a test case that is in progress starts a new JUnit instance.
+        // It might be done in order to achieve classloader isolation
+        // (for example, spring-boot uses this technique).
+        // We are already tracking the active test case,
+        // and do not want to report the "embedded" JUnit execution
+        // as a separate module
+        return;
+      }
+
+      SpockTracingListener tracingListener = new SpockTracingListener(testEngine);
+      EngineExecutionListener originalListener = executionRequest.getEngineExecutionListener();
+      EngineExecutionListener compositeListener =
+          new CompositeEngineListener(tracingListener, originalListener);
+      executionRequest =
+          new ExecutionRequest(
+              executionRequest.getRootTestDescriptor(),
+              compositeListener,
+              executionRequest.getConfigurationParameters());
+    }
+
+    // JUnit 5.3.0 and above
+    public static void muzzleCheck(final SameThreadHierarchicalTestExecutorService service) {
+      service.invokeAll(null);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/JUnit5SpockItrInstrumentation.java b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/JUnit5SpockItrInstrumentation.java
new file mode 100644
index 00000000000..9c711eb8f0c
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/JUnit5SpockItrInstrumentation.java
@@ -0,0 +1,110 @@
+package datadog.trace.instrumentation.junit5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ClassLoaderMatchers.hasClassNamed;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.util.Collection;
+import java.util.Set;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.junit.platform.engine.TestTag;
+import org.junit.platform.engine.support.hierarchical.Node;
+import org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService;
+import org.spockframework.runtime.SpockNode;
+
+@AutoService(Instrumenter.class)
+public class JUnit5SpockItrInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForTypeHierarchy {
+
+  public JUnit5SpockItrInstrumentation() {
+    super("ci-visibility", "junit-5", "junit-5-spock");
+  }
+
+  @Override
+  public ElementMatcher<ClassLoader> classLoaderMatcher() {
+    return hasClassNamed("org.spockframework.runtime.SpockEngine");
+  }
+
+  @Override
+  public boolean isApplicable(Set<TargetSystem> enabledSystems) {
+    return super.isApplicable(enabledSystems) && Config.get().isCiVisibilityItrEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "org.spockframework.runtime.SpockNode";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return extendsClass(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".JUnitPlatformUtils",
+      packageName + ".SpockUtils",
+      packageName + ".TestEventsHandlerHolder",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("shouldBeSkipped").and(takesArguments(1)),
+        JUnit5SpockItrInstrumentation.class.getName() + "$JUnit5ItrAdvice");
+  }
+
+  /**
+   * !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!! Do not use or refer to any classes from {@code
+   * org.junit.platform.launcher} package in here: in some Gradle projects this package is not
+   * available in CL where this instrumentation is injected
+   */
+  public static class JUnit5ItrAdvice {
+
+    @SuppressFBWarnings(
+        value = "UC_USELESS_OBJECT",
+        justification = "skipResult is the return value of the instrumented method")
+    @Advice.OnMethodExit
+    public static void shouldBeSkipped(
+        @Advice.This SpockNode<?> spockNode,
+        @Advice.Return(readOnly = false) Node.SkipResult skipResult) {
+      if (skipResult.isSkipped()) {
+        return;
+      }
+
+      if (TestEventsHandlerHolder.TEST_EVENTS_HANDLER == null) {
+        // should only happen in integration tests
+        // because we cannot avoid instrumenting ourselves
+        return;
+      }
+
+      Collection<TestTag> tags = SpockUtils.getTags(spockNode);
+      for (TestTag tag : tags) {
+        if (InstrumentationBridge.ITR_UNSKIPPABLE_TAG.equals(tag.getName())) {
+          return;
+        }
+      }
+
+      SkippableTest test = SpockUtils.toSkippableTest(spockNode);
+      if (test != null && TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(test)) {
+        skipResult = Node.SkipResult.skip(InstrumentationBridge.ITR_SKIP_REASON);
+      }
+    }
+
+    // JUnit 5.3.0 and above
+    public static void muzzleCheck(final SameThreadHierarchicalTestExecutorService service) {
+      service.invokeAll(null);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/SpockTracingListener.java b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/SpockTracingListener.java
new file mode 100644
index 00000000000..af233d1c2f4
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/SpockTracingListener.java
@@ -0,0 +1,228 @@
+package datadog.trace.instrumentation.junit5;
+
+import java.lang.reflect.Method;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestEngine;
+import org.junit.platform.engine.TestExecutionResult;
+import org.junit.platform.engine.TestSource;
+import org.junit.platform.engine.TestTag;
+import org.junit.platform.engine.reporting.ReportEntry;
+import org.junit.platform.engine.support.descriptor.ClassSource;
+import org.junit.platform.engine.support.descriptor.MethodSource;
+
+public class SpockTracingListener implements EngineExecutionListener {
+
+  private final String testFramework;
+  private final String testFrameworkVersion;
+
+  public SpockTracingListener(TestEngine testEngine) {
+    testFramework = testEngine.getId();
+    testFrameworkVersion = testEngine.getVersion().orElse(null);
+  }
+
+  @Override
+  public void dynamicTestRegistered(TestDescriptor testDescriptor) {
+    // no op
+  }
+
+  @Override
+  public void reportingEntryPublished(TestDescriptor testDescriptor, ReportEntry entry) {
+    // no op
+  }
+
+  @Override
+  public void executionStarted(final TestDescriptor testDescriptor) {
+    if (testDescriptor.isContainer()) {
+      containerExecutionStarted(testDescriptor);
+    } else if (testDescriptor.isTest()) {
+      testCaseExecutionStarted(testDescriptor);
+    }
+  }
+
+  @Override
+  public void executionFinished(
+      TestDescriptor testDescriptor, TestExecutionResult testExecutionResult) {
+    if (testDescriptor.isContainer()) {
+      containerExecutionFinished(testDescriptor, testExecutionResult);
+    } else if (testDescriptor.isTest()) {
+      testCaseExecutionFinished(testDescriptor, testExecutionResult);
+    }
+  }
+
+  private void containerExecutionStarted(final TestDescriptor testDescriptor) {
+    if (!SpockUtils.isSpec(testDescriptor)) {
+      return;
+    }
+
+    Class<?> testClass = JUnitPlatformUtils.getJavaClass(testDescriptor);
+    String testSuiteName =
+        testClass != null ? testClass.getName() : testDescriptor.getLegacyReportingName();
+
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+        testSuiteName, testFramework, testFrameworkVersion, testClass, tags, false);
+  }
+
+  private void containerExecutionFinished(
+      final TestDescriptor testDescriptor, final TestExecutionResult testExecutionResult) {
+    if (!SpockUtils.isSpec(testDescriptor)) {
+      return;
+    }
+
+    Class<?> testClass = JUnitPlatformUtils.getJavaClass(testDescriptor);
+    String testSuiteName =
+        testClass != null ? testClass.getName() : testDescriptor.getLegacyReportingName();
+
+    Throwable throwable = testExecutionResult.getThrowable().orElse(null);
+    if (throwable != null) {
+      if (JUnitPlatformUtils.isAssumptionFailure(throwable)) {
+
+        String reason = throwable.getMessage();
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(
+            testSuiteName, testClass, reason);
+
+        for (TestDescriptor child : testDescriptor.getChildren()) {
+          executionSkipped(child, reason);
+        }
+
+      } else {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
+            testSuiteName, testClass, throwable);
+      }
+    }
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
+  }
+
+  private void testCaseExecutionStarted(final TestDescriptor testDescriptor) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof MethodSource) {
+      testMethodExecutionStarted(testDescriptor, (MethodSource) testSource);
+    }
+  }
+
+  private void testMethodExecutionStarted(TestDescriptor testDescriptor, MethodSource testSource) {
+    String testSuitName = testSource.getClassName();
+    String displayName = testDescriptor.getDisplayName();
+
+    String testParameters = JUnitPlatformUtils.getParameters(testSource, displayName);
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+
+    Class<?> testClass = testSource.getJavaClass();
+    Method testMethod = SpockUtils.getTestMethod(testSource);
+    String testMethodName = testSource.getMethodName();
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+        testSuitName,
+        displayName,
+        null,
+        testFramework,
+        testFrameworkVersion,
+        testParameters,
+        tags,
+        testClass,
+        testMethodName,
+        testMethod);
+  }
+
+  private void testCaseExecutionFinished(
+      final TestDescriptor testDescriptor, final TestExecutionResult testExecutionResult) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof MethodSource) {
+      testMethodExecutionFinished(testDescriptor, testExecutionResult, (MethodSource) testSource);
+    }
+  }
+
+  private static void testMethodExecutionFinished(
+      TestDescriptor testDescriptor,
+      TestExecutionResult testExecutionResult,
+      MethodSource testSource) {
+    String testSuiteName = testSource.getClassName();
+    Class<?> testClass = testSource.getJavaClass();
+    String displayName = testDescriptor.getDisplayName();
+    String testParameters = JUnitPlatformUtils.getParameters(testSource, displayName);
+
+    Throwable throwable = testExecutionResult.getThrowable().orElse(null);
+    if (throwable != null) {
+      if (JUnitPlatformUtils.isAssumptionFailure(throwable)) {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+            testSuiteName, testClass, displayName, null, testParameters, throwable.getMessage());
+      } else {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
+            testSuiteName, testClass, displayName, null, testParameters, throwable);
+      }
+    }
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+        testSuiteName, testClass, displayName, null, testParameters);
+  }
+
+  @Override
+  public void executionSkipped(final TestDescriptor testDescriptor, final String reason) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+
+    if (testSource instanceof ClassSource) {
+      // The annotation @Disabled is kept at type level.
+      containerExecutionSkipped(testDescriptor, reason);
+
+    } else if (testSource instanceof MethodSource) {
+      // The annotation @Disabled is kept at method level.
+      testMethodExecutionSkipped(testDescriptor, (MethodSource) testSource, reason);
+    }
+  }
+
+  private void containerExecutionSkipped(final TestDescriptor testDescriptor, final String reason) {
+    if (!SpockUtils.isSpec(testDescriptor)) {
+      return;
+    }
+
+    Class<?> testClass = JUnitPlatformUtils.getJavaClass(testDescriptor);
+    String testSuiteName =
+        testClass != null ? testClass.getName() : testDescriptor.getLegacyReportingName();
+
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+        testSuiteName, testFramework, testFrameworkVersion, testClass, tags, false);
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
+
+    for (TestDescriptor child : testDescriptor.getChildren()) {
+      executionSkipped(child, reason);
+    }
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
+  }
+
+  private void testMethodExecutionSkipped(
+      final TestDescriptor testDescriptor, final MethodSource methodSource, final String reason) {
+    String testSuiteName = methodSource.getClassName();
+    String displayName = testDescriptor.getDisplayName();
+
+    String testParameters = JUnitPlatformUtils.getParameters(methodSource, displayName);
+    List<String> tags =
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+
+    Class<?> testClass = methodSource.getJavaClass();
+    Method testMethod = SpockUtils.getTestMethod(methodSource);
+    String testMethodName = methodSource.getMethodName();
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
+        testSuiteName,
+        displayName,
+        null,
+        testFramework,
+        testFrameworkVersion,
+        testParameters,
+        tags,
+        testClass,
+        testMethodName,
+        testMethod,
+        reason);
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/SpockUtils.java b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/SpockUtils.java
new file mode 100644
index 00000000000..457b4cba642
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/main/java/datadog/trace/instrumentation/junit5/SpockUtils.java
@@ -0,0 +1,128 @@
+package datadog.trace.instrumentation.junit5;
+
+import datadog.trace.api.civisibility.config.SkippableTest;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import org.junit.platform.commons.util.ClassLoaderUtils;
+import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestSource;
+import org.junit.platform.engine.TestTag;
+import org.junit.platform.engine.UniqueId;
+import org.junit.platform.engine.support.descriptor.MethodSource;
+import org.spockframework.runtime.SpockNode;
+import org.spockframework.runtime.model.FeatureMetadata;
+import org.spockframework.runtime.model.SpecElementInfo;
+
+public class SpockUtils {
+
+  private static final MethodHandle GET_TEST_TAGS;
+  private static final MethodHandle GET_TEST_TAG_VALUE;
+
+  static {
+    MethodHandles.Lookup lookup = MethodHandles.publicLookup();
+    ClassLoader defaultClassLoader = ClassLoaderUtils.getDefaultClassLoader();
+    GET_TEST_TAGS = accessGetTestTags(lookup, defaultClassLoader);
+    GET_TEST_TAG_VALUE = accessGetTestTagValue(lookup, defaultClassLoader);
+  }
+
+  private static MethodHandle accessGetTestTags(
+      MethodHandles.Lookup lookup, ClassLoader classLoader) {
+    try {
+      Class<?> testTaggable =
+          classLoader.loadClass("org.spockframework.runtime.model.ITestTaggable");
+      Method method = testTaggable.getDeclaredMethod("getTestTags");
+      return lookup.unreflect(method);
+    } catch (Throwable throwable) {
+      return null;
+    }
+  }
+
+  private static MethodHandle accessGetTestTagValue(
+      MethodHandles.Lookup lookup, ClassLoader classLoader) {
+    try {
+      Class<?> testTaggable = classLoader.loadClass("org.spockframework.runtime.model.TestTag");
+      Method method = testTaggable.getDeclaredMethod("getValue");
+      return lookup.unreflect(method);
+    } catch (Throwable throwable) {
+      return null;
+    }
+  }
+
+  /*
+   * ITestTaggable and TestTag classes are accessed via reflection
+   * since they're available starting with Spock 2.2,
+   * and we support Spock 2.0
+   */
+  public static Collection<TestTag> getTags(SpockNode<?> spockNode) {
+    try {
+      Collection<TestTag> junitPlatformTestTags = new ArrayList<>();
+      SpecElementInfo<?, ?> nodeInfo = spockNode.getNodeInfo();
+      Collection<?> testTags = (Collection<?>) GET_TEST_TAGS.invoke(nodeInfo);
+      for (Object testTag : testTags) {
+        String tagValue = (String) GET_TEST_TAG_VALUE.invoke(testTag);
+        TestTag junitPlatformTestTag = TestTag.create(tagValue);
+        junitPlatformTestTags.add(junitPlatformTestTag);
+      }
+      return junitPlatformTestTags;
+
+    } catch (Throwable throwable) {
+      // ignore
+      return Collections.emptyList();
+    }
+  }
+
+  public static Method getTestMethod(MethodSource methodSource) {
+    String methodName = methodSource.getMethodName();
+    if (methodName == null) {
+      return null;
+    }
+
+    Class<?> testClass = methodSource.getJavaClass();
+    if (testClass == null) {
+      return null;
+    }
+
+    try {
+      for (Method declaredMethod : testClass.getDeclaredMethods()) {
+        FeatureMetadata featureMetadata = declaredMethod.getAnnotation(FeatureMetadata.class);
+        if (featureMetadata == null) {
+          continue;
+        }
+
+        if (methodName.equals(featureMetadata.name())) {
+          return declaredMethod;
+        }
+      }
+
+    } catch (Throwable e) {
+      // ignore
+    }
+    return null;
+  }
+
+  public static SkippableTest toSkippableTest(SpockNode spockNode) {
+    TestSource testSource = spockNode.getSource().orElse(null);
+    if (testSource instanceof MethodSource) {
+      MethodSource methodSource = (MethodSource) testSource;
+      String testSuiteName = methodSource.getClassName();
+      String displayName = spockNode.getDisplayName();
+      String testParameters = JUnitPlatformUtils.getParameters(methodSource, displayName);
+      return new SkippableTest(testSuiteName, displayName, testParameters, null);
+
+    } else {
+      return null;
+    }
+  }
+
+  public static boolean isSpec(TestDescriptor testDescriptor) {
+    UniqueId uniqueId = testDescriptor.getUniqueId();
+    List<UniqueId.Segment> segments = uniqueId.getSegments();
+    UniqueId.Segment lastSegment = segments.get(segments.size() - 1);
+    return "spec".equals(lastSegment.getType());
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/SpockTest.groovy b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/SpockTest.groovy
similarity index 71%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/groovy/SpockTest.groovy
rename to dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/SpockTest.groovy
index 524d908cf11..a6286692fd9 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/SpockTest.groovy
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/SpockTest.groovy
@@ -2,17 +2,21 @@ import datadog.trace.agent.test.asserts.ListWriterAssert
 import datadog.trace.api.DDTags
 import datadog.trace.api.DisableTestTrace
 import datadog.trace.api.civisibility.CIConstants
+import datadog.trace.api.civisibility.InstrumentationBridge
 import datadog.trace.api.civisibility.config.SkippableTest
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.CiVisibilityTest
 import datadog.trace.instrumentation.junit5.TestEventsHandlerHolder
 import org.example.TestParameterizedSpock
 import org.example.TestSucceedSpock
+import org.example.TestSucceedSpockUnskippable
+import org.example.TestSucceedSpockUnskippableSuite
 import org.junit.platform.engine.DiscoverySelector
 import org.junit.platform.launcher.core.LauncherConfig
 import org.junit.platform.launcher.core.LauncherDiscoveryRequestBuilder
 import org.junit.platform.launcher.core.LauncherFactory
 import org.spockframework.runtime.SpockEngine
+import org.spockframework.util.SpockReleaseInfo
 
 import static org.junit.platform.engine.discovery.DiscoverySelectors.selectClass
 
@@ -134,6 +138,64 @@ class SpockTest extends CiVisibilityTest {
     testTags_1 = [(Tags.TEST_PARAMETERS): '{"metadata":{"test_name":"test add 4 and 4"}}']
   }
 
+  def "test ITR unskippable"() {
+    setup:
+    givenSkippableTests([new SkippableTest("org.example.TestSucceedSpockUnskippable", "test success", null, null),])
+    runTestClasses(TestSucceedSpockUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedSpockUnskippable", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedSpockUnskippable", "test success", "test success()V", CIConstants.TEST_PASS,
+          testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test ITR unskippable suite"() {
+    setup:
+    givenSkippableTests([new SkippableTest("org.example.TestSucceedSpockUnskippableSuite", "test success", null, null),])
+    runTestClasses(TestSucceedSpockUnskippableSuite)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedSpockUnskippableSuite", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedSpockUnskippableSuite", "test success", "test success()V", CIConstants.TEST_PASS,
+          testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
   private static void runTestClasses(Class<?>... classes) {
     TestEventsHandlerHolder.start()
 
@@ -170,7 +232,7 @@ class SpockTest extends CiVisibilityTest {
 
   @Override
   String expectedTestFrameworkVersion() {
-    return "2.1.0-groovy-3.0"
+    return SpockReleaseInfo.version
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/org/example/TestParameterizedSpock.groovy b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestParameterizedSpock.groovy
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/groovy/org/example/TestParameterizedSpock.groovy
rename to dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestParameterizedSpock.groovy
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/org/example/TestSucceedSpock.groovy b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpock.groovy
similarity index 100%
rename from dd-java-agent/instrumentation/junit-5.3/src/test/groovy/org/example/TestSucceedSpock.groovy
rename to dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpock.groovy
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpockUnskippable.groovy b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpockUnskippable.groovy
new file mode 100644
index 00000000000..281ef56156d
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpockUnskippable.groovy
@@ -0,0 +1,14 @@
+package org.example
+
+import datadog.trace.api.civisibility.InstrumentationBridge
+import spock.lang.Specification
+import spock.lang.Tag
+
+class TestSucceedSpockUnskippable extends Specification {
+
+  @Tag(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)
+  def "test success"() {
+    expect:
+    1 == 1
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpockUnskippableSuite.groovy b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpockUnskippableSuite.groovy
new file mode 100644
index 00000000000..b61debf26c7
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/spock/src/test/groovy/org/example/TestSucceedSpockUnskippableSuite.groovy
@@ -0,0 +1,14 @@
+package org.example
+
+import datadog.trace.api.civisibility.InstrumentationBridge
+import spock.lang.Specification
+import spock.lang.Tag
+
+@Tag(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)
+class TestSucceedSpockUnskippableSuite extends Specification {
+
+  def "test success"() {
+    expect:
+    1 == 1
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/CompositeEngineListener.java b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/CompositeEngineListener.java
new file mode 100644
index 00000000000..005572f9d97
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/CompositeEngineListener.java
@@ -0,0 +1,49 @@
+package datadog.trace.instrumentation.junit5;
+
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestExecutionResult;
+import org.junit.platform.engine.reporting.ReportEntry;
+
+public class CompositeEngineListener implements EngineExecutionListener {
+
+  private final EngineExecutionListener tracingListener;
+  private final EngineExecutionListener delegate;
+
+  public CompositeEngineListener(
+      EngineExecutionListener tracingListener, EngineExecutionListener delegate) {
+    this.tracingListener = tracingListener;
+    this.delegate = delegate;
+  }
+
+  @Override
+  public void dynamicTestRegistered(TestDescriptor testDescriptor) {
+    // tracing listener is not interested in this event
+    delegate.dynamicTestRegistered(testDescriptor);
+  }
+
+  @Override
+  public void reportingEntryPublished(TestDescriptor testDescriptor, ReportEntry entry) {
+    // tracing listener is not interested in this event
+    delegate.dynamicTestRegistered(testDescriptor);
+  }
+
+  @Override
+  public void executionStarted(TestDescriptor testDescriptor) {
+    tracingListener.executionStarted(testDescriptor);
+    delegate.executionStarted(testDescriptor);
+  }
+
+  @Override
+  public void executionSkipped(TestDescriptor testDescriptor, String reason) {
+    tracingListener.executionSkipped(testDescriptor, reason);
+    delegate.executionSkipped(testDescriptor, reason);
+  }
+
+  @Override
+  public void executionFinished(
+      TestDescriptor testDescriptor, TestExecutionResult testExecutionResult) {
+    tracingListener.executionFinished(testDescriptor, testExecutionResult);
+    delegate.executionFinished(testDescriptor, testExecutionResult);
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5Instrumentation.java b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5Instrumentation.java
index 4600e668734..c3bbc544933 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5Instrumentation.java
+++ b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5Instrumentation.java
@@ -2,56 +2,56 @@
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
-import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-import java.util.ArrayList;
-import java.util.Collection;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.type.TypeDescription;
 import net.bytebuddy.matcher.ElementMatcher;
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.ExecutionRequest;
 import org.junit.platform.engine.TestEngine;
 import org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService;
-import org.junit.platform.launcher.TestExecutionListener;
-import org.junit.platform.launcher.core.LauncherConfig;
 
 @AutoService(Instrumenter.class)
 public class JUnit5Instrumentation extends Instrumenter.CiVisibility
     implements Instrumenter.ForTypeHierarchy {
 
   public JUnit5Instrumentation() {
-    super("junit", "junit-5");
+    super("ci-visibility", "junit-5");
   }
 
   @Override
   public String hierarchyMarkerType() {
-    return "org.junit.platform.launcher.core.LauncherConfig";
+    return "org.junit.platform.engine.TestEngine";
   }
 
   @Override
   public ElementMatcher<TypeDescription> hierarchyMatcher() {
-    return implementsInterface(named(hierarchyMarkerType()));
+    return implementsInterface(named(hierarchyMarkerType()))
+        // JUnit 4 has a dedicated instrumentation
+        .and(not(named("org.junit.vintage.engine.VintageTestEngine")))
+        // suites are only used to organize other test engines
+        .and(not(named("org.junit.platform.suite.engine.SuiteTestEngine")));
   }
 
   @Override
   public String[] helperClassNames() {
     return new String[] {
       packageName + ".JUnitPlatformUtils",
-      packageName + ".JUnitPlatformUtils$Cucumber",
-      packageName + ".JUnitPlatformUtils$Spock",
-      packageName + ".JUnitPlatformLauncherUtils",
-      packageName + ".JUnitPlatformLauncherUtils$Cucumber",
       packageName + ".TestEventsHandlerHolder",
       packageName + ".TracingListener",
+      packageName + ".CompositeEngineListener",
     };
   }
 
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
-        named("getAdditionalTestExecutionListeners").and(takesNoArguments()),
+        named("execute").and(takesArgument(0, named("org.junit.platform.engine.ExecutionRequest"))),
         JUnit5Instrumentation.class.getName() + "$JUnit5Advice");
   }
 
@@ -59,11 +59,20 @@ public static class JUnit5Advice {
 
     @SuppressFBWarnings(
         value = "UC_USELESS_OBJECT",
-        justification = "listeners is the return value of the instrumented method")
-    @Advice.OnMethodExit
+        justification = "executionRequest is the argument of the original method")
+    @Advice.OnMethodEnter
     public static void addTracingListener(
-        @Advice.This LauncherConfig config,
-        @Advice.Return(readOnly = false) Collection<TestExecutionListener> listeners) {
+        @Advice.This TestEngine testEngine,
+        @Advice.Argument(value = 0, readOnly = false) ExecutionRequest executionRequest) {
+      String testEngineClassName = testEngine.getClass().getName();
+      if (testEngineClassName.startsWith("io.cucumber")
+          || testEngineClassName.startsWith("org.spockframework")) {
+        // Cucumber and Spock have dedicated instrumentations.
+        // We can only filter out calls to their engines at runtime,
+        // since they do not declare their own "execute" method,
+        // but inherit it from their parent class
+        return;
+      }
 
       if (JUnitPlatformUtils.isTestInProgress()) {
         // a test case that is in progress starts a new JUnit instance.
@@ -75,13 +84,15 @@ public static void addTracingListener(
         return;
       }
 
-      Collection<TestEngine> testEngines = JUnitPlatformLauncherUtils.getTestEngines(config);
-      final TracingListener listener = new TracingListener(testEngines);
-
-      Collection<TestExecutionListener> modifiedListeners = new ArrayList<>(listeners);
-      modifiedListeners.add(listener);
-
-      listeners = modifiedListeners;
+      TracingListener tracingListener = new TracingListener(testEngine);
+      EngineExecutionListener originalListener = executionRequest.getEngineExecutionListener();
+      EngineExecutionListener compositeListener =
+          new CompositeEngineListener(tracingListener, originalListener);
+      executionRequest =
+          new ExecutionRequest(
+              executionRequest.getRootTestDescriptor(),
+              compositeListener,
+              executionRequest.getConfigurationParameters());
     }
 
     // JUnit 5.3.0 and above
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5ItrInstrumentation.java b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5ItrInstrumentation.java
index 33d205dce4a..d6bde993a84 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5ItrInstrumentation.java
+++ b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnit5ItrInstrumentation.java
@@ -1,7 +1,9 @@
 package datadog.trace.instrumentation.junit5;
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.nameStartsWith;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.not;
 import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 
 import com.google.auto.service.AutoService;
@@ -10,11 +12,13 @@
 import datadog.trace.api.civisibility.InstrumentationBridge;
 import datadog.trace.api.civisibility.config.SkippableTest;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.util.Collection;
 import java.util.Set;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.type.TypeDescription;
 import net.bytebuddy.matcher.ElementMatcher;
 import org.junit.platform.engine.TestDescriptor;
+import org.junit.platform.engine.TestTag;
 import org.junit.platform.engine.support.hierarchical.Node;
 import org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService;
 
@@ -23,7 +27,7 @@ public class JUnit5ItrInstrumentation extends Instrumenter.CiVisibility
     implements Instrumenter.ForTypeHierarchy {
 
   public JUnit5ItrInstrumentation() {
-    super("junit", "junit-5");
+    super("ci-visibility", "junit-5");
   }
 
   @Override
@@ -39,16 +43,17 @@ public String hierarchyMarkerType() {
   @Override
   public ElementMatcher<TypeDescription> hierarchyMatcher() {
     return implementsInterface(named(hierarchyMarkerType()))
-        .and(implementsInterface(named("org.junit.platform.engine.TestDescriptor")));
+        .and(implementsInterface(named("org.junit.platform.engine.TestDescriptor")))
+        // Cucumber has a dedicated instrumentation
+        .and(not(nameStartsWith("io.cucumber")))
+        // Spock has a dedicated instrumentation
+        .and(not(nameStartsWith("org.spockframework")));
   }
 
   @Override
   public String[] helperClassNames() {
     return new String[] {
-      packageName + ".JUnitPlatformUtils",
-      packageName + ".JUnitPlatformUtils$Cucumber",
-      packageName + ".JUnitPlatformUtils$Spock",
-      packageName + ".TestEventsHandlerHolder",
+      packageName + ".JUnitPlatformUtils", packageName + ".TestEventsHandlerHolder",
     };
   }
 
@@ -60,8 +65,7 @@ public void adviceTransformations(AdviceTransformation transformation) {
   }
 
   /**
-   * !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!! Do not use or refer to {@code
-   * datadog.trace.instrumentation.junit5.JunitPlatformLauncherUtils} or any classes from {@code
+   * !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!! Do not use or refer to any classes from {@code
    * org.junit.platform.launcher} package in here: in some Gradle projects this package is not
    * available in CL where this instrumentation is injected
    */
@@ -84,6 +88,13 @@ public static void shouldBeSkipped(
         return;
       }
 
+      Collection<TestTag> tags = testDescriptor.getTags();
+      for (TestTag tag : tags) {
+        if (InstrumentationBridge.ITR_UNSKIPPABLE_TAG.equals(tag.getName())) {
+          return;
+        }
+      }
+
       SkippableTest test = JUnitPlatformUtils.toSkippableTest(testDescriptor);
       if (test != null && TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(test)) {
         skipResult = Node.SkipResult.skip(InstrumentationBridge.ITR_SKIP_REASON);
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformLauncherUtils.java b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformLauncherUtils.java
deleted file mode 100644
index 254fec14d78..00000000000
--- a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformLauncherUtils.java
+++ /dev/null
@@ -1,165 +0,0 @@
-package datadog.trace.instrumentation.junit5;
-
-import datadog.trace.api.Pair;
-import java.lang.invoke.MethodHandle;
-import java.lang.invoke.MethodHandles;
-import java.lang.invoke.MethodType;
-import java.util.ArrayDeque;
-import java.util.Collection;
-import java.util.Deque;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.ServiceLoader;
-import java.util.Set;
-import javax.annotation.Nullable;
-import org.junit.platform.commons.util.ClassLoaderUtils;
-import org.junit.platform.engine.TestEngine;
-import org.junit.platform.engine.TestSource;
-import org.junit.platform.engine.UniqueId;
-import org.junit.platform.engine.support.descriptor.ClassSource;
-import org.junit.platform.engine.support.descriptor.MethodSource;
-import org.junit.platform.launcher.TestIdentifier;
-import org.junit.platform.launcher.TestPlan;
-import org.junit.platform.launcher.core.LauncherConfig;
-
-/**
- * A dedicated utility class for any logic that has to work with {@code org.junit.platform.launcher}
- * package or its children.
- */
-public abstract class JUnitPlatformLauncherUtils {
-
-  private static final MethodHandle GET_UNIQUE_ID_OBJECT;
-
-  static {
-    /*
-     * We have to support older versions of JUnit 5 that do not have certain methods that we would
-     * like to use. We try to get method handles in runtime, and if we fail to do it there's a
-     * fallback to alternative (less efficient) ways of getting the required info
-     */
-    MethodHandles.Lookup lookup = MethodHandles.publicLookup();
-    GET_UNIQUE_ID_OBJECT = accessGetUniqueIdObject(lookup);
-  }
-
-  private static MethodHandle accessGetUniqueIdObject(MethodHandles.Lookup lookup) {
-    try {
-      MethodType returnsUniqueId = MethodType.methodType(UniqueId.class);
-      return lookup.findVirtual(TestIdentifier.class, "getUniqueIdObject", returnsUniqueId);
-    } catch (Exception e) {
-      // assuming we're dealing with an older framework version
-      // that does not have the methods we need;
-      // fallback logic will be used in corresponding utility methods
-      return null;
-    }
-  }
-
-  private JUnitPlatformLauncherUtils() {}
-
-  public static Class<?> getJavaClass(TestIdentifier testIdentifier) {
-    TestSource testSource = testIdentifier.getSource().orElse(null);
-    if (testSource instanceof ClassSource) {
-      ClassSource classSource = (ClassSource) testSource;
-      return classSource.getJavaClass();
-
-    } else if (testSource instanceof MethodSource) {
-      MethodSource methodSource = (MethodSource) testSource;
-      return JUnitPlatformUtils.getTestClass(methodSource);
-
-    } else {
-      return null;
-    }
-  }
-
-  public static boolean isSuite(TestIdentifier testIdentifier) {
-    UniqueId uniqueId = getUniqueId(testIdentifier);
-    List<UniqueId.Segment> segments = uniqueId.getSegments();
-    UniqueId.Segment lastSegment = segments.get(segments.size() - 1);
-    return "class".equals(lastSegment.getType()) // "regular" JUnit test class
-        || "nested-class".equals(lastSegment.getType()) // nested JUnit test class
-        || "spec".equals(lastSegment.getType()) // Spock specification
-        || "feature".equals(lastSegment.getType()); // Cucumber feature
-  }
-
-  public static @Nullable String getTestEngineId(final TestIdentifier testIdentifier) {
-    UniqueId uniqueId = getUniqueId(testIdentifier);
-    List<UniqueId.Segment> segments = uniqueId.getSegments();
-    ListIterator<UniqueId.Segment> iterator = segments.listIterator(segments.size());
-    // Iterating from the end of the list,
-    // since we want the last segment with type "engine".
-    // In case junit-platform-suite engine is used,
-    // its segment will be the first,
-    // and the actual engine that runs the test
-    // will be in some later segment
-    while (iterator.hasPrevious()) {
-      UniqueId.Segment segment = iterator.previous();
-      if ("engine".equals(segment.getType())) {
-        return segment.getValue();
-      }
-    }
-    return null;
-  }
-
-  public static UniqueId getUniqueId(TestIdentifier testIdentifier) {
-    if (GET_UNIQUE_ID_OBJECT != null) {
-      try {
-        return (UniqueId) GET_UNIQUE_ID_OBJECT.invokeExact(testIdentifier);
-      } catch (Throwable e) {
-        // fallback to slower mechanism below
-      }
-    }
-    return UniqueId.parse(testIdentifier.getUniqueId());
-  }
-
-  public static Collection<TestEngine> getTestEngines(LauncherConfig config) {
-    Set<TestEngine> engines = new LinkedHashSet<>();
-    if (config.isTestEngineAutoRegistrationEnabled()) {
-      ClassLoader defaultClassLoader = ClassLoaderUtils.getDefaultClassLoader();
-      ServiceLoader.load(TestEngine.class, defaultClassLoader).forEach(engines::add);
-    }
-    engines.addAll(config.getAdditionalTestEngines());
-    return engines;
-  }
-
-  public static final class Cucumber {
-    public static Pair<String, String> getFeatureAndScenarioNames(
-        TestPlan testPlan, TestIdentifier scenario, String fallbackFeatureName) {
-      String featureName = fallbackFeatureName;
-
-      Deque<TestIdentifier> scenarioIdentifiers = new ArrayDeque<>();
-      scenarioIdentifiers.push(scenario);
-
-      try {
-        TestIdentifier current = scenario;
-        while (true) {
-          current = testPlan.getParent(current).orElse(null);
-          if (current == null) {
-            break;
-          }
-
-          UniqueId currentId = getUniqueId(current);
-          if (JUnitPlatformUtils.Cucumber.isFeature(currentId)) {
-            featureName = current.getDisplayName();
-            break;
-
-          } else {
-            scenarioIdentifiers.push(current);
-          }
-        }
-
-      } catch (Exception e) {
-        // ignore
-      }
-
-      StringBuilder scenarioName = new StringBuilder();
-      while (!scenarioIdentifiers.isEmpty()) {
-        TestIdentifier identifier = scenarioIdentifiers.pop();
-        scenarioName.append(identifier.getDisplayName());
-        if (!scenarioIdentifiers.isEmpty()) {
-          scenarioName.append('.');
-        }
-      }
-
-      return Pair.of(featureName, scenarioName.toString());
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformUtils.java b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformUtils.java
index ca1fa4e2ec4..52d1cccc346 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformUtils.java
+++ b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/JUnitPlatformUtils.java
@@ -1,42 +1,30 @@
 package datadog.trace.instrumentation.junit5;
 
-import datadog.trace.api.Pair;
 import datadog.trace.api.civisibility.config.SkippableTest;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.util.Strings;
-import java.io.InputStream;
-import java.lang.annotation.Annotation;
 import java.lang.invoke.MethodHandle;
 import java.lang.invoke.MethodHandles;
 import java.lang.invoke.MethodType;
 import java.lang.reflect.Method;
-import java.util.ArrayDeque;
-import java.util.Deque;
 import java.util.List;
-import java.util.Optional;
-import java.util.Properties;
-import javax.annotation.Nullable;
 import org.junit.platform.commons.JUnitException;
-import org.junit.platform.commons.util.ClassLoaderUtils;
 import org.junit.platform.commons.util.ReflectionUtils;
 import org.junit.platform.engine.TestDescriptor;
-import org.junit.platform.engine.TestEngine;
 import org.junit.platform.engine.TestSource;
 import org.junit.platform.engine.UniqueId;
-import org.junit.platform.engine.support.descriptor.ClasspathResourceSource;
+import org.junit.platform.engine.support.descriptor.ClassSource;
 import org.junit.platform.engine.support.descriptor.MethodSource;
 
 /**
- * !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!! Do not use or refer to {@code
- * datadog.trace.instrumentation.junit5.JunitPlatformLauncherUtils} or any classes from {@code
+ * !!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!! Do not use or refer to any classes from {@code
  * org.junit.platform.launcher} package in here: in some Gradle projects this package is not
  * available in CL where this instrumentation is injected.
  *
- * <p>Should you have to do something with those classes, do it in {@code
- * datadog.trace.instrumentation.junit5.JunitPlatformLauncherUtils}
+ * <p>Should you have to do something with those classes, do it in a dedicated utility class
  */
 public abstract class JUnitPlatformUtils {
 
@@ -127,42 +115,16 @@ public static String getParameters(MethodSource methodSource, String displayName
     return "{\"metadata\":{\"test_name\":\"" + Strings.escapeToJson(displayName) + "\"}}";
   }
 
-  public static String getTestName(
-      String displayName, MethodSource methodSource, String testEngineId) {
-    return Spock.ENGINE_ID.equals(testEngineId) ? displayName : methodSource.getMethodName();
-  }
-
-  @Nullable
-  public static Method getTestMethod(MethodSource methodSource, String testEngineId) {
-    return Spock.ENGINE_ID.equals(testEngineId)
-        ? Spock.getSpockTestMethod(methodSource)
-        : getTestMethod(methodSource);
-  }
-
   public static SkippableTest toSkippableTest(TestDescriptor testDescriptor) {
     TestSource testSource = testDescriptor.getSource().orElse(null);
     if (testSource instanceof MethodSource) {
       MethodSource methodSource = (MethodSource) testSource;
       String testSuiteName = methodSource.getClassName();
       String displayName = testDescriptor.getDisplayName();
-      UniqueId uniqueId = testDescriptor.getUniqueId();
-      String testEngineId = uniqueId.getEngineId().orElse(null);
-      String testName = getTestName(displayName, methodSource, testEngineId);
-
+      String testName = methodSource.getMethodName();
       String testParameters = getParameters(methodSource, displayName);
-
       return new SkippableTest(testSuiteName, testName, testParameters, null);
 
-    } else if (testSource instanceof ClasspathResourceSource) {
-      ClasspathResourceSource classpathResourceSource = (ClasspathResourceSource) testSource;
-      String classpathResourceName = classpathResourceSource.getClasspathResourceName();
-
-      Pair<String, String> names =
-          Cucumber.getFeatureAndScenarioNames(testDescriptor, classpathResourceName);
-      String testSuiteName = names.getLeft();
-      String testName = names.getRight();
-      return new SkippableTest(testSuiteName, testName, null, null);
-
     } else {
       return null;
     }
@@ -194,146 +156,26 @@ public static boolean isTestInProgress() {
     return InternalSpanTypes.TEST.toString().equals(span.getSpanType());
   }
 
-  public static final class Spock {
-    public static final String ENGINE_ID = "spock";
-
-    private static final Class<Annotation> SPOCK_FEATURE_METADATA;
-
-    private static final MethodHandle SPOCK_FEATURE_NAME;
-
-    static {
-      /*
-       * Spock's classes are accessed via reflection and method handles
-       * since they are loaded by a different classloader in some envs
-       */
-      MethodHandles.Lookup lookup = MethodHandles.publicLookup();
-      ClassLoader defaultClassLoader = ClassLoaderUtils.getDefaultClassLoader();
-      SPOCK_FEATURE_METADATA = accessSpockFeatureMetadata(defaultClassLoader);
-      SPOCK_FEATURE_NAME = accessSpockFeatureName(lookup, SPOCK_FEATURE_METADATA);
-    }
-
-    private static Class<Annotation> accessSpockFeatureMetadata(ClassLoader classLoader) {
-      try {
-        return (Class<Annotation>)
-            classLoader.loadClass("org.spockframework.runtime.model.FeatureMetadata");
-      } catch (Exception e) {
-        return null;
-      }
-    }
-
-    private static MethodHandle accessSpockFeatureName(
-        MethodHandles.Lookup lookup, Class<Annotation> spockFeatureMetadata) {
-      if (spockFeatureMetadata == null) {
-        return null;
-      }
-      try {
-        MethodType returnsString = MethodType.methodType(String.class);
-        return lookup.findVirtual(spockFeatureMetadata, "name", returnsString);
-      } catch (Exception e) {
-        return null;
-      }
-    }
-
-    public static Method getSpockTestMethod(MethodSource methodSource) {
-      String methodName = methodSource.getMethodName();
-      if (methodName == null) {
-        return null;
-      }
-
-      Class<?> testClass = getTestClass(methodSource);
-      if (testClass == null) {
-        return null;
-      }
-
-      if (SPOCK_FEATURE_METADATA == null || SPOCK_FEATURE_NAME == null) {
-        return null;
-      }
-
-      try {
-        for (Method declaredMethod : testClass.getDeclaredMethods()) {
-          Annotation featureMetadata = declaredMethod.getAnnotation(SPOCK_FEATURE_METADATA);
-          if (featureMetadata == null) {
-            continue;
-          }
-
-          String annotatedName = (String) SPOCK_FEATURE_NAME.invoke(featureMetadata);
-          if (methodName.equals(annotatedName)) {
-            return declaredMethod;
-          }
-        }
+  public static Class<?> getJavaClass(TestDescriptor testDescriptor) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
+    if (testSource instanceof ClassSource) {
+      ClassSource classSource = (ClassSource) testSource;
+      return classSource.getJavaClass();
 
-      } catch (Throwable e) {
-        // ignore
-      }
+    } else if (testSource instanceof MethodSource) {
+      MethodSource methodSource = (MethodSource) testSource;
+      return getTestClass(methodSource);
 
+    } else {
       return null;
     }
   }
 
-  public static final class Cucumber {
-    public static final String ENGINE_ID = "cucumber";
-
-    public static @Nullable String getCucumberVersion(TestEngine cucumberEngine) {
-      try (InputStream cucumberPropsStream =
-          cucumberEngine
-              .getClass()
-              .getClassLoader()
-              .getResourceAsStream(
-                  "META-INF/maven/io.cucumber/cucumber-junit-platform-engine/pom.properties")) {
-        Properties cucumberProps = new Properties();
-        cucumberProps.load(cucumberPropsStream);
-        String version = cucumberProps.getProperty("version");
-        if (version != null) {
-          return version;
-        }
-      } catch (Exception e) {
-        // fallback below
-      }
-      // might return "DEVELOPMENT" even for releases
-      return cucumberEngine.getVersion().orElse(null);
-    }
-
-    public static Pair<String, String> getFeatureAndScenarioNames(
-        TestDescriptor testDescriptor, String fallbackFeatureName) {
-      String featureName = fallbackFeatureName;
-
-      Deque<TestDescriptor> scenarioDescriptors = new ArrayDeque<>();
-      scenarioDescriptors.push(testDescriptor);
-
-      TestDescriptor current = testDescriptor;
-      while (true) {
-        Optional<TestDescriptor> parent = current.getParent();
-        if (!parent.isPresent()) {
-          break;
-        }
-
-        current = parent.get();
-        UniqueId currentId = current.getUniqueId();
-        if (isFeature(currentId)) {
-          featureName = current.getDisplayName();
-          break;
-
-        } else {
-          scenarioDescriptors.push(current);
-        }
-      }
-
-      StringBuilder scenarioName = new StringBuilder();
-      while (!scenarioDescriptors.isEmpty()) {
-        TestDescriptor descriptor = scenarioDescriptors.pop();
-        scenarioName.append(descriptor.getDisplayName());
-        if (!scenarioDescriptors.isEmpty()) {
-          scenarioName.append('.');
-        }
-      }
-
-      return Pair.of(featureName, scenarioName.toString());
-    }
-
-    public static boolean isFeature(UniqueId uniqueId) {
-      List<UniqueId.Segment> segments = uniqueId.getSegments();
-      UniqueId.Segment lastSegment = segments.listIterator(segments.size()).previous();
-      return "feature".equals(lastSegment.getType());
-    }
+  public static boolean isSuite(TestDescriptor testDescriptor) {
+    UniqueId uniqueId = testDescriptor.getUniqueId();
+    List<UniqueId.Segment> segments = uniqueId.getSegments();
+    UniqueId.Segment lastSegment = segments.get(segments.size() - 1);
+    return "class".equals(lastSegment.getType()) // "regular" JUnit test class
+        || "nested-class".equals(lastSegment.getType()); // nested JUnit test class
   }
 }
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/TracingListener.java b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/TracingListener.java
index d54997fdc63..2a270a414dd 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/TracingListener.java
+++ b/dd-java-agent/instrumentation/junit-5.3/src/main/java/datadog/trace/instrumentation/junit5/TracingListener.java
@@ -1,98 +1,82 @@
 package datadog.trace.instrumentation.junit5;
 
-import datadog.trace.api.Pair;
 import java.lang.reflect.Method;
-import java.util.Collection;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 import java.util.stream.Collectors;
-import javax.annotation.Nullable;
+import org.junit.platform.engine.EngineExecutionListener;
+import org.junit.platform.engine.TestDescriptor;
 import org.junit.platform.engine.TestEngine;
 import org.junit.platform.engine.TestExecutionResult;
 import org.junit.platform.engine.TestSource;
 import org.junit.platform.engine.TestTag;
+import org.junit.platform.engine.reporting.ReportEntry;
 import org.junit.platform.engine.support.descriptor.ClassSource;
-import org.junit.platform.engine.support.descriptor.ClasspathResourceSource;
 import org.junit.platform.engine.support.descriptor.MethodSource;
-import org.junit.platform.launcher.TestExecutionListener;
-import org.junit.platform.launcher.TestIdentifier;
-import org.junit.platform.launcher.TestPlan;
 
-public class TracingListener implements TestExecutionListener {
+public class TracingListener implements EngineExecutionListener {
 
-  private final Map<String, String> versionByTestEngineId = new HashMap<>();
+  private final String testFramework;
+  private final String testFrameworkVersion;
 
-  private volatile TestPlan testPlan;
-
-  public TracingListener(Collection<TestEngine> testEngines) {
-    for (TestEngine testEngine : testEngines) {
-      String engineId = testEngine.getId();
-      String engineVersion =
-          !JUnitPlatformUtils.Cucumber.ENGINE_ID.equals(engineId)
-              ? testEngine.getVersion().orElse(null)
-              : JUnitPlatformUtils.Cucumber.getCucumberVersion(testEngine);
-      versionByTestEngineId.put(engineId, engineVersion);
-    }
+  public TracingListener(TestEngine testEngine) {
+    String engineId = testEngine.getId();
+    testFramework = engineId != null && engineId.startsWith("junit") ? "junit5" : engineId;
+    testFrameworkVersion = testEngine.getVersion().orElse(null);
   }
 
   @Override
-  public void testPlanExecutionStarted(final TestPlan testPlan) {
-    this.testPlan = testPlan;
+  public void dynamicTestRegistered(TestDescriptor testDescriptor) {
+    // no op
   }
 
   @Override
-  public void testPlanExecutionFinished(final TestPlan testPlan) {
+  public void reportingEntryPublished(TestDescriptor testDescriptor, ReportEntry entry) {
     // no op
   }
 
   @Override
-  public void executionStarted(final TestIdentifier testIdentifier) {
-    if (testIdentifier.isContainer()) {
-      containerExecutionStarted(testIdentifier);
-    } else if (testIdentifier.isTest()) {
-      testCaseExecutionStarted(testIdentifier);
+  public void executionStarted(final TestDescriptor testDescriptor) {
+    if (testDescriptor.isContainer()) {
+      containerExecutionStarted(testDescriptor);
+    } else if (testDescriptor.isTest()) {
+      testCaseExecutionStarted(testDescriptor);
     }
   }
 
   @Override
   public void executionFinished(
-      final TestIdentifier testIdentifier, final TestExecutionResult testExecutionResult) {
-    if (testIdentifier.isContainer()) {
-      containerExecutionFinished(testIdentifier, testExecutionResult);
-    } else if (testIdentifier.isTest()) {
-      testCaseExecutionFinished(testIdentifier, testExecutionResult);
+      TestDescriptor testDescriptor, TestExecutionResult testExecutionResult) {
+    if (testDescriptor.isContainer()) {
+      containerExecutionFinished(testDescriptor, testExecutionResult);
+    } else if (testDescriptor.isTest()) {
+      testCaseExecutionFinished(testDescriptor, testExecutionResult);
     }
   }
 
-  private void containerExecutionStarted(final TestIdentifier testIdentifier) {
-    if (!JUnitPlatformLauncherUtils.isSuite(testIdentifier)) {
+  private void containerExecutionStarted(final TestDescriptor testDescriptor) {
+    if (!JUnitPlatformUtils.isSuite(testDescriptor)) {
       return;
     }
 
-    Class<?> testClass = JUnitPlatformLauncherUtils.getJavaClass(testIdentifier);
+    Class<?> testClass = JUnitPlatformUtils.getJavaClass(testDescriptor);
     String testSuiteName =
-        testClass != null ? testClass.getName() : testIdentifier.getLegacyReportingName();
-
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    String testFramework = getTestFramework(testEngineId);
-    String testFrameworkVersion = versionByTestEngineId.get(testEngineId);
+        testClass != null ? testClass.getName() : testDescriptor.getLegacyReportingName();
 
     List<String> tags =
-        testIdentifier.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
         testSuiteName, testFramework, testFrameworkVersion, testClass, tags, false);
   }
 
   private void containerExecutionFinished(
-      final TestIdentifier testIdentifier, final TestExecutionResult testExecutionResult) {
-    if (!JUnitPlatformLauncherUtils.isSuite(testIdentifier)) {
+      final TestDescriptor testDescriptor, final TestExecutionResult testExecutionResult) {
+    if (!JUnitPlatformUtils.isSuite(testDescriptor)) {
       return;
     }
 
-    Class<?> testClass = JUnitPlatformLauncherUtils.getJavaClass(testIdentifier);
+    Class<?> testClass = JUnitPlatformUtils.getJavaClass(testDescriptor);
     String testSuiteName =
-        testClass != null ? testClass.getName() : testIdentifier.getLegacyReportingName();
+        testClass != null ? testClass.getName() : testDescriptor.getLegacyReportingName();
 
     Throwable throwable = testExecutionResult.getThrowable().orElse(null);
     if (throwable != null) {
@@ -102,7 +86,7 @@ private void containerExecutionFinished(
         TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(
             testSuiteName, testClass, reason);
 
-        for (TestIdentifier child : testPlan.getChildren(testIdentifier)) {
+        for (TestDescriptor child : testDescriptor.getChildren()) {
           executionSkipped(child, reason);
         }
 
@@ -115,35 +99,39 @@ private void containerExecutionFinished(
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(testSuiteName, testClass);
   }
 
-  private void testCaseExecutionStarted(final TestIdentifier testIdentifier) {
-    TestSource testSource = testIdentifier.getSource().orElse(null);
+  private void testCaseExecutionStarted(final TestDescriptor testDescriptor) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
     if (testSource instanceof MethodSource) {
-      testMethodExecutionStarted(testIdentifier, (MethodSource) testSource);
-
-    } else if (testSource instanceof ClasspathResourceSource) {
-      testResourceExecutionStarted(testIdentifier, (ClasspathResourceSource) testSource);
+      testMethodExecutionStarted(testDescriptor, (MethodSource) testSource);
     }
   }
 
-  private void testMethodExecutionStarted(TestIdentifier testIdentifier, MethodSource testSource) {
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    String testFramework = getTestFramework(testEngineId);
-    String testFrameworkVersion = versionByTestEngineId.get(testEngineId);
+  private void testMethodExecutionStarted(TestDescriptor testDescriptor, MethodSource testSource) {
+    TestDescriptor suiteDescriptor = getSuiteDescriptor(testDescriptor);
+
+    Class<?> testClass;
+    String testSuiteName;
+    if (suiteDescriptor != null) {
+      testClass = JUnitPlatformUtils.getJavaClass(suiteDescriptor);
+      testSuiteName =
+          testClass != null ? testClass.getName() : suiteDescriptor.getLegacyReportingName();
+    } else {
+      testClass = JUnitPlatformUtils.getTestClass(testSource);
+      testSuiteName = testSource.getClassName();
+    }
 
-    String testSuitName = testSource.getClassName();
-    String displayName = testIdentifier.getDisplayName();
-    String testName = JUnitPlatformUtils.getTestName(displayName, testSource, testEngineId);
+    String displayName = testDescriptor.getDisplayName();
+    String testName = testSource.getMethodName();
 
     String testParameters = JUnitPlatformUtils.getParameters(testSource, displayName);
     List<String> tags =
-        testIdentifier.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
 
-    Class<?> testClass = JUnitPlatformUtils.getTestClass(testSource);
-    Method testMethod = JUnitPlatformUtils.getTestMethod(testSource, testEngineId);
+    Method testMethod = JUnitPlatformUtils.getTestMethod(testSource);
     String testMethodName = testSource.getMethodName();
 
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
-        testSuitName,
+        testSuiteName,
         testName,
         null,
         testFramework,
@@ -155,62 +143,33 @@ private void testMethodExecutionStarted(TestIdentifier testIdentifier, MethodSou
         testMethod);
   }
 
-  private void testResourceExecutionStarted(
-      TestIdentifier testIdentifier, ClasspathResourceSource testSource) {
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    if (!JUnitPlatformUtils.Cucumber.ENGINE_ID.equals(testEngineId)) {
-      return;
-    }
-
-    String classpathResourceName = testSource.getClasspathResourceName();
-
-    Pair<String, String> names =
-        JUnitPlatformLauncherUtils.Cucumber.getFeatureAndScenarioNames(
-            testPlan, testIdentifier, classpathResourceName);
-    String testSuiteName = names.getLeft();
-    String testName = names.getRight();
-
-    String testFramework = getTestFramework(testEngineId);
-    String testFrameworkVersion = versionByTestEngineId.get(testEngineId);
-
-    List<String> tags =
-        testIdentifier.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
-
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
-        testSuiteName,
-        testName,
-        null,
-        testFramework,
-        testFrameworkVersion,
-        null,
-        tags,
-        null,
-        null,
-        null);
-  }
-
   private void testCaseExecutionFinished(
-      final TestIdentifier testIdentifier, final TestExecutionResult testExecutionResult) {
-    TestSource testSource = testIdentifier.getSource().orElse(null);
+      final TestDescriptor testDescriptor, final TestExecutionResult testExecutionResult) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
     if (testSource instanceof MethodSource) {
-      testMethodExecutionFinished(testIdentifier, testExecutionResult, (MethodSource) testSource);
-
-    } else if (testSource instanceof ClasspathResourceSource) {
-      testResourceExecutionFinished(
-          testIdentifier, testExecutionResult, (ClasspathResourceSource) testSource);
+      testMethodExecutionFinished(testDescriptor, testExecutionResult, (MethodSource) testSource);
     }
   }
 
   private static void testMethodExecutionFinished(
-      TestIdentifier testIdentifier,
+      TestDescriptor testDescriptor,
       TestExecutionResult testExecutionResult,
       MethodSource testSource) {
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
+    TestDescriptor suiteDescriptor = getSuiteDescriptor(testDescriptor);
+
+    Class<?> testClass;
+    String testSuiteName;
+    if (suiteDescriptor != null) {
+      testClass = JUnitPlatformUtils.getJavaClass(suiteDescriptor);
+      testSuiteName =
+          testClass != null ? testClass.getName() : suiteDescriptor.getLegacyReportingName();
+    } else {
+      testClass = JUnitPlatformUtils.getTestClass(testSource);
+      testSuiteName = testSource.getClassName();
+    }
 
-    String testSuiteName = testSource.getClassName();
-    Class<?> testClass = JUnitPlatformUtils.getTestClass(testSource);
-    String displayName = testIdentifier.getDisplayName();
-    String testName = JUnitPlatformUtils.getTestName(displayName, testSource, testEngineId);
+    String displayName = testDescriptor.getDisplayName();
+    String testName = testSource.getMethodName();
     String testParameters = JUnitPlatformUtils.getParameters(testSource, displayName);
 
     Throwable throwable = testExecutionResult.getThrowable().orElse(null);
@@ -228,76 +187,37 @@ private static void testMethodExecutionFinished(
         testSuiteName, testClass, testName, null, testParameters);
   }
 
-  private void testResourceExecutionFinished(
-      TestIdentifier testIdentifier,
-      TestExecutionResult testExecutionResult,
-      ClasspathResourceSource testSource) {
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    if (!JUnitPlatformUtils.Cucumber.ENGINE_ID.equals(testEngineId)) {
-      return;
-    }
-
-    String classpathResourceName = testSource.getClasspathResourceName();
-
-    Pair<String, String> names =
-        JUnitPlatformLauncherUtils.Cucumber.getFeatureAndScenarioNames(
-            testPlan, testIdentifier, classpathResourceName);
-    String testSuiteName = names.getLeft();
-    String testName = names.getRight();
-
-    Throwable throwable = testExecutionResult.getThrowable().orElse(null);
-    if (throwable != null) {
-      if (JUnitPlatformUtils.isAssumptionFailure(throwable)) {
-        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
-            testSuiteName, null, testName, null, null, throwable.getMessage());
-      } else {
-        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
-            testSuiteName, null, testName, null, null, throwable);
-      }
-    }
-
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
-        testSuiteName, null, testName, null, null);
-  }
-
   @Override
-  public void executionSkipped(final TestIdentifier testIdentifier, final String reason) {
-    TestSource testSource = testIdentifier.getSource().orElse(null);
+  public void executionSkipped(final TestDescriptor testDescriptor, final String reason) {
+    TestSource testSource = testDescriptor.getSource().orElse(null);
 
     if (testSource instanceof ClassSource) {
       // The annotation @Disabled is kept at type level.
-      containerExecutionSkipped(testIdentifier, reason);
+      containerExecutionSkipped(testDescriptor, reason);
 
     } else if (testSource instanceof MethodSource) {
       // The annotation @Disabled is kept at method level.
-      testMethodExecutionSkipped(testIdentifier, (MethodSource) testSource, reason);
-
-    } else if (testSource instanceof ClasspathResourceSource) {
-      testResourceExecutionSkipped(testIdentifier, (ClasspathResourceSource) testSource, reason);
+      testMethodExecutionSkipped(testDescriptor, (MethodSource) testSource, reason);
     }
   }
 
-  private void containerExecutionSkipped(final TestIdentifier testIdentifier, final String reason) {
-    if (!JUnitPlatformLauncherUtils.isSuite(testIdentifier)) {
+  private void containerExecutionSkipped(final TestDescriptor testDescriptor, final String reason) {
+    if (!JUnitPlatformUtils.isSuite(testDescriptor)) {
       return;
     }
 
-    Class<?> testClass = JUnitPlatformLauncherUtils.getJavaClass(testIdentifier);
+    Class<?> testClass = JUnitPlatformUtils.getJavaClass(testDescriptor);
     String testSuiteName =
-        testClass != null ? testClass.getName() : testIdentifier.getLegacyReportingName();
-
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    String testFramework = getTestFramework(testEngineId);
-    String testFrameworkVersion = versionByTestEngineId.get(testEngineId);
+        testClass != null ? testClass.getName() : testDescriptor.getLegacyReportingName();
 
     List<String> tags =
-        testIdentifier.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
 
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
         testSuiteName, testFramework, testFrameworkVersion, testClass, tags, false);
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(testSuiteName, testClass, reason);
 
-    for (TestIdentifier child : testPlan.getChildren(testIdentifier)) {
+    for (TestDescriptor child : testDescriptor.getChildren()) {
       executionSkipped(child, reason);
     }
 
@@ -305,22 +225,29 @@ private void containerExecutionSkipped(final TestIdentifier testIdentifier, fina
   }
 
   private void testMethodExecutionSkipped(
-      final TestIdentifier testIdentifier, final MethodSource methodSource, final String reason) {
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    String testFramework = getTestFramework(testEngineId);
-    String testFrameworkVersion = versionByTestEngineId.get(testEngineId);
+      final TestDescriptor testDescriptor, final MethodSource testSource, final String reason) {
+    TestDescriptor suiteDescriptor = getSuiteDescriptor(testDescriptor);
+
+    Class<?> testClass;
+    String testSuiteName;
+    if (suiteDescriptor != null) {
+      testClass = JUnitPlatformUtils.getJavaClass(suiteDescriptor);
+      testSuiteName =
+          testClass != null ? testClass.getName() : suiteDescriptor.getLegacyReportingName();
+    } else {
+      testClass = JUnitPlatformUtils.getTestClass(testSource);
+      testSuiteName = testSource.getClassName();
+    }
 
-    String testSuiteName = methodSource.getClassName();
-    String displayName = testIdentifier.getDisplayName();
-    String testName = JUnitPlatformUtils.getTestName(displayName, methodSource, testEngineId);
+    String displayName = testDescriptor.getDisplayName();
+    String testName = testSource.getMethodName();
 
-    String testParameters = JUnitPlatformUtils.getParameters(methodSource, displayName);
+    String testParameters = JUnitPlatformUtils.getParameters(testSource, displayName);
     List<String> tags =
-        testIdentifier.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
+        testDescriptor.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
 
-    Class<?> testClass = JUnitPlatformUtils.getTestClass(methodSource);
-    Method testMethod = JUnitPlatformUtils.getTestMethod(methodSource, testEngineId);
-    String testMethodName = methodSource.getMethodName();
+    Method testMethod = JUnitPlatformUtils.getTestMethod(testSource);
+    String testMethodName = testSource.getMethodName();
 
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
         testSuiteName,
@@ -336,41 +263,10 @@ private void testMethodExecutionSkipped(
         reason);
   }
 
-  private void testResourceExecutionSkipped(
-      TestIdentifier testIdentifier, ClasspathResourceSource testSource, String reason) {
-    String testEngineId = JUnitPlatformLauncherUtils.getTestEngineId(testIdentifier);
-    if (!JUnitPlatformUtils.Cucumber.ENGINE_ID.equals(testEngineId)) {
-      return;
+  private static TestDescriptor getSuiteDescriptor(TestDescriptor testDescriptor) {
+    while (testDescriptor != null && !JUnitPlatformUtils.isSuite(testDescriptor)) {
+      testDescriptor = testDescriptor.getParent().orElse(null);
     }
-
-    String classpathResourceName = testSource.getClasspathResourceName();
-    Pair<String, String> names =
-        JUnitPlatformLauncherUtils.Cucumber.getFeatureAndScenarioNames(
-            testPlan, testIdentifier, classpathResourceName);
-    String testSuiteName = names.getLeft();
-    String testName = names.getRight();
-
-    String testFramework = getTestFramework(testEngineId);
-    String testFrameworkVersion = versionByTestEngineId.get(testEngineId);
-
-    List<String> tags =
-        testIdentifier.getTags().stream().map(TestTag::getName).collect(Collectors.toList());
-
-    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
-        testSuiteName,
-        testName,
-        null,
-        testFramework,
-        testFrameworkVersion,
-        null,
-        tags,
-        null,
-        null,
-        null,
-        reason);
-  }
-
-  private static @Nullable String getTestFramework(String testEngineId) {
-    return testEngineId != null && testEngineId.startsWith("junit") ? "junit5" : testEngineId;
+    return testDescriptor;
   }
 }
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/JUnit5Test.groovy b/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/JUnit5Test.groovy
index b5b498d377f..571de80bb98 100644
--- a/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/JUnit5Test.groovy
+++ b/dd-java-agent/instrumentation/junit-5.3/src/test/groovy/JUnit5Test.groovy
@@ -2,6 +2,7 @@ import datadog.trace.agent.test.asserts.ListWriterAssert
 import datadog.trace.api.DDTags
 import datadog.trace.api.DisableTestTrace
 import datadog.trace.api.civisibility.CIConstants
+import datadog.trace.api.civisibility.InstrumentationBridge
 import datadog.trace.api.civisibility.config.SkippableTest
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.CiVisibilityTest
@@ -24,6 +25,8 @@ import org.example.TestSkippedNested
 import org.example.TestSucceed
 import org.example.TestSucceedAndSkipped
 import org.example.TestSucceedNested
+import org.example.TestSucceedUnskippable
+import org.example.TestSucceedUnskippableSuite
 import org.example.TestSucceedWithCategories
 import org.example.TestSuiteSetUpAssumption
 import org.example.TestTemplate
@@ -693,6 +696,96 @@ class JUnit5Test extends CiVisibilityTest {
     testTags_1 = [(Tags.TEST_PARAMETERS): '{"metadata":{"test_name":"[2] 1, 1, 2, some:\\\"parameter\\\""}}']
   }
 
+  def "test ITR unskippable"() {
+    setup:
+    givenSkippableTests([new SkippableTest("org.example.TestSucceedUnskippable", "test_succeed", null, null),])
+    runTestClasses(TestSucceedUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippable", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippable", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+          testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test ITR unskippable suite"() {
+    setup:
+    givenSkippableTests([
+      new SkippableTest("org.example.TestSucceedUnskippableSuite", "test_succeed", null, null),
+    ])
+    runTestClasses(TestSucceedUnskippableSuite)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippableSuite", CIConstants.TEST_PASS,
+          null, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippableSuite", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+          testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test unskippable ITR test that is not supposed to be skipped"() {
+    setup:
+    givenSkippableTests([])
+    runTestClasses(TestSucceedUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippable", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippable", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+          testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true]
+  }
+
   private static void runTestClasses(Class<?>... classes) {
     TestEventsHandlerHolder.start()
 
@@ -736,7 +829,7 @@ class JUnit5Test extends CiVisibilityTest {
 
   @Override
   String expectedTestFrameworkVersion() {
-    return "5.8.2"
+    return JupiterTestEngine.getPackage().getImplementationVersion()
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedUnskippable.java b/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedUnskippable.java
new file mode 100644
index 00000000000..86496ac40ee
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedUnskippable.java
@@ -0,0 +1,17 @@
+package org.example;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Tags;
+import org.junit.jupiter.api.Test;
+
+public class TestSucceedUnskippable {
+
+  @Test
+  @Tags({@Tag(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)})
+  public void test_succeed() {
+    assertTrue(true);
+  }
+}
diff --git a/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedUnskippableSuite.java b/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedUnskippableSuite.java
new file mode 100644
index 00000000000..f1513089cb5
--- /dev/null
+++ b/dd-java-agent/instrumentation/junit-5.3/src/test/java/org/example/TestSucceedUnskippableSuite.java
@@ -0,0 +1,17 @@
+package org.example;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Tags;
+import org.junit.jupiter.api.Test;
+
+@Tags({@Tag(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)})
+public class TestSucceedUnskippableSuite {
+
+  @Test
+  public void test_succeed() {
+    assertTrue(true);
+  }
+}
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/latestDepTest/groovy/KafkaClientTest.groovy b/dd-java-agent/instrumentation/kafka-clients-0.11/src/latestDepTest/groovy/KafkaClientTest.groovy
index 8e88271e051..cac27c1c94d 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/latestDepTest/groovy/KafkaClientTest.groovy
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/latestDepTest/groovy/KafkaClientTest.groovy
@@ -58,7 +58,6 @@ class KafkaClientTest extends AgentTestRunner {
     super.configurePreAgent()
 
     injectSysConfig("dd.kafka.e2e.duration.enabled", "true")
-    injectSysConfig("dd.data.streams.enabled", "true")
   }
 
   def "test kafka produce and consume"() {
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/Base64Decoder.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/Base64Decoder.java
deleted file mode 100644
index 6ea938e7aef..00000000000
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/Base64Decoder.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package datadog.trace.instrumentation.kafka_clients;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-
-// TODO - can be removed when JDK7 is dropped (adapted from JDK8 source)
-public class Base64Decoder {
-
-  private static final int[] BASE_64 = new int[256];
-
-  static {
-    Arrays.fill(BASE_64, -1);
-    int i = 0;
-    for (char c = 'A'; c <= 'Z'; ++c) {
-      BASE_64[c] = i++;
-    }
-    for (char c = 'a'; c <= 'z'; ++c) {
-      BASE_64[c] = i++;
-    }
-    for (char c = '0'; c <= '9'; ++c) {
-      BASE_64[c] = i++;
-    }
-    BASE_64['+'] = i++;
-    BASE_64['/'] = i;
-    BASE_64['='] = -2;
-  }
-
-  public byte[] decode(byte[] src) {
-    byte[] dst = new byte[outLength(src, 0, src.length)];
-    int ret = decode0(src, 0, src.length, dst);
-    if (ret != dst.length) {
-      dst = Arrays.copyOf(dst, ret);
-    }
-    return dst;
-  }
-
-  public byte[] decode(String src) {
-    return decode(src.getBytes(StandardCharsets.ISO_8859_1));
-  }
-
-  private int outLength(byte[] src, int sp, int sl) {
-    int paddings = 0;
-    int len = sl - sp;
-    if (len == 0) return 0;
-    if (len < 2) {
-      if (BASE_64[0] == -1) return 0;
-      throw new IllegalArgumentException(
-          "Input byte[] should at least have 2 bytes for base64 bytes");
-    }
-    // scan all bytes to fill out all non-alphabet. a performance
-    // trade-off of pre-scan or Arrays.copyOf
-    int n = 0;
-    while (sp < sl) {
-      int b = src[sp++] & 0xff;
-      if (b == '=') {
-        len -= (sl - sp + 1);
-        break;
-      }
-      if ((b = BASE_64[b]) == -1) n++;
-    }
-    len -= n;
-    if ((len & 0x3) != 0) paddings = 4 - (len & 0x3);
-    return 3 * ((len + 3) / 4) - paddings;
-  }
-
-  private int decode0(byte[] src, int sp, int sl, byte[] dst) {
-    int dp = 0;
-    int bits = 0;
-    int shiftto = 18; // pos of first byte of 4-byte atom
-
-    while (sp < sl) {
-      if (shiftto == 18 && sp + 4 < sl) { // fast path
-        int sl0 = sp + ((sl - sp) & ~0b11);
-        while (sp < sl0) {
-          int b1 = BASE_64[src[sp++] & 0xff];
-          int b2 = BASE_64[src[sp++] & 0xff];
-          int b3 = BASE_64[src[sp++] & 0xff];
-          int b4 = BASE_64[src[sp++] & 0xff];
-          if ((b1 | b2 | b3 | b4) < 0) { // non base64 byte
-            sp -= 4;
-            break;
-          }
-          int bits0 = b1 << 18 | b2 << 12 | b3 << 6 | b4;
-          dst[dp++] = (byte) (bits0 >> 16);
-          dst[dp++] = (byte) (bits0 >> 8);
-          dst[dp++] = (byte) (bits0);
-        }
-        if (sp >= sl) break;
-      }
-      int b = src[sp++] & 0xff;
-      if ((b = BASE_64[b]) < 0) {
-        if (b == -2) { // padding byte '='
-          // =     shiftto==18 unnecessary padding
-          // x=    shiftto==12 a dangling single x
-          // x     to be handled together with non-padding case
-          // xx=   shiftto==6&&sp==sl missing last =
-          // xx=y  shiftto==6 last is not =
-          if (shiftto == 6 && (sp == sl || src[sp++] != '=') || shiftto == 18) {
-            throw new IllegalArgumentException("Input byte array has wrong 4-byte ending unit");
-          }
-          break;
-        }
-      }
-      bits |= (b << shiftto);
-      shiftto -= 6;
-      if (shiftto < 0) {
-        dst[dp++] = (byte) (bits >> 16);
-        dst[dp++] = (byte) (bits >> 8);
-        dst[dp++] = (byte) (bits);
-        shiftto = 18;
-        bits = 0;
-      }
-    }
-    // reached end of byte array or hit padding '=' characters.
-    if (shiftto == 6) {
-      dst[dp++] = (byte) (bits >> 16);
-    } else if (shiftto == 0) {
-      dst[dp++] = (byte) (bits >> 16);
-      dst[dp++] = (byte) (bits >> 8);
-    } else if (shiftto == 12) {
-      // dangling single "x", incorrectly encoded.
-      throw new IllegalArgumentException("Last unit does not have enough valid bits");
-    }
-    // ignore all non-base64 character
-    while (sp < sl) {
-      if (BASE_64[src[sp++] & 0xff] < 0) continue;
-      throw new IllegalArgumentException("Input byte array has incorrect ending byte at " + sp);
-    }
-    return dp;
-  }
-}
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaConsumerInstrumentation.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaConsumerInstrumentation.java
index bf840a76e83..ee9ef210ef9 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaConsumerInstrumentation.java
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaConsumerInstrumentation.java
@@ -48,7 +48,7 @@ public String[] helperClassNames() {
       packageName + ".TracingIterator",
       packageName + ".TracingList",
       packageName + ".TracingListIterator",
-      packageName + ".Base64Decoder"
+      packageName + ".Utils"
     };
   }
 
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaDecorator.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaDecorator.java
index 08ef27d2e12..4118983c39b 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaDecorator.java
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaDecorator.java
@@ -53,16 +53,23 @@ public class KafkaDecorator extends MessagingClientDecorator {
       pc -> String.join(",", pc.getList(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG));
   private static final Functions.Prefix CONSUMER_PREFIX = new Functions.Prefix("Consume Topic ");
 
-  private static final String LOCAL_SERVICE_NAME =
-      KAFKA_LEGACY_TRACING ? "kafka" : Config.get().getServiceName();
-
   public static final KafkaDecorator PRODUCER_DECORATE =
       new KafkaDecorator(
-          Tags.SPAN_KIND_PRODUCER, InternalSpanTypes.MESSAGE_PRODUCER, LOCAL_SERVICE_NAME);
+          Tags.SPAN_KIND_PRODUCER,
+          InternalSpanTypes.MESSAGE_PRODUCER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .outboundService(KAFKA, KAFKA_LEGACY_TRACING));
 
   public static final KafkaDecorator CONSUMER_DECORATE =
       new KafkaDecorator(
-          Tags.SPAN_KIND_CONSUMER, InternalSpanTypes.MESSAGE_CONSUMER, LOCAL_SERVICE_NAME);
+          Tags.SPAN_KIND_CONSUMER,
+          InternalSpanTypes.MESSAGE_CONSUMER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService(KAFKA, KAFKA_LEGACY_TRACING));
 
   public static final KafkaDecorator BROKER_DECORATE =
       new KafkaDecorator(
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaProducerInstrumentation.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaProducerInstrumentation.java
index 9c970f101df..62c74489201 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaProducerInstrumentation.java
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/KafkaProducerInstrumentation.java
@@ -99,7 +99,7 @@ public static AgentScope onEnter(
         sortedTags.put(TYPE_TAG, "kafka");
         try {
           propagate().inject(span, record.headers(), SETTER);
-          propagate().injectBinaryPathwayContext(span, record.headers(), SETTER, sortedTags);
+          propagate().injectPathwayContext(span, record.headers(), SETTER, sortedTags);
         } catch (final IllegalStateException e) {
           // headers must be read-only from reused record. try again with new one.
           record =
@@ -112,7 +112,7 @@ record =
                   record.headers());
 
           propagate().inject(span, record.headers(), SETTER);
-          propagate().injectBinaryPathwayContext(span, record.headers(), SETTER, sortedTags);
+          propagate().injectPathwayContext(span, record.headers(), SETTER, sortedTags);
         }
         if (TIME_IN_QUEUE_ENABLED) {
           SETTER.injectTimeInQueue(record.headers());
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapExtractAdapter.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapExtractAdapter.java
index a5924727bdf..70b5a7cadcd 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapExtractAdapter.java
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapExtractAdapter.java
@@ -6,6 +6,7 @@
 import datadog.trace.api.Config;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import java.nio.ByteBuffer;
+import java.util.Base64;
 import org.apache.kafka.common.header.Header;
 import org.apache.kafka.common.header.Headers;
 import org.slf4j.Logger;
@@ -20,10 +21,10 @@ public class TextMapExtractAdapter
   public static final TextMapExtractAdapter GETTER =
       new TextMapExtractAdapter(Config.get().isKafkaClientBase64DecodingEnabled());
 
-  private final Base64Decoder base64;
+  private final Base64.Decoder base64;
 
   public TextMapExtractAdapter(boolean base64DecodeHeaders) {
-    this.base64 = base64DecodeHeaders ? new Base64Decoder() : null;
+    this.base64 = base64DecodeHeaders ? Base64.getDecoder() : null;
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapInjectAdapter.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapInjectAdapter.java
index 65fb6f927ab..02a627715de 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapInjectAdapter.java
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TextMapInjectAdapter.java
@@ -7,8 +7,7 @@
 import java.nio.charset.StandardCharsets;
 import org.apache.kafka.common.header.Headers;
 
-public class TextMapInjectAdapter
-    implements AgentPropagation.Setter<Headers>, AgentPropagation.BinarySetter<Headers> {
+public class TextMapInjectAdapter implements AgentPropagation.BinarySetter<Headers> {
 
   public static final TextMapInjectAdapter SETTER = new TextMapInjectAdapter();
 
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TracingIterator.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TracingIterator.java
index dd317d1d8f4..7e14f23d69d 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TracingIterator.java
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/TracingIterator.java
@@ -13,6 +13,7 @@
 import static datadog.trace.instrumentation.kafka_clients.KafkaDecorator.KAFKA_DELIVER;
 import static datadog.trace.instrumentation.kafka_clients.KafkaDecorator.TIME_IN_QUEUE_ENABLED;
 import static datadog.trace.instrumentation.kafka_clients.TextMapExtractAdapter.GETTER;
+import static datadog.trace.instrumentation.kafka_clients.Utils.computePayloadSizeBytes;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 
 import datadog.trace.api.Config;
@@ -90,7 +91,9 @@ protected void startNewRecordSpan(ConsumerRecord<?, ?> val) {
           sortedTags.put(TOPIC_TAG, val.topic());
           sortedTags.put(TYPE_TAG, "kafka");
 
-          AgentTracer.get().setDataStreamCheckpoint(span, sortedTags, val.timestamp());
+          AgentTracer.get()
+              .getDataStreamsMonitoring()
+              .setCheckpoint(span, sortedTags, val.timestamp(), computePayloadSizeBytes(val));
         } else {
           span = startSpan(operationName, null);
         }
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/Utils.java b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/Utils.java
new file mode 100644
index 00000000000..5a1fdc86e50
--- /dev/null
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/main/java/datadog/trace/instrumentation/kafka_clients/Utils.java
@@ -0,0 +1,21 @@
+package datadog.trace.instrumentation.kafka_clients;
+
+import java.nio.charset.StandardCharsets;
+import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.apache.kafka.common.header.Header;
+import org.apache.kafka.common.header.Headers;
+
+public final class Utils {
+  private Utils() {} // prevent instanciation
+
+  // this method is used in kafka-clients and kafka-streams instrumentations
+  public static long computePayloadSizeBytes(ConsumerRecord<?, ?> val) {
+    long headersSize = 0;
+    Headers headers = val.headers();
+    if (headers != null)
+      for (Header h : headers) {
+        headersSize += h.value().length + h.key().getBytes(StandardCharsets.UTF_8).length;
+      }
+    return headersSize + val.serializedKeySize() + val.serializedValueSize();
+  }
+}
diff --git a/dd-java-agent/instrumentation/kafka-clients-0.11/src/test/groovy/KafkaClientTestBase.groovy b/dd-java-agent/instrumentation/kafka-clients-0.11/src/test/groovy/KafkaClientTestBase.groovy
index 1908e2b6ab6..5ae495b71a5 100644
--- a/dd-java-agent/instrumentation/kafka-clients-0.11/src/test/groovy/KafkaClientTestBase.groovy
+++ b/dd-java-agent/instrumentation/kafka-clients-0.11/src/test/groovy/KafkaClientTestBase.groovy
@@ -50,7 +50,6 @@ abstract class KafkaClientTestBase extends VersionedNamingTestBase {
     super.configurePreAgent()
 
     injectSysConfig("dd.kafka.e2e.duration.enabled", "true")
-    injectSysConfig("dd.data.streams.enabled", "true")
   }
 
   public static final LinkedHashMap<String, String> PRODUCER_PATHWAY_EDGE_TAGS
@@ -1109,7 +1108,6 @@ class KafkaClientDataStreamsDisabledForkedTest extends KafkaClientTestBase {
     super.configurePreAgent()
     injectSysConfig("dd.service", "KafkaClientDataStreamsDisabledForkedTest")
     injectSysConfig("dd.kafka.legacy.tracing.enabled", "true")
-    injectSysConfig("dd.data.streams.enabled", "false")
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamTaskInstrumentation.java b/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamTaskInstrumentation.java
index cc039857d1b..871b3fdc240 100644
--- a/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamTaskInstrumentation.java
+++ b/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamTaskInstrumentation.java
@@ -9,6 +9,7 @@
 import static datadog.trace.core.datastreams.TagsProcessor.GROUP_TAG;
 import static datadog.trace.core.datastreams.TagsProcessor.TOPIC_TAG;
 import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
+import static datadog.trace.instrumentation.kafka_clients.Utils.computePayloadSizeBytes;
 import static datadog.trace.instrumentation.kafka_streams.KafkaStreamsDecorator.BROKER_DECORATE;
 import static datadog.trace.instrumentation.kafka_streams.KafkaStreamsDecorator.CONSUMER_DECORATE;
 import static datadog.trace.instrumentation.kafka_streams.KafkaStreamsDecorator.KAFKA_CONSUME;
@@ -36,6 +37,7 @@
 import java.util.Map;
 import net.bytebuddy.asm.Advice;
 import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.apache.kafka.clients.producer.RecordMetadata;
 import org.apache.kafka.streams.StreamsConfig;
 import org.apache.kafka.streams.processor.internals.ProcessorNode;
 import org.apache.kafka.streams.processor.internals.ProcessorRecordContext;
@@ -59,6 +61,7 @@ public String instrumentedType() {
   public String[] helperClassNames() {
     return new String[] {
       "datadog.trace.instrumentation.kafka_clients.TracingIterableDelegator",
+      "datadog.trace.instrumentation.kafka_clients.Utils",
       packageName + ".KafkaStreamsDecorator",
       packageName + ".ProcessorRecordContextVisitor",
       packageName + ".StampedRecordContextVisitor",
@@ -242,7 +245,10 @@ public static void start(
         }
         sortedTags.put(TOPIC_TAG, record.topic());
         sortedTags.put(TYPE_TAG, "kafka");
-        AgentTracer.get().setDataStreamCheckpoint(span, sortedTags, record.timestamp);
+        AgentTracer.get()
+            .getDataStreamsMonitoring()
+            .setCheckpoint(
+                span, sortedTags, record.timestamp, computePayloadSizeBytes(record.value));
       } else {
         span = startSpan(KAFKA_CONSUME, null);
       }
@@ -305,7 +311,18 @@ public static void start(
         }
         sortedTags.put(TOPIC_TAG, record.topic());
         sortedTags.put(TYPE_TAG, "kafka");
-        AgentTracer.get().setDataStreamCheckpoint(span, sortedTags, record.timestamp());
+
+        long payloadSize = 0;
+        // we have to go through Object to get the RecordMetadata here because the class of `record`
+        // only implements it after 2.7 (and this class is only used if v >= 2.7)
+        if ((Object) record instanceof RecordMetadata) { // should always be true
+          RecordMetadata metadata = (RecordMetadata) (Object) record;
+          payloadSize = metadata.serializedKeySize() + metadata.serializedValueSize();
+        }
+
+        AgentTracer.get()
+            .getDataStreamsMonitoring()
+            .setCheckpoint(span, sortedTags, record.timestamp(), payloadSize);
       } else {
         span = startSpan(KAFKA_CONSUME, null);
       }
diff --git a/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamsDecorator.java b/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamsDecorator.java
index 7b1486fa829..bbef573f7b5 100644
--- a/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamsDecorator.java
+++ b/dd-java-agent/instrumentation/kafka-streams-0.11/src/main/java/datadog/trace/instrumentation/kafka_streams/KafkaStreamsDecorator.java
@@ -40,12 +40,14 @@ public class KafkaStreamsDecorator extends MessagingClientDecorator {
       DDCaches.newFixedSizeCache(32);
   private static final Functions.Prefix PREFIX = new Functions.Prefix("Consume Topic ");
 
-  private static final String LOCAL_SERVICE_NAME =
-      KAFKA_LEGACY_TRACING ? "kafka" : Config.get().getServiceName();
-
   public static final KafkaStreamsDecorator CONSUMER_DECORATE =
       new KafkaStreamsDecorator(
-          Tags.SPAN_KIND_CONSUMER, InternalSpanTypes.MESSAGE_CONSUMER, LOCAL_SERVICE_NAME);
+          Tags.SPAN_KIND_CONSUMER,
+          InternalSpanTypes.MESSAGE_CONSUMER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService(KAFKA, KAFKA_LEGACY_TRACING));
 
   public static final KafkaStreamsDecorator BROKER_DECORATE =
       new KafkaStreamsDecorator(
diff --git a/dd-java-agent/instrumentation/karate/build.gradle b/dd-java-agent/instrumentation/karate/build.gradle
new file mode 100644
index 00000000000..a641986cac2
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/build.gradle
@@ -0,0 +1,68 @@
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = 'com.intuit.karate'
+    module = 'karate-core'
+    versions = '[1.0.0,1.4.0)'
+  }
+  // Karate 1.4.0+ is compiled with Java 11
+  pass {
+    group = 'com.intuit.karate'
+    module = 'karate-core'
+    versions = '[1.4.0,)'
+    javaVersion = 11
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'com.intuit.karate', name: 'karate-core', version: '1.0.0'
+
+  testImplementation testFixtures(project(':dd-java-agent:agent-ci-visibility'))
+  testImplementation group: 'org.junit.platform', name: 'junit-platform-launcher', version: '1.8.2'
+  testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.2'
+
+  testImplementation (group: 'com.intuit.karate', name: 'karate-core', version: '1.0.0') {
+    // excluding logback to avoid conflicts with deps.testLogging
+    exclude group: 'ch.qos.logback', module: 'logback-classic'
+  }
+  testImplementation (group: 'com.intuit.karate', name: 'karate-junit5', version: '1.0.0') {
+    // excluding logback to avoid conflicts with deps.testLogging
+    exclude group: 'ch.qos.logback', module: 'logback-classic'
+  }
+
+  latestDepTestImplementation (group: 'com.intuit.karate', name: 'karate-core', version: '+') {
+    // excluding logback to avoid conflicts with deps.testLogging
+    exclude group: 'ch.qos.logback', module: 'logback-classic'
+  }
+  latestDepTestImplementation (group: 'com.intuit.karate', name: 'karate-junit5', version: '+') {
+    // excluding logback to avoid conflicts with deps.testLogging
+    exclude group: 'ch.qos.logback', module: 'logback-classic'
+  }
+}
+
+// Using recommended Karate project layout where Karate feature files sit in same /test/java folders as their java counterparts
+sourceSets {
+  test {
+    resources {
+      srcDir file('src/test/java')
+      exclude '**/*.java'
+    }
+  }
+  latestDepTest {
+    resources {
+      srcDir file('src/test/java')
+      exclude '**/*.java'
+    }
+  }
+}
+
+configurations.matching({ it.name.startsWith('latestDepTest') }).each({
+  it.resolutionStrategy {
+    // Karate 1.4.0+ is compiled with Java 11
+    force group: 'com.intuit.karate', name: 'karate-core', version: (JavaVersion.current().java11Compatible ? '+' : '1.3.1')
+    force group: 'com.intuit.karate', name: 'karate-junit5', version: (JavaVersion.current().java11Compatible ? '+' : '1.3.1')
+  }
+})
diff --git a/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateInstrumentation.java b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateInstrumentation.java
new file mode 100644
index 00000000000..2be047bac09
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateInstrumentation.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.karate;
+
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+
+import com.google.auto.service.AutoService;
+import com.intuit.karate.Runner;
+import com.intuit.karate.RuntimeHook;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class KarateInstrumentation extends Instrumenter.CiVisibility
+    implements Instrumenter.ForSingleType {
+
+  public KarateInstrumentation() {
+    super("ci-visibility", "karate");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.intuit.karate.Runner$Builder";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".TestEventsHandlerHolder",
+      packageName + ".KarateUtils",
+      packageName + ".KarateTracingHook"
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor(), KarateInstrumentation.class.getName() + "$KarateAdvice");
+  }
+
+  public static class KarateAdvice {
+    @Advice.OnMethodExit
+    public static void onRunnerBuilderConstructorExit(
+        @Advice.This Runner.Builder<?> runnerBuilder) {
+      runnerBuilder.hook(new KarateTracingHook());
+    }
+
+    // Karate 1.0.0 and above
+    public static void muzzleCheck(RuntimeHook runtimeHook) {
+      runtimeHook.beforeSuite(null);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateTracingHook.java b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateTracingHook.java
new file mode 100644
index 00000000000..d5ceb88c976
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateTracingHook.java
@@ -0,0 +1,158 @@
+package datadog.trace.instrumentation.karate;
+
+import com.intuit.karate.FileUtils;
+import com.intuit.karate.RuntimeHook;
+import com.intuit.karate.Suite;
+import com.intuit.karate.core.Feature;
+import com.intuit.karate.core.FeatureResult;
+import com.intuit.karate.core.FeatureRuntime;
+import com.intuit.karate.core.Scenario;
+import com.intuit.karate.core.ScenarioResult;
+import com.intuit.karate.core.ScenarioRuntime;
+import com.intuit.karate.core.Step;
+import com.intuit.karate.core.StepResult;
+import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import datadog.trace.api.civisibility.config.SkippableTest;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import java.util.Collection;
+
+// FIXME nikita: do not trace Karate tests in JUnit 4 / JUnit 5 instrumentations
+public class KarateTracingHook implements RuntimeHook {
+
+  private static final String FRAMEWORK_NAME = "karate";
+  private static final String FRAMEWORK_VERSION = FileUtils.KARATE_VERSION;
+
+  @Override
+  public boolean beforeFeature(FeatureRuntime fr) {
+    Feature feature = KarateUtils.getFeature(fr);
+    Suite suite = fr.suite;
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
+        feature.getNameForReport(),
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        null,
+        KarateUtils.getCategories(feature.getTags()),
+        suite.parallel);
+    return true;
+  }
+
+  @Override
+  public void afterFeature(FeatureRuntime fr) {
+    String featureName = KarateUtils.getFeature(fr).getNameForReport();
+    FeatureResult result = fr.result;
+    if (result.isFailed()) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFailure(
+          featureName, null, result.getErrorMessagesCombined());
+    } else if (result.isEmpty()) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteSkip(featureName, null, null);
+    }
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteFinish(featureName, null);
+  }
+
+  @Override
+  public boolean beforeScenario(ScenarioRuntime sr) {
+    Scenario scenario = sr.scenario;
+    Feature feature = scenario.getFeature();
+
+    String featureName = feature.getNameForReport();
+    String scenarioName = KarateUtils.getScenarioName(scenario);
+    String parameters = KarateUtils.getParameters(scenario);
+    Collection<String> categories = scenario.getTagsEffective().getTagKeys();
+
+    if (Config.get().isCiVisibilityItrEnabled()
+        && !categories.contains(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)) {
+      SkippableTest skippableTest = new SkippableTest(featureName, scenarioName, parameters, null);
+      if (TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(skippableTest)) {
+        TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestIgnore(
+            featureName,
+            scenarioName,
+            scenario.getRefId(),
+            FRAMEWORK_NAME,
+            FRAMEWORK_VERSION,
+            parameters,
+            categories,
+            null,
+            null,
+            null,
+            InstrumentationBridge.ITR_SKIP_REASON);
+        return false;
+      }
+    }
+
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestStart(
+        featureName,
+        scenarioName,
+        scenario.getRefId(),
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
+        parameters,
+        categories,
+        null,
+        null,
+        null);
+    return true;
+  }
+
+  @Override
+  public void afterScenario(ScenarioRuntime sr) {
+    Scenario scenario = sr.scenario;
+    Feature feature = scenario.getFeature();
+
+    String featureName = feature.getNameForReport();
+    String scenarioName = KarateUtils.getScenarioName(scenario);
+
+    ScenarioResult result = sr.result;
+    if (result.isFailed()) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFailure(
+          featureName,
+          null,
+          scenarioName,
+          scenario.getRefId(),
+          KarateUtils.getParameters(scenario),
+          result.getError());
+    } else if (result.getStepResults().isEmpty()) {
+      TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSkip(
+          featureName,
+          null,
+          scenarioName,
+          scenario.getRefId(),
+          KarateUtils.getParameters(scenario),
+          null);
+    }
+    TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestFinish(
+        featureName, null, scenarioName, scenario.getRefId(), KarateUtils.getParameters(scenario));
+  }
+
+  @Override
+  public boolean beforeStep(Step step, ScenarioRuntime sr) {
+    AgentSpan span = AgentTracer.startSpan("karate", "karate.step");
+    AgentScope scope = AgentTracer.activateSpan(span);
+    String stepName = step.getPrefix() + " " + step.getText();
+    span.setResourceName(stepName);
+    span.setTag(Tags.COMPONENT, "karate");
+    span.setTag("step.name", stepName);
+    span.setTag("step.startLine", step.getLine());
+    span.setTag("step.endLine", step.getEndLine());
+    span.setTag("step.docString", step.getDocString());
+    return true;
+  }
+
+  @Override
+  public void afterStep(StepResult result, ScenarioRuntime sr) {
+    AgentSpan span = AgentTracer.activeSpan();
+    if (span == null) {
+      return;
+    }
+
+    AgentScope scope = AgentTracer.activeScope();
+    if (scope != null) {
+      scope.close();
+    }
+
+    span.finish();
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateUtils.java b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateUtils.java
new file mode 100644
index 00000000000..a1590404ba1
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/KarateUtils.java
@@ -0,0 +1,65 @@
+package datadog.trace.instrumentation.karate;
+
+import com.intuit.karate.core.Feature;
+import com.intuit.karate.core.FeatureRuntime;
+import com.intuit.karate.core.Scenario;
+import com.intuit.karate.core.Tag;
+import datadog.trace.util.MethodHandles;
+import datadog.trace.util.Strings;
+import java.lang.invoke.MethodHandle;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public abstract class KarateUtils {
+
+  private KarateUtils() {}
+
+  private static final MethodHandles METHOD_HANDLES =
+      new MethodHandles(FeatureRuntime.class.getClassLoader());
+  private static final MethodHandle FEATURE_RUNTIME_FEATURE_GETTER =
+      METHOD_HANDLES.privateFieldGetter("com.intuit.karate.core.FeatureRuntime", "feature");
+  private static final MethodHandle FEATURE_RUNTIME_FEATURE_CALL_GETTER =
+      METHOD_HANDLES.privateFieldGetter("com.intuit.karate.core.FeatureRuntime", "featureCall");
+  private static final MethodHandle FEATURE_CALL_FEATURE_GETTER =
+      METHOD_HANDLES.privateFieldGetter("com.intuit.karate.core.FeatureCall", "feature");
+
+  public static Feature getFeature(FeatureRuntime featureRuntime) {
+    if (FEATURE_RUNTIME_FEATURE_CALL_GETTER != null) {
+      Object featureCall =
+          METHOD_HANDLES.invoke(FEATURE_RUNTIME_FEATURE_CALL_GETTER, featureRuntime);
+      if (featureCall != null && FEATURE_CALL_FEATURE_GETTER != null) {
+        return METHOD_HANDLES.invoke(FEATURE_CALL_FEATURE_GETTER, featureCall);
+      }
+    } else if (FEATURE_RUNTIME_FEATURE_GETTER != null) {
+      // Karate versions prior to 1.3.0
+      return METHOD_HANDLES.invoke(FEATURE_RUNTIME_FEATURE_GETTER, featureRuntime);
+    }
+    return null;
+  }
+
+  public static String getScenarioName(Scenario scenario) {
+    String scenarioName = scenario.getName();
+    if (Strings.isNotBlank(scenarioName)) {
+      return scenarioName;
+    } else {
+      return scenario.getRefId();
+    }
+  }
+
+  public static List<String> getCategories(List<Tag> tags) {
+    if (tags == null) {
+      return Collections.emptyList();
+    }
+
+    List<String> categories = new ArrayList<>(tags.size());
+    for (Tag tag : tags) {
+      categories.add(tag.getName());
+    }
+    return categories;
+  }
+
+  public static String getParameters(Scenario scenario) {
+    return scenario.getExampleData() != null ? Strings.toJson(scenario.getExampleData()) : null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/TestEventsHandlerHolder.java b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/TestEventsHandlerHolder.java
new file mode 100644
index 00000000000..b82381b1b0a
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/main/java/datadog/trace/instrumentation/karate/TestEventsHandlerHolder.java
@@ -0,0 +1,35 @@
+package datadog.trace.instrumentation.karate;
+
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import datadog.trace.api.civisibility.events.TestEventsHandler;
+import datadog.trace.util.AgentThreadFactory;
+import java.nio.file.Paths;
+
+public abstract class TestEventsHandlerHolder {
+
+  public static volatile TestEventsHandler TEST_EVENTS_HANDLER;
+
+  static {
+    start();
+    Runtime.getRuntime()
+        .addShutdownHook(
+            AgentThreadFactory.newAgentThread(
+                AgentThreadFactory.AgentThread.CI_TEST_EVENTS_SHUTDOWN_HOOK,
+                TestEventsHandlerHolder::stop,
+                false));
+  }
+
+  public static void start() {
+    TEST_EVENTS_HANDLER =
+        InstrumentationBridge.createTestEventsHandler("karate", Paths.get("").toAbsolutePath());
+  }
+
+  public static void stop() {
+    if (TEST_EVENTS_HANDLER != null) {
+      TEST_EVENTS_HANDLER.close();
+      TEST_EVENTS_HANDLER = null;
+    }
+  }
+
+  private TestEventsHandlerHolder() {}
+}
diff --git a/dd-java-agent/instrumentation/karate/src/test/groovy/KarateTest.groovy b/dd-java-agent/instrumentation/karate/src/test/groovy/KarateTest.groovy
new file mode 100644
index 00000000000..9b50d3a501d
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/groovy/KarateTest.groovy
@@ -0,0 +1,308 @@
+import com.intuit.karate.FileUtils
+import com.intuit.karate.KarateException
+import datadog.trace.agent.test.asserts.ListWriterAssert
+import datadog.trace.agent.test.asserts.TraceAssert
+import datadog.trace.api.DDTags
+import datadog.trace.api.DisableTestTrace
+import datadog.trace.api.civisibility.CIConstants
+import datadog.trace.api.civisibility.config.SkippableTest
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.civisibility.CiVisibilityTest
+import datadog.trace.instrumentation.karate.TestEventsHandlerHolder
+import org.example.TestFailedKarate
+import org.example.TestParameterizedKarate
+import org.example.TestSucceedKarate
+import org.example.TestUnskippableKarate
+import org.junit.jupiter.api.Assumptions
+import org.junit.jupiter.engine.JupiterTestEngine
+import org.junit.platform.engine.DiscoverySelector
+import org.junit.platform.launcher.core.LauncherConfig
+import org.junit.platform.launcher.core.LauncherDiscoveryRequestBuilder
+import org.junit.platform.launcher.core.LauncherFactory
+
+import static org.junit.platform.engine.discovery.DiscoverySelectors.selectClass
+
+@DisableTestTrace(reason = "avoid self-tracing")
+class KarateTest extends CiVisibilityTest {
+
+  def "test success generates spans"() {
+    setup:
+    runTests(TestSucceedKarate)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "[org/example/test_succeed] test succeed", CIConstants.TEST_PASS, null, null, false, ['foo'], false)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_succeed] test succeed", "first scenario", null, CIConstants.TEST_PASS, null, null, false, ['bar', 'foo'], false, false)
+        karateStepSpan(it, 0, testId, "* print 'first'", 6, 6)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_succeed] test succeed", "second scenario", null, CIConstants.TEST_PASS, null, null, false, ['foo'], false, false)
+        karateStepSpan(it, 0, testId, "* print 'second'", 9, 9)
+      }
+    })
+  }
+
+  def "test parameterized generates spans"() {
+    setup:
+    runTests(TestParameterizedKarate)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_START, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "[org/example/test_parameterized] test parameterized", CIConstants.TEST_PASS, null, null, false, null, false)
+      }
+      trace(4, true) {
+        long testId = testSpan(it, 3, testSessionId, testModuleId, testSuiteId, "[org/example/test_parameterized] test parameterized", "first scenario as an outline", null, CIConstants.TEST_PASS, testTags_0, null, false, null, false, false)
+        karateStepSpan(it, 0, testId, "Given def p = 'a'", 6, 6)
+        karateStepSpan(it, 2, testId, "When def response = p + p", 7, 7)
+        karateStepSpan(it, 1, testId, "Then match response == value", 8, 8)
+      }
+      trace(4, true) {
+        long testId = testSpan(it, 3, testSessionId, testModuleId, testSuiteId, "[org/example/test_parameterized] test parameterized", "first scenario as an outline", null, CIConstants.TEST_PASS, testTags_1, null, false, null, false, false)
+        karateStepSpan(it, 0, testId, "Given def p = 'b'", 6, 6)
+        karateStepSpan(it, 2, testId, "When def response = p + p", 7, 7)
+        karateStepSpan(it, 1, testId, "Then match response == value", 8, 8)
+      }
+    })
+
+    where:
+    testTags_0 = [(Tags.TEST_PARAMETERS): '{"param":"\\\'a\\\'","value":"aa"}']
+    testTags_1 = [(Tags.TEST_PARAMETERS): '{"param":"\\\'b\\\'","value":"bb"}']
+  }
+
+  def "test failed generates spans"() {
+    setup:
+    runTests(TestFailedKarate)
+
+    expect:
+    def exception = new KarateException("did not evaluate to 'true': false\nclasspath:org/example/test_failed.feature:7")
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_FAIL)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_FAIL)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "[org/example/test_failed] test failed", CIConstants.TEST_FAIL, null, exception, false, null, false)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_failed] test failed", "first scenario", null, CIConstants.TEST_PASS, null, null, false, null, false, false)
+        karateStepSpan(it, 0, testId, "* print 'first'", 4, 4)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_failed] test failed", "second scenario", null, CIConstants.TEST_FAIL, null, exception, false, null, false, false)
+        karateStepSpan(it, 0, testId, "* assert false", 7, 7)
+      }
+    })
+  }
+
+  def "test ITR skipping"() {
+    setup:
+    Assumptions.assumeTrue(isSkippingSupported(FileUtils.KARATE_VERSION), "Current Karate version $FileUtils.KARATE_VERSION does not support testSkipping")
+
+    givenSkippableTests([
+      new SkippableTest("[org/example/test_succeed] test succeed", "first scenario", null, null),
+    ])
+    runTests(TestSucceedKarate)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_START, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (DDTags.CI_ITR_TESTS_SKIPPED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 1,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "[org/example/test_succeed] test succeed", CIConstants.TEST_PASS, null, null, false, ['foo'], false)
+      }
+      trace(1, true) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "[org/example/test_succeed] test succeed", "first scenario", null, CIConstants.TEST_SKIP, testTags, null, false, ['bar', 'foo'], false, false)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_succeed] test succeed", "second scenario", null, CIConstants.TEST_PASS, null, null, false, ['foo'], false, false)
+        karateStepSpan(it, 0, testId, "* print 'second'", 9, 9)
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_SKIP_REASON): "Skipped by Datadog Intelligent Test Runner", (Tags.TEST_SKIPPED_BY_ITR): true ]
+  }
+
+  def "test parameterized ITR skipping"() {
+    setup:
+    Assumptions.assumeTrue(isSkippingSupported(FileUtils.KARATE_VERSION), "Current Karate version $FileUtils.KARATE_VERSION does not support testSkipping")
+
+    givenSkippableTests([
+      new SkippableTest("[org/example/test_parameterized] test parameterized", "first scenario as an outline", '{"param":"\\\'a\\\'","value":"aa"}', null),
+    ])
+
+    runTests(TestParameterizedKarate)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_START, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (DDTags.CI_ITR_TESTS_SKIPPED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 1,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "[org/example/test_parameterized] test parameterized", CIConstants.TEST_PASS, null, null, false, null, false)
+      }
+      trace(1, true) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "[org/example/test_parameterized] test parameterized", "first scenario as an outline", null, CIConstants.TEST_SKIP, testTags_0, null, false, null, false, false)
+      }
+      trace(4, true) {
+        long testId = testSpan(it, 3, testSessionId, testModuleId, testSuiteId, "[org/example/test_parameterized] test parameterized", "first scenario as an outline", null, CIConstants.TEST_PASS, testTags_1, null, false, null, false, false)
+        karateStepSpan(it, 0, testId, "Given def p = 'b'", 6, 6)
+        karateStepSpan(it, 2, testId, "When def response = p + p", 7, 7)
+        karateStepSpan(it, 1, testId, "Then match response == value", 8, 8)
+      }
+    })
+
+    where:
+    testTags_0 = [
+      (Tags.TEST_PARAMETERS): '{"param":"\\\'a\\\'","value":"aa"}',
+      (Tags.TEST_SKIP_REASON): "Skipped by Datadog Intelligent Test Runner",
+      (Tags.TEST_SKIPPED_BY_ITR): true
+    ]
+    testTags_1 = [(Tags.TEST_PARAMETERS): '{"param":"\\\'b\\\'","value":"bb"}']
+  }
+
+  def "test ITR unskippable"() {
+    setup:
+    Assumptions.assumeTrue(isSkippingSupported(FileUtils.KARATE_VERSION), "Current Karate version $FileUtils.KARATE_VERSION does not support testSkipping")
+
+    givenSkippableTests([
+      new SkippableTest("[org/example/test_unskippable] test unskippable", "first scenario", null, null),
+    ])
+    runTests(TestUnskippableKarate)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 3, false, SORT_TRACES_BY_START, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "[org/example/test_unskippable] test unskippable", CIConstants.TEST_PASS, null, null, false, ['foo'], false)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_unskippable] test unskippable", "first scenario", null, CIConstants.TEST_PASS, testTags, null, false, ['bar', 'datadog_itr_unskippable', 'foo'], false, false)
+        karateStepSpan(it, 0, testId, "* print 'first'", 7, 7)
+      }
+      trace(2, true) {
+        long testId = testSpan(it, 1, testSessionId, testModuleId, testSuiteId, "[org/example/test_unskippable] test unskippable", "second scenario", null, CIConstants.TEST_PASS, null, null, false, ['foo'], false, false)
+        karateStepSpan(it, 0, testId, "* print 'second'", 10, 10)
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  private static void karateStepSpan(TraceAssert trace,
+    int index,
+    long testId,
+    String stepName,
+    int startLine,
+    int endLine,
+    String docString = null) {
+    trace.span(index, {
+      parentSpanId(BigInteger.valueOf(testId))
+      operationName "karate.step"
+      resourceName stepName
+      tags {
+        "$Tags.COMPONENT" "karate"
+        "step.name" stepName
+        "step.startLine" startLine
+        "step.endLine" endLine
+
+        if (docString != null) {
+          "step.docString" docString
+        }
+
+        "$Tags.ENV" String
+        "$DDTags.LIBRARY_VERSION_TAG_KEY" String
+
+        defaultTags()
+      }
+    })
+  }
+
+  private void runTests(Class<?>... tests) {
+    TestEventsHandlerHolder.start()
+
+    DiscoverySelector[] selectors = new DiscoverySelector[tests.length]
+    for (i in 0..<tests.length) {
+      selectors[i] = selectClass(tests[i])
+    }
+
+    def launcherReq = LauncherDiscoveryRequestBuilder.request()
+      .selectors(selectors)
+      .build()
+
+    def launcherConfig = LauncherConfig
+      .builder()
+      .enableTestEngineAutoRegistration(false)
+      .addTestEngines(new JupiterTestEngine())
+      .build()
+
+    def launcher = LauncherFactory.create(launcherConfig)
+    launcher.execute(launcherReq)
+
+    TestEventsHandlerHolder.stop()
+  }
+
+  @Override
+  String expectedOperationPrefix() {
+    return "karate"
+  }
+
+  @Override
+  String expectedTestFramework() {
+    return "karate"
+  }
+
+  @Override
+  String expectedTestFrameworkVersion() {
+    return FileUtils.KARATE_VERSION
+  }
+
+  @Override
+  String component() {
+    return "karate"
+  }
+
+  boolean isSkippingSupported(String frameworkVersion) {
+    // earlier Karate version contain a bug that does not allow skipping scenarios
+    frameworkVersion >= "1.2.0"
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestFailedKarate.java b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestFailedKarate.java
new file mode 100644
index 00000000000..06ae4bb6ddb
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestFailedKarate.java
@@ -0,0 +1,11 @@
+package org.example;
+
+import com.intuit.karate.junit5.Karate;
+
+public class TestFailedKarate {
+
+  @Karate.Test
+  public Karate testFailed() {
+    return Karate.run("classpath:org/example/test_failed.feature");
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestParameterizedKarate.java b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestParameterizedKarate.java
new file mode 100644
index 00000000000..7f2fb53dccc
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestParameterizedKarate.java
@@ -0,0 +1,11 @@
+package org.example;
+
+import com.intuit.karate.junit5.Karate;
+
+public class TestParameterizedKarate {
+
+  @Karate.Test
+  public Karate testSucceed() {
+    return Karate.run("classpath:org/example/test_parameterized.feature");
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestSucceedKarate.java b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestSucceedKarate.java
new file mode 100644
index 00000000000..33003ddccf4
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestSucceedKarate.java
@@ -0,0 +1,11 @@
+package org.example;
+
+import com.intuit.karate.junit5.Karate;
+
+public class TestSucceedKarate {
+
+  @Karate.Test
+  public Karate testSucceed() {
+    return Karate.run("classpath:org/example/test_succeed.feature");
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestUnskippableKarate.java b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestUnskippableKarate.java
new file mode 100644
index 00000000000..9b33ccc4027
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/TestUnskippableKarate.java
@@ -0,0 +1,11 @@
+package org.example;
+
+import com.intuit.karate.junit5.Karate;
+
+public class TestUnskippableKarate {
+
+  @Karate.Test
+  public Karate testSucceed() {
+    return Karate.run("classpath:org/example/test_unskippable.feature");
+  }
+}
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_failed.feature b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_failed.feature
new file mode 100644
index 00000000000..534144ae715
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_failed.feature
@@ -0,0 +1,7 @@
+Feature: test failed
+
+  Scenario: first scenario
+    * print 'first'
+
+  Scenario: second scenario
+    * assert false
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_parameterized.feature b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_parameterized.feature
new file mode 100644
index 00000000000..62beb7ae198
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_parameterized.feature
@@ -0,0 +1,13 @@
+Feature: test parameterized
+
+  Scenario Outline: first scenario as an outline
+  (to prevent a particular bug from re-appearing)
+
+    Given def p = <param>
+    When def response = p + p
+    Then match response == value
+
+    Examples:
+      | param | value |
+      | 'a'   | aa    |
+      | 'b'   | bb    |
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_succeed.feature b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_succeed.feature
new file mode 100644
index 00000000000..a82428ed0c6
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_succeed.feature
@@ -0,0 +1,9 @@
+@foo
+Feature: test succeed
+
+  @bar
+  Scenario: first scenario
+    * print 'first'
+
+  Scenario: second scenario
+    * print 'second'
diff --git a/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_unskippable.feature b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_unskippable.feature
new file mode 100644
index 00000000000..25142d2a161
--- /dev/null
+++ b/dd-java-agent/instrumentation/karate/src/test/java/org/example/test_unskippable.feature
@@ -0,0 +1,10 @@
+@foo
+Feature: test unskippable
+
+  @bar
+  @datadog_itr_unskippable
+  Scenario: first scenario
+    * print 'first'
+
+  Scenario: second scenario
+    * print 'second'
diff --git a/dd-java-agent/instrumentation/lettuce-4/src/main/java/datadog/trace/instrumentation/lettuce4/LettuceClientDecorator.java b/dd-java-agent/instrumentation/lettuce-4/src/main/java/datadog/trace/instrumentation/lettuce4/LettuceClientDecorator.java
index 33b19d29d6e..31b8c2e67e2 100644
--- a/dd-java-agent/instrumentation/lettuce-4/src/main/java/datadog/trace/instrumentation/lettuce4/LettuceClientDecorator.java
+++ b/dd-java-agent/instrumentation/lettuce-4/src/main/java/datadog/trace/instrumentation/lettuce4/LettuceClientDecorator.java
@@ -4,7 +4,6 @@
 
 import com.lambdaworks.redis.RedisURI;
 import com.lambdaworks.redis.protocol.RedisCommand;
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -18,7 +17,7 @@ public class LettuceClientDecorator extends DBTypeProcessingDatabaseClientDecora
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation("redis"));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), "redis");
+      SpanNaming.instance().namingSchema().cache().service("redis");
   public static final LettuceClientDecorator DECORATE = new LettuceClientDecorator();
 
   @Override
diff --git a/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/AsyncCommandInstrumentation.java b/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/AsyncCommandInstrumentation.java
new file mode 100644
index 00000000000..0c38757df13
--- /dev/null
+++ b/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/AsyncCommandInstrumentation.java
@@ -0,0 +1,93 @@
+package datadog.trace.instrumentation.lettuce5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.capture;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.endTaskScope;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.startTaskScope;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import io.lettuce.core.protocol.AsyncCommand;
+import java.util.Collections;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * Instrumentation attaches the active span to an {@code io.lettuce.core.protocol.AsyncCommand} so
+ * the span can propagate with it into the {@code io.lettuce.core.protocol.CommandHandler} event
+ * loop.
+ */
+@AutoService(Instrumenter.class)
+public class AsyncCommandInstrumentation extends Instrumenter.Profiling
+    implements Instrumenter.ForSingleType {
+  public AsyncCommandInstrumentation() {
+    super("lettuce", "lettuce-5", "lettuce-5-async");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.lettuce.core.protocol.AsyncCommand";
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap("io.lettuce.core.protocol.AsyncCommand", State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(
+                takesArguments(1)
+                    .and(takesArgument(0, named("io.lettuce.core.protocol.RedisCommand")))),
+        getClass().getName() + "$Capture");
+    transformation.applyAdvice(
+        isMethod().and(namedOneOf("complete", "completeExceptionally", "onComplete", "encode")),
+        getClass().getName() + "$Activate");
+    transformation.applyAdvice(
+        isMethod().and(named("cancel")).and(takesArguments(boolean.class)),
+        getClass().getName() + "$Cancel");
+  }
+
+  public static final class Capture {
+
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodExit
+    public static void after(@Advice.This AsyncCommand asyncCommand) {
+      capture(InstrumentationContext.get(AsyncCommand.class, State.class), asyncCommand, false);
+    }
+  }
+
+  public static final class Activate {
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.This AsyncCommand asyncCommand) {
+      return startTaskScope(
+          InstrumentationContext.get(AsyncCommand.class, State.class), asyncCommand);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Enter AgentScope scope) {
+      endTaskScope(scope);
+    }
+  }
+
+  public static final class Cancel {
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodEnter
+    public static void before(@Advice.This AsyncCommand asyncCommand) {
+      AdviceUtils.cancelTask(
+          InstrumentationContext.get(AsyncCommand.class, State.class), asyncCommand);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/CommandHandlerInstrumentation.java b/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/CommandHandlerInstrumentation.java
new file mode 100644
index 00000000000..d366c1e2b27
--- /dev/null
+++ b/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/CommandHandlerInstrumentation.java
@@ -0,0 +1,70 @@
+package datadog.trace.instrumentation.lettuce5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.endTaskScope;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.startTaskScope;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import io.lettuce.core.protocol.AsyncCommand;
+import io.lettuce.core.protocol.RedisCommand;
+import java.util.Collections;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * This instrumentation activates the span associated with {@code
+ * io.lettuce.core.protocol.AsyncCommand} during decoding.
+ */
+@AutoService(Instrumenter.class)
+public class CommandHandlerInstrumentation extends Instrumenter.Profiling
+    implements Instrumenter.ForSingleType {
+
+  public CommandHandlerInstrumentation() {
+    super("lettuce", "lettuce-5", "lettuce-5-async");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.lettuce.core.protocol.CommandHandler";
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap("io.lettuce.core.protocol.AsyncCommand", State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("decode"))
+            .and(takesArgument(0, named("io.netty.channel.ChannelHandlerContext")))
+            .and(takesArgument(1, named("io.netty.buffer.ByteBuf")))
+            .and(takesArgument(2, named("io.lettuce.core.protocol.RedisCommand"))),
+        getClass().getName() + "$Decode");
+  }
+
+  public static class Decode {
+    @SuppressWarnings("rawtypes")
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.Argument(2) RedisCommand command) {
+      // if it's something we're tracing, it will always be an AsyncCommand
+      if (command instanceof AsyncCommand) {
+        return startTaskScope(
+            InstrumentationContext.get(AsyncCommand.class, State.class), (AsyncCommand) command);
+      }
+      return null;
+    }
+
+    @Advice.OnMethodExit
+    public static void after(@Advice.Enter AgentScope scope) {
+      endTaskScope(scope);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/LettuceClientDecorator.java b/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/LettuceClientDecorator.java
index 35bd69b1318..a8442a1f320 100644
--- a/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/LettuceClientDecorator.java
+++ b/dd-java-agent/instrumentation/lettuce-5/src/main/java/datadog/trace/instrumentation/lettuce5/LettuceClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.lettuce5;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -15,7 +14,7 @@ public class LettuceClientDecorator extends DBTypeProcessingDatabaseClientDecora
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation("redis"));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), "redis");
+      SpanNaming.instance().namingSchema().cache().service("redis");
 
   @Override
   protected String[] instrumentationNames() {
diff --git a/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5AsyncClientTest.groovy b/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5AsyncClientTest.groovy
index 8466437aa99..2dee22fb408 100644
--- a/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5AsyncClientTest.groovy
+++ b/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5AsyncClientTest.groovy
@@ -620,3 +620,29 @@ class Lettuce5SyncClientV1ForkedTest extends Lettuce5AsyncClientTest {
     return "redis.command"
   }
 }
+
+
+class Lettuce5AsyncProfilingForkedTest extends Lettuce5AsyncClientTest {
+
+  @Override
+  protected void configurePreAgent() {
+
+    super.configurePreAgent()
+    injectSysConfig('dd.profiling.enabled', 'true')
+  }
+
+  @Override
+  int version() {
+    return 2
+  }
+
+  @Override
+  String service() {
+    return "redis"
+  }
+
+  @Override
+  String operation() {
+    return "redis.query"
+  }
+}
diff --git a/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5ReactiveClientTest.groovy b/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5ReactiveClientTest.groovy
index ef11307905f..67043e11513 100644
--- a/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5ReactiveClientTest.groovy
+++ b/dd-java-agent/instrumentation/lettuce-5/src/test/groovy/Lettuce5ReactiveClientTest.groovy
@@ -663,3 +663,28 @@ class Lettuce5ReactiveClientV1ForkedTest extends Lettuce5ReactiveClientTest {
   }
 }
 
+class Lettuce5ReactiveClientProfilingForkedTest extends Lettuce5ReactiveClientTest {
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig('dd.profiling.enabled', 'true')
+  }
+
+  @Override
+  int version() {
+    return 2
+  }
+
+  @Override
+  String service() {
+    return "redis"
+  }
+
+  @Override
+  String operation() {
+    return "redis.query"
+  }
+}
+
+
diff --git a/dd-java-agent/instrumentation/liberty-20/build.gradle b/dd-java-agent/instrumentation/liberty-20/build.gradle
index 4bae260d18d..dae138dd0d7 100644
--- a/dd-java-agent/instrumentation/liberty-20/build.gradle
+++ b/dd-java-agent/instrumentation/liberty-20/build.gradle
@@ -34,7 +34,7 @@ dependencies {
   testRuntimeOnly files({ tasks.filterLogbackClassic.filteredLogbackDir })
   testRuntimeOnly project(':dd-java-agent:instrumentation:servlet:request-3')
 
-  webappCompileOnly group: 'javax.servlet', name: 'javax.servlet-api', version: '3.0.1'
+  webappCompileOnly group: 'javax.servlet', name: 'javax.servlet-api', version: '3.1.0'
   // compileOnly to avoid bringing all the test dependencies to the test app
   // these are to be provided by the system classloader on test time
   webappCompileOnly project(':dd-java-agent:instrumentation:servlet:request-3')
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ArrayOfTypeMatcher.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ArrayOfTypeMatcher.java
new file mode 100644
index 00000000000..2c605f711ff
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ArrayOfTypeMatcher.java
@@ -0,0 +1,26 @@
+package datadog.trace.instrumentation.liberty20;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+
+import datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers;
+import net.bytebuddy.description.NamedElement;
+import net.bytebuddy.description.type.TypeDefinition;
+import net.bytebuddy.matcher.ElementMatcher;
+
+public class ArrayOfTypeMatcher<T extends TypeDefinition>
+    extends ElementMatcher.Junction.ForNonNullValues<T> {
+  private final NameMatchers.Named<NamedElement> componentMatcher;
+
+  public ArrayOfTypeMatcher(String typeName) {
+    this.componentMatcher = named(typeName);
+  }
+
+  protected boolean doMatch(T target) {
+    return target.isArray() && componentMatcher.matches(target.getComponentType());
+  }
+
+  @Override
+  public String toString() {
+    return "isArrayOfType(" + componentMatcher + ")";
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/HttpInboundServiceContextImplInstrumentation.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/HttpInboundServiceContextImplInstrumentation.java
new file mode 100644
index 00000000000..8f3353f75de
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/HttpInboundServiceContextImplInstrumentation.java
@@ -0,0 +1,96 @@
+package datadog.trace.instrumentation.liberty20;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.http.channel.internal.inbound.HttpInboundServiceContextImpl;
+import com.ibm.wsspi.bytebuffer.WsByteBuffer;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.util.Collections;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class HttpInboundServiceContextImplInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public static final String REQUEST_MSG_TYPE =
+      "com.ibm.ws.http.channel.internal.HttpRequestMessageImpl";
+
+  public HttpInboundServiceContextImplInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap(
+        REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(namedOneOf("sendResponseBody", "finishResponseMessage"))
+            .and(takesArguments(1))
+            .and(takesArgument(0, new ArrayOfTypeMatcher("com.ibm.wsspi.bytebuffer.WsByteBuffer")))
+            .and(returns(void.class)),
+        HttpInboundServiceContextImplInstrumentation.class.getName() + "$SyncAdviceBuffer");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.http.channel.internal.inbound.HttpInboundServiceContextImpl";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".LibertyBlockingHelper",
+      packageName + ".LibertyBlockingHelper$WsByteBufferImpl",
+    };
+  }
+
+  /**
+   * @see HttpInboundServiceContextImpl#sendResponseBody(WsByteBuffer[])
+   * @see HttpInboundServiceContextImpl#finishResponseMessage(WsByteBuffer[])
+   */
+  static class SyncAdviceBuffer {
+    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+    static BlockingException /* skip */ before(
+        @Advice.This HttpInboundServiceContextImpl thiz,
+        @Advice.Argument(0) WsByteBuffer[] buffers) {
+      final int callDepth =
+          CallDepthThreadLocalMap.incrementCallDepth(HttpInboundServiceContextImpl.class);
+      if (callDepth > 0) {
+        return null;
+      }
+      ContextStore store =
+          InstrumentationContext.get(
+              REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+      Object o = store.get(thiz.getRequest());
+      if (o == null) {
+        return null;
+      }
+      return LibertyBlockingHelper.syncBufferEnter(thiz, buffers, (AgentSpan) o);
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Enter BlockingException blockingException,
+        @Advice.Thrown(readOnly = false) Throwable thrown) {
+      CallDepthThreadLocalMap.decrementCallDepth(HttpInboundServiceContextImpl.class);
+      if (blockingException != null) {
+        thrown = blockingException;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyBlockingHelper.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyBlockingHelper.java
new file mode 100644
index 00000000000..8ebaf920b40
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyBlockingHelper.java
@@ -0,0 +1,487 @@
+package datadog.trace.instrumentation.liberty20;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import com.ibm.ws.http.channel.internal.inbound.HttpInboundServiceContextImpl;
+import com.ibm.wsspi.bytebuffer.WsByteBuffer;
+import com.ibm.wsspi.genericbnf.HeaderField;
+import com.ibm.wsspi.http.channel.HttpResponseMessage;
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.function.TriConsumer;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.util.Map;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LibertyBlockingHelper {
+  private static final Logger log = LoggerFactory.getLogger(LibertyBlockingHelper.class);
+  private static final WsByteBuffer[] EMPTY_BUFFER_ARRAY = new WsByteBuffer[0];
+
+  public static BlockingException syncBufferEnter(
+      HttpInboundServiceContextImpl thiz, WsByteBuffer[] buffers, AgentSpan span) {
+    if (thiz.isMessageSent() || thiz.headersSent()) {
+      return null;
+    }
+
+    if (span == null) {
+      span = activeSpan();
+    }
+    if (span == null) {
+      return null;
+    }
+    RequestContext requestContext = span.getRequestContext();
+    if (requestContext == null) {
+      return null;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    if (cbp == null) {
+      return null;
+    }
+
+    HttpResponseMessage response = thiz.getResponse();
+
+    BiFunction<RequestContext, Integer, Flow<Void>> respStartedCallback =
+        cbp.getCallback(EVENTS.responseStarted());
+    if (respStartedCallback != null) {
+      respStartedCallback.apply(requestContext, response.getStatusCodeAsInt());
+    }
+    TriConsumer<RequestContext, String, String> headerCallback =
+        cbp.getCallback(EVENTS.responseHeader());
+    Function<RequestContext, Flow<Void>> headersDoneCallback =
+        cbp.getCallback(EVENTS.responseHeaderDone());
+    if (headerCallback == null || headersDoneCallback == null) {
+      return null;
+    }
+    for (HeaderField hf : response.getAllHeaders()) {
+      headerCallback.accept(requestContext, hf.getName(), hf.asString());
+    }
+    Flow<Void> flow = headersDoneCallback.apply(requestContext);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      return null;
+    }
+
+    // block
+    response.clear();
+
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    response.setStatusCode(rba.getStatusCode());
+    for (Map.Entry<String, String> e : rba.getExtraHeaders().entrySet()) {
+      response.setHeader(e.getKey(), e.getValue());
+    }
+
+    BlockingContentType bct = rba.getBlockingContentType();
+    final WsByteBuffer[] bufferArray;
+    if (bct != BlockingContentType.NONE) {
+      BlockingActionHelper.TemplateType type =
+          BlockingActionHelper.determineTemplateType(
+              bct, thiz.getRequest().getHeader("Accept").asString());
+      byte[] template = BlockingActionHelper.getTemplate(type);
+      response.setHeader("Content-length", Integer.toString(template.length));
+      response.setHeader("Content-type", BlockingActionHelper.getContentType(type));
+      WsByteBufferImpl buffer = new WsByteBufferImpl(ByteBuffer.wrap(template));
+      bufferArray = new WsByteBuffer[] {buffer};
+    } else {
+      bufferArray = EMPTY_BUFFER_ARRAY;
+    }
+
+    BlockingException be = new BlockingException("Blocked response (syncBufferEnter)");
+    try {
+      thiz.reinit(thiz.getTSC()); // parsingComplete()
+      thiz.finishResponseMessage(bufferArray);
+    } catch (Exception e) {
+      log.warn("Error committing blocking response", e);
+    }
+
+    requestContext.getTraceSegment().effectivelyBlocked();
+
+    span.addThrowable(be);
+    span.setTag(Tags.HTTP_STATUS, rba.getStatusCode());
+
+    return be;
+  }
+
+  static class WsByteBufferImpl implements WsByteBuffer {
+    final ByteBuffer bb;
+
+    WsByteBufferImpl(ByteBuffer bb) {
+      this.bb = bb;
+    }
+
+    @Override
+    public boolean setBufferAction(int i) {
+      return false;
+    }
+
+    @Override
+    public byte[] array() {
+      return this.bb.array();
+    }
+
+    @Override
+    public int arrayOffset() {
+      return this.bb.arrayOffset();
+    }
+
+    @Override
+    public WsByteBuffer compact() {
+      this.bb.compact();
+      return this;
+    }
+
+    @Override
+    public int compareTo(Object o) {
+      ByteBuffer other = ((WsByteBuffer) o).getWrappedByteBufferNonSafe();
+      return this.bb.compareTo(other);
+    }
+
+    @Override
+    public char getChar() {
+      return this.bb.getChar();
+    }
+
+    @Override
+    public char getChar(int i) {
+      return this.bb.getChar(i);
+    }
+
+    @Override
+    public WsByteBuffer putChar(char c) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putChar(int i, char c) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putChar(char[] chars) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putChar(char[] chars, int i, int i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public double getDouble() {
+      return this.bb.getDouble();
+    }
+
+    @Override
+    public double getDouble(int i) {
+      return this.bb.getDouble(i);
+    }
+
+    @Override
+    public WsByteBuffer putDouble(double v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putDouble(int i, double v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public float getFloat() {
+      return this.bb.getFloat();
+    }
+
+    @Override
+    public float getFloat(int i) {
+      return this.bb.getFloat(i);
+    }
+
+    @Override
+    public WsByteBuffer putFloat(float v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putFloat(int i, float v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public int getInt() {
+      return this.bb.get();
+    }
+
+    @Override
+    public int getInt(int i) {
+      return this.bb.getInt(i);
+    }
+
+    @Override
+    public WsByteBuffer putInt(int i) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putInt(int i, int i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public long getLong() {
+      return this.bb.getLong();
+    }
+
+    @Override
+    public long getLong(int i) {
+      return this.bb.getLong(i);
+    }
+
+    @Override
+    public WsByteBuffer putLong(long l) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putLong(int i, long l) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public short getShort() {
+      return this.bb.getShort();
+    }
+
+    @Override
+    public short getShort(int i) {
+      return this.bb.getShort(i);
+    }
+
+    @Override
+    public WsByteBuffer putShort(short i) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putShort(int i, short i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putString(String s) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public boolean hasArray() {
+      return true;
+    }
+
+    @Override
+    public ByteOrder order() {
+      return this.bb.order();
+    }
+
+    @Override
+    public WsByteBuffer order(ByteOrder byteOrder) {
+      this.bb.order(byteOrder);
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer clear() {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public int capacity() {
+      return this.bb.capacity();
+    }
+
+    @Override
+    public WsByteBuffer flip() {
+      this.bb.flip();
+      return this;
+    }
+
+    @Override
+    public byte get() {
+      return this.bb.get();
+    }
+
+    @Override
+    public int position() {
+      return this.bb.position();
+    }
+
+    @Override
+    public WsByteBuffer position(int i) {
+      this.bb.position(i);
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer limit(int i) {
+      this.bb.limit(i);
+      return this;
+    }
+
+    @Override
+    public int limit() {
+      return this.bb.limit();
+    }
+
+    @Override
+    public int remaining() {
+      return this.bb.remaining();
+    }
+
+    @Override
+    public WsByteBuffer mark() {
+      this.bb.mark();
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer reset() {
+      this.bb.reset();
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer rewind() {
+      this.bb.rewind();
+      return this;
+    }
+
+    @Override
+    public boolean isReadOnly() {
+      return true;
+    }
+
+    @Override
+    public boolean hasRemaining() {
+      return this.bb.hasRemaining();
+    }
+
+    @Override
+    public WsByteBuffer duplicate() {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer slice() {
+      return new WsByteBufferImpl(this.bb.slice());
+    }
+
+    @Override
+    public WsByteBuffer get(byte[] bytes) {
+      this.bb.get(bytes);
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer get(byte[] bytes, int i, int i1) {
+      this.bb.get(bytes, i, i1);
+      return this;
+    }
+
+    @Override
+    public byte get(int i) {
+      return this.bb.get(i);
+    }
+
+    @Override
+    public boolean isDirect() {
+      return this.bb.isDirect();
+    }
+
+    @Override
+    public WsByteBuffer put(byte b) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(byte[] bytes) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(byte[] bytes, int i, int i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(int i, byte b) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(ByteBuffer byteBuffer) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(WsByteBuffer wsByteBuffer) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(WsByteBuffer[] wsByteBuffers) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public ByteBuffer getWrappedByteBuffer() {
+      return this.bb;
+    }
+
+    @Override
+    public ByteBuffer getWrappedByteBufferNonSafe() {
+      return this.bb;
+    }
+
+    @Override
+    public void setReadOnly(boolean b) {}
+
+    @Override
+    public boolean getReadOnly() {
+      return true;
+    }
+
+    @Override
+    public void removeFromLeakDetection() {}
+
+    @Override
+    public void release() {}
+
+    @Override
+    public int getType() {
+      return 0;
+    }
+
+    private int status = 1;
+
+    @Override
+    public int getStatus() {
+      return this.status;
+    }
+
+    @Override
+    public void setStatus(int i) {
+      this.status = i;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyDecorator.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyDecorator.java
index 9b015aac62d..e3c92dcc1d3 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyDecorator.java
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyDecorator.java
@@ -11,8 +11,10 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
@@ -86,6 +88,18 @@ protected int status(final HttpServletResponse response) {
     return response.getStatus();
   }
 
+  @Override
+  public AgentSpan onResponseStatus(AgentSpan span, int status) {
+    Integer currentStatus = (Integer) span.getTag(Tags.HTTP_STATUS);
+    // do not set status if the tag is already there and it's an error span
+    // we may have the status during response blocking, but in that case
+    // the status code is not propagated to the servlet layer
+    if (currentStatus == null || !span.isError()) {
+      span.setHttpStatusCode(status);
+    }
+    return span;
+  }
+
   public AgentSpan getPath(AgentSpan span, HttpServletRequest request) {
     if (request != null) {
       String contextPath = request.getContextPath();
@@ -104,6 +118,11 @@ public AgentSpan getPath(AgentSpan span, HttpServletRequest request) {
     return span;
   }
 
+  @Override
+  protected boolean isAppSecOnResponseSeparate() {
+    return true;
+  }
+
   public AgentSpan onResponse(AgentSpan span, SRTServletResponse response) {
     HttpServletRequest req = response.getRequest();
 
@@ -113,7 +132,8 @@ public AgentSpan onResponse(AgentSpan span, SRTServletResponse response) {
     super.onResponse(span, response);
 
     Object ex = req.getAttribute("javax.servlet.error.exception");
-    Object report = req.getAttribute("ErrorReport");
+    Object report;
+    Object errorMessage;
     Throwable throwable = null;
     if (ex instanceof Throwable) {
       throwable = (Throwable) ex;
@@ -121,12 +141,13 @@ public AgentSpan onResponse(AgentSpan span, SRTServletResponse response) {
         throwable = ((ServletException) throwable).getRootCause();
       }
       onError(span, throwable);
-    }
-
-    // overwrite the HTTP status codes, and if a custom error report is provided by liberty server
-    if (report instanceof WebAppErrorReport) {
+    } else if ((report = req.getAttribute("ErrorReport")) instanceof WebAppErrorReport) {
+      // overwrite the HTTP status codes, and if a custom error report is provided by liberty server
       WebAppErrorReport errReport = (WebAppErrorReport) report;
       onError(span, errReport, throwable);
+    } else if ((errorMessage = req.getAttribute("javax.servlet.error.message")) instanceof String) {
+      span.setError(true);
+      span.setTag(DDTags.ERROR_MSG, (String) errorMessage);
     }
     return span;
   }
@@ -152,7 +173,10 @@ public LibertyBlockResponseFunction(HttpServletRequest request) {
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType bct, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType bct,
+        Map<String, String> extraHeaders) {
       if (!(request instanceof SRTServletRequest)) {
         log.warn("Can't block; request not of type SRTServletRequest");
         return false;
@@ -163,7 +187,7 @@ public boolean tryCommitBlockingResponse(
         return false;
       }
       ServletBlockingHelper.commitBlockingResponse(
-          request, (HttpServletResponse) response, statusCode, bct, extraHeaders);
+          segment, request, (HttpServletResponse) response, statusCode, bct, extraHeaders);
 
       return true;
     }
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyServerInstrumentation.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyServerInstrumentation.java
index af8d33d3c46..58e33af4f1a 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyServerInstrumentation.java
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyServerInstrumentation.java
@@ -2,6 +2,7 @@
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.liberty20.HttpInboundServiceContextImplInstrumentation.REQUEST_MSG_TYPE;
 import static datadog.trace.instrumentation.liberty20.LibertyDecorator.DD_EXTRACTED_CONTEXT_ATTRIBUTE;
 import static datadog.trace.instrumentation.liberty20.LibertyDecorator.DD_SPAN_ATTRIBUTE;
 import static datadog.trace.instrumentation.liberty20.LibertyDecorator.DECORATE;
@@ -15,11 +16,16 @@
 import datadog.trace.api.CorrelationIdentifier;
 import datadog.trace.api.GlobalTracer;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.bootstrap.ActiveSubsystems;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.instrumentation.servlet.ServletBlockingHelper;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.util.Collections;
 import java.util.EnumSet;
+import java.util.Map;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import net.bytebuddy.asm.Advice;
@@ -47,9 +53,16 @@ public String[] helperClassNames() {
       packageName + ".LibertyDecorator$LibertyBlockResponseFunction",
       packageName + ".RequestURIDataAdapter",
       "datadog.trace.instrumentation.servlet.ServletBlockingHelper",
+      packageName + ".RequestMessageFromServletRequestHelper",
     };
   }
 
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap(
+        REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+  }
+
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
@@ -98,9 +111,19 @@ public static class HandleRequestAdvice {
       request.setAttribute(CorrelationIdentifier.getTraceIdKey(), GlobalTracer.get().getTraceId());
       request.setAttribute(CorrelationIdentifier.getSpanIdKey(), GlobalTracer.get().getSpanId());
 
+      if (ActiveSubsystems.APPSEC_ACTIVE) {
+        ContextStore store =
+            InstrumentationContext.get(
+                REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+        // Provide the span to lower layers
+        // The span is associated with the c.i.w.http.channel.internal.HttpRequestMessageImpl object
+        store.put(RequestMessageFromServletRequestHelper.getHttpRequestMessage(request), span);
+      }
+
       Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
       if (rba != null) {
-        ServletBlockingHelper.commitBlockingResponse(request, (SRTServletResponse) resp, rba);
+        ServletBlockingHelper.commitBlockingResponse(
+            span.getRequestContext().getTraceSegment(), request, (SRTServletResponse) resp, rba);
         // prevent caching of the handler
         req.setAttribute(
             "javax.servlet.error.status_code", ((SRTServletResponse) resp).getStatusCode());
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParseParametersInstrumentation.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParseParametersInstrumentation.java
index 7dc93a201df..929058c1ef6 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParseParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParseParametersInstrumentation.java
@@ -111,7 +111,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for SRTServletRequest/parseParameters)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParsePostDataInstrumentation.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParsePostDataInstrumentation.java
index b8908fdb7dc..07dbf7230bf 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParsePostDataInstrumentation.java
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ParsePostDataInstrumentation.java
@@ -74,7 +74,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for SRTServletRequest/parsePostData)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/RequestMessageFromServletRequestHelper.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/RequestMessageFromServletRequestHelper.java
new file mode 100644
index 00000000000..fb5bd70780e
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/RequestMessageFromServletRequestHelper.java
@@ -0,0 +1,42 @@
+package datadog.trace.instrumentation.liberty20;
+
+import com.ibm.websphere.servlet.request.IRequest;
+import com.ibm.websphere.servlet.request.extended.IRequestExtended;
+import com.ibm.ws.webcontainer.srt.SRTServletRequest;
+import com.ibm.wsspi.http.HttpRequest;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.reflect.Field;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class RequestMessageFromServletRequestHelper {
+  private static final ConcurrentHashMap<Class<?>, MethodHandle> FIELD_CACHE =
+      new ConcurrentHashMap<>();
+
+  public static Object getHttpRequestMessage(SRTServletRequest request) {
+    IRequest iRequest = request.getIRequest();
+    if (iRequest instanceof IRequestExtended) {
+      HttpRequest transportRequest =
+          ((IRequestExtended) iRequest).getHttpInboundConnection().getRequest();
+      try {
+        MethodHandle messageGetter =
+            FIELD_CACHE.computeIfAbsent(
+                transportRequest.getClass(),
+                clazz -> {
+                  Field messageField;
+                  try {
+                    messageField = clazz.getDeclaredField("message");
+                    messageField.setAccessible(true);
+                    return MethodHandles.lookup().unreflectGetter(messageField);
+                  } catch (NoSuchFieldException | IllegalAccessException e) {
+                    throw new RuntimeException(e);
+                  }
+                });
+        return messageGetter.invoke(transportRequest);
+      } catch (Throwable e) {
+        throw new RuntimeException(e);
+      }
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ResponseFinishInstrumentation.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ResponseFinishInstrumentation.java
index e5f7698eac7..19ee9a44028 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ResponseFinishInstrumentation.java
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ResponseFinishInstrumentation.java
@@ -3,16 +3,26 @@
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static datadog.trace.instrumentation.liberty20.LibertyDecorator.DD_SPAN_ATTRIBUTE;
 import static datadog.trace.instrumentation.liberty20.LibertyDecorator.DECORATE;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
 
 import com.google.auto.service.AutoService;
 import com.ibm.ws.webcontainer.srt.SRTServletResponse;
+import com.ibm.wsspi.webcontainer.WebContainerRequestState;
 import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import net.bytebuddy.asm.Advice;
 
+/**
+ * XXX: {@link SRTServletResponse#finish()} is not appropriate method to look at the response
+ * headers. By this time, the headers may have been cleared already. They are cleared when the
+ * output is closed. There are other problems with this instrumentation. See the comments and NPEs
+ * being caught. In short, the method runs too late. Maybe intercept {@link
+ * SRTServletResponse#closeResponseOutput()} instead?
+ */
 @AutoService(Instrumenter.class)
 public class ResponseFinishInstrumentation extends Instrumenter.Tracing
     implements Instrumenter.ForSingleType {
@@ -43,6 +53,27 @@ public void adviceTransformations(AdviceTransformation transformation) {
     transformation.applyAdvice(
         named("finish").and(takesNoArguments()),
         ResponseFinishInstrumentation.class.getName() + "$ResponseFinishAdvice");
+    transformation.applyAdvice(
+        named("closeResponseOutput").and(takesArguments(1)).and(takesArgument(0, boolean.class)),
+        ResponseFinishInstrumentation.class.getName() + "$SetCompletedAdvice");
+  }
+
+  /**
+   * Older versions have the inserted code conditioned on <code>
+   * reqState.getCurrentThreadsIExtendedRequest() == this.getRequest()</code>, though not in all
+   * code paths (for instance, not when getOutputStream() was called instead of getWriter). This
+   * inconsistency, together with the fact that newer versions don't have this condition anymore,
+   * suggests it is a bug. Without this inserted advice, async requests are not completed when
+   * blocking async requests.
+   */
+  static class SetCompletedAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Argument(0) boolean releaseChannel) {
+      WebContainerRequestState reqState = WebContainerRequestState.getInstance(true);
+      if (releaseChannel && !reqState.isCompleted()) {
+        reqState.setCompleted(true);
+      }
+    }
   }
 
   @SuppressFBWarnings("DCN_NULLPOINTER_EXCEPTION")
diff --git a/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/WebAppHandleExceptionInstrumentation.java b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/WebAppHandleExceptionInstrumentation.java
new file mode 100644
index 00000000000..e8582a8edeb
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/WebAppHandleExceptionInstrumentation.java
@@ -0,0 +1,56 @@
+package datadog.trace.instrumentation.liberty20;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.webcontainer.webapp.WebAppErrorReport;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * Instrumentation to prevent the server from trying to send an error response by handling a
+ * BlockingException (the response should've been committed already). Also avoids logging the
+ * exception at SEVERE level.
+ */
+@AutoService(Instrumenter.class)
+public class WebAppHandleExceptionInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public WebAppHandleExceptionInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.webcontainer.webapp.WebApp";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(named("handleException"))
+            .and(takesArguments(4))
+            .and(takesArgument(0, Throwable.class))
+            .and(returns(void.class)),
+        WebAppHandleExceptionInstrumentation.class.getName() + "$HandleExceptionAdvice");
+  }
+
+  static class HandleExceptionAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+    static boolean /* skip */ before(@Advice.Argument(0) Throwable throwable_) {
+      Throwable throwable = throwable_;
+      if (throwable instanceof WebAppErrorReport) {
+        throwable = throwable.getCause();
+      }
+      if (throwable instanceof BlockingException) {
+        return throwable.getMessage().startsWith("Blocked response");
+      }
+      return false;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Server.groovy b/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Server.groovy
index 20f817abb1f..44015b0349a 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Server.groovy
+++ b/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Server.groovy
@@ -12,10 +12,15 @@ class Liberty20Server implements HttpServer {
   File serverXmlFile = new File(System.getProperty('server.xml'))
   long serverXmlLastModified
   byte[] origServerXml
+  final String prefix
 
   def port
   Server server
 
+  Liberty20Server(String prefix = '') {
+    this.prefix = prefix
+  }
+
   @Override
   void start() {
     findRandomPort()
@@ -56,7 +61,7 @@ class Liberty20Server implements HttpServer {
 
   @Override
   URI address() {
-    new URI("http://localhost:$port/testapp/")
+    new URI("http://localhost:$port/testapp/${this.prefix}")
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Test.groovy b/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Test.groovy
index 2e976e2b788..6daf1cf5cc7 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Test.groovy
+++ b/dd-java-agent/instrumentation/liberty-20/src/test/groovy/datadog/trace/instrumentation/liberty20/Liberty20Test.groovy
@@ -1,11 +1,21 @@
 package datadog.trace.instrumentation.liberty20
 
 import com.ibm.wsspi.kernel.embeddable.Server
+import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+import datadog.trace.api.config.GeneralConfig
+import datadog.trace.api.env.CapturedEnvironment
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.DDSpan
 import spock.lang.IgnoreIf
 
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.TIMEOUT_ERROR
+import static org.junit.Assume.assumeTrue
+
 abstract class Liberty20Test extends HttpServerTest<Server> {
 
   @Override
@@ -13,6 +23,10 @@ abstract class Liberty20Test extends HttpServerTest<Server> {
     new Liberty20Server()
   }
 
+  protected String getPathPrefix() {
+    ''
+  }
+
   @Override
   String expectedServiceName() {
     'testapp'
@@ -23,6 +37,11 @@ abstract class Liberty20Test extends HttpServerTest<Server> {
     super.expectedServiceName()
   }
 
+  boolean expectedErrored(ServerEndpoint endpoint) {
+    // our test makes openliberty generate a FileNotFoundException
+    endpoint == ServerEndpoint.NOT_FOUND ? true : super.expectedErrored(endpoint)
+  }
+
   @Override
   Map<String, Serializable> expectedExtraServerTags(ServerEndpoint endpoint) {
     def res = ['servlet.context': '/testapp']
@@ -31,11 +50,23 @@ abstract class Liberty20Test extends HttpServerTest<Server> {
       res['error.type'] = 'java.io.FileNotFoundException'
       res['error.stack'] = ~/java\.io\.FileNotFoundException: SRVE0190E: File not found: \/not-found.*/
     } else {
-      res['servlet.path'] = endpoint.path
+      res['servlet.path'] = "${pathPrefix}${endpoint.path}"
     }
     res
   }
 
+  @Override
+  Map<String, Serializable> expectedExtraErrorInformation(ServerEndpoint endpoint) {
+    // sendError produces an error span (as expected by the test)
+    if (endpoint == ServerEndpoint.ERROR) {
+      [
+        "error.message": 'controller error' // not "controller exception", as super indicates
+      ]
+    } else {
+      super.expectedExtraErrorInformation(endpoint)
+    }
+  }
+
   @Override
   String component() {
     'liberty-server'
@@ -46,6 +77,11 @@ abstract class Liberty20Test extends HttpServerTest<Server> {
     component()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
@@ -61,6 +97,11 @@ abstract class Liberty20Test extends HttpServerTest<Server> {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   @Override
   boolean testRequestBody() {
     true
@@ -81,8 +122,89 @@ abstract class Liberty20Test extends HttpServerTest<Server> {
     true
   }
 
-  boolean expectedErrored(ServerEndpoint endpoint) {
-    endpoint == ServerEndpoint.NOT_FOUND ? true : super.expectedErrored(endpoint)
+  @Override
+  String expectedResourceName(ServerEndpoint endpoint, String method, URI address) {
+    if (endpoint.path == '/not-found') {
+      'GET /testapp/not-found'
+    } else {
+      super.expectedResourceName(endpoint, method, address)
+    }
+  }
+
+  def 'test blocking on response with commit during the response'() {
+    setup:
+    assumeTrue(testBlockingOnResponse())
+
+    def request = request(SUCCESS, 'GET', null)
+      .header(IG_BLOCK_RESPONSE_HEADER, 'json')
+      .header('x-commit-during-response', 'true')
+      .build()
+
+    when:
+    def response = client.newCall(request).execute()
+
+    then:
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+    }
+    response.code() == 413
+    response.header('Content-type') =~ /(?i)\Aapplication\/json(?:;\s?charset=utf-8)?\z/
+    response.body().charStream().text.contains('"title":"You\'ve been blocked"')
+    TEST_WRITER.waitForTraces(1)
+
+    then:
+    TEST_WRITER.flatten().find { DDSpan it ->
+      it.tags['http.status_code'] == 413 &&
+        it.tags['appsec.blocked'] == 'true'
+    } != null
+  }
+}
+
+// make it forked because there are instrumentation errors when we shutdown and
+// restart the server on the same JVM
+class Liberty20AsyncForkedTest extends Liberty20Test implements TestingGenericHttpNamingConventions.ServerV0 {
+  @Override
+  HttpServer server() {
+    new Liberty20Server('async/')
+  }
+
+  @Override
+  protected String getPathPrefix() {
+    '/async'
+  }
+
+  @Override
+  boolean hasHandlerSpan() {
+    true
+  }
+
+  @Override
+  boolean testNotFound() {
+    false // only has 1 span; test expects the handler span there too
+  }
+
+  @Override
+  boolean testResponseHeadersMapping() {
+    false
+  }
+
+  void handlerSpan(TraceAssert trace, ServerEndpoint endpoint) {
+    trace.span {
+      serviceName CapturedEnvironment.get().getProperties().get(GeneralConfig.SERVICE_NAME)
+      operationName "servlet.dispatch"
+      resourceName 'servlet.dispatch'
+      errored(endpoint.throwsException || endpoint == TIMEOUT_ERROR)
+      childOfPrevious()
+      tags {
+        "$Tags.COMPONENT" 'java-web-servlet-async-dispatcher'
+        if (endpoint == EXCEPTION) {
+          "error.message" 'controller exception'
+          "error.type" Exception.name
+          "error.stack" String
+        }
+        defaultTags()
+      }
+    }
   }
 }
 
diff --git a/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/AsyncServlet3.java b/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/AsyncServlet3.java
new file mode 100644
index 00000000000..606b019a014
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/AsyncServlet3.java
@@ -0,0 +1,219 @@
+package datadog.trace.instrumentation.liberty20;
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART;
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR;
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH;
+
+import datadog.trace.agent.test.base.HttpServerTest;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Enumeration;
+import javax.servlet.AsyncContext;
+import javax.servlet.AsyncEvent;
+import javax.servlet.AsyncListener;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.WriteListener;
+import javax.servlet.annotation.MultipartConfig;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+@WebServlet(
+    urlPatterns = {
+      "/async/success",
+      "/async/created",
+      "/async/created_input_stream",
+      "/async/body-urlencoded",
+      "/async/body-multipart",
+      "/async/body-json",
+      "/async/redirect",
+      "/async/forwarded",
+      "/async/error-status",
+      "/async/exception",
+      "/async/custom-exception",
+      "/async/not-here",
+      "/async/timeout",
+      "/async/timeout_error",
+      "/async/query",
+      "/async/encoded path query",
+      "/async/encoded_query",
+      "/async/user-block",
+    },
+    asyncSupported = true)
+@MultipartConfig(
+    maxFileSize = 10 * 1024 * 1024,
+    maxRequestSize = 20 * 1024 * 1024,
+    fileSizeThreshold = 5 * 1024 * 1024)
+public class AsyncServlet3 extends HttpServlet {
+  datadog.trace.instrumentation.servlet3.TestServlet3.Sync delegate;
+
+  {
+    try {
+      delegate =
+          new datadog.trace.instrumentation.servlet3.TestServlet3.Sync() {
+            @Override
+            public HttpServerTest.ServerEndpoint determineEndpoint(HttpServletRequest req) {
+              return HttpServerTest.ServerEndpoint.forPath(
+                  req.getRequestURI().substring(req.getRequestURI().lastIndexOf('/')));
+            }
+          };
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @Override
+  public void service(ServletRequest req, final ServletResponse res)
+      throws ServletException, IOException {
+    Object attribute = req.getAttribute("ddog.dispatched");
+
+    if (attribute == null) {
+      AsyncContext asyncContext = req.startAsync();
+      req.setAttribute("ddog.dispatched", 1);
+      asyncContext.dispatch();
+    } else {
+      HttpServerTest.ServerEndpoint serverEndpoint =
+          delegate.determineEndpoint((HttpServletRequest) req);
+      if (serverEndpoint == BODY_MULTIPART) {
+        // needed to trigger reading the body on openliberty
+        ((HttpServletRequest) req).getParts();
+      } else if (serverEndpoint == ERROR || serverEndpoint == QUERY_ENCODED_BOTH) {
+        delegate.service(req, res);
+        return;
+      }
+
+      ByteArrayOutputStream baos = new ByteArrayOutputStream();
+      PrintWriter writer = new PrintWriter(baos);
+      HttpServletResponseWrapper wrappedRes =
+          new HttpServletResponseWrapper((HttpServletResponse) res) {
+            @Override
+            public PrintWriter getWriter() throws IOException {
+              return writer;
+            }
+          };
+
+      delegate.service(req, wrappedRes);
+      writer.flush();
+
+      AsyncContext asyncContext = req.startAsync();
+      asyncContext.setTimeout(1000);
+      asyncContext.addListener(
+          new AsyncListener() {
+            @Override
+            public void onComplete(AsyncEvent event) throws IOException {
+              log("onComplete");
+            }
+
+            @Override
+            public void onTimeout(AsyncEvent event) throws IOException {
+              log("onTimeout");
+            }
+
+            @Override
+            public void onError(AsyncEvent event) throws IOException {
+              log("onError", event.getThrowable());
+            }
+
+            @Override
+            public void onStartAsync(AsyncEvent event) throws IOException {
+              event.getAsyncContext().addListener(this);
+            }
+          });
+
+      ServletOutputStream outputStream;
+      try {
+        outputStream = res.getOutputStream();
+      } catch (IOException e) {
+        throw new RuntimeException(e);
+      }
+
+      WriteListener listener =
+          new WriteListener() {
+            @Override
+            public void onWritePossible() throws IOException {
+              outputStream.write(baos.toByteArray());
+              asyncContext.complete();
+            }
+
+            @Override
+            public void onError(Throwable e) {
+              log("onError", e);
+              asyncContext.complete();
+            }
+          };
+
+      try {
+        Method setWriteListener =
+            ServletOutputStream.class.getMethod("setWriteListener", WriteListener.class);
+        setWriteListener.invoke(outputStream, listener);
+      } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) {
+        throw new RuntimeException(e);
+      }
+    }
+  }
+
+  @Override
+  public void destroy() {
+    delegate.destroy();
+  }
+
+  @Override
+  public String getInitParameter(String name) {
+    return delegate.getInitParameter(name);
+  }
+
+  @Override
+  public Enumeration<String> getInitParameterNames() {
+    return delegate.getInitParameterNames();
+  }
+
+  @Override
+  public ServletConfig getServletConfig() {
+    return delegate.getServletConfig();
+  }
+
+  @Override
+  public ServletContext getServletContext() {
+    return delegate.getServletContext();
+  }
+
+  @Override
+  public String getServletInfo() {
+    return delegate.getServletInfo();
+  }
+
+  @Override
+  public void init() throws ServletException {
+    delegate.init();
+  }
+
+  @Override
+  public void init(ServletConfig config) throws ServletException {
+    delegate.init(config);
+  }
+
+  @Override
+  public String getServletName() {
+    return delegate.getServletName();
+  }
+
+  @Override
+  public void log(String msg) {
+    delegate.log(msg);
+  }
+
+  @Override
+  public void log(String msg, Throwable t) {
+    delegate.log(msg, t);
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/PassthruSyncServlet3.java b/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/PassthruSyncServlet3.java
index 894b6c38e46..befa49c873b 100644
--- a/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/PassthruSyncServlet3.java
+++ b/dd-java-agent/instrumentation/liberty-20/src/webapp/java/datadog/trace/instrumentation/liberty20/PassthruSyncServlet3.java
@@ -57,7 +57,17 @@ public void service(ServletRequest req, ServletResponse res)
       // needed to trigger reading the body on openliberty
       ((HttpServletRequest) req).getParts();
     }
-    delegate.service(req, res);
+    try {
+      delegate.service(req, res);
+    } catch (Throwable t) {
+      throw t;
+    } finally {
+      if (((HttpServletRequest) req).getHeader("x-commit-during-response") != null) {
+        res.flushBuffer();
+        res.getWriter().close();
+        throw new RuntimeException("should not be reached");
+      }
+    }
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/liberty-23/build.gradle b/dd-java-agent/instrumentation/liberty-23/build.gradle
new file mode 100644
index 00000000000..2e877eeb182
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/build.gradle
@@ -0,0 +1,149 @@
+plugins {
+  id 'java-test-fixtures'
+  id 'com.github.johnrengelman.shadow'
+}
+apply from: "$rootDir/gradle/java.gradle"
+
+String relAppDir = 'openliberty-jars/wlp/usr/servers/defaultServer/dropins/war/testapp'
+sourceSets {
+  webapp {
+    java {
+      destinationDirectory.value project.layout.buildDirectory.dir("$relAppDir/WEB-INF/classes")
+    }
+    output.resourcesDir = project.layout.buildDirectory.dir("$relAppDir/")
+  }
+}
+
+configurations {
+  zipped
+  testLogging
+}
+
+evaluationDependsOn ':dd-java-agent:instrumentation:servlet:request-5'
+
+dependencies {
+  zipped group: 'io.openliberty', name: 'openliberty-runtime', version: '22.0.0.1', ext: 'zip'
+  testLogging deps.testLogging
+
+  compileOnly group: 'jakarta.servlet', name: 'jakarta.servlet-api', version: '5.0.0'
+  compileOnly files({ tasks.installOpenLibertyDeps.extractedJars })
+  testImplementation files({ tasks.installOpenLibertyDeps.extractedJars })
+
+  implementation project(':dd-java-agent:instrumentation:servlet:request-5')
+  testImplementation files({ tasks.installOpenLibertyDeps.wsServerJar })
+  testImplementation testFixtures(project(':dd-java-agent:appsec'))
+  testRuntimeOnly project(':dd-java-agent:instrumentation:osgi-4.3')
+  testRuntimeOnly files({ tasks.filterLogbackClassic.filteredLogbackDir })
+  testRuntimeOnly project(':dd-java-agent:instrumentation:servlet:request-5')
+  testRuntimeOnly files({ tasks.shadowJar.archiveFile })
+
+  webappCompileOnly group: 'jakarta.servlet', name: 'jakarta.servlet-api', version: '5.0.0'
+  // compileOnly to avoid bringing all the test dependencies to the test app
+  // these are to be provided by the system classloader on test time
+  webappCompileOnly project(':dd-java-agent:instrumentation:servlet:request-5')
+    .tasks['compileTestFixturesJava'].classpath
+  // only the testFixtures jar (not its dependencies) and groovy should be included in the webapp
+  webappImplementation files(
+    project(':dd-java-agent:instrumentation:servlet:request-5')
+    .getTasksByName('testFixturesJar', false).archiveFile
+    )
+  // use the above instead of:
+  //  webappImplementation testFixtures(project(':dd-java-agent:instrumentation:servlet:request-5'))
+  // because using testFixtures() causes some early evaluation of dependencies
+  webappRuntimeOnly deps.groovy
+}
+compileWebappJava.dependsOn ':dd-java-agent:instrumentation:servlet:request-5:testFixturesJar'
+
+configurations.testRuntimeOnly {
+  exclude group: 'ch.qos.logback', module: 'logback-classic'
+  exclude group: 'org.codehaus.groovy', module: 'groovy-servlet'
+}
+configurations.webappRuntimeClasspath {
+  exclude group: 'ch.qos.logback', module: 'logback-classic'
+}
+
+//unzips the dependencies from the 'zipped' configuration so 'compileOnly' can reference it
+tasks.register('installOpenLibertyDeps', Copy) {
+  def extractDir = "${buildDir}/openliberty-jars"
+  ext.extractedJars = fileTree(extractDir) {
+    include "wlp/lib/com.ibm.ws.webcontainer.jakarta*.jar"
+    include "wlp/lib/com.ibm.ws.transport.http*.jar"
+    include "wlp/lib/com.ibm.ws.channelfw*.jar"
+    include "wlp/lib/com.ibm.ws.wsbytebuffer*.jar"
+    include "wlp/lib/com.ibm.ws.logging*.jar"
+    //include "wlp/lib/*.jar"
+    builtBy "installOpenLibertyDeps"
+  }
+  ext.wsServerJar = fileTree("$extractDir") {
+    include "wlp/lib/com.ibm.ws.kernel.boot*.jar"
+    include "wlp/bin/tools/ws-server.jar"
+    builtBy "installOpenLibertyDeps"
+  }
+  dependsOn configurations.zipped
+  // I didn't manage to get this to work correctly using a Sync task or Sync + outputs.upToDateWhen
+  // (files are updated when not needed, causing intellij to reindex or they are deemed up to date
+  // when the extraction was not done at all).
+  ext.serverXmlFile = file("$extractDir/wlp/usr/servers/defaultServer/server.xml")
+  onlyIf {
+    !ext.serverXmlFile.exists()
+  }
+  from {
+    configurations.zipped.collect { zipTree(it) }
+  }
+  eachFile { fcd ->
+    fcd.path = fcd.path.replaceAll(/\/templates\/(servers\/defaultServer\/.+)/, '/usr/$1')
+  }
+  into extractDir
+  outputs.file ext.serverXmlFile
+}
+[test, forkedTest]*.dependsOn webappClasses, installOpenLibertyDeps
+[test, forkedTest].each {
+  it.configure {
+    jvmArgs += ["-Dserver.xml=${installOpenLibertyDeps.serverXmlFile.absoluteFile}"]
+  }
+}
+
+tasks.register('webappCopyJars', Sync) {
+  from configurations.webappRuntimeClasspath.findAll { it.name.endsWith('.jar') }
+  into project.layout.buildDirectory.dir("$relAppDir/WEB-INF/lib")
+  dependsOn ':dd-java-agent:instrumentation:servlet:request-5:testFixturesJar'
+}
+[test, forkedTest]*.dependsOn webappCopyJars
+
+tasks.register('filterLogbackClassic', Sync) {
+  ext.filteredLogbackDir = project.layout.buildDirectory.dir('filteredLogback')
+  from configurations.testLogging
+    .findAll { it.name.contains('logback-') }
+    .collect { zipTree(it) }
+  exclude 'META-INF/**'
+  into ext.filteredLogbackDir
+}
+[test, forkedTest]*.dependsOn filterLogbackClassic
+
+shadowJar {
+  configurations = [project.configurations.shadow]
+  zip64 true
+
+  archiveFileName = 'openliberty-shadow.jar'
+
+  // Exclude DataDog and other associated packages
+  exclude 'jnr/**'
+  exclude 'datadog/**'
+  exclude 'com/datadoghq/sketch/**'
+  exclude 'com/squareup/moshi/**'
+  exclude 'com/datadog/**'
+  exclude 'net/bytebuddy/**'
+  exclude 'okhttp3/**'
+  exclude 'org/slf4j/impl/**'
+  exclude 'io/micrometer/core/**'
+  // Exclude META-INF and WEB-INF directories
+  exclude 'META-INF/**'
+  exclude 'WEB-INF/**'
+
+  // Include JAR files from the 'wlp/lib' directory
+  from("${buildDir}/openliberty-jars") {
+    include "wlp/lib/*.jar"
+    include "wlp/dev/*.jar"
+  }
+}
+[test, forkedTest]*.dependsOn shadowJar
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ArrayOfTypeMatcher.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ArrayOfTypeMatcher.java
new file mode 100644
index 00000000000..f0f20f08ce9
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ArrayOfTypeMatcher.java
@@ -0,0 +1,27 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+
+import datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers;
+import net.bytebuddy.description.NamedElement;
+import net.bytebuddy.description.type.TypeDefinition;
+import net.bytebuddy.matcher.ElementMatcher;
+
+public class ArrayOfTypeMatcher<T extends TypeDefinition>
+    extends ElementMatcher.Junction.ForNonNullValues<T> {
+  private final NameMatchers.Named<NamedElement> componentMatcher;
+
+  public ArrayOfTypeMatcher(String typeName) {
+    this.componentMatcher = named(typeName);
+  }
+
+  @Override
+  protected boolean doMatch(T target) {
+    return target.isArray() && componentMatcher.matches(target.getComponentType());
+  }
+
+  @Override
+  public String toString() {
+    return "isArrayOfType(" + componentMatcher + ")";
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/HttpInboundServiceContextImplInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/HttpInboundServiceContextImplInstrumentation.java
new file mode 100644
index 00000000000..ba0bda76781
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/HttpInboundServiceContextImplInstrumentation.java
@@ -0,0 +1,96 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.http.channel.internal.inbound.HttpInboundServiceContextImpl;
+import com.ibm.wsspi.bytebuffer.WsByteBuffer;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.util.Collections;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class HttpInboundServiceContextImplInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public static final String REQUEST_MSG_TYPE =
+      "com.ibm.ws.http.channel.internal.HttpRequestMessageImpl";
+
+  public HttpInboundServiceContextImplInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap(
+        REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(namedOneOf("sendResponseBody", "finishResponseMessage"))
+            .and(takesArguments(1))
+            .and(takesArgument(0, new ArrayOfTypeMatcher("com.ibm.wsspi.bytebuffer.WsByteBuffer")))
+            .and(returns(void.class)),
+        HttpInboundServiceContextImplInstrumentation.class.getName() + "$SyncAdviceBuffer");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.http.channel.internal.inbound.HttpInboundServiceContextImpl";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".LibertyBlockingHelper",
+      packageName + ".LibertyBlockingHelper$WsByteBufferImpl",
+    };
+  }
+
+  /**
+   * @see HttpInboundServiceContextImpl#sendResponseBody(WsByteBuffer[])
+   * @see HttpInboundServiceContextImpl#finishResponseMessage(WsByteBuffer[])
+   */
+  static class SyncAdviceBuffer {
+    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+    static BlockingException /* skip */ before(
+        @Advice.This HttpInboundServiceContextImpl thiz,
+        @Advice.Argument(0) WsByteBuffer[] buffers) {
+      final int callDepth =
+          CallDepthThreadLocalMap.incrementCallDepth(HttpInboundServiceContextImpl.class);
+      if (callDepth > 0) {
+        return null;
+      }
+      ContextStore store =
+          InstrumentationContext.get(
+              REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+      Object o = store.get(thiz.getRequest());
+      if (o == null) {
+        return null;
+      }
+      return LibertyBlockingHelper.syncBufferEnter(thiz, buffers, (AgentSpan) o);
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Enter BlockingException blockingException,
+        @Advice.Thrown(readOnly = false) Throwable thrown) {
+      CallDepthThreadLocalMap.decrementCallDepth(HttpInboundServiceContextImpl.class);
+      if (blockingException != null) {
+        thrown = blockingException;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/HttpServletExtractAdapter.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/HttpServletExtractAdapter.java
new file mode 100644
index 00000000000..811b65085bc
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/HttpServletExtractAdapter.java
@@ -0,0 +1,64 @@
+package datadog.trace.instrumentation.liberty23;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.util.Collections;
+import java.util.Enumeration;
+
+public abstract class HttpServletExtractAdapter<T> implements AgentPropagation.ContextVisitor<T> {
+  abstract Enumeration<String> getHeaderNames(T t);
+
+  abstract String getHeader(T t, String name);
+
+  @Override
+  public void forEachKey(T carrier, AgentPropagation.KeyClassifier classifier) {
+    Enumeration<String> headerNames = getHeaderNames(carrier);
+    while (headerNames.hasMoreElements()) {
+      String header = headerNames.nextElement();
+      if (!classifier.accept(header, getHeader(carrier, header))) {
+        break;
+      }
+    }
+  }
+
+  public static final class Request extends HttpServletExtractAdapter<HttpServletRequest> {
+    public static final Request GETTER = new Request();
+
+    @Override
+    Enumeration<String> getHeaderNames(HttpServletRequest request) {
+      return request.getHeaderNames();
+    }
+
+    @Override
+    String getHeader(HttpServletRequest request, String name) {
+      return request.getHeader(name);
+    }
+  }
+
+  @SuppressFBWarnings("DCN_NULLPOINTER_EXCEPTION")
+  public static final class Response extends HttpServletExtractAdapter<HttpServletResponse> {
+    public static final Response GETTER = new Response();
+
+    @Override
+    Enumeration<String> getHeaderNames(HttpServletResponse response) {
+      try {
+        return Collections.enumeration(response.getHeaderNames());
+      } catch (NullPointerException e) {
+        // SRTServletResponse#getHeaderNames() will throw NPE if called after response close.
+        return Collections.emptyEnumeration();
+      }
+    }
+
+    @Override
+    String getHeader(HttpServletResponse request, String name) {
+      try {
+        return request.getHeader(name);
+      } catch (NullPointerException e) {
+        // SRTServletResponse#getHeader(name) will throw NPE if called after response close.
+        return null;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyBlockingHelper.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyBlockingHelper.java
new file mode 100644
index 00000000000..07e012e6a35
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyBlockingHelper.java
@@ -0,0 +1,487 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import com.ibm.ws.http.channel.internal.inbound.HttpInboundServiceContextImpl;
+import com.ibm.wsspi.bytebuffer.WsByteBuffer;
+import com.ibm.wsspi.genericbnf.HeaderField;
+import com.ibm.wsspi.http.channel.HttpResponseMessage;
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.function.TriConsumer;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.util.Map;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LibertyBlockingHelper {
+  private static final Logger log = LoggerFactory.getLogger(LibertyBlockingHelper.class);
+  private static final WsByteBuffer[] EMPTY_BUFFER_ARRAY = new WsByteBuffer[0];
+
+  public static BlockingException syncBufferEnter(
+      HttpInboundServiceContextImpl thiz, WsByteBuffer[] buffers, AgentSpan span) {
+    if (thiz.isMessageSent() || thiz.headersSent()) {
+      return null;
+    }
+
+    if (span == null) {
+      span = activeSpan();
+    }
+    if (span == null) {
+      return null;
+    }
+    RequestContext requestContext = span.getRequestContext();
+    if (requestContext == null) {
+      return null;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    if (cbp == null) {
+      return null;
+    }
+
+    HttpResponseMessage response = thiz.getResponse();
+
+    BiFunction<RequestContext, Integer, Flow<Void>> respStartedCallback =
+        cbp.getCallback(EVENTS.responseStarted());
+    if (respStartedCallback != null) {
+      respStartedCallback.apply(requestContext, response.getStatusCodeAsInt());
+    }
+    TriConsumer<RequestContext, String, String> headerCallback =
+        cbp.getCallback(EVENTS.responseHeader());
+    Function<RequestContext, Flow<Void>> headersDoneCallback =
+        cbp.getCallback(EVENTS.responseHeaderDone());
+    if (headerCallback == null || headersDoneCallback == null) {
+      return null;
+    }
+    for (HeaderField hf : response.getAllHeaders()) {
+      headerCallback.accept(requestContext, hf.getName(), hf.asString());
+    }
+    Flow<Void> flow = headersDoneCallback.apply(requestContext);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      return null;
+    }
+
+    // block
+    response.clear();
+
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    response.setStatusCode(rba.getStatusCode());
+    for (Map.Entry<String, String> e : rba.getExtraHeaders().entrySet()) {
+      response.setHeader(e.getKey(), e.getValue());
+    }
+
+    BlockingContentType bct = rba.getBlockingContentType();
+    final WsByteBuffer[] bufferArray;
+    if (bct != BlockingContentType.NONE) {
+      BlockingActionHelper.TemplateType type =
+          BlockingActionHelper.determineTemplateType(
+              bct, thiz.getRequest().getHeader("Accept").asString());
+      byte[] template = BlockingActionHelper.getTemplate(type);
+      response.setHeader("Content-length", Integer.toString(template.length));
+      response.setHeader("Content-type", BlockingActionHelper.getContentType(type));
+      WsByteBufferImpl buffer = new WsByteBufferImpl(ByteBuffer.wrap(template));
+      bufferArray = new WsByteBuffer[] {buffer};
+    } else {
+      bufferArray = EMPTY_BUFFER_ARRAY;
+    }
+
+    BlockingException be = new BlockingException("Blocked response (syncBufferEnter)");
+    try {
+      thiz.reinit(thiz.getTSC()); // parsingComplete()
+      thiz.finishResponseMessage(bufferArray);
+    } catch (Exception e) {
+      log.warn("Error committing blocking response", e);
+    }
+
+    requestContext.getTraceSegment().effectivelyBlocked();
+
+    span.addThrowable(be);
+    span.setTag(Tags.HTTP_STATUS, rba.getStatusCode());
+
+    return be;
+  }
+
+  static class WsByteBufferImpl implements WsByteBuffer {
+    final ByteBuffer bb;
+
+    WsByteBufferImpl(ByteBuffer bb) {
+      this.bb = bb;
+    }
+
+    @Override
+    public boolean setBufferAction(int i) {
+      return false;
+    }
+
+    @Override
+    public byte[] array() {
+      return this.bb.array();
+    }
+
+    @Override
+    public int arrayOffset() {
+      return this.bb.arrayOffset();
+    }
+
+    @Override
+    public WsByteBuffer compact() {
+      this.bb.compact();
+      return this;
+    }
+
+    @Override
+    public int compareTo(Object o) {
+      ByteBuffer other = ((WsByteBuffer) o).getWrappedByteBufferNonSafe();
+      return this.bb.compareTo(other);
+    }
+
+    @Override
+    public char getChar() {
+      return this.bb.getChar();
+    }
+
+    @Override
+    public char getChar(int i) {
+      return this.bb.getChar(i);
+    }
+
+    @Override
+    public WsByteBuffer putChar(char c) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putChar(int i, char c) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putChar(char[] chars) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putChar(char[] chars, int i, int i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public double getDouble() {
+      return this.bb.getDouble();
+    }
+
+    @Override
+    public double getDouble(int i) {
+      return this.bb.getDouble(i);
+    }
+
+    @Override
+    public WsByteBuffer putDouble(double v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putDouble(int i, double v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public float getFloat() {
+      return this.bb.getFloat();
+    }
+
+    @Override
+    public float getFloat(int i) {
+      return this.bb.getFloat(i);
+    }
+
+    @Override
+    public WsByteBuffer putFloat(float v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putFloat(int i, float v) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public int getInt() {
+      return this.bb.get();
+    }
+
+    @Override
+    public int getInt(int i) {
+      return this.bb.getInt(i);
+    }
+
+    @Override
+    public WsByteBuffer putInt(int i) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putInt(int i, int i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public long getLong() {
+      return this.bb.getLong();
+    }
+
+    @Override
+    public long getLong(int i) {
+      return this.bb.getLong(i);
+    }
+
+    @Override
+    public WsByteBuffer putLong(long l) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putLong(int i, long l) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public short getShort() {
+      return this.bb.getShort();
+    }
+
+    @Override
+    public short getShort(int i) {
+      return this.bb.getShort(i);
+    }
+
+    @Override
+    public WsByteBuffer putShort(short i) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putShort(int i, short i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer putString(String s) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public boolean hasArray() {
+      return true;
+    }
+
+    @Override
+    public ByteOrder order() {
+      return this.bb.order();
+    }
+
+    @Override
+    public WsByteBuffer order(ByteOrder byteOrder) {
+      this.bb.order(byteOrder);
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer clear() {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public int capacity() {
+      return this.bb.capacity();
+    }
+
+    @Override
+    public WsByteBuffer flip() {
+      this.bb.flip();
+      return this;
+    }
+
+    @Override
+    public byte get() {
+      return this.bb.get();
+    }
+
+    @Override
+    public int position() {
+      return this.bb.position();
+    }
+
+    @Override
+    public WsByteBuffer position(int i) {
+      this.bb.position(i);
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer limit(int i) {
+      this.bb.limit(i);
+      return this;
+    }
+
+    @Override
+    public int limit() {
+      return this.bb.limit();
+    }
+
+    @Override
+    public int remaining() {
+      return this.bb.remaining();
+    }
+
+    @Override
+    public WsByteBuffer mark() {
+      this.bb.mark();
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer reset() {
+      this.bb.reset();
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer rewind() {
+      this.bb.rewind();
+      return this;
+    }
+
+    @Override
+    public boolean isReadOnly() {
+      return true;
+    }
+
+    @Override
+    public boolean hasRemaining() {
+      return this.bb.hasRemaining();
+    }
+
+    @Override
+    public WsByteBuffer duplicate() {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer slice() {
+      return new WsByteBufferImpl(this.bb.slice());
+    }
+
+    @Override
+    public WsByteBuffer get(byte[] bytes) {
+      this.bb.get(bytes);
+      return this;
+    }
+
+    @Override
+    public WsByteBuffer get(byte[] bytes, int i, int i1) {
+      this.bb.get(bytes, i, i1);
+      return this;
+    }
+
+    @Override
+    public byte get(int i) {
+      return this.bb.get(i);
+    }
+
+    @Override
+    public boolean isDirect() {
+      return this.bb.isDirect();
+    }
+
+    @Override
+    public WsByteBuffer put(byte b) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(byte[] bytes) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(byte[] bytes, int i, int i1) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(int i, byte b) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(ByteBuffer byteBuffer) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(WsByteBuffer wsByteBuffer) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public WsByteBuffer put(WsByteBuffer[] wsByteBuffers) {
+      throw new UnsupportedOperationException("read-only");
+    }
+
+    @Override
+    public ByteBuffer getWrappedByteBuffer() {
+      return this.bb;
+    }
+
+    @Override
+    public ByteBuffer getWrappedByteBufferNonSafe() {
+      return this.bb;
+    }
+
+    @Override
+    public void setReadOnly(boolean b) {}
+
+    @Override
+    public boolean getReadOnly() {
+      return true;
+    }
+
+    @Override
+    public void removeFromLeakDetection() {}
+
+    @Override
+    public void release() {}
+
+    @Override
+    public int getType() {
+      return 0;
+    }
+
+    private int status = 1;
+
+    @Override
+    public int getStatus() {
+      return this.status;
+    }
+
+    @Override
+    public void setStatus(int i) {
+      this.status = i;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyDecorator.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyDecorator.java
new file mode 100644
index 00000000000..55a2d16000c
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyDecorator.java
@@ -0,0 +1,202 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.instrumentation.liberty23.HttpServletExtractAdapter.Request;
+import static datadog.trace.instrumentation.liberty23.HttpServletExtractAdapter.Response;
+
+import com.ibm.ws.webcontainer.srt.SRTServletRequest;
+import com.ibm.ws.webcontainer.srt.SRTServletResponse;
+import com.ibm.ws.webcontainer.webapp.WebAppErrorReport;
+import com.ibm.wsspi.webcontainer.servlet.IExtendedResponse;
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.Config;
+import datadog.trace.api.DDTags;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
+import datadog.trace.instrumentation.servlet5.JakartaServletBlockingHelper;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LibertyDecorator
+    extends HttpServerDecorator<
+        HttpServletRequest, HttpServletRequest, HttpServletResponse, HttpServletRequest> {
+
+  public static final CharSequence LIBERTY_SERVER = UTF8BytesString.create("liberty-server");
+  public static final LibertyDecorator DECORATE = new LibertyDecorator();
+  public static final CharSequence SERVLET_REQUEST =
+      UTF8BytesString.create(DECORATE.operationName());
+  public static final String DD_EXTRACTED_CONTEXT_ATTRIBUTE = "datadog.extracted-context";
+  public static final String DD_CONTEXT_PATH_ATTRIBUTE = "datadog.context.path";
+  public static final String DD_SERVLET_PATH_ATTRIBUTE = "datadog.servlet.path";
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"liberty"};
+  }
+
+  @Override
+  protected CharSequence component() {
+    return LIBERTY_SERVER;
+  }
+
+  @Override
+  protected AgentPropagation.ContextVisitor<HttpServletRequest> getter() {
+    return Request.GETTER;
+  }
+
+  @Override
+  protected AgentPropagation.ContextVisitor<HttpServletResponse> responseGetter() {
+    return Response.GETTER;
+  }
+
+  @Override
+  public CharSequence spanName() {
+    return SERVLET_REQUEST;
+  }
+
+  @Override
+  protected String method(final HttpServletRequest request) {
+    return request.getMethod();
+  }
+
+  @Override
+  protected URIDataAdapter url(final HttpServletRequest request) {
+    return new RequestURIDataAdapter(request);
+  }
+
+  @Override
+  protected String peerHostIP(final HttpServletRequest request) {
+    return request.getRemoteAddr();
+  }
+
+  @Override
+  protected int peerPort(final HttpServletRequest request) {
+    return request.getRemotePort();
+  }
+
+  @Override
+  protected int status(final HttpServletResponse response) {
+    return response.getStatus();
+  }
+
+  @Override
+  public AgentSpan onResponseStatus(AgentSpan span, int status) {
+    Integer currentStatus = (Integer) span.getTag(Tags.HTTP_STATUS);
+    // do not set status if the tag is already there and it's an error span
+    // we may have the status during response blocking, but in that case
+    // the status code is not propagated to the servlet layer
+    if (currentStatus == null || !span.isError()) {
+      span.setHttpStatusCode(status);
+    }
+    return span;
+  }
+
+  public AgentSpan getPath(AgentSpan span, HttpServletRequest request) {
+    if (request != null) {
+      String contextPath = request.getContextPath();
+      String servletPath = request.getServletPath();
+
+      if (null != contextPath && !contextPath.isEmpty()) {
+        span.setTag("servlet.context", contextPath);
+      }
+      if (null != servletPath && !servletPath.isEmpty()) {
+        span.setTag("servlet.path", servletPath);
+      }
+
+      request.setAttribute(DD_CONTEXT_PATH_ATTRIBUTE, contextPath);
+      request.setAttribute(DD_SERVLET_PATH_ATTRIBUTE, servletPath);
+    }
+    return span;
+  }
+
+  @Override
+  protected boolean isAppSecOnResponseSeparate() {
+    return true;
+  }
+
+  public AgentSpan onResponse(AgentSpan span, SRTServletResponse response) {
+    HttpServletRequest req = response.getRequest();
+
+    if (Config.get().isServletPrincipalEnabled() && req.getUserPrincipal() != null) {
+      span.setTag(DDTags.USER_NAME, req.getUserPrincipal().getName());
+    }
+    super.onResponse(span, response);
+
+    Object ex = req.getAttribute("jakarta.servlet.error.exception");
+    Object report;
+    Object errorMessage;
+    Throwable throwable = null;
+    if (ex instanceof Throwable) {
+      throwable = (Throwable) ex;
+      if (throwable instanceof ServletException) {
+        throwable = ((ServletException) throwable).getRootCause();
+      }
+      onError(span, throwable);
+    } else if ((report = req.getAttribute("ErrorReport")) instanceof WebAppErrorReport) {
+      // overwrite the HTTP status codes, and if a custom error report is provided by liberty server
+      WebAppErrorReport errReport = (WebAppErrorReport) report;
+      onError(span, errReport, throwable);
+    } else if ((errorMessage = req.getAttribute("jakarta.servlet.error.message"))
+        instanceof String) {
+      span.setError(true);
+      span.setTag(DDTags.ERROR_MSG, (String) errorMessage);
+    }
+    return span;
+  }
+
+  public AgentSpan onError(AgentSpan span, WebAppErrorReport report, Throwable servletThrowable) {
+    span.setError(true);
+    // make sure the two reported throwables are different throwables
+    if (report.getCause() != null
+        && (servletThrowable == null || servletThrowable.getCause() != report.getCause())) {
+      span.addThrowable(report.getCause());
+    }
+    span.setTag(DDTags.ERROR_MSG, report.getMessage());
+    return span;
+  }
+
+  public static class LibertyBlockResponseFunction implements BlockResponseFunction {
+    private static final Logger log = LoggerFactory.getLogger(LibertyBlockResponseFunction.class);
+    private final HttpServletRequest request;
+
+    public LibertyBlockResponseFunction(HttpServletRequest request) {
+      this.request = request;
+    }
+
+    @Override
+    public boolean tryCommitBlockingResponse(
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType bct,
+        Map<String, String> extraHeaders) {
+      if (!(request instanceof SRTServletRequest)) {
+        log.warn("Can't block; request not of type SRTServletRequest");
+        return false;
+      }
+      IExtendedResponse response = ((SRTServletRequest) request).getResponse();
+      if (!(response instanceof HttpServletResponse)) {
+        log.warn("Can't block; response not of type HttpServletResponse");
+        return false;
+      }
+      JakartaServletBlockingHelper.commitBlockingResponse(
+          segment, request, (HttpServletResponse) response, statusCode, bct, extraHeaders);
+
+      return true;
+    }
+  }
+
+  @Override
+  protected BlockResponseFunction createBlockResponseFunction(
+      HttpServletRequest httpServletRequest, HttpServletRequest connection) {
+    return new LibertyBlockResponseFunction(httpServletRequest);
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyServerInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyServerInstrumentation.java
new file mode 100644
index 00000000000..729084bd26a
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyServerInstrumentation.java
@@ -0,0 +1,157 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.liberty23.HttpInboundServiceContextImplInstrumentation.REQUEST_MSG_TYPE;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DD_EXTRACTED_CONTEXT_ATTRIBUTE;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DD_SPAN_ATTRIBUTE;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DECORATE;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.webcontainer.srt.SRTServletRequest;
+import com.ibm.ws.webcontainer.srt.SRTServletResponse;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.CorrelationIdentifier;
+import datadog.trace.api.GlobalTracer;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.bootstrap.ActiveSubsystems;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.servlet5.JakartaServletBlockingHelper;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public final class LibertyServerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public LibertyServerInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.webcontainer.filter.WebAppFilterManager";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".HttpServletExtractAdapter",
+      packageName + ".HttpServletExtractAdapter$Request",
+      packageName + ".HttpServletExtractAdapter$Response",
+      packageName + ".LibertyDecorator",
+      packageName + ".LibertyDecorator$LibertyBlockResponseFunction",
+      packageName + ".RequestURIDataAdapter",
+      "datadog.trace.instrumentation.servlet5.JakartaServletBlockingHelper",
+      packageName + ".RequestMessageFromServletRequestHelper",
+    };
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap(
+        REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("invokeFilters"))
+            .and(takesArgument(0, named("jakarta.servlet.ServletRequest")))
+            .and(takesArgument(1, named("jakarta.servlet.ServletResponse")))
+            .and(takesArgument(2, named("com.ibm.wsspi.webcontainer.servlet.IServletContext")))
+            .and(takesArgument(3, named("com.ibm.wsspi.webcontainer.RequestProcessor")))
+            .and(takesArgument(4, EnumSet.class))
+            .and(takesArgument(5, named("com.ibm.wsspi.http.HttpInboundConnection"))),
+        LibertyServerInstrumentation.class.getName() + "$HandleRequestAdvice");
+  }
+
+  @SuppressFBWarnings("DCN_NULLPOINTER_EXCEPTION")
+  public static class HandleRequestAdvice {
+
+    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+    public static boolean /* skip */ onEnter(
+        @Advice.Local("agentScope") AgentScope scope,
+        @Advice.Argument(0) ServletRequest req,
+        @Advice.Argument(1) ServletResponse resp) {
+      if (!(req instanceof SRTServletRequest)) {
+        return false;
+      }
+      SRTServletRequest request = (SRTServletRequest) req;
+
+      // if we try to get an attribute that doesn't exist open liberty might complain with an
+      // exception
+      try {
+        Object existingSpan = request.getAttribute(DD_SPAN_ATTRIBUTE);
+        if (existingSpan instanceof AgentSpan) {
+          scope = activateSpan((AgentSpan) existingSpan);
+          return false;
+        }
+      } catch (NullPointerException e) {
+      }
+
+      final AgentSpan.Context.Extracted extractedContext = DECORATE.extract(request);
+      request.setAttribute(DD_EXTRACTED_CONTEXT_ATTRIBUTE, extractedContext);
+      final AgentSpan span = DECORATE.startSpan(request, extractedContext);
+      scope = activateSpan(span);
+      scope.setAsyncPropagation(true);
+
+      DECORATE.afterStart(span);
+      DECORATE.onRequest(span, request, request, extractedContext);
+      request.setAttribute(DD_SPAN_ATTRIBUTE, span);
+      request.setAttribute(CorrelationIdentifier.getTraceIdKey(), GlobalTracer.get().getTraceId());
+      request.setAttribute(CorrelationIdentifier.getSpanIdKey(), GlobalTracer.get().getSpanId());
+      if (ActiveSubsystems.APPSEC_ACTIVE) {
+        ContextStore store =
+            InstrumentationContext.get(
+                REQUEST_MSG_TYPE, "datadog.trace.bootstrap.instrumentation.api.AgentSpan");
+        // Provide the span to lower layers
+        // The span is associated with the c.i.w.http.channel.internal.HttpRequestMessageImpl object
+        store.put(RequestMessageFromServletRequestHelper.getHttpRequestMessage(request), span);
+      }
+      Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
+      if (rba != null) {
+        JakartaServletBlockingHelper.commitBlockingResponse(
+            span.getRequestContext().getTraceSegment(), request, (SRTServletResponse) resp, rba);
+        // prevent caching of the handler
+        req.setAttribute(
+            "javax.servlet.error.status_code", ((SRTServletResponse) resp).getStatusCode());
+        span.getRequestContext().getTraceSegment().effectivelyBlocked();
+        return true; // skip method body
+      }
+
+      return false;
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    public static void closeScope(
+        @Advice.Local("agentScope") final AgentScope scope,
+        @Advice.Argument(value = 0) ServletRequest req) {
+      if (!(req instanceof SRTServletRequest)) {
+        return;
+      }
+      SRTServletRequest request = (SRTServletRequest) req;
+
+      if (scope != null) {
+        // we cannot get path at the start because the path/context attributes are not yet
+        // initialized
+        // this has the unfortunate consequence that service name (as set via the tag interceptor)
+        // of the top span won't match that of its child spans, because it's instead the original
+        // one that will propagate
+        DECORATE.getPath(scope.span(), request);
+        scope.close();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParameterCollector.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParameterCollector.java
new file mode 100644
index 00000000000..5cbbc4ab82e
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParameterCollector.java
@@ -0,0 +1,53 @@
+package datadog.trace.instrumentation.liberty23;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+public interface ParameterCollector {
+
+  boolean isEmpty();
+
+  void put(String key, String[] value);
+
+  Map<String, String[]> getMap();
+
+  class ParameterCollectorNoop implements ParameterCollector {
+    public static final ParameterCollector INSTANCE = new ParameterCollectorNoop();
+
+    @Override
+    public boolean isEmpty() {
+      return true;
+    }
+
+    @Override
+    public void put(String key, String[] value) {}
+
+    @Override
+    public Map<String, String[]> getMap() {
+      return Collections.emptyMap();
+    }
+  }
+
+  class ParameterCollectorImpl implements ParameterCollector {
+    public Map<String, String[]> map;
+
+    @Override
+    public boolean isEmpty() {
+      return map == null;
+    }
+
+    @Override
+    public void put(String key, String[] value) {
+      if (map == null) {
+        map = new HashMap<>();
+      }
+      map.put(key, value);
+    }
+
+    @Override
+    public Map<String, String[]> getMap() {
+      return map;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParseParametersInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParseParametersInstrumentation.java
new file mode 100644
index 00000000000..96e7d290985
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParseParametersInstrumentation.java
@@ -0,0 +1,211 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isProtected;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.function.BiFunction;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.asm.AsmVisitorWrapper;
+import net.bytebuddy.description.field.FieldDescription;
+import net.bytebuddy.description.field.FieldList;
+import net.bytebuddy.description.method.MethodList;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.implementation.Implementation;
+import net.bytebuddy.jar.asm.ClassVisitor;
+import net.bytebuddy.jar.asm.ClassWriter;
+import net.bytebuddy.jar.asm.MethodVisitor;
+import net.bytebuddy.jar.asm.Opcodes;
+import net.bytebuddy.jar.asm.Type;
+import net.bytebuddy.pool.TypePool;
+
+@AutoService(Instrumenter.class)
+public class ParseParametersInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public ParseParametersInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.webcontainer.srt.SRTServletRequest";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".ParameterCollector",
+      packageName + ".ParameterCollector$ParameterCollectorNoop",
+      packageName + ".ParameterCollector$ParameterCollectorImpl",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("parseParameters"))
+            .and(isPublic().or(isProtected()))
+            .and(takesArguments(0))
+            .and(returns(void.class)),
+        ParseParametersInstrumentation.class.getName() + "$ParseParametersAdvice");
+  }
+
+  @Override
+  public AdviceTransformer transformer() {
+    return new VisitingTransformer(new ParseParametersVisitorWrapper());
+  }
+
+  static class ParseParametersAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static void before(
+        @Advice.Local("collector") ParameterCollector collector,
+        @Advice.Local("reqCtx") RequestContext reqCtx) {
+      AgentSpan agentSpan = AgentTracer.activeSpan();
+      if (agentSpan != null) {
+        RequestContext requestContext = agentSpan.getRequestContext();
+        if (requestContext != null && requestContext.getData(RequestContextSlot.APPSEC) != null) {
+          reqCtx = requestContext;
+          collector = new ParameterCollector.ParameterCollectorImpl();
+          return;
+        }
+      }
+      // this variable is used in the custom instrumentation below
+      collector = ParameterCollector.ParameterCollectorNoop.INSTANCE;
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Local("collector") ParameterCollector collector,
+        @Advice.Local("reqCtx") RequestContext reqCtx,
+        @Advice.Thrown(readOnly = false) Throwable t) {
+      if (t != null || reqCtx == null || collector.isEmpty()) {
+        return;
+      }
+
+      CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+      BiFunction<RequestContext, Object, Flow<Void>> callback =
+          cbp.getCallback(EVENTS.requestBodyProcessed());
+      if (callback == null) {
+        return;
+      }
+
+      Flow<Void> flow = callback.apply(reqCtx, collector.getMap());
+      Flow.Action action = flow.getAction();
+      if (action instanceof Flow.Action.RequestBlockingAction) {
+        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+        BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+        if (blockResponseFunction != null) {
+          blockResponseFunction.tryCommitBlockingResponse(
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
+          t = new BlockingException("Blocked request (for SRTServletRequest/parseParameters)");
+          reqCtx.getTraceSegment().effectivelyBlocked();
+        }
+      }
+    }
+  }
+
+  public static class ParseParametersVisitorWrapper implements AsmVisitorWrapper {
+    @Override
+    public int mergeWriter(int flags) {
+      return flags | ClassWriter.COMPUTE_MAXS;
+    }
+
+    @Override
+    public int mergeReader(int flags) {
+      return flags;
+    }
+
+    @Override
+    public ClassVisitor wrap(
+        TypeDescription instrumentedType,
+        ClassVisitor classVisitor,
+        Implementation.Context implementationContext,
+        TypePool typePool,
+        FieldList<FieldDescription.InDefinedShape> fields,
+        MethodList<?> methods,
+        int writerFlags,
+        int readerFlags) {
+      return new RequestClassVisitor(Opcodes.ASM8, classVisitor);
+    }
+  }
+
+  public static class RequestClassVisitor extends ClassVisitor {
+    public RequestClassVisitor(int api, ClassVisitor cv) {
+      super(api, cv);
+    }
+
+    @Override
+    public MethodVisitor visitMethod(
+        int access, String name, String descriptor, String signature, String[] exceptions) {
+      MethodVisitor superMv = super.visitMethod(access, name, descriptor, signature, exceptions);
+      if ("parseParameters".equals(name) && "()V".equals(descriptor)) {
+        return new ParseParametersMethodVisitor(api, superMv);
+      } else {
+        return superMv;
+      }
+    }
+  }
+
+  public static class ParseParametersMethodVisitor extends MethodVisitor {
+    private boolean afterGetParametersCall;
+
+    public ParseParametersMethodVisitor(int api, MethodVisitor superMv) {
+      super(api, superMv);
+    }
+
+    @Override
+    public void visitMethodInsn(
+        int opcode, String owner, String name, String descriptor, boolean isInterface) {
+      if (!afterGetParametersCall) {
+        if (opcode == Opcodes.INVOKEVIRTUAL
+            && name.equals("getParameters")
+            && owner.equals("com/ibm/ws/webcontainer/srt/SRTServletRequestThreadData")
+            && descriptor.equals("()Ljava/util/Map;")) {
+          afterGetParametersCall = true;
+        }
+      } else if (afterGetParametersCall) {
+        afterGetParametersCall = false;
+        if (opcode == Opcodes.INVOKEINTERFACE
+            && owner.equals("java/util/Map")
+            && name.equals("put")
+            && descriptor.equals("(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;")) {
+          super.visitVarInsn(Opcodes.ALOAD, 1);
+          // stack: ..., key, value, collParams
+          super.visitInsn(Opcodes.DUP_X2);
+          // stack: ..., collParams, key, value, collParams
+          super.visitInsn(Opcodes.POP);
+          // stack: ..., collParams, key, value
+          super.visitInsn(Opcodes.DUP2_X1);
+          // stack: ..., key, value, collParams, key, value
+          super.visitMethodInsn(
+              Opcodes.INVOKEINTERFACE,
+              Type.getInternalName(ParameterCollector.class),
+              "put",
+              "(Ljava/lang/String;[Ljava/lang/String;)V",
+              true);
+          // original stack
+        }
+      }
+
+      super.visitMethodInsn(opcode, owner, name, descriptor, isInterface);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParsePostDataInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParsePostDataInstrumentation.java
new file mode 100644
index 00000000000..5739a8a7cb1
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ParsePostDataInstrumentation.java
@@ -0,0 +1,87 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isProtected;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.advice.ActiveRequestContext;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.Hashtable;
+import java.util.function.BiFunction;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class ParsePostDataInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+  public ParsePostDataInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "com.ibm.ws.webcontainer.srt.SRTServletRequest",
+      "com.ibm.ws.webcontainer31.srt.SRTServletRequest31",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("parsePostData"))
+            .and(isPublic().or(isProtected()))
+            .and(takesArguments(0))
+            .and(returns(Hashtable.class)),
+        ParsePostDataInstrumentation.class.getName() + "$ParsePostDataAdvice");
+  }
+
+  @RequiresRequestContext(RequestContextSlot.APPSEC)
+  static class ParsePostDataAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Return Hashtable<String, String[]> retval,
+        @ActiveRequestContext RequestContext reqCtx,
+        @Advice.Thrown(readOnly = false) Throwable t) {
+      if (retval == null || retval.isEmpty() || t != null) {
+        return;
+      }
+
+      CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+      BiFunction<RequestContext, Object, Flow<Void>> callback =
+          cbp.getCallback(EVENTS.requestBodyProcessed());
+      if (callback == null) {
+        return;
+      }
+
+      Flow<Void> flow = callback.apply(reqCtx, retval);
+      Flow.Action action = flow.getAction();
+      if (action instanceof Flow.Action.RequestBlockingAction) {
+        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+        BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+        if (blockResponseFunction != null) {
+          blockResponseFunction.tryCommitBlockingResponse(
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
+          t = new BlockingException("Blocked request (for SRTServletRequest/parsePostData)");
+          reqCtx.getTraceSegment().effectivelyBlocked();
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestFinishInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestFinishInstrumentation.java
new file mode 100644
index 00000000000..bb2d4e85091
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestFinishInstrumentation.java
@@ -0,0 +1,76 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DD_SPAN_ATTRIBUTE;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DECORATE;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.webcontainer.srt.SRTServletRequest;
+import com.ibm.ws.webcontainer.srt.SRTServletResponse;
+import com.ibm.wsspi.webcontainer.servlet.IExtendedResponse;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class RequestFinishInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public RequestFinishInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".HttpServletExtractAdapter",
+      packageName + ".HttpServletExtractAdapter$Request",
+      packageName + ".HttpServletExtractAdapter$Response",
+      packageName + ".LibertyDecorator",
+      packageName + ".LibertyDecorator$LibertyBlockResponseFunction",
+      packageName + ".RequestURIDataAdapter",
+    };
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.webcontainer.srt.SRTServletRequest";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("finish").and(takesNoArguments()),
+        RequestFinishInstrumentation.class.getName() + "$RequestFinishAdvice");
+  }
+
+  /** The function finish is called when a server receives and sends out a request */
+  @SuppressFBWarnings("DCN_NULLPOINTER_EXCEPTION")
+  public static class RequestFinishAdvice {
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void stopSpan(@Advice.This SRTServletRequest req) {
+      IExtendedResponse resp = req.getResponse();
+
+      // this should be a servlet response
+      if (resp instanceof SRTServletResponse) {
+        SRTServletResponse httpResp = (SRTServletResponse) resp;
+        Object spanObj = null;
+        try {
+          spanObj = req.getAttribute(DD_SPAN_ATTRIBUTE);
+        } catch (NullPointerException e) {
+          // OpenLiberty will throw NPE on getAttribute if the response has already been closed.
+        }
+
+        if (spanObj instanceof AgentSpan) {
+          req.setAttribute(DD_SPAN_ATTRIBUTE, null);
+          final AgentSpan span = (AgentSpan) spanObj;
+          DECORATE.onResponse(span, httpResp);
+          DECORATE.beforeFinish(span);
+          span.finish();
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestMessageFromServletRequestHelper.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestMessageFromServletRequestHelper.java
new file mode 100644
index 00000000000..feb6ac7c6af
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestMessageFromServletRequestHelper.java
@@ -0,0 +1,42 @@
+package datadog.trace.instrumentation.liberty23;
+
+import com.ibm.websphere.servlet.request.IRequest;
+import com.ibm.websphere.servlet.request.extended.IRequestExtended;
+import com.ibm.ws.webcontainer.srt.SRTServletRequest;
+import com.ibm.wsspi.http.HttpRequest;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.reflect.Field;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class RequestMessageFromServletRequestHelper {
+  private static final ConcurrentHashMap<Class<?>, MethodHandle> FIELD_CACHE =
+      new ConcurrentHashMap<>();
+
+  public static Object getHttpRequestMessage(SRTServletRequest request) {
+    IRequest iRequest = request.getIRequest();
+    if (iRequest instanceof IRequestExtended) {
+      HttpRequest transportRequest =
+          ((IRequestExtended) iRequest).getHttpInboundConnection().getRequest();
+      try {
+        MethodHandle messageGetter =
+            FIELD_CACHE.computeIfAbsent(
+                transportRequest.getClass(),
+                clazz -> {
+                  Field messageField;
+                  try {
+                    messageField = clazz.getDeclaredField("message");
+                    messageField.setAccessible(true);
+                    return MethodHandles.lookup().unreflectGetter(messageField);
+                  } catch (NoSuchFieldException | IllegalAccessException e) {
+                    throw new RuntimeException(e);
+                  }
+                });
+        return messageGetter.invoke(transportRequest);
+      } catch (Throwable e) {
+        throw new RuntimeException(e);
+      }
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestURIDataAdapter.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestURIDataAdapter.java
new file mode 100644
index 00000000000..c5c11c08f59
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/RequestURIDataAdapter.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.liberty23;
+
+import datadog.trace.bootstrap.instrumentation.api.URIRawDataAdapter;
+import jakarta.servlet.http.HttpServletRequest;
+
+final class RequestURIDataAdapter extends URIRawDataAdapter {
+
+  private final HttpServletRequest request;
+
+  RequestURIDataAdapter(HttpServletRequest request) {
+    this.request = request;
+  }
+
+  @Override
+  public String scheme() {
+    return request.getScheme();
+  }
+
+  @Override
+  public String host() {
+    return request.getServerName();
+  }
+
+  @Override
+  public int port() {
+    return request.getServerPort();
+  }
+
+  @Override
+  protected String innerRawPath() {
+    return request.getRequestURI();
+  }
+
+  @Override
+  public String fragment() {
+    return null;
+  }
+
+  @Override
+  protected String innerRawQuery() {
+    return request.getQueryString();
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ResponseFinishInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ResponseFinishInstrumentation.java
new file mode 100644
index 00000000000..cecb8da574d
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/ResponseFinishInstrumentation.java
@@ -0,0 +1,111 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DD_SPAN_ATTRIBUTE;
+import static datadog.trace.instrumentation.liberty23.LibertyDecorator.DECORATE;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.webcontainer.srt.SRTServletResponse;
+import com.ibm.wsspi.webcontainer.WebContainerRequestState;
+import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * XXX: {@link SRTServletResponse#finish()} is not appropriate method to look at the response
+ * headers. By this time, the headers may have been cleared already. They are cleared when the
+ * output is closed. There are other problems with this instrumentation. See the comments and NPEs
+ * being caught. In short, the method runs too late. Maybe intercept {@link
+ * SRTServletResponse#closeResponseOutput()} instead?
+ */
+@AutoService(Instrumenter.class)
+public class ResponseFinishInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public ResponseFinishInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".HttpServletExtractAdapter",
+      packageName + ".HttpServletExtractAdapter$Request",
+      packageName + ".HttpServletExtractAdapter$Response",
+      packageName + ".LibertyDecorator",
+      packageName + ".LibertyDecorator$LibertyBlockResponseFunction",
+      packageName + ".RequestURIDataAdapter",
+    };
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.webcontainer.srt.SRTServletResponse";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("finish").and(takesNoArguments()),
+        ResponseFinishInstrumentation.class.getName() + "$ResponseFinishAdvice");
+    transformation.applyAdvice(
+        named("closeResponseOutput").and(takesArguments(1)).and(takesArgument(0, boolean.class)),
+        ResponseFinishInstrumentation.class.getName() + "$SetCompletedAdvice");
+  }
+
+  /**
+   * Older versions have the inserted code conditioned on <code>
+   * reqState.getCurrentThreadsIExtendedRequest() == this.getRequest()</code>, though not in all
+   * code paths (for instance, not when getOutputStream() was called instead of getWriter). This
+   * inconsistency, together with the fact that newer versions don't have this condition anymore,
+   * suggests it is a bug. Without this inserted advice, async requests are not completed when
+   * blocking async requests.
+   */
+  static class SetCompletedAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Argument(0) boolean releaseChannel) {
+      WebContainerRequestState reqState = WebContainerRequestState.getInstance(true);
+      if (releaseChannel && !reqState.isCompleted()) {
+        reqState.setCompleted(true);
+      }
+    }
+  }
+
+  @SuppressFBWarnings("DCN_NULLPOINTER_EXCEPTION")
+  public static class ResponseFinishAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static AgentSpan onEnter(@Advice.This SRTServletResponse resp) {
+      // this is the last opportunity to have any meaningful
+      // interaction with the response
+      AgentSpan span = null;
+      IExtendedRequest req = resp.getRequest();
+      try {
+        Object spanObj = req.getAttribute(DD_SPAN_ATTRIBUTE);
+        if (spanObj instanceof AgentSpan) {
+          span = (AgentSpan) spanObj;
+          req.setAttribute(DD_SPAN_ATTRIBUTE, null);
+          DECORATE.onResponse(span, resp);
+        }
+      } catch (NullPointerException e) {
+        // OpenLiberty will throw NPE on getAttribute if the response has already been closed.
+      }
+
+      return span;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void stopSpan(
+        @Advice.This SRTServletResponse resp, @Advice.Enter AgentSpan span) {
+      if (span == null) {
+        return;
+      }
+      DECORATE.beforeFinish(span);
+      span.finish();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/WebAppHandleExceptionInstrumentation.java b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/WebAppHandleExceptionInstrumentation.java
new file mode 100644
index 00000000000..4be3c435304
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/WebAppHandleExceptionInstrumentation.java
@@ -0,0 +1,56 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import com.ibm.ws.webcontainer.webapp.WebAppErrorReport;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * Instrumentation to prevent the server from trying to send an error response by handling a
+ * BlockingException (the response should've been committed already). Also avoids logging the
+ * exception at SEVERE level.
+ */
+@AutoService(Instrumenter.class)
+public class WebAppHandleExceptionInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public WebAppHandleExceptionInstrumentation() {
+    super("liberty");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "com.ibm.ws.webcontainer.webapp.WebApp";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(named("handleException"))
+            .and(takesArguments(4))
+            .and(takesArgument(0, Throwable.class))
+            .and(returns(void.class)),
+        WebAppHandleExceptionInstrumentation.class.getName() + "$HandleExceptionAdvice");
+  }
+
+  static class HandleExceptionAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class, skipOn = Advice.OnNonDefaultValue.class)
+    static boolean /* skip */ before(@Advice.Argument(0) Throwable throwable_) {
+      Throwable throwable = throwable_;
+      if (throwable instanceof WebAppErrorReport) {
+        throwable = throwable.getCause();
+      }
+      if (throwable instanceof BlockingException) {
+        return throwable.getMessage().startsWith("Blocked response");
+      }
+      return false;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23InactiveAppSecTest.groovy b/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23InactiveAppSecTest.groovy
new file mode 100644
index 00000000000..68cc9e836e5
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23InactiveAppSecTest.groovy
@@ -0,0 +1,15 @@
+package datadog.trace.instrumentation.liberty23
+
+import com.datadog.appsec.AppSecInactiveHttpServerTest
+import datadog.trace.agent.test.base.HttpServer
+import spock.lang.IgnoreIf
+
+@IgnoreIf({
+  System.getProperty('java.vm.name') == 'IBM J9 VM' &&
+  System.getProperty('java.specification.version') == '1.8'
+})
+class Liberty23InactiveAppSecTest extends AppSecInactiveHttpServerTest {
+  HttpServer server() {
+    new Liberty23Server()
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23Server.groovy b/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23Server.groovy
new file mode 100644
index 00000000000..963c8fc1df1
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23Server.groovy
@@ -0,0 +1,78 @@
+package datadog.trace.instrumentation.liberty23
+
+import com.ibm.wsspi.kernel.embeddable.Server
+import com.ibm.wsspi.kernel.embeddable.ServerBuilder
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.utils.PortUtils
+import groovy.xml.XmlUtil
+
+import java.util.concurrent.TimeUnit
+
+class Liberty23Server implements HttpServer {
+  File serverXmlFile = new File(System.getProperty('server.xml'))
+  long serverXmlLastModified
+  byte[] origServerXml
+  final String prefix
+
+  def port
+  Server server
+
+  Liberty23Server(String prefix = '') {
+    this.prefix = prefix
+  }
+
+  @Override
+  void start() {
+    findRandomPort()
+    changeServerXml()
+    ServerBuilder sb = new ServerBuilder(name: 'defaultServer')
+    server = sb.build()
+    // set bootdelegation to mimic how our -javaagent delegates requests for our shaded slf4j package
+    // (at this point in the build we haven't shaded slf4j or transformed any framework class-loaders)
+    def result = server.start(["org.osgi.framework.bootdelegation":"org.slf4j"]).get(45, TimeUnit.SECONDS)
+    if (!result.successful()) {
+      throw new IllegalStateException("OpenLiberty startup has failed")
+    }
+  }
+
+  private void findRandomPort() {
+    port = PortUtils.randomOpenPort()
+  }
+
+  private void changeServerXml() {
+    serverXmlLastModified = serverXmlFile.lastModified()
+    origServerXml = serverXmlFile.bytes
+    def xml = new XmlParser().parse(serverXmlFile)
+    xml.httpEndpoint[0].'@httpPort' = port as String
+    xml.httpEndpoint[0].attributes().remove 'httpsPort'
+
+    // Remove JSP
+    def featureManager = xml.featureManager[0]
+    featureManager.feature[0]?.replaceNode {}
+
+    // Add servlet-5.0
+    featureManager.appendNode('feature', 'servlet-5.0')
+
+    serverXmlFile.text = XmlUtil.serialize(xml)
+  }
+
+  @Override
+  void stop() {
+    def result = server.stop().get(30, TimeUnit.SECONDS)
+    if (!result.successful()) {
+      throw new IllegalStateException("OpenLiberty stop has failed")
+    }
+    serverXmlFile.bytes = origServerXml
+    serverXmlFile.lastModified = serverXmlLastModified
+  }
+
+  @Override
+  URI address() {
+    new URI("http://localhost:$port/testapp/${this.prefix}")
+  }
+
+  @Override
+  String toString() {
+    return this.class.name
+  }
+}
\ No newline at end of file
diff --git a/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23Test.groovy b/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23Test.groovy
new file mode 100644
index 00000000000..eb7c18ad16e
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/test/groovy/datadog/trace/instrumentation/liberty23/Liberty23Test.groovy
@@ -0,0 +1,167 @@
+package datadog.trace.instrumentation.liberty23
+
+import com.ibm.wsspi.kernel.embeddable.Server
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+
+import datadog.trace.core.DDSpan
+import spock.lang.IgnoreIf
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static org.junit.Assume.assumeTrue
+
+abstract class Liberty23Test extends HttpServerTest<Server> {
+
+  @Override
+  HttpServer server() {
+    new Liberty23Server()
+  }
+
+  protected String getPathPrefix() {
+    ''
+  }
+
+  @Override
+  String expectedServiceName() {
+    'testapp'
+  }
+
+  @Override
+  String expectedControllerServiceName() {
+    super.expectedServiceName()
+  }
+
+  boolean expectedErrored(ServerEndpoint endpoint) {
+    // our test makes openliberty generate a FileNotFoundException
+    endpoint == ServerEndpoint.NOT_FOUND ? true : super.expectedErrored(endpoint)
+  }
+
+  @Override
+  Map<String, Serializable> expectedExtraServerTags(ServerEndpoint endpoint) {
+    def res = ['servlet.context': '/testapp']
+    if (endpoint == ServerEndpoint.NOT_FOUND) {
+      res['error.message'] = 'SRVE0190E: File not found: /not-found'
+      res['error.type'] = 'java.io.FileNotFoundException'
+      res['error.stack'] = ~/java\.io\.FileNotFoundException: SRVE0190E: File not found: \/not-found.*/
+    } else {
+      res['servlet.path'] = "${pathPrefix}${endpoint.path}"
+    }
+    res
+  }
+
+  @Override
+  Map<String, Serializable> expectedExtraErrorInformation(ServerEndpoint endpoint) {
+    // sendError produces an error span (as expected by the test)
+    if (endpoint == ServerEndpoint.ERROR) {
+      [
+        "error.message": 'controller error' // not "controller exception", as super indicates
+      ]
+    } else {
+      super.expectedExtraErrorInformation(endpoint)
+    }
+  }
+
+  @Override
+  String component() {
+    'liberty-server'
+  }
+
+  @Override
+  String expectedOperationName() {
+    component()
+  }
+
+  @Override
+  boolean testExceptionBody() {
+    false
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    true
+  }
+
+  @Override
+  boolean testBlocking() {
+    false
+  }
+
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean testRequestBodyISVariant() {
+    true
+  }
+
+  @Override
+  boolean hasExtraErrorInformation() {
+    true
+  }
+
+  @Override
+  boolean testBodyMultipart() {
+    true
+  }
+
+  @Override
+  String expectedResourceName(ServerEndpoint endpoint, String method, URI address) {
+    if (endpoint.path == '/not-found') {
+      'GET /testapp/not-found'
+    } else {
+      super.expectedResourceName(endpoint, method, address)
+    }
+  }
+
+  def 'test blocking on response with commit during the response'() {
+    setup:
+    assumeTrue(testBlockingOnResponse())
+
+    def request = request(SUCCESS, 'GET', null)
+      .header(IG_BLOCK_RESPONSE_HEADER, 'json')
+      .header('x-commit-during-response', 'true')
+      .build()
+
+    when:
+    def response = client.newCall(request).execute()
+
+    then:
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+    }
+    response.code() == 413
+    response.header('Content-type') =~ /(?i)\Aapplication\/json(?:;\s?charset=utf-8)?\z/
+    response.body().charStream().text.contains('"title":"You\'ve been blocked"')
+    TEST_WRITER.waitForTraces(1)
+
+    then:
+    TEST_WRITER.flatten().find { DDSpan it ->
+      it.tags['http.status_code'] == 413 &&
+        it.tags['appsec.blocked'] == 'true'
+    } != null
+  }
+}
+
+@IgnoreIf({
+  // failing because org.apache.xalan.transformer.TransformerImpl is
+  // instrumented while on the the global ignores list
+  System.getProperty('java.vm.name') == 'IBM J9 VM' &&
+  System.getProperty('java.specification.version') == '1.8' })
+class Liberty23V0ForkedTest extends Liberty23Test implements TestingGenericHttpNamingConventions.ServerV0 {
+}
+
+@IgnoreIf({
+  // failing because org.apache.xalan.transformer.TransformerImpl is
+  // instrumented while on the the global ignores list
+  System.getProperty('java.vm.name') == 'IBM J9 VM' &&
+  System.getProperty('java.specification.version') == '1.8' })
+class Liberty23V1ForkedTest extends Liberty23Test implements TestingGenericHttpNamingConventions.ServerV1 {
+}
\ No newline at end of file
diff --git a/dd-java-agent/instrumentation/liberty-23/src/webapp/java/datadog/trace/instrumentation/liberty23/AsyncServlet5.java b/dd-java-agent/instrumentation/liberty-23/src/webapp/java/datadog/trace/instrumentation/liberty23/AsyncServlet5.java
new file mode 100644
index 00000000000..84cca0aac7e
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/webapp/java/datadog/trace/instrumentation/liberty23/AsyncServlet5.java
@@ -0,0 +1,219 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART;
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR;
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH;
+
+import datadog.trace.agent.test.base.HttpServerTest;
+import jakarta.servlet.AsyncContext;
+import jakarta.servlet.AsyncEvent;
+import jakarta.servlet.AsyncListener;
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.WriteListener;
+import jakarta.servlet.annotation.MultipartConfig;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Enumeration;
+
+@WebServlet(
+    urlPatterns = {
+      "/async/success",
+      "/async/created",
+      "/async/created_input_stream",
+      "/async/body-urlencoded",
+      "/async/body-multipart",
+      "/async/body-json",
+      "/async/redirect",
+      "/async/forwarded",
+      "/async/error-status",
+      "/async/exception",
+      "/async/custom-exception",
+      "/async/not-here",
+      "/async/timeout",
+      "/async/timeout_error",
+      "/async/query",
+      "/async/encoded path query",
+      "/async/encoded_query",
+      "/async/user-block",
+    },
+    asyncSupported = true)
+@MultipartConfig(
+    maxFileSize = 10 * 1024 * 1024,
+    maxRequestSize = 20 * 1024 * 1024,
+    fileSizeThreshold = 5 * 1024 * 1024)
+public class AsyncServlet5 extends HttpServlet {
+  datadog.trace.instrumentation.servlet5.TestServlet5 delegate;
+
+  {
+    try {
+      delegate =
+          new datadog.trace.instrumentation.servlet5.TestServlet5() {
+            @Override
+            public HttpServerTest.ServerEndpoint determineEndpoint(HttpServletRequest req) {
+              return HttpServerTest.ServerEndpoint.forPath(
+                  req.getRequestURI().substring(req.getRequestURI().lastIndexOf('/')));
+            }
+          };
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @Override
+  public void service(ServletRequest req, final ServletResponse res)
+      throws ServletException, IOException {
+    Object attribute = req.getAttribute("ddog.dispatched");
+
+    if (attribute == null) {
+      AsyncContext asyncContext = req.startAsync();
+      req.setAttribute("ddog.dispatched", 1);
+      asyncContext.dispatch();
+    } else {
+      HttpServerTest.ServerEndpoint serverEndpoint =
+          delegate.determineEndpoint((HttpServletRequest) req);
+      if (serverEndpoint == BODY_MULTIPART) {
+        // needed to trigger reading the body on openliberty
+        ((HttpServletRequest) req).getParts();
+      } else if (serverEndpoint == ERROR || serverEndpoint == QUERY_ENCODED_BOTH) {
+        delegate.service(req, res);
+        return;
+      }
+
+      ByteArrayOutputStream baos = new ByteArrayOutputStream();
+      PrintWriter writer = new PrintWriter(baos);
+      HttpServletResponseWrapper wrappedRes =
+          new HttpServletResponseWrapper((HttpServletResponse) res) {
+            @Override
+            public PrintWriter getWriter() throws IOException {
+              return writer;
+            }
+          };
+
+      delegate.service(req, wrappedRes);
+      writer.flush();
+
+      AsyncContext asyncContext = req.startAsync();
+      asyncContext.setTimeout(1000);
+      asyncContext.addListener(
+          new AsyncListener() {
+            @Override
+            public void onComplete(AsyncEvent event) throws IOException {
+              log("onComplete");
+            }
+
+            @Override
+            public void onTimeout(AsyncEvent event) throws IOException {
+              log("onTimeout");
+            }
+
+            @Override
+            public void onError(AsyncEvent event) throws IOException {
+              log("onError", event.getThrowable());
+            }
+
+            @Override
+            public void onStartAsync(AsyncEvent event) throws IOException {
+              event.getAsyncContext().addListener(this);
+            }
+          });
+
+      ServletOutputStream outputStream;
+      try {
+        outputStream = res.getOutputStream();
+      } catch (IOException e) {
+        throw new RuntimeException(e);
+      }
+
+      WriteListener listener =
+          new WriteListener() {
+            @Override
+            public void onWritePossible() throws IOException {
+              outputStream.write(baos.toByteArray());
+              asyncContext.complete();
+            }
+
+            @Override
+            public void onError(Throwable e) {
+              log("onError", e);
+              asyncContext.complete();
+            }
+          };
+
+      try {
+        Method setWriteListener =
+            ServletOutputStream.class.getMethod("setWriteListener", WriteListener.class);
+        setWriteListener.invoke(outputStream, listener);
+      } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) {
+        throw new RuntimeException(e);
+      }
+    }
+  }
+
+  @Override
+  public void destroy() {
+    delegate.destroy();
+  }
+
+  @Override
+  public String getInitParameter(String name) {
+    return delegate.getInitParameter(name);
+  }
+
+  @Override
+  public Enumeration<String> getInitParameterNames() {
+    return delegate.getInitParameterNames();
+  }
+
+  @Override
+  public ServletConfig getServletConfig() {
+    return delegate.getServletConfig();
+  }
+
+  @Override
+  public ServletContext getServletContext() {
+    return delegate.getServletContext();
+  }
+
+  @Override
+  public String getServletInfo() {
+    return delegate.getServletInfo();
+  }
+
+  @Override
+  public void init() throws ServletException {
+    delegate.init();
+  }
+
+  @Override
+  public void init(ServletConfig config) throws ServletException {
+    delegate.init(config);
+  }
+
+  @Override
+  public String getServletName() {
+    return delegate.getServletName();
+  }
+
+  @Override
+  public void log(String msg) {
+    delegate.log(msg);
+  }
+
+  @Override
+  public void log(String msg, Throwable t) {
+    delegate.log(msg, t);
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/webapp/java/datadog/trace/instrumentation/liberty23/PassthruSyncServlet5.java b/dd-java-agent/instrumentation/liberty-23/src/webapp/java/datadog/trace/instrumentation/liberty23/PassthruSyncServlet5.java
new file mode 100644
index 00000000000..038304de503
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/webapp/java/datadog/trace/instrumentation/liberty23/PassthruSyncServlet5.java
@@ -0,0 +1,127 @@
+package datadog.trace.instrumentation.liberty23;
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART;
+
+import jakarta.servlet.ServletConfig;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.annotation.MultipartConfig;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.Enumeration;
+
+@WebServlet(
+    urlPatterns = {
+      "/success",
+      "/created",
+      "/created_input_stream",
+      "/body-urlencoded",
+      "/body-multipart",
+      "/body-json",
+      "/redirect",
+      "/forwarded",
+      "/error-status",
+      "/exception",
+      "/custom-exception",
+      "/not-here",
+      "/timeout",
+      "/timeout_error",
+      "/query",
+      "/encoded path query",
+      "/encoded_query",
+      "/user-block",
+    })
+@MultipartConfig(
+    maxFileSize = 10 * 1024 * 1024,
+    maxRequestSize = 20 * 1024 * 1024,
+    fileSizeThreshold = 5 * 1024 * 1024)
+public class PassthruSyncServlet5 extends HttpServlet {
+  datadog.trace.instrumentation.servlet5.TestServlet5 delegate;
+
+  {
+    try {
+      delegate = new datadog.trace.instrumentation.servlet5.TestServlet5();
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @Override
+  public void service(ServletRequest req, ServletResponse res)
+      throws ServletException, IOException {
+    if (delegate.determineEndpoint((HttpServletRequest) req) == BODY_MULTIPART) {
+      // needed to trigger reading the body on openliberty
+      ((HttpServletRequest) req).getParts();
+    }
+    try {
+      delegate.service(req, res);
+    } catch (Throwable t) {
+      throw t;
+    } finally {
+      if (((HttpServletRequest) req).getHeader("x-commit-during-response") != null) {
+        res.flushBuffer();
+        res.getWriter().close();
+        throw new RuntimeException("should not be reached");
+      }
+    }
+  }
+
+  @Override
+  public void destroy() {
+    delegate.destroy();
+  }
+
+  @Override
+  public String getInitParameter(String name) {
+    return delegate.getInitParameter(name);
+  }
+
+  @Override
+  public Enumeration<String> getInitParameterNames() {
+    return delegate.getInitParameterNames();
+  }
+
+  @Override
+  public ServletConfig getServletConfig() {
+    return delegate.getServletConfig();
+  }
+
+  @Override
+  public ServletContext getServletContext() {
+    return delegate.getServletContext();
+  }
+
+  @Override
+  public String getServletInfo() {
+    return delegate.getServletInfo();
+  }
+
+  @Override
+  public void init() throws ServletException {
+    delegate.init();
+  }
+
+  @Override
+  public void init(ServletConfig config) throws ServletException {
+    delegate.init(config);
+  }
+
+  @Override
+  public String getServletName() {
+    return delegate.getServletName();
+  }
+
+  @Override
+  public void log(String msg) {
+    delegate.log(msg);
+  }
+
+  @Override
+  public void log(String msg, Throwable t) {
+    delegate.log(msg, t);
+  }
+}
diff --git a/dd-java-agent/instrumentation/liberty-23/src/webapp/resources/WEB-INF/web.xml b/dd-java-agent/instrumentation/liberty-23/src/webapp/resources/WEB-INF/web.xml
new file mode 100644
index 00000000000..b4cfedf4f23
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/webapp/resources/WEB-INF/web.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+    version="3.1">
+    <display-name>Test Application</display-name>
+
+    <welcome-file-list>
+        <welcome-file>index.html</welcome-file>
+    </welcome-file-list>
+</web-app>
diff --git a/dd-java-agent/instrumentation/liberty-23/src/webapp/resources/index.html b/dd-java-agent/instrumentation/liberty-23/src/webapp/resources/index.html
new file mode 100644
index 00000000000..c4db7b484ca
--- /dev/null
+++ b/dd-java-agent/instrumentation/liberty-23/src/webapp/resources/index.html
@@ -0,0 +1,6 @@
+<html>
+<title>Hello World</title>
+<body>
+<p>Hello World!</p>
+</body>
+</html>
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/build.gradle b/dd-java-agent/instrumentation/maven-3.2.1/build.gradle
index 3500f43374f..488c0c64e49 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/build.gradle
+++ b/dd-java-agent/instrumentation/maven-3.2.1/build.gradle
@@ -1,3 +1,5 @@
+apply from: "$rootDir/gradle/java.gradle"
+
 muzzle {
   pass {
     group = 'org.apache.maven'
@@ -7,7 +9,7 @@ muzzle {
   }
 }
 
-apply from: "$rootDir/gradle/java.gradle"
+addTestSuiteForDir('latestDepTest', 'test')
 
 dependencies {
   compileOnly 'org.apache.maven:maven-embedder:3.2.1'
@@ -17,7 +19,11 @@ dependencies {
   // this is not the earliest version of Maven that we support,
   // but using the earliest one is not possible here because of dependency conflicts
   testImplementation 'org.apache.maven:maven-embedder:3.2.5'
-  testImplementation 'org.eclipse.aether:aether-connector-basic:1.0.0.v20140518'
-  testImplementation 'org.eclipse.aether:aether-transport-wagon:1.0.0.v20140518'
-  testImplementation 'org.apache.maven.wagon:wagon-http:2.8'
+  testImplementation group: 'org.apache.maven.resolver', name: 'maven-resolver-connector-basic', version: '1.0.3'
+  testImplementation group: 'org.apache.maven.resolver', name: 'maven-resolver-transport-http', version: '1.0.3'
+
+  latestDepTestImplementation group: 'org.apache.maven', name: 'maven-embedder', version: '+'
+  latestDepTestImplementation group: 'org.apache.maven.resolver', name: 'maven-resolver-connector-basic', version: '+'
+  latestDepTestImplementation group: 'org.apache.maven.resolver', name: 'maven-resolver-transport-http', version: '+'
+  latestDepTestImplementation group: 'org.fusesource.jansi', name: 'jansi', version: '+'
 }
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenExecutionListener.java b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenExecutionListener.java
index 2f6dadb0e46..70851ef2723 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenExecutionListener.java
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenExecutionListener.java
@@ -4,6 +4,8 @@
 import datadog.trace.api.config.CiVisibilityConfig;
 import datadog.trace.bootstrap.instrumentation.api.Tags;
 import datadog.trace.util.Strings;
+import java.io.File;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
 import org.apache.maven.execution.AbstractExecutionListener;
@@ -15,13 +17,9 @@
 import org.apache.maven.plugin.MojoExecution;
 import org.apache.maven.project.MavenProject;
 import org.codehaus.plexus.util.xml.Xpp3Dom;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 public class MavenExecutionListener extends AbstractExecutionListener {
 
-  private static final Logger log = LoggerFactory.getLogger(MavenExecutionListener.class);
-
   private static final String FORK_COUNT_CONFIG = "forkCount";
   private static final String SYSTEM_PROPERTY_VARIABLES_CONFIG = "systemPropertyVariables";
   private static final String SYSTEM_PROPERTIES_CONFIG = "systemProperties";
@@ -53,9 +51,7 @@ public void mojoSkipped(ExecutionEvent event) {
       MavenSession session = event.getSession();
       MavenExecutionRequest request = session.getRequest();
       MavenProject project = event.getProject();
-      String projectName = project.getName();
-      String lifecyclePhase = mojoExecution.getLifecyclePhase();
-      String moduleName = projectName + " " + lifecyclePhase;
+      String moduleName = getUniqueModuleName(project, mojoExecution);
 
       mojoStarted(event);
       buildEventsHandler.onTestModuleSkip(request, moduleName, null);
@@ -70,10 +66,13 @@ public void mojoStarted(ExecutionEvent event) {
       MavenSession session = event.getSession();
       MavenExecutionRequest request = session.getRequest();
       MavenProject project = event.getProject();
-      String projectName = project.getName();
-      String lifecyclePhase = mojoExecution.getLifecyclePhase();
-      String moduleName = projectName + " " + lifecyclePhase;
-      String startCommand = MavenUtils.getCommandLine(session);
+      String moduleName = getUniqueModuleName(project, mojoExecution);
+
+      String outputClassesDir = project.getBuild().getOutputDirectory();
+      Collection<File> outputClassesDirs =
+          outputClassesDir != null
+              ? Collections.singleton(new File(outputClassesDir))
+              : Collections.emptyList();
 
       String executionId =
           mojoExecution.getPlugin().getArtifactId()
@@ -85,7 +84,8 @@ public void mojoStarted(ExecutionEvent event) {
           Collections.singletonMap(Tags.TEST_EXECUTION, executionId);
 
       BuildEventsHandler.ModuleInfo moduleInfo =
-          buildEventsHandler.onTestModuleStart(request, moduleName, startCommand, additionalTags);
+          buildEventsHandler.onTestModuleStart(
+              request, moduleName, outputClassesDirs, additionalTags);
 
       Xpp3Dom configuration = mojoExecution.getConfiguration();
       boolean forkTestVm =
@@ -150,10 +150,7 @@ public void mojoSucceeded(ExecutionEvent event) {
       MavenSession session = event.getSession();
       MavenExecutionRequest request = session.getRequest();
       MavenProject project = event.getProject();
-
-      String projectName = project.getName();
-      String lifecyclePhase = mojoExecution.getLifecyclePhase();
-      String moduleName = projectName + " " + lifecyclePhase;
+      String moduleName = getUniqueModuleName(project, mojoExecution);
       buildEventsHandler.onTestModuleFinish(request, moduleName);
 
       System.clearProperty(
@@ -170,11 +167,7 @@ public void mojoFailed(ExecutionEvent event) {
       MavenSession session = event.getSession();
       MavenExecutionRequest request = session.getRequest();
       MavenProject project = event.getProject();
-
-      String projectName = project.getName();
-      String lifecyclePhase = mojoExecution.getLifecyclePhase();
-      String moduleName = projectName + " " + lifecyclePhase;
-
+      String moduleName = getUniqueModuleName(project, mojoExecution);
       Exception exception = event.getException();
       buildEventsHandler.onTestModuleFail(request, moduleName, exception);
       buildEventsHandler.onTestModuleFinish(request, moduleName);
@@ -185,4 +178,12 @@ public void mojoFailed(ExecutionEvent event) {
           Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_MODULE_ID));
     }
   }
+
+  private static String getUniqueModuleName(MavenProject project, MojoExecution mojoExecution) {
+    return project.getName()
+        + " "
+        + mojoExecution.getArtifactId()
+        + " "
+        + mojoExecution.getExecutionId();
+  }
 }
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenInstrumentation.java b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenInstrumentation.java
index bd377ec290f..afd13a3617c 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenInstrumentation.java
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenInstrumentation.java
@@ -35,6 +35,7 @@ public ElementMatcher<TypeDescription> hierarchyMatcher() {
   @Override
   public String[] helperClassNames() {
     return new String[] {
+      packageName + ".MavenTestExecution",
       packageName + ".MavenUtils",
       packageName + ".MavenExecutionListener",
       packageName + ".MavenProjectConfigurator",
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenLifecycleParticipant.java b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenLifecycleParticipant.java
index 7516cd27f30..657ed2cd706 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenLifecycleParticipant.java
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenLifecycleParticipant.java
@@ -102,7 +102,7 @@ public void afterProjectsRead(MavenSession session) {
 
     List<MavenProject> projects = session.getProjects();
     ExecutorService projectConfigurationPool = createProjectConfigurationPool(projects.size());
-    Map<Path, Collection<MojoExecution>> testExecutions =
+    Map<Path, Collection<MavenTestExecution>> testExecutions =
         configureProjects(projectConfigurationPool, session, projects);
     configureTestExecutions(projectConfigurationPool, session, testExecutions);
     projectConfigurationPool.shutdown();
@@ -116,24 +116,23 @@ private static ExecutorService createProjectConfigurationPool(int projectsCount)
     return Executors.newFixedThreadPool(projectConfigurationPoolSize, threadFactory);
   }
 
-  private Map<Path, Collection<MojoExecution>> configureProjects(
+  private Map<Path, Collection<MavenTestExecution>> configureProjects(
       ExecutorService projectConfigurationPool, MavenSession session, List<MavenProject> projects) {
-    CompletionService<Map<Path, Collection<MojoExecution>>> testExecutionsCompletionService =
+    CompletionService<Collection<MavenTestExecution>> testExecutionsCompletionService =
         new ExecutorCompletionService<>(projectConfigurationPool);
     for (MavenProject project : projects) {
       testExecutionsCompletionService.submit(() -> configureProject(session, project));
     }
 
-    Map<Path, Collection<MojoExecution>> testExecutions = new HashMap<>();
+    Map<Path, Collection<MavenTestExecution>> testExecutions = new HashMap<>();
     for (int i = 0; i < projects.size(); i++) {
       try {
-        Future<Map<Path, Collection<MojoExecution>>> future =
-            testExecutionsCompletionService.take();
-        for (Map.Entry<Path, Collection<MojoExecution>> e : future.get().entrySet()) {
-          Path path = e.getKey();
-          Collection<MojoExecution> executions = e.getValue();
-          testExecutions.computeIfAbsent(path, k -> new ArrayList<>()).addAll(executions);
+        Future<Collection<MavenTestExecution>> future = testExecutionsCompletionService.take();
+        for (MavenTestExecution testExecution : future.get()) {
+          Path forkedJvmPath = testExecution.getForkedJvmPath();
+          testExecutions.computeIfAbsent(forkedJvmPath, k -> new ArrayList<>()).add(testExecution);
         }
+
       } catch (InterruptedException e) {
         Thread.currentThread().interrupt();
         LOGGER.error("Interrupted while configuring projects", e);
@@ -144,7 +143,7 @@ private Map<Path, Collection<MojoExecution>> configureProjects(
     return testExecutions;
   }
 
-  private Map<Path, Collection<MojoExecution>> configureProject(
+  private Collection<MavenTestExecution> configureProject(
       MavenSession session, MavenProject project) {
     Properties projectProperties = project.getProperties();
     String projectArgLine = projectProperties.getProperty("argLine");
@@ -160,14 +159,12 @@ private Map<Path, Collection<MojoExecution>> configureProject(
       MavenProjectConfigurator.INSTANCE.configureCompilerPlugin(project, compilerPluginVersion);
     }
 
-    MavenProjectConfigurator.INSTANCE.configureJacoco(project);
-
     return getTestExecutionsByJvmPath(session, project);
   }
 
-  private Map<Path, Collection<MojoExecution>> getTestExecutionsByJvmPath(
+  private Collection<MavenTestExecution> getTestExecutionsByJvmPath(
       MavenSession session, MavenProject project) {
-    Map<Path, Collection<MojoExecution>> testExecutions = new HashMap<>();
+    List<MavenTestExecution> testExecutions = new ArrayList<>();
     try {
       PlexusContainer container = session.getContainer();
 
@@ -180,10 +177,8 @@ private Map<Path, Collection<MojoExecution>> getTestExecutionsByJvmPath(
       MavenExecutionPlan executionPlan =
           planCalculator.calculateExecutionPlan(session, project, tasks);
 
+      boolean jacocoExecutionFound = false;
       for (MojoExecution mojoExecution : executionPlan.getMojoExecutions()) {
-        Plugin plugin = mojoExecution.getPlugin();
-        String pluginKey = plugin.getKey();
-
         if (MavenUtils.isTestExecution(mojoExecution)) {
           MojoDescriptor mojoDescriptor = mojoExecution.getMojoDescriptor();
           PluginDescriptor pluginDescriptor = mojoDescriptor.getPluginDescriptor();
@@ -194,14 +189,19 @@ private Map<Path, Collection<MojoExecution>> getTestExecutionsByJvmPath(
           String forkedJvm = getEffectiveJvm(mojo);
           Path forkedJvmPath = forkedJvm != null ? Paths.get(forkedJvm) : null;
           if (forkedJvmPath == null) {
+            Plugin plugin = mojoExecution.getPlugin();
+            String pluginKey = plugin.getKey();
             LOGGER.warn(
                 "Could not determine forked JVM path for plugin {} execution {} in project {}",
                 pluginKey,
                 mojoExecution.getExecutionId(),
                 project.getName());
           }
+          testExecutions.add(
+              new MavenTestExecution(project, mojoExecution, forkedJvmPath, jacocoExecutionFound));
 
-          testExecutions.computeIfAbsent(forkedJvmPath, k -> new ArrayList<>()).add(mojoExecution);
+        } else if (MavenUtils.isJacocoInstrumentationExecution(mojoExecution)) {
+          jacocoExecutionFound = true;
         }
       }
       return testExecutions;
@@ -261,12 +261,12 @@ private Method findGetEffectiveJvmMethod(Class<?> mojoClass) {
   private void configureTestExecutions(
       ExecutorService projectConfigurationPool,
       MavenSession session,
-      Map<Path, Collection<MojoExecution>> testExecutions) {
+      Map<Path, Collection<MavenTestExecution>> testExecutions) {
     CompletionService<Void> configurationCompletionService =
         new ExecutorCompletionService<>(projectConfigurationPool);
-    for (Map.Entry<Path, Collection<MojoExecution>> e : testExecutions.entrySet()) {
+    for (Map.Entry<Path, Collection<MavenTestExecution>> e : testExecutions.entrySet()) {
       Path jvmExecutablePath = e.getKey();
-      Collection<MojoExecution> executions = e.getValue();
+      Collection<MavenTestExecution> executions = e.getValue();
       configurationCompletionService.submit(
           () -> configureTestExecutions(session, jvmExecutablePath, executions));
     }
@@ -285,14 +285,15 @@ private void configureTestExecutions(
   }
 
   private Void configureTestExecutions(
-      MavenSession session, Path jvmExecutablePath, Collection<MojoExecution> testExecutions) {
+      MavenSession session, Path jvmExecutablePath, Collection<MavenTestExecution> testExecutions) {
     MavenExecutionRequest request = session.getRequest();
     ModuleExecutionSettings moduleExecutionSettings =
         buildEventsHandler.getModuleExecutionSettings(request, jvmExecutablePath);
 
-    for (MojoExecution testExecution : testExecutions) {
+    for (MavenTestExecution testExecution : testExecutions) {
       MavenProjectConfigurator.INSTANCE.configureTracer(
-          testExecution, moduleExecutionSettings.getSystemProperties());
+          testExecution.getExecution(), moduleExecutionSettings.getSystemProperties());
+      MavenProjectConfigurator.INSTANCE.configureJacoco(testExecution, moduleExecutionSettings);
     }
     return null;
   }
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenProjectConfigurator.java b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenProjectConfigurator.java
index 8a0a402c5a1..d68fa1f5c08 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenProjectConfigurator.java
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenProjectConfigurator.java
@@ -1,6 +1,7 @@
 package datadog.trace.instrumentation.maven3;
 
 import datadog.trace.api.Config;
+import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
 import datadog.trace.bootstrap.DatadogClassLoader;
 import datadog.trace.util.Strings;
 import java.io.File;
@@ -17,13 +18,9 @@
 import org.apache.maven.plugin.MojoExecution;
 import org.apache.maven.project.MavenProject;
 import org.codehaus.plexus.util.xml.Xpp3Dom;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 class MavenProjectConfigurator {
 
-  private static final Logger LOGGER = LoggerFactory.getLogger(MavenProjectConfigurator.class);
-
   static final MavenProjectConfigurator INSTANCE = new MavenProjectConfigurator();
 
   private static final String MAVEN_COMPILER_PLUGIN_KEY =
@@ -32,14 +29,9 @@ class MavenProjectConfigurator {
   private static final String DATADOG_GROUP_ID = "com.datadoghq";
   private static final String DATADOG_JAVAC_PLUGIN_ARTIFACT_ID = "dd-javac-plugin";
   private static final String DATADOG_JAVAC_PLUGIN_CLIENT_ARTIFACT_ID = "dd-javac-plugin-client";
-  private static final String LOMBOK_GROUP_ID = "org.projectlombok";
-  private static final String LOMBOK_ARTIFACT_ID = "lombok";
   private static final String JAVAC_COMPILER_ID = "javac";
   private static final String DATADOG_COMPILER_PLUGIN_ID = "DatadogCompilerPlugin";
 
-  private static final ComparableVersion ANNOTATION_PROCESSOR_PATHS_SUPPORTED_VERSION =
-      new ComparableVersion("3.5");
-
   private static final ComparableVersion LATE_SUBSTITUTION_SUPPORTED_VERSION =
       new ComparableVersion("2.17");
   private static final String JACOCO_EXCL_CLASS_LOADERS_PROPERTY = "jacoco.exclClassLoaders";
@@ -54,27 +46,14 @@ public void configureTracer(
       return;
     }
 
-    Plugin plugin = mojoExecution.getPlugin();
-    String pluginVersion = plugin.getVersion();
-    ComparableVersion pluginVersionParsed =
-        new ComparableVersion(pluginVersion != null ? pluginVersion : "");
-
-    String projectWideArgLine;
-    if (pluginVersionParsed.compareTo(LATE_SUBSTITUTION_SUPPORTED_VERSION) >= 0) {
-      // include project-wide argLine
-      // (it might be modified by other plugins earlier in the build cycle, e.g. by Jacoco)
-      projectWideArgLine = "@{argLine} ";
-    } else {
-      projectWideArgLine = "${argLine} ";
-    }
-    StringBuilder modifiedArgLine = new StringBuilder(projectWideArgLine);
-
+    StringBuilder modifiedArgLine = new StringBuilder();
     // propagate to child process all "dd." system properties available in current process
     for (Map.Entry<String, String> e : propagatedSystemProperties.entrySet()) {
       modifiedArgLine.append("-D").append(e.getKey()).append('=').append(e.getValue()).append(" ");
     }
 
-    Integer ciVisibilityDebugPort = Config.get().getCiVisibilityDebugPort();
+    Config config = Config.get();
+    Integer ciVisibilityDebugPort = config.getCiVisibilityDebugPort();
     if (ciVisibilityDebugPort != null) {
       modifiedArgLine
           .append("-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=")
@@ -82,24 +61,49 @@ public void configureTracer(
           .append(" ");
     }
 
-    File agentJar = Config.get().getCiVisibilityAgentJarFile();
+    String additionalArgs = config.getCiVisibilityAdditionalChildProcessJvmArgs();
+    if (additionalArgs != null) {
+      modifiedArgLine.append(additionalArgs).append(" ");
+    }
+
+    File agentJar = config.getCiVisibilityAgentJarFile();
     modifiedArgLine.append("-javaagent:").append(agentJar.toPath());
 
+    Plugin plugin = mojoExecution.getPlugin();
     Map<String, PluginExecution> pluginExecutions = plugin.getExecutionsAsMap();
     PluginExecution pluginExecution = pluginExecutions.get(mojoExecution.getExecutionId());
     Xpp3Dom executionConfiguration = (Xpp3Dom) pluginExecution.getConfiguration();
 
     String argLine = MavenUtils.getConfigurationValue(executionConfiguration, "argLine");
-    if (argLine != null) {
-      modifiedArgLine.append(" ").append(argLine);
-    }
+    boolean projectWideArgLineNeeded = argLine == null || !argLine.contains("{argLine}");
+
+    String finalArgLine =
+        (projectWideArgLineNeeded ? getReferenceToProjectWideArgLine(plugin) + " " : "")
+            + (argLine != null ? argLine + " " : "")
+            +
+            // -javaagent that injects the tracer
+            // has to be the last one,
+            // since if there are other agents
+            // we want to be able to instrument their code
+            // (namely Jacoco's)
+            modifiedArgLine;
 
     Xpp3Dom updatedExecutionConfiguration =
-        MavenUtils.setConfigurationValue(
-            modifiedArgLine.toString(), executionConfiguration, "argLine");
+        MavenUtils.setConfigurationValue(finalArgLine, executionConfiguration, "argLine");
     pluginExecution.setConfiguration(updatedExecutionConfiguration);
   }
 
+  private static String getReferenceToProjectWideArgLine(Plugin plugin) {
+    String pluginVersion = plugin.getVersion();
+    ComparableVersion pluginVersionParsed =
+        new ComparableVersion(pluginVersion != null ? pluginVersion : "");
+    if (pluginVersionParsed.compareTo(LATE_SUBSTITUTION_SUPPORTED_VERSION) >= 0) {
+      return "@{argLine} ";
+    } else {
+      return "${argLine} ";
+    }
+  }
+
   void configureCompilerPlugin(MavenProject project, String compilerPluginVersion) {
     Plugin compilerPlugin = project.getPlugin(MAVEN_COMPILER_PLUGIN_KEY);
     if (compilerPlugin == null || compilerPluginVersion == null) {
@@ -129,17 +133,10 @@ void configureCompilerPlugin(MavenProject project, String compilerPluginVersion)
       List<Dependency> projectDependencies = project.getDependencies();
       addOrUpdate(projectDependencies, javacPluginClientDependency);
 
-      ComparableVersion mavenPluginVersion =
-          new ComparableVersion(
-              compilerPlugin.getVersion() != null ? compilerPlugin.getVersion() : "");
-
-      if (mavenPluginVersion.compareTo(ANNOTATION_PROCESSOR_PATHS_SUPPORTED_VERSION) >= 0) {
-        String lombokVersion = getLombokVersion(projectDependencies);
-        if (lombokVersion != null) {
-          configuration =
-              addAnnotationProcessorPath(
-                  configuration, LOMBOK_GROUP_ID, LOMBOK_ARTIFACT_ID, lombokVersion);
-        }
+      // if <annotationProcessorPaths> section is present,
+      // we have to add the plugin in there,
+      // otherwise it's best to add it as a regular dependency
+      if (configuration != null && configuration.getChild("annotationProcessorPaths") != null) {
         configuration =
             addAnnotationProcessorPath(
                 configuration,
@@ -186,16 +183,6 @@ private static void addOrUpdate(List<Dependency> projectDependencies, Dependency
     projectDependencies.add(dependency);
   }
 
-  private String getLombokVersion(List<Dependency> dependencies) {
-    for (Dependency dependency : dependencies) {
-      if (LOMBOK_GROUP_ID.equals(dependency.getGroupId())
-          && LOMBOK_ARTIFACT_ID.equals(dependency.getArtifactId())) {
-        return dependency.getVersion();
-      }
-    }
-    return null;
-  }
-
   private static Xpp3Dom addCompilerArg(Xpp3Dom configuration, String argValue) {
     if (configuration == null) {
       configuration = new Xpp3Dom("configuration");
@@ -245,32 +232,63 @@ private static Xpp3Dom addAnnotationProcessorPath(
     return configuration;
   }
 
-  void configureJacoco(MavenProject project) {
-    Properties projectProperties = project.getProperties();
+  void configureJacoco(
+      MavenTestExecution testExecution, ModuleExecutionSettings moduleExecutionSettings) {
+    MavenProject project = testExecution.getProject();
+    excludeDatadogClassLoaderFromJacocoInstrumentation(project);
 
-    String currentValue = projectProperties.getProperty(JACOCO_EXCL_CLASS_LOADERS_PROPERTY);
-    String updatedValue =
-        Strings.isNotBlank(currentValue)
-            ? currentValue + ":" + DatadogClassLoader.class.getName()
-            : DatadogClassLoader.class.getName();
+    if (!moduleExecutionSettings.isCodeCoverageEnabled() || testExecution.isRunsWithJacoco()) {
+      return;
+    }
+
+    configureJacocoPlugin(project, moduleExecutionSettings);
+  }
 
-    projectProperties.setProperty(JACOCO_EXCL_CLASS_LOADERS_PROPERTY, updatedValue);
+  private static void excludeDatadogClassLoaderFromJacocoInstrumentation(MavenProject project) {
+    String datadogClassLoaderName = DatadogClassLoader.class.getName();
 
-    String jacocoPluginVersion = Config.get().getCiVisibilityJacocoPluginVersion();
-    if (jacocoPluginVersion != null) {
-      configureJacocoPlugin(project, jacocoPluginVersion);
+    Properties projectProperties = project.getProperties();
+    String currentValue = projectProperties.getProperty(JACOCO_EXCL_CLASS_LOADERS_PROPERTY);
+    if (Strings.isNotBlank(currentValue)) {
+      if (!currentValue.contains(datadogClassLoaderName)) {
+        projectProperties.setProperty(
+            JACOCO_EXCL_CLASS_LOADERS_PROPERTY, currentValue + ":" + datadogClassLoaderName);
+      }
+    } else {
+      projectProperties.setProperty(JACOCO_EXCL_CLASS_LOADERS_PROPERTY, datadogClassLoaderName);
     }
   }
 
-  private static void configureJacocoPlugin(MavenProject project, String jacocoPluginVersion) {
-    if (project.getPlugin("org.jacoco:jacoco-maven-plugin") != null) {
-      return; // jacoco is already configured for this project
+  private static void configureJacocoPlugin(
+      MavenProject project, ModuleExecutionSettings moduleExecutionSettings) {
+    Plugin jacocoPlugin = getJacocoPlugin(project);
+    for (PluginExecution execution : jacocoPlugin.getExecutions()) {
+      if (execution.getGoals().contains("prepare-agent")) {
+        // prepare-agent goal is already configured
+        return;
+      }
+    }
+
+    PluginExecution prepareAgentExecution = new PluginExecution();
+    prepareAgentExecution.addGoal("prepare-agent");
+    jacocoPlugin.addExecution(prepareAgentExecution);
+
+    configureJacocoInstrumentedPackages(
+        prepareAgentExecution, moduleExecutionSettings.getCoverageEnabledPackages());
+  }
+
+  private static Plugin getJacocoPlugin(MavenProject project) {
+    Plugin existingPlugin = project.getPlugin("org.jacoco:jacoco-maven-plugin");
+    if (existingPlugin != null) {
+      return existingPlugin;
     }
 
+    Config config = Config.get();
+
     Plugin jacocoPlugin = new Plugin();
     jacocoPlugin.setGroupId("org.jacoco");
     jacocoPlugin.setArtifactId("jacoco-maven-plugin");
-    jacocoPlugin.setVersion(jacocoPluginVersion);
+    jacocoPlugin.setVersion(config.getCiVisibilityJacocoPluginVersion());
 
     // a little trick to avoid triggering
     // Maven Enforcer Plugin's "Require Plugin Versions" rule:
@@ -282,51 +300,27 @@ private static void configureJacocoPlugin(MavenProject project, String jacocoPlu
     InputLocation versionLocation = new InputLocation(0, 0, versionSource);
     jacocoPlugin.setLocation("version", versionLocation);
 
-    PluginExecution execution = new PluginExecution();
-    execution.addGoal("prepare-agent");
-    jacocoPlugin.addExecution(execution);
-
-    List<String> instrumentedPackages = Config.get().getCiVisibilityJacocoPluginIncludes();
-    if (instrumentedPackages != null && !instrumentedPackages.isEmpty()) {
-      configureJacocoInstrumentedPackages(execution, instrumentedPackages);
-    } else {
-      List<String> excludedPackages = Config.get().getCiVisibilityJacocoPluginExcludes();
-      if (excludedPackages != null && !excludedPackages.isEmpty()) {
-        configureExcludedPackages(execution, excludedPackages);
-      }
-    }
-
     Build build = project.getBuild();
     build.addPlugin(jacocoPlugin);
+
+    return jacocoPlugin;
   }
 
   private static void configureJacocoInstrumentedPackages(
       PluginExecution execution, List<String> instrumentedPackages) {
     Xpp3Dom includes = new Xpp3Dom("includes");
     for (String instrumentedPackage : instrumentedPackages) {
-      Xpp3Dom include = new Xpp3Dom("include");
-      include.setValue(instrumentedPackage);
-      includes.addChild(include);
+      if (Strings.isNotBlank(instrumentedPackage)) {
+        Xpp3Dom include = new Xpp3Dom("include");
+        include.setValue(instrumentedPackage);
+        includes.addChild(include);
+      }
     }
 
-    Xpp3Dom configuration = new Xpp3Dom("configuration");
-    configuration.addChild(includes);
-
-    execution.setConfiguration(configuration);
-  }
-
-  private static void configureExcludedPackages(
-      PluginExecution execution, List<String> excludedPackages) {
-    Xpp3Dom excludes = new Xpp3Dom("excludes");
-    for (String excludedPackage : excludedPackages) {
-      Xpp3Dom exclude = new Xpp3Dom("exclude");
-      exclude.setValue(excludedPackage);
-      excludes.addChild(exclude);
+    if (includes.getChildCount() > 0) {
+      Xpp3Dom configuration = new Xpp3Dom("configuration");
+      configuration.addChild(includes);
+      execution.setConfiguration(configuration);
     }
-
-    Xpp3Dom configuration = new Xpp3Dom("configuration");
-    configuration.addChild(excludes);
-
-    execution.setConfiguration(configuration);
   }
 }
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenTestExecution.java b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenTestExecution.java
new file mode 100644
index 00000000000..2d28349bc24
--- /dev/null
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenTestExecution.java
@@ -0,0 +1,36 @@
+package datadog.trace.instrumentation.maven3;
+
+import java.nio.file.Path;
+import org.apache.maven.plugin.MojoExecution;
+import org.apache.maven.project.MavenProject;
+
+public final class MavenTestExecution {
+  private final MavenProject project;
+  private final MojoExecution execution;
+  private final Path forkedJvmPath;
+  private final boolean runsWithJacoco;
+
+  public MavenTestExecution(
+      MavenProject project, MojoExecution execution, Path forkedJvmPath, boolean runsWithJacoco) {
+    this.project = project;
+    this.execution = execution;
+    this.forkedJvmPath = forkedJvmPath;
+    this.runsWithJacoco = runsWithJacoco;
+  }
+
+  public MavenProject getProject() {
+    return project;
+  }
+
+  public MojoExecution getExecution() {
+    return execution;
+  }
+
+  public Path getForkedJvmPath() {
+    return forkedJvmPath;
+  }
+
+  public boolean isRunsWithJacoco() {
+    return runsWithJacoco;
+  }
+}
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenUtils.java b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenUtils.java
index dca27799d87..27eef717597 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenUtils.java
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/main/java/datadog/trace/instrumentation/maven3/MavenUtils.java
@@ -227,6 +227,16 @@ public static boolean isTestExecution(MojoExecution mojoExecution) {
             && ("test".equals(goal) || "plugin-test".equals(goal) || "bnd-test".equals(goal));
   }
 
+  public static boolean isJacocoInstrumentationExecution(MojoExecution mojoExecution) {
+    Plugin plugin = mojoExecution.getPlugin();
+    String artifactId = plugin.getArtifactId();
+    String groupId = plugin.getGroupId();
+    String goal = mojoExecution.getGoal();
+    return "jacoco-maven-plugin".equals(artifactId)
+        && "org.jacoco".equals(groupId)
+        && "prepare-agent".equals(goal);
+  }
+
   public static String getConfigurationValue(Xpp3Dom configuration, String... path) {
     if (configuration == null) {
       return null;
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/test/groovy/MavenTest.groovy b/dd-java-agent/instrumentation/maven-3.2.1/src/test/groovy/MavenTest.groovy
index 85380efe922..95ef82ef280 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/test/groovy/MavenTest.groovy
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/test/groovy/MavenTest.groovy
@@ -20,6 +20,7 @@ class MavenTest extends CiVisibilityTest {
 
   @Override
   void setup() {
+    System.setProperty("maven.multiModuleProjectDirectory", projectFolder.toAbsolutePath().toString())
     givenMavenProjectFiles(specificationContext.currentIteration.name)
     givenMavenDependenciesAreLoaded()
     TEST_WRITER.clear() // loading dependencies will generate a test-session span
@@ -33,7 +34,7 @@ class MavenTest extends CiVisibilityTest {
 
   def "test_maven_build_with_no_tests_generates_spans"() {
     given:
-    String[] args = ["verify"]
+    String[] args = ["-B", "verify"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -46,8 +47,8 @@ class MavenTest extends CiVisibilityTest {
       trace(1, true) {
         testSessionSpan(it, 0, CIConstants.TEST_SKIP, [:],
         "Maven Integration Tests Project",
-        "mvn verify",
-        "maven:3.2.5"
+        "mvn -B verify",
+        "maven:${expectedToolchainVersion()}"
         )
       }
     }
@@ -55,7 +56,7 @@ class MavenTest extends CiVisibilityTest {
 
   def "test_maven_build_with_incorrect_command_generates_spans"() {
     given:
-    String[] args = ["unknownPhase"]
+    String[] args = ["-B", "unknownPhase"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -68,19 +69,18 @@ class MavenTest extends CiVisibilityTest {
       trace(1, true) {
         testSessionSpan(it, 0, CIConstants.TEST_FAIL, null,
           "Maven Integration Tests Project",
-          "mvn unknownPhase",
-          "maven:3.2.5"
-          ,
-          new LifecyclePhaseNotFoundException(
-          "Unknown lifecycle phase \"unknownPhase\". You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id>[:<plugin-version>]:<goal>. Available lifecycle phases are: validate, initialize, generate-sources, process-sources, generate-resources, process-resources, compile, process-classes, generate-test-sources, process-test-sources, generate-test-resources, process-test-resources, test-compile, process-test-classes, test, prepare-package, package, pre-integration-test, integration-test, post-integration-test, verify, install, deploy, pre-clean, clean, post-clean, pre-site, site, post-site, site-deploy.",
-          "unknownPhase"))
+          "mvn -B unknownPhase",
+          "maven:${expectedToolchainVersion()}",
+          new LifecyclePhaseNotFoundException("", ""),
+          false
+          )
       }
     }
   }
 
   def "test_maven_build_with_tests_generates_spans"() {
     given:
-    String[] args = ["clean", "test"]
+    String[] args = ["-B", "clean", "test"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -93,23 +93,23 @@ class MavenTest extends CiVisibilityTest {
       trace(2, true) {
         def testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS, [:],
         "Maven Integration Tests Project",
-        "mvn clean test",
-        "maven:3.2.5"
+        "mvn -B clean test",
+        "maven:${expectedToolchainVersion()}"
         )
         testModuleSpan(it, 0, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          null, "Maven Integration Tests Project test")
+          null, "Maven Integration Tests Project maven-surefire-plugin default-test")
       }
     }
   }
 
   def "test_maven_build_with_failed_tests_generates_spans"() {
     given:
-    String[] args = ["clean", "test"]
+    String[] args = ["-B", "clean", "test"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -120,31 +120,28 @@ class MavenTest extends CiVisibilityTest {
 
     assertTraces(1) {
       trace(2, true) {
-        def testsFailedException = new LifecycleExecutionException("Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.12.4:test (default-test) on project maven-integration-test: There are test failures.\n" +
-          "\n" +
-          "Please refer to ${workingDirectory}/target/surefire-reports for the individual test results.")
-
         def testSessionId = testSessionSpan(it, 1, CIConstants.TEST_FAIL, null,
           "Maven Integration Tests Project",
-          "mvn clean test",
-          "maven:3.2.5"
-          ,
-          testsFailedException)
+          "mvn -B clean test",
+          "maven:${expectedToolchainVersion()}",
+          new LifecycleExecutionException(""),
+          false)
         testModuleSpan(it, 0, testSessionId,
           CIConstants.TEST_FAIL,
           [
-            (Tags.TEST_COMMAND)  : "mvn clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          testsFailedException,
-          "Maven Integration Tests Project test")
+          new LifecycleExecutionException(""),
+          "Maven Integration Tests Project maven-surefire-plugin default-test",
+          false)
       }
     }
   }
 
   def "test_maven_build_with_tests_in_multiple_modules_generates_spans"() {
     given:
-    String[] args = ["clean", "test"]
+    String[] args = ["-B", "clean", "test"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -155,37 +152,35 @@ class MavenTest extends CiVisibilityTest {
 
     assertTraces(1) {
       trace(3, true) {
-        def testsFailedException = new LifecycleExecutionException("Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.12.4:test (default-test) on project maven-integration-test-module-b: There are test failures.\n" +
-          "\n" +
-          "Please refer to ${workingDirectory}/module-b/target/surefire-reports for the individual test results.")
         def testSessionId = testSessionSpan(it, 2, CIConstants.TEST_FAIL, null,
           "Maven Integration Tests Project",
-          "mvn clean test",
-          "maven:3.2.5"
-          ,
-          testsFailedException)
+          "mvn -B clean test",
+          "maven:${expectedToolchainVersion()}",
+          new LifecycleExecutionException(""),
+          false)
         testModuleSpan(it, 0, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          null, "module-a test")
+          null, "module-a maven-surefire-plugin default-test")
         testModuleSpan(it, 1, testSessionId,
           CIConstants.TEST_FAIL,
           [
-            (Tags.TEST_COMMAND)  : "mvn clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          testsFailedException,
-          "module-b test")
+          new LifecycleExecutionException(""),
+          "module-b maven-surefire-plugin default-test",
+          false)
       }
     }
   }
 
   def "test_maven_build_with_tests_in_multiple_modules_run_in_parallel_generates_spans"() {
     given:
-    String[] args = ["-T4", "clean", "test"]
+    String[] args = ["-B", "-T4", "clean", "test"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -198,30 +193,30 @@ class MavenTest extends CiVisibilityTest {
       trace(3, true) {
         def testSessionId = testSessionSpan(it, 2, CIConstants.TEST_PASS, [:],
         "Maven Integration Tests Project",
-        "mvn -T4 clean test",
-        "maven:3.2.5",
+        "mvn -B -T4 clean test",
+        "maven:${expectedToolchainVersion()}"
         )
         testModuleSpan(it, 0, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn -T4 clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B -T4 clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          null, "module-a test")
+          null, "module-a maven-surefire-plugin default-test")
         testModuleSpan(it, 1, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn -T4 clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B -T4 clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          null, "module-b test")
+          null, "module-b maven-surefire-plugin default-test")
       }
     }
   }
 
   def "test_maven_build_with_unit_and_integration_tests_generates_spans"() {
     given:
-    String[] args = ["verify"]
+    String[] args = ["-B", "verify"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -234,30 +229,30 @@ class MavenTest extends CiVisibilityTest {
       trace(3, true) {
         def testSessionId = testSessionSpan(it, 2, CIConstants.TEST_PASS, [:],
         "Maven Integration Tests Project",
-        "mvn verify",
-        "maven:3.2.5"
+        "mvn -B verify",
+        "maven:${expectedToolchainVersion()}"
         )
         testModuleSpan(it, 1, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn verify",
+            (Tags.TEST_COMMAND)  : "mvn -B verify",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          null, "Maven Integration Tests Project test")
+          null, "Maven Integration Tests Project maven-surefire-plugin default-test")
         testModuleSpan(it, 0, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn verify",
+            (Tags.TEST_COMMAND)  : "mvn -B verify",
             (Tags.TEST_EXECUTION): "maven-failsafe-plugin:integration-test:default",
           ],
-          null, "Maven Integration Tests Project integration-test")
+          null, "Maven Integration Tests Project maven-failsafe-plugin default")
       }
     }
   }
 
   def "test_maven_build_with_no_fork_generates_spans"() {
     given:
-    String[] args = ["clean", "test"]
+    String[] args = ["-B", "clean", "test"]
     String workingDirectory = projectFolder.toString()
 
     when:
@@ -271,16 +266,16 @@ class MavenTest extends CiVisibilityTest {
       trace(2, true) {
         def testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS, [:],
         "Maven Integration Tests Project",
-        "mvn clean test",
-        "maven:3.2.5"
+        "mvn -B clean test",
+        "maven:${expectedToolchainVersion()}"
         )
         testModuleSpan(it, 0, testSessionId,
           CIConstants.TEST_PASS,
           [
-            (Tags.TEST_COMMAND)  : "mvn clean test",
+            (Tags.TEST_COMMAND)  : "mvn -B clean test",
             (Tags.TEST_EXECUTION): "maven-surefire-plugin:test:default-test",
           ],
-          null, "Maven Integration Tests Project test")
+          null, "Maven Integration Tests Project maven-surefire-plugin default-test")
       }
     }
   }
@@ -297,7 +292,7 @@ class MavenTest extends CiVisibilityTest {
    * before proceeding with running the build
    */
   void givenMavenDependenciesAreLoaded() {
-    String[] args = ["dependency:go-offline"]
+    String[] args = ["org.apache.maven.plugins:maven-dependency-plugin:go-offline"]
     String workingDirectory = projectFolder.toString()
     for (int attempt = 0; attempt < DEPENDENCIES_DOWNLOAD_RETRIES; attempt++) {
       def exitCode = new MavenCli().doMain(args, workingDirectory, null, null)
@@ -308,6 +303,10 @@ class MavenTest extends CiVisibilityTest {
     throw new AssertionError((Object) "Tried to download dependencies $DEPENDENCIES_DOWNLOAD_RETRIES times and failed")
   }
 
+  String expectedToolchainVersion() {
+    return MavenCli.getPackage().getImplementationVersion()
+  }
+
   @Override
   String expectedOperationPrefix() {
     return "maven"
diff --git a/dd-java-agent/instrumentation/maven-3.2.1/src/test/resources/test_maven_build_with_unit_and_integration_tests_generates_spans/pom.xml b/dd-java-agent/instrumentation/maven-3.2.1/src/test/resources/test_maven_build_with_unit_and_integration_tests_generates_spans/pom.xml
index 783a1d84cab..512573fc324 100644
--- a/dd-java-agent/instrumentation/maven-3.2.1/src/test/resources/test_maven_build_with_unit_and_integration_tests_generates_spans/pom.xml
+++ b/dd-java-agent/instrumentation/maven-3.2.1/src/test/resources/test_maven_build_with_unit_and_integration_tests_generates_spans/pom.xml
@@ -50,7 +50,6 @@
       </plugin>
       <plugin>
         <artifactId>maven-failsafe-plugin</artifactId>
-        <version>2.22.0</version>
         <executions>
           <execution>
             <goals>
diff --git a/dd-java-agent/instrumentation/mongo/common/src/main/java/datadog/trace/instrumentation/mongo/MongoDecorator.java b/dd-java-agent/instrumentation/mongo/common/src/main/java/datadog/trace/instrumentation/mongo/MongoDecorator.java
index e01865290dc..bb6c0f7d8bd 100644
--- a/dd-java-agent/instrumentation/mongo/common/src/main/java/datadog/trace/instrumentation/mongo/MongoDecorator.java
+++ b/dd-java-agent/instrumentation/mongo/common/src/main/java/datadog/trace/instrumentation/mongo/MongoDecorator.java
@@ -5,7 +5,6 @@
 import com.mongodb.connection.ConnectionId;
 import com.mongodb.connection.ServerId;
 import com.mongodb.event.CommandStartedEvent;
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
@@ -24,10 +23,7 @@ public abstract class MongoDecorator
   private static final String DB_TYPE =
       SpanNaming.instance().namingSchema().database().normalizedName("mongo");
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
   public static final UTF8BytesString OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
 
diff --git a/dd-java-agent/instrumentation/mule-4/build.gradle b/dd-java-agent/instrumentation/mule-4/build.gradle
index f08c62659ee..64554a4f87b 100644
--- a/dd-java-agent/instrumentation/mule-4/build.gradle
+++ b/dd-java-agent/instrumentation/mule-4/build.gradle
@@ -13,6 +13,8 @@ muzzle {
     module = 'mule-core'
     versions = '[,]'
     assertInverse = true
+
+    excludeDependency 'com.google.code.findbugs:jsr305' // avoid dependency issue with mule-4.5.0
   }
 
   fail {
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelFutureListenerInstrumentation.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelFutureListenerInstrumentation.java
index 7d70cfbb4c9..d2e7f2dadb3 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelFutureListenerInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelFutureListenerInstrumentation.java
@@ -56,9 +56,11 @@ public String[] helperClassNames() {
       packageName + ".server.NettyHttpServerDecorator$NettyBlockResponseFunction",
       packageName + ".server.NettyHttpServerDecorator$IgnoreBlockingExceptionHandler",
       packageName + ".server.BlockingResponseHandler",
+      packageName + ".server.BlockAllWritesHandler",
       packageName + ".server.HttpServerRequestTracingHandler",
       packageName + ".server.HttpServerResponseTracingHandler",
-      packageName + ".server.HttpServerTracingHandler"
+      packageName + ".server.HttpServerTracingHandler",
+      packageName + ".server.MaybeBlockResponseHandler",
     };
   }
 
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelPipelineAdviceUtil.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelPipelineAdviceUtil.java
index 28c16c3c90f..bcfb4349fb0 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelPipelineAdviceUtil.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelPipelineAdviceUtil.java
@@ -8,6 +8,7 @@
 import datadog.trace.instrumentation.netty38.server.HttpServerRequestTracingHandler;
 import datadog.trace.instrumentation.netty38.server.HttpServerResponseTracingHandler;
 import datadog.trace.instrumentation.netty38.server.HttpServerTracingHandler;
+import datadog.trace.instrumentation.netty38.server.MaybeBlockResponseHandler;
 import org.jboss.netty.channel.Channel;
 import org.jboss.netty.channel.ChannelHandler;
 import org.jboss.netty.channel.ChannelPipeline;
@@ -33,6 +34,8 @@ public static void wrapHandler(
       if (handler instanceof HttpServerCodec) {
         pipeline.addLast(
             HttpServerTracingHandler.class.getName(), new HttpServerTracingHandler(contextStore));
+        pipeline.addLast(
+            MaybeBlockResponseHandler.class.getName(), new MaybeBlockResponseHandler(contextStore));
       } else if (handler instanceof HttpRequestDecoder) {
         pipeline.addLast(
             HttpServerRequestTracingHandler.class.getName(),
@@ -41,6 +44,8 @@ public static void wrapHandler(
         pipeline.addLast(
             HttpServerResponseTracingHandler.class.getName(),
             new HttpServerResponseTracingHandler(contextStore));
+        pipeline.addLast(
+            MaybeBlockResponseHandler.class.getName(), new MaybeBlockResponseHandler(contextStore));
       } else
       // Client pipeline handlers
       if (handler instanceof HttpClientCodec) {
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelTraceContext.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelTraceContext.java
index b0fbe257517..51b277f958d 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelTraceContext.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/ChannelTraceContext.java
@@ -3,6 +3,7 @@
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import org.jboss.netty.handler.codec.http.HttpHeaders;
 
 public class ChannelTraceContext {
   public static class Factory implements ContextStore.Factory<ChannelTraceContext> {
@@ -18,6 +19,43 @@ public ChannelTraceContext create() {
   AgentSpan serverSpan;
   AgentSpan clientSpan;
   AgentSpan clientParentSpan;
+  HttpHeaders requestHeaders;
+  boolean analyzedResponse;
+  boolean blockedResponse;
+
+  public void reset() {
+    this.connectionContinuation = null;
+    this.serverSpan = null;
+    this.clientSpan = null;
+    this.clientParentSpan = null;
+    this.requestHeaders = null;
+    this.analyzedResponse = false;
+    this.blockedResponse = false;
+  }
+
+  public void setRequestHeaders(HttpHeaders headers) {
+    this.requestHeaders = headers;
+  }
+
+  public HttpHeaders getRequestHeaders() {
+    return requestHeaders;
+  }
+
+  public boolean isAnalyzedResponse() {
+    return analyzedResponse;
+  }
+
+  public void setAnalyzedResponse(boolean analyzedResponse) {
+    this.analyzedResponse = analyzedResponse;
+  }
+
+  public boolean isBlockedResponse() {
+    return blockedResponse;
+  }
+
+  public void setBlockedResponse(boolean blockedResponse) {
+    this.blockedResponse = blockedResponse;
+  }
 
   public AgentScope.Continuation getConnectionContinuation() {
     return connectionContinuation;
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/NettyChannelPipelineInstrumentation.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/NettyChannelPipelineInstrumentation.java
index fe8875acb03..ec798b02d47 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/NettyChannelPipelineInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/NettyChannelPipelineInstrumentation.java
@@ -62,9 +62,11 @@ public String[] helperClassNames() {
       packageName + ".server.NettyHttpServerDecorator$NettyBlockResponseFunction",
       packageName + ".server.NettyHttpServerDecorator$IgnoreBlockingExceptionHandler",
       packageName + ".server.BlockingResponseHandler",
+      packageName + ".server.BlockAllWritesHandler",
       packageName + ".server.HttpServerRequestTracingHandler",
       packageName + ".server.HttpServerResponseTracingHandler",
-      packageName + ".server.HttpServerTracingHandler"
+      packageName + ".server.HttpServerTracingHandler",
+      packageName + ".server.MaybeBlockResponseHandler",
     };
   }
 
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockAllWritesHandler.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockAllWritesHandler.java
new file mode 100644
index 00000000000..972db5976e4
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockAllWritesHandler.java
@@ -0,0 +1,26 @@
+package datadog.trace.instrumentation.netty38.server;
+
+import org.jboss.netty.channel.ChannelDownstreamHandler;
+import org.jboss.netty.channel.ChannelHandlerContext;
+import org.jboss.netty.channel.MessageEvent;
+import org.jboss.netty.channel.SimpleChannelDownstreamHandler;
+import org.jboss.netty.handler.codec.http.HttpResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class BlockAllWritesHandler extends SimpleChannelDownstreamHandler {
+  public static final ChannelDownstreamHandler INSTANCE = new BlockAllWritesHandler();
+  private static final Logger log = LoggerFactory.getLogger(BlockAllWritesHandler.class);
+
+  private BlockAllWritesHandler() {}
+
+  @Override
+  public void writeRequested(ChannelHandlerContext ctx, MessageEvent e) {
+    if (e.getMessage() instanceof HttpResponse) {
+      log.debug("Blocking write of {}", e);
+      e.getFuture().setSuccess();
+    } else {
+      ctx.sendDownstream(e);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockingResponseHandler.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockingResponseHandler.java
index df22dec4f85..7cc148e3117 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockingResponseHandler.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/BlockingResponseHandler.java
@@ -4,10 +4,13 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import java.util.Map;
+import java.util.NoSuchElementException;
 import org.jboss.netty.buffer.ChannelBuffer;
 import org.jboss.netty.buffer.ChannelBuffers;
+import org.jboss.netty.channel.ChannelFuture;
 import org.jboss.netty.channel.ChannelHandlerContext;
 import org.jboss.netty.channel.Channels;
 import org.jboss.netty.channel.MessageEvent;
@@ -20,6 +23,7 @@
 import org.slf4j.LoggerFactory;
 
 public class BlockingResponseHandler extends SimpleChannelUpstreamHandler {
+  private final TraceSegment segment;
   private final int statusCode;
   private final BlockingContentType bct;
   private final Map<String, String> extraHeaders;
@@ -30,14 +34,18 @@ public class BlockingResponseHandler extends SimpleChannelUpstreamHandler {
   private boolean hasBlockedAlready;
 
   public BlockingResponseHandler(
-      int statusCode, BlockingContentType bct, Map<String, String> extraHeaders) {
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType bct,
+      Map<String, String> extraHeaders) {
+    this.segment = segment;
     this.statusCode = statusCode;
     this.bct = bct;
     this.extraHeaders = extraHeaders;
   }
 
-  public BlockingResponseHandler(Flow.Action.RequestBlockingAction rba) {
-    this(rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+  public BlockingResponseHandler(TraceSegment segment, Flow.Action.RequestBlockingAction rba) {
+    this(segment, rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
   }
 
   @Override
@@ -52,25 +60,39 @@ public void messageReceived(ChannelHandlerContext ctx, MessageEvent e) throws Ex
       return;
     }
 
-    // the http encoder may be placed after the decoder (and therefore this handler),
-    // so when sending the downstream message, we may not reach the encoder as the message
-    // is processed starting in the current point of the pipeline, not from the globally last
-    // handler
-    ChannelHandlerContext ctxForDownstream =
-        ctx.getPipeline().getContext(HttpServerResponseTracingHandler.class);
-    if (ctxForDownstream == null) {
-      ctxForDownstream = ctx.getPipeline().getContext(HttpServerTracingHandler.class);
-    }
-
-    if (ctxForDownstream == null) {
+    // the usual disposition of the pipeline is:
+    // ...
+    // (1) BlockingResponseHandler (upstream, this handler)
+    // (2) HttpServerResponseTracingHandler / HttpServerTracingHandler (downstream / duplex)
+    // (3) MaybeBlockResponseHandler (downstream)
+    // ...
+    // when writing our blocking response, we want (2) to analyze it to report
+    // the status code, etc., but we need not run MaybeBlockResponseHandler
+    // because response blocking on a blocking response is not supported.
+    // We add a handler after (3) blocking all further writes, in case something
+    // tries to write after we've written the blocking response
+    ChannelHandlerContext ctxForDownstream = null;
+    try {
+      ctx.getPipeline()
+          .addAfter(
+              MaybeBlockResponseHandler.class.getName(),
+              "block_all_writes",
+              BlockAllWritesHandler.INSTANCE);
+      // write will start AFTER the referenced handler. It will start in (2)
+      ctxForDownstream = ctx.getPipeline().getContext(MaybeBlockResponseHandler.class.getName());
+    } catch (NoSuchElementException nse) {
       if (HAS_WARNED) {
         log.debug(
-            "Unable to block because HttpServerResponseTracingHandler was not found on the pipeline");
+            "Unable to block because MaybeBlockResponseHandler was not found on the pipeline");
       } else {
-        log.warn(
-            "Unable to block because HttpServerResponseTracingHandler was not found on the pipeline");
+        log.warn("Unable to block because MaybeBlockResponseHandler was not found on the pipeline");
         HAS_WARNED = true;
       }
+    } catch (IllegalArgumentException iae) {
+      // already added
+    }
+
+    if (ctxForDownstream == null) {
       ctx.sendUpstream(e);
       return;
     }
@@ -102,17 +124,19 @@ public void messageReceived(ChannelHandlerContext ctx, MessageEvent e) throws Ex
     }
 
     this.hasBlockedAlready = true;
-
-    Channels.write(ctxForDownstream.getChannel(), response)
-        .addListener(
-            fut -> {
-              if (!fut.isSuccess()) {
-                log.warn("Write of blocking response failed", fut.getCause());
-              }
-              // close the connection because it can be in an invalid state at this point
-              // For instance, in a POST request we will still be receiving data from the
-              // client
-              fut.getChannel().close();
-            });
+    segment.effectivelyBlocked();
+
+    ChannelFuture future = Channels.future(ctx.getChannel());
+    future.addListener(
+        fut -> {
+          if (!fut.isSuccess()) {
+            log.warn("Write of blocking response failed", fut.getCause());
+          }
+          // close the connection because it can be in an invalid state at this point
+          // For instance, in a POST request we will still be receiving data from the
+          // client
+          fut.getChannel().close();
+        });
+    Channels.write(ctxForDownstream, future, response);
   }
 }
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerRequestTracingHandler.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerRequestTracingHandler.java
index fdce46eb8db..57bc287eee1 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerRequestTracingHandler.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerRequestTracingHandler.java
@@ -26,8 +26,7 @@ public HttpServerRequestTracingHandler(
   }
 
   @Override
-  public void messageReceived(final ChannelHandlerContext ctx, final MessageEvent msg)
-      throws Exception {
+  public void messageReceived(final ChannelHandlerContext ctx, final MessageEvent msg) {
     final ChannelTraceContext channelTraceContext =
         contextStore.putIfAbsent(ctx.getChannel(), ChannelTraceContext.Factory.INSTANCE);
 
@@ -49,6 +48,9 @@ public void messageReceived(final ChannelHandlerContext ctx, final MessageEvent
     final Context.Extracted context = DECORATE.extract(headers);
     final AgentSpan span = DECORATE.startSpan(headers, context);
 
+    channelTraceContext.reset();
+    channelTraceContext.setRequestHeaders(headers);
+
     try (final AgentScope scope = activateSpan(span)) {
       DECORATE.afterStart(span);
       DECORATE.onRequest(span, ctx.getChannel(), request, context);
@@ -59,9 +61,11 @@ public void messageReceived(final ChannelHandlerContext ctx, final MessageEvent
 
       Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
       if (rba != null) {
-        span.getRequestContext().getTraceSegment().effectivelyBlocked();
         ctx.getPipeline()
-            .addAfter(ctx.getName(), "blocking_handler", new BlockingResponseHandler(rba));
+            .addAfter(
+                ctx.getName(),
+                "blocking_handler",
+                new BlockingResponseHandler(span.getRequestContext().getTraceSegment(), rba));
       }
 
       try {
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerResponseTracingHandler.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerResponseTracingHandler.java
index 811d73b5f30..78762a88104 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerResponseTracingHandler.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/HttpServerResponseTracingHandler.java
@@ -24,8 +24,7 @@ public HttpServerResponseTracingHandler(
   }
 
   @Override
-  public void writeRequested(final ChannelHandlerContext ctx, final MessageEvent msg)
-      throws Exception {
+  public void writeRequested(final ChannelHandlerContext ctx, final MessageEvent msg) {
     final ChannelTraceContext channelTraceContext =
         contextStore.putIfAbsent(ctx.getChannel(), ChannelTraceContext.Factory.INSTANCE);
 
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/MaybeBlockResponseHandler.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/MaybeBlockResponseHandler.java
new file mode 100644
index 00000000000..7511cff8c56
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/MaybeBlockResponseHandler.java
@@ -0,0 +1,123 @@
+package datadog.trace.instrumentation.netty38.server;
+
+import static datadog.trace.instrumentation.netty38.server.NettyHttpServerDecorator.DECORATE;
+import static datadog.trace.instrumentation.netty38.server.NettyHttpServerDecorator.NettyBlockResponseFunction.log;
+import static org.jboss.netty.handler.codec.http.HttpHeaders.setContentLength;
+
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.netty38.ChannelTraceContext;
+import java.util.Map;
+import org.jboss.netty.buffer.ChannelBuffer;
+import org.jboss.netty.buffer.ChannelBuffers;
+import org.jboss.netty.channel.Channel;
+import org.jboss.netty.channel.ChannelFuture;
+import org.jboss.netty.channel.ChannelHandlerContext;
+import org.jboss.netty.channel.Channels;
+import org.jboss.netty.channel.MessageEvent;
+import org.jboss.netty.channel.SimpleChannelDownstreamHandler;
+import org.jboss.netty.handler.codec.http.DefaultHttpResponse;
+import org.jboss.netty.handler.codec.http.HttpHeaders;
+import org.jboss.netty.handler.codec.http.HttpResponse;
+import org.jboss.netty.handler.codec.http.HttpResponseStatus;
+
+public class MaybeBlockResponseHandler extends SimpleChannelDownstreamHandler {
+  private final ContextStore<Channel, ChannelTraceContext> contextStore;
+
+  public MaybeBlockResponseHandler(final ContextStore<Channel, ChannelTraceContext> contextStore) {
+    this.contextStore = contextStore;
+  }
+
+  @Override
+  public void writeRequested(ChannelHandlerContext ctx, MessageEvent msg) throws Exception {
+    final ChannelTraceContext channelTraceContext =
+        contextStore.putIfAbsent(ctx.getChannel(), ChannelTraceContext.Factory.INSTANCE);
+
+    AgentSpan span = channelTraceContext.getServerSpan();
+    RequestContext requestContext;
+    if (span == null
+        || (requestContext = span.getRequestContext()) == null
+        || requestContext.getData(RequestContextSlot.APPSEC) == null) {
+      ctx.sendDownstream(msg);
+      return;
+    }
+
+    if (channelTraceContext.isAnalyzedResponse()) {
+      if (channelTraceContext.isBlockedResponse()) {
+        // block further writes
+      } else {
+        ctx.sendDownstream(msg);
+      }
+      return;
+    }
+
+    if (!(msg.getMessage() instanceof HttpResponse)) {
+      ctx.sendDownstream(msg);
+      return;
+    }
+
+    HttpResponse origResponse = (HttpResponse) msg.getMessage();
+    if (origResponse.getStatus() == HttpResponseStatus.CONTINUE) {
+      ctx.sendDownstream(msg);
+      return;
+    }
+
+    Flow<Void> flow =
+        DECORATE.callIGCallbackResponseAndHeaders(
+            span, origResponse, origResponse.getStatus().getCode(), ResponseExtractAdapter.GETTER);
+    channelTraceContext.setAnalyzedResponse(true);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      ctx.sendDownstream(msg);
+      return;
+    }
+
+    channelTraceContext.setBlockedResponse(true);
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    int httpCode = BlockingActionHelper.getHttpCode(rba.getStatusCode());
+    HttpResponseStatus httpResponseStatus = HttpResponseStatus.valueOf(httpCode);
+    DefaultHttpResponse response =
+        new DefaultHttpResponse(origResponse.getProtocolVersion(), httpResponseStatus);
+
+    HttpHeaders headers = response.headers();
+    headers.set("Connection", "close");
+
+    for (Map.Entry<String, String> h : rba.getExtraHeaders().entrySet()) {
+      headers.set(h.getKey(), h.getValue());
+    }
+
+    response.setChunked(false);
+    BlockingContentType bct = rba.getBlockingContentType();
+    if (bct != BlockingContentType.NONE) {
+      String acceptHeader = channelTraceContext.getRequestHeaders().get("accept");
+      BlockingActionHelper.TemplateType type =
+          BlockingActionHelper.determineTemplateType(bct, acceptHeader);
+      headers.set("Content-type", BlockingActionHelper.getContentType(type));
+      byte[] template = BlockingActionHelper.getTemplate(type);
+      setContentLength(response, template.length);
+      ChannelBuffer buf = ChannelBuffers.wrappedBuffer(template);
+      response.setContent(buf);
+    }
+
+    ChannelFuture future = Channels.future(ctx.getChannel());
+    future.addListener(
+        fut -> {
+          if (!fut.isSuccess()) {
+            log.warn("Write of blocking response failed", fut.getCause());
+          }
+          // close the connection because it can be in an invalid state at this point
+          // For instance, in a POST request we will still be receiving data from the
+          // client
+          fut.getChannel().close();
+        });
+
+    requestContext.getTraceSegment().effectivelyBlocked();
+
+    Channels.write(ctx, future, response);
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/NettyHttpServerDecorator.java b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/NettyHttpServerDecorator.java
index 1bb3b19ee79..51f876cffb5 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/NettyHttpServerDecorator.java
+++ b/dd-java-agent/instrumentation/netty-3.8/src/main/java/datadog/trace/instrumentation/netty38/server/NettyHttpServerDecorator.java
@@ -5,6 +5,7 @@
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.appsec.api.blocking.BlockingException;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.ContextVisitors;
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
@@ -106,6 +107,11 @@ protected int status(final HttpResponse httpResponse) {
     return httpResponse.getStatus().getCode();
   }
 
+  @Override
+  protected boolean isAppSecOnResponseSeparate() {
+    return true;
+  }
+
   @Override
   protected BlockResponseFunction createBlockResponseFunction(
       HttpRequest httpRequest, Channel channel) {
@@ -124,7 +130,10 @@ public NettyBlockResponseFunction(ChannelPipeline pipeline, HttpRequest httpRequ
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType templateType,
+        Map<String, String> extraHeaders) {
       ChannelHandler handlerBefore = pipeline.get(HttpServerTracingHandler.class);
       if (handlerBefore == null) {
         handlerBefore = pipeline.get(HttpServerRequestTracingHandler.class);
@@ -139,7 +148,7 @@ public boolean tryCommitBlockingResponse(
         pipeline.addAfter(
             handlerBefore.getClass().getName(),
             "blocking_handler",
-            new BlockingResponseHandler(statusCode, templateType, extraHeaders));
+            new BlockingResponseHandler(segment, statusCode, templateType, extraHeaders));
         pipeline.addBefore(
             "blocking_handler", "before_blocking_handler", new SimpleChannelUpstreamHandler());
       } catch (RuntimeException rte) {
@@ -166,6 +175,7 @@ public static class IgnoreBlockingExceptionHandler extends SimpleChannelUpstream
     public void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception {
       if ((e.getCause() instanceof BlockingException)) {
         NettyBlockResponseFunction.log.info("Suppressing handling of BlockingException");
+        e.getFuture().setSuccess();
       } else {
         super.exceptionCaught(ctx, e);
       }
diff --git a/dd-java-agent/instrumentation/netty-3.8/src/test/groovy/datadog/trace/instrumentation/netty38/Netty38ServerTest.groovy b/dd-java-agent/instrumentation/netty-3.8/src/test/groovy/datadog/trace/instrumentation/netty38/Netty38ServerTest.groovy
index 3bc6f11c12a..820df9c7d46 100644
--- a/dd-java-agent/instrumentation/netty-3.8/src/test/groovy/datadog/trace/instrumentation/netty38/Netty38ServerTest.groovy
+++ b/dd-java-agent/instrumentation/netty-3.8/src/test/groovy/datadog/trace/instrumentation/netty38/Netty38ServerTest.groovy
@@ -199,11 +199,21 @@ abstract class Netty38ServerTest extends HttpServerTest<ServerBootstrap> {
     component()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testBlocking() {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   @Ignore("https://github.com/DataDog/dd-trace-java/pull/5213")
   @Override
   boolean testBadUrl() {
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/AttributeKeys.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/AttributeKeys.java
index 1b17ac9da4b..eff307e153e 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/AttributeKeys.java
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/AttributeKeys.java
@@ -5,6 +5,7 @@
 import datadog.trace.api.GenericClassValue;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.netty.handler.codec.http.HttpHeaders;
 import io.netty.util.AttributeKey;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -23,6 +24,15 @@ public final class AttributeKeys {
       CONNECT_PARENT_CONTINUATION_ATTRIBUTE_KEY =
           attributeKey("datadog.connect.parent.continuation");
 
+  public static final AttributeKey<HttpHeaders> REQUEST_HEADERS_ATTRIBUTE_KEY =
+      attributeKey("datadog.server.request.headers");
+
+  public static final AttributeKey<Boolean> ANALYZED_RESPONSE_KEY =
+      new AttributeKey<>("datadog.server.analyzed_response");
+
+  public static final AttributeKey<Boolean> BLOCKED_RESPONSE_KEY =
+      new AttributeKey<>("datadog.server.blocked_response");
+
   /**
    * Generate an attribute key or reuse the one existing in the global app map. This implementation
    * creates attributes only once even if the current class is loaded by several class loaders and
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/NettyChannelPipelineInstrumentation.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/NettyChannelPipelineInstrumentation.java
index 58022fc7f4c..684eb82bb05 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/NettyChannelPipelineInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/NettyChannelPipelineInstrumentation.java
@@ -19,6 +19,7 @@
 import datadog.trace.instrumentation.netty40.server.HttpServerRequestTracingHandler;
 import datadog.trace.instrumentation.netty40.server.HttpServerResponseTracingHandler;
 import datadog.trace.instrumentation.netty40.server.HttpServerTracingHandler;
+import datadog.trace.instrumentation.netty40.server.MaybeBlockResponseHandler;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPipeline;
@@ -72,7 +73,8 @@ public String[] helperClassNames() {
       packageName + ".server.BlockingResponseHandler$IgnoreAllWritesHandler",
       packageName + ".server.HttpServerRequestTracingHandler",
       packageName + ".server.HttpServerResponseTracingHandler",
-      packageName + ".server.HttpServerTracingHandler"
+      packageName + ".server.HttpServerTracingHandler",
+      packageName + ".server.MaybeBlockResponseHandler",
     };
   }
 
@@ -133,13 +135,16 @@ public static void addHandler(
 
       try {
         ChannelHandler toAdd = null;
+        ChannelHandler toAdd2 = null;
         // Server pipeline handlers
         if (handler instanceof HttpServerCodec) {
           toAdd = new HttpServerTracingHandler();
+          toAdd2 = MaybeBlockResponseHandler.INSTANCE;
         } else if (handler instanceof HttpRequestDecoder) {
           toAdd = HttpServerRequestTracingHandler.INSTANCE;
         } else if (handler instanceof HttpResponseEncoder) {
           toAdd = HttpServerResponseTracingHandler.INSTANCE;
+          toAdd2 = MaybeBlockResponseHandler.INSTANCE;
         } else
         // Client pipeline handlers
         if (handler instanceof HttpClientCodec) {
@@ -159,6 +164,13 @@ public static void addHandler(
               pipeline.remove(existing);
             }
             pipeline.addAfter(handlerName, toAdd.getClass().getName(), toAdd);
+            if (toAdd2 != null) {
+              ChannelHandler existing2 = pipeline.get(toAdd2.getClass());
+              if (existing2 != null) {
+                pipeline.remove(existing2);
+              }
+              pipeline.addAfter(toAdd.getClass().getName(), toAdd2.getClass().getName(), toAdd2);
+            }
           }
         }
       } catch (final IllegalArgumentException e) {
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/client/HttpClientResponseTracingHandler.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/client/HttpClientResponseTracingHandler.java
index fa404223f55..83eff66dae6 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/client/HttpClientResponseTracingHandler.java
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/client/HttpClientResponseTracingHandler.java
@@ -64,4 +64,23 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws E
       super.exceptionCaught(ctx, cause);
     }
   }
+
+  @Override
+  public void channelInactive(ChannelHandlerContext ctx) throws Exception {
+    final Attribute<AgentSpan> parentAttr = ctx.channel().attr(CLIENT_PARENT_ATTRIBUTE_KEY);
+    parentAttr.setIfAbsent(noopSpan());
+    final AgentSpan parent = parentAttr.get();
+    final AgentSpan span = ctx.channel().attr(SPAN_ATTRIBUTE_KEY).getAndSet(parent);
+    if (span != null) {
+      try (final AgentScope scope = activateSpan(span)) {
+        DECORATE.beforeFinish(span);
+        span.finish();
+      }
+    }
+    // We want the callback in the scope of the parent, not the client span
+    try (final AgentScope scope = activateSpan(parent)) {
+      scope.setAsyncPropagation(true);
+      super.channelInactive(ctx);
+    }
+  }
 }
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/BlockingResponseHandler.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/BlockingResponseHandler.java
index f19eccbfcb4..32042ff464a 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/BlockingResponseHandler.java
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/BlockingResponseHandler.java
@@ -4,6 +4,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
@@ -27,18 +28,23 @@ public class BlockingResponseHandler extends ChannelInboundHandlerAdapter {
   private final int statusCode;
   private final BlockingContentType bct;
   private final Map<String, String> extraHeaders;
+  private final TraceSegment segment;
 
   private boolean hasBlockedAlready;
 
   public BlockingResponseHandler(
-      int statusCode, BlockingContentType bct, Map<String, String> extraHeaders) {
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType bct,
+      Map<String, String> extraHeaders) {
+    this.segment = segment;
     this.statusCode = statusCode;
     this.bct = bct;
     this.extraHeaders = extraHeaders;
   }
 
-  public BlockingResponseHandler(Flow.Action.RequestBlockingAction rba) {
-    this(rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+  public BlockingResponseHandler(TraceSegment segment, Flow.Action.RequestBlockingAction rba) {
+    this(segment, rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
   }
 
   @Override
@@ -114,6 +120,9 @@ public void channelRead(final ChannelHandlerContext ctx, final Object msg) {
                 "ignore_all_writes_handler",
                 IgnoreAllWritesHandler.INSTANCE)
             .context("ignore_all_writes_handler");
+
+    segment.effectivelyBlocked();
+
     ctxForDownstream
         .writeAndFlush(response)
         .addListener(
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/HttpServerRequestTracingHandler.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/HttpServerRequestTracingHandler.java
index f66b0ebbbfe..7ccda7b4dfe 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/HttpServerRequestTracingHandler.java
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/HttpServerRequestTracingHandler.java
@@ -1,6 +1,9 @@
 package datadog.trace.instrumentation.netty40.server;
 
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.netty40.AttributeKeys.ANALYZED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty40.AttributeKeys.BLOCKED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty40.AttributeKeys.REQUEST_HEADERS_ATTRIBUTE_KEY;
 import static datadog.trace.instrumentation.netty40.AttributeKeys.SPAN_ATTRIBUTE_KEY;
 import static datadog.trace.instrumentation.netty40.server.NettyHttpServerDecorator.DECORATE;
 
@@ -8,6 +11,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context;
+import io.netty.channel.Channel;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
@@ -21,8 +25,9 @@ public class HttpServerRequestTracingHandler extends ChannelInboundHandlerAdapte
   @Override
   public void channelRead(final ChannelHandlerContext ctx, final Object msg) {
 
+    Channel channel = ctx.channel();
     if (!(msg instanceof HttpRequest)) {
-      final AgentSpan span = ctx.channel().attr(SPAN_ATTRIBUTE_KEY).get();
+      final AgentSpan span = channel.attr(SPAN_ATTRIBUTE_KEY).get();
       if (span == null) {
         ctx.fireChannelRead(msg); // superclass does not throw
       } else {
@@ -41,16 +46,23 @@ public void channelRead(final ChannelHandlerContext ctx, final Object msg) {
 
     try (final AgentScope scope = activateSpan(span)) {
       DECORATE.afterStart(span);
-      DECORATE.onRequest(span, ctx.channel(), request, extractedContext);
+      DECORATE.onRequest(span, channel, request, extractedContext);
 
       scope.setAsyncPropagation(true);
 
-      ctx.channel().attr(SPAN_ATTRIBUTE_KEY).set(span);
+      channel.attr(ANALYZED_RESPONSE_KEY).set(null);
+      channel.attr(BLOCKED_RESPONSE_KEY).set(null);
+
+      channel.attr(SPAN_ATTRIBUTE_KEY).set(span);
+      channel.attr(REQUEST_HEADERS_ATTRIBUTE_KEY).set(request.headers());
 
       Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
       if (rba != null) {
-        span.getRequestContext().getTraceSegment().effectivelyBlocked();
-        ctx.pipeline().addAfter(ctx.name(), "blocking_handler", new BlockingResponseHandler(rba));
+        ctx.pipeline()
+            .addAfter(
+                ctx.name(),
+                "blocking_handler",
+                new BlockingResponseHandler(span.getRequestContext().getTraceSegment(), rba));
       }
 
       try {
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/MaybeBlockResponseHandler.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/MaybeBlockResponseHandler.java
new file mode 100644
index 00000000000..6e3ec443840
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/MaybeBlockResponseHandler.java
@@ -0,0 +1,139 @@
+package datadog.trace.instrumentation.netty40.server;
+
+import static datadog.trace.instrumentation.netty40.AttributeKeys.ANALYZED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty40.AttributeKeys.BLOCKED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty40.AttributeKeys.REQUEST_HEADERS_ATTRIBUTE_KEY;
+import static datadog.trace.instrumentation.netty40.AttributeKeys.SPAN_ATTRIBUTE_KEY;
+import static datadog.trace.instrumentation.netty40.server.NettyHttpServerDecorator.DECORATE;
+import static io.netty.handler.codec.http.HttpHeaders.setContentLength;
+
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.netty.channel.Channel;
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelOutboundHandler;
+import io.netty.channel.ChannelOutboundHandlerAdapter;
+import io.netty.channel.ChannelPromise;
+import io.netty.handler.codec.http.DefaultFullHttpResponse;
+import io.netty.handler.codec.http.FullHttpResponse;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import io.netty.util.ReferenceCountUtil;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@ChannelHandler.Sharable
+public class MaybeBlockResponseHandler extends ChannelOutboundHandlerAdapter {
+  public static final ChannelOutboundHandler INSTANCE = new MaybeBlockResponseHandler();
+  public static final Logger log = LoggerFactory.getLogger(MaybeBlockResponseHandler.class);
+
+  private MaybeBlockResponseHandler() {}
+
+  private static boolean isAnalyzedResponse(Channel ch) {
+    return ch.attr(ANALYZED_RESPONSE_KEY).get() != null;
+  }
+
+  private static void markAnalyzedResponse(Channel ch) {
+    ch.attr(ANALYZED_RESPONSE_KEY).set(Boolean.TRUE);
+  }
+
+  private static boolean isBlockedResponse(Channel ch) {
+    return ch.attr(BLOCKED_RESPONSE_KEY).get() != null;
+  }
+
+  private static void markBlockedResponse(Channel ch) {
+    ch.attr(BLOCKED_RESPONSE_KEY).set(Boolean.TRUE);
+  }
+
+  @Override
+  public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise prm) throws Exception {
+    Channel channel = ctx.channel();
+
+    AgentSpan span = channel.attr(SPAN_ATTRIBUTE_KEY).get();
+    RequestContext requestContext;
+    if (span == null
+        || (requestContext = span.getRequestContext()) == null
+        || requestContext.getData(RequestContextSlot.APPSEC) == null) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+
+    if (isAnalyzedResponse(channel)) {
+      if (isBlockedResponse(channel)) {
+        // block further writes
+        log.debug("Write suppressed, msg {} dropped", msg);
+        ReferenceCountUtil.release(msg);
+      } else {
+        super.write(ctx, msg, prm);
+      }
+      return;
+    }
+
+    if (!(msg instanceof HttpResponse)) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+    HttpResponse origResponse = (HttpResponse) msg;
+    if (origResponse.getStatus().code() == HttpResponseStatus.CONTINUE.code()) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+
+    Flow<Void> flow =
+        DECORATE.callIGCallbackResponseAndHeaders(
+            span, origResponse, origResponse.getStatus().code(), ResponseExtractAdapter.GETTER);
+    markAnalyzedResponse(channel);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+
+    markBlockedResponse(channel);
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    int httpCode = BlockingActionHelper.getHttpCode(rba.getStatusCode());
+    HttpResponseStatus httpResponseStatus = HttpResponseStatus.valueOf(httpCode);
+    FullHttpResponse response =
+        new DefaultFullHttpResponse(origResponse.getProtocolVersion(), httpResponseStatus);
+    ReferenceCountUtil.release(msg);
+
+    HttpHeaders headers = response.headers();
+    headers.set("Connection", "close");
+
+    for (Map.Entry<String, String> h : rba.getExtraHeaders().entrySet()) {
+      headers.set(h.getKey(), h.getValue());
+    }
+
+    BlockingContentType bct = rba.getBlockingContentType();
+    if (bct != BlockingContentType.NONE) {
+      HttpHeaders reqHeaders = ctx.attr(REQUEST_HEADERS_ATTRIBUTE_KEY).get();
+      String acceptHeader = reqHeaders != null ? reqHeaders.get("accept") : null;
+      BlockingActionHelper.TemplateType type =
+          BlockingActionHelper.determineTemplateType(bct, acceptHeader);
+      headers.set("Content-type", BlockingActionHelper.getContentType(type));
+      byte[] template = BlockingActionHelper.getTemplate(type);
+      setContentLength(response, template.length);
+      response.content().writeBytes(template);
+    }
+
+    requestContext.getTraceSegment().effectivelyBlocked();
+    log.debug("About to write and flush blocking response {}", response);
+    ctx.writeAndFlush(response, prm)
+        .addListener(
+            fut -> {
+              if (!fut.isSuccess()) {
+                log.warn("Write of blocking response failed", fut.cause());
+              } else {
+                log.debug("Write of blocking response succeeded");
+              }
+              channel.close();
+            });
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/NettyHttpServerDecorator.java b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/NettyHttpServerDecorator.java
index 02314124c0f..0fce7fe28b9 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/NettyHttpServerDecorator.java
+++ b/dd-java-agent/instrumentation/netty-4.0/src/main/java/datadog/trace/instrumentation/netty40/server/NettyHttpServerDecorator.java
@@ -4,6 +4,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.ContextVisitors;
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
@@ -102,6 +103,11 @@ protected int status(final HttpResponse httpResponse) {
     return httpResponse.getStatus().code();
   }
 
+  @Override
+  protected boolean isAppSecOnResponseSeparate() {
+    return true;
+  }
+
   @Override
   protected BlockResponseFunction createBlockResponseFunction(
       HttpRequest httpRequest, Channel channel) {
@@ -120,7 +126,10 @@ public NettyBlockResponseFunction(ChannelPipeline pipeline, HttpRequest httpRequ
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType templateType,
+        Map<String, String> extraHeaders) {
       ChannelHandler handlerBefore = pipeline.get(HttpServerTracingHandler.class);
       if (handlerBefore == null) {
         handlerBefore = pipeline.get(HttpServerRequestTracingHandler.class);
@@ -136,7 +145,7 @@ public boolean tryCommitBlockingResponse(
             .addAfter(
                 handlerBefore.getClass().getName(),
                 "blocking_handler",
-                new BlockingResponseHandler(statusCode, templateType, extraHeaders))
+                new BlockingResponseHandler(segment, statusCode, templateType, extraHeaders))
             .addBefore(
                 "blocking_handler", "before_blocking_handler", new ChannelInboundHandlerAdapter());
       } catch (RuntimeException rte) {
diff --git a/dd-java-agent/instrumentation/netty-4.0/src/test/groovy/Netty40ServerTest.groovy b/dd-java-agent/instrumentation/netty-4.0/src/test/groovy/Netty40ServerTest.groovy
index 069dd167ccd..d478bfe4ea3 100644
--- a/dd-java-agent/instrumentation/netty-4.0/src/test/groovy/Netty40ServerTest.groovy
+++ b/dd-java-agent/instrumentation/netty-4.0/src/test/groovy/Netty40ServerTest.groovy
@@ -1,20 +1,3 @@
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.USER_BLOCK
-import static io.netty.handler.codec.http.HttpHeaders.Names.CONTENT_LENGTH
-import static io.netty.handler.codec.http.HttpHeaders.Names.CONTENT_TYPE
-import static io.netty.handler.codec.http.HttpHeaders.is100ContinueExpected
-import static io.netty.handler.codec.http.HttpResponseStatus.CONTINUE
-import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR
-import static io.netty.handler.codec.http.HttpVersion.HTTP_1_1
-
 import datadog.appsec.api.blocking.Blocking
 import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
@@ -43,6 +26,23 @@ import io.netty.handler.logging.LoggingHandler
 import io.netty.util.CharsetUtil
 import spock.lang.Ignore
 
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.USER_BLOCK
+import static io.netty.handler.codec.http.HttpHeaders.Names.CONTENT_LENGTH
+import static io.netty.handler.codec.http.HttpHeaders.Names.CONTENT_TYPE
+import static io.netty.handler.codec.http.HttpHeaders.is100ContinueExpected
+import static io.netty.handler.codec.http.HttpResponseStatus.CONTINUE
+import static io.netty.handler.codec.http.HttpResponseStatus.INTERNAL_SERVER_ERROR
+import static io.netty.handler.codec.http.HttpVersion.HTTP_1_1
+
 abstract class Netty40ServerTest extends HttpServerTest<EventLoopGroup> {
 
   static final LoggingHandler LOGGING_HANDLER = new LoggingHandler(SERVER_LOGGER.name, LogLevel.DEBUG)
@@ -164,11 +164,21 @@ abstract class Netty40ServerTest extends HttpServerTest<EventLoopGroup> {
     operation()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testBlocking() {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   @Ignore("https://github.com/DataDog/dd-trace-java/pull/5213")
   @Override
   boolean testBadUrl() {
diff --git a/dd-java-agent/instrumentation/netty-4.1-shared/src/main/java/datadog/trace/instrumentation/netty41/AttributeKeys.java b/dd-java-agent/instrumentation/netty-4.1-shared/src/main/java/datadog/trace/instrumentation/netty41/AttributeKeys.java
index 397377df963..74d124fb866 100644
--- a/dd-java-agent/instrumentation/netty-4.1-shared/src/main/java/datadog/trace/instrumentation/netty41/AttributeKeys.java
+++ b/dd-java-agent/instrumentation/netty-4.1-shared/src/main/java/datadog/trace/instrumentation/netty41/AttributeKeys.java
@@ -5,6 +5,7 @@
 import datadog.trace.api.GenericClassValue;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.netty.handler.codec.http.HttpHeaders;
 import io.netty.util.AttributeKey;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -23,6 +24,15 @@ public final class AttributeKeys {
       CONNECT_PARENT_CONTINUATION_ATTRIBUTE_KEY =
           attributeKey("datadog.connect.parent.continuation");
 
+  public static final AttributeKey<HttpHeaders> REQUEST_HEADERS_ATTRIBUTE_KEY =
+      attributeKey("datadog.server.request.headers");
+
+  public static final AttributeKey<Boolean> ANALYZED_RESPONSE_KEY =
+      attributeKey("datadog.server.analyzed_response");
+
+  public static final AttributeKey<Boolean> BLOCKED_RESPONSE_KEY =
+      attributeKey("datadog.server.blocked_response");
+
   /**
    * Generate an attribute key or reuse the one existing in the global app map. This implementation
    * creates attributes only once even if the current class is loaded by several class loaders and
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/HttpPostRequestDecoderInstrumentation.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/HttpPostRequestDecoderInstrumentation.java
index 4232e81bedf..af7a4b19d01 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/HttpPostRequestDecoderInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/HttpPostRequestDecoderInstrumentation.java
@@ -120,10 +120,12 @@ static void after(
         BlockResponseFunction brf = requestContext.getBlockResponseFunction();
         if (brf != null) {
           brf.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              requestContext.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
         }
         thr = new BlockingException("Blocked request (multipart/urlencoded post data)");
-        requestContext.getTraceSegment().effectivelyBlocked();
       }
 
       if (exc != null) {
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/NettyChannelPipelineInstrumentation.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/NettyChannelPipelineInstrumentation.java
index 505d7d384fc..ed87823cc8f 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/NettyChannelPipelineInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/NettyChannelPipelineInstrumentation.java
@@ -19,6 +19,7 @@
 import datadog.trace.instrumentation.netty41.server.HttpServerRequestTracingHandler;
 import datadog.trace.instrumentation.netty41.server.HttpServerResponseTracingHandler;
 import datadog.trace.instrumentation.netty41.server.HttpServerTracingHandler;
+import datadog.trace.instrumentation.netty41.server.MaybeBlockResponseHandler;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPipeline;
@@ -72,7 +73,8 @@ public String[] helperClassNames() {
       packageName + ".server.BlockingResponseHandler$IgnoreAllWritesHandler",
       packageName + ".server.HttpServerRequestTracingHandler",
       packageName + ".server.HttpServerResponseTracingHandler",
-      packageName + ".server.HttpServerTracingHandler"
+      packageName + ".server.HttpServerTracingHandler",
+      packageName + ".server.MaybeBlockResponseHandler",
     };
   }
 
@@ -133,13 +135,16 @@ public static void addHandler(
 
       try {
         ChannelHandler toAdd = null;
+        ChannelHandler toAdd2 = null;
         // Server pipeline handlers
         if (handler instanceof HttpServerCodec) {
           toAdd = new HttpServerTracingHandler();
+          toAdd2 = MaybeBlockResponseHandler.INSTANCE;
         } else if (handler instanceof HttpRequestDecoder) {
           toAdd = HttpServerRequestTracingHandler.INSTANCE;
         } else if (handler instanceof HttpResponseEncoder) {
           toAdd = HttpServerResponseTracingHandler.INSTANCE;
+          toAdd2 = MaybeBlockResponseHandler.INSTANCE;
         } else
         // Client pipeline handlers
         if (handler instanceof HttpClientCodec) {
@@ -159,6 +164,13 @@ public static void addHandler(
               pipeline.remove(existing);
             }
             pipeline.addAfter(handlerName, null, toAdd);
+            if (toAdd2 != null) {
+              ChannelHandler existing2 = pipeline.get(toAdd2.getClass());
+              if (existing2 != null) {
+                pipeline.remove(existing2);
+              }
+              pipeline.addAfter(pipeline.context(toAdd).name(), null, toAdd2);
+            }
           }
         }
       } catch (final IllegalArgumentException e) {
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/client/HttpClientResponseTracingHandler.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/client/HttpClientResponseTracingHandler.java
index cb5d9b9c58a..175514da0d7 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/client/HttpClientResponseTracingHandler.java
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/client/HttpClientResponseTracingHandler.java
@@ -64,4 +64,23 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws E
       super.exceptionCaught(ctx, cause);
     }
   }
+
+  @Override
+  public void channelInactive(ChannelHandlerContext ctx) throws Exception {
+    final Attribute<AgentSpan> parentAttr = ctx.channel().attr(CLIENT_PARENT_ATTRIBUTE_KEY);
+    parentAttr.setIfAbsent(noopSpan());
+    final AgentSpan parent = parentAttr.get();
+    final AgentSpan span = ctx.channel().attr(SPAN_ATTRIBUTE_KEY).getAndSet(parent);
+    if (span != null) {
+      try (final AgentScope scope = activateSpan(span)) {
+        DECORATE.beforeFinish(span);
+        span.finish();
+      }
+    }
+    // We want the callback in the scope of the parent, not the client span
+    try (final AgentScope scope = activateSpan(parent)) {
+      scope.setAsyncPropagation(true);
+      super.channelInactive(ctx);
+    }
+  }
 }
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/BlockingResponseHandler.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/BlockingResponseHandler.java
index 86e78e3d8c0..bb05ac8573c 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/BlockingResponseHandler.java
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/BlockingResponseHandler.java
@@ -2,6 +2,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
@@ -23,6 +24,7 @@ public class BlockingResponseHandler extends ChannelInboundHandlerAdapter {
   public static final Logger log = LoggerFactory.getLogger(BlockingResponseHandler.class);
   private static volatile boolean HAS_WARNED;
 
+  private final TraceSegment segment;
   private final int statusCode;
   private final BlockingContentType bct;
   private final Map<String, String> extraHeaders;
@@ -30,14 +32,18 @@ public class BlockingResponseHandler extends ChannelInboundHandlerAdapter {
   private boolean hasBlockedAlready;
 
   public BlockingResponseHandler(
-      int statusCode, BlockingContentType bct, Map<String, String> extraHeaders) {
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType bct,
+      Map<String, String> extraHeaders) {
+    this.segment = segment;
     this.statusCode = statusCode;
     this.bct = bct;
     this.extraHeaders = extraHeaders;
   }
 
-  public BlockingResponseHandler(Flow.Action.RequestBlockingAction rba) {
-    this(rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+  public BlockingResponseHandler(TraceSegment segment, Flow.Action.RequestBlockingAction rba) {
+    this(segment, rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
   }
 
   @Override
@@ -115,6 +121,8 @@ public void channelRead(final ChannelHandlerContext ctx, final Object msg) {
                 IgnoreAllWritesHandler.INSTANCE)
             .context("ignore_all_writes_handler");
 
+    segment.effectivelyBlocked();
+
     ctxForDownstream
         .writeAndFlush(response)
         .addListener(
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/HttpServerRequestTracingHandler.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/HttpServerRequestTracingHandler.java
index d2928abf105..2b769b55a82 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/HttpServerRequestTracingHandler.java
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/HttpServerRequestTracingHandler.java
@@ -1,6 +1,9 @@
 package datadog.trace.instrumentation.netty41.server;
 
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.netty41.AttributeKeys.ANALYZED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty41.AttributeKeys.BLOCKED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty41.AttributeKeys.REQUEST_HEADERS_ATTRIBUTE_KEY;
 import static datadog.trace.instrumentation.netty41.AttributeKeys.SPAN_ATTRIBUTE_KEY;
 import static datadog.trace.instrumentation.netty41.server.NettyHttpServerDecorator.DECORATE;
 
@@ -8,6 +11,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context;
+import io.netty.channel.Channel;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
@@ -20,8 +24,9 @@ public class HttpServerRequestTracingHandler extends ChannelInboundHandlerAdapte
 
   @Override
   public void channelRead(final ChannelHandlerContext ctx, final Object msg) {
+    Channel channel = ctx.channel();
     if (!(msg instanceof HttpRequest)) {
-      final AgentSpan span = ctx.channel().attr(SPAN_ATTRIBUTE_KEY).get();
+      final AgentSpan span = channel.attr(SPAN_ATTRIBUTE_KEY).get();
       if (span == null) {
         ctx.fireChannelRead(msg); // superclass does not throw
       } else {
@@ -40,16 +45,23 @@ public void channelRead(final ChannelHandlerContext ctx, final Object msg) {
 
     try (final AgentScope scope = activateSpan(span)) {
       DECORATE.afterStart(span);
-      DECORATE.onRequest(span, ctx.channel(), request, extractedContext);
+      DECORATE.onRequest(span, channel, request, extractedContext);
 
       scope.setAsyncPropagation(true);
 
-      ctx.channel().attr(SPAN_ATTRIBUTE_KEY).set(span);
+      channel.attr(ANALYZED_RESPONSE_KEY).set(null);
+      channel.attr(BLOCKED_RESPONSE_KEY).set(null);
+
+      channel.attr(SPAN_ATTRIBUTE_KEY).set(span);
+      channel.attr(REQUEST_HEADERS_ATTRIBUTE_KEY).set(request.headers());
 
       Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
       if (rba != null) {
-        span.getRequestContext().getTraceSegment().effectivelyBlocked();
-        ctx.pipeline().addAfter(ctx.name(), "blocking_handler", new BlockingResponseHandler(rba));
+        ctx.pipeline()
+            .addAfter(
+                ctx.name(),
+                "blocking_handler",
+                new BlockingResponseHandler(span.getRequestContext().getTraceSegment(), rba));
       }
 
       try {
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/MaybeBlockResponseHandler.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/MaybeBlockResponseHandler.java
new file mode 100644
index 00000000000..9139e318703
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/MaybeBlockResponseHandler.java
@@ -0,0 +1,136 @@
+package datadog.trace.instrumentation.netty41.server;
+
+import static datadog.trace.instrumentation.netty41.AttributeKeys.ANALYZED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty41.AttributeKeys.BLOCKED_RESPONSE_KEY;
+import static datadog.trace.instrumentation.netty41.AttributeKeys.REQUEST_HEADERS_ATTRIBUTE_KEY;
+import static datadog.trace.instrumentation.netty41.AttributeKeys.SPAN_ATTRIBUTE_KEY;
+import static datadog.trace.instrumentation.netty41.server.NettyHttpServerDecorator.DECORATE;
+import static io.netty.handler.codec.http.HttpHeaders.setContentLength;
+
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.netty.channel.Channel;
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelOutboundHandler;
+import io.netty.channel.ChannelOutboundHandlerAdapter;
+import io.netty.channel.ChannelPromise;
+import io.netty.handler.codec.http.DefaultFullHttpResponse;
+import io.netty.handler.codec.http.FullHttpResponse;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import io.netty.util.ReferenceCountUtil;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@ChannelHandler.Sharable
+public class MaybeBlockResponseHandler extends ChannelOutboundHandlerAdapter {
+  public static final ChannelOutboundHandler INSTANCE = new MaybeBlockResponseHandler();
+  public static final Logger log = LoggerFactory.getLogger(MaybeBlockResponseHandler.class);
+
+  private MaybeBlockResponseHandler() {}
+
+  private static boolean isAnalyzedResponse(Channel ch) {
+    return ch.attr(ANALYZED_RESPONSE_KEY).get() != null;
+  }
+
+  private static void markAnalyzedResponse(Channel ch) {
+    ch.attr(ANALYZED_RESPONSE_KEY).set(Boolean.TRUE);
+  }
+
+  private static boolean isBlockedResponse(Channel ch) {
+    return ch.attr(BLOCKED_RESPONSE_KEY).get() != null;
+  }
+
+  private static void markBlockedResponse(Channel ch) {
+    ch.attr(BLOCKED_RESPONSE_KEY).set(Boolean.TRUE);
+  }
+
+  @Override
+  public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise prm) throws Exception {
+    Channel channel = ctx.channel();
+
+    AgentSpan span = channel.attr(SPAN_ATTRIBUTE_KEY).get();
+    RequestContext requestContext;
+    if (span == null || (requestContext = span.getRequestContext()) == null) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+
+    if (isAnalyzedResponse(channel)) {
+      if (isBlockedResponse(channel)) {
+        // block further writes
+        log.debug("Write suppressed, msg {} dropped", msg);
+        ReferenceCountUtil.release(msg);
+      } else {
+        super.write(ctx, msg, prm);
+      }
+      return;
+    }
+
+    if (!(msg instanceof HttpResponse)) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+    HttpResponse origResponse = (HttpResponse) msg;
+    if (origResponse.status().code() == HttpResponseStatus.CONTINUE.code()) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+
+    Flow<Void> flow =
+        DECORATE.callIGCallbackResponseAndHeaders(
+            span, origResponse, origResponse.getStatus().code(), ResponseExtractAdapter.GETTER);
+    markAnalyzedResponse(channel);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      super.write(ctx, msg, prm);
+      return;
+    }
+
+    markBlockedResponse(channel);
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    int httpCode = BlockingActionHelper.getHttpCode(rba.getStatusCode());
+    HttpResponseStatus httpResponseStatus = HttpResponseStatus.valueOf(httpCode);
+    FullHttpResponse response =
+        new DefaultFullHttpResponse(origResponse.getProtocolVersion(), httpResponseStatus);
+    ReferenceCountUtil.release(msg);
+
+    HttpHeaders headers = response.headers();
+    headers.set("Connection", "close");
+
+    for (Map.Entry<String, String> h : rba.getExtraHeaders().entrySet()) {
+      headers.set(h.getKey(), h.getValue());
+    }
+
+    BlockingContentType bct = rba.getBlockingContentType();
+    if (bct != BlockingContentType.NONE) {
+      HttpHeaders reqHeaders = ctx.attr(REQUEST_HEADERS_ATTRIBUTE_KEY).get();
+      String acceptHeader = reqHeaders != null ? reqHeaders.get("accept") : null;
+      BlockingActionHelper.TemplateType type =
+          BlockingActionHelper.determineTemplateType(bct, acceptHeader);
+      headers.set("Content-type", BlockingActionHelper.getContentType(type));
+      byte[] template = BlockingActionHelper.getTemplate(type);
+      setContentLength(response, template.length);
+      response.content().writeBytes(template);
+    }
+
+    requestContext.getTraceSegment().effectivelyBlocked();
+    log.debug("About to write and flush blocking response {}", response);
+    ctx.writeAndFlush(response, prm)
+        .addListener(
+            fut -> {
+              if (!fut.isSuccess()) {
+                log.warn("Write of blocking response failed", fut.cause());
+              } else {
+                log.debug("Write of blocking response succeeded");
+              }
+              channel.close();
+            });
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/NettyHttpServerDecorator.java b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/NettyHttpServerDecorator.java
index 008da200c14..362e792256a 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/NettyHttpServerDecorator.java
+++ b/dd-java-agent/instrumentation/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/server/NettyHttpServerDecorator.java
@@ -2,6 +2,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.ContextVisitors;
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
@@ -100,6 +101,11 @@ protected int status(final HttpResponse httpResponse) {
     return httpResponse.status().code();
   }
 
+  @Override
+  protected boolean isAppSecOnResponseSeparate() {
+    return true;
+  }
+
   @Override
   protected BlockResponseFunction createBlockResponseFunction(
       HttpRequest httpRequest, Channel channel) {
@@ -118,7 +124,10 @@ public NettyBlockResponseFunction(ChannelPipeline pipeline, HttpRequest httpRequ
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType templateType,
+        Map<String, String> extraHeaders) {
       ChannelHandler handlerBefore = pipeline.get(HttpServerTracingHandler.class);
       if (handlerBefore == null) {
         handlerBefore = pipeline.get(HttpServerRequestTracingHandler.class);
@@ -134,7 +143,7 @@ public boolean tryCommitBlockingResponse(
             .addAfter(
                 pipeline.context(handlerBefore).name(),
                 "blocking_handler",
-                new BlockingResponseHandler(statusCode, templateType, extraHeaders))
+                new BlockingResponseHandler(segment, statusCode, templateType, extraHeaders))
             .addBefore(
                 "blocking_handler", "before_blocking_handler", new ChannelInboundHandlerAdapter());
       } catch (RuntimeException rte) {
diff --git a/dd-java-agent/instrumentation/netty-4.1/src/test/groovy/Netty41ServerTest.groovy b/dd-java-agent/instrumentation/netty-4.1/src/test/groovy/Netty41ServerTest.groovy
index d2f542943c2..65fa7a2a15e 100644
--- a/dd-java-agent/instrumentation/netty-4.1/src/test/groovy/Netty41ServerTest.groovy
+++ b/dd-java-agent/instrumentation/netty-4.1/src/test/groovy/Netty41ServerTest.groovy
@@ -193,6 +193,11 @@ abstract class Netty41ServerTest extends HttpServerTest<EventLoopGroup> {
     operation()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testBodyUrlencoded() {
     true
@@ -203,6 +208,11 @@ abstract class Netty41ServerTest extends HttpServerTest<EventLoopGroup> {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   //@Ignore("https://github.com/DataDog/dd-trace-java/pull/5213")
   @Override
   boolean testBadUrl() {
diff --git a/dd-java-agent/instrumentation/netty-buffer-4/src/main/java/datadog/trace/instrumentation/netty40/buffer/ByteBufInputStreamInstrumentation.java b/dd-java-agent/instrumentation/netty-buffer-4/src/main/java/datadog/trace/instrumentation/netty40/buffer/ByteBufInputStreamInstrumentation.java
index d8d4165a3e0..08deafb2bf9 100644
--- a/dd-java-agent/instrumentation/netty-buffer-4/src/main/java/datadog/trace/instrumentation/netty40/buffer/ByteBufInputStreamInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-buffer-4/src/main/java/datadog/trace/instrumentation/netty40/buffer/ByteBufInputStreamInstrumentation.java
@@ -53,7 +53,7 @@ public static void onExit(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       try {
         if (module != null) {
-          module.taintIfInputIsTainted(self, buffer);
+          module.taintIfTainted(self, buffer);
         }
       } catch (final Throwable e) {
         module.onUnexpectedException("ByteBufInputStream ctor threw", e);
diff --git a/dd-java-agent/instrumentation/netty-concurrent-4/build.gradle b/dd-java-agent/instrumentation/netty-concurrent-4/build.gradle
index 056e691a1ff..c54eb3a7072 100644
--- a/dd-java-agent/instrumentation/netty-concurrent-4/build.gradle
+++ b/dd-java-agent/instrumentation/netty-concurrent-4/build.gradle
@@ -24,3 +24,12 @@ dependencies {
 tasks.named("latestDepTest").configure {
   dependsOn "latestDep4Test"
 }
+
+configurations.configureEach {
+  resolutionStrategy.componentSelection.all { ComponentSelection selection ->
+    def version = selection.candidate.version.toLowerCase()
+    if (version.contains('alpha') || version.contains('beta')) {
+      reject("Early Access Version: ${selection.candidate.version}")
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-concurrent-4/src/main/java/datadog/trace/instrumentation/netty40/concurrent/SingleThreadEventExecutorInstrumentation.java b/dd-java-agent/instrumentation/netty-concurrent-4/src/main/java/datadog/trace/instrumentation/netty40/concurrent/SingleThreadEventExecutorInstrumentation.java
index f59cf133793..bffafed78a1 100644
--- a/dd-java-agent/instrumentation/netty-concurrent-4/src/main/java/datadog/trace/instrumentation/netty40/concurrent/SingleThreadEventExecutorInstrumentation.java
+++ b/dd-java-agent/instrumentation/netty-concurrent-4/src/main/java/datadog/trace/instrumentation/netty40/concurrent/SingleThreadEventExecutorInstrumentation.java
@@ -87,15 +87,7 @@ public static void before(
         }
         EventExecutorGroup parent = executor.parent();
         Class<?> schedulerClass = parent == null ? executor.getClass() : parent.getClass();
-        Class<?> unwrappedTaskClass = QueueTimerHelper.unwrap(task);
-        // best effort attempt to filter out chore tasks
-        if (unwrappedTaskClass != null
-            && !unwrappedTaskClass.getName().endsWith(".AbstractScheduledEventExecutor$1")
-            && !unwrappedTaskClass.getName().endsWith(".SingleThreadEventExecutor$5")
-            && !unwrappedTaskClass.getName().endsWith(".SingleThreadEventExecutor$PurgeTask")) {
-          QueueTimerHelper.startQueuingTimer(
-              state, schedulerClass, unwrappedTaskClass, (RunnableFuture<?>) task);
-        }
+        QueueTimerHelper.startQueuingTimer(state, schedulerClass, task);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/netty-concurrent-4/src/test/groovy/TimingTest.groovy b/dd-java-agent/instrumentation/netty-concurrent-4/src/test/groovy/TimingTest.groovy
index 4bcb05b7820..2aa95e5484c 100644
--- a/dd-java-agent/instrumentation/netty-concurrent-4/src/test/groovy/TimingTest.groovy
+++ b/dd-java-agent/instrumentation/netty-concurrent-4/src/test/groovy/TimingTest.groovy
@@ -1,5 +1,6 @@
 import datadog.trace.agent.test.AgentTestRunner
 import datadog.trace.agent.test.timer.TestTimer
+import datadog.trace.bootstrap.instrumentation.jfr.InstrumentationBasedProfiling
 import io.netty.util.concurrent.DefaultEventExecutorGroup
 
 import java.util.concurrent.TimeUnit
@@ -12,6 +13,7 @@ class TimingTest extends AgentTestRunner {
   protected void configurePreAgent() {
     injectSysConfig("dd.profiling.enabled", "true")
     injectSysConfig("dd.profiling.experimental.queueing.time.enabled", "true")
+    InstrumentationBasedProfiling.enableInstrumentationBasedProfiling()
     super.configurePreAgent()
   }
 
@@ -52,13 +54,20 @@ class TimingTest extends AgentTestRunner {
   void verify() {
     assert TEST_TIMER.isBalanced()
     assert !TEST_TIMER.closedTimings.isEmpty()
+    int numAsserts = 0
     while (!TEST_TIMER.closedTimings.isEmpty()) {
       def timing = TEST_TIMER.closedTimings.takeFirst() as TestTimer.TestQueueTiming
-      assert timing != null
-      assert timing.task == TestRunnable
-      assert timing.scheduler == DefaultEventExecutorGroup
-      assert timing.origin == Thread.currentThread()
+      // filter out any netty chores, filtering these out by class name in the instrumentation
+      // may be too expensive. They should get filtered out by duration anyway.
+      if (!(timing.task as Class).simpleName.isEmpty()) {
+        assert timing != null
+        assert timing.task == TestRunnable
+        assert timing.scheduler == DefaultEventExecutorGroup
+        assert timing.origin == Thread.currentThread()
+        numAsserts++
+      }
     }
+    assert numAsserts > 0
   }
 
 
diff --git a/dd-java-agent/instrumentation/netty-transport-4/build.gradle b/dd-java-agent/instrumentation/netty-transport-4/build.gradle
new file mode 100644
index 00000000000..ba9beddaf08
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-transport-4/build.gradle
@@ -0,0 +1,41 @@
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = "io.netty"
+    module = "netty-transport"
+    versions = "[4.0.0.Final,)"
+    assertInverse = true
+  }
+  pass {
+    group = "io.grpc"
+    module = "grpc-netty-shaded"
+    versions = "[,]"
+    assertInverse = false
+  }
+}
+
+addTestSuiteForDir('latestDep4Test', 'test')
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'io.netty', name: 'netty-transport', version: '4.0.56.Final'
+
+  testImplementation group: 'io.netty', name: 'netty-transport', version: '4.1.0.Final'
+
+  latestDep4TestImplementation group: 'io.netty', name: 'netty-transport', version: '4.+'
+  latestDepTestImplementation group: 'io.netty', name: 'netty-transport', version: '+'
+}
+
+tasks.named("latestDepTest").configure {
+  dependsOn "latestDep4Test"
+}
+
+configurations.configureEach {
+  resolutionStrategy.componentSelection.all { ComponentSelection selection ->
+    def version = selection.candidate.version.toLowerCase()
+    if (version.contains('alpha') || version.contains('beta')) {
+      reject("Early Access Version: ${selection.candidate.version}")
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-transport-4/src/main/java/datadog/trace/instrumentation/netty40/transport/EventLoopInstrumentation.java b/dd-java-agent/instrumentation/netty-transport-4/src/main/java/datadog/trace/instrumentation/netty40/transport/EventLoopInstrumentation.java
new file mode 100644
index 00000000000..64fb7e9e77b
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-transport-4/src/main/java/datadog/trace/instrumentation/netty40/transport/EventLoopInstrumentation.java
@@ -0,0 +1,57 @@
+package datadog.trace.instrumentation.netty40.transport;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * This instrumentation ensures that threads netty may initiate syscalls from is wallclock-profiled,
+ * whether spans propagate to the event loop or not.
+ */
+@AutoService(Instrumenter.class)
+public class EventLoopInstrumentation extends Instrumenter.Profiling
+    implements Instrumenter.ForKnownTypes {
+  public EventLoopInstrumentation() {
+    super("netty-transport", "netty-eventloop");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      // regular netty
+      "io.netty.channel.ThreadPerChannelEventLoop",
+      "io.netty.channel.nio.NioEventLoop",
+      "io.netty.channel.epoll.EPollEventLoop",
+      "io.netty.channel.kqueue.KQueueEventLoop",
+      // gRPC shades the same classes
+      "io.grpc.netty.shaded.io.netty.channel.ThreadPerChannelEventLoop",
+      "io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop",
+      "io.grpc.netty.shaded.io.netty.channel.epoll.EPollEventLoop",
+      "io.grpc.netty.shaded.io.netty.channel.kqueue.KQueueEventLoop",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("run").and(takesNoArguments())),
+        getClass().getName() + "$ManageEventLoopThread");
+  }
+
+  private static final class ManageEventLoopThread {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void before() {
+      AgentTracer.get().getProfilingContext().onAttach();
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    public static void after() {
+      AgentTracer.get().getProfilingContext().onDetach();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/netty-transport-4/src/test/groovy/RegistrationTest.groovy b/dd-java-agent/instrumentation/netty-transport-4/src/test/groovy/RegistrationTest.groovy
new file mode 100644
index 00000000000..3fd620a2f05
--- /dev/null
+++ b/dd-java-agent/instrumentation/netty-transport-4/src/test/groovy/RegistrationTest.groovy
@@ -0,0 +1,28 @@
+import datadog.trace.agent.test.AgentTestRunner
+import io.netty.channel.nio.NioEventLoopGroup
+
+import java.util.concurrent.TimeUnit
+
+class RegistrationTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.profiling.enabled", "true")
+    super.configurePreAgent()
+  }
+
+  def "test NioEventLoop updates thread filter"() {
+    setup:
+    NioEventLoopGroup nioEventLoopGroup = new NioEventLoopGroup(1)
+    boolean shutdownGracefully = false
+
+    when:
+    nioEventLoopGroup.execute {}
+    shutdownGracefully = nioEventLoopGroup.shutdownGracefully().await(5, TimeUnit.SECONDS)
+
+    then:
+    shutdownGracefully
+    TEST_PROFILING_CONTEXT_INTEGRATION.attachments.get() == 1
+    TEST_PROFILING_CONTEXT_INTEGRATION.detachments.get() == 1
+  }
+}
diff --git a/dd-java-agent/instrumentation/okhttp-2/src/main/java/datadog/trace/instrumentation/okhttp2/IastHttpUrlInstrumentation.java b/dd-java-agent/instrumentation/okhttp-2/src/main/java/datadog/trace/instrumentation/okhttp2/IastHttpUrlInstrumentation.java
index f24dbc711f2..8cd47d7ed01 100644
--- a/dd-java-agent/instrumentation/okhttp-2/src/main/java/datadog/trace/instrumentation/okhttp2/IastHttpUrlInstrumentation.java
+++ b/dd-java-agent/instrumentation/okhttp-2/src/main/java/datadog/trace/instrumentation/okhttp2/IastHttpUrlInstrumentation.java
@@ -76,20 +76,20 @@ public static void onParse(
         @Advice.Argument(0) final Object argument, @Advice.Return final Object result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(result, argument);
+        module.taintIfTainted(result, argument);
       }
     }
   }
 
   public static class PropagationAdvice {
 
-    @Advice.OnMethodExit(suppress = Throwable.class, inline = false)
+    @Advice.OnMethodExit(suppress = Throwable.class)
     @Propagation
     public static void onPropagation(
         @Advice.This final Object self, @Advice.Return final Object result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(result, self);
+        module.taintIfTainted(result, self);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/okhttp-2/src/test/groovy/IastOkHttp2InstrumentationTest.groovy b/dd-java-agent/instrumentation/okhttp-2/src/test/groovy/IastOkHttp2InstrumentationTest.groovy
index 530c5ac59f4..e54d88b1505 100644
--- a/dd-java-agent/instrumentation/okhttp-2/src/test/groovy/IastOkHttp2InstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/okhttp-2/src/test/groovy/IastOkHttp2InstrumentationTest.groovy
@@ -62,12 +62,12 @@ class IastOkHttp2InstrumentationTest extends AgentTestRunner {
 
   private void mockPropagation() {
     final propagation = Mock(PropagationModule) {
-      taintIfAnyInputIsTainted(_, _) >> {
+      taintIfAnyTainted(_, _) >> {
         if ((it[1] as List).any { input -> tainteds.containsKey(input) }) {
           tainteds.put(it[0], null)
         }
       }
-      taintIfInputIsTainted(_, _) >> {
+      taintIfTainted(_, _) >> {
         if (tainteds.containsKey(it[1])) {
           tainteds.put(it[0], null)
         }
diff --git a/dd-java-agent/instrumentation/okhttp-3/src/main/java/datadog/trace/instrumentation/okhttp3/IastHttpUrlInstrumentation.java b/dd-java-agent/instrumentation/okhttp-3/src/main/java/datadog/trace/instrumentation/okhttp3/IastHttpUrlInstrumentation.java
index 4511f5b99e9..3ab884d93a2 100644
--- a/dd-java-agent/instrumentation/okhttp-3/src/main/java/datadog/trace/instrumentation/okhttp3/IastHttpUrlInstrumentation.java
+++ b/dd-java-agent/instrumentation/okhttp-3/src/main/java/datadog/trace/instrumentation/okhttp3/IastHttpUrlInstrumentation.java
@@ -76,7 +76,7 @@ public static void onParse(
         @Advice.Argument(0) final Object arg, @Advice.Return final Object result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(result, arg);
+        module.taintIfTainted(result, arg);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/okhttp-3/src/test/groovy/IastOkHttp3InstrumentationTest.groovy b/dd-java-agent/instrumentation/okhttp-3/src/test/groovy/IastOkHttp3InstrumentationTest.groovy
index 253f9e665eb..c96dcc3fbb0 100644
--- a/dd-java-agent/instrumentation/okhttp-3/src/test/groovy/IastOkHttp3InstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/okhttp-3/src/test/groovy/IastOkHttp3InstrumentationTest.groovy
@@ -67,7 +67,7 @@ class IastOkHttp3InstrumentationTest extends AgentTestRunner {
 
   private void mockPropagation() {
     final propagation = Mock(PropagationModule) {
-      taintIfInputIsTainted(_, _) >> {
+      taintIfTainted(_, _) >> {
         if (tainteds.containsKey(it[1])) {
           tainteds.put(it[0], null)
         }
diff --git a/dd-java-agent/instrumentation/opensearch/rest/src/test/groovy/OpensearchRestClientTest.groovy b/dd-java-agent/instrumentation/opensearch/rest/src/test/groovy/OpensearchRestClientTest.groovy
index 9cf7618ab29..1f7107ee301 100644
--- a/dd-java-agent/instrumentation/opensearch/rest/src/test/groovy/OpensearchRestClientTest.groovy
+++ b/dd-java-agent/instrumentation/opensearch/rest/src/test/groovy/OpensearchRestClientTest.groovy
@@ -98,16 +98,18 @@ class OpensearchRestClientTest extends AgentTestRunner {
         }
         span {
           serviceName "opensearch"
-          resourceName "GET _cluster/health"
+          resourceName "GET /_cluster/health"
           operationName "http.request"
           spanType DDSpanTypes.HTTP_CLIENT
           childOf span(0)
           tags {
             "$Tags.COMPONENT" "apache-httpasyncclient"
             "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
-            "$Tags.HTTP_URL" "_cluster/health"
+            "$Tags.HTTP_URL" "http://${httpTransportAddress.address}:${httpTransportAddress.port}/_cluster/health"
             "$Tags.HTTP_METHOD" "GET"
             "$Tags.HTTP_STATUS" 200
+            "$Tags.PEER_HOSTNAME" httpTransportAddress.address
+            "$Tags.PEER_PORT" httpTransportAddress.port
             defaultTags()
           }
         }
diff --git a/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchRestClientDecorator.java b/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchRestClientDecorator.java
index 6af00b2e1c5..ec07a1c8e55 100644
--- a/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchRestClientDecorator.java
+++ b/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchRestClientDecorator.java
@@ -21,10 +21,7 @@ public class OpensearchRestClientDecorator extends DBTypeProcessingDatabaseClien
 
   private static final int MAX_OPENSEARCH_BODY_CONTENT_LENGTH = 25000;
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), "opensearch");
+      SpanNaming.instance().namingSchema().database().service("opensearch");
 
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(
@@ -95,8 +92,10 @@ public AgentSpan onRequest(
       final Map<String, String> parameters) {
     span.setTag(Tags.HTTP_METHOD, method);
     span.setTag(Tags.HTTP_URL, endpoint);
-    if (Config.get()
-        .isElasticsearchBodyAndParamsEnabled()) { // Elasticsearch also controls Opensearch
+
+    final Config config = Config.get();
+    // Elasticsearch also controls OpenSearch
+    if (config.isElasticsearchBodyEnabled() || config.isElasticsearchBodyAndParamsEnabled()) {
       if (entity != null) {
         long contentLength = entity.getContentLength();
         if (contentLength <= MAX_OPENSEARCH_BODY_CONTENT_LENGTH) {
@@ -111,6 +110,9 @@ public AgentSpan onRequest(
                   + ">");
         }
       }
+    }
+
+    if (config.isElasticsearchParamsEnabled() || config.isElasticsearchBodyAndParamsEnabled()) {
       if (parameters != null) {
         StringBuilder queryParametersStringBuilder = new StringBuilder();
         for (Map.Entry<String, String> parameter : parameters.entrySet()) {
diff --git a/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchTransportClientDecorator.java b/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchTransportClientDecorator.java
index 180ca44d707..a91b3dffcbc 100644
--- a/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchTransportClientDecorator.java
+++ b/dd-java-agent/instrumentation/opensearch/src/main/java/datadog/trace/instrumentation/opensearch/OpensearchTransportClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.opensearch;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -11,10 +10,7 @@ public class OpensearchTransportClientDecorator extends DBTypeProcessingDatabase
 
   private static final String DB_TYPE = "opensearch";
   private static final String SERVICE_NAME =
-      SpanNaming.instance()
-          .namingSchema()
-          .database()
-          .service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().database().service(DB_TYPE);
 
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().database().operation(DB_TYPE));
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/main/java/datadog/trace/instrumentation/opentelemetry/OtelContextPropagators.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/main/java/datadog/trace/instrumentation/opentelemetry/OtelContextPropagators.java
index 01c690d908b..ad7ad954aa6 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/main/java/datadog/trace/instrumentation/opentelemetry/OtelContextPropagators.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/main/java/datadog/trace/instrumentation/opentelemetry/OtelContextPropagators.java
@@ -39,12 +39,13 @@ public <C> void inject(final Context context, final C carrier, final Setter<C> s
       if (span == null || !span.getContext().isValid()) {
         return;
       }
-      tracer.inject(converter.toAgentSpan(span), carrier, new OtelSetter<>(setter));
+      tracer.propagate().inject(converter.toAgentSpan(span), carrier, new OtelSetter<>(setter));
     }
 
     @Override
     public <C> Context extract(final Context context, final C carrier, final Getter<C> getter) {
-      final AgentSpan.Context agentContext = tracer.extract(carrier, new OtelGetter<>(getter));
+      final AgentSpan.Context agentContext =
+          tracer.propagate().extract(carrier, new OtelGetter<>(getter));
       return TracingContextUtils.withSpan(
           DefaultSpan.create(converter.toSpanContext(agentContext)), context);
     }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/test/groovy/TypeConverterTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/test/groovy/TypeConverterTest.groovy
index f026a803cf4..64b6cdc16a5 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/test/groovy/TypeConverterTest.groovy
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-0.3/src/test/groovy/TypeConverterTest.groovy
@@ -23,8 +23,8 @@ class TypeConverterTest extends AgentTestRunner {
 
   def "should avoid extra allocation for a span wrapper"() {
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     expect:
     // return the same wrapper for the same span
     typeConverter.toSpan(span1) is typeConverter.toSpan(span1)
@@ -47,8 +47,8 @@ class TypeConverterTest extends AgentTestRunner {
   def "should avoid extra allocation for a scope wrapper"() {
     def scopeManager = new ContinuableScopeManager(0, false, true)
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     def scope1 = scopeManager.activate(span1, ScopeSource.MANUAL)
     def scope2 = scopeManager.activate(span2, ScopeSource.MANUAL)
     expect:
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryInstrumentation.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryInstrumentation.java
index 6a471120616..35f0425cb90 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryInstrumentation.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryInstrumentation.java
@@ -9,7 +9,11 @@
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.api.InstrumenterConfig;
+import datadog.trace.instrumentation.opentelemetry14.context.propagation.OtelContextPropagators;
+import datadog.trace.instrumentation.opentelemetry14.trace.OtelTracerProvider;
+import datadog.trace.util.Strings;
 import io.opentelemetry.api.trace.TracerProvider;
+import io.opentelemetry.context.propagation.ContextPropagators;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.type.TypeDescription;
 import net.bytebuddy.matcher.ElementMatcher;
@@ -17,6 +21,9 @@
 @AutoService(Instrumenter.class)
 public class OpenTelemetryInstrumentation extends Instrumenter.Tracing
     implements Instrumenter.CanShortcutTypeMatching {
+  public static final String ROOT_PACKAGE_NAME =
+      Strings.getPackageName(OpenTelemetryInstrumentation.class.getName());
+
   public OpenTelemetryInstrumentation() {
     super("opentelemetry.experimental", "opentelemetry-1");
   }
@@ -52,30 +59,40 @@ public boolean onlyMatchKnownTypes() {
   @Override
   public String[] helperClassNames() {
     return new String[] {
-      packageName + ".OtelContext",
-      packageName + ".OtelExtractedContext",
-      packageName + ".OtelScope",
-      packageName + ".OtelSpan",
-      packageName + ".OtelSpan$NoopSpan",
-      packageName + ".OtelSpan$NoopSpanContext",
-      packageName + ".OtelSpanBuilder",
-      packageName + ".OtelSpanBuilder$1",
-      packageName + ".OtelSpanContext",
-      packageName + ".OtelTracer",
-      packageName + ".OtelTracerBuilder",
-      packageName + ".OtelTracerProvider",
+      packageName + ".context.OtelContext",
+      packageName + ".context.OtelScope",
+      packageName + ".context.propagation.AgentTextMapPropagator",
+      packageName + ".context.propagation.OtelContextPropagators",
+      packageName + ".trace.OtelExtractedContext",
+      packageName + ".trace.OtelSpan",
+      packageName + ".trace.OtelSpan$1",
+      packageName + ".trace.OtelSpan$NoopSpan",
+      packageName + ".trace.OtelSpan$NoopSpanContext",
+      packageName + ".trace.OtelSpanBuilder",
+      packageName + ".trace.OtelSpanBuilder$1",
+      packageName + ".trace.OtelSpanContext",
+      packageName + ".trace.OtelTracer",
+      packageName + ".trace.OtelTracerBuilder",
+      packageName + ".trace.OtelTracerProvider",
     };
   }
 
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
-    // TracerProvider.getTracerProvider()
+    // TracerProvider OpenTelemetry.getTracerProvider()
     transformation.applyAdvice(
         isMethod()
             .and(named("getTracerProvider"))
             .and(takesNoArguments())
             .and(returns(named("io.opentelemetry.api.trace.TracerProvider"))),
         OpenTelemetryInstrumentation.class.getName() + "$TracerProviderAdvice");
+    // ContextPropagators OpenTelemetry.getPropagators();
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("getPropagators"))
+            .and(takesNoArguments())
+            .and(returns(named("io.opentelemetry.context.propagation.ContextPropagators"))),
+        OpenTelemetryInstrumentation.class.getName() + "$ContextPropagatorAdvice");
   }
 
   public static class TracerProviderAdvice {
@@ -84,4 +101,11 @@ public static void returnProvider(@Advice.Return(readOnly = false) TracerProvide
       result = OtelTracerProvider.INSTANCE;
     }
   }
+
+  public static class ContextPropagatorAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void returnProvider(@Advice.Return(readOnly = false) ContextPropagators result) {
+      result = OtelContextPropagators.INSTANCE;
+    }
+  }
 }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OpenTelemetryContextInstrumentation.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OpenTelemetryContextInstrumentation.java
new file mode 100644
index 00000000000..df0676a5d6d
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OpenTelemetryContextInstrumentation.java
@@ -0,0 +1,89 @@
+package datadog.trace.instrumentation.opentelemetry14.context;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.instrumentation.opentelemetry14.OpenTelemetryInstrumentation.ROOT_PACKAGE_NAME;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
+import io.opentelemetry.context.Context;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class OpenTelemetryContextInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.CanShortcutTypeMatching {
+
+  public OpenTelemetryContextInstrumentation() {
+    super("opentelemetry.experimental", "opentelemetry-1");
+  }
+
+  @Override
+  protected boolean defaultEnabled() {
+    return InstrumenterConfig.get().isTraceOtelEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "io.opentelemetry.context.Context";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "io.opentelemetry.context.ArrayBasedContext",
+    };
+  }
+
+  @Override
+  public boolean onlyMatchKnownTypes() {
+    return isShortcutMatchingEnabled(false);
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".OtelContext",
+      packageName + ".OtelScope",
+      ROOT_PACKAGE_NAME + ".trace.OtelExtractedContext",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan$1",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan$NoopSpan",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan$NoopSpanContext",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpanBuilder",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpanBuilder$1",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpanContext",
+      ROOT_PACKAGE_NAME + ".trace.OtelTracer",
+      ROOT_PACKAGE_NAME + ".trace.OtelTracerBuilder",
+      ROOT_PACKAGE_NAME + ".trace.OtelTracerProvider",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    // Context Context.root()
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("root"))
+            .and(takesNoArguments())
+            .and(returns(named("io.opentelemetry.context.Context"))),
+        OpenTelemetryContextInstrumentation.class.getName() + "$ContextRootAdvice");
+  }
+
+  public static class ContextRootAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void current(@Advice.Return(readOnly = false) Context result) {
+      result = OtelContext.ROOT;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryContextInstrumentation.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OpenTelemetryContextStorageInstrumentation.java
similarity index 63%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryContextInstrumentation.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OpenTelemetryContextStorageInstrumentation.java
index d2255a61deb..b7130cd55a3 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OpenTelemetryContextInstrumentation.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OpenTelemetryContextStorageInstrumentation.java
@@ -1,7 +1,8 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.context;
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.instrumentation.opentelemetry14.OpenTelemetryInstrumentation.ROOT_PACKAGE_NAME;
 import static net.bytebuddy.matcher.ElementMatchers.isMethod;
 import static net.bytebuddy.matcher.ElementMatchers.returns;
 import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
@@ -12,6 +13,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.bootstrap.instrumentation.api.AttachableWrapper;
+import datadog.trace.instrumentation.opentelemetry14.trace.OtelSpan;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.context.Context;
 import net.bytebuddy.asm.Advice;
@@ -19,10 +21,10 @@
 import net.bytebuddy.matcher.ElementMatcher;
 
 @AutoService(Instrumenter.class)
-public class OpenTelemetryContextInstrumentation extends Instrumenter.Tracing
+public class OpenTelemetryContextStorageInstrumentation extends Instrumenter.Tracing
     implements Instrumenter.CanShortcutTypeMatching {
 
-  public OpenTelemetryContextInstrumentation() {
+  public OpenTelemetryContextStorageInstrumentation() {
     super("opentelemetry.experimental", "opentelemetry-1");
   }
 
@@ -58,36 +60,43 @@ public boolean onlyMatchKnownTypes() {
   public String[] helperClassNames() {
     return new String[] {
       packageName + ".OtelContext",
-      packageName + ".OtelExtractedContext",
       packageName + ".OtelScope",
-      packageName + ".OtelSpan",
-      packageName + ".OtelSpan$NoopSpan",
-      packageName + ".OtelSpan$NoopSpanContext",
-      packageName + ".OtelSpanBuilder",
-      packageName + ".OtelSpanBuilder$1",
-      packageName + ".OtelSpanContext",
-      packageName + ".OtelTracer",
-      packageName + ".OtelTracerBuilder",
-      packageName + ".OtelTracerProvider",
+      ROOT_PACKAGE_NAME + ".trace.OtelExtractedContext",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan$1",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan$NoopSpan",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpan$NoopSpanContext",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpanBuilder",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpanBuilder$1",
+      ROOT_PACKAGE_NAME + ".trace.OtelSpanContext",
+      ROOT_PACKAGE_NAME + ".trace.OtelTracer",
+      ROOT_PACKAGE_NAME + ".trace.OtelTracerBuilder",
+      ROOT_PACKAGE_NAME + ".trace.OtelTracerProvider",
     };
   }
 
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
-    // Context.current()
+    // Context ContextStorage.current()
     transformation.applyAdvice(
         isMethod()
             .and(named("current"))
             .and(takesNoArguments())
             .and(returns(named("io.opentelemetry.context.Context"))),
-        OpenTelemetryContextInstrumentation.class.getName() + "$ContextCurrentAdvice");
+        OpenTelemetryContextStorageInstrumentation.class.getName()
+            + "$ContextStorageCurrentAdvice");
   }
 
-  public static class ContextCurrentAdvice {
+  public static class ContextStorageCurrentAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
     public static void current(@Advice.Return(readOnly = false) Context result) {
-      // Get OTel current span
+      // Check empty context
       AgentSpan agentCurrentSpan = AgentTracer.activeSpan();
+      if (null == agentCurrentSpan) {
+        result = OtelContext.ROOT;
+        return;
+      }
+      // Get OTel current span
       Span otelCurrentSpan = null;
       if (agentCurrentSpan instanceof AttachableWrapper) {
         Object wrapper = ((AttachableWrapper) agentCurrentSpan).getWrapper();
@@ -96,23 +105,19 @@ public static void current(@Advice.Return(readOnly = false) Context result) {
         }
       }
       if (otelCurrentSpan == null) {
-        otelCurrentSpan =
-            agentCurrentSpan == null ? OtelSpan.invalid() : new OtelSpan(agentCurrentSpan);
+        otelCurrentSpan = new OtelSpan(agentCurrentSpan);
       }
       // Get OTel root span
       Span otelRootSpan = null;
-      AgentSpan agentRootSpan = null;
-      if (agentCurrentSpan != null) {
-        agentRootSpan = agentCurrentSpan.getLocalRootSpan();
-        if (agentRootSpan instanceof AttachableWrapper) {
-          Object wrapper = ((AttachableWrapper) agentRootSpan).getWrapper();
-          if (wrapper instanceof OtelSpan) {
-            otelRootSpan = (OtelSpan) wrapper;
-          }
+      AgentSpan agentRootSpan = agentCurrentSpan.getLocalRootSpan();
+      if (agentRootSpan instanceof AttachableWrapper) {
+        Object wrapper = ((AttachableWrapper) agentRootSpan).getWrapper();
+        if (wrapper instanceof OtelSpan) {
+          otelRootSpan = (OtelSpan) wrapper;
         }
       }
       if (otelRootSpan == null) {
-        otelRootSpan = agentRootSpan == null ? OtelSpan.invalid() : new OtelSpan(agentRootSpan);
+        otelRootSpan = new OtelSpan(agentRootSpan);
       }
       result = new OtelContext(otelCurrentSpan, otelRootSpan);
     }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelContext.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OtelContext.java
similarity index 77%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelContext.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OtelContext.java
index 5e392196922..deccb160737 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelContext.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OtelContext.java
@@ -1,6 +1,7 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.context;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.instrumentation.opentelemetry14.trace.OtelSpan;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.context.Context;
 import io.opentelemetry.context.ContextKey;
@@ -10,6 +11,9 @@
 
 @ParametersAreNonnullByDefault
 public class OtelContext implements Context {
+  /** Overridden root context. */
+  public static final OtelContext ROOT = new OtelContext(OtelSpan.invalid(), OtelSpan.invalid());
+
   private static final String OTEL_CONTEXT_SPAN_KEY = "opentelemetry-trace-span-key";
   private static final String DATADOG_CONTEXT_ROOT_SPAN_KEY = "datadog-root-span-key";
 
@@ -51,4 +55,14 @@ public Scope makeCurrent() {
     }
     return scope;
   }
+
+  @Override
+  public String toString() {
+    return "OtelContext{"
+        + "currentSpan="
+        + this.currentSpan.getSpanContext()
+        + ", rootSpan="
+        + this.rootSpan.getSpanContext()
+        + '}';
+  }
 }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelScope.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OtelScope.java
similarity index 90%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelScope.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OtelScope.java
index fdb6ce88997..6eb0ffdfc4a 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelScope.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/OtelScope.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.context;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AttachableWrapper;
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/propagation/AgentTextMapPropagator.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/propagation/AgentTextMapPropagator.java
new file mode 100644
index 00000000000..6667463726d
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/propagation/AgentTextMapPropagator.java
@@ -0,0 +1,98 @@
+package datadog.trace.instrumentation.opentelemetry14.context.propagation;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context.Extracted;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.instrumentation.opentelemetry14.context.OtelContext;
+import datadog.trace.instrumentation.opentelemetry14.trace.OtelExtractedContext;
+import datadog.trace.instrumentation.opentelemetry14.trace.OtelSpan;
+import io.opentelemetry.api.trace.Span;
+import io.opentelemetry.api.trace.SpanContext;
+import io.opentelemetry.api.trace.SpanId;
+import io.opentelemetry.api.trace.TraceFlags;
+import io.opentelemetry.api.trace.TraceState;
+import io.opentelemetry.context.Context;
+import io.opentelemetry.context.propagation.TextMapGetter;
+import io.opentelemetry.context.propagation.TextMapPropagator;
+import io.opentelemetry.context.propagation.TextMapSetter;
+import java.util.Arrays;
+import java.util.Collection;
+import javax.annotation.Nullable;
+import javax.annotation.ParametersAreNonnullByDefault;
+
+@ParametersAreNonnullByDefault
+public class AgentTextMapPropagator implements TextMapPropagator {
+  private final Collection<String> fields;
+
+  public AgentTextMapPropagator() {
+    // Cannot suppose the current injector from AgentTracer so declare them all
+    this.fields =
+        Arrays.asList(
+            // W3C headers
+            "traceparent",
+            "tracestate",
+            // DD headers
+            "x-datadog-trace-id",
+            "x-datadog-parent-id",
+            "x-datadog-sampling-priority",
+            "x-datadog-origin",
+            "x-datadog-tags",
+            // B3 single headers
+            "X-B3-TraceId",
+            "X-B3-SpanId",
+            "X-B3-Sampled",
+            // B3 multi header
+            "b3");
+  }
+
+  @Override
+  public Collection<String> fields() {
+    return this.fields;
+  }
+
+  @Override
+  public <C> void inject(Context context, @Nullable C carrier, TextMapSetter<C> setter) {
+    if (carrier == null) {
+      return;
+    }
+    Span span = Span.fromContext(context);
+    if (span.getSpanContext().isValid()) {
+      AgentSpan.Context agentSpanContext = OtelExtractedContext.extract(context);
+      AgentTracer.propagate().inject(agentSpanContext, carrier, setter::set);
+    }
+  }
+
+  @Override
+  public <C> Context extract(Context context, @Nullable C carrier, TextMapGetter<C> getter) {
+    if (carrier == null) {
+      return context;
+    }
+    Extracted extracted =
+        AgentTracer.propagate()
+            .extract(
+                carrier,
+                (carrier1, classifier) -> {
+                  for (String key : getter.keys(carrier1)) {
+                    classifier.accept(key, getter.get(carrier1, key));
+                  }
+                });
+    if (extracted == null) {
+      return context;
+    } else {
+      SpanContext spanContext = extractSpanContext(extracted);
+      return new OtelContext(Span.wrap(spanContext), OtelSpan.invalid());
+    }
+  }
+
+  private static SpanContext extractSpanContext(Extracted extracted) {
+    String traceId = extracted.getTraceId().toHexString();
+    String spanId = SpanId.fromLong(extracted.getSpanId());
+    TraceFlags traceFlags =
+        extracted.getSamplingPriority() > 0 ? TraceFlags.getSampled() : TraceFlags.getDefault();
+    // Do not support tracestate extraction from PropagationTags:
+    // As OtelSpanContext used in OtelSpanBuilder only implements AgentSpan.Context,
+    // PropagationTags from ExtractedContext are lost.
+    TraceState traceState = TraceState.getDefault();
+    return SpanContext.createFromRemoteParent(traceId, spanId, traceFlags, traceState);
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/propagation/OtelContextPropagators.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/propagation/OtelContextPropagators.java
new file mode 100644
index 00000000000..7d7f2ab10fc
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/context/propagation/OtelContextPropagators.java
@@ -0,0 +1,14 @@
+package datadog.trace.instrumentation.opentelemetry14.context.propagation;
+
+import io.opentelemetry.context.propagation.ContextPropagators;
+import io.opentelemetry.context.propagation.TextMapPropagator;
+
+public class OtelContextPropagators implements ContextPropagators {
+  public static final ContextPropagators INSTANCE = new OtelContextPropagators();
+  private final TextMapPropagator propagator = new AgentTextMapPropagator();
+
+  @Override
+  public TextMapPropagator getTextMapPropagator() {
+    return this.propagator;
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelExtractedContext.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelExtractedContext.java
similarity index 91%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelExtractedContext.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelExtractedContext.java
index e012a2ecb8b..0823fa48f5d 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelExtractedContext.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelExtractedContext.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
 import datadog.trace.api.DDSpanId;
 import datadog.trace.api.DDTraceId;
@@ -14,7 +14,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-class OtelExtractedContext implements AgentSpan.Context {
+public class OtelExtractedContext implements AgentSpan.Context {
   private static final Logger LOGGER = LoggerFactory.getLogger(OtelExtractedContext.class);
   private final DDTraceId traceId;
   private final long spanId;
@@ -27,7 +27,7 @@ private OtelExtractedContext(SpanContext context) {
         context.isSampled() ? PrioritySampling.SAMPLER_KEEP : PrioritySampling.UNSET;
   }
 
-  static AgentSpan.Context extract(Context context) {
+  public static AgentSpan.Context extract(Context context) {
     Span span = Span.fromContext(context);
     SpanContext spanContext = span.getSpanContext();
     if (spanContext instanceof OtelSpanContext) {
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpan.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpan.java
similarity index 70%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpan.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpan.java
index 03e72208a90..1d4cb72aa16 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpan.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpan.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
 import static io.opentelemetry.api.trace.StatusCode.ERROR;
@@ -8,6 +8,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AttachableWrapper;
+import datadog.trace.bootstrap.instrumentation.api.ErrorPriorities;
 import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.common.Attributes;
 import io.opentelemetry.api.trace.Span;
@@ -15,6 +16,7 @@
 import io.opentelemetry.api.trace.StatusCode;
 import io.opentelemetry.api.trace.TraceFlags;
 import io.opentelemetry.api.trace.TraceState;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.ParametersAreNonnullByDefault;
 
@@ -39,7 +41,29 @@ public static Span invalid() {
 
   @Override
   public <T> Span setAttribute(AttributeKey<T> key, T value) {
-    this.delegate.setTag(key.getKey(), value);
+    if (this.recording) {
+      switch (key.getType()) {
+        case STRING_ARRAY:
+        case BOOLEAN_ARRAY:
+        case LONG_ARRAY:
+        case DOUBLE_ARRAY:
+          if (value instanceof List) {
+            List<?> valueList = (List<?>) value;
+            if (valueList.isEmpty()) {
+              // Store as object to prevent delegate to remove tag when value is empty
+              this.delegate.setTag(key.getKey(), (Object) "");
+            } else {
+              for (int index = 0; index < valueList.size(); index++) {
+                this.delegate.setTag(key.getKey() + "." + index, valueList.get(index));
+              }
+            }
+          }
+          break;
+        default:
+          this.delegate.setTag(key.getKey(), value);
+          break;
+      }
+    }
     return this;
   }
 
@@ -57,26 +81,33 @@ public Span addEvent(String name, Attributes attributes, long timestamp, TimeUni
 
   @Override
   public Span setStatus(StatusCode statusCode, String description) {
-    if (this.statusCode == UNSET) {
-      this.statusCode = statusCode;
-      this.delegate.setError(statusCode == ERROR);
-      this.delegate.setErrorMessage(statusCode == ERROR ? description : null);
-    } else if (this.statusCode == ERROR && statusCode == OK) {
-      this.delegate.setError(false);
-      this.delegate.setErrorMessage(null);
+    if (this.recording) {
+      if (this.statusCode == UNSET) {
+        this.statusCode = statusCode;
+        this.delegate.setError(statusCode == ERROR);
+        this.delegate.setErrorMessage(statusCode == ERROR ? description : null);
+      } else if (this.statusCode == ERROR && statusCode == OK) {
+        this.delegate.setError(false);
+        this.delegate.setErrorMessage(null);
+      }
     }
     return this;
   }
 
   @Override
   public Span recordException(Throwable exception, Attributes additionalAttributes) {
-    // Not supported
+    if (this.recording) {
+      // Store exception as span tags as span events are not supported yet
+      this.delegate.addThrowable(exception, ErrorPriorities.UNSET);
+    }
     return this;
   }
 
   @Override
   public Span updateName(String name) {
-    this.delegate.setOperationName(name);
+    if (this.recording) {
+      this.delegate.setOperationName(name);
+    }
     return this;
   }
 
@@ -102,10 +133,14 @@ public boolean isRecording() {
     return this.recording;
   }
 
-  AgentScope activate() {
+  public AgentScope activate() {
     return activateSpan(this.delegate);
   }
 
+  public AgentSpan.Context getAgentSpanContext() {
+    return this.delegate.context();
+  }
+
   private static class NoopSpan implements Span {
     private static final Span INSTANCE = new NoopSpan();
 
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpanBuilder.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpanBuilder.java
similarity index 77%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpanBuilder.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpanBuilder.java
index c074db566f3..b39118edcc9 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpanBuilder.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpanBuilder.java
@@ -1,6 +1,6 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
-import static datadog.trace.instrumentation.opentelemetry14.OtelExtractedContext.extract;
+import static datadog.trace.instrumentation.opentelemetry14.trace.OtelExtractedContext.extract;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
@@ -12,6 +12,7 @@
 import io.opentelemetry.api.trace.SpanContext;
 import io.opentelemetry.api.trace.SpanKind;
 import io.opentelemetry.context.Context;
+import java.util.List;
 import java.util.Locale;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.ParametersAreNonnullByDefault;
@@ -79,7 +80,27 @@ public SpanBuilder setAttribute(String key, boolean value) {
 
   @Override
   public <T> SpanBuilder setAttribute(AttributeKey<T> key, T value) {
-    this.delegate.withTag(key.getKey(), value);
+    switch (key.getType()) {
+      case STRING_ARRAY:
+      case BOOLEAN_ARRAY:
+      case LONG_ARRAY:
+      case DOUBLE_ARRAY:
+        if (value instanceof List) {
+          List<?> valueList = (List<?>) value;
+          if (valueList.isEmpty()) {
+            // Store as object to prevent delegate to remove tag when value is empty
+            this.delegate.withTag(key.getKey(), (Object) "");
+          } else {
+            for (int index = 0; index < valueList.size(); index++) {
+              this.delegate.withTag(key.getKey() + "." + index, valueList.get(index));
+            }
+          }
+        }
+        break;
+      default:
+        this.delegate.withTag(key.getKey(), value);
+        break;
+    }
     return this;
   }
 
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpanContext.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpanContext.java
similarity index 83%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpanContext.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpanContext.java
index 15b9765a530..10bb5dc987c 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelSpanContext.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelSpanContext.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
 import datadog.trace.api.DDSpanId;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
@@ -57,4 +57,18 @@ public TraceState getTraceState() {
   public boolean isRemote() {
     return this.remote;
   }
+
+  @Override
+  public String toString() {
+    return "OtelSpanContext{"
+        + "traceId='"
+        + getTraceId()
+        + "', spanId='"
+        + getSpanId()
+        + "', sampled="
+        + this.sampled
+        + ", remote="
+        + this.remote
+        + '}';
+  }
 }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracer.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracer.java
similarity index 93%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracer.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracer.java
index f755723b93e..0ce1f69bbd9 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracer.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracer.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import io.opentelemetry.api.trace.SpanBuilder;
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracerBuilder.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracerBuilder.java
similarity index 92%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracerBuilder.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracerBuilder.java
index 54db5c6ee25..4db53bde598 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracerBuilder.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracerBuilder.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
 import io.opentelemetry.api.trace.Tracer;
 import io.opentelemetry.api.trace.TracerBuilder;
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracerProvider.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracerProvider.java
similarity index 96%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracerProvider.java
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracerProvider.java
index 673c43c0809..57aee97d61b 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/OtelTracerProvider.java
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/main/java/datadog/trace/instrumentation/opentelemetry14/trace/OtelTracerProvider.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.opentelemetry14;
+package datadog.trace.instrumentation.opentelemetry14.trace;
 
 import io.opentelemetry.api.trace.Tracer;
 import io.opentelemetry.api.trace.TracerBuilder;
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14Test.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14Test.groovy
index c3664099d53..ca0952048e5 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14Test.groovy
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14Test.groovy
@@ -2,10 +2,14 @@ import datadog.trace.agent.test.AgentTestRunner
 import datadog.trace.api.DDTags
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import io.opentelemetry.api.GlobalOpenTelemetry
+import io.opentelemetry.api.common.AttributeKey
 import io.opentelemetry.api.trace.SpanKind
 import io.opentelemetry.context.Context
+import io.opentelemetry.context.ThreadLocalContextStorage
 import spock.lang.Subject
 
+import java.security.InvalidParameterException
+
 import static io.opentelemetry.api.trace.StatusCode.ERROR
 import static io.opentelemetry.api.trace.StatusCode.OK
 import static io.opentelemetry.api.trace.StatusCode.UNSET
@@ -153,9 +157,18 @@ class OpenTelemetry14Test extends AgentTestRunner {
     if (tagBuilder) {
       builder.setAttribute(DDTags.RESOURCE_NAME, "some-resource")
         .setAttribute("string", "a")
+        .setAttribute("null-string", null)
         .setAttribute("empty_string", "")
         .setAttribute("number", 1)
         .setAttribute("boolean", true)
+        .setAttribute(AttributeKey.stringKey("null-string-attribute"), null)
+        .setAttribute(AttributeKey.stringKey("empty-string-attribute"), "")
+        .setAttribute(AttributeKey.stringArrayKey("string-array"), ["a", "b", "c"])
+        .setAttribute(AttributeKey.booleanArrayKey("boolean-array"), [true, false])
+        .setAttribute(AttributeKey.longArrayKey("long-array"), [1L, 2L, 3L, 4L])
+        .setAttribute(AttributeKey.doubleArrayKey("double-array"), [1.23D, 4.56D])
+        .setAttribute(AttributeKey.stringArrayKey("empty-array"), Collections.emptyList())
+        .setAttribute(AttributeKey.stringArrayKey("null-array"), null)
     }
     def result = builder.startSpan()
     if (tagSpan) {
@@ -164,6 +177,14 @@ class OpenTelemetry14Test extends AgentTestRunner {
       result.setAttribute("empty_string", "")
       result.setAttribute("number", 2)
       result.setAttribute("boolean", false)
+      result.setAttribute(AttributeKey.stringKey("null-string-attribute"), null)
+      result.setAttribute(AttributeKey.stringKey("empty-string-attribute"), "")
+      result.setAttribute(AttributeKey.stringArrayKey("string-array"), ["d", "e", "f"])
+      result.setAttribute(AttributeKey.booleanArrayKey("boolean-array"), [false, true])
+      result.setAttribute(AttributeKey.longArrayKey("long-array"), [5L, 6L, 7L, 8L])
+      result.setAttribute(AttributeKey.doubleArrayKey("double-array"), [2.34D, 5.67D])
+      result.setAttribute(AttributeKey.stringArrayKey("empty-array"), Collections.emptyList())
+      result.setAttribute(AttributeKey.stringArrayKey("null-array"), null)
     }
 
     when:
@@ -189,11 +210,37 @@ class OpenTelemetry14Test extends AgentTestRunner {
               "empty_string" ""
               "number" 2
               "boolean" false
+              "empty-string-attribute" ""
+              "string-array.0" "d"
+              "string-array.1" "e"
+              "string-array.2" "f"
+              "boolean-array.0" false
+              "boolean-array.1" true
+              "long-array.0" 5L
+              "long-array.1" 6L
+              "long-array.2" 7L
+              "long-array.3" 8L
+              "double-array.0" 2.34D
+              "double-array.1" 5.67D
+              "empty-array" ""
             } else if (tagBuilder) {
               "string" "a"
               "empty_string" ""
               "number" 1
               "boolean" true
+              "empty-string-attribute" ""
+              "string-array.0" "a"
+              "string-array.1" "b"
+              "string-array.2" "c"
+              "boolean-array.0" true
+              "boolean-array.1" false
+              "long-array.0" 1L
+              "long-array.1" 2L
+              "long-array.2" 3L
+              "long-array.3" 4L
+              "double-array.0" 1.23D
+              "double-array.1" 4.56D
+              "empty-array" ""
             }
             defaultTags()
           }
@@ -313,6 +360,48 @@ class OpenTelemetry14Test extends AgentTestRunner {
     }
   }
 
+  def "test span record exception"() {
+    setup:
+    def builder = tracer.spanBuilder("some-name")
+    def result = builder.startSpan()
+    def message = "input can't be null"
+    def exception = new InvalidParameterException(message)
+
+    expect:
+    result.delegate.getTag(DDTags.ERROR_MSG) == null
+    result.delegate.getTag(DDTags.ERROR_TYPE) == null
+    result.delegate.getTag(DDTags.ERROR_STACK) == null
+    !result.delegate.isError()
+
+    when:
+    result.recordException(exception)
+
+    then:
+    result.delegate.getTag(DDTags.ERROR_MSG) == message
+    result.delegate.getTag(DDTags.ERROR_TYPE) == InvalidParameterException.name
+    result.delegate.getTag(DDTags.ERROR_STACK) != null
+    !result.delegate.isError()
+
+    when:
+    result.end()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          parent()
+          operationName "some-name"
+          resourceName "some-name"
+          errored false
+          tags {
+            defaultTags()
+            errorTags(exception)
+          }
+        }
+      }
+    }
+  }
+
   def "test span name update"() {
     setup:
     def builder = tracer.spanBuilder("some-name")
@@ -341,4 +430,41 @@ class OpenTelemetry14Test extends AgentTestRunner {
       }
     }
   }
+
+  def "test span update after end"() {
+    setup:
+    def builder = tracer.spanBuilder("some-name")
+    def result = builder.startSpan()
+
+    when:
+    result.setAttribute("string", "value")
+    result.setStatus(ERROR)
+    result.end()
+    result.updateName("other-name")
+    result.setAttribute("string", "other-value")
+    result.setStatus(OK)
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          parent()
+          operationName "some-name"
+          errored true
+          tags {
+            defaultTags()
+            "string" "value"
+          }
+        }
+      }
+    }
+  }
+
+  @Override
+  void cleanup() {
+    // Test for context leak
+    assert Context.current() == Context.root()
+    // Safely reset OTel context storage
+    ThreadLocalContextStorage.THREAD_LOCAL_STORAGE.remove()
+  }
 }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14ContextTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/ContextTest.groovy
similarity index 74%
rename from dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14ContextTest.groovy
rename to dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/ContextTest.groovy
index 1b7f732f50e..3c1805133a8 100644
--- a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/OpenTelemetry14ContextTest.groovy
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/ContextTest.groovy
@@ -1,21 +1,19 @@
+package opentelemetry14.context
+
 import datadog.trace.agent.test.AgentTestRunner
 import datadog.trace.api.DDSpanId
-import datadog.trace.api.DDTraceId
-import datadog.trace.instrumentation.opentelemetry14.OtelContext
 import io.opentelemetry.api.GlobalOpenTelemetry
 import io.opentelemetry.api.trace.Span
-import io.opentelemetry.api.trace.propagation.W3CTraceContextPropagator
 import io.opentelemetry.context.Context
 import io.opentelemetry.context.ContextKey
-import io.opentelemetry.context.propagation.TextMapGetter
-import io.opentelemetry.context.propagation.TextMapSetter
+import io.opentelemetry.context.ThreadLocalContextStorage
 import spock.lang.Subject
 
-import javax.annotation.Nullable
-
 import static datadog.trace.bootstrap.instrumentation.api.ScopeSource.MANUAL
+import static datadog.trace.instrumentation.opentelemetry14.context.OtelContext.DATADOG_CONTEXT_ROOT_SPAN_KEY
+import static datadog.trace.instrumentation.opentelemetry14.context.OtelContext.OTEL_CONTEXT_SPAN_KEY
 
-class OpenTelemetry14ContextTest extends AgentTestRunner {
+class ContextTest extends AgentTestRunner {
   @Subject
   def tracer = GlobalOpenTelemetry.get().tracerProvider.get("context-instrumentation")
 
@@ -172,6 +170,15 @@ class OpenTelemetry14ContextTest extends AgentTestRunner {
     !currentSpan.spanContext.isValid()
   }
 
+  def "test clearing context"() {
+    when:
+    def rootScope = Context.root().makeCurrent()
+    then:
+    Context.current() == Context.root()
+    cleanup:
+    rootScope.close()
+  }
+
   def "test mixing manual and OTel instrumentation"() {
     setup:
     def otelParentSpan = tracer.spanBuilder("some-name").startSpan()
@@ -232,8 +239,8 @@ class OpenTelemetry14ContextTest extends AgentTestRunner {
     setup:
     def parentSpan = tracer.spanBuilder("some-name").startSpan()
     def parentScope = parentSpan.makeCurrent()
-    def currentSpanKey = ContextKey.named(OtelContext.OTEL_CONTEXT_SPAN_KEY)
-    def rootSpanKey = ContextKey.named(OtelContext.DATADOG_CONTEXT_ROOT_SPAN_KEY)
+    def currentSpanKey = ContextKey.named(OTEL_CONTEXT_SPAN_KEY)
+    def rootSpanKey = ContextKey.named(DATADOG_CONTEXT_ROOT_SPAN_KEY)
 
     when:
     def current = Context.current()
@@ -265,59 +272,11 @@ class OpenTelemetry14ContextTest extends AgentTestRunner {
     parentSpan.end()
   }
 
-  def "test context extraction and injection"() {
-    setup:
-    def propagator = W3CTraceContextPropagator.getInstance()
-    def httpHeaders = ['traceparent': traceparent]
-    def context = propagator.extract(Context.root(), httpHeaders, new TextMapGetter<Map<String, String>>() {
-        @Override
-        Iterable<String> keys(Map<String, String> carrier) {
-          return carrier.keySet()
-        }
-
-        @Override
-        String get(@Nullable Map<String, String> carrier, String key) {
-          return carrier.get(key)
-        }
-      })
-
-    def localSpan = tracer.spanBuilder("some-name")
-      .setParent(context)
-      .startSpan()
-
-    when:
-    def localSpanContext = localSpan.getSpanContext()
-    def localSpanId = localSpanContext.getSpanId()
-    def spanSampled = localSpanContext.getTraceFlags().isSampled()
-    def scope = localSpan.makeCurrent()
-    Map<String, String> injectedHeaders = [:]
-    propagator.inject(Context.current(), injectedHeaders, new TextMapSetter<Map<String, String>>() {
-        @Override
-        void set(@Nullable Map<String, String> carrier, String key, String value) {
-          carrier.put(key, value)
-        }
-      })
-    scope.close()
-    localSpan.end()
-
-    then:
-    assertTraces(1) {
-      trace(1) {
-        span {
-          operationName "some-name"
-          traceDDId(DDTraceId.fromHex(traceId))
-          parentSpanId(DDSpanId.fromHex(spanId).toLong() as BigInteger)
-        }
-      }
-    }
-    spanSampled == sampled
-    injectedHeaders == ['traceparent': "00-$traceId-$localSpanId-$sampleFlag" as String]
-
-    where:
-    traceId | spanId | sampled
-    '00000000000000001111111111111111' | '2222222222222222' | true
-    '00000000000000001111111111111111' | '2222222222222222' | false
-    sampleFlag = sampled ? '01' : '00'
-    traceparent = "00-$traceId-$spanId-$sampleFlag" as String
+  @Override
+  void cleanup() {
+    // Test for context leak
+    assert Context.current() == Context.root()
+    // Safely reset OTel context storage
+    ThreadLocalContextStorage.THREAD_LOCAL_STORAGE.remove()
   }
 }
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/AbstractPropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/AbstractPropagatorTest.groovy
new file mode 100644
index 00000000000..351ea547b24
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/AbstractPropagatorTest.groovy
@@ -0,0 +1,127 @@
+package opentelemetry14.context.propagation
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.DD128bTraceId
+import datadog.trace.api.DDSpanId
+import io.opentelemetry.api.GlobalOpenTelemetry
+import io.opentelemetry.context.Context
+import io.opentelemetry.context.ThreadLocalContextStorage
+import io.opentelemetry.context.propagation.TextMapGetter
+import io.opentelemetry.context.propagation.TextMapPropagator
+import io.opentelemetry.context.propagation.TextMapSetter
+import spock.lang.Subject
+
+import javax.annotation.Nullable
+
+abstract class AbstractPropagatorTest extends AgentTestRunner {
+  @Subject
+  def tracer = GlobalOpenTelemetry.get().tracerProvider.get("propagator" + Math.random()) // TODO FIX LATER
+
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.integration.opentelemetry.experimental.enabled", "true")
+    injectSysConfig("dd.trace.propagation.style", style())
+  }
+
+  /**
+   * Gets the propagation style to configure to the agent.
+   * @return The propagation style.
+   */
+  abstract String style()
+
+  /**
+   * Gets the propagator to test.
+   * @return The propagator to test.
+   */
+  abstract TextMapPropagator propagator()
+
+  /**
+   * Get the test values as an array:
+   * <ol>
+   *   <li>Headers map</li>
+   *   <li>Trace id</li>
+   *   <li>Span id</li>
+   *   <li>Whether the parent span is sampled</li>
+   *  </ol>
+   *
+   * @return The tests values.
+   */
+  abstract values()
+
+  /**
+   * Evaluates the injected headers of a child span from a continuing trace.
+   * @param headers The injected headers.
+   * @param traceId The continued trace identifier.
+   * @param spanId The child span identifier.
+   * @param sampled Whether the child span is sampled.
+   */
+  abstract void assertInjectedHeaders(Map<String, String> headers, String traceId, String spanId, boolean sampled)
+
+  def "test context extraction and injection"() {
+    setup:
+    def propagator = propagator()
+
+    when:
+    def context = propagator.extract(Context.root(), headers, new TextMap())
+
+    then:
+    context != Context.root()
+
+    when:
+    def localSpan = tracer.spanBuilder("some-name")
+      .setParent(context)
+      .startSpan()
+    def localSpanContext = localSpan.getSpanContext()
+    def localSpanId = localSpanContext.getSpanId()
+    def spanSampled = localSpanContext.getTraceFlags().isSampled()
+    def scope = localSpan.makeCurrent()
+    Map<String, String> injectedHeaders = [:]
+    propagator.inject(Context.current(), injectedHeaders, new TextMap())
+    scope.close()
+    localSpan.end()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          operationName "some-name"
+          traceDDId(DD128bTraceId.fromHex(traceId))
+          parentSpanId(DDSpanId.fromHex(spanId).toLong() as BigInteger)
+        }
+      }
+    }
+    spanSampled == sampled
+    assertInjectedHeaders(injectedHeaders, traceId, localSpanId, sampled)
+
+    where:
+    values << values()
+    (headers, traceId, spanId, sampled) = values
+  }
+
+  @Override
+  void cleanup() {
+    // Test for context leak
+    assert Context.current() == Context.root()
+    // Safely reset OTel context storage
+    ThreadLocalContextStorage.THREAD_LOCAL_STORAGE.remove()
+  }
+
+  static class TextMap implements TextMapGetter<Map<String, String>>, TextMapSetter<Map<String, String>> {
+    @Override
+    Iterable<String> keys(Map<String, String> carrier) {
+      return carrier.keySet()
+    }
+
+    @Override
+    String get(@Nullable Map<String, String> carrier, String key) {
+      return carrier.get(key)
+    }
+
+    @Override
+    void set(@Nullable Map<String, String> carrier, String key, String value) {
+      carrier.put(key, value)
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/AgentPropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/AgentPropagatorTest.groovy
new file mode 100644
index 00000000000..f221ddf19da
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/AgentPropagatorTest.groovy
@@ -0,0 +1,12 @@
+package opentelemetry14.context.propagation
+
+import io.opentelemetry.api.GlobalOpenTelemetry
+import io.opentelemetry.context.propagation.TextMapPropagator
+
+abstract class AgentPropagatorTest extends AbstractPropagatorTest {
+  @Override
+  TextMapPropagator propagator() {
+    // Get agent propagator injected by instrumentation
+    return GlobalOpenTelemetry.get().getPropagators().getTextMapPropagator()
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/B3MultiPropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/B3MultiPropagatorTest.groovy
new file mode 100644
index 00000000000..b533fc797c8
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/B3MultiPropagatorTest.groovy
@@ -0,0 +1,32 @@
+package opentelemetry14.context.propagation
+
+import static datadog.trace.core.propagation.B3HttpCodec.SAMPLING_PRIORITY_KEY
+import static datadog.trace.core.propagation.B3HttpCodec.SPAN_ID_KEY
+import static datadog.trace.core.propagation.B3HttpCodec.TRACE_ID_KEY
+
+class B3MultiPropagatorTest extends AgentPropagatorTest {
+  @Override
+  String style() {
+    return 'b3multi'
+  }
+
+  @Override
+  def values() {
+    // spotless:off
+    return [
+      [[(TRACE_ID_KEY): '1', (SPAN_ID_KEY):'2'],                                                                             '1' ,                               '2' ,               false],
+      [[(TRACE_ID_KEY): '1111111111111111', (SPAN_ID_KEY):'2222222222222222'],                                               '1111111111111111'                , '2222222222222222', false],
+      [[(TRACE_ID_KEY): '11111111111111111111111111111111', (SPAN_ID_KEY):'2222222222222222'],                               '11111111111111111111111111111111', '2222222222222222', false],
+      [[(TRACE_ID_KEY): '11111111111111111111111111111111', (SPAN_ID_KEY):'2222222222222222', (SAMPLING_PRIORITY_KEY): '0'], '11111111111111111111111111111111', '2222222222222222', false],
+      [[(TRACE_ID_KEY): '11111111111111111111111111111111', (SPAN_ID_KEY):'2222222222222222', (SAMPLING_PRIORITY_KEY): '1'], '11111111111111111111111111111111', '2222222222222222', true],
+    ]
+    // spotless:on
+  }
+
+  @Override
+  void assertInjectedHeaders(Map<String, String> headers, String traceId, String spanId, boolean sampled) {
+    assert headers[TRACE_ID_KEY] == traceId.padLeft(32, '0')
+    assert headers[SPAN_ID_KEY] == spanId.padLeft(8, '0')
+    assert headers[SAMPLING_PRIORITY_KEY] == "1" // Deterministic sampler with rate to 1
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/B3SinglePropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/B3SinglePropagatorTest.groovy
new file mode 100644
index 00000000000..7f948760e99
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/B3SinglePropagatorTest.groovy
@@ -0,0 +1,29 @@
+package opentelemetry14.context.propagation
+
+import static datadog.trace.core.propagation.B3HttpCodec.B3_KEY
+
+class B3SinglePropagatorTest extends AgentPropagatorTest {
+  @Override
+  String style() {
+    return 'b3single'
+  }
+
+  @Override
+  def values() {
+    // spotless:off
+    return [
+      [[(B3_KEY): '1-2'], '1' , '2' , false],
+      [[(B3_KEY): '1111111111111111-2222222222222222'],                   '1111111111111111',                 '2222222222222222', false],
+      [[(B3_KEY): '11111111111111111111111111111111-2222222222222222'],   '11111111111111111111111111111111', '2222222222222222', false],
+      [[(B3_KEY): '11111111111111111111111111111111-2222222222222222-0'], '11111111111111111111111111111111', '2222222222222222', false],
+      [[(B3_KEY): '11111111111111111111111111111111-2222222222222222-1'], '11111111111111111111111111111111', '2222222222222222', true],
+    ]
+    // spotless:on
+  }
+
+  @Override
+  void assertInjectedHeaders(Map<String, String> headers, String traceId, String spanId, boolean sampled) {
+    def sampledValue = "1" // Deterministic sampler with rate to 1
+    assert headers[B3_KEY] == "${traceId.padLeft(32, '0')}-${spanId.padLeft(8, '0')}-$sampledValue"
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/DatadogPropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/DatadogPropagatorTest.groovy
new file mode 100644
index 00000000000..c3de55b4213
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/DatadogPropagatorTest.groovy
@@ -0,0 +1,41 @@
+package opentelemetry14.context.propagation
+
+
+import datadog.trace.api.DDTraceId
+
+import static datadog.trace.api.sampling.PrioritySampling.SAMPLER_KEEP
+import static datadog.trace.api.sampling.PrioritySampling.UNSET
+import static java.lang.Long.parseLong
+
+class DatadogPropagatorTest extends AgentPropagatorTest {
+  @Override
+  String style() {
+    return 'datadog'
+  }
+
+  def values() {
+    // spotless:off
+    return [
+      [['x-datadog-trace-id': "${parseLong('1111111111111111', 16)}", 'x-datadog-parent-id': "${parseLong('2222222222222222', 16)}"],                                                                                                 '00000000000000001111111111111111', '2222222222222222', false],
+      [['x-datadog-trace-id': "${parseLong('1111111111111111', 16)}", 'x-datadog-parent-id': "${parseLong('2222222222222222', 16)}", 'x-datadog-tags': '_dd.p.tid=1111111111111111'],                                                 '11111111111111111111111111111111', '2222222222222222', false],
+      [['x-datadog-trace-id': "${parseLong('1111111111111111', 16)}", 'x-datadog-parent-id': "${parseLong('2222222222222222', 16)}", 'x-datadog-sampling-priority': "$SAMPLER_KEEP", 'x-datadog-tags': '_dd.p.tid=1111111111111111'], '11111111111111111111111111111111', '2222222222222222', true],
+      [['x-datadog-trace-id': "${parseLong('1111111111111111', 16)}", 'x-datadog-parent-id': "${parseLong('2222222222222222', 16)}", 'x-datadog-sampling-priority': "$UNSET", 'x-datadog-tags': '_dd.p.tid=1111111111111111'],        '11111111111111111111111111111111', '2222222222222222', false],
+    ]
+    // spotless:on
+  }
+
+  void assertInjectedHeaders(Map<String, String> headers, String traceId, String spanId, boolean sampled) {
+    assert headers['x-datadog-trace-id'] == Long.toString(DDTraceId.fromHex(traceId).toLong())
+    assert headers['x-datadog-parent-id'] == spanId.replaceAll('^0+(?!$)', '')
+    def tags = []
+    if (!sampled) {
+      tags+= '_dd.p.dm=-1'
+    }
+    def highOrderBits = traceId.substring(0, 16)
+    if (highOrderBits != '0000000000000000') {
+      tags+= '_dd.p.tid='+highOrderBits
+    }
+    assert headers['x-datadog-tags'] == tags.join(',')
+    assert headers['x-datadog-sampling-priority'] == '1' // Deterministic sampler with rate to 1
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/OtelW3cPropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/OtelW3cPropagatorTest.groovy
new file mode 100644
index 00000000000..6a63e4a2e47
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/OtelW3cPropagatorTest.groovy
@@ -0,0 +1,34 @@
+package opentelemetry14.context.propagation
+
+
+import io.opentelemetry.api.trace.propagation.W3CTraceContextPropagator
+import io.opentelemetry.context.propagation.TextMapPropagator
+
+class OtelW3cPropagatorTest extends AbstractPropagatorTest {
+  @Override
+  String style() {
+    return 'datadog'
+  }
+
+  @Override
+  TextMapPropagator propagator() {
+    // OpenTelemetry API W3C propagator
+    return W3CTraceContextPropagator.getInstance()
+  }
+
+  @Override
+  def values() {
+    // spotless:off
+    return [
+      [['traceparent': '00-00000000000000001111111111111111-2222222222222222-00'], '00000000000000001111111111111111', '2222222222222222', false],
+      [['traceparent': '00-00000000000000001111111111111111-2222222222222222-01'], '00000000000000001111111111111111', '2222222222222222', true],
+    ]
+    // spotless:on
+  }
+
+  @Override
+  void assertInjectedHeaders(Map<String, String> headers, String traceId, String spanId, boolean sampled) {
+    def sampleFlag = sampled ? '01' : '00'
+    assert headers['traceparent'] ==  "00-$traceId-$spanId-$sampleFlag"
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/W3cPropagatorTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/W3cPropagatorTest.groovy
new file mode 100644
index 00000000000..72b1b57943f
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-1.4/src/test/groovy/opentelemetry14/context/propagation/W3cPropagatorTest.groovy
@@ -0,0 +1,24 @@
+package opentelemetry14.context.propagation
+
+class W3cPropagatorTest extends AgentPropagatorTest {
+  @Override
+  String style() {
+    return 'tracecontext'
+  }
+
+  @Override
+  def values() {
+    // spotless:off
+    return [
+      [['traceparent': '00-11111111111111111111111111111111-2222222222222222-00'], '11111111111111111111111111111111', '2222222222222222', false],
+      [['traceparent': '00-11111111111111111111111111111111-2222222222222222-01'], '11111111111111111111111111111111', '2222222222222222', true],
+    ]
+    // spotless:on
+  }
+
+  @Override
+  void assertInjectedHeaders(Map<String, String> headers, String traceId, String spanId, boolean sampled) {
+    def traceFlags = "01" // Deterministic sampler with rate to 1
+    assert headers['traceparent'] == "00-$traceId-$spanId-$traceFlags"
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/build.gradle b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/build.gradle
new file mode 100644
index 00000000000..56de3e48182
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/build.gradle
@@ -0,0 +1,23 @@
+def openTelemetryVersion = '1.20.0'
+
+muzzle {
+  pass {
+    module = 'opentelemetry-instrumentation-annotations'
+    group = 'io.opentelemetry.instrumentation'
+    versions = "[$openTelemetryVersion,)"
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'io.opentelemetry', name: 'opentelemetry-api', version: openTelemetryVersion
+  compileOnly group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: openTelemetryVersion
+  compileOnly group: 'com.google.auto.value', name: 'auto-value-annotations', version: '1.6.6'
+
+  testImplementation group: 'io.opentelemetry', name: 'opentelemetry-api', version: openTelemetryVersion
+  testImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: openTelemetryVersion
+  latestDepTestImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: '1+'
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAdvice.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAdvice.java
new file mode 100644
index 00000000000..b37b2413fe7
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAdvice.java
@@ -0,0 +1,31 @@
+package datadog.trace.instrumentation.opentelemetry.annotations;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.opentelemetry.annotations.WithSpanDecorator.DECORATE;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.lang.reflect.Method;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.implementation.bytecode.assign.Assigner;
+
+public class WithSpanAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  public static AgentScope onEnter(@Advice.Origin final Method method) {
+    AgentSpan span = DECORATE.startMethodSpan(method);
+    AgentScope scope = activateSpan(span);
+    scope.setAsyncPropagation(true);
+    return scope;
+  }
+
+  @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+  public static void stopSpan(
+      @Advice.Enter final AgentScope scope,
+      @Advice.Return(typing = Assigner.Typing.DYNAMIC, readOnly = false) Object result,
+      @Advice.Thrown final Throwable throwable) {
+    DECORATE.onError(scope, throwable);
+    DECORATE.beforeFinish(scope);
+    scope.close();
+    result = DECORATE.wrapAsyncResultOrFinishSpan(result, scope.span());
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAnnotationInstrumentation.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAnnotationInstrumentation.java
new file mode 100644
index 00000000000..bd2b9a5467b
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAnnotationInstrumentation.java
@@ -0,0 +1,66 @@
+package datadog.trace.instrumentation.opentelemetry.annotations;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.declaresMethod;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.isAnnotatedWith;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.hasParameters;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.whereAny;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public final class WithSpanAnnotationInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+
+  public WithSpanAnnotationInstrumentation() {
+    super("opentelemetry-annotations", "opentelemetry-annotations-1.20");
+  }
+
+  @Override
+  protected boolean defaultEnabled() {
+    return InstrumenterConfig.get().isTraceOtelEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "io.opentelemetry.instrumentation.annotations.WithSpan";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return declaresMethod(isAnnotatedWith(named(hierarchyMarkerType())));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      this.packageName + ".WithSpanDecorator",
+      this.packageName + ".WithSpanDecorator$1", // Switch over enum generated class
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    ElementMatcher.Junction<MethodDescription> annotatedMethodMatcher =
+        isAnnotatedWith(named(hierarchyMarkerType()));
+    ElementMatcher.Junction<MethodDescription> annotatedParametersMatcher =
+        hasParameters(
+            whereAny(
+                isAnnotatedWith(
+                    named("io.opentelemetry.instrumentation.annotations.SpanAttribute"))));
+    // Apply transformation without parameter capture
+    transformation.applyAdvice(
+        annotatedMethodMatcher.and(not(annotatedParametersMatcher)),
+        this.packageName + ".WithSpanAdvice");
+    // Apply transformation with parameter capture
+    transformation.applyAdvice(
+        annotatedMethodMatcher.and(annotatedParametersMatcher),
+        this.packageName + ".WithSpanAttributeAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAttributeAdvice.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAttributeAdvice.java
new file mode 100644
index 00000000000..3febd171487
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanAttributeAdvice.java
@@ -0,0 +1,28 @@
+package datadog.trace.instrumentation.opentelemetry.annotations;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.opentelemetry.annotations.WithSpanDecorator.DECORATE;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.lang.reflect.Method;
+import net.bytebuddy.asm.Advice;
+
+public class WithSpanAttributeAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  public static AgentScope onEnter(
+      @Advice.Origin final Method method, @Advice.AllArguments final Object[] args) {
+    AgentSpan span = DECORATE.startMethodSpan(method);
+    DECORATE.addTagsFromMethodArgs(span, method, args);
+    return activateSpan(span);
+  }
+
+  @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+  public static void stopSpan(
+      @Advice.Enter final AgentScope scope, @Advice.Thrown final Throwable throwable) {
+    DECORATE.onError(scope, throwable);
+    DECORATE.beforeFinish(scope);
+    scope.close();
+    scope.span().finish();
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanDecorator.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanDecorator.java
new file mode 100644
index 00000000000..782d0719c9f
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/WithSpanDecorator.java
@@ -0,0 +1,107 @@
+package datadog.trace.instrumentation.opentelemetry.annotations;
+
+import static datadog.trace.api.DDSpanTypes.HTTP_CLIENT;
+import static datadog.trace.api.DDSpanTypes.HTTP_SERVER;
+import static datadog.trace.api.DDSpanTypes.MESSAGE_CONSUMER;
+import static datadog.trace.api.DDSpanTypes.MESSAGE_PRODUCER;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static java.lang.Math.min;
+
+import datadog.trace.api.InstrumenterConfig;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator;
+import io.opentelemetry.api.trace.SpanKind;
+import io.opentelemetry.instrumentation.annotations.SpanAttribute;
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import java.lang.reflect.Method;
+import java.lang.reflect.Parameter;
+
+public class WithSpanDecorator extends AsyncResultDecorator {
+  public static final WithSpanDecorator DECORATE = new WithSpanDecorator();
+  private static final String INSTRUMENTATION_NAME = "opentelemetry-annotations";
+  private static final CharSequence OPENTELEMETRY = UTF8BytesString.create("opentelemetry");
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"opentelemetry-annotations", "opentelemetry-annotations-1"};
+  }
+
+  @Override
+  protected CharSequence spanType() {
+    return null; // Will be defined per span from WithSpan annotation parameter
+  }
+
+  @Override
+  protected CharSequence component() {
+    return OPENTELEMETRY;
+  }
+
+  public AgentSpan startMethodSpan(Method method) {
+    CharSequence operationName = null;
+    CharSequence spanType = null;
+
+    WithSpan withSpanAnnotation = method.getAnnotation(WithSpan.class);
+    if (withSpanAnnotation != null) {
+      operationName = withSpanAnnotation.value();
+      spanType = convertToSpanType(withSpanAnnotation.kind());
+    }
+
+    if (operationName == null || operationName.length() == 0) {
+      operationName = DECORATE.spanNameForMethod(method);
+    }
+
+    AgentSpan span = startSpan(INSTRUMENTATION_NAME, operationName);
+    DECORATE.afterStart(span);
+
+    if (spanType != null) {
+      span.setSpanType(spanType);
+    }
+    if (InstrumenterConfig.get().isMethodMeasured(method)) {
+      span.setMeasured(true);
+    }
+
+    return span;
+  }
+
+  private static String convertToSpanType(SpanKind kind) {
+    if (kind == null) {
+      return null;
+    }
+    switch (kind) {
+      case SERVER:
+        return HTTP_SERVER;
+      case CLIENT:
+        return HTTP_CLIENT;
+      case PRODUCER:
+        return MESSAGE_PRODUCER;
+      case CONSUMER:
+        return MESSAGE_CONSUMER;
+      case INTERNAL:
+      default:
+        return null;
+    }
+  }
+
+  public void addTagsFromMethodArgs(AgentSpan span, Method method, Object[] args) {
+    Parameter[] parameters = method.getParameters();
+    for (int parameterIndex = 0;
+        parameterIndex < min(parameters.length, args.length);
+        parameterIndex++) {
+      Parameter parameter = parameters[parameterIndex];
+      SpanAttribute annotation = parameter.getAnnotation(SpanAttribute.class);
+      if (annotation != null) {
+        // Get name from annotation value
+        String name = annotation.value();
+        // If name is missing, try to get it from parameter description (absent by default)
+        if ((name == null || name.isEmpty()) && parameter.isNamePresent()) {
+          name = parameter.getName();
+        }
+        if (name != null) {
+          span.setTag(name, args[parameterIndex]);
+        }
+        break;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/groovy/SpanAttributeAnnotationTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/groovy/SpanAttributeAnnotationTest.groovy
new file mode 100644
index 00000000000..48e1d32b329
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/groovy/SpanAttributeAnnotationTest.groovy
@@ -0,0 +1,44 @@
+import annotatedsample.TracedMethods
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+
+class SpanAttributeAnnotationTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.20.enabled", "true")
+  }
+
+  def "test SpanAttribute annotated #type parameter"() {
+    setup:
+    def methodName = "sayHelloWith${typeName}Attribute"
+    TracedMethods."$methodName"(value)
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.$methodName"
+          operationName "TracedMethods.$methodName"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            "custom-tag" value
+          }
+        }
+      }
+    }
+
+    where:
+    type     | value
+    'String' | 'value'
+    'int'    | 12
+    'long'   | 23456L
+    'list'   | ['value1', 'value2', 'value3']
+    typeName = type.substring(0, 1).toUpperCase() + type.substring(1)
+  }
+}
+
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/groovy/WithSpanAnnotationTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/groovy/WithSpanAnnotationTest.groovy
new file mode 100644
index 00000000000..57d8c600d81
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/groovy/WithSpanAnnotationTest.groovy
@@ -0,0 +1,275 @@
+import annotatedsample.TracedMethods
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.bootstrap.instrumentation.api.Tags
+
+import java.util.concurrent.CountDownLatch
+
+class WithSpanAnnotationTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.20.enabled", "true")
+    injectSysConfig("dd.measure.methods", "${TracedMethods.name}[sayHelloMeasured]")
+  }
+
+  def "test WithSpan annotated method"() {
+    setup:
+    TracedMethods.sayHello()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName "custom-service-name"
+          resourceName "TracedMethods.sayHello"
+          operationName "TracedMethods.sayHello"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated method with custom value"() {
+    setup:
+    TracedMethods.sayHelloWithCustomOperationName()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName "custom-service-name"
+          resourceName "custom-operation-name"
+          operationName "custom-operation-name"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated method with #kind kind"() {
+    setup:
+    def methodName = "sayHelloWith${kindName}Kind"
+    TracedMethods."$methodName"()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.${methodName}"
+          operationName "TracedMethods.${methodName}"
+          parent()
+          spanType(type)
+          errored false
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+
+    where:
+    kind       | type
+    'SERVER'   | DDSpanTypes.HTTP_SERVER
+    'CLIENT'   | DDSpanTypes.HTTP_CLIENT
+    'PRODUCER' | DDSpanTypes.MESSAGE_PRODUCER
+    'CONSUMER' | DDSpanTypes.MESSAGE_CONSUMER
+    'INTERNAL' | null
+    kindName = kind.substring(0, 1) + kind.substring(1).toLowerCase()
+  }
+
+  def "test WithSpan annotated method throwing exception"() {
+    setup:
+    Throwable error = null
+    try {
+      TracedMethods.throwException()
+    } catch (final Throwable ex) {
+      error = ex
+    }
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.throwException"
+          operationName "TracedMethods.throwException"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(error.class, error.getMessage())
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated anonymous inner method"() {
+    setup:
+    TracedMethods.traceAnonymousInnerClass()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods\$1.call"
+          operationName "TracedMethods\$1.call"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (CompletableFuture)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def completableFuture = TracedMethods.traceAsyncCompletableFuture(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    completableFuture.join()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.traceAsyncCompletableFuture"
+          operationName "TracedMethods.traceAsyncCompletableFuture"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (failing CompletableFuture)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new RuntimeException("Test exception")
+    def completableFuture = TracedMethods.traceAsyncFailingCompletableFuture(latch, expectedException)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    completableFuture.join()
+
+    then:
+    thrown(RuntimeException)
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.traceAsyncFailingCompletableFuture"
+          operationName "TracedMethods.traceAsyncFailingCompletableFuture"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (CompletionStage)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def completionStage = TracedMethods.traceAsyncCompletionStage(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    completionStage.toCompletableFuture().join()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.traceAsyncCompletionStage"
+          operationName "TracedMethods.traceAsyncCompletionStage"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (failing CompletionStage)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new RuntimeException("Test exception")
+    def completionStage = TracedMethods.traceAsyncFailingCompletionStage(latch, expectedException)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    completionStage.toCompletableFuture().join()
+
+    then:
+    thrown(RuntimeException)
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.traceAsyncFailingCompletionStage"
+          operationName "TracedMethods.traceAsyncFailingCompletionStage"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated measured method"() {
+    setup:
+    TracedMethods.sayHelloMeasured()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "TracedMethods.sayHelloMeasured"
+          operationName "TracedMethods.sayHelloMeasured"
+          parent()
+          errored false
+          measured true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/java/annotatedsample/TracedMethods.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/java/annotatedsample/TracedMethods.java
new file mode 100644
index 00000000000..819b5afb456
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.20/src/test/java/annotatedsample/TracedMethods.java
@@ -0,0 +1,145 @@
+package annotatedsample;
+
+import static datadog.trace.api.DDTags.SERVICE_NAME;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static io.opentelemetry.api.trace.SpanKind.CLIENT;
+import static io.opentelemetry.api.trace.SpanKind.CONSUMER;
+import static io.opentelemetry.api.trace.SpanKind.INTERNAL;
+import static io.opentelemetry.api.trace.SpanKind.PRODUCER;
+import static io.opentelemetry.api.trace.SpanKind.SERVER;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import io.opentelemetry.instrumentation.annotations.SpanAttribute;
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import java.util.List;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
+import java.util.concurrent.CountDownLatch;
+
+public class TracedMethods {
+  @WithSpan
+  public static String sayHello() {
+    activeSpan().setTag(SERVICE_NAME, "custom-service-name");
+    return "hello!";
+  }
+
+  @WithSpan(value = "custom-operation-name")
+  public static String sayHelloWithCustomOperationName() {
+    activeSpan().setTag(SERVICE_NAME, "custom-service-name");
+    return "hello!";
+  }
+
+  @WithSpan(kind = SERVER)
+  public static String sayHelloWithServerKind() {
+    return "hello!";
+  }
+
+  @WithSpan(kind = CLIENT)
+  public static String sayHelloWithClientKind() {
+    return "hello!";
+  }
+
+  @WithSpan(kind = PRODUCER)
+  public static String sayHelloWithProducerKind() {
+    return "hello!";
+  }
+
+  @WithSpan(kind = CONSUMER)
+  public static String sayHelloWithConsumerKind() {
+    return "hello!";
+  }
+
+  @WithSpan(kind = INTERNAL)
+  public static String sayHelloWithInternalKind() {
+    return "hello!";
+  }
+
+  @WithSpan
+  public static String sayHelloWithStringAttribute(@SpanAttribute("custom-tag") String param) {
+    return "hello!";
+  }
+
+  @WithSpan
+  public static String sayHelloWithIntAttribute(@SpanAttribute("custom-tag") int param) {
+    return "hello!";
+  }
+
+  @WithSpan
+  public static String sayHelloWithLongAttribute(@SpanAttribute("custom-tag") long param) {
+    return "hello!";
+  }
+
+  @WithSpan
+  public static String sayHelloWithListAttribute(@SpanAttribute("custom-tag") List<?> param) {
+    return "hello!";
+  }
+
+  @WithSpan
+  public static void throwException() {
+    throw new RuntimeException("Some exception");
+  }
+
+  public static String traceAnonymousInnerClass() {
+    return new Callable<String>() {
+      @WithSpan
+      @Override
+      public String call() {
+        return "hello!";
+      }
+    }.call();
+  }
+
+  @WithSpan
+  public static CompletableFuture<String> traceAsyncCompletableFuture(CountDownLatch latch) {
+    return CompletableFuture.supplyAsync(
+        () -> {
+          await(latch);
+          return "hello!";
+        });
+  }
+
+  @WithSpan
+  public static CompletableFuture<String> traceAsyncFailingCompletableFuture(
+      CountDownLatch latch, RuntimeException exception) {
+    return CompletableFuture.supplyAsync(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static CompletionStage<String> traceAsyncCompletionStage(CountDownLatch latch) {
+    return CompletableFuture.supplyAsync(
+        () -> {
+          await(latch);
+          return "hello!";
+        });
+  }
+
+  @WithSpan
+  public static CompletionStage<String> traceAsyncFailingCompletionStage(
+      CountDownLatch latch, RuntimeException exception) {
+    return CompletableFuture.supplyAsync(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static String sayHelloMeasured() {
+    return "hello!";
+  }
+
+  private static void await(CountDownLatch latch) {
+    try {
+      if (!latch.await(5, SECONDS)) {
+        throw new IllegalStateException("Latch still locked");
+      }
+    } catch (InterruptedException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/build.gradle b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/build.gradle
new file mode 100644
index 00000000000..094cfbc7273
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/build.gradle
@@ -0,0 +1,26 @@
+def openTelemetryVersion = '1.26.0'
+
+muzzle {
+  pass {
+    module = 'opentelemetry-instrumentation-annotations'
+    group = 'io.opentelemetry.instrumentation'
+    versions = "[$openTelemetryVersion,)"
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  // Reuse span decorator
+  implementation project(':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.20')
+
+  compileOnly group: 'io.opentelemetry', name: 'opentelemetry-api', version: openTelemetryVersion
+  compileOnly group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: openTelemetryVersion
+  compileOnly group: 'com.google.auto.value', name: 'auto-value-annotations', version: '1.6.6'
+
+  testImplementation group: 'io.opentelemetry', name: 'opentelemetry-api', version: openTelemetryVersion
+  testImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: openTelemetryVersion
+  latestDepTestImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: '1+'
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/AddingSpanAttributesAdvice.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/AddingSpanAttributesAdvice.java
new file mode 100644
index 00000000000..051f5095f00
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/AddingSpanAttributesAdvice.java
@@ -0,0 +1,19 @@
+package datadog.trace.instrumentation.opentelemetry.annotations;
+
+import static datadog.trace.instrumentation.opentelemetry.annotations.WithSpanDecorator.DECORATE;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.lang.reflect.Method;
+import net.bytebuddy.asm.Advice;
+
+public class AddingSpanAttributesAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  public static void onEnter(
+      @Advice.Origin final Method method, @Advice.AllArguments final Object[] args) {
+    AgentSpan activeSpan = AgentTracer.get().activeSpan();
+    if (activeSpan != null) {
+      DECORATE.addTagsFromMethodArgs(activeSpan, method, args);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/AddingSpanAttributesInstrumentation.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/AddingSpanAttributesInstrumentation.java
new file mode 100644
index 00000000000..d26a0290b3f
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/main/java/datadog/trace/instrumentation/opentelemetry/annotations/AddingSpanAttributesInstrumentation.java
@@ -0,0 +1,60 @@
+package datadog.trace.instrumentation.opentelemetry.annotations;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.declaresMethod;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.isAnnotatedWith;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.hasParameters;
+import static net.bytebuddy.matcher.ElementMatchers.whereAny;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class AddingSpanAttributesInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+
+  public AddingSpanAttributesInstrumentation() {
+    super("opentelemetry-annotations", "opentelemetry-annotations-1.26");
+  }
+
+  @Override
+  protected boolean defaultEnabled() {
+    return InstrumenterConfig.get().isTraceOtelEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "io.opentelemetry.instrumentation.annotations.AddingSpanAttributes";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return declaresMethod(isAnnotatedWith(named(hierarchyMarkerType())));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      this.packageName + ".WithSpanDecorator",
+      this.packageName + ".WithSpanDecorator$1", // Switch over enum generated class
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    ElementMatcher.Junction<MethodDescription> annotatedMethodMatcher =
+        isAnnotatedWith(named(hierarchyMarkerType()));
+    ElementMatcher.Junction<MethodDescription> annotatedParametersMatcher =
+        hasParameters(
+            whereAny(
+                isAnnotatedWith(
+                    named("io.opentelemetry.instrumentation.annotations.SpanAttribute"))));
+    transformation.applyAdvice(
+        annotatedMethodMatcher.and(annotatedParametersMatcher),
+        this.packageName + ".AddingSpanAttributesAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/test/groovy/AddingSpanAttributesAnnotationTest.groovy b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/test/groovy/AddingSpanAttributesAnnotationTest.groovy
new file mode 100644
index 00000000000..a4bb4d02481
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/test/groovy/AddingSpanAttributesAnnotationTest.groovy
@@ -0,0 +1,69 @@
+import annotatedsample.AnnotatedMethods
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.ScopeSource
+
+class AddingSpanAttributesAnnotationTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.26.enabled", "true")
+  }
+
+  def "test AddingSpanAttributes annotated method with #type annotated parameter"() {
+    setup:
+    def methodName = "sayHelloWith${typeName}Attribute"
+    def testSpan = TEST_TRACER.startSpan("test", "operation")
+    def scope = TEST_TRACER.activateSpan(testSpan, ScopeSource.INSTRUMENTATION)
+    AnnotatedMethods."$methodName"(value)
+    scope.close()
+    testSpan.finish()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "operation"
+          operationName "operation"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+            "custom-tag" value
+          }
+        }
+      }
+    }
+
+    where:
+    type     | value
+    'String' | 'value'
+    'int'    | 12
+    'long'   | 23456L
+    'list'   | ['value1', 'value2', 'value3']
+    typeName = type.substring(0, 1).toUpperCase() + type.substring(1)
+  }
+
+  def "test AddingSpanAttributes annotated method is skipped if no active span"() {
+    setup:
+    def testSpan = TEST_TRACER.startSpan("test", "operation")
+    AnnotatedMethods.sayHelloWithStringAttribute('hello')
+    testSpan.finish()
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "operation"
+          operationName "operation"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+            "custom-tag" null
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/test/java/annotatedsample/AnnotatedMethods.java b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/test/java/annotatedsample/AnnotatedMethods.java
new file mode 100644
index 00000000000..54f63e68ffa
--- /dev/null
+++ b/dd-java-agent/instrumentation/opentelemetry/opentelemetry-annotations-1.26/src/test/java/annotatedsample/AnnotatedMethods.java
@@ -0,0 +1,27 @@
+package annotatedsample;
+
+import io.opentelemetry.instrumentation.annotations.AddingSpanAttributes;
+import io.opentelemetry.instrumentation.annotations.SpanAttribute;
+import java.util.List;
+
+public class AnnotatedMethods {
+  @AddingSpanAttributes
+  public static String sayHelloWithStringAttribute(@SpanAttribute("custom-tag") String param) {
+    return "hello!";
+  }
+
+  @AddingSpanAttributes
+  public static String sayHelloWithIntAttribute(@SpanAttribute("custom-tag") int param) {
+    return "hello!";
+  }
+
+  @AddingSpanAttributes
+  public static String sayHelloWithLongAttribute(@SpanAttribute("custom-tag") long param) {
+    return "hello!";
+  }
+
+  @AddingSpanAttributes
+  public static String sayHelloWithListAttribute(@SpanAttribute("custom-tag") List<?> param) {
+    return "hello!";
+  }
+}
diff --git a/dd-java-agent/instrumentation/opentracing/api-0.31/src/main/java/datadog/trace/instrumentation/opentracing31/OTTracer.java b/dd-java-agent/instrumentation/opentracing/api-0.31/src/main/java/datadog/trace/instrumentation/opentracing31/OTTracer.java
index f98a307959a..d28679dcd27 100644
--- a/dd-java-agent/instrumentation/opentracing/api-0.31/src/main/java/datadog/trace/instrumentation/opentracing31/OTTracer.java
+++ b/dd-java-agent/instrumentation/opentracing/api-0.31/src/main/java/datadog/trace/instrumentation/opentracing31/OTTracer.java
@@ -49,7 +49,7 @@ public <C> void inject(final SpanContext spanContext, final Format<C> format, fi
     if (carrier instanceof TextMap) {
       final AgentSpan.Context context = converter.toContext(spanContext);
 
-      tracer.inject(context, (TextMap) carrier, OTTextMapSetter.INSTANCE);
+      tracer.propagate().inject(context, (TextMap) carrier, OTTextMapSetter.INSTANCE);
     } else {
       log.debug("Unsupported format for propagation - {}", format.getClass().getName());
     }
@@ -59,7 +59,9 @@ public <C> void inject(final SpanContext spanContext, final Format<C> format, fi
   public <C> SpanContext extract(final Format<C> format, final C carrier) {
     if (carrier instanceof TextMap) {
       final AgentSpan.Context tagContext =
-          tracer.extract((TextMap) carrier, ContextVisitors.<TextMap>stringValuesEntrySet());
+          tracer
+              .propagate()
+              .extract((TextMap) carrier, ContextVisitors.<TextMap>stringValuesEntrySet());
 
       return converter.toSpanContext(tagContext);
     } else {
diff --git a/dd-java-agent/instrumentation/opentracing/api-0.31/src/test/groovy/TypeConverterTest.groovy b/dd-java-agent/instrumentation/opentracing/api-0.31/src/test/groovy/TypeConverterTest.groovy
index e31825ee492..94755887230 100644
--- a/dd-java-agent/instrumentation/opentracing/api-0.31/src/test/groovy/TypeConverterTest.groovy
+++ b/dd-java-agent/instrumentation/opentracing/api-0.31/src/test/groovy/TypeConverterTest.groovy
@@ -24,8 +24,8 @@ class TypeConverterTest extends AgentTestRunner {
 
   def "should avoid extra allocation for a span wrapper"() {
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     expect:
     // return the same wrapper for the same span
     typeConverter.toSpan(span1) is typeConverter.toSpan(span1)
@@ -52,8 +52,8 @@ class TypeConverterTest extends AgentTestRunner {
   def "should avoid extra allocation for a scope wrapper"() {
     def scopeManager = new ContinuableScopeManager(0, false, true)
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     def scope1 = scopeManager.activate(span1, ScopeSource.MANUAL)
     def scope2 = scopeManager.activate(span2, ScopeSource.MANUAL)
     expect:
diff --git a/dd-java-agent/instrumentation/opentracing/api-0.32/src/main/java/datadog/trace/instrumentation/opentracing32/OTTracer.java b/dd-java-agent/instrumentation/opentracing/api-0.32/src/main/java/datadog/trace/instrumentation/opentracing32/OTTracer.java
index 0bb86094909..79de6676172 100644
--- a/dd-java-agent/instrumentation/opentracing/api-0.32/src/main/java/datadog/trace/instrumentation/opentracing32/OTTracer.java
+++ b/dd-java-agent/instrumentation/opentracing/api-0.32/src/main/java/datadog/trace/instrumentation/opentracing32/OTTracer.java
@@ -61,7 +61,7 @@ public <C> void inject(final SpanContext spanContext, final Format<C> format, fi
     if (carrier instanceof TextMapInject) {
       final AgentSpan.Context context = converter.toContext(spanContext);
 
-      tracer.inject(context, (TextMapInject) carrier, OTTextMapInjectSetter.INSTANCE);
+      tracer.propagate().inject(context, (TextMapInject) carrier, OTTextMapInjectSetter.INSTANCE);
     } else {
       log.debug("Unsupported format for propagation - {}", format.getClass().getName());
     }
@@ -71,7 +71,9 @@ public <C> void inject(final SpanContext spanContext, final Format<C> format, fi
   public <C> SpanContext extract(final Format<C> format, final C carrier) {
     if (carrier instanceof TextMapExtract) {
       final AgentSpan.Context tagContext =
-          tracer.extract((TextMapExtract) carrier, ContextVisitors.stringValuesEntrySet());
+          tracer
+              .propagate()
+              .extract((TextMapExtract) carrier, ContextVisitors.stringValuesEntrySet());
 
       return converter.toSpanContext(tagContext);
     } else {
diff --git a/dd-java-agent/instrumentation/opentracing/api-0.32/src/test/groovy/TypeConverterTest.groovy b/dd-java-agent/instrumentation/opentracing/api-0.32/src/test/groovy/TypeConverterTest.groovy
index 67f95da7c4b..ff20f635a9b 100644
--- a/dd-java-agent/instrumentation/opentracing/api-0.32/src/test/groovy/TypeConverterTest.groovy
+++ b/dd-java-agent/instrumentation/opentracing/api-0.32/src/test/groovy/TypeConverterTest.groovy
@@ -24,8 +24,8 @@ class TypeConverterTest extends AgentTestRunner {
 
   def "should avoid extra allocation for a span wrapper"() {
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     expect:
     // return the same wrapper for the same span
     typeConverter.toSpan(span1) is typeConverter.toSpan(span1)
@@ -52,8 +52,8 @@ class TypeConverterTest extends AgentTestRunner {
   def "should avoid extra allocation for a scope wrapper"() {
     def scopeManager = new ContinuableScopeManager(0, false, true)
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     def scope1 = scopeManager.activate(span1, ScopeSource.MANUAL)
     def scope2 = scopeManager.activate(span2, ScopeSource.MANUAL)
     expect:
diff --git a/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleReferenceInstrumentation.java b/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleReferenceInstrumentation.java
index 1d3c3668cee..0e6fea7abc7 100644
--- a/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleReferenceInstrumentation.java
+++ b/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleReferenceInstrumentation.java
@@ -46,11 +46,7 @@ public ElementMatcher<TypeDescription> hierarchyMatcher() {
 
   @Override
   public String[] helperClassNames() {
-    return new String[] {
-      packageName + ".BundleWiringHelper",
-      packageName + ".BundleWiringHelper$1",
-      packageName + ".BundleWiringHelper$2"
-    };
+    return new String[] {packageName + ".BundleWiringHelper"};
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleWiringHelper.java b/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleWiringHelper.java
index 46e5170a90c..774116c6349 100644
--- a/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleWiringHelper.java
+++ b/dd-java-agent/instrumentation/osgi-4.3/src/main/java/datadog/trace/instrumentation/osgi43/BundleWiringHelper.java
@@ -6,7 +6,6 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import java.util.function.Function;
 import org.osgi.framework.Bundle;
 import org.osgi.framework.wiring.BundleRevision;
 import org.osgi.framework.wiring.BundleWire;
@@ -51,54 +50,54 @@ public static Object probeResource(final Bundle origin, final String resourceNam
     return SKIP_REQUEST;
   }
 
-  /** Delegates the resource request to any bundles wired as dependencies. */
+  /** Delegates resource request to any direct dependencies (Import-Package, Require-Bundle etc.) */
   public static URL getResource(final Bundle origin, final String resourceName) {
-    return searchDirectWires(
-        (BundleWiring) origin.adapt(BundleWiring.class),
-        // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
-        new Function<BundleWiring, URL>() {
-          @Override
-          public URL apply(final BundleWiring wiring) {
-            return wiring.getBundle().getResource(resourceName);
-          }
-        },
-        new HashSet<BundleRevision>());
-  }
-
-  /** Delegates the class-load request to any bundles wired as dependencies. */
-  public static Class<?> loadClass(final Bundle origin, final String className) {
-    return searchDirectWires(
-        (BundleWiring) origin.adapt(BundleWiring.class),
-        // Uses inner class for predictable name for Instrumenter.Default.helperClassNames()
-        new Function<BundleWiring, Class<?>>() {
-          @Override
-          public Class<?> apply(final BundleWiring wiring) {
+    BundleWiring wiring = (BundleWiring) origin.adapt(BundleWiring.class);
+    if (null != wiring) {
+      // track which bundles we've visited to avoid dependency cycles
+      Set<BundleRevision> visited = new HashSet<>();
+      visited.add(wiring.getRevision());
+      // check all Import-Package and Require-Bundle dependencies for resources
+      List<BundleWire> dependencies = wiring.getRequiredWires(null);
+      if (null != dependencies) {
+        for (BundleWire dependency : dependencies) {
+          BundleWiring provider = dependency.getProviderWiring();
+          if (null != provider && visited.add(provider.getRevision())) {
             try {
-              return wiring.getBundle().loadClass(className);
-            } catch (ClassNotFoundException e) {
-              return null;
+              URL result = provider.getBundle().getResource(resourceName);
+              if (null != result) {
+                return result;
+              }
+            } catch (Exception ignore) {
+              // continue search...
             }
           }
-        },
-        new HashSet<BundleRevision>());
+        }
+      }
+    }
+    return null;
   }
 
-  /** Searches a bundle's direct dependencies (Import-Package, Require-Bundle etc.) */
-  private static <T> T searchDirectWires(
-      final BundleWiring origin,
-      final Function<BundleWiring, T> filter,
-      final Set<BundleRevision> visited) {
-    if (null != origin) {
+  /** Delegates class-load request to those direct dependencies that provide a similar package. */
+  public static Class<?> loadClass(final Bundle origin, final String className) {
+    BundleWiring wiring = (BundleWiring) origin.adapt(BundleWiring.class);
+    if (null != wiring) {
       // track which bundles we've visited to avoid dependency cycles
-      visited.add(origin.getRevision());
-      List<BundleWire> wires = origin.getRequiredWires(null);
-      if (null != wires) {
-        for (BundleWire wire : wires) {
-          BundleWiring wiring = wire.getProviderWiring();
-          if (null != wiring && visited.add(wiring.getRevision())) {
-            T result = filter.apply(wiring);
-            if (null != result) {
-              return result;
+      Set<BundleRevision> visited = new HashSet<>();
+      visited.add(wiring.getRevision());
+      // check Import-Package dependencies that share a package prefix with the class
+      List<BundleWire> dependencies = wiring.getRequiredWires(PACKAGE_NAMESPACE);
+      if (null != dependencies) {
+        for (BundleWire dependency : dependencies) {
+          Object pkg = dependency.getCapability().getAttributes().get(PACKAGE_NAMESPACE);
+          if (pkg instanceof String && isRelatedPackage((String) pkg, className)) {
+            BundleWiring provider = dependency.getProviderWiring();
+            if (null != provider && visited.add(provider.getRevision())) {
+              try {
+                return provider.getBundle().loadClass(className);
+              } catch (Exception ignore) {
+                // continue search...
+              }
             }
           }
         }
@@ -106,4 +105,18 @@ private static <T> T searchDirectWires(
     }
     return null;
   }
+
+  private static boolean isRelatedPackage(String providedPackage, String className) {
+    int segmentsMatched = 0;
+    for (int i = 0; i < providedPackage.length(); i++) {
+      char c = providedPackage.charAt(i);
+      if (i >= className.length() || c != className.charAt(i)) {
+        return false; // no common package prefix
+      }
+      if (c == '.' && ++segmentsMatched >= 3) {
+        break; // three package segments matched, assume related
+      }
+    }
+    return true;
+  }
 }
diff --git a/dd-java-agent/instrumentation/owasp-esapi-2/src/main/java/datadog/trace/instrumentation/owasp/esapi/EncoderCallSite.java b/dd-java-agent/instrumentation/owasp-esapi-2/src/main/java/datadog/trace/instrumentation/owasp/esapi/EncoderCallSite.java
index 9b184735eca..5f711e0a191 100644
--- a/dd-java-agent/instrumentation/owasp-esapi-2/src/main/java/datadog/trace/instrumentation/owasp/esapi/EncoderCallSite.java
+++ b/dd-java-agent/instrumentation/owasp-esapi-2/src/main/java/datadog/trace/instrumentation/owasp/esapi/EncoderCallSite.java
@@ -8,6 +8,7 @@
 import datadog.trace.api.iast.propagation.PropagationModule;
 import javax.annotation.Nonnull;
 import org.owasp.esapi.Encoder;
+import org.owasp.esapi.codecs.Codec;
 
 @Propagation
 @CallSite(spi = IastCallSites.class)
@@ -21,11 +22,116 @@ public static String afterEncodeForHTML(
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.XSS_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterEncodeForHTML threw", e);
       }
     }
     return result;
   }
+
+  @CallSite.After("java.lang.String org.owasp.esapi.Encoder.canonicalize(java.lang.String)")
+  public static String afterCanonicalize1(
+      @CallSite.This final Encoder encoder,
+      @CallSite.Argument(0) @Nonnull final String input,
+      @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterCanonicalize1 threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After(
+      "java.lang.String org.owasp.esapi.Encoder.canonicalize(java.lang.String, boolean)")
+  public static String afterCanonicalize2(
+      @CallSite.This final Encoder encoder,
+      @CallSite.Argument(0) @Nonnull final String input,
+      @CallSite.Argument(1) final boolean strict,
+      @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterCanonicalize2 threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After(
+      "java.lang.String org.owasp.esapi.Encoder.canonicalize(java.lang.String, boolean, boolean)")
+  public static String afterCanonicalize3(
+      @CallSite.This final Encoder encoder,
+      @CallSite.Argument(0) @Nonnull final String input,
+      @CallSite.Argument(1) final boolean strict,
+      @CallSite.Argument(2) final boolean restrictMixed,
+      @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterCanonicalize3 threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After("java.lang.String org.owasp.esapi.Encoder.encodeForLDAP(java.lang.String)")
+  public static String afterEncodeForLDAP(
+      @CallSite.This final Encoder encoder,
+      @CallSite.Argument(0) @Nonnull final String input,
+      @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.LDAP_INJECTION_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterEncodeForLDAP threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After(
+      "java.lang.String org.owasp.esapi.Encoder.encodeForOS(org.owasp.esapi.codecs.Codec, java.lang.String)")
+  public static String afterEncodeForOS(
+      @CallSite.This final Encoder encoder,
+      @CallSite.Argument(0) @Nonnull final Codec codec,
+      @CallSite.Argument(1) @Nonnull final String input,
+      @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.COMMAND_INJECTION_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterEncodeForOS threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After(
+      "java.lang.String org.owasp.esapi.Encoder.encodeForSQL(org.owasp.esapi.codecs.Codec, java.lang.String)")
+  public static String afterEncodeForSQL(
+      @CallSite.This final Encoder encoder,
+      @CallSite.Argument(0) @Nonnull final Codec codec,
+      @CallSite.Argument(1) @Nonnull final String input,
+      @CallSite.Return final String result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.SQL_INJECTION_MARK);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterEncodeForSQL threw", e);
+      }
+    }
+    return result;
+  }
 }
diff --git a/dd-java-agent/instrumentation/owasp-esapi-2/src/test/groovy/datadog/trace/instrumentation/owasp/esapi/EncoderCallSiteTest.groovy b/dd-java-agent/instrumentation/owasp-esapi-2/src/test/groovy/datadog/trace/instrumentation/owasp/esapi/EncoderCallSiteTest.groovy
index 5abc9f5bad4..e7bd272fd6d 100644
--- a/dd-java-agent/instrumentation/owasp-esapi-2/src/test/groovy/datadog/trace/instrumentation/owasp/esapi/EncoderCallSiteTest.groovy
+++ b/dd-java-agent/instrumentation/owasp-esapi-2/src/test/groovy/datadog/trace/instrumentation/owasp/esapi/EncoderCallSiteTest.groovy
@@ -6,6 +6,7 @@ import datadog.trace.api.iast.VulnerabilityMarks
 import datadog.trace.api.iast.propagation.PropagationModule
 import foo.bar.TestEncoderSuite
 import org.owasp.esapi.Encoder
+import org.owasp.esapi.codecs.Codec
 
 class EncoderCallSiteTest extends AgentTestRunner {
 
@@ -14,7 +15,7 @@ class EncoderCallSiteTest extends AgentTestRunner {
     injectSysConfig("dd.iast.enabled", "true")
   }
 
-  void 'test #method'() {
+  void 'test #method propagation with mark #mark'() {
     given:
     final module = Mock(PropagationModule)
     final testSuite = new TestEncoderSuite(Mock(Encoder))
@@ -24,11 +25,17 @@ class EncoderCallSiteTest extends AgentTestRunner {
     testSuite.&"$method".call(args)
 
     then:
-    1 * module.taintIfInputIsTaintedWithMarks(_, args[0], VulnerabilityMarks.XSS_MARK)
+    1 * module.taintIfTainted(_, _, false, mark)
     0 * module._
 
     where:
-    method          | args
-    'encodeForHTML' | ['Ø-This is a quote']
+    method          | args                               | mark
+    'encodeForHTML' | ['Ø-This is a quote']              | VulnerabilityMarks.XSS_MARK
+    'canonicalize'  | ['Ø-This is a quote']              | VulnerabilityMarks.XSS_MARK
+    'canonicalize'  | ['Ø-This is a quote', true]        | VulnerabilityMarks.XSS_MARK
+    'canonicalize'  | ['Ø-This is a quote', true, true]  | VulnerabilityMarks.XSS_MARK
+    'encodeForLDAP' | ['Ø-This is a quote']              | VulnerabilityMarks.LDAP_INJECTION_MARK
+    'encodeForOS'   | [Mock(Codec), 'Ø-This is a quote'] | VulnerabilityMarks.COMMAND_INJECTION_MARK
+    'encodeForSQL'  | [Mock(Codec), 'Ø-This is a quote'] | VulnerabilityMarks.SQL_INJECTION_MARK
   }
 }
diff --git a/dd-java-agent/instrumentation/owasp-esapi-2/src/test/java/foo/bar/TestEncoderSuite.java b/dd-java-agent/instrumentation/owasp-esapi-2/src/test/java/foo/bar/TestEncoderSuite.java
index 213f45db540..21f91858fc0 100644
--- a/dd-java-agent/instrumentation/owasp-esapi-2/src/test/java/foo/bar/TestEncoderSuite.java
+++ b/dd-java-agent/instrumentation/owasp-esapi-2/src/test/java/foo/bar/TestEncoderSuite.java
@@ -1,6 +1,7 @@
 package foo.bar;
 
 import org.owasp.esapi.Encoder;
+import org.owasp.esapi.codecs.Codec;
 
 public class TestEncoderSuite {
 
@@ -13,4 +14,28 @@ public class TestEncoderSuite {
   public String encodeForHTML(String input) {
     return encoder.encodeForHTML(input);
   }
+
+  public String canonicalize(String input) {
+    return encoder.canonicalize(input);
+  }
+
+  public String canonicalize(String input, boolean strict) {
+    return encoder.canonicalize(input, strict);
+  }
+
+  public String canonicalize(String input, boolean strict, boolean restrictMixed) {
+    return encoder.canonicalize(input, strict, restrictMixed);
+  }
+
+  public String encodeForLDAP(String input) {
+    return encoder.encodeForLDAP(input);
+  }
+
+  public String encodeForOS(Codec codec, String input) {
+    return encoder.encodeForOS(codec, input);
+  }
+
+  public String encodeForSQL(Codec codec, String input) {
+    return encoder.encodeForSQL(codec, input);
+  }
 }
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/build.gradle b/dd-java-agent/instrumentation/pekko-concurrent/build.gradle
new file mode 100644
index 00000000000..ae86d8b8192
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/build.gradle
@@ -0,0 +1,42 @@
+def pekkoVersion = '1.0.0'
+
+muzzle {
+  pass {
+    group = 'org.apache.pekko'
+    module = "pekko-actor_2.12"
+    versions = "[$pekkoVersion,]"
+
+    assertInverse = true
+  }
+
+  pass {
+    group = 'org.apache.pekko'
+    module = "pekko-actor_2.13"
+    versions = "[$pekkoVersion,]"
+
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+apply from: "$rootDir/gradle/test-with-scala.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+tasks.named("compileLatestDepTestGroovy").configure {
+  classpath += files(sourceSets.latestDepTest.scala.classesDirectory)
+}
+
+
+dependencies {
+  compileOnly group: 'org.apache.pekko', name: "pekko-actor_2.12", version: pekkoVersion
+
+  testImplementation deps.scala212
+  testImplementation project(':dd-java-agent:instrumentation:trace-annotation')
+  testImplementation group: 'org.apache.pekko', name: "pekko-actor_2.12", version: pekkoVersion
+  testImplementation group: 'org.apache.pekko', name: "pekko-testkit_2.12", version: pekkoVersion
+
+  latestDepTestImplementation deps.scala213
+  latestDepTestImplementation group: 'org.apache.pekko', name: "pekko-actor_2.13", version: '1.+'
+  latestDepTestImplementation group: 'org.apache.pekko', name: "pekko-testkit_2.13", version: '1.+'
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoActorCellInstrumentation.java b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoActorCellInstrumentation.java
new file mode 100644
index 00000000000..9b5276b3b8f
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoActorCellInstrumentation.java
@@ -0,0 +1,97 @@
+package datadog.trace.instrumentation.pekko.concurrent;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeScope;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.dispatch.Envelope;
+
+@AutoService(Instrumenter.class)
+public class PekkoActorCellInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public PekkoActorCellInstrumentation() {
+    super("pekko_actor_receive", "pekko_actor", "pekko_concurrent", "java_concurrent");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.actor.ActorCell";
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("org.apache.pekko.dispatch.Envelope", State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("invoke")), getClass().getName() + "$InvokeAdvice");
+  }
+
+  /**
+   * This instrumentation is defensive and closes all scopes on the scope stack that were not there
+   * when we started processing this actor message. The reason for that is twofold.
+   *
+   * <p>1) An actor is self contained, and driven by a thread that could serve many other purposes,
+   * and a scope should not leak out after a message has been processed.
+   *
+   * <p>2) We rely on this cleanup mechanism to be able to intentionally leak the scope in the
+   * {@code PekkoHttpServerInstrumentation} so that it propagates to the user provided request
+   * handling code that will execute on the same thread in the same actor.
+   */
+  public static class InvokeAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope enter(
+        @Advice.Argument(value = 0) Envelope envelope,
+        @Advice.Local(value = "localScope") AgentScope localScope) {
+      AgentScope activeScope = activeScope();
+      localScope =
+          AdviceUtils.startTaskScope(
+              InstrumentationContext.get(Envelope.class, State.class), envelope);
+      // There was a scope created from the envelop, so use that
+      if (localScope != null) {
+        return activeScope;
+      }
+      // If there is no active scope, we can clean all the way to the bottom
+      if (null == activeScope) {
+        return null;
+      }
+      // If there is a noop span in the active scope, we can clean all the way to this scope
+      if (activeSpan() instanceof AgentTracer.NoopAgentSpan) {
+        return activeScope;
+      }
+      // Create an active scope with a noop span, and clean all the way to the previous scope
+      localScope = activateSpan(AgentTracer.NoopAgentSpan.INSTANCE, false);
+      return activeScope;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void exit(
+        @Advice.Enter AgentScope scope, @Advice.Local(value = "localScope") AgentScope localScope) {
+      if (localScope != null) {
+        // then we have invoked an Envelope and need to mark the work complete
+        localScope.close();
+      }
+      // Clean up any leaking scopes from pekko-streams/pekko-http et.c.
+      AgentScope activeScope = activeScope();
+      while (activeScope != null && activeScope != scope) {
+        activeScope.close();
+        activeScope = activeScope();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoEnvelopeInstrumentation.java b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoEnvelopeInstrumentation.java
new file mode 100644
index 00000000000..907801622ad
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoEnvelopeInstrumentation.java
@@ -0,0 +1,44 @@
+package datadog.trace.instrumentation.pekko.concurrent;
+
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.capture;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.dispatch.Envelope;
+
+@AutoService(Instrumenter.class)
+public class PekkoEnvelopeInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public PekkoEnvelopeInstrumentation() {
+    super("pekko_actor_send", "pekko_actor", "pekko_concurrent", "java_concurrent");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.dispatch.Envelope";
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("org.apache.pekko.dispatch.Envelope", State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(isConstructor(), getClass().getName() + "$ConstructAdvice");
+  }
+
+  public static class ConstructAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void afterInit(@Advice.This Envelope zis) {
+      capture(InstrumentationContext.get(Envelope.class, State.class), zis, true);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoForkJoinExecutorTaskInstrumentation.java b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoForkJoinExecutorTaskInstrumentation.java
new file mode 100644
index 00000000000..7d92f17d8ad
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoForkJoinExecutorTaskInstrumentation.java
@@ -0,0 +1,68 @@
+package datadog.trace.instrumentation.pekko.concurrent;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.capture;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.endTaskScope;
+import static datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils.startTaskScope;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import java.util.Collections;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * org.apache.pekko.dispatch.ForkJoinExecutorConfigurator$PekkoForkJoinTask requires special
+ * treatment and can't be handled generically despite being a subclass of
+ * org.apache.pekko.dispatch.ForkJoinTask, because of its error handling.
+ */
+@AutoService(Instrumenter.class)
+public final class PekkoForkJoinExecutorTaskInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public PekkoForkJoinExecutorTaskInstrumentation() {
+    super("java_concurrent", "pekko_concurrent");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return Collections.singletonMap(Runnable.class.getName(), State.class.getName());
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.dispatch.ForkJoinExecutorConfigurator$PekkoForkJoinTask";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor().and(takesArgument(0, named(Runnable.class.getName()))),
+        getClass().getName() + "$Construct");
+    transformation.applyAdvice(isMethod().and(named("run")), getClass().getName() + "$Run");
+  }
+
+  public static final class Construct {
+    @Advice.OnMethodExit
+    public static void construct(@Advice.Argument(0) Runnable wrapped) {
+      capture(InstrumentationContext.get(Runnable.class, State.class), wrapped, true);
+    }
+  }
+
+  public static final class Run {
+    @Advice.OnMethodEnter
+    public static AgentScope before(@Advice.Argument(0) Runnable wrapped) {
+      return startTaskScope(InstrumentationContext.get(Runnable.class, State.class), wrapped);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class)
+    public static void after(@Advice.Enter AgentScope scope) {
+      endTaskScope(scope);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoMailboxInstrumentation.java b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoMailboxInstrumentation.java
new file mode 100644
index 00000000000..7fe84068d7e
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoMailboxInstrumentation.java
@@ -0,0 +1,89 @@
+package datadog.trace.instrumentation.pekko.concurrent;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeScope;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static java.util.Collections.singletonList;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.ExcludeFilterProvider;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.ExcludeFilter;
+import java.util.Collection;
+import java.util.EnumMap;
+import java.util.List;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class PekkoMailboxInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType, ExcludeFilterProvider {
+
+  public PekkoMailboxInstrumentation() {
+    super("pekko_actor_mailbox", "pekko_actor", "pekko_concurrent", "java_concurrent");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.dispatch.Mailbox";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("run")), getClass().getName() + "$SuppressMailboxRunAdvice");
+  }
+
+  @Override
+  public Map<ExcludeFilter.ExcludeType, ? extends Collection<String>> excludedClasses() {
+    List<String> excludedClass = singletonList("org.apache.pekko.dispatch.MailBox");
+    EnumMap<ExcludeFilter.ExcludeType, Collection<String>> excludedTypes =
+        new EnumMap<>(ExcludeFilter.ExcludeType.class);
+    excludedTypes.put(ExcludeFilter.ExcludeType.RUNNABLE, excludedClass);
+    excludedTypes.put(ExcludeFilter.ExcludeType.FORK_JOIN_TASK, excludedClass);
+    return excludedTypes;
+  }
+
+  /**
+   * This instrumentation is defensive and closes all scopes on the scope stack that were not there
+   * when we started processing this actor mailbox. The reason for that is twofold.
+   *
+   * <p>1) An actor is self contained, and driven by a thread that could serve many other purposes,
+   * and a scope should not leak out after a mailbox has been processed.
+   *
+   * <p>2) We rely on this cleanup mechanism to be able to intentionally leak the scope in the
+   * {@code PekkoHttpServerInstrumentation} so that it propagates to the user provided request
+   * handling code that will execute on the same thread in the same actor.
+   */
+  public static final class SuppressMailboxRunAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope enter() {
+      AgentScope activeScope = activeScope();
+      // If there is no active scope, we can clean all the way to the bottom
+      if (null == activeScope) {
+        return null;
+      }
+      // If there is a noop span in the active scope, we can clean all the way to this scope
+      if (activeSpan() instanceof AgentTracer.NoopAgentSpan) {
+        return activeScope;
+      }
+      // Create an active scope with a noop span, and clean all the way to the previous scope
+      activateSpan(AgentTracer.NoopAgentSpan.INSTANCE, false);
+      return activeScope;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void exit(@Advice.Enter final AgentScope scope) {
+      // Clean up any leaking scopes from pekko-streams/pekko-http et.c.
+      AgentScope activeScope = activeScope();
+      while (activeScope != null && activeScope != scope) {
+        activeScope.close();
+        activeScope = activeScope();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoRoutedActorCellInstrumentation.java b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoRoutedActorCellInstrumentation.java
new file mode 100644
index 00000000000..dc57a7fe274
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/main/java/datadog/trace/instrumentation/pekko/concurrent/PekkoRoutedActorCellInstrumentation.java
@@ -0,0 +1,73 @@
+package datadog.trace.instrumentation.pekko.concurrent;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.AdviceUtils;
+import datadog.trace.bootstrap.instrumentation.java.concurrent.State;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.dispatch.Envelope;
+import org.apache.pekko.routing.RoutedActorCell;
+
+@AutoService(Instrumenter.class)
+public class PekkoRoutedActorCellInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public PekkoRoutedActorCellInstrumentation() {
+    super("pekko_actor_send", "pekko_actor", "pekko_concurrent", "java_concurrent");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.routing.RoutedActorCell";
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("org.apache.pekko.dispatch.Envelope", State.class.getName());
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(
+                named("sendMessage")
+                    .and(takesArgument(0, named("org.apache.pekko.dispatch.Envelope")))),
+        getClass().getName() + "$SendMessageAdvice");
+  }
+
+  /**
+   * RoutedActorCell will sometimes deconstruct the Envelope in the {@code sendMessage} method, so
+   * we might need to activate the {@code Scope} to ensure that it propagates properly.
+   */
+  public static class SendMessageAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope enter(
+        @Advice.This RoutedActorCell zis, @Advice.Argument(value = 0) Envelope envelope) {
+      // If this isn't a management message, it will be deconstructed before being routed through
+      // the routing logic, so activate the Scope
+      if (!zis.routerConfig().isManagementMessage(envelope.message())) {
+        return AdviceUtils.startTaskScope(
+            InstrumentationContext.get(Envelope.class, State.class), envelope);
+      }
+
+      return null;
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void exit(@Advice.Enter AgentScope scope) {
+      if (null != scope) {
+        scope.close();
+        // then we have invoked an Envelope and need to mark the work complete
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/test/groovy/PekkoActorTest.groovy b/dd-java-agent/instrumentation/pekko-concurrent/src/test/groovy/PekkoActorTest.groovy
new file mode 100644
index 00000000000..212a1e7e18c
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/test/groovy/PekkoActorTest.groovy
@@ -0,0 +1,84 @@
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import spock.lang.Shared
+
+class PekkoActorTest extends AgentTestRunner {
+  @Shared
+  def pekkoTester = new PekkoActors()
+
+  def "pekko actor send #name #iterations"() {
+    setup:
+    def barrier = pekkoTester.block(name)
+
+    when:
+    (1..iterations).each {i ->
+      pekkoTester.send(name, "$who $i")
+    }
+    barrier.release()
+
+    then:
+    assertTraces(iterations) {
+      (1..iterations).each {i ->
+        trace(2) {
+          sortSpansByStart()
+          span {
+            resourceName "PekkoActors.send"
+            operationName "$name"
+            tags {
+              "$Tags.COMPONENT" "trace"
+              defaultTags()
+            }
+          }
+          span {
+            resourceName "Receiver.tracedChild"
+            operationName "$expectedGreeting, $who $i"
+            childOf(span(0))
+            tags {
+              "$Tags.COMPONENT" "trace"
+              defaultTags()
+            }
+          }
+        }
+      }
+    }
+
+    where:
+    name      | who     | expectedGreeting | iterations
+    "tell"    | "Ekko"  | "Howdy"          | 1
+    "ask"     | "Mekko" | "Hi-diddly-ho"   | 1
+    "forward" | "Pekko" | "Hello"          | 1
+    "route"   | "Rekko" | "How you doin'"  | 1
+    "tell"    | "Pekko" | "Howdy"          | 10
+    "ask"     | "Mekko" | "Hi-diddly-ho"   | 10
+    "forward" | "Ekko"  | "Hello"          | 10
+    "route"   | "Rekko" | "How you doin'"  | 10
+  }
+
+  def "actor message handling should close leaked scopes"() {
+    when:
+    pekkoTester.leak("Leaker", "drip")
+
+    then:
+    assertTraces(1) {
+      trace(2) {
+        sortSpansByStart()
+        span {
+          resourceName "PekkoActors.leak"
+          operationName "leak all the things"
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+        span {
+          resourceName("drip")
+          operationName "Howdy, Leaker"
+          childOf(span(0))
+          tags {
+            defaultTags()
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/test/groovy/PekkoAsyncChild.java b/dd-java-agent/instrumentation/pekko-concurrent/src/test/groovy/PekkoAsyncChild.java
new file mode 100644
index 00000000000..b9d53fe01ba
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/test/groovy/PekkoAsyncChild.java
@@ -0,0 +1,59 @@
+import datadog.trace.api.Trace;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ForkJoinTask;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+public class PekkoAsyncChild extends ForkJoinTask implements Runnable, Callable {
+  private final AtomicBoolean blockThread;
+  private final boolean doTraceableWork;
+
+  public PekkoAsyncChild() {
+    this(true, false);
+  }
+
+  @Override
+  public Object getRawResult() {
+    return null;
+  }
+
+  @Override
+  protected void setRawResult(final Object value) {}
+
+  @Override
+  protected boolean exec() {
+    runImpl();
+    return true;
+  }
+
+  public PekkoAsyncChild(final boolean doTraceableWork, final boolean blockThread) {
+    this.doTraceableWork = doTraceableWork;
+    this.blockThread = new AtomicBoolean(blockThread);
+  }
+
+  public void unblock() {
+    blockThread.set(false);
+  }
+
+  @Override
+  public void run() {
+    runImpl();
+  }
+
+  @Override
+  public Object call() throws Exception {
+    runImpl();
+    return null;
+  }
+
+  private void runImpl() {
+    while (blockThread.get()) {
+      // busy-wait to block thread
+    }
+    if (doTraceableWork) {
+      asyncChild();
+    }
+  }
+
+  @Trace(operationName = "asyncChild")
+  private void asyncChild() {}
+}
diff --git a/dd-java-agent/instrumentation/pekko-concurrent/src/test/scala/PekkoActors.scala b/dd-java-agent/instrumentation/pekko-concurrent/src/test/scala/PekkoActors.scala
new file mode 100644
index 00000000000..094c70faf18
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-concurrent/src/test/scala/PekkoActors.scala
@@ -0,0 +1,164 @@
+import java.util.concurrent.Semaphore
+import org.apache.pekko.actor.{Actor, ActorLogging, ActorRef, ActorSystem, Props}
+import org.apache.pekko.pattern.ask
+import org.apache.pekko.routing.RoundRobinPool
+import org.apache.pekko.util.Timeout
+import datadog.trace.api.Trace
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer.{
+  activateSpan,
+  activeScope,
+  activeSpan,
+  startSpan
+}
+
+import scala.concurrent.duration._
+
+class PekkoActors extends AutoCloseable {
+  val system: ActorSystem = ActorSystem("pekko-actors-test")
+  val receiver: ActorRef =
+    system.actorOf(Receiver.props, "receiver")
+  val forwarder: ActorRef =
+    system.actorOf(Forwarder.props(receiver), "forwarder")
+  val router: ActorRef =
+    system.actorOf(RoundRobinPool(5).props(Props[Receiver]()), "router")
+  val tellGreeter: ActorRef =
+    system.actorOf(Greeter.props("Howdy", receiver), "tell-greeter")
+  val askGreeter: ActorRef =
+    system.actorOf(Greeter.props("Hi-diddly-ho", receiver), "ask-greeter")
+  val forwardGreeter: ActorRef =
+    system.actorOf(Greeter.props("Hello", forwarder), "forward-greeter")
+  val routerGreeter: ActorRef =
+    system.actorOf(Greeter.props("How you doin'", router), "router-greeter")
+
+  override def close(): Unit = {
+    PekkoActors.terminate(system)
+  }
+
+  import Greeter._
+
+  implicit val timeout: Timeout = 10.seconds
+
+  private val actors =
+    Map(
+      "tell"    -> tellGreeter,
+      "ask"     -> askGreeter,
+      "forward" -> forwardGreeter,
+      "route"   -> routerGreeter
+    )
+
+  def block(name: String): Semaphore = {
+    val barrier = new Semaphore(0)
+    actors(name) ! Block(barrier)
+    barrier
+  }
+
+  @Trace
+  def send(name: String, who: String): Unit = {
+    val actor = actors(name)
+    activeScope().setAsyncPropagation(true)
+    activeSpan().setSpanName(name)
+    actor ! WhoToGreet(who)
+    if (name == "ask") {
+      actor ? Greet
+    } else {
+      actor ! Greet
+    }
+  }
+
+  @Trace
+  def leak(who: String, leak: String): Unit = {
+    activeScope().setAsyncPropagation(true)
+    activeSpan().setSpanName("leak all the things")
+    tellGreeter ! WhoToGreet(who)
+    tellGreeter ! Leak(leak)
+  }
+}
+
+object PekkoActors {
+
+  // The way to terminate an actor system has changed between versions
+  val terminate: (ActorSystem) => Unit = {
+    val t = try {
+      ActorSystem.getClass.getMethod("terminate")
+    } catch {
+      case _: Throwable => try {
+        ActorSystem.getClass.getMethod("awaitTermination")
+      } catch {
+        case _: Throwable => null
+      }
+    }
+    if (t ne null) {
+      { system: ActorSystem =>
+        t.invoke(system)
+      }
+    } else {
+      { _ => ??? }
+    }
+  }
+}
+
+object Greeter {
+  def props(message: String, receiverActor: ActorRef): Props =
+    Props(new Greeter(message, receiverActor))
+
+  final case class Block(barrier: Semaphore)
+  final case class WhoToGreet(who: String)
+  case object Greet
+  final case class Leak(leak: String)
+}
+
+class Greeter(message: String, receiverActor: ActorRef) extends Actor {
+  import Greeter._
+  import Receiver._
+
+  var greeting = ""
+
+  def receive = {
+    case Block(barrier) =>
+      barrier.acquire()
+    case WhoToGreet(who) =>
+      greeting = s"$message, $who"
+    case Greet =>
+      receiverActor ! Greeting(greeting)
+    case Leak(leak) =>
+      val span = startSpan(greeting)
+      span.setResourceName(leak)
+      activateSpan(span)
+      span.finish()
+  }
+}
+
+object Receiver {
+  def props: Props = Props[Receiver]
+
+  final case class Greeting(greeting: String)
+}
+
+class Receiver extends Actor with ActorLogging {
+
+  import Receiver._
+
+  def receive = {
+    case Greeting(greeting) => {
+      tracedChild(greeting)
+    }
+  }
+
+  @Trace
+  def tracedChild(opName: String): Unit = {
+    activeSpan().setSpanName(opName)
+  }
+}
+
+object Forwarder {
+  def props(receiverActor: ActorRef): Props =
+    Props(new Forwarder(receiverActor))
+}
+
+class Forwarder(receiverActor: ActorRef) extends Actor with ActorLogging {
+  def receive = {
+    case msg => {
+      receiverActor forward msg
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/build.gradle b/dd-java-agent/instrumentation/pekko-http-1.0/build.gradle
new file mode 100644
index 00000000000..4d0c7486c1d
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/build.gradle
@@ -0,0 +1,98 @@
+apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'scala'
+apply plugin: 'call-site-instrumentation'
+
+// Since we are using different scala versions for different test sets,
+// we put the test classes in the baseTest test set so that the scala
+// version is not inherited
+addTestSuite('baseTest')
+addTestSuite('latestDepTest')
+addTestSuite('iastTest')
+addTestSuiteForDir 'latestDepIastTest', 'iastTest'
+
+muzzle {
+  pass {
+    group = 'org.apache.pekko'
+    module = 'pekko-http_2.12'
+    versions = "[1.0.0,)"
+    assertInverse = true
+
+    extraDependency 'org.apache.pekko:pekko-stream_2.12:1.0.1'
+  }
+  pass {
+    group = 'org.apache.pekko'
+    module = 'pekko-http_2.13'
+    versions = "[1.0.0,)"
+    assertInverse = true
+
+    extraDependency 'org.apache.pekko:pekko-stream_2.13:1.0.1'
+    extraDependency 'org.scala-lang.modules:scala-java8-compat_2.13:1.0.2'
+  }
+}
+
+configurations {
+  iastTestImplementation.extendsFrom(baseTestImplementation)
+
+  latestDepIastTestRuntimeOnly.extendsFrom(iastTestRuntimeOnly)
+}
+
+sourceSets {
+  latestDepTest.groovy.srcDir sourceSets.baseTest.groovy
+  latestDepTest.scala.srcDir sourceSets.baseTest.scala
+}
+
+dependencies {
+  compileOnly deps.scala212
+  compileOnly group: 'org.apache.pekko', name: 'pekko-http-core_2.12', version: '1.0.0'
+  compileOnly group: 'org.apache.pekko', name: 'pekko-http_2.12', version: '1.0.0'
+  compileOnly group: 'org.apache.pekko', name: 'pekko-stream_2.12', version: '1.0.1'
+
+  // These are the common dependencies that are inherited by the other test sets
+  testImplementation group: 'com.squareup.okhttp3', name: 'okhttp', version: '3.6.0'
+  testImplementation project(':dd-java-agent:instrumentation:trace-annotation')
+  testImplementation project(':dd-java-agent:instrumentation:pekko-concurrent')
+  testImplementation project(':dd-java-agent:instrumentation:scala-concurrent')
+  testImplementation project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.10')
+  testImplementation project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.13')
+
+  baseTestImplementation deps.scala212
+  baseTestImplementation group: 'org.apache.pekko', name: 'pekko-http_2.12', version: '1.0.0'
+  baseTestImplementation group: 'org.apache.pekko', name: 'pekko-stream_2.12', version: '1.0.1'
+
+  iastTestImplementation group: 'com.github.pjfanning', name: 'pekko-http-jackson_2.12', version: '2.1.0'
+  iastTestImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
+  iastTestCompileOnly group: 'de.thetaphi', name: 'forbiddenapis', version: '3.4'
+  iastTestRuntimeOnly project(':dd-java-agent:instrumentation:jackson-core')
+  iastTestRuntimeOnly project(':dd-java-agent:instrumentation:iast-instrumenter')
+
+  latestDepTestImplementation deps.scala213
+  latestDepTestImplementation group: 'org.apache.pekko', name: 'pekko-http_2.13', version: '1.+'
+  latestDepTestImplementation group: 'org.apache.pekko', name: 'pekko-stream_2.13', version: '1.+'
+  latestDepTestImplementation group: 'org.scala-lang.modules', name: 'scala-java8-compat_2.13', version: '1.+'
+
+  latestDepIastTestImplementation deps.scala213
+  latestDepIastTestImplementation group: 'org.apache.pekko', name: 'pekko-http_2.13', version: '1.+'
+  latestDepIastTestImplementation group: 'org.apache.pekko', name: 'pekko-stream_2.13', version: '1.+'
+  latestDepIastTestImplementation group: 'com.github.pjfanning', name: 'pekko-http-jackson_2.13', version: '2.+'
+  latestDepIastTestImplementation group: 'org.scala-lang.modules', name: 'scala-java8-compat_2.13', version: '1.+'
+  latestDepIastTestImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
+}
+
+tasks.named("test").configure {
+  dependsOn "baseTest"
+  dependsOn "iastTest"
+}
+
+tasks.named('latestDepTest').configure {
+  dependsOn "latestDepIastTest"
+}
+
+compileBaseTestGroovy {
+  classpath = classpath.plus(files(compileBaseTestScala.destinationDirectory))
+  dependsOn "compileBaseTestScala"
+}
+
+compileLatestDepTestGroovy {
+  classpath = classpath.plus(files(compileLatestDepTestScala.destinationDirectory))
+  dependsOn "compileLatestDepTestScala"
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/groovy/PekkoHttpClientInstrumentationTest.groovy b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/groovy/PekkoHttpClientInstrumentationTest.groovy
new file mode 100644
index 00000000000..a8d38623d1d
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/groovy/PekkoHttpClientInstrumentationTest.groovy
@@ -0,0 +1,154 @@
+import org.apache.pekko.actor.ActorSystem
+import org.apache.pekko.http.javadsl.Http
+import org.apache.pekko.http.javadsl.model.HttpMethods
+import org.apache.pekko.http.javadsl.model.HttpRequest
+import org.apache.pekko.http.javadsl.model.HttpResponse
+import org.apache.pekko.http.javadsl.model.headers.RawHeader
+import org.apache.pekko.http.scaladsl.settings.ConnectionPoolSettings
+import datadog.trace.agent.test.base.HttpClientTest
+import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.instrumentation.pekkohttp.PekkoHttpClientDecorator
+import scala.compat.java8.FutureConverters
+import scala.concurrent.Future
+import spock.lang.Shared
+import spock.lang.Timeout
+
+import java.util.concurrent.CompletionStage
+
+@Timeout(5)
+abstract class PekkoHttpClientInstrumentationTest extends HttpClientTest {
+  @Shared
+  ActorSystem system = ActorSystem.create()
+
+  abstract CompletionStage<HttpResponse> doRequest(HttpRequest request)
+
+  @Override
+  int doRequest(String method, URI uri, Map<String, String> headers, String body, Closure callback) {
+    def request = HttpRequest.create(uri.toString())
+      .withMethod(HttpMethods.lookup(method).get())
+      .addHeaders(headers.collect { RawHeader.create(it.key, it.value) })
+
+    def response
+    try {
+      response = doRequest(request)
+        .whenComplete { result, error ->
+          callback?.call()
+        }
+        .toCompletableFuture()
+        .get()
+    } finally {
+      // Since the spans are completed in an async callback, we need to wait here
+      blockUntilChildSpansFinished(1)
+    }
+    return response.status().intValue()
+  }
+
+  @Override
+  CharSequence component() {
+    return PekkoHttpClientDecorator.DECORATE.component()
+  }
+
+  @Override
+  boolean testRedirects() {
+    false
+  }
+
+  @Override
+  boolean testRemoteConnection() {
+    // Not sure how to properly set timeouts...
+    return false
+  }
+
+  def "singleRequest exception trace"() {
+    when:
+    // Passing null causes NPE in singleRequest
+    Http.get(system).singleRequest(null)
+
+    then:
+    def exception = thrown NullPointerException
+    assertTraces(1) {
+      trace(1) {
+        span {
+          parent()
+          operationName operation()
+          resourceName "pekko-http.client.request"
+          spanType DDSpanTypes.HTTP_CLIENT
+          errored true
+          tags {
+            "$Tags.COMPONENT" "pekko-http-client"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+            errorTags(exception)
+            defaultTags()
+          }
+        }
+      }
+    }
+
+    where:
+    renameService << [false, true]
+  }
+}
+
+
+abstract class PekkoHttpJavaClientInstrumentationTest extends PekkoHttpClientInstrumentationTest {
+  @Override
+  CompletionStage<HttpResponse> doRequest(HttpRequest request) {
+    return Http.get(system).singleRequest(request)
+  }
+}
+
+
+abstract class PekkoHttpScalaClientInstrumentationTest extends PekkoHttpClientInstrumentationTest {
+  @Override
+  CompletionStage<HttpResponse> doRequest(HttpRequest request) {
+    def http = org.apache.pekko.http.scaladsl.Http.apply(system)
+    def sRequest = (org.apache.pekko.http.scaladsl.model.HttpRequest) request
+    Future<org.apache.pekko.http.scaladsl.model.HttpResponse> f = http.singleRequest(sRequest, http.defaultClientHttpsContext(), (ConnectionPoolSettings) ConnectionPoolSettings.apply(system), system.log())
+    return FutureConverters.toJava(f)
+  }
+}
+
+class PekkoHttpJavaClientInstrumentationV0ForkedTest extends PekkoHttpJavaClientInstrumentationTest {
+
+  @Override
+  int version() {
+    return 0
+  }
+
+  @Override
+  String service() {
+    return null
+  }
+
+  @Override
+  String operation() {
+    return "pekko-http.client.request"
+  }
+}
+
+class PekkoHttpJavaClientInstrumentationV1ForkedTest extends PekkoHttpJavaClientInstrumentationTest implements TestingGenericHttpNamingConventions.ClientV1 {
+}
+
+class PekkoHttpScalaClientInstrumentationV0ForkedTest extends PekkoHttpScalaClientInstrumentationTest {
+
+  @Override
+  int version() {
+    return 0
+  }
+
+  @Override
+  String service() {
+    return null
+  }
+
+  @Override
+  String operation() {
+    return "pekko-http.client.request"
+  }
+}
+
+class PekkoHttpScalaClientInstrumentationV1ForkedTest extends PekkoHttpScalaClientInstrumentationTest implements TestingGenericHttpNamingConventions.ClientV1{
+
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/groovy/PekkoHttpServerInstrumentationTest.groovy b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/groovy/PekkoHttpServerInstrumentationTest.groovy
new file mode 100644
index 00000000000..664ee4f0e7f
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/groovy/PekkoHttpServerInstrumentationTest.groovy
@@ -0,0 +1,146 @@
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.naming.TestingGenericHttpNamingConventions
+import datadog.trace.agent.test.utils.ThreadUtils
+import datadog.trace.instrumentation.pekkohttp.PekkoHttpServerDecorator
+import okhttp3.Request
+import spock.lang.Shared
+
+import java.util.concurrent.atomic.AtomicInteger
+
+abstract class PekkoHttpServerInstrumentationTest extends HttpServerTest<PekkoHttpTestWebServer> {
+
+  @Override
+  String component() {
+    return PekkoHttpServerDecorator.DECORATE.component()
+  }
+
+  @Override
+  String expectedOperationName() {
+    return "pekko-http.request"
+  }
+
+  @Override
+  boolean testExceptionBody() {
+    false
+  }
+
+  @Override
+  boolean hasPeerInformation() {
+    return false
+  }
+
+  @Override
+  boolean hasExtraErrorInformation() {
+    return true
+  }
+
+  @Override
+  boolean changesAll404s() {
+    true
+  }
+
+  //@Ignore("https://github.com/DataDog/dd-trace-java/pull/5213")
+  @Override
+  boolean testBadUrl() {
+    false
+  }
+
+  @Shared
+  def totalInvocations = 200
+
+  @Shared
+  AtomicInteger counter = new AtomicInteger(0)
+
+  void doAndValidateRequest(int id) {
+    def type = id & 1 ? "p" : "f"
+    String url = address.resolve("/injected-id/${type}ing/$id")
+    def traceId = totalInvocations + id
+    def request = new Request.Builder().url(url).get().header("x-datadog-trace-id", traceId.toString()).build()
+    def response = client.newCall(request).execute()
+    def responseBodyStr = response.body().string()
+    assert responseBodyStr == "${type}ong $id -> $traceId"
+    assert response.code() == 200
+  }
+
+  def "propagate trace id when we ping pekko-http concurrently"() {
+    expect:
+    ThreadUtils.runConcurrently(10, totalInvocations, {
+      def id = counter.incrementAndGet()
+      doAndValidateRequest(id)
+    })
+
+    and:
+    TEST_WRITER.waitForTraces(totalInvocations)
+  }
+}
+
+abstract class PekkoHttpServerInstrumentationSyncTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpTestWebServer.BindAndHandleSync())
+  }
+
+  @Override
+  String expectedOperationName() {
+    return operation()
+  }
+}
+
+class PekkoHttpServerInstrumentationSyncV0ForkedTest extends PekkoHttpServerInstrumentationSyncTest {
+  @Override
+  int version() {
+    return 0
+  }
+
+  @Override
+  String service() {
+    return null
+  }
+
+  @Override
+  String operation() {
+    return "pekko-http.request"
+  }
+}
+
+class PekkoHttpServerInstrumentationSyncV1ForkedTest extends PekkoHttpServerInstrumentationSyncTest implements TestingGenericHttpNamingConventions.ServerV1 {
+}
+
+class PekkoHttpServerInstrumentationAsyncTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpTestWebServer.BindAndHandleAsync())
+  }
+}
+
+class PekkoHttpServerInstrumentationBindAndHandleTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpTestWebServer.BindAndHandle())
+  }
+
+  @Override
+  boolean redirectHasBody() {
+    return true
+  }
+}
+
+class PekkoHttpServerInstrumentationBindAndHandleAsyncWithRouteAsyncHandlerTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpTestWebServer.BindAndHandleAsyncWithRouteAsyncHandler())
+  }
+
+  @Override
+  boolean redirectHasBody() {
+    return true
+  }
+}
+
+class PekkoHttpServerInstrumentationAsyncHttp2Test extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpTestWebServer.BindAndHandleAsyncHttp2())
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/resources/application.conf b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/resources/application.conf
new file mode 100644
index 00000000000..155953065ed
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/resources/application.conf
@@ -0,0 +1,6 @@
+pekko.http {
+  host-connection-pool {
+    // Limit maximum http backoff for tests
+    max-connection-backoff = 100ms
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/scala/PekkoHttpTestWebServer.scala b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/scala/PekkoHttpTestWebServer.scala
new file mode 100644
index 00000000000..583aa86e4d7
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/baseTest/scala/PekkoHttpTestWebServer.scala
@@ -0,0 +1,282 @@
+import PekkoHttpTestWebServer.Binder
+import org.apache.pekko.actor.ActorSystem
+import org.apache.pekko.http.scaladsl.Http
+import org.apache.pekko.http.scaladsl.Http.ServerBinding
+import org.apache.pekko.http.scaladsl.model.HttpMethods.GET
+import org.apache.pekko.http.scaladsl.model._
+import org.apache.pekko.http.scaladsl.model.headers.RawHeader
+import org.apache.pekko.http.scaladsl.server.Directives._
+import org.apache.pekko.http.scaladsl.server._
+import org.apache.pekko.http.scaladsl.settings.ServerSettings
+import org.apache.pekko.http.scaladsl.util.FastFuture.EnhancedFuture
+import org.apache.pekko.stream.{ActorMaterializer, Materializer}
+import com.typesafe.config.Config
+import datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint._
+import datadog.trace.agent.test.base.{HttpServer, HttpServerTest}
+import datadog.trace.agent.test.utils.TraceUtils
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan
+import groovy.lang.Closure
+
+import java.net.URI
+import scala.concurrent.duration._
+import scala.concurrent.{Await, ExecutionContext, Future}
+import scala.language.postfixOps
+import scala.util.control.NonFatal
+
+class PekkoHttpTestWebServer(binder: Binder) extends HttpServer {
+  implicit val system = {
+    val name = s"${binder.name}"
+    binder.config match {
+      case None         => ActorSystem(name)
+      case Some(config) => ActorSystem(name, config)
+    }
+  }
+  implicit val materializer                      = ActorMaterializer()
+  private var port: Int                          = 0
+  private var portBinding: Future[ServerBinding] = null
+
+  override def start(): Unit = {
+    portBinding = Await.ready(binder.bind(0), 10 seconds)
+    port = portBinding.value.get.get.localAddress.getPort
+  }
+
+  override def stop(): Unit = {
+    import materializer.executionContext
+    portBinding
+      .flatMap(_.unbind())
+      .onComplete(_ => system.terminate())
+  }
+
+  override def address(): URI = {
+    new URI("http://localhost:" + port + "/")
+  }
+}
+
+object PekkoHttpTestWebServer {
+
+  trait Binder {
+    def name: String
+
+    def config: Option[Config] = None
+
+    def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding]
+  }
+
+  val BindAndHandle: Binder = new Binder {
+    override def name: String = "bind-and-handle"
+
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http().bindAndHandle(route, "localhost", port)
+    }
+  }
+
+  val BindAndHandleAsyncWithRouteAsyncHandler: Binder = new Binder {
+    override def name: String = "bind-and-handle-async-with-route-async-handler"
+
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http().bindAndHandleAsync(Route.asyncHandler(route), "localhost", port)
+    }
+  }
+
+  val BindAndHandleSync: Binder = new Binder {
+    override def name: String = "bind-and-handle-sync"
+
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      Http().bindAndHandleSync(syncHandler, "localhost", port)
+    }
+  }
+
+  val BindAndHandleAsync: Binder = new Binder {
+    override def name: String = "bind-and-handle-async"
+
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http().bindAndHandleAsync(asyncHandler, "localhost", port)
+    }
+  }
+
+  val BindAndHandleAsyncHttp2: Binder = new Binder {
+    override def name: String = "bind-and-handle-async-http2"
+
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      val serverSettings = enableHttp2(ServerSettings(system))
+      Http().bindAndHandleAsync(
+        asyncHandler,
+        "localhost",
+        port,
+        settings = serverSettings
+      )
+    }
+  }
+
+  // This part defines the routes using the Scala routing DSL
+  // ---------------------------------------------------------------------- //
+  private val exceptionHandler = ExceptionHandler {
+    case e: Exception =>
+      val span = activeSpan()
+      TraceUtils.handleException(span, e)
+      complete(
+        HttpResponse(status = EXCEPTION.getStatus, entity = e.getMessage)
+      )
+  }
+
+  // Since the pekko-http route DSL produces a Route that is evaluated for every
+  // incoming request, we need to wrap the HttpServerTest.controller call and exception
+  // handling in a custom Directive
+  private def withController: Directive0 = Directive[Unit] { inner => ctx =>
+    def handleException: PartialFunction[Throwable, Future[RouteResult]] =
+      exceptionHandler andThen (_(ctx.withAcceptAll))
+
+    val uri      = ctx.request.uri
+    val endpoint = HttpServerTest.ServerEndpoint.forPath(uri.path.toString())
+    HttpServerTest.controller(
+      endpoint,
+      new Closure[Future[RouteResult]](()) {
+        def doCall(): Future[RouteResult] = {
+          try inner(())(ctx).fast
+            .recoverWith(handleException)(ctx.executionContext)
+          catch {
+            case NonFatal(e) =>
+              handleException
+                .applyOrElse[Throwable, Future[RouteResult]](e, throw _)
+          }
+        }
+      }
+    )
+  }
+
+  private val defaultHeader =
+    RawHeader(HttpServerTest.getIG_RESPONSE_HEADER, HttpServerTest.getIG_RESPONSE_HEADER_VALUE)
+
+  def route(implicit ec: ExecutionContext): Route = withController {
+    respondWithDefaultHeader(defaultHeader) {
+      get {
+        path(SUCCESS.relativePath) {
+          complete(
+            HttpResponse(status = SUCCESS.getStatus, entity = SUCCESS.getBody)
+          )
+        } ~ path(FORWARDED.relativePath) {
+          headerValueByName("x-forwarded-for") { address =>
+            complete(
+              HttpResponse(status = FORWARDED.getStatus, entity = address)
+            )
+          }
+        } ~ path(
+          QUERY_PARAM.relativePath | QUERY_ENCODED_BOTH.relativePath | QUERY_ENCODED_QUERY.relativePath
+        ) {
+          parameter("some") { query =>
+            complete(
+              HttpResponse(
+                status = QUERY_PARAM.getStatus,
+                entity = s"some=$query"
+              )
+            )
+          }
+        } ~ path(REDIRECT.relativePath) {
+          redirect(Uri(REDIRECT.getBody), StatusCodes.Found)
+        } ~ path(ERROR.relativePath) {
+          complete(HttpResponse(status = ERROR.getStatus, entity = ERROR.getBody))
+        } ~ path(EXCEPTION.relativePath) {
+          throw new Exception(EXCEPTION.getBody)
+        } ~ pathPrefix("injected-id") {
+          path("ping" / IntNumber) { id =>
+            val traceId = AgentTracer.activeSpan().getTraceId
+            complete(s"pong $id -> $traceId")
+          } ~ path("fing" / IntNumber) { id =>
+            // force the response to happen on another thread or in another context
+            onSuccess(Future {
+              Thread.sleep(10);
+              id
+            }) { fid =>
+              val traceId = AgentTracer.activeSpan().getTraceId
+              complete(s"fong $fid -> $traceId")
+            }
+          }
+        }
+      }
+    }
+  }
+
+  // This part defines the sync and async handler functions
+  // ---------------------------------------------------------------------- //
+
+  val syncHandler: HttpRequest => HttpResponse = {
+    case HttpRequest(GET, uri: Uri, _, _, _) => {
+      val path     = uri.path.toString()
+      val endpoint = HttpServerTest.ServerEndpoint.forPath(path)
+      HttpServerTest
+        .controller(
+          endpoint,
+          new Closure[HttpResponse](()) {
+            def doCall(): HttpResponse = {
+              val resp = HttpResponse(status = endpoint.getStatus)
+              endpoint match {
+                case SUCCESS   => resp.withEntity(endpoint.getBody)
+                case FORWARDED => resp.withEntity(endpoint.getBody) // cheating
+                case QUERY_PARAM | QUERY_ENCODED_BOTH | QUERY_ENCODED_QUERY =>
+                  resp.withEntity(uri.queryString().orNull)
+                case REDIRECT =>
+                  resp.withHeaders(headers.Location(endpoint.getBody))
+                case ERROR     => resp.withEntity(endpoint.getBody)
+                case EXCEPTION => throw new Exception(endpoint.getBody)
+                case _ =>
+                  if (path.startsWith("/injected-id/")) {
+                    val groups = path.split('/')
+                    if (groups.size == 4) { // The path starts with a / and has 3 segments
+                      val traceId = AgentTracer.activeSpan().getTraceId
+                      val id      = groups(3).toInt
+                      groups(2) match {
+                        case "ping" =>
+                          return HttpResponse(entity = s"pong $id -> $traceId")
+                        case "fing" =>
+                          return HttpResponse(entity = s"fong $id -> $traceId")
+                        case _ =>
+                      }
+                    }
+                  }
+                  HttpResponse(status = NOT_FOUND.getStatus)
+                    .withEntity(NOT_FOUND.getBody)
+              }
+            }
+          }
+        )
+        .withDefaultHeaders(defaultHeader)
+    }
+  }
+
+  def asyncHandler(
+      implicit ec: ExecutionContext
+  ): HttpRequest => Future[HttpResponse] = { request =>
+    Future {
+      syncHandler(request)
+    }
+  }
+
+  def enableHttp2(serverSettings: ServerSettings): ServerSettings = {
+    val previewServerSettings =
+      serverSettings.previewServerSettings.withEnableHttp2(true)
+    serverSettings.withPreviewServerSettings(previewServerSettings)
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/IastPekkoTest.groovy b/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/IastPekkoTest.groovy
new file mode 100644
index 00000000000..280600124de
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/IastPekkoTest.groovy
@@ -0,0 +1,528 @@
+package datadog.trace.instrumentation.pekkohttp.iast
+
+import com.datadog.iast.test.IastRequestTestRunner
+import datadog.trace.api.iast.SourceTypes
+import okhttp3.FormBody
+import okhttp3.MediaType
+import okhttp3.MultipartBody
+import okhttp3.Request.Builder
+import okhttp3.RequestBody
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+
+import java.nio.charset.StandardCharsets
+
+import static org.hamcrest.Matchers.greaterThan
+import static org.hamcrest.Matchers.nullValue
+
+class IastPekkoTest extends IastRequestTestRunner {
+  @Shared
+  @AutoCleanup
+  Closeable testWebServer
+
+  void setupSpec() {
+    // avoid pekko classes being load before instrumentation,
+    // as we're adding methods/fields
+    testWebServer = getClass().classLoader
+      .loadClass("datadog.trace.instrumentation.pekkohttp.iast.PekkoIastTestWebServer")
+      .newInstance([] as Object[])
+    testWebServer.start()
+  }
+
+  protected String buildUrl(String path) {
+    "http://localhost:${testWebServer.port}/$path"
+  }
+
+  void 'path variable'() {
+    when:
+    String url = buildUrl 'iast/path/myValue'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: myValue (tainted)'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'myValue'
+      range 0, 7, source(SourceTypes.REQUEST_PATH_PARAMETER, null, 'myValue')
+    }
+    toc.size() == 1
+  }
+
+  void 'cookie — #variant variant'() {
+    when:
+    String url = buildUrl "iast/$path"
+    def request = new Builder()
+      .url(url)
+      .addHeader('Cookie', 'var1=bar')
+      .get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: bar (tainted)'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_COOKIE_VALUE, 'var1', 'bar')
+    }
+
+    where:
+    variant    | path
+    'required' | 'cookie'
+    'optional' | 'cookie_optional'
+  }
+
+  void 'all cookies  — variant #variant'(String variant) {
+    when:
+    String url = buildUrl "iast/all_cookies"
+    def request = new Builder()
+      .url(url)
+      .addHeader('Cookie', 'var1=foo; var1=bar')
+      .get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    // cookie names are not tainted
+    response.body().string() == 'IAST: [[var1 (tainted), foo (tainted)], [var1 (tainted), bar (tainted)]]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_COOKIE_NAME, 'var1', 'var1')
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_COOKIE_VALUE, 'var1', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_COOKIE_VALUE, 'var1', 'bar')
+    }
+
+    where:
+    variant << ['all_cookies', 'all_cookies_scala']
+  }
+
+  void 'single header'() {
+    when:
+    String url = buildUrl 'iast/header'
+    def request = new Builder()
+      .url(url)
+      .addHeader('X-My-Header', 'bar')
+      .get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: bar (tainted)'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_HEADER_VALUE, 'X-My-Header', 'bar')
+    }
+  }
+
+  void 'all headers — variant #variant'(String variant) {
+    when:
+    String url = buildUrl "iast/$variant"
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+    String body = response.body().string()
+
+    then:
+    response.code() == 200
+    body.matches(/.*User-Agent \(tainted\):okhttp\/[\d.]+ \(tainted\).*/)
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'User-Agent'
+      range 0, 10, source(SourceTypes.REQUEST_HEADER_NAME, 'User-Agent', 'User-Agent')
+    }
+    toc.hasTaintedObject {
+      value ~/okhttp\/[\d.]+/
+      range 0, greaterThan(7), source(SourceTypes.REQUEST_HEADER_VALUE, 'User-Agent', ~/okhttp\/[\d.]+/)
+    }
+
+    where:
+    variant << ['all_headers', 'all_headers_req_ctx']
+  }
+
+  void 'query param'() {
+    when:
+    String url = buildUrl 'iast/query?var=bar'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: bar (tainted)'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'bar')
+    }
+  }
+
+
+  void 'query param — multiple values'() {
+    when:
+    String url = buildUrl 'iast/query_multival?var=foo&var=bar'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: [bar (tainted), foo (tainted)]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'bar')
+    }
+  }
+
+  void 'all query params'() {
+    when:
+    String url = buildUrl 'iast/all_query?var1=foo&var1=bar&var2=a+b+c'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: [var1 (tainted):[foo (tainted), bar (tainted)], var2 (tainted):[a b c (tainted)]]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var1', 'var1')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var2', 'var2')
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'bar')
+    }
+    toc.hasTaintedObject {
+      value 'a b c'
+      range 0, 5, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var2', 'a b c')
+    }
+  }
+
+  void 'all query params — simple map variant'() {
+    when:
+    String url = buildUrl 'iast/all_query_simple_map?var1=foo&var1=bar&var2=a+b+c'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: [var1 (tainted):bar (tainted), var2 (tainted):a b c (tainted)]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var1', 'var1')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var2', 'var2')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'bar')
+    }
+    toc.hasTaintedObject {
+      value 'a b c'
+      range 0, 5, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var2', 'a b c')
+    }
+  }
+
+  void 'all query params — list variant'() {
+    when:
+    String url = buildUrl 'iast/all_query_list?var1=foo&var1=bar&var2=a+b+c'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: [[var1 (tainted), foo (tainted)], [var1 (tainted), bar (tainted)], [var2 (tainted), a b c (tainted)]]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var1', 'var1')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var2', 'var2')
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'bar')
+    }
+    toc.hasTaintedObject {
+      value 'a b c'
+      range 0, 5, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var2', 'a b c')
+    }
+  }
+
+  void 'query string via uri'() {
+    when:
+    String url = buildUrl 'iast/uri?var1=foo&var1=bar&var2=a+b+c'
+    def request = new Builder().url(url).get().build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() ==
+      """
+      Path: /iast/uri
+      Path Segments: [iast, uri]
+      Query String: var1=foo&var1=bar&var2=a+b+c (tainted)
+      Raw Query String var1=foo&var1=bar&var2=a+b+c (tainted)
+      Query as MultiMap: [var1 (tainted):[foo (tainted), bar (tainted)], var2 (tainted):[a b c (tainted)]]
+      """.stripIndent()
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1=foo&var1=bar&var2=a+b+c'
+      range 0, 28, source(SourceTypes.REQUEST_QUERY, null, null)
+    }
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var1', 'var1')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var2', 'var2')
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'bar')
+    }
+    toc.hasTaintedObject {
+      value 'a b c'
+      range 0, 5, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var2', 'a b c')
+    }
+  }
+
+  void 'form param'() {
+    when:
+    String url = buildUrl 'iast/form_single'
+    FormBody requestBody = new FormBody.Builder()
+      .add('var', 'bar')
+      .build()
+    def request = new Builder().url(url).post(requestBody).build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: bar (tainted)'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'bar')
+    }
+  }
+
+  void 'form param — multipart variant'() {
+    when:
+    String url = buildUrl 'iast/form_single'
+    RequestBody requestBody = new MultipartBody.Builder()
+      .setType(MultipartBody.FORM)
+      .addFormDataPart('var', 'bar')
+      .build()
+    def request = new Builder().url(url).post(requestBody).build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: bar (tainted)'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'bar')
+    }
+  }
+
+  void 'form param — map variant'() {
+    when:
+    String url = buildUrl 'iast/form_map'
+    FormBody requestBody = new FormBody.Builder()
+      .add("var1", "foo")
+      .add("var2", "bar")
+      .build()
+    def request = new Builder().url(url).post(requestBody).build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == 'IAST: [var1 (tainted):foo (tainted), var2 (tainted):bar (tainted)]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var1', 'var1')
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var2', 'var2')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var2', 'bar')
+    }
+  }
+
+  void 'form param — #variant variant'() {
+    when:
+    String url = buildUrl "iast/form_${variant}"
+    FormBody requestBody = new FormBody.Builder()
+      .add("var", "foo")
+      .add("var", "bar")
+      .build()
+    def request = new Builder().url(url).post(requestBody).build()
+    def response = client.newCall(request).execute()
+
+    then:
+    response.code() == 200
+    response.body().string() == expectedBodyString
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_NAME, 'var', 'var')
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'foo')
+    }
+    toc.hasTaintedObject {
+      value 'bar'
+      range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var', 'bar')
+    }
+
+    where:
+    variant           | expectedBodyString
+    'multi_map'       | 'IAST: [var (tainted):[bar (tainted), foo (tainted)]]'
+    'list'            | 'IAST: [[var (tainted), foo (tainted)], [var (tainted), bar (tainted)]]'
+    'urlencoded_only' | 'IAST: [var (tainted):[foo (tainted), bar (tainted)]]'
+  }
+
+  void 'json request — #variant variant'() {
+    when:
+    String url = buildUrl "iast/$variant"
+    def request = new Builder().url(url).post(
+      RequestBody.create(MediaType.get("application/json"), '''{
+        "var1": "foo",
+        "var2": ["foo2", "foo2"]
+      }'''.getBytes(StandardCharsets.US_ASCII))
+      ).build()
+    def response = client.newCall(request).execute()
+    def respBody = response.body().string()
+
+    then:
+    response.code() == 200
+    respBody == 'IAST: [var1 (tainted):foo (tainted), var2 (tainted):[foo2 (tainted), foo2 (tainted)]]'
+
+    when:
+    def toc = finReqTaintedObjects
+
+    then:
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, nullValue(), nullValue())
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, nullValue(), nullValue())
+    }
+    toc.hasTaintedObject {
+      value 'foo'
+      range 0, 3, source(SourceTypes.REQUEST_BODY, nullValue(), nullValue())
+    }
+    toc.hasTaintedObject {
+      value 'foo2'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, nullValue(), nullValue())
+    }
+
+    where:
+    variant << ['json', 'json_mufeu']
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/PekkoIastTestWebServer.groovy b/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/PekkoIastTestWebServer.groovy
new file mode 100644
index 00000000000..7b6d6339fb4
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/PekkoIastTestWebServer.groovy
@@ -0,0 +1,323 @@
+package datadog.trace.instrumentation.pekkohttp.iast
+
+import org.apache.pekko.NotUsed
+import org.apache.pekko.actor.ActorSystem
+import org.apache.pekko.http.javadsl.ConnectHttp
+import org.apache.pekko.http.javadsl.Http
+import org.apache.pekko.http.javadsl.ServerBinding
+import org.apache.pekko.http.javadsl.marshallers.jackson.Jackson
+import org.apache.pekko.http.javadsl.model.HttpRequest
+import org.apache.pekko.http.scaladsl.model.HttpRequest as sHttpRequest
+import org.apache.pekko.http.javadsl.model.headers.Cookie
+import org.apache.pekko.http.javadsl.server.AllDirectives
+import org.apache.pekko.http.javadsl.server.Route
+import org.apache.pekko.http.javadsl.unmarshalling.Unmarshaller
+import org.apache.pekko.http.scaladsl.model.HttpResponse
+import org.apache.pekko.http.scaladsl.model.Uri
+import org.apache.pekko.http.scaladsl.model.headers.HttpCookiePair
+import org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller$
+import org.apache.pekko.stream.ActorMaterializer
+import org.apache.pekko.stream.javadsl.Flow
+import com.datadog.iast.test.TaintMarkerHelpers
+import foo.bar.WithInstrumentedCallSites
+import scala.collection.immutable.Seq
+
+import java.nio.charset.StandardCharsets
+import java.util.concurrent.CompletionStage
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.TimeUnit
+
+import static org.apache.pekko.http.javadsl.model.Uri.RELAXED
+import static org.apache.pekko.http.javadsl.server.PathMatchers.segment
+import static com.datadog.iast.test.TaintMarkerHelpers.t
+import static scala.collection.JavaConverters.mapAsJavaMapConverter
+import static scala.collection.JavaConverters.seqAsJavaListConverter
+
+class PekkoIastTestWebServer extends AllDirectives implements Closeable {
+
+  int port
+  Closure stop
+
+  static void main(String[] args) {
+    def webServer = new PekkoIastTestWebServer()
+    webServer.start()
+    System.in.read()
+    webServer.stop()
+  }
+
+  void start() {
+    ActorSystem system = ActorSystem.create('pekko-http-server')
+    ActorMaterializer materializer = ActorMaterializer.create(system)
+
+    Route routes = pathPrefix('iast') {
+      route(
+      path(segment('path').slash(segment())) {
+        var1 ->
+        get {
+          complete("IAST: ${t(var1)}")
+        }
+      },
+      path('query') {
+        parameterOptional('var') {
+          var ->
+          get {
+            complete("IAST: ${t(var.orElse('<empty>'))}")
+          }
+        }
+      },
+      path('query_multival') {
+        parameterList('var') {
+          var ->
+          get {
+            complete("IAST: ${var.collect { t(it) }}")
+          }
+        }
+      },
+      path('all_query') {
+        parameterMultiMap {
+          params ->
+          get {
+            def m = params.entrySet().collectEntries {
+              e ->
+              [t(e.key), e.value.collect {
+                  t(it)
+                }]
+            }
+            complete("IAST: $m")
+          }
+        }
+      },
+      path('all_query_simple_map') {
+        parameterMap {
+          params ->
+          get {
+            def m = params.entrySet().collectEntries {
+              e ->
+              [t(e.key), t(e.value)]
+            }
+            complete("IAST: $m")
+          }
+        }
+      },
+      path('all_query_list') {
+        parameterList {
+          params ->
+          get {
+            def m = params.collect {
+              e ->
+              [t(e.key), t(e.value)]
+            }
+            complete("IAST: $m")
+          }
+        }
+      },
+      path('header') {
+        optionalHeaderValueByName('x-my-header', header ->
+        complete("IAST: ${t(header.orElse('<no header>'))}"))
+      },
+      path('all_headers') {
+        extractRequest {
+          request ->
+          def map = WithInstrumentedCallSites.headersToMap(request)
+          complete("IAST: $map")
+        }
+      },
+      path('all_headers_req_ctx') {
+        extractRequestContext {
+          reqCtx ->
+          def request = reqCtx.request
+          def map = WithInstrumentedCallSites.headersToMap(request)
+          complete("IAST: $map")
+        }
+      },
+      path('cookie') {
+        cookie('var1') {
+          cookie ->
+          complete("IAST: ${t(cookie.value())}")
+        }
+      },
+      path('cookie_optional') {
+        optionalCookie('var1') {
+          cookie ->
+          complete(cookie.present ? "IAST: ${t(cookie.get().value())}" : "<no var1 cookie present>")
+        }
+      },
+      path('all_cookies') {
+        extractRequest {
+          req ->
+          Cookie cookieHeader = req.headers.find {
+            it.is('cookie') // Not Groovy "is"
+          }
+          def pairList = cookieHeader.cookies.collect {
+            [t(it.name()), t(it.value())]
+          }
+          complete("IAST: $pairList")
+        }
+      },
+      path('all_cookies_scala') {
+        extractRequest {
+          sHttpRequest req ->
+          Seq<HttpCookiePair> cookies = req.cookies()
+          def pairList = cookies.iterator().toIterable().collect({
+            [t(it.name()), t(it.value())]
+          } as Closure)
+          complete("IAST: $pairList")
+        }
+      },
+      path('json') {
+        post {
+          entity(Jackson.unmarshaller(Map)) {
+            map ->
+            def mmap = map.collectEntries {
+              e ->
+              [t(e.key), e.value instanceof List ? e.value.collect {
+                  t(it)
+                } : t(e.value)]
+            }
+            complete("IAST: $mmap")
+          }
+        }
+      },
+      path('json_mufeu') {
+        post {
+          // this unmarshaller transforms the input before passing it to the
+          // inner unmarshaller (rather than transforming the output)
+          request(Unmarshaller$.MODULE$.messageUnmarshallerFromEntityUnmarshaller(
+          Jackson.unmarshaller(Map) as org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller) as Unmarshaller) {
+            Map map ->
+            def mmap = map.collectEntries {
+              e ->
+              [t(e.key), e.value instanceof List ? e.value.collect {
+                  t(it)
+                } : t(e.value)]
+            }
+            complete("IAST: $mmap")
+          }
+        }
+      },
+      path('uri') {
+        extractUri {
+          uri ->
+          get {
+            def map1 = uri.query(StandardCharsets.UTF_8, RELAXED).toMultiMap()
+            def tmmap = map1.collectEntries {
+              [t(it.key), it.value.collect {
+                  t(it)
+                }]
+            }
+            complete(
+            // path and pathSegments are not actually tainted
+            // we only care about the query string
+            """
+            Path: ${t(uri.path())}
+            Path Segments: ${t(uri.pathSegments())}
+            Query String: ${t(uri.queryString(StandardCharsets.UTF_8).get())}
+            Raw Query String ${t(uri.rawQueryString().get())}
+            Query as MultiMap: ${tmmap}
+            """.stripIndent()
+            )
+          }
+        }
+      },
+      path('form_single') {
+        post {
+          formFieldOptional('var') {
+            complete("IAST: ${t(it.orElse("<no value>"))}")
+          }
+        }
+      },
+      path('form_map') {
+        post {
+          formFieldMap {
+            m ->
+            def tm = m.collectEntries {
+              [t(it.key), t(it.value)]
+            }
+            complete("IAST: ${tm}")
+          }
+        }
+      },
+      path('form_multi_map') {
+        post {
+          formFieldMultiMap {
+            m ->
+            def tm = m.collectEntries {
+              e ->
+              [t(e.key), e.value.collect(TaintMarkerHelpers.&t)]
+            }
+            complete("IAST: ${tm}")
+          }
+        }
+      },
+      path('form_list') {
+        post {
+          formFieldList {
+            l ->
+            def tm = l.collect {
+              e ->
+              [t(e.key), t(e.value)]
+            }
+            complete("IAST: ${tm}")
+          }
+        }
+      },
+      path('form_urlencoded_only') {
+        post {
+          def unmarshaller
+          if (Unmarshaller.respondsTo('entityToUrlEncodedFormData')) {
+            // 10.0
+            unmarshaller = Unmarshaller.entityToUrlEncodedFormData()
+          } else {
+            // 10.1
+            unmarshaller = Unmarshaller$.MODULE$.defaultUrlEncodedFormDataUnmarshaller()
+          }
+          entity(unmarshaller) {
+            formData ->
+            Uri.Query q = formData.fields()
+            def m = mapAsJavaMapConverter(q.toMultiMap()).asJava()
+            def tm = m.collectEntries {
+              e ->
+              [t(e.key), seqAsJavaListConverter(e.value).asJava().collect(TaintMarkerHelpers.&t)]
+            }
+            complete("IAST: ${tm}")
+          }
+        }
+      },
+      )
+    }
+
+    Flow<HttpRequest, HttpResponse, NotUsed> flow = routes.flow(system, materializer)
+
+    CompletionStage<ServerBinding> binding
+    binding = Http.get(system)
+    .bindAndHandle(flow, ConnectHttp.toHost('localhost', 0), materializer)
+    def latch = new CountDownLatch(1)
+    binding.thenAccept {
+      serverBinding ->
+      port = serverBinding.localAddress().getPort()
+      System.out.println('Server started on port ' + port)
+      latch.countDown()
+    }
+
+    stop = {
+      binding
+      .thenCompose(ServerBinding::unbind)
+      .thenAccept {
+        system.terminate()
+      }
+    }
+
+    if (!latch.await(15, TimeUnit.SECONDS)) {
+      throw new IllegalStateException("Server didn't start (apparently) in 15 seconds")
+    }
+  }
+
+  void stop() {
+    stop.call()
+  }
+
+  @Override
+  void close() {
+    stop()
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/foo/bar/WithInstrumentedCallSites.groovy b/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/foo/bar/WithInstrumentedCallSites.groovy
new file mode 100644
index 00000000000..9e37462e58b
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/foo/bar/WithInstrumentedCallSites.groovy
@@ -0,0 +1,23 @@
+package foo.bar
+
+import org.apache.pekko.http.javadsl.model.HttpHeader
+import org.apache.pekko.http.javadsl.model.HttpRequest
+import groovy.transform.CompileStatic
+
+import static com.datadog.iast.test.TaintMarkerHelpers.t
+
+class WithInstrumentedCallSites {
+  @CompileStatic
+  static Map headersToMap(HttpRequest request) {
+    //    request.headers
+    //      .collectEntries({
+    //        [t(it.name()), t(it.value())]
+    //      })
+
+    def map = [:]
+    for (HttpHeader e: request.headers) {
+      map[t(e.name())] = t(e.value())
+    }
+    map
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/latestDepTest/groovy/PekkoHttpLatestDepServerInstrumentationTests.groovy b/dd-java-agent/instrumentation/pekko-http-1.0/src/latestDepTest/groovy/PekkoHttpLatestDepServerInstrumentationTests.groovy
new file mode 100644
index 00000000000..3f8a63e9dd7
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/latestDepTest/groovy/PekkoHttpLatestDepServerInstrumentationTests.groovy
@@ -0,0 +1,34 @@
+import datadog.trace.agent.test.base.HttpServer
+
+class PekkoHttpLatestDepServerInstrumentationBindFlowTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpLatestDepTestWebServer.ServerBuilderBindFlow())
+  }
+
+  @Override
+  boolean redirectHasBody() {
+    return true
+  }
+}
+
+class PekkoHttpLatestDepServerInstrumentationBindTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpLatestDepTestWebServer.ServerBuilderBind())
+  }
+}
+
+class PekkoHttpLatestDepServerInstrumentationBindSyncTest extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpLatestDepTestWebServer.ServerBuilderBindSync())
+  }
+}
+
+class PekkoHttpLatestDepServerInstrumentationBindAsyncHttp2Test extends PekkoHttpServerInstrumentationTest {
+  @Override
+  HttpServer server() {
+    return new PekkoHttpTestWebServer(PekkoHttpLatestDepTestWebServer.ServerBuilderBindHttp2())
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/latestDepTest/scala/PekkoHttpLatestDepTestWebServer.scala b/dd-java-agent/instrumentation/pekko-http-1.0/src/latestDepTest/scala/PekkoHttpLatestDepTestWebServer.scala
new file mode 100644
index 00000000000..8f61ca7e011
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/latestDepTest/scala/PekkoHttpLatestDepTestWebServer.scala
@@ -0,0 +1,67 @@
+import PekkoHttpTestWebServer.Binder
+import org.apache.pekko.actor.ActorSystem
+import org.apache.pekko.http.scaladsl.Http
+import org.apache.pekko.http.scaladsl.Http.ServerBinding
+import org.apache.pekko.http.scaladsl.server.Route
+import org.apache.pekko.stream.Materializer
+
+import scala.concurrent.Future
+
+object PekkoHttpLatestDepTestWebServer {
+  val ServerBuilderBindFlow: Binder = new Binder {
+    override def name: String = "server-builder-bind-flow"
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http()
+        .newServerAt("localhost", port)
+        .withMaterializer(materializer)
+        .bindFlow(PekkoHttpTestWebServer.route)
+    }
+  }
+
+  val ServerBuilderBind: Binder = new Binder {
+    override def name: String = "server-builder-bind"
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http()
+        .newServerAt("localhost", port)
+        .withMaterializer(materializer)
+        .bind(PekkoHttpTestWebServer.asyncHandler)
+    }
+  }
+
+  val ServerBuilderBindSync: Binder = new Binder {
+    override def name: String = "server-builder-bind-sync"
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http()
+        .newServerAt("localhost", port)
+        .withMaterializer(materializer)
+        .bindSync(PekkoHttpTestWebServer.syncHandler)
+    }
+  }
+
+  val ServerBuilderBindHttp2: Binder = new Binder {
+    override def name: String = "server-builder-bind-http2"
+    override def bind(port: Int)(
+        implicit system: ActorSystem,
+        materializer: Materializer
+    ): Future[ServerBinding] = {
+      import materializer.executionContext
+      Http()
+        .newServerAt("localhost", port)
+        .withMaterializer(materializer)
+        .adaptSettings(PekkoHttpTestWebServer.enableHttp2)
+        .bind(PekkoHttpTestWebServer.asyncHandler)
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogAsyncHandlerWrapper.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogAsyncHandlerWrapper.java
new file mode 100644
index 00000000000..e79c2e21838
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogAsyncHandlerWrapper.java
@@ -0,0 +1,54 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+import scala.Function1;
+import scala.concurrent.ExecutionContext;
+import scala.concurrent.Future;
+import scala.runtime.AbstractFunction1;
+
+public class DatadogAsyncHandlerWrapper
+    extends AbstractFunction1<HttpRequest, Future<HttpResponse>> {
+  private final Function1<HttpRequest, Future<HttpResponse>> userHandler;
+  private final ExecutionContext executionContext;
+
+  public DatadogAsyncHandlerWrapper(
+      final Function1<HttpRequest, Future<HttpResponse>> userHandler,
+      final ExecutionContext executionContext) {
+    this.userHandler = userHandler;
+    this.executionContext = executionContext;
+  }
+
+  @Override
+  public Future<HttpResponse> apply(final HttpRequest request) {
+    final AgentScope scope = DatadogWrapperHelper.createSpan(request);
+    Future<HttpResponse> futureResponse = null;
+    try {
+      futureResponse = userHandler.apply(request);
+    } catch (final Throwable t) {
+      scope.close();
+      DatadogWrapperHelper.finishSpan(scope.span(), t);
+      throw t;
+    }
+    final Future<HttpResponse> wrapped =
+        futureResponse.transform(
+            new AbstractFunction1<HttpResponse, HttpResponse>() {
+              @Override
+              public HttpResponse apply(final HttpResponse response) {
+                DatadogWrapperHelper.finishSpan(scope.span(), response);
+                return response;
+              }
+            },
+            new AbstractFunction1<Throwable, Throwable>() {
+              @Override
+              public Throwable apply(final Throwable t) {
+                DatadogWrapperHelper.finishSpan(scope.span(), t);
+                return t;
+              }
+            },
+            executionContext);
+    scope.close();
+    return wrapped;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogServerRequestResponseFlowWrapper.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogServerRequestResponseFlowWrapper.java
new file mode 100644
index 00000000000..955cc5fd81d
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogServerRequestResponseFlowWrapper.java
@@ -0,0 +1,176 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeScope;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import java.util.Queue;
+import java.util.concurrent.ArrayBlockingQueue;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+import org.apache.pekko.http.scaladsl.settings.ServerSettings;
+import org.apache.pekko.stream.Attributes;
+import org.apache.pekko.stream.BidiShape;
+import org.apache.pekko.stream.Inlet;
+import org.apache.pekko.stream.Outlet;
+import org.apache.pekko.stream.stage.AbstractInHandler;
+import org.apache.pekko.stream.stage.AbstractOutHandler;
+import org.apache.pekko.stream.stage.GraphStage;
+import org.apache.pekko.stream.stage.GraphStageLogic;
+
+public class DatadogServerRequestResponseFlowWrapper
+    extends GraphStage<BidiShape<HttpResponse, HttpResponse, HttpRequest, HttpRequest>> {
+  private final Inlet<HttpRequest> requestInlet = Inlet.create("Datadog.server.requestIn");
+  private final Outlet<HttpRequest> requestOutlet = Outlet.create("Datadog.server.requestOut");
+  private final Inlet<HttpResponse> responseInlet = Inlet.create("Datadog.server.responseIn");
+  private final Outlet<HttpResponse> responseOutlet = Outlet.create("Datadog.server.responseOut");
+  private final BidiShape<HttpResponse, HttpResponse, HttpRequest, HttpRequest> shape =
+      BidiShape.of(responseInlet, responseOutlet, requestInlet, requestOutlet);
+
+  private final int pipeliningLimit;
+
+  public DatadogServerRequestResponseFlowWrapper(final ServerSettings settings) {
+    this.pipeliningLimit = settings.getPipeliningLimit();
+  }
+
+  @Override
+  public BidiShape<HttpResponse, HttpResponse, HttpRequest, HttpRequest> shape() {
+    return shape;
+  }
+
+  @Override
+  public Attributes initialAttributes() {
+    return Attributes.name("DatadogServerRequestResponseFlowWrapper");
+  }
+
+  @Override
+  public GraphStageLogic createLogic(final Attributes inheritedAttributes) throws Exception {
+    return new GraphStageLogic(shape) {
+      {
+        // The is one instance of this logic per connection, and the request/response is
+        // guaranteed to be in order according to the docs at
+        // https://pekko.apache.org/docs/pekko-http/current/server-side/low-level-api.html#request-response-cycle
+        // and there can never be more outstanding requests than the pipeliningLimit
+        // that this connection was created with. This means that we can safely
+        // close the span at the front of the queue when we receive the response
+        // from the user code, since it will match up to the request for that span.
+        final Queue<AgentScope> scopes = new ArrayBlockingQueue<>(pipeliningLimit);
+
+        // This is where the request comes in from the server and TCP layer
+        setHandler(
+            requestInlet,
+            new AbstractInHandler() {
+              @Override
+              public void onPush() throws Exception {
+                final HttpRequest request = grab(requestInlet);
+                final AgentScope scope = DatadogWrapperHelper.createSpan(request);
+                scopes.add(scope);
+                push(requestOutlet, request);
+                // Since we haven't instrumented the pekko stream state machine, we can't rely
+                // on spans and scopes being propagated during the push and pull of the
+                // element. Instead we let the scope leak intentionally here and clean it
+                // up when the user response comes back, or in the actor message processing
+                // instrumentation that drives this state machine.
+              }
+
+              @Override
+              public void onUpstreamFinish() throws Exception {
+                // We will not receive any more requests from the server and TCP layer so stop
+                // sending them
+                complete(requestOutlet);
+              }
+
+              @Override
+              public void onUpstreamFailure(final Throwable ex) throws Exception, Exception {
+                // We will not receive any more requests from the server and TCP layer so stop
+                // sending them
+                fail(requestOutlet, ex);
+              }
+            });
+
+        // This is where demand comes in from the user code
+        setHandler(
+            requestOutlet,
+            new AbstractOutHandler() {
+              @Override
+              public void onPull() throws Exception {
+                pull(requestInlet);
+              }
+
+              @Override
+              public void onDownstreamFinish() throws Exception {
+                // We can not send out any more requests to the user code so stop receiving them
+                cancel(requestInlet);
+              }
+            });
+
+        // This is where the response comes back from the user code
+        setHandler(
+            responseInlet,
+            new AbstractInHandler() {
+              @Override
+              public void onPush() throws Exception {
+                final HttpResponse response = grab(responseInlet);
+                final AgentScope scope = scopes.poll();
+                if (scope != null) {
+                  DatadogWrapperHelper.finishSpan(scope.span(), response);
+                  // Check if the active scope is still the scope from when the request came in,
+                  // and close it. If it's not, then it will be cleaned up actor message
+                  // processing instrumentation that drives this state machine
+                  AgentScope activeScope = activeScope();
+                  if (activeScope == scope) {
+                    scope.close();
+                  }
+                }
+                push(responseOutlet, response);
+              }
+
+              @Override
+              public void onUpstreamFinish() throws Exception {
+                // We will not receive any more responses from the user code, so clean up any
+                // remaining spans
+                AgentScope scope = scopes.poll();
+                while (scope != null) {
+                  scope.span().finish();
+                  scope = scopes.poll();
+                }
+                completeStage();
+              }
+
+              @Override
+              public void onUpstreamFailure(final Throwable ex) throws Exception {
+                AgentScope scope = scopes.poll();
+                if (scope != null) {
+                  // Mark the span as failed
+                  DatadogWrapperHelper.finishSpan(scope.span(), ex);
+                }
+                // We will not receive any more responses from the user code, so clean up any
+                // remaining spans
+                scope = scopes.poll();
+                while (scope != null) {
+                  scope.span().finish();
+                  scope = scopes.poll();
+                }
+                fail(responseOutlet, ex);
+              }
+            });
+
+        // This is where demand comes in from the server and TCP layer
+        setHandler(
+            responseOutlet,
+            new AbstractOutHandler() {
+              @Override
+              public void onPull() throws Exception {
+                pull(responseInlet);
+              }
+
+              @Override
+              public void onDownstreamFinish() throws Exception {
+                // We can not send out any more responses to the server and TCP layer so stop
+                // receiving them
+                cancel(responseInlet);
+              }
+            });
+      }
+    };
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogWrapperHelper.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogWrapperHelper.java
new file mode 100644
index 00000000000..3a8ef2d603b
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/DatadogWrapperHelper.java
@@ -0,0 +1,37 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.instrumentation.pekkohttp.PekkoHttpServerDecorator.DECORATE;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+
+public class DatadogWrapperHelper {
+  public static AgentScope createSpan(final HttpRequest request) {
+    final AgentSpan.Context.Extracted extractedContext = DECORATE.extract(request);
+    final AgentSpan span = DECORATE.startSpan(request, extractedContext);
+    DECORATE.afterStart(span);
+    DECORATE.onRequest(span, request, request, extractedContext);
+
+    final AgentScope scope = activateSpan(span);
+    scope.setAsyncPropagation(true);
+    return scope;
+  }
+
+  public static void finishSpan(final AgentSpan span, final HttpResponse response) {
+    DECORATE.onResponse(span, response);
+    DECORATE.beforeFinish(span);
+
+    span.finish();
+  }
+
+  public static void finishSpan(final AgentSpan span, final Throwable t) {
+    DECORATE.onError(span, t);
+    span.setHttpStatusCode(500);
+    DECORATE.beforeFinish(span);
+
+    span.finish();
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttp2ServerInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttp2ServerInstrumentation.java
new file mode 100644
index 00000000000..174c7156b72
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttp2ServerInstrumentation.java
@@ -0,0 +1,98 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+import org.apache.pekko.stream.Materializer;
+import scala.Function1;
+import scala.concurrent.Future;
+
+/**
+ * Http2 support in pekko-http is handled by a separate {@code Http2} extension that only supports
+ * {@code bindAndHandleAsync}.
+ */
+@AutoService(Instrumenter.class)
+public final class PekkoHttp2ServerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForKnownTypes {
+  public PekkoHttp2ServerInstrumentation() {
+    super("pekko-http2", "pekko-http", "pekko-http-server");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "org.apache.pekko.http.scaladsl.Http2Ext", "org.apache.pekko.http.impl.engine.http2.Http2Ext"
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".DatadogWrapperHelper",
+      packageName + ".DatadogAsyncHandlerWrapper",
+      packageName + ".DatadogAsyncHandlerWrapper$1",
+      packageName + ".DatadogAsyncHandlerWrapper$2",
+      packageName + ".PekkoHttpServerHeaders",
+      packageName + ".PekkoHttpServerDecorator",
+      packageName + ".UriAdapter",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        takesArguments(8)
+            .and(named("bindAndHandleAsync"))
+            .and(takesArgument(0, named("scala.Function1")))
+            .and(takesArgument(7, named("org.apache.pekko.stream.Materializer"))),
+        getClass().getName() + "$Http2BindAndHandleAsync8ArgAdvice");
+    transformation.applyAdvice(
+        takesArguments(7)
+            .and(named("bindAndHandleAsync"))
+            .and(takesArgument(0, named("scala.Function1")))
+            .and(takesArgument(6, named("org.apache.pekko.stream.Materializer"))),
+        getClass().getName() + "$Http2BindAndHandleAsync7ArgAdvice");
+    transformation.applyAdvice(
+        takesArguments(6)
+            .and(named("bindAndHandleAsync"))
+            .and(takesArgument(0, named("scala.Function1")))
+            .and(takesArgument(5, named("org.apache.pekko.stream.Materializer"))),
+        getClass().getName() + "$Http2BindAndHandleAsync6ArgAdvice");
+  }
+
+  public static class Http2BindAndHandleAsync8ArgAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void enter(
+        @Advice.Argument(value = 0, readOnly = false)
+            Function1<HttpRequest, Future<HttpResponse>> handler,
+        @Advice.Argument(value = 7) final Materializer materializer) {
+      handler = new DatadogAsyncHandlerWrapper(handler, materializer.executionContext());
+    }
+  }
+
+  public static class Http2BindAndHandleAsync7ArgAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void enter(
+        @Advice.Argument(value = 0, readOnly = false)
+            Function1<HttpRequest, Future<HttpResponse>> handler,
+        @Advice.Argument(value = 6) final Materializer materializer) {
+      handler = new DatadogAsyncHandlerWrapper(handler, materializer.executionContext());
+    }
+  }
+
+  public static class Http2BindAndHandleAsync6ArgAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void enter(
+        @Advice.Argument(value = 0, readOnly = false)
+            Function1<HttpRequest, Future<HttpResponse>> handler,
+        @Advice.Argument(value = 5) final Materializer materializer) {
+      handler = new DatadogAsyncHandlerWrapper(handler, materializer.executionContext());
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpClientDecorator.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpClientDecorator.java
new file mode 100644
index 00000000000..18405ddc40f
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpClientDecorator.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import datadog.trace.bootstrap.instrumentation.api.URIUtils;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.HttpClientDecorator;
+import java.net.URI;
+import java.net.URISyntaxException;
+import org.apache.pekko.http.javadsl.model.HttpHeader;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+
+public class PekkoHttpClientDecorator extends HttpClientDecorator<HttpRequest, HttpResponse> {
+  public static final CharSequence PEKKO_HTTP_CLIENT = UTF8BytesString.create("pekko-http-client");
+  public static final PekkoHttpClientDecorator DECORATE = new PekkoHttpClientDecorator();
+  public static final CharSequence PEKKO_CLIENT_REQUEST =
+      UTF8BytesString.create(DECORATE.operationName());
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"pekko-http", "pekko-http-client"};
+  }
+
+  @Override
+  protected CharSequence component() {
+    return PEKKO_HTTP_CLIENT;
+  }
+
+  @Override
+  protected String method(final HttpRequest httpRequest) {
+    return httpRequest.method().value();
+  }
+
+  @Override
+  protected URI url(final HttpRequest httpRequest) throws URISyntaxException {
+    return URIUtils.safeParse(httpRequest.uri().toString());
+  }
+
+  @Override
+  protected int status(final HttpResponse httpResponse) {
+    return httpResponse.status().intValue();
+  }
+
+  @Override
+  protected String getRequestHeader(HttpRequest request, String headerName) {
+    return request.getHeader(headerName).map(HttpHeader::value).orElse(null);
+  }
+
+  @Override
+  protected String getResponseHeader(HttpResponse response, String headerName) {
+    return response.getHeader(headerName).map(HttpHeader::value).orElse(null);
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpClientHelpers.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpClientHelpers.java
new file mode 100644
index 00000000000..24b3c55fded
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpClientHelpers.java
@@ -0,0 +1,87 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.instrumentation.pekkohttp.PekkoHttpClientDecorator.DECORATE;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import org.apache.pekko.http.javadsl.model.headers.RawHeader;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+import org.apache.pekko.http.scaladsl.model.headers.CustomHeader;
+import scala.runtime.AbstractFunction1;
+import scala.util.Try;
+
+public final class PekkoHttpClientHelpers {
+  public static class OnCompleteHandler extends AbstractFunction1<Try<HttpResponse>, Void> {
+    private final AgentSpan span;
+
+    public OnCompleteHandler(final AgentSpan span) {
+      this.span = span;
+    }
+
+    @Override
+    public Void apply(final Try<HttpResponse> result) {
+      if (result.isSuccess()) {
+        DECORATE.onResponse(span, result.get());
+      } else {
+        DECORATE.onError(span, result.failed().get());
+      }
+      DECORATE.beforeFinish(span);
+      span.finish();
+      return null;
+    }
+  }
+
+  public static class PekkoHttpHeaders implements AgentPropagation.Setter<HttpRequest> {
+    private HttpRequest request;
+    // Did this request have a span when the PekkoHttpHeaders object was created?
+    private boolean hadSpan;
+
+    public PekkoHttpHeaders(final HttpRequest request) {
+      hadSpan = request != null && request.getHeader(HasSpanHeader.class).isPresent();
+      if (hadSpan || request == null) {
+        this.request = request;
+      } else {
+        // Coerce a Scala trait Self type into the correct type
+        this.request = (HttpRequest) request.addHeader(new HasSpanHeader());
+      }
+    }
+
+    public boolean hadSpan() {
+      return hadSpan;
+    }
+
+    @Override
+    public void set(final HttpRequest carrier, final String key, final String value) {
+      // Coerce a Scala trait Self type into the correct type
+      request = (HttpRequest) request.addHeader(RawHeader.create(key, value));
+    }
+
+    public HttpRequest getRequest() {
+      return request;
+    }
+  }
+
+  // Custom header to mark that this request has a span associated with it
+  public static class HasSpanHeader extends CustomHeader {
+    @Override
+    public String name() {
+      return "x-datadog-request-has-span";
+    }
+
+    @Override
+    public String value() {
+      return "true";
+    }
+
+    @Override
+    public boolean renderInRequests() {
+      return false;
+    }
+
+    @Override
+    public boolean renderInResponses() {
+      return false;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerDecorator.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerDecorator.java
new file mode 100644
index 00000000000..c0f46986cf9
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerDecorator.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+
+public class PekkoHttpServerDecorator
+    extends HttpServerDecorator<HttpRequest, HttpRequest, HttpResponse, HttpRequest> {
+  private static final CharSequence PEKKO_HTTP_SERVER = UTF8BytesString.create("pekko-http-server");
+
+  public static final PekkoHttpServerDecorator DECORATE = new PekkoHttpServerDecorator();
+  public static final CharSequence PEKKO_SERVER_REQUEST =
+      UTF8BytesString.create(DECORATE.operationName());
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"pekko-http", "pekko-http-server"};
+  }
+
+  @Override
+  protected CharSequence component() {
+    return PEKKO_HTTP_SERVER;
+  }
+
+  @Override
+  protected AgentPropagation.ContextVisitor<HttpRequest> getter() {
+    return PekkoHttpServerHeaders.requestGetter();
+  }
+
+  @Override
+  protected AgentPropagation.ContextVisitor<HttpResponse> responseGetter() {
+    return PekkoHttpServerHeaders.responseGetter();
+  }
+
+  @Override
+  public CharSequence spanName() {
+    return PEKKO_SERVER_REQUEST;
+  }
+
+  @Override
+  protected String method(final HttpRequest httpRequest) {
+    return httpRequest.method().value();
+  }
+
+  @Override
+  protected URIDataAdapter url(final HttpRequest httpRequest) {
+    return new UriAdapter(httpRequest.uri());
+  }
+
+  @Override
+  protected String peerHostIP(final HttpRequest httpRequest) {
+    return null;
+  }
+
+  @Override
+  protected int peerPort(final HttpRequest httpRequest) {
+    return 0;
+  }
+
+  @Override
+  protected int status(final HttpResponse httpResponse) {
+    return httpResponse.status().intValue();
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerHeaders.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerHeaders.java
new file mode 100644
index 00000000000..ef77b52bd53
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerHeaders.java
@@ -0,0 +1,34 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import org.apache.pekko.http.javadsl.model.HttpHeader;
+import org.apache.pekko.http.scaladsl.model.HttpMessage;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+
+public class PekkoHttpServerHeaders<T extends HttpMessage>
+    implements AgentPropagation.ContextVisitor<T> {
+
+  @SuppressWarnings("rawtypes")
+  private static final PekkoHttpServerHeaders GETTER = new PekkoHttpServerHeaders();
+
+  @SuppressWarnings("unchecked")
+  public static AgentPropagation.ContextVisitor<HttpRequest> requestGetter() {
+    return (AgentPropagation.ContextVisitor<HttpRequest>) GETTER;
+  }
+
+  @SuppressWarnings("unchecked")
+  public static AgentPropagation.ContextVisitor<HttpResponse> responseGetter() {
+    return (AgentPropagation.ContextVisitor<HttpResponse>) GETTER;
+  }
+
+  @Override
+  public void forEachKey(
+      final HttpMessage carrier, final AgentPropagation.KeyClassifier classifier) {
+    for (final HttpHeader header : carrier.getHeaders()) {
+      if (!classifier.accept(header.lowercaseName(), header.value())) {
+        return;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerInstrumentation.java
new file mode 100644
index 00000000000..7b058cedc18
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpServerInstrumentation.java
@@ -0,0 +1,96 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.NotUsed;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+import org.apache.pekko.http.scaladsl.settings.ServerSettings;
+import org.apache.pekko.stream.javadsl.BidiFlow;
+import org.apache.pekko.stream.scaladsl.Flow;
+
+/**
+ * This instrumentation wraps the user supplied request handler {@code Flow} for the pekko-http
+ * {@code bindAndHandle} method and adds spans to the incoming requests from the server flow part of
+ * the machinery.
+ *
+ * <p>Context and background:
+ *
+ * <p>A Pekko stream is driven by a state machine where the {@code GraphStageLogic} that is
+ * constructed in the {@code createLogic} method is signalling demand by pulling and propagating
+ * elements by pushing. This logic part of the state machine is driven by an {@code Actor} only
+ * executed by one thread at a time, and is hence thread safe.
+ *
+ * <p>The {@code GraphStage} described below is a blueprint, and there will be one instance of the
+ * {@code GraphStageLogic} created per connection to the server, so all requests over the same HTTP
+ * connection will be handled by a single instance, with further guarantees that the request and
+ * response elements will match up according to this.
+ * https://pekko.apache.org/docs/pekko-http/current/server-side/low-level-api.html#request-response-cycle
+ *
+ * <p>Inside a stream the elements are propagated by responding to demand, {@code onPull}, and
+ * moving elements, {@code onPush}, between an {@code Inlet} and an {@code Outlet}. This means that
+ * when the logic push the {@code HttpRequest} to the user code and return, we have not yet run any
+ * of the user request handling code, so there is no straight call chain where we send in an {@code
+ * HttpRequest} and get back an {@code HttpResponse}. Instead we need to keep track of the {@code
+ * Span} and {@code Scope} corresponding to a {@code HttpRequest} / {@code HttpResponse} pair in a
+ * queue on the side, and close the {@code Span} at the head of the queue when the corresponding
+ * {@code HttpResponse} comes back. Furthermore, this also means that there is no place where we are
+ * guaranteed to see the same scope on the top of the stack for the same thread, so we can easily
+ * close it. Instead the {@code Scope} is deliberately leaked when {@code HttpRequest} is pushed to
+ * the user code, and if the same scope is on the top if the stack when the {@code HttpResponse}
+ * comes back, it is immediately closed. If on the other hand, the scope has escaped, it will be
+ * closed by cleanup code in the message processing instrumentation for the {@code Actor} and its
+ * {@code Mailbox}.
+ */
+@AutoService(Instrumenter.class)
+public final class PekkoHttpServerInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public PekkoHttpServerInstrumentation() {
+    super("pekko-http", "pekko-http-server");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.HttpExt";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".DatadogWrapperHelper",
+      packageName + ".DatadogServerRequestResponseFlowWrapper",
+      packageName + ".DatadogServerRequestResponseFlowWrapper$1",
+      packageName + ".DatadogServerRequestResponseFlowWrapper$1$1",
+      packageName + ".DatadogServerRequestResponseFlowWrapper$1$2",
+      packageName + ".DatadogServerRequestResponseFlowWrapper$1$3",
+      packageName + ".DatadogServerRequestResponseFlowWrapper$1$4",
+      packageName + ".PekkoHttpServerHeaders",
+      packageName + ".PekkoHttpServerDecorator",
+      packageName + ".UriAdapter",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("bindAndHandle")
+            .and(takesArgument(0, named("org.apache.pekko.stream.scaladsl.Flow"))),
+        getClass().getName() + "$PekkoHttpBindAndHandleAdvice");
+  }
+
+  public static class PekkoHttpBindAndHandleAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void enter(
+        @Advice.Argument(value = 0, readOnly = false)
+            Flow<HttpRequest, HttpResponse, NotUsed> handler,
+        @Advice.Argument(value = 4, readOnly = false) ServerSettings settings) {
+      final BidiFlow<HttpResponse, HttpResponse, HttpRequest, HttpRequest, NotUsed> wrapper =
+          BidiFlow.fromGraph(new DatadogServerRequestResponseFlowWrapper(settings));
+      handler = wrapper.reversed().join(handler.asJava()).asScala();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpSingleRequestInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpSingleRequestInstrumentation.java
new file mode 100644
index 00000000000..2674e47bac3
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoHttpSingleRequestInstrumentation.java
@@ -0,0 +1,113 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.instrumentation.pekkohttp.PekkoHttpClientDecorator.DECORATE;
+import static datadog.trace.instrumentation.pekkohttp.PekkoHttpClientDecorator.PEKKO_CLIENT_REQUEST;
+import static datadog.trace.instrumentation.pekkohttp.PekkoHttpClientHelpers.OnCompleteHandler;
+import static datadog.trace.instrumentation.pekkohttp.PekkoHttpClientHelpers.PekkoHttpHeaders;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.decorator.HttpClientDecorator;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.HttpExt;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.HttpResponse;
+import scala.concurrent.Future;
+
+@AutoService(Instrumenter.class)
+public final class PekkoHttpSingleRequestInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public PekkoHttpSingleRequestInstrumentation() {
+    super("pekko-http", "pekko-http-client");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.HttpExt";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".PekkoHttpClientHelpers",
+      packageName + ".PekkoHttpClientHelpers$OnCompleteHandler",
+      packageName + ".PekkoHttpClientHelpers$PekkoHttpHeaders",
+      packageName + ".PekkoHttpClientHelpers$HasSpanHeader",
+      packageName + ".PekkoHttpClientDecorator",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    // This is mainly for compatibility with 10.0
+    transformation.applyAdvice(
+        named("singleRequest")
+            .and(takesArgument(0, named("org.apache.pekko.http.scaladsl.model.HttpRequest"))),
+        PekkoHttpSingleRequestInstrumentation.class.getName() + "$SingleRequestAdvice");
+    // This is for 10.1+
+    transformation.applyAdvice(
+        named("singleRequestImpl")
+            .and(takesArgument(0, named("org.apache.pekko.http.scaladsl.model.HttpRequest"))),
+        PekkoHttpSingleRequestInstrumentation.class.getName() + "$SingleRequestAdvice");
+  }
+
+  public static class SingleRequestAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope methodEnter(
+        @Advice.Argument(value = 0, readOnly = false) HttpRequest request) {
+      /*
+      Versions 10.0 and 10.1 have slightly different structure that is hard to distinguish so here
+      we cast 'wider net' and avoid instrumenting twice.
+      In the future we may want to separate these, but since lots of code is reused we would need to come up
+      with way of continuing to reusing it.
+       */
+      final PekkoHttpHeaders headers = new PekkoHttpHeaders(request);
+      if (headers.hadSpan()) {
+        return null;
+      }
+
+      final AgentSpan span = startSpan(PEKKO_CLIENT_REQUEST);
+      DECORATE.afterStart(span);
+      DECORATE.onRequest(span, request);
+
+      if (request != null) {
+        propagate().inject(span, request, headers);
+        propagate()
+            .injectPathwayContext(
+                span, request, headers, HttpClientDecorator.CLIENT_PATHWAY_EDGE_TAGS);
+        // Request is immutable, so we have to assign new value once we update headers
+        request = headers.getRequest();
+      }
+      return activateSpan(span);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void methodExit(
+        @Advice.This final HttpExt thiz,
+        @Advice.Return final Future<HttpResponse> responseFuture,
+        @Advice.Enter final AgentScope scope,
+        @Advice.Thrown final Throwable throwable) {
+      if (scope == null) {
+        return;
+      }
+
+      final AgentSpan span = scope.span();
+
+      if (throwable == null) {
+        responseFuture.onComplete(new OnCompleteHandler(span), thiz.system().dispatcher());
+      } else {
+        DECORATE.onError(span, throwable);
+        DECORATE.beforeFinish(span);
+        span.finish();
+      }
+      scope.close();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoPoolMasterActorInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoPoolMasterActorInstrumentation.java
new file mode 100644
index 00000000000..8df7caf89f6
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/PekkoPoolMasterActorInstrumentation.java
@@ -0,0 +1,50 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.noopSpan;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public final class PekkoPoolMasterActorInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public PekkoPoolMasterActorInstrumentation() {
+    super("pekko-http", "pekko-http-client");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.impl.engine.client.PoolMasterActor";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    // This is how scala names a method that is private to a class but is used in a PartialFunction
+    transformation.applyAdvice(
+        named("org$apache$pekko$http$impl$engine$client$PoolMasterActor$$startPoolInterface"),
+        PekkoPoolMasterActorInstrumentation.class.getName() + "$BlockPropagation");
+  }
+
+  /**
+   * This instrumentation ensures that the creation of a pool doesn't attach the current {@code
+   * Scope} to the {@code onComplete} of the {@code Future} that is only completed when the
+   * interface is shut down. This means that the {@code Trace} will finish fast, and not wait for
+   * the flush to happen.
+   */
+  public static class BlockPropagation {
+
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static AgentScope enter() {
+      return activateSpan(noopSpan());
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void exit(@Advice.Enter final AgentScope scope) {
+      scope.close();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/UriAdapter.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/UriAdapter.java
new file mode 100644
index 00000000000..3e65a163d5a
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/UriAdapter.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.pekkohttp;
+
+import datadog.trace.bootstrap.instrumentation.api.URIRawDataAdapter;
+import org.apache.pekko.http.scaladsl.model.Uri;
+import scala.Option;
+
+final class UriAdapter extends URIRawDataAdapter {
+
+  private final Uri uri;
+
+  UriAdapter(Uri uri) {
+    this.uri = uri;
+  }
+
+  @Override
+  public String scheme() {
+    return uri.scheme();
+  }
+
+  @Override
+  public String host() {
+    return uri.authority().host().address();
+  }
+
+  @Override
+  public int port() {
+    return uri.authority().port();
+  }
+
+  @Override
+  protected String innerRawPath() {
+    return uri.path().toString();
+  }
+
+  @Override
+  public String fragment() {
+    return getOrElseNull(uri.fragment());
+  }
+
+  @Override
+  protected String innerRawQuery() {
+    return getOrElseNull(uri.rawQueryString());
+  }
+
+  private static String getOrElseNull(Option<String> optional) {
+    if (optional.nonEmpty()) {
+      return optional.get();
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/CookieDirectivesInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/CookieDirectivesInstrumentation.java
new file mode 100644
index 00000000000..4bc603112bd
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/CookieDirectivesInstrumentation.java
@@ -0,0 +1,73 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.instrumentation.pekkohttp.iast.TraitMethodMatchers.isTraitDirectiveMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintCookieFunction;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintOptionalCookieFunction;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.server.Directive;
+import org.apache.pekko.http.scaladsl.server.util.Tupler$;
+
+/**
+ * Instruments the cookie directives by wrapping the returned directive so that when a cookie is
+ * passed it is tainted just before being handed to the original directive.
+ *
+ * <p>These directives are used when fetching a specific cookie by name. For tainting when fetching
+ * all the cookies, see {@link CookieHeaderInstrumentation}.
+ */
+@AutoService(Instrumenter.class)
+public class CookieDirectivesInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForKnownTypes {
+  public CookieDirectivesInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      // "org.apache.pekko.http.scaladsl.server.directives.CookieDirectives$class", // scala 2.11
+      "org.apache.pekko.http.scaladsl.server.directives.CookieDirectives", // scala 2.12+ (default
+      // methods)
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.TaintCookieFunction",
+      packageName + ".helpers.TaintOptionalCookieFunction",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    String traitName = "org.apache.pekko.http.scaladsl.server.directives.CookieDirectives";
+    transformation.applyAdvice(
+        isTraitDirectiveMethod(traitName, "cookie", "java.lang.String"),
+        CookieDirectivesInstrumentation.class.getName() + "$TaintCookieAdvice");
+    transformation.applyAdvice(
+        isTraitDirectiveMethod(traitName, "optionalCookie", "java.lang.String"),
+        CookieDirectivesInstrumentation.class.getName() + "$TaintOptionalCookieAdvice");
+  }
+
+  static class TaintCookieAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive = directive.tmap(TaintCookieFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+
+  static class TaintOptionalCookieAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive =
+          directive.tmap(TaintOptionalCookieFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/CookieHeaderInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/CookieHeaderInstrumentation.java
new file mode 100644
index 00000000000..26c50e2fde2
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/CookieHeaderInstrumentation.java
@@ -0,0 +1,75 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.javadsl.model.HttpHeader;
+import org.apache.pekko.http.scaladsl.model.headers.Cookie;
+import org.apache.pekko.http.scaladsl.model.headers.HttpCookiePair;
+import scala.collection.Iterator;
+import scala.collection.immutable.Seq;
+
+/**
+ * Propagates header taint when calling {@link Cookie#cookies()}.
+ *
+ * @see Cookie#getCookies() Java API. Is implemented by delegating to the instrumented method.
+ */
+@AutoService(Instrumenter.class)
+public class CookieHeaderInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public CookieHeaderInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.model.headers.Cookie";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("cookies"))
+            .and(returns(named("scala.collection.immutable.Seq")))
+            .and(takesArguments(0)),
+        CookieHeaderInstrumentation.class.getName() + "$TaintAllCookiesAdvice");
+  }
+
+  static class TaintAllCookiesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
+    static void after(
+        @Advice.This HttpHeader cookie, @Advice.Return Seq<HttpCookiePair> cookiePairs) {
+      PropagationModule prop = InstrumentationBridge.PROPAGATION;
+      if (prop == null || cookiePairs == null || cookiePairs.isEmpty()) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      if (!prop.isTainted(ctx, cookie)) {
+        return;
+      }
+
+      Iterator<HttpCookiePair> iterator = cookiePairs.iterator();
+      while (iterator.hasNext()) {
+        HttpCookiePair pair = iterator.next();
+        final String name = pair.name(), value = pair.value();
+        prop.taint(ctx, name, SourceTypes.REQUEST_COOKIE_NAME, name);
+        prop.taint(ctx, value, SourceTypes.REQUEST_COOKIE_VALUE, name);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ExtractDirectivesInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ExtractDirectivesInstrumentation.java
new file mode 100644
index 00000000000..219e3f05009
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ExtractDirectivesInstrumentation.java
@@ -0,0 +1,98 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.instrumentation.pekkohttp.iast.TraitMethodMatchers.isTraitDirectiveMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintRequestContextFunction;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintRequestFunction;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintUriFunction;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.model.Uri;
+import org.apache.pekko.http.scaladsl.server.Directive;
+import org.apache.pekko.http.scaladsl.server.RequestContext;
+import org.apache.pekko.http.scaladsl.server.RequestContextImpl;
+import org.apache.pekko.http.scaladsl.server.directives.BasicDirectives$;
+import org.apache.pekko.http.scaladsl.server.util.Tupler$;
+
+/**
+ * Wraps the directives created by calling the trait methods {@link BasicDirectives$#extractUri()},
+ * {@link BasicDirectives$#extractRequest()} and {@link BasicDirectives$#extractRequestContext()}.
+ * The wrapper taints the {@link Uri}, {@link HttpRequest} or {@link RequestContext}, respectively.
+ *
+ * @see MakeTaintableInstrumentation makes {@link Uri}, {@link HttpRequest} and {@link
+ *     RequestContextImpl} taintable
+ * @see UriInstrumentation instruments query methods on Uri to propagate taint to query strings
+ * @see HttpRequestInstrumentation propagates taint from {@link HttpRequest} to the headers
+ * @see RequestContextInstrumentation progapates taint from {@link RequestContextImpl} to {@link
+ *     HttpRequest}
+ * @see UnmarshallerInstrumentation propagates taint on unmarshalling of {@link HttpRequest}
+ */
+@AutoService(Instrumenter.class)
+public class ExtractDirectivesInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForKnownTypes {
+  public ExtractDirectivesInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "org.apache.pekko.http.scaladsl.server.directives.BasicDirectives$class",
+      "org.apache.pekko.http.scaladsl.server.directives.BasicDirectives",
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.TaintUriFunction",
+      packageName + ".helpers.TaintRequestFunction",
+      packageName + ".helpers.TaintRequestContextFunction",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    instrumentDirective(transformation, "extractUri", "TaintUriDirectiveAdvice");
+    instrumentDirective(transformation, "extractRequest", "TaintRequestDirectiveAdvice");
+    instrumentDirective(
+        transformation, "extractRequestContext", "TaintRequestContextDirectiveAdvice");
+  }
+
+  private void instrumentDirective(
+      AdviceTransformation transformation, String method, String advice) {
+    transformation.applyAdvice(
+        isTraitDirectiveMethod(
+            "org.apache.pekko.http.scaladsl.server.directives.BasicDirectives", method),
+        ExtractDirectivesInstrumentation.class.getName() + '$' + advice);
+  }
+
+  static class TaintUriDirectiveAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_QUERY)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive = directive.tmap(TaintUriFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+
+  static class TaintRequestDirectiveAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive = directive.tmap(TaintRequestFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+
+  static class TaintRequestContextDirectiveAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive =
+          directive.tmap(TaintRequestContextFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormDataInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormDataInstrumentation.java
new file mode 100644
index 00000000000..3d162ec2728
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormDataInstrumentation.java
@@ -0,0 +1,46 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import org.apache.pekko.http.scaladsl.model.FormData;
+import org.apache.pekko.http.scaladsl.model.Uri;
+
+/**
+ * Propagate taint from {@link FormData} to {@link Uri.Query}. <code>FormData</code> gets tainted
+ * through the unmarshaller tainting mechanism. See {@link MarshallingDirectivesInstrumentation} and
+ * {@link UnmarshallerInstrumentation}.
+ */
+@AutoService(Instrumenter.class)
+public class FormDataInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public FormDataInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.model.FormData";
+  }
+
+  /**
+   * @param transformation
+   * @see UriInstrumentation.TaintQueryAdvice
+   */
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("fields"))
+            .and(takesArguments(0))
+            .and(returns(named("org.apache.pekko.http.scaladsl.model.Uri$Query"))),
+        "datadog.trace.instrumentation.pekkohttp.iast.UriInstrumentation$TaintQueryAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormFieldDirectivesImplInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormFieldDirectivesImplInstrumentation.java
new file mode 100644
index 00000000000..cf57bc84bdd
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormFieldDirectivesImplInstrumentation.java
@@ -0,0 +1,12 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+
+@AutoService(Instrumenter.class)
+public class FormFieldDirectivesImplInstrumentation extends ParameterDirectivesImplInstrumentation {
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.server.directives.FormFieldDirectives$Impl$";
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormFieldDirectivesInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormFieldDirectivesInstrumentation.java
new file mode 100644
index 00000000000..38dd9e6f995
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/FormFieldDirectivesInstrumentation.java
@@ -0,0 +1,137 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.instrumentation.pekkohttp.iast.TraitMethodMatchers.isTraitDirectiveMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintSingleParameterFunction;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.implementation.bytecode.assign.Assigner;
+import org.apache.pekko.http.scaladsl.server.Directive;
+import org.apache.pekko.http.scaladsl.server.directives.FormFieldDirectives;
+import org.apache.pekko.http.scaladsl.server.util.Tupler$;
+
+/**
+ * Instruments the from field related directives. These work both for urlencoded and multipart
+ * entities.
+ *
+ * @see FormFieldDirectives
+ * @see ParameterDirectivesInstrumentation with which most of the implementation is shared
+ */
+@AutoService(Instrumenter.class)
+public class FormFieldDirectivesInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForKnownTypes {
+
+  private static final String TRAIT_CLASS =
+      "org.apache.pekko.http.scaladsl.server.directives.FormFieldDirectives";
+
+  public FormFieldDirectivesInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      TRAIT_CLASS + "$class", TRAIT_CLASS,
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.ScalaToJava",
+      packageName + ".helpers.TaintMultiMapFunction",
+      packageName + ".helpers.TaintMapFunction",
+      packageName + ".helpers.TaintSeqFunction",
+      packageName + ".helpers.TaintSingleParameterFunction",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    // the Java API delegates to the Scala API
+    transformDirective(transformation, "formFieldMultiMap", "TaintMultiMapDirectiveAdvice");
+    transformDirective(transformation, "formFieldMap", "TaintMapDirectiveAdvice");
+    transformDirective(transformation, "formFieldSeq", "TaintSeqDirectiveAdvice");
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(isStatic())
+            .and(named("formField").or(named("formFields")))
+            .and(returns(Object.class))
+            .and(takesArguments(2))
+            .and(
+                takesArgument(
+                    0,
+                    named("org.apache.pekko.http.scaladsl.server.directives.FormFieldDirectives")))
+            .and(
+                takesArgument(
+                    1,
+                    named(
+                        "org.apache.pekko.http.scaladsl.server.directives.FormFieldDirectives$FieldMagnet"))),
+        FormFieldDirectivesInstrumentation.class.getName()
+            + "$TaintSingleFormFieldDirectiveOldScalaAdvice");
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("formField").or(named("formFields")))
+            .and(
+                returns(Object.class)
+                    .or(returns(named("org.apache.pekko.http.scaladsl.server.Directive"))))
+            .and(takesArguments(1))
+            .and(
+                takesArgument(
+                    0,
+                    named(
+                        "org.apache.pekko.http.scaladsl.server.directives.FormFieldDirectives$FieldMagnet"))),
+        FormFieldDirectivesInstrumentation.class.getName()
+            + "$TaintSingleFormFieldDirectiveNewScalaAdvice");
+  }
+
+  private void transformDirective(
+      AdviceTransformation transformation, String methodName, String adviceClass) {
+    transformation.applyAdvice(
+        isTraitDirectiveMethod(TRAIT_CLASS, methodName),
+        ParameterDirectivesInstrumentation.class.getName() + "$" + adviceClass);
+  }
+
+  static class TaintSingleFormFieldDirectiveOldScalaAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(
+        @Advice.Return(readOnly = false, typing = Assigner.Typing.DYNAMIC) Directive retval,
+        @Advice.Argument(1) FormFieldDirectives.FieldMagnet fmag) {
+      try {
+        retval =
+            retval.tmap(new TaintSingleParameterFunction<>(fmag), Tupler$.MODULE$.forTuple(null));
+      } catch (Exception e) {
+        throw new RuntimeException(e); // propagate so it's logged
+      }
+    }
+  }
+
+  static class TaintSingleFormFieldDirectiveNewScalaAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(
+        @Advice.Return(readOnly = false, typing = Assigner.Typing.DYNAMIC) Directive retval,
+        @Advice.Argument(0) FormFieldDirectives.FieldMagnet fmag) {
+      try {
+        retval =
+            retval.tmap(new TaintSingleParameterFunction<>(fmag), Tupler$.MODULE$.forTuple(null));
+      } catch (Exception e) {
+        throw new RuntimeException(e); // propagate so it's logged
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HeaderNameCallSite.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HeaderNameCallSite.java
new file mode 100644
index 00000000000..c6bdbd2871b
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HeaderNameCallSite.java
@@ -0,0 +1,36 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import org.apache.pekko.http.javadsl.model.HttpHeader;
+
+/**
+ * Detects when a header name is directly called from user code. This uses call site instrumentation
+ * because there are many calls to {@link HttpHeader#name()} inside pekko-http code that we don't
+ * care about.
+ */
+@Source(value = SourceTypes.REQUEST_HEADER_NAME)
+@CallSite(spi = IastCallSites.class)
+public class HeaderNameCallSite {
+
+  @CallSite.After("java.lang.String org.apache.pekko.http.javadsl.model.HttpHeader.name()")
+  @CallSite.After(
+      "java.lang.String org.apache.pekko.http.scaladsl.model.HttpHeader.name()") // subtype of the
+  // first
+  public static String after(@CallSite.This HttpHeader header, @CallSite.Return String result) {
+    PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module == null) {
+      return result;
+    }
+    try {
+      module.taintIfTainted(result, header, SourceTypes.REQUEST_HEADER_NAME, result);
+    } catch (final Throwable e) {
+      module.onUnexpectedException("onHeaderNames threw", e);
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HttpHeaderSubclassesInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HttpHeaderSubclassesInstrumentation.java
new file mode 100644
index 00000000000..f8e5e45407f
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HttpHeaderSubclassesInstrumentation.java
@@ -0,0 +1,68 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.nameStartsWith;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.apache.pekko.http.scaladsl.model.HttpHeader;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+
+/**
+ * Propagates taint from {@link HttpHeader} to their values, when they're retrieved.
+ *
+ * @see MakeTaintableInstrumentation makes {@link HttpHeader} taintable
+ * @see HttpRequestInstrumentation propagates taint from {@link HttpRequest} to the headers, when
+ *     they're retrieved
+ */
+@AutoService(Instrumenter.class)
+public class HttpHeaderSubclassesInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForTypeHierarchy {
+  public HttpHeaderSubclassesInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "org.apache.pekko.http.scaladsl.model.HttpHeader";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return nameStartsWith("org.apache.pekko.http.scaladsl.model.")
+        .and(not(named(hierarchyMarkerType())))
+        .and(extendsClass(named(hierarchyMarkerType())));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("value")).and(takesArguments(0)).and(returns(String.class)),
+        HttpHeaderSubclassesInstrumentation.class.getName() + "$HttpHeaderSubclassesAdvice");
+  }
+
+  static class HttpHeaderSubclassesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    static void onExit(@Advice.This HttpHeader h, @Advice.Return String retVal) {
+
+      PropagationModule propagation = InstrumentationBridge.PROPAGATION;
+      if (propagation == null) {
+        return;
+      }
+
+      propagation.taintIfTainted(retVal, h);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HttpRequestInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HttpRequestInstrumentation.java
new file mode 100644
index 00000000000..147fc5e8da4
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/HttpRequestInstrumentation.java
@@ -0,0 +1,106 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.implementation.bytecode.assign.Assigner.Typing.DYNAMIC;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.model.HttpHeader;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import scala.collection.Iterator;
+import scala.collection.immutable.Seq;
+
+/**
+ * Propagates taint from the {@link HttpRequest} to the headers and to the entity.
+ *
+ * @see MakeTaintableInstrumentation makes {@link HttpRequest} taintable
+ */
+@AutoService(Instrumenter.class)
+public class HttpRequestInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public HttpRequestInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.model.HttpRequest";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("headers"))
+            .and(returns(named("scala.collection.immutable.Seq")))
+            .and(takesArguments(0)),
+        HttpRequestInstrumentation.class.getName() + "$RequestHeadersAdvice");
+
+    transformation.applyAdvice(
+        isMethod().and(isPublic()).and(not(isStatic())).and(named("entity")).and(takesArguments(0)),
+        HttpRequestInstrumentation.class.getName() + "$EntityAdvice");
+  }
+
+  @SuppressFBWarnings("BC_IMPOSSIBLE_INSTANCEOF")
+  static class RequestHeadersAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
+    static void onExit(
+        @Advice.This HttpRequest thiz, @Advice.Return(readOnly = false) Seq<HttpHeader> headers) {
+      PropagationModule propagation = InstrumentationBridge.PROPAGATION;
+      if (propagation == null || headers == null || headers.isEmpty()) {
+        return;
+      }
+
+      if (!propagation.isTainted(thiz)) {
+        return;
+      }
+
+      final IastContext ctx = IastContext.Provider.get();
+      Iterator<HttpHeader> iterator = headers.iterator();
+      while (iterator.hasNext()) {
+        HttpHeader h = iterator.next();
+        if (propagation.isTainted(h)) {
+          continue;
+        }
+        // unfortunately, the call to h.value() is instrumented, but
+        // because the call to taint() only happens after, the call is a noop
+        propagation.taint(ctx, h, SourceTypes.REQUEST_HEADER_VALUE, h.name(), h.value());
+      }
+    }
+  }
+
+  static class EntityAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    static void onExit(
+        @Advice.This HttpRequest thiz,
+        @Advice.Return(readOnly = false, typing = DYNAMIC) Object entity) {
+      PropagationModule propagation = InstrumentationBridge.PROPAGATION;
+      if (propagation == null || entity == null) {
+        return;
+      }
+
+      if (propagation.isTainted(entity)) {
+        return;
+      }
+
+      propagation.taintIfTainted(entity, thiz);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/MakeTaintableInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/MakeTaintableInstrumentation.java
new file mode 100644
index 00000000000..8fe40bad840
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/MakeTaintableInstrumentation.java
@@ -0,0 +1,42 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.bytebuddy.iast.TaintableVisitor;
+
+@AutoService(Instrumenter.class)
+public class MakeTaintableInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForKnownTypes {
+  public MakeTaintableInstrumentation() {
+    super("pekko-http");
+  }
+
+  /**
+   * @see org.apache.pekko.http.scaladsl.model.HttpHeader
+   * @return the matching types
+   */
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "org.apache.pekko.http.javadsl.model.HttpHeader", // scaladsl versions extends
+      // javadsl.m.HttpHeader
+      "org.apache.pekko.http.scaladsl.model.Uri", // javadsl version wraps scaladsl version
+      "org.apache.pekko.http.scaladsl.model.HttpRequest", // javadsl is abstract superclass, but
+      // scaladsl is
+      // concrete types of request entities
+      "org.apache.pekko.http.scaladsl.model.HttpEntity$Strict",
+      "org.apache.pekko.http.scaladsl.model.HttpEntity$Default",
+      "org.apache.pekko.http.scaladsl.model.HttpEntity$Chunked",
+      // only impl
+      "org.apache.pekko.http.scaladsl.server.RequestContextImpl",
+    };
+  }
+
+  @Override
+  public AdviceTransformer transformer() {
+    return new VisitingTransformer(new TaintableVisitor(knownMatchingTypes()));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {}
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/MarshallingDirectivesInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/MarshallingDirectivesInstrumentation.java
new file mode 100644
index 00000000000..14da9ee2968
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/MarshallingDirectivesInstrumentation.java
@@ -0,0 +1,104 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintUnmarshaller;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.server.directives.MarshallingDirectives$;
+import org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller;
+
+/**
+ * Instruments {@link MarshallingDirectives$#entity(Unmarshaller)} in order to wrap the marshaller
+ * so that the input it gets is tainted (source).
+ *
+ * @see UnmarshallerInstrumentation unconditionally taints marshaller output if its input is tainted
+ */
+@AutoService(Instrumenter.class)
+public class MarshallingDirectivesInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForKnownTypes {
+
+  public MarshallingDirectivesInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "org.apache.pekko.http.scaladsl.server.directives.MarshallingDirectives$class",
+      "org.apache.pekko.http.scaladsl.server.directives.MarshallingDirectives",
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.TaintUnmarshaller",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isStatic())
+            .and(named("entity"))
+            .and(returns(named("org.apache.pekko.http.scaladsl.server.Directive")))
+            .and(takesArguments(2))
+            .and(
+                takesArgument(
+                    0,
+                    named(
+                        "org.apache.pekko.http.scaladsl.server.directives.MarshallingDirectives")))
+            .and(
+                takesArgument(
+                    1, named("org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller"))),
+        MarshallingDirectivesInstrumentation.class.getName()
+            + "$TaintUnmarshallerInputOldScalaAdvice");
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("entity"))
+            .and(returns(named("org.apache.pekko.http.scaladsl.server.Directive")))
+            .and(takesArguments(1))
+            .and(
+                takesArgument(
+                    1, named("org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller"))),
+        MarshallingDirectivesInstrumentation.class.getName()
+            + "$TaintUnmarshallerInputNewScalaAdvice");
+  }
+
+  static class TaintUnmarshallerInputOldScalaAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
+    static void before(@Advice.Argument(readOnly = false, value = 1) Unmarshaller unmarshaller) {
+      PropagationModule mod = InstrumentationBridge.PROPAGATION;
+      if (mod != null) {
+        unmarshaller = new TaintUnmarshaller(mod, unmarshaller);
+      }
+    }
+  }
+
+  static class TaintUnmarshallerInputNewScalaAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
+    static void before(@Advice.Argument(readOnly = false, value = 0) Unmarshaller unmarshaller) {
+      PropagationModule mod = InstrumentationBridge.PROPAGATION;
+      if (mod != null) {
+        unmarshaller = new TaintUnmarshaller(mod, unmarshaller);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ParameterDirectivesImplInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ParameterDirectivesImplInstrumentation.java
new file mode 100644
index 00000000000..59799d290bd
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ParameterDirectivesImplInstrumentation.java
@@ -0,0 +1,103 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintParametersFunction;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.server.Directive;
+import org.apache.pekko.http.scaladsl.server.util.Tupler$;
+
+@AutoService(Instrumenter.class)
+public class ParameterDirectivesImplInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public ParameterDirectivesImplInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives$Impl$";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.TaintParametersFunction",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    // just so we can use assertInverse in the muzzle directive
+    return new Reference[] {new Reference.Builder(instrumentedType()).build()};
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("filter"))
+            .and(takesArguments(2))
+            .and(takesArgument(0, String.class))
+            .and(
+                takesArgument(
+                    1, named("org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller")))
+            .and(returns(named("org.apache.pekko.http.scaladsl.server.Directive"))),
+        ParameterDirectivesImplInstrumentation.class.getName() + "$FilterAdvice");
+
+    // requiredFilter not relevant
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("repeatedFilter"))
+            .and(takesArguments(2))
+            .and(takesArgument(0, String.class))
+            .and(
+                takesArgument(
+                    1, named("org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller")))
+            .and(returns(named("org.apache.pekko.http.scaladsl.server.Directive"))),
+        ParameterDirectivesImplInstrumentation.class.getName() + "$RepeatedFilterAdvice");
+  }
+
+  static class FilterAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(
+        @Advice.Argument(0) String paramName,
+        @Advice.Return(readOnly = false) Directive /*<Tuple1<?>>*/ retval) {
+      try {
+        retval =
+            retval.tmap(new TaintParametersFunction(paramName), Tupler$.MODULE$.forTuple(null));
+      } catch (Exception e) {
+        throw new RuntimeException(e); // propagate so it's logged
+      }
+    }
+  }
+
+  static class RepeatedFilterAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(
+        @Advice.Argument(0) String paramName,
+        @Advice.Return(readOnly = false) Directive /*<Tuple1<Iterable<?>>>*/ retval) {
+      try {
+        retval =
+            retval.tmap(new TaintParametersFunction(paramName), Tupler$.MODULE$.forTuple(null));
+      } catch (Exception e) {
+        throw new RuntimeException(e); // propagate so it's logged
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ParameterDirectivesInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ParameterDirectivesInstrumentation.java
new file mode 100644
index 00000000000..98104fc2337
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/ParameterDirectivesInstrumentation.java
@@ -0,0 +1,170 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintMapFunction;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintMultiMapFunction;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintSeqFunction;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintSingleParameterFunction;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.server.Directive;
+import org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives;
+import org.apache.pekko.http.scaladsl.server.util.Tupler$;
+
+/**
+ * Instruments the query parameter related directives. It works by wrapping the directives the
+ * parameter is tainted before being passed the original directive.
+ *
+ * @see org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives
+ */
+@AutoService(Instrumenter.class)
+public class ParameterDirectivesInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForKnownTypes {
+  private static final String TRAIT_NAME =
+      "org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives";
+
+  public ParameterDirectivesInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      TRAIT_NAME + "$class", TRAIT_NAME,
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.ScalaToJava",
+      packageName + ".helpers.TaintMultiMapFunction",
+      packageName + ".helpers.TaintMapFunction",
+      packageName + ".helpers.TaintSeqFunction",
+      packageName + ".helpers.TaintSingleParameterFunction",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    // the Java API delegates to the Scala API
+    transformDirective(transformation, "parameterMultiMap", "TaintMultiMapDirectiveAdvice");
+    transformDirective(transformation, "parameterMap", "TaintMapDirectiveAdvice");
+    transformDirective(transformation, "parameterSeq", "TaintSeqDirectiveAdvice");
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(isStatic())
+            .and(named("parameter").or(named("parameters")))
+            .and(returns(Object.class))
+            .and(takesArguments(2))
+            .and(
+                takesArgument(
+                    0,
+                    named("org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives")))
+            .and(
+                takesArgument(
+                    1,
+                    named(
+                        "org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives$ParamMagnet"))),
+        ParameterDirectivesInstrumentation.class.getName()
+            + "$TaintSingleParameterDirectiveOldScalaAdvice");
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("parameter").or(named("parameters")))
+            .and(
+                returns(Object.class)
+                    .or(returns(named("org.apache.pekko.http.scaladsl.server.Directive"))))
+            .and(takesArguments(1))
+            .and(
+                takesArgument(
+                    0,
+                    named(
+                        "org.apache.pekko.http.scaladsl.server.directives.ParameterDirectives$ParamMagnet"))),
+        ParameterDirectivesInstrumentation.class.getName()
+            + "$TaintSingleParameterDirectiveNewScalaAdvice");
+  }
+
+  private void transformDirective(
+      AdviceTransformation transformation, String methodName, String adviceClass) {
+    transformation.applyAdvice(
+        TraitMethodMatchers.isTraitDirectiveMethod(TRAIT_NAME, methodName),
+        ParameterDirectivesInstrumentation.class.getName() + "$" + adviceClass);
+  }
+
+  static class TaintMultiMapDirectiveAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive = directive.tmap(TaintMultiMapFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+
+  static class TaintMapDirectiveAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive = directive.tmap(TaintMapFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+
+  static class TaintSeqDirectiveAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(@Advice.Return(readOnly = false) Directive directive) {
+      directive = directive.tmap(TaintSeqFunction.INSTANCE, Tupler$.MODULE$.forTuple(null));
+    }
+  }
+
+  static class TaintSingleParameterDirectiveOldScalaAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(
+        @Advice.Return(readOnly = false) Object retval,
+        @Advice.Argument(1) ParameterDirectives.ParamMagnet pmag) {
+      if (!(retval instanceof Directive)) {
+        return;
+      }
+
+      try {
+        retval =
+            ((Directive) retval)
+                .tmap(new TaintSingleParameterFunction<>(pmag), Tupler$.MODULE$.forTuple(null));
+      } catch (Exception e) {
+        throw new RuntimeException(e); // propagate so it's logged
+      }
+    }
+  }
+
+  static class TaintSingleParameterDirectiveNewScalaAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(
+        @Advice.Return(readOnly = false) Object retval,
+        @Advice.Argument(0) ParameterDirectives.ParamMagnet pmag) {
+      if (!(retval instanceof Directive)) {
+        return;
+      }
+
+      try {
+        retval =
+            ((Directive) retval)
+                .tmap(new TaintSingleParameterFunction<>(pmag), Tupler$.MODULE$.forTuple(null));
+      } catch (Exception e) {
+        throw new RuntimeException(e); // propagate so it's logged
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/PathMatcherInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/PathMatcherInstrumentation.java
new file mode 100644
index 00000000000..0f5bb1c15e3
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/PathMatcherInstrumentation.java
@@ -0,0 +1,76 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.advice.ActiveRequestContext;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * Taints request uri parameters by instrumenting the constructor of {@link
+ * org.apache.pekko.http.scaladsl.server.PathMatcher.Matched}.
+ */
+@AutoService(Instrumenter.class)
+public class PathMatcherInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public PathMatcherInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.server.PathMatcher$Matched";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(3))
+            .and(takesArgument(0, named("org.apache.pekko.http.scaladsl.model.Uri$Path")))
+            .and(takesArgument(1, Object.class))
+            .and(takesArgument(2, named("org.apache.pekko.http.scaladsl.server.util.Tuple"))),
+        PathMatcherInstrumentation.class.getName() + "$PathMatcherAdvice");
+  }
+
+  @RequiresRequestContext(RequestContextSlot.IAST)
+  static class PathMatcherAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PATH_PARAMETER)
+    static void onExit(
+        @Advice.Argument(1) Object extractions, @ActiveRequestContext RequestContext reqCtx) {
+      if (!(extractions instanceof scala.Tuple1)) {
+        return;
+      }
+
+      PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+
+      scala.Tuple1 tuple = (scala.Tuple1) extractions;
+      Object value = tuple._1();
+
+      // in the test, 4 instances of PathMatcher$Match are created, all with the same value
+      if (module.isTainted(value)) {
+        return;
+      }
+
+      if (value instanceof String) {
+        module.taint(
+            reqCtx.getData(RequestContextSlot.IAST), value, SourceTypes.REQUEST_PATH_PARAMETER);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/RequestContextInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/RequestContextInstrumentation.java
new file mode 100644
index 00000000000..dfd43a8f0c7
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/RequestContextInstrumentation.java
@@ -0,0 +1,59 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import org.apache.pekko.http.scaladsl.server.RequestContext;
+
+/** Propagates taint when fetching the {@link HttpRequest} from the {@link RequestContext}. */
+@AutoService(Instrumenter.class)
+public class RequestContextInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public RequestContextInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.server.RequestContextImpl";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("request"))
+            .and(returns(named("org.apache.pekko.http.scaladsl.model.HttpRequest")))
+            .and(takesArguments(0)),
+        RequestContextInstrumentation.class.getName() + "$GetRequestAdvice");
+  }
+
+  @SuppressFBWarnings("BC_IMPOSSIBLE_INSTANCEOF")
+  static class GetRequestAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    static void onExit(
+        @Advice.This RequestContext requestContext, @Advice.Return HttpRequest request) {
+
+      PropagationModule propagation = InstrumentationBridge.PROPAGATION;
+      if (propagation == null || propagation.isTainted(request)) {
+        return;
+      }
+
+      propagation.taintIfTainted(request, requestContext);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/TraitMethodMatchers.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/TraitMethodMatchers.java
new file mode 100644
index 00000000000..abd2a1d5f25
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/TraitMethodMatchers.java
@@ -0,0 +1,35 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+public class TraitMethodMatchers {
+  public static ElementMatcher.Junction<MethodDescription> isTraitDirectiveMethod(
+      String traitName, String name, String... argumentTypes) {
+
+    ElementMatcher.Junction<MethodDescription> scalaOldArgs =
+        isStatic()
+            .and(takesArguments(argumentTypes.length + 1))
+            .and(takesArgument(0, named(traitName)));
+    ElementMatcher.Junction<MethodDescription> scalaNewArgs =
+        not(isStatic()).and(takesArguments(argumentTypes.length));
+
+    for (int i = 0; i < argumentTypes.length; i++) {
+      scalaOldArgs = scalaOldArgs.and(takesArgument(i + 1, named(argumentTypes[i])));
+      scalaNewArgs = scalaNewArgs.and(takesArgument(i, named(argumentTypes[i])));
+    }
+
+    return isMethod()
+        .and(named(name))
+        .and(returns(named("org.apache.pekko.http.scaladsl.server.Directive")))
+        .and(scalaOldArgs.or(scalaNewArgs));
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/UnmarshallerInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/UnmarshallerInstrumentation.java
new file mode 100644
index 00000000000..5ace9ebf611
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/UnmarshallerInstrumentation.java
@@ -0,0 +1,87 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.nameStartsWith;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import datadog.trace.instrumentation.pekkohttp.iast.helpers.TaintFutureHelper;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import org.apache.pekko.http.javadsl.unmarshalling.Unmarshaller;
+import scala.concurrent.ExecutionContext;
+import scala.concurrent.Future;
+
+/**
+ * Unconditionally taints an {@link Unmarshaller}'s output if its input is tainted. Note that this
+ * only targets the unmarshallers included in pekko-http.
+ *
+ * <p>This enables propagation when unmarshallers are applied to the output of other unmarshallers.
+ * If, on the other hand, the unmarshallers transform input before passing it to their inner
+ * unmarshallers, this propagation mechanism will not work.
+ */
+@AutoService(Instrumenter.class)
+public class UnmarshallerInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForTypeHierarchy {
+  public UnmarshallerInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".helpers.TaintFutureHelper",
+    };
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return nameStartsWith("org.apache.pekko.http.scaladsl.unmarshalling.")
+        .and(implementsInterface(named(hierarchyMarkerType())));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("apply"))
+            .and(returns(named("scala.concurrent.Future")))
+            .and(takesArguments(3))
+            .and(takesArgument(0, Object.class))
+            .and(takesArgument(1, named("scala.concurrent.ExecutionContext")))
+            .and(takesArgument(2, named("org.apache.pekko.stream.Materializer"))),
+        UnmarshallerInstrumentation.class.getName() + "$PropagateTaintOnApplyAdvice");
+  }
+
+  static class PropagateTaintOnApplyAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    static void after(
+        @Advice.Return(readOnly = false) Future<?> result,
+        @Advice.Argument(0) Object input,
+        @Advice.Argument(1) ExecutionContext ec) {
+      PropagationModule mod = InstrumentationBridge.PROPAGATION;
+      if (mod == null) {
+        return;
+      }
+      result = TaintFutureHelper.wrapFuture(result, input, mod, ec);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/UriInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/UriInstrumentation.java
new file mode 100644
index 00000000000..5cdb355f0f1
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/UriInstrumentation.java
@@ -0,0 +1,101 @@
+package datadog.trace.instrumentation.pekkohttp.iast;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import net.bytebuddy.asm.Advice;
+import org.apache.pekko.http.scaladsl.model.Uri;
+import scala.Tuple2;
+import scala.collection.Iterator;
+
+/** Propagates taint from a {@link Uri} to query strings fetched from it. */
+@AutoService(Instrumenter.class)
+public class UriInstrumentation extends Instrumenter.Iast implements Instrumenter.ForSingleType {
+  public UriInstrumentation() {
+    super("pekko-http");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.apache.pekko.http.scaladsl.model.Uri";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("queryString"))
+            .and(returns(named("scala.Option")))
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("java.nio.charset.Charset"))),
+        UriInstrumentation.class.getName() + "$TaintQueryStringAdvice");
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("rawQueryString"))
+            .and(returns(named("scala.Option")))
+            .and(takesArguments(0)),
+        UriInstrumentation.class.getName() + "$TaintQueryStringAdvice");
+    transformation.applyAdvice(
+        isMethod()
+            .and(not(isStatic()))
+            .and(named("query"))
+            .and(returns(named("org.apache.pekko.http.scaladsl.model.Uri$Query")))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("java.nio.charset.Charset")))
+            .and(takesArgument(1, named("org.apache.pekko.http.scaladsl.model.Uri$ParsingMode"))),
+        UriInstrumentation.class.getName() + "$TaintQueryAdvice");
+  }
+
+  static class TaintQueryStringAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Propagation
+    static void after(@Advice.This Uri uri, @Advice.Return scala.Option<String> ret) {
+      PropagationModule mod = InstrumentationBridge.PROPAGATION;
+      if (mod == null || ret.isEmpty()) {
+        return;
+      }
+      mod.taintIfTainted(ret.get(), uri);
+    }
+  }
+
+  public static class TaintQueryAdvice {
+    // bind uri to a variable of type Object so that this advice can also
+    // be used from FromDataInstrumentaton
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    static void after(@Advice.This /*Uri*/ Object uri, @Advice.Return Uri.Query ret) {
+      PropagationModule prop = InstrumentationBridge.PROPAGATION;
+      if (prop == null || ret.isEmpty()) {
+        return;
+      }
+
+      final IastContext ctx = IastContext.Provider.get();
+      if (!prop.isTainted(ctx, uri)) {
+        return;
+      }
+
+      Iterator<Tuple2<String, String>> iterator = ret.iterator();
+      while (iterator.hasNext()) {
+        Tuple2<String, String> pair = iterator.next();
+        final String name = pair._1(), value = pair._2();
+        prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+        prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/ScalaToJava.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/ScalaToJava.java
new file mode 100644
index 00000000000..ea95e7fa946
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/ScalaToJava.java
@@ -0,0 +1,28 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import java.util.ArrayList;
+import scala.collection.Iterator;
+import scala.collection.immutable.List;
+import scala.collection.immutable.Map;
+
+// do not use JavaConverters, as they changed in an ABI-incompatible way in Scala 2.13
+public class ScalaToJava {
+  public static java.util.List<String> keySetAsCollection(Map<String, ?> m) {
+    scala.collection.immutable.Set<String> keys = m.keySet();
+    java.util.List<String> keysAsCollection = new ArrayList<>(keys.size());
+    Iterator<String> keysIterator = keys.iterator();
+    while (keysIterator.hasNext()) {
+      keysAsCollection.add(keysIterator.next());
+    }
+    return keysAsCollection;
+  }
+
+  public static <T> java.util.List<T> listAsList(List<T> l) {
+    java.util.List<T> asJavaList = new ArrayList<>(l.size());
+    Iterator<T> iterator = l.iterator();
+    while (iterator.hasNext()) {
+      asJavaList.add(iterator.next());
+    }
+    return asJavaList;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintCookieFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintCookieFunction.java
new file mode 100644
index 00000000000..715d506329d
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintCookieFunction.java
@@ -0,0 +1,28 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import org.apache.pekko.http.scaladsl.model.headers.HttpCookiePair;
+import scala.Tuple1;
+import scala.compat.java8.JFunction1;
+
+public class TaintCookieFunction
+    implements JFunction1<Tuple1<HttpCookiePair>, Tuple1<HttpCookiePair>> {
+  public static final TaintCookieFunction INSTANCE = new TaintCookieFunction();
+
+  @Override
+  public Tuple1<HttpCookiePair> apply(Tuple1<HttpCookiePair> v1) {
+    HttpCookiePair httpCookiePair = v1._1();
+
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null || httpCookiePair == null) {
+      return v1;
+    }
+    final String name = httpCookiePair.name();
+    final String value = httpCookiePair.value();
+    mod.taint(name, SourceTypes.REQUEST_COOKIE_NAME, name);
+    mod.taint(value, SourceTypes.REQUEST_COOKIE_VALUE, name);
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintFutureHelper.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintFutureHelper.java
new file mode 100644
index 00000000000..af17de13629
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintFutureHelper.java
@@ -0,0 +1,18 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.propagation.PropagationModule;
+import scala.compat.java8.JFunction1;
+import scala.concurrent.ExecutionContext;
+import scala.concurrent.Future;
+
+public class TaintFutureHelper {
+  public static <T> Future<T> wrapFuture(
+      Future<T> f, Object input, PropagationModule mod, ExecutionContext ec) {
+    JFunction1<T, T> mapf =
+        t -> {
+          mod.taintIfTainted(t, input);
+          return t;
+        };
+    return f.map(mapf, ec);
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintMapFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintMapFunction.java
new file mode 100644
index 00000000000..f2abc22ff9c
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintMapFunction.java
@@ -0,0 +1,37 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import scala.Tuple1;
+import scala.Tuple2;
+import scala.collection.Iterator;
+import scala.collection.immutable.Map;
+import scala.compat.java8.JFunction1;
+
+public class TaintMapFunction
+    implements JFunction1<Tuple1<Map<String, String>>, Tuple1<Map<String, String>>> {
+  public static final TaintMapFunction INSTANCE = new TaintMapFunction();
+
+  @Override
+  public Tuple1<Map<String, String>> apply(Tuple1<Map<String, String>> v1) {
+    Map<String, String> m = v1._1;
+
+    PropagationModule prop = InstrumentationBridge.PROPAGATION;
+    if (prop == null || m == null || m.isEmpty()) {
+      return v1;
+    }
+
+    final IastContext ctx = IastContext.Provider.get();
+    Iterator<Tuple2<String, String>> iterator = m.iterator();
+    while (iterator.hasNext()) {
+      Tuple2<String, String> e = iterator.next();
+      final String name = e._1(), value = e._2();
+      prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+      prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+    }
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintMultiMapFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintMultiMapFunction.java
new file mode 100644
index 00000000000..574106812b0
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintMultiMapFunction.java
@@ -0,0 +1,41 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import scala.Tuple1;
+import scala.Tuple2;
+import scala.collection.Iterator;
+import scala.collection.immutable.List;
+import scala.collection.immutable.Map;
+import scala.compat.java8.JFunction1;
+
+public class TaintMultiMapFunction
+    implements JFunction1<Tuple1<Map<String, List<String>>>, Tuple1<Map<String, List<String>>>> {
+  public static final TaintMultiMapFunction INSTANCE = new TaintMultiMapFunction();
+
+  @Override
+  public Tuple1<Map<String, List<String>>> apply(Tuple1<Map<String, List<String>>> v1) {
+    Map<String, List<String>> m = v1._1;
+
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null || m == null || m.isEmpty()) {
+      return v1;
+    }
+
+    final IastContext ctx = IastContext.Provider.get();
+    Iterator<Tuple2<String, List<String>>> entriesIterator = m.iterator();
+    while (entriesIterator.hasNext()) {
+      Tuple2<String, List<String>> e = entriesIterator.next();
+      final String name = e._1();
+      mod.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+      List<String> values = e._2();
+      for (final String value : ScalaToJava.listAsList(values)) {
+        mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+      }
+    }
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintOptionalCookieFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintOptionalCookieFunction.java
new file mode 100644
index 00000000000..cd8e9093926
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintOptionalCookieFunction.java
@@ -0,0 +1,30 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import org.apache.pekko.http.scaladsl.model.headers.HttpCookiePair;
+import scala.Option;
+import scala.Tuple1;
+import scala.compat.java8.JFunction1;
+
+public class TaintOptionalCookieFunction
+    implements JFunction1<Tuple1<Option<HttpCookiePair>>, Tuple1<Option<HttpCookiePair>>> {
+  public static final TaintOptionalCookieFunction INSTANCE = new TaintOptionalCookieFunction();
+
+  @Override
+  public Tuple1<Option<HttpCookiePair>> apply(Tuple1<Option<HttpCookiePair>> v1) {
+    Option<HttpCookiePair> httpCookiePair = v1._1();
+
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null || httpCookiePair.isEmpty()) {
+      return v1;
+    }
+    final HttpCookiePair cookie = httpCookiePair.get();
+    final String name = cookie.name();
+    final String value = cookie.value();
+    mod.taint(name, SourceTypes.REQUEST_COOKIE_NAME, name);
+    mod.taint(value, SourceTypes.REQUEST_COOKIE_VALUE, name);
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintParametersFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintParametersFunction.java
new file mode 100644
index 00000000000..25f17d951a1
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintParametersFunction.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import scala.Function1;
+import scala.Option;
+import scala.Tuple1;
+import scala.collection.Iterable;
+import scala.collection.Iterator;
+
+public class TaintParametersFunction<T> implements Function1<Tuple1<T>, Tuple1<T>> {
+  private final String paramName;
+
+  public TaintParametersFunction(String paramName) {
+    this.paramName = paramName;
+  }
+
+  @Override
+  public Tuple1<T> apply(Tuple1<T> v1) {
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null) {
+      return v1;
+    }
+
+    Object value = v1._1();
+    if (value instanceof Option) {
+      Option<?> option = (Option<?>) value;
+      if (option.isEmpty()) {
+        return v1;
+      }
+      value = option.get();
+    }
+
+    if (value instanceof Iterable) {
+      final IastContext ctx = IastContext.Provider.get();
+      Iterator<?> iterator = ((Iterable<?>) value).iterator();
+      while (iterator.hasNext()) {
+        Object o = iterator.next();
+        if (o instanceof String) {
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+        }
+      }
+    } else if (value instanceof String) {
+      mod.taint((String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+    }
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintRequestContextFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintRequestContextFunction.java
new file mode 100644
index 00000000000..0d2c670deab
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintRequestContextFunction.java
@@ -0,0 +1,26 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import org.apache.pekko.http.scaladsl.server.RequestContext;
+import scala.Tuple1;
+import scala.compat.java8.JFunction1;
+
+public class TaintRequestContextFunction
+    implements JFunction1<Tuple1<RequestContext>, Tuple1<RequestContext>> {
+  public static final TaintRequestContextFunction INSTANCE = new TaintRequestContextFunction();
+
+  @Override
+  public Tuple1<RequestContext> apply(Tuple1<RequestContext> v1) {
+    RequestContext reqCtx = v1._1();
+
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null) {
+      return v1;
+    }
+    mod.taint(reqCtx, SourceTypes.REQUEST_BODY);
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintRequestFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintRequestFunction.java
new file mode 100644
index 00000000000..ecae0d312b8
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintRequestFunction.java
@@ -0,0 +1,27 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import org.apache.pekko.http.scaladsl.model.HttpRequest;
+import scala.Tuple1;
+import scala.compat.java8.JFunction1;
+
+public class TaintRequestFunction implements JFunction1<Tuple1<HttpRequest>, Tuple1<HttpRequest>> {
+  public static final TaintRequestFunction INSTANCE = new TaintRequestFunction();
+
+  @Override
+  @SuppressFBWarnings("BC_IMPOSSIBLE_INSTANCEOF")
+  public Tuple1<HttpRequest> apply(Tuple1<HttpRequest> v1) {
+    HttpRequest httpRequest = v1._1();
+
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null) {
+      return v1;
+    }
+    mod.taint(httpRequest, SourceTypes.REQUEST_BODY);
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSeqFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSeqFunction.java
new file mode 100644
index 00000000000..a407beba1d1
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSeqFunction.java
@@ -0,0 +1,45 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.util.Collections;
+import java.util.IdentityHashMap;
+import java.util.Set;
+import scala.Tuple1;
+import scala.Tuple2;
+import scala.collection.Iterator;
+import scala.collection.immutable.Seq;
+import scala.compat.java8.JFunction1;
+
+public class TaintSeqFunction
+    implements JFunction1<
+        Tuple1<Seq<Tuple2<String, String>>>, Tuple1<Seq<Tuple2<String, String>>>> {
+  public static final TaintSeqFunction INSTANCE = new TaintSeqFunction();
+
+  @Override
+  public Tuple1<Seq<Tuple2<String, String>>> apply(Tuple1<Seq<Tuple2<String, String>>> v1) {
+    Seq<Tuple2<String, String>> seq = v1._1;
+
+    PropagationModule prop = InstrumentationBridge.PROPAGATION;
+    if (prop == null || seq == null || seq.isEmpty()) {
+      return v1;
+    }
+
+    final IastContext ctx = IastContext.Provider.get();
+    Iterator<Tuple2<String, String>> iterator = seq.iterator();
+    Set<String> seenKeys = Collections.newSetFromMap(new IdentityHashMap<>());
+    while (iterator.hasNext()) {
+      Tuple2<String, String> t = iterator.next();
+      String name = t._1();
+      String value = t._2();
+      if (seenKeys.add(name)) {
+        prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+      }
+      prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+    }
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSingleParameterFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSingleParameterFunction.java
new file mode 100644
index 00000000000..42109050f98
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSingleParameterFunction.java
@@ -0,0 +1,58 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import scala.Option;
+import scala.Tuple1;
+import scala.collection.Iterable;
+import scala.collection.Iterator;
+import scala.compat.java8.JFunction1;
+
+public class TaintSingleParameterFunction<Magnet>
+    implements JFunction1<Tuple1<Object>, Tuple1<Object>> {
+  private final String paramName;
+
+  public TaintSingleParameterFunction(Magnet pmag) throws Exception {
+    Field value$1 = pmag.getClass().getDeclaredField("value$1");
+    value$1.setAccessible(true);
+    Object nameReceptacle = value$1.get(pmag);
+    Method nameMeth = nameReceptacle.getClass().getMethod("name");
+    paramName = (String) nameMeth.invoke(nameReceptacle);
+  }
+
+  @Override
+  public Tuple1<Object> apply(Tuple1<Object> v1) {
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null || v1 == null) {
+      return v1;
+    }
+
+    Object value = v1._1();
+    if (value instanceof Option) {
+      Option<?> option = (Option<?>) value;
+      if (option.isEmpty()) {
+        return v1;
+      }
+      value = option.get();
+    }
+
+    if (value instanceof Iterable) {
+      final IastContext ctx = IastContext.Provider.get();
+      Iterator<?> iterator = ((Iterable<?>) value).iterator();
+      while (iterator.hasNext()) {
+        Object o = iterator.next();
+        if (o instanceof String) {
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+        }
+      }
+    } else if (value instanceof String) {
+      mod.taint((String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+    }
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintUnmarshaller.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintUnmarshaller.java
new file mode 100644
index 00000000000..6994b788fda
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintUnmarshaller.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import datadog.trace.instrumentation.pekkohttp.iast.UnmarshallerInstrumentation;
+import org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller;
+import org.apache.pekko.stream.Materializer;
+import scala.Function1;
+import scala.PartialFunction;
+import scala.concurrent.ExecutionContext;
+import scala.concurrent.Future;
+
+/**
+ * Marshaller that unconditionally taints its input before passing it to the delegate.
+ *
+ * @param <A> source type
+ * @param <B> target type
+ * @see UnmarshallerInstrumentation
+ */
+public class TaintUnmarshaller<A, B> implements Unmarshaller<A, B> {
+  private final PropagationModule propagationModule;
+  private final Unmarshaller<A, B> delegate;
+
+  public TaintUnmarshaller(PropagationModule propagationModule, Unmarshaller<A, B> delegate) {
+    this.propagationModule = propagationModule;
+    this.delegate = delegate;
+  }
+
+  @Override
+  public Future<B> apply(A value, ExecutionContext ec, Materializer materializer) {
+    propagationModule.taint(value, SourceTypes.REQUEST_BODY);
+    return delegate.apply(value, ec, materializer);
+  }
+
+  @Override
+  public <C> Unmarshaller<A, C> transform(
+      Function1<ExecutionContext, Function1<Materializer, Function1<Future<B>, Future<C>>>> f) {
+    return delegate.transform(f);
+  }
+
+  @Override
+  public <C> Unmarshaller<A, C> map(Function1<B, C> f) {
+    return delegate.map(f);
+  }
+
+  @Override
+  public <C> Unmarshaller<A, C> flatMap(
+      Function1<ExecutionContext, Function1<Materializer, Function1<B, Future<C>>>> f) {
+    return delegate.flatMap(f);
+  }
+
+  @Override
+  public <C> Unmarshaller<A, C> recover(
+      Function1<ExecutionContext, Function1<Materializer, PartialFunction<Throwable, C>>> pf) {
+    return delegate.recover(pf);
+  }
+
+  @Override
+  public <BB> Unmarshaller<A, BB> withDefaultValue(BB defaultValue) {
+    return delegate.withDefaultValue(defaultValue);
+  }
+
+  @Override
+  public Unmarshaller<A, B> asScala() {
+    return this;
+  }
+}
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintUriFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintUriFunction.java
new file mode 100644
index 00000000000..471a65562b1
--- /dev/null
+++ b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintUriFunction.java
@@ -0,0 +1,25 @@
+package datadog.trace.instrumentation.pekkohttp.iast.helpers;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import org.apache.pekko.http.scaladsl.model.Uri;
+import scala.Tuple1;
+import scala.compat.java8.JFunction1;
+
+public class TaintUriFunction implements JFunction1<Tuple1<Uri>, Tuple1<Uri>> {
+  public static final TaintUriFunction INSTANCE = new TaintUriFunction();
+
+  @Override
+  public Tuple1<Uri> apply(Tuple1<Uri> v1) {
+    Uri uri = v1._1();
+
+    PropagationModule mod = InstrumentationBridge.PROPAGATION;
+    if (mod == null) {
+      return v1;
+    }
+    mod.taint(uri, SourceTypes.REQUEST_QUERY);
+
+    return v1;
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/groovy/client/PlayWSClientTest.groovy b/dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/client/PlayWSClientTest.groovy
similarity index 97%
rename from dd-java-agent/instrumentation/play-2.3/src/test/groovy/client/PlayWSClientTest.groovy
rename to dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/client/PlayWSClientTest.groovy
index 8ea02c5f65d..29233c42076 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/groovy/client/PlayWSClientTest.groovy
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/client/PlayWSClientTest.groovy
@@ -1,4 +1,4 @@
-package client
+package datadog.trace.instrumentation.play23.test.client
 
 import datadog.trace.agent.test.base.HttpClientTest
 import datadog.trace.agent.test.naming.TestingNettyHttpNamingConventions
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/groovy/server/PlayAsyncServerTest.groovy b/dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/server/PlayAsyncServerTest.groovy
similarity index 75%
rename from dd-java-agent/instrumentation/play-2.3/src/test/groovy/server/PlayAsyncServerTest.groovy
rename to dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/server/PlayAsyncServerTest.groovy
index db6aa05de96..82341821333 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/groovy/server/PlayAsyncServerTest.groovy
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/server/PlayAsyncServerTest.groovy
@@ -1,4 +1,4 @@
-package server
+package datadog.trace.instrumentation.play23.test.server
 
 import datadog.trace.agent.test.base.HttpServer
 
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/groovy/server/PlayServerTest.groovy b/dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/server/PlayServerTest.groovy
similarity index 95%
rename from dd-java-agent/instrumentation/play-2.3/src/test/groovy/server/PlayServerTest.groovy
rename to dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/server/PlayServerTest.groovy
index 72e68ae9084..68290bab3f9 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/groovy/server/PlayServerTest.groovy
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/groovy/datadog/trace/instrumentation/play23/test/server/PlayServerTest.groovy
@@ -1,4 +1,4 @@
-package server
+package datadog.trace.instrumentation.play23.test.server
 
 import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.base.HttpServer
@@ -37,6 +37,11 @@ class PlayServerTest extends HttpServerTest<TestServer> {
     true
   }
 
+  @Override
+  boolean testUserBlocking() {
+    true
+  }
+
   @Override
   void handlerSpan(TraceAssert trace, ServerEndpoint endpoint = SUCCESS) {
     def expectedQueryTag = expectedQueryTag(endpoint)
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/AsyncServer.scala b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/AsyncServer.scala
similarity index 89%
rename from dd-java-agent/instrumentation/play-2.3/src/test/scala/server/AsyncServer.scala
rename to dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/AsyncServer.scala
index ec596202a53..4f4a0f29cee 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/AsyncServer.scala
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/AsyncServer.scala
@@ -1,5 +1,6 @@
-package server
+package datadog.trace.instrumentation.play23.test.server
 
+import datadog.appsec.api.blocking.Blocking
 import datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint._
 import datadog.trace.agent.test.base.{HttpServer, HttpServerTest}
 import play.api.mvc.{Action, Handler, Results}
@@ -95,11 +96,19 @@ class AsyncServer extends HttpServer {
       Action.async { result =>
         HttpServerTest.controller(
           EXCEPTION,
-          new AsyncBlockClosureAdapter(() => {
+          new AsyncBlockClosureAdapter({
             throw new Exception(EXCEPTION.getBody)
           })
         )
       }
+
+    case ("GET", "/user-block") =>
+      Action.async {
+        HttpServerTest.controller(USER_BLOCK, AsyncBlockClosureAdapter {
+          Blocking.forUser("user-to-block").blockIfMatch()
+          Future.successful(Results.Ok("should never be reached"))
+        })
+      }
   }
 
   private val server: TestServer = TestServer(
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/ControllerClosureAdapter.scala b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/ControllerClosureAdapter.scala
similarity index 70%
rename from dd-java-agent/instrumentation/play-2.3/src/test/scala/server/ControllerClosureAdapter.scala
rename to dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/ControllerClosureAdapter.scala
index 2697fb5ad9d..476694d5b9d 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/ControllerClosureAdapter.scala
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/ControllerClosureAdapter.scala
@@ -1,4 +1,4 @@
-package server
+package datadog.trace.instrumentation.play23.test.server
 
 import datadog.trace.agent.test.base.HttpServerTest
 import groovy.lang.Closure
@@ -12,12 +12,15 @@ class ControllerClosureAdapter(response: Result) extends Closure[Result]((): Uni
     )
 }
 
-class BlockClosureAdapter(block: () => Result) extends Closure[Result]((): Unit) {
+class BlockClosureAdapter(block: => Result) extends Closure[Result]((): Unit) {
   override def call(): Result =
-    block().withHeaders(
+    block.withHeaders(
       (HttpServerTest.getIG_RESPONSE_HEADER, HttpServerTest.getIG_RESPONSE_HEADER_VALUE)
     )
 }
+object BlockClosureAdapter {
+  def apply(block: => Result): BlockClosureAdapter = new BlockClosureAdapter(block)
+}
 
 class AsyncControllerClosureAdapter(response: Future[Result])
     extends Closure[Future[Result]]((): Unit) {
@@ -30,13 +33,17 @@ class AsyncControllerClosureAdapter(response: Future[Result])
     )
 }
 
-class AsyncBlockClosureAdapter(block: () => Future[Result])
+class AsyncBlockClosureAdapter(block: => Future[Result])
     extends Closure[Future[Result]]((): Unit) {
   import scala.concurrent.ExecutionContext.Implicits.global
   override def call(): Future[Result] =
-    block().map(
+    block.map(
       _.withHeaders(
         (HttpServerTest.getIG_RESPONSE_HEADER, HttpServerTest.getIG_RESPONSE_HEADER_VALUE)
       )
     )
 }
+
+object AsyncBlockClosureAdapter {
+  def apply(block: => Future[Result]): AsyncBlockClosureAdapter = new AsyncBlockClosureAdapter(block)
+}
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/Settings.scala b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/Settings.scala
similarity index 85%
rename from dd-java-agent/instrumentation/play-2.3/src/test/scala/server/Settings.scala
rename to dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/Settings.scala
index 877f48541d0..798e32efc90 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/Settings.scala
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/Settings.scala
@@ -1,4 +1,4 @@
-package server
+package datadog.trace.instrumentation.play23.test.server
 
 import play.api.GlobalSettings
 import play.api.mvc.{RequestHeader, Result, Results}
diff --git a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/SyncServer.scala b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/SyncServer.scala
similarity index 87%
rename from dd-java-agent/instrumentation/play-2.3/src/test/scala/server/SyncServer.scala
rename to dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/SyncServer.scala
index b68a3981ba3..5808f952734 100644
--- a/dd-java-agent/instrumentation/play-2.3/src/test/scala/server/SyncServer.scala
+++ b/dd-java-agent/instrumentation/play-2.3/src/test/scala/datadog/trace/instrumentation/play23/test/server/SyncServer.scala
@@ -1,5 +1,6 @@
-package server
+package datadog.trace.instrumentation.play23.test.server
 
+import datadog.appsec.api.blocking.Blocking
 import datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint._
 import datadog.trace.agent.test.base.{HttpServer, HttpServerTest}
 import play.api.mvc.{Action, Handler, Results}
@@ -78,10 +79,18 @@ class SyncServer extends HttpServer {
         )
       }
     case ("GET", "/exception") =>
-      Action { request =>
-        HttpServerTest.controller(EXCEPTION, new BlockClosureAdapter(() => {
+      Action {
+        HttpServerTest.controller(EXCEPTION, BlockClosureAdapter {
           throw new Exception(EXCEPTION.getBody)
-        }))
+        })
+      }
+
+    case ("GET", "/user-block") =>
+      Action {
+        HttpServerTest.controller(USER_BLOCK, BlockClosureAdapter {
+          Blocking.forUser("user-to-block").blockIfMatch()
+          Results.Ok("should never be reached")
+        })
       }
   }
 
diff --git a/dd-java-agent/instrumentation/play-2.4/build.gradle b/dd-java-agent/instrumentation/play-2.4/build.gradle
index d188127c139..52dac9aab00 100644
--- a/dd-java-agent/instrumentation/play-2.4/build.gradle
+++ b/dd-java-agent/instrumentation/play-2.4/build.gradle
@@ -5,17 +5,27 @@ ext {
 
 muzzle {
   pass {
+    name = "play24and25"
     group = 'com.typesafe.play'
     module = 'play_2.11'
     versions = '[2.4.0,2.6)'
     assertInverse = true
   }
+  pass {
+    name = "play25only"
+    group = 'com.typesafe.play'
+    module = 'play_2.11'
+    versions = '[2.5.0,2.6)'
+    assertInverse = true
+  }
   fail {
+    name = "play24and25"
     group = 'com.typesafe.play'
     module = 'play_2.12'
     versions = '[,]'
   }
   fail {
+    name = "play24and25"
     group = 'com.typesafe.play'
     module = 'play_2.13'
     versions = '[,]'
@@ -23,6 +33,7 @@ muzzle {
 }
 
 apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'scala'
 
 repositories {
   maven {
@@ -33,19 +44,45 @@ repositories {
   }
 }
 
+tasks.withType(org.gradle.api.tasks.scala.ScalaCompile) {
+  it.javaLauncher = getJavaLauncherFor(8)
+}
+
 addTestSuiteForDir('latestDepTest', 'test')
 
+sourceSets {
+  main_play25 {
+    java.srcDirs "${project.projectDir}/src/main/java_play25"
+  }
+}
+jar {
+  from sourceSets.main_play25.output
+}
+project.afterEvaluate { p ->
+  instrumentJava.dependsOn compileMain_play25Java
+  forbiddenApisMain_play25.dependsOn instrumentMain_play25Java
+}
+instrument {
+  additionalClasspath = [
+    instrumentJava: compileMain_play25Java.destinationDirectory
+  ]
+}
+
 dependencies {
   compileOnly group: 'com.typesafe.play', name: 'play_2.11', version: '2.4.0'
+  main_play25CompileOnly group: 'com.typesafe.play', name: 'play_2.11', version: '2.5.0'
+  main_play25CompileOnly project(':internal-api')
+  main_play25CompileOnly project(':dd-java-agent:agent-tooling')
+  main_play25CompileOnly project(':dd-java-agent:agent-bootstrap')
 
-  testImplementation project(':dd-java-agent:instrumentation:netty-4.0')
-  testImplementation project(':dd-java-agent:instrumentation:netty-4.1')
-  testImplementation project(':dd-java-agent:instrumentation:akka-http-10.0')
-  testImplementation project(':dd-java-agent:instrumentation:akka-concurrent')
-  testImplementation project(':dd-java-agent:instrumentation:akka-init')
-  testImplementation project(':dd-java-agent:instrumentation:scala-concurrent')
-  testImplementation project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.10')
-  testImplementation project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.13')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:netty-4.0')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:netty-4.1')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:akka-http-10.0')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:akka-concurrent')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:akka-init')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:scala-concurrent')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.10')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.13')
 
   // Before 2.5, play used netty 3.x which isn't supported, so for better test consistency, we test with just 2.5
   testImplementation group: 'com.typesafe.play', name: 'play-java_2.11', version: '2.5.0'
@@ -53,6 +90,7 @@ dependencies {
   testImplementation(group: 'com.typesafe.play', name: 'play-test_2.11', version: '2.5.0') {
     exclude group: 'org.eclipse.jetty.websocket', module: 'websocket-client'
   }
+  testRuntimeOnly sourceSets.main_play25.output
 
   latestDepTestImplementation group: 'com.typesafe.play', name: 'play-java_2.11', version: '2.5.+'
   latestDepTestImplementation group: 'com.typesafe.play', name: 'play-java-ws_2.11', version: '2.5.+'
@@ -60,3 +98,98 @@ dependencies {
     exclude group: 'org.eclipse.jetty.websocket', module: 'websocket-client'
   }
 }
+compileTestGroovy {
+  classpath = classpath + files(compileTestScala.destinationDirectory)
+  dependsOn 'compileTestScala'
+}
+compileLatestDepTestGroovy {
+  classpath = classpath + files(compileLatestDepTestScala.destinationDirectory)
+  dependsOn 'compileLatestDepTestScala'
+}
+
+sourceSets {
+  routeGenerator {
+    scala {
+      srcDir "${project.projectDir}/src/routeGenerator/scala"
+    }
+  }
+  testGenerated {
+    scala {
+      srcDir layout.buildDirectory.dir('generated/sources/testRoutes/scala')
+    }
+  }
+  latestDepTestGenerated {
+    scala {
+      srcDir layout.buildDirectory.dir('generated/sources/latestDepTestRoutes/scala')
+    }
+  }
+}
+dependencies {
+  routeGeneratorImplementation deps.scala211
+  routeGeneratorImplementation group: 'com.typesafe.play', name: "routes-compiler_2.11", version: '2.5.0'
+}
+configurations {
+  testGeneratedCompileClasspath.extendsFrom testCompileClasspath
+  latestDepTestGeneratedCompileClasspath.extendsFrom latestDepTestCompileClasspath
+}
+
+['buildTestRoutes', 'buildLatestDepTestRoutes'].each { taskName ->
+  tasks.register(taskName, JavaExec) {
+    String routesFile = "${project.projectDir}/src/test/routes/conf/routes"
+    def subdir = taskName == 'buildTestRoutes' ? 'testRoutes' : 'latestDepTestRoutes'
+    def outputDir =
+      layout.buildDirectory.dir("generated/sources/$subdir/scala")
+
+    it.inputs.file routesFile
+    it.outputs.dir outputDir
+
+    it.mainClass.set 'generator.CompileRoutes'
+    it.args routesFile, outputDir.get().asFile.absolutePath
+
+    it.classpath configurations.routeGeneratorRuntimeClasspath
+    it.classpath compileRouteGeneratorScala.destinationDirectory
+
+    if (taskName == 'buildTestRoutes') {
+      it.classpath compileTestScala.destinationDirectory
+      dependsOn compileTestScala
+    } else {
+      it.classpath compileLatestDepTestScala.destinationDirectory
+      dependsOn compileLatestDepTestScala
+    }
+
+    dependsOn compileRouteGeneratorScala
+  }
+}
+compileTestGeneratedScala {
+  classpath = classpath + files(compileTestScala.destinationDirectory)
+  dependsOn buildTestRoutes, compileLatestDepTestScala
+}
+compileLatestDepTestGeneratedScala {
+  classpath = classpath + files(compileLatestDepTestScala.destinationDirectory)
+  dependsOn buildLatestDepTestRoutes, compileLatestDepTestScala
+}
+compileTestGroovy {
+  classpath = classpath +
+    files(compileTestGeneratedScala.destinationDirectory)
+  dependsOn 'compileTestGeneratedScala'
+}
+compileLatestDepTestGroovy {
+  classpath = classpath +
+    files(compileLatestDepTestGeneratedScala.destinationDirectory)
+  dependsOn 'compileLatestDepTestGeneratedScala'
+}
+// do it this way rather than through dependencies {} because
+// latestDepTestImplementation extends testImplementation
+test {
+  classpath = classpath + files(compileTestGeneratedScala.destinationDirectory)
+}
+latestDepTest {
+  classpath = classpath + files(compileLatestDepTestGeneratedScala.destinationDirectory)
+}
+
+forbiddenApisTestGenerated {
+  enabled = false
+}
+forbiddenApisLatestDepTestGenerated {
+  enabled = false
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play24/PlayInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play24/PlayInstrumentation.java
index 80e571afaf9..b18260de59d 100644
--- a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play24/PlayInstrumentation.java
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play24/PlayInstrumentation.java
@@ -18,6 +18,11 @@ public PlayInstrumentation() {
     super("play");
   }
 
+  @Override
+  public String muzzleDirective() {
+    return "play24and25";
+  }
+
   @Override
   public String hierarchyMarkerType() {
     return "play.api.mvc.Action";
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/DelegatingBodyParserInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/DelegatingBodyParserInstrumentation.java
new file mode 100644
index 00000000000..e0cb3dcb60a
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/DelegatingBodyParserInstrumentation.java
@@ -0,0 +1,50 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+@AutoService(Instrumenter.class)
+public class DelegatingBodyParserInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public DelegatingBodyParserInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$DelegatingBodyParser";
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".JavaMultipartFormDataRegisterExcF",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("apply")
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(returns(named("play.libs.streams.Accumulator"))),
+        packageName + ".BodyParserDelegatingBodyParserApplyAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/FormUrlEncodedInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/FormUrlEncodedInstrumentation.java
new file mode 100644
index 00000000000..12e7925406f
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/FormUrlEncodedInstrumentation.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class FormUrlEncodedInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public FormUrlEncodedInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$FormUrlEncoded";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(Map.class)),
+        packageName + ".BodyParserFormUrlEncodedParseAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/HttpErrorHandlerInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/HttpErrorHandlerInstrumentation.java
new file mode 100644
index 00000000000..3e1d71708b5
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/HttpErrorHandlerInstrumentation.java
@@ -0,0 +1,87 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import play.api.http.HttpErrorHandler;
+import play.api.mvc.RequestHeader;
+
+/** @see HttpErrorHandler#onServerError(RequestHeader, Throwable) */
+@AutoService(Instrumenter.class)
+public class HttpErrorHandlerInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForTypeHierarchy {
+  public HttpErrorHandlerInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(named("onServerError"))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.api.mvc.RequestHeader")))
+            .and(takesArgument(1, Throwable.class))
+            .and(returns(named("scala.concurrent.Future"))),
+        HttpErrorHandlerInstrumentation.class.getName() + "$OnServerErrorAdvice");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "play.api.http.HttpErrorHandler";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named("play.api.http.HttpErrorHandler"));
+  }
+
+  static class OnServerErrorAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static void before(@Advice.Argument(1) Throwable t) {
+      int i = CallDepthThreadLocalMap.incrementCallDepth(HttpErrorHandler.class);
+      if (i > 0) {
+        return;
+      }
+
+      if (!(t instanceof BlockingException)) {
+        return;
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return;
+      }
+      agentSpan.addThrowable(t);
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after() {
+      CallDepthThreadLocalMap.decrementCallDepth(HttpErrorHandler.class);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/MuzzleReferences.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/MuzzleReferences.java
new file mode 100644
index 00000000000..b56b9ea27d5
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/MuzzleReferences.java
@@ -0,0 +1,14 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+public class MuzzleReferences {
+
+  public static final Reference[] PLAY_25_PLUS = new Reference[] {};
+
+  public static final Reference[] PLAY_25_ONLY =
+      new Reference[] {
+        new Reference.Builder("play.libs.concurrent.Futures").build(),
+        new Reference.Builder("play.Routes").build()
+      };
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/PathPatternInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/PathPatternInstrumentation.java
new file mode 100644
index 00000000000..c9409d1d916
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/PathPatternInstrumentation.java
@@ -0,0 +1,54 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+/** @see play.core.routing.PathPattern#apply(String) */
+@AutoService(Instrumenter.class)
+public class PathPatternInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public PathPatternInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".PathExtractionHelpers",
+    };
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.core.routing.PathPattern";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("apply")
+            .and(not(isStatic()))
+            .and(takesArguments(1))
+            .and(takesArgument(0, String.class))
+            .and(returns(named("scala.Option"))),
+        packageName + ".PathPatternApplyAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersInstrumentation.java
new file mode 100644
index 00000000000..10d6d49e143
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersInstrumentation.java
@@ -0,0 +1,79 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+/** @see play.api.mvc.BodyParsers.parse$#tolerantText(long) */
+@AutoService(Instrumenter.class)
+public class PlayBodyParsersInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+
+  public PlayBodyParsersInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "play.api.mvc.BodyParsers$parse$",
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("tolerantText")
+            .and(not(isStatic()))
+            .and(takesArguments(1))
+            .and(takesArgument(0, long.class))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        packageName + ".PlayBodyParsersTolerantTextAdvice");
+    transformation.applyAdvice(
+        named("tolerantJson")
+            .and(not(isStatic()))
+            .and(takesArguments(1))
+            .and(takesArgument(0, int.class))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        packageName + ".PlayBodyParsersTolerantJsonAdvice");
+    transformation.applyAdvice(
+        named("tolerantFormUrlEncoded")
+            .and(not(isStatic()))
+            .and(takesArguments(1))
+            .and(takesArgument(0, int.class))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        packageName + ".PlayBodyParsersTolerantFormUrlEncodedAdvice");
+    transformation.applyAdvice(
+        named("multipartFormData")
+            .and(not(isStatic()))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("scala.Function1")))
+            .and(takesArgument(1, long.class))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        packageName + ".PlayBodyParsersMultipartFormDataAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/RoutingDslInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/RoutingDslInstrumentation.java
new file mode 100644
index 00000000000..1bb10bbea78
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/RoutingDslInstrumentation.java
@@ -0,0 +1,54 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+/** @see play.routing.RoutingDsl.Route */
+@AutoService(Instrumenter.class)
+public class RoutingDslInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public RoutingDslInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.routing.RoutingDsl$Route";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".ArgumentCaptureWrappers",
+      packageName + ".ArgumentCaptureWrappers$ArgumentCaptureFunction",
+      packageName + ".ArgumentCaptureWrappers$ArgumentCaptureBiFunction",
+      packageName + ".ArgumentCaptureWrappers$ArgumentCaptureFunction3",
+      packageName + ".PathExtractionHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(5))
+            .and(takesArgument(3, Object.class))
+            .and(takesArgument(4, java.lang.reflect.Method.class)),
+        packageName + ".RoutingDslRouteConstructorAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/SirdPathExtractorInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/SirdPathExtractorInstrumentation.java
new file mode 100644
index 00000000000..ff73f218ff2
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/SirdPathExtractorInstrumentation.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+/** @see play.api.routing.sird.PathExtractor */
+@AutoService(Instrumenter.class)
+public class SirdPathExtractorInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public SirdPathExtractorInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.api.routing.sird.PathExtractor";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        namedOneOf("extract", "play$api$routing$sird$PathExtractor$$extract")
+            .and(takesArguments(1))
+            .and(takesArgument(0, String.class))
+            .and(returns(named("scala.Option"))),
+        packageName + ".SirdPathExtractorExtractAdvice");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".PathExtractionHelpers",
+    };
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/TolerantJsonInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/TolerantJsonInstrumentation.java
new file mode 100644
index 00000000000..242acfe4107
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/TolerantJsonInstrumentation.java
@@ -0,0 +1,54 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.util.ByteString;
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.TolerantJson#parse(Http.RequestHeader, ByteString) */
+@AutoService(Instrumenter.class)
+public class TolerantJsonInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public TolerantJsonInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$TolerantJson";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(named("com.fasterxml.jackson.databind.JsonNode"))),
+        packageName + ".BodyParserTolerantJsonParseAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/TolerantTextInstrumentation.java b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/TolerantTextInstrumentation.java
new file mode 100644
index 00000000000..01b21d5b49d
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java/datadog/trace/instrumentation/play25/appsec/TolerantTextInstrumentation.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+@AutoService(Instrumenter.class)
+public class TolerantTextInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public TolerantTextInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play25only";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_25_ONLY;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$TolerantText";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(String.class)),
+        packageName + ".BodyParserTolerantTextParseAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/ArgumentCaptureWrappers.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/ArgumentCaptureWrappers.java
new file mode 100644
index 00000000000..2eb39277e5d
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/ArgumentCaptureWrappers.java
@@ -0,0 +1,130 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import play.libs.F;
+
+public class ArgumentCaptureWrappers {
+  public static class ArgumentCaptureFunction<R> implements Function<Object, R> {
+    private final Function<Object, R> delegate;
+
+    public ArgumentCaptureFunction(Function<Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Object o) {
+      if (o == null) {
+        return delegate.apply(null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(o);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(o);
+      }
+
+      Map<String, Object> conv = Collections.singletonMap("0", o);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routeTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(o);
+    }
+  }
+
+  public static class ArgumentCaptureBiFunction<R> implements BiFunction<Object, Object, R> {
+    private final BiFunction<Object, Object, R> delegate;
+
+    public ArgumentCaptureBiFunction(BiFunction<Object, Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Object o1, Object o2) {
+      if (o1 == null && o2 == null) {
+        return delegate.apply(null, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(o1, o2);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(o1, o2);
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      conv.put("0", o1);
+      conv.put("1", o2);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routeTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(o1, o2);
+    }
+  }
+
+  public static class ArgumentCaptureFunction3<R>
+      implements F.Function3<Object, Object, Object, R> {
+    private final F.Function3<Object, Object, Object, R> delegate;
+
+    public ArgumentCaptureFunction3(F.Function3<Object, Object, Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Object o1, Object o2, Object o3) throws Throwable {
+      if (o1 == null && o2 == null && o3 == null) {
+        return delegate.apply(null, null, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(o1, o2, o3);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(o1, o2, o3);
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      conv.put("0", o1);
+      conv.put("1", o2);
+      conv.put("2", o3);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routeTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(o1, o2, o3);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserDelegatingBodyParserApplyAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserDelegatingBodyParserApplyAdvice.java
new file mode 100644
index 00000000000..c74ca29dace
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserDelegatingBodyParserApplyAdvice.java
@@ -0,0 +1,25 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import net.bytebuddy.asm.Advice;
+import play.core.j.JavaParsers$;
+import play.libs.streams.Accumulator;
+import play.mvc.BodyParser;
+import play.mvc.Http;
+
+/** @see BodyParser.DelegatingBodyParser#apply(Http.RequestHeader) */
+public class BodyParserDelegatingBodyParserApplyAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  static void after(
+      @Advice.This BodyParser thiz,
+      @Advice.Return(readOnly = false) play.libs.streams.Accumulator ret) {
+    if (!thiz.getClass().getName().equals("play.mvc.BodyParser$MultipartFormData")) {
+      return;
+    }
+    Accumulator<
+            akka.util.ByteString, play.libs.F.Either<play.mvc.Result, Http.MultipartFormData<?>>>
+        acc = ret;
+
+    ret =
+        acc.recover(JavaMultipartFormDataRegisterExcF.INSTANCE, JavaParsers$.MODULE$.trampoline());
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserFormUrlEncodedParseAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserFormUrlEncodedParseAdvice.java
new file mode 100644
index 00000000000..a73eed6a3dc
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserFormUrlEncodedParseAdvice.java
@@ -0,0 +1,24 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import akka.util.ByteString;
+import datadog.appsec.api.blocking.BlockingException;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.FormUrlEncoded#parse(Http.RequestHeader, ByteString) */
+public class BodyParserFormUrlEncodedParseAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+  static void after(
+      @Advice.Return Map<String, String[]> ret, @Advice.Thrown(readOnly = false) Throwable t) {
+    if (t != null) {
+      return;
+    }
+    try {
+      // error is reported as client error, which doesn't preserve the exception
+      BodyParserHelpers.handleArbitraryPostDataWithSpanError(ret, "FormUrlEncoded#parse");
+    } catch (BlockingException be) {
+      t = be;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserHelpers.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserHelpers.java
new file mode 100644
index 00000000000..c745a460954
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserHelpers.java
@@ -0,0 +1,303 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.DoubleNode;
+import com.fasterxml.jackson.databind.node.FloatNode;
+import com.fasterxml.jackson.databind.node.NullNode;
+import com.fasterxml.jackson.databind.node.NumericNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.fasterxml.jackson.databind.node.TextNode;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.BiFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import play.api.libs.json.JsArray;
+import play.api.libs.json.JsBoolean;
+import play.api.libs.json.JsNumber;
+import play.api.libs.json.JsObject;
+import play.api.libs.json.JsString;
+import play.api.libs.json.JsValue;
+import play.api.mvc.MultipartFormData;
+import scala.Function1;
+import scala.Tuple2;
+import scala.collection.Iterable;
+import scala.collection.Iterator;
+import scala.collection.Seq;
+import scala.compat.java8.JFunction1;
+
+public class BodyParserHelpers {
+
+  public static final int MAX_CONVERSION_DEPTH = 10;
+  private static final Logger log = LoggerFactory.getLogger(BodyParserHelpers.class);
+  public static final int MAX_RECURSION = 15;
+
+  private static JFunction1<
+          scala.collection.immutable.Map<String, Seq<String>>,
+          scala.collection.immutable.Map<String, Seq<String>>>
+      HANDLE_URL_ENCODED = BodyParserHelpers::handleUrlEncoded;
+  private static JFunction1<String, String> HANDLE_TEXT = BodyParserHelpers::handleText;
+  private static JFunction1<MultipartFormData<?>, MultipartFormData<?>> HANDLE_MULTIPART_FORM_DATA =
+      BodyParserHelpers::handleMultipartFormData;
+  private static JFunction1<JsValue, JsValue> HANDLE_JSON = BodyParserHelpers::handleJson;
+
+  private BodyParserHelpers() {}
+
+  public static Function1<
+          scala.collection.immutable.Map<String, Seq<String>>,
+          scala.collection.immutable.Map<String, Seq<String>>>
+      getHandleUrlEncodedMapF() {
+    return HANDLE_URL_ENCODED;
+  }
+
+  private static scala.collection.immutable.Map<String, Seq<String>> handleUrlEncoded(
+      scala.collection.immutable.Map<String, Seq<String>> data) {
+    if (data == null || data.isEmpty()) {
+      return data;
+    }
+
+    try {
+      Object conv = tryConvertingScalaContainers(data, MAX_CONVERSION_DEPTH);
+      handleArbitraryPostData(conv, "tolerantFormUrlEncoded");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of tolerantFormUrlEncoded BodyParser");
+    }
+    return data;
+  }
+
+  public static Function1<String, String> getHandleStringMapF() {
+    return HANDLE_TEXT;
+  }
+
+  private static String handleText(String s) {
+    if (s == null || s.isEmpty()) {
+      return s;
+    }
+
+    try {
+      handleArbitraryPostData(s, "tolerantText");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of tolerantText BodyParser");
+    }
+
+    return s;
+  }
+
+  public static Function1<MultipartFormData<?>, MultipartFormData<?>>
+      getHandleMultipartFormDataF() {
+    return HANDLE_MULTIPART_FORM_DATA;
+  }
+
+  private static MultipartFormData<?> handleMultipartFormData(MultipartFormData<?> data) {
+    scala.collection.immutable.Map<String, Seq<String>> mpfd = data.asFormUrlEncoded();
+
+    if (mpfd == null || mpfd.isEmpty()) {
+      return data;
+    }
+
+    try {
+      Object conv = tryConvertingScalaContainers(mpfd, MAX_CONVERSION_DEPTH);
+      handleArbitraryPostData(conv, "multipartFormData");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of multipartFormData BodyParser");
+    }
+    return data;
+  }
+
+  public static Function1<JsValue, JsValue> getHandleJsonF() {
+    return HANDLE_JSON;
+  }
+
+  private static JsValue handleJson(JsValue data) {
+    if (data == null) {
+      return null;
+    }
+
+    try {
+      Object conv = jsValueToJavaObject(data, MAX_RECURSION);
+      handleArbitraryPostData(conv, "json");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of json BodyParser");
+    }
+    return data;
+  }
+
+  private static void executeCallback(
+      RequestContext reqCtx,
+      BiFunction<RequestContext, Object, Flow<Void>> callback,
+      Object conv,
+      String details) {
+    Flow<Void> flow = callback.apply(reqCtx, conv);
+    Flow.Action action = flow.getAction();
+    if (action instanceof Flow.Action.RequestBlockingAction) {
+      Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+      BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+      if (blockResponseFunction != null) {
+        boolean success =
+            blockResponseFunction.tryCommitBlockingResponse(
+                reqCtx.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
+        if (success) {
+          throw new BlockingException("Blocked request (for " + details + ")");
+        }
+      }
+    }
+  }
+
+  private static Object tryConvertingScalaContainers(Object obj, int depth) {
+    if (depth == 0) {
+      return obj;
+    }
+    if (obj instanceof scala.collection.Map) {
+      scala.collection.Map map = (scala.collection.Map) obj;
+      Map<Object, Object> ret = new HashMap<>();
+      Iterator<Tuple2> iterator = map.iterator();
+      while (iterator.hasNext()) {
+        Tuple2 next = iterator.next();
+        ret.put(next._1(), tryConvertingScalaContainers(next._2(), depth - 1));
+      }
+      return ret;
+    } else if (obj instanceof Iterable) {
+      List<Object> ret = new ArrayList<>();
+      Iterator iterator = ((Iterable) obj).iterator();
+      while (iterator.hasNext()) {
+        Object next = iterator.next();
+        ret.add(tryConvertingScalaContainers(next, depth - 1));
+      }
+      return ret;
+    }
+    return obj;
+  }
+
+  public static void handleJsonNode(JsonNode n, String source) {
+    Object o = jsNodeToJavaObject(n, MAX_RECURSION);
+    handleArbitraryPostDataWithSpanError(o, source);
+  }
+
+  public static void handleArbitraryPostDataWithSpanError(Object o, String source) {
+    AgentSpan span = activeSpan();
+    try {
+      doHandleArbitraryPostData(span, o, source);
+    } catch (BlockingException be) {
+      span.addThrowable(be);
+      throw be;
+    }
+  }
+
+  public static void handleArbitraryPostData(Object o, String source) {
+    doHandleArbitraryPostData(activeSpan(), o, source);
+  }
+
+  public static void doHandleArbitraryPostData(AgentSpan span, Object o, String source) {
+    RequestContext reqCtx;
+    if (span == null
+        || (reqCtx = span.getRequestContext()) == null
+        || reqCtx.getData(RequestContextSlot.APPSEC) == null) {
+      return;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Object, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestBodyProcessed());
+    if (callback == null) {
+      return;
+    }
+
+    // callback execution
+    executeCallback(reqCtx, callback, o, source);
+  }
+
+  private static void handleException(Exception e, String logMessage) {
+    if (e instanceof BlockingException) {
+      throw (BlockingException) e;
+    }
+
+    log.warn(logMessage, e);
+  }
+
+  private static Object jsValueToJavaObject(JsValue value, int maxRecursion) {
+    if (value == null || maxRecursion <= 0) {
+      return null;
+    }
+
+    if (value instanceof JsString) {
+      return ((JsString) value).value();
+    } else if (value instanceof JsNumber) {
+      return ((JsNumber) value).value();
+    } else if (value instanceof JsBoolean) {
+      return ((JsBoolean) value).value();
+    } else if (value instanceof JsObject) {
+      Map<String, Object> map = new HashMap<>();
+      JsObject jsonObject = (JsObject) value;
+      Iterator<Tuple2<String, JsValue>> iterator = jsonObject.fields().iterator();
+      while (iterator.hasNext()) {
+        Tuple2<String, JsValue> e = iterator.next();
+        map.put(e._1(), jsValueToJavaObject(e._2(), maxRecursion - 1));
+      }
+      return map;
+    } else if (value instanceof JsArray) {
+      List<Object> list = new ArrayList<>();
+      JsArray jsArray = (JsArray) value;
+      Iterator<JsValue> iterator = jsArray.value().iterator();
+      while (iterator.hasNext()) {
+        JsValue next = iterator.next();
+        list.add(jsValueToJavaObject(next, maxRecursion - 1));
+      }
+      return list;
+    } else {
+      return null;
+    }
+  }
+
+  private static Object jsNodeToJavaObject(JsonNode value, int maxRecursion) {
+    if (value == null || maxRecursion <= 0) {
+      return null;
+    }
+
+    if (value instanceof TextNode) {
+      return value.asText();
+    } else if (value instanceof FloatNode || value instanceof DoubleNode) {
+      return value.asDouble();
+    } else if (value instanceof NumericNode) {
+      return value.asLong();
+    } else if (value instanceof ObjectNode) {
+      Map<String, Object> map = new HashMap<>();
+      ObjectNode jsonObject = (ObjectNode) value;
+      java.util.Iterator<Map.Entry<String, JsonNode>> iterator = jsonObject.fields();
+      while (iterator.hasNext()) {
+        Map.Entry<String, JsonNode> e = iterator.next();
+        map.put(e.getKey(), jsNodeToJavaObject(e.getValue(), maxRecursion - 1));
+      }
+      return map;
+    } else if (value instanceof ArrayNode) {
+      List<Object> list = new ArrayList<>();
+      ArrayNode arrayNode = (ArrayNode) value;
+      java.util.Iterator<JsonNode> iterator = arrayNode.elements();
+      while (iterator.hasNext()) {
+        JsonNode next = iterator.next();
+        list.add(jsNodeToJavaObject(next, maxRecursion - 1));
+      }
+      return list;
+    } else if (value instanceof NullNode) {
+      return null;
+    } else {
+      return value.asText("");
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserTolerantJsonParseAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserTolerantJsonParseAdvice.java
new file mode 100644
index 00000000000..3648168a780
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserTolerantJsonParseAdvice.java
@@ -0,0 +1,19 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import datadog.appsec.api.blocking.BlockingException;
+import net.bytebuddy.asm.Advice;
+
+public class BodyParserTolerantJsonParseAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+  static void after(@Advice.Return JsonNode ret, @Advice.Thrown(readOnly = false) Throwable t) {
+    if (t != null) {
+      return;
+    }
+    try {
+      BodyParserHelpers.handleJsonNode(ret, "TolerantJson#parse");
+    } catch (BlockingException be) {
+      t = be;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserTolerantTextParseAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserTolerantTextParseAdvice.java
new file mode 100644
index 00000000000..43761f4f59b
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/BodyParserTolerantTextParseAdvice.java
@@ -0,0 +1,19 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import datadog.appsec.api.blocking.BlockingException;
+import net.bytebuddy.asm.Advice;
+
+public class BodyParserTolerantTextParseAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+  static void after(@Advice.Return String ret, @Advice.Thrown(readOnly = false) Throwable t) {
+    if (t != null) {
+      return;
+    }
+    try {
+      // error is reported as client error, which doesn't preserve the exception
+      BodyParserHelpers.handleArbitraryPostDataWithSpanError(ret, "TolerantText#parse");
+    } catch (BlockingException be) {
+      t = be;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/JavaMultipartFormDataRegisterExcF.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/JavaMultipartFormDataRegisterExcF.java
new file mode 100644
index 00000000000..0c249d912cc
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/JavaMultipartFormDataRegisterExcF.java
@@ -0,0 +1,38 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.util.concurrent.CompletionException;
+import java.util.function.Function;
+import play.libs.F;
+import play.mvc.Http;
+import play.mvc.Result;
+
+public class JavaMultipartFormDataRegisterExcF
+    implements Function<Throwable, F.Either<Result, Http.MultipartFormData<?>>> {
+  public static Function<Throwable, F.Either<Result, Http.MultipartFormData<?>>> INSTANCE =
+      new JavaMultipartFormDataRegisterExcF();
+
+  private JavaMultipartFormDataRegisterExcF() {}
+
+  @Override
+  public F.Either<Result, Http.MultipartFormData<?>> apply(Throwable exc) {
+    if (exc instanceof CompletionException) {
+      exc = exc.getCause();
+    }
+    if (exc instanceof BlockingException) {
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan != null) {
+        agentSpan.addThrowable(exc);
+      }
+    }
+    if (exc instanceof RuntimeException) {
+      throw (RuntimeException) exc;
+    } else {
+      throw new UndeclaredThrowableException(exc);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PathExtractionHelpers.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PathExtractionHelpers.java
new file mode 100644
index 00000000000..87fc8bff851
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PathExtractionHelpers.java
@@ -0,0 +1,62 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.Map;
+import java.util.function.BiFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PathExtractionHelpers {
+  private static final Logger log = LoggerFactory.getLogger(PathExtractionHelpers.class);
+
+  private PathExtractionHelpers() {}
+
+  public static BlockingException callRequestPathParamsCallback(
+      RequestContext reqCtx, Map<String, Object> params, String origin) {
+    try {
+      return doCallRequestPathParamsCallback(reqCtx, params, origin);
+    } catch (Exception e) {
+      log.warn("Error calling " + origin, e);
+      return null;
+    }
+  }
+
+  private static BlockingException doCallRequestPathParamsCallback(
+      RequestContext reqCtx, Map<String, Object> params, String origin) {
+    if (params == null || params.isEmpty()) {
+      return null;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Map<String, ?>, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestPathParams());
+    if (callback == null) {
+      return null;
+    }
+
+    Flow<Void> flow = callback.apply(reqCtx, params);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      return null;
+    }
+
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
+    if (brf != null) {
+      brf.tryCommitBlockingResponse(
+          reqCtx.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
+    }
+    return new BlockingException("Blocked request (for " + origin + ")");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PathPatternApplyAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PathPatternApplyAdvice.java
new file mode 100644
index 00000000000..7eab9542568
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PathPatternApplyAdvice.java
@@ -0,0 +1,45 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.advice.ActiveRequestContext;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import net.bytebuddy.asm.Advice;
+import scala.Tuple2;
+import scala.collection.Iterator;
+import scala.util.Either;
+
+@RequiresRequestContext(RequestContextSlot.APPSEC)
+public class PathPatternApplyAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+  static void after(
+      @Advice.Return(readOnly = false)
+          scala.Option<scala.collection.immutable.Map<String, Either<Throwable, String>>> ret,
+      @Advice.Thrown(readOnly = false) Throwable t,
+      @ActiveRequestContext RequestContext reqCtx) {
+    if (t != null) {
+      return;
+    }
+    if (ret.isEmpty()) {
+      return;
+    }
+
+    java.util.Map<String, Object> conv = new java.util.HashMap<>();
+
+    Iterator<Tuple2<String, Either<Throwable, String>>> iterator = ret.get().iterator();
+    while (iterator.hasNext()) {
+      Tuple2<String, Either<Throwable, String>> next = iterator.next();
+      Either<Throwable, String> value = next._2();
+      if (value.isLeft()) {
+        continue;
+      }
+
+      conv.put(next._1(), value.right().get());
+    }
+
+    BlockingException blockingException =
+        PathExtractionHelpers.callRequestPathParamsCallback(reqCtx, conv, "PathPattern#apply");
+    t = blockingException;
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersMultipartFormDataAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersMultipartFormDataAdvice.java
new file mode 100644
index 00000000000..58c364e1675
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersMultipartFormDataAdvice.java
@@ -0,0 +1,18 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import net.bytebuddy.asm.Advice;
+import play.api.mvc.BodyParser;
+import play.core.Execution;
+import scala.Function1;
+
+/** @see play.api.mvc.BodyParsers.parse$#multipartFormData(Function1, long) */
+public class PlayBodyParsersMultipartFormDataAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  static void after(
+      @Advice.Return(readOnly = false) BodyParser<play.api.mvc.MultipartFormData<?>> parser) {
+    parser =
+        parser.map(
+            BodyParserHelpers.getHandleMultipartFormDataF(),
+            Execution.Implicits$.MODULE$.internalContext());
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantFormUrlEncodedAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantFormUrlEncodedAdvice.java
new file mode 100644
index 00000000000..edeb7a2e014
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantFormUrlEncodedAdvice.java
@@ -0,0 +1,18 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import net.bytebuddy.asm.Advice;
+import play.api.mvc.BodyParser;
+import play.core.Execution;
+import scala.collection.Seq;
+
+public class PlayBodyParsersTolerantFormUrlEncodedAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  static void after(
+      @Advice.Return(readOnly = false)
+          BodyParser<scala.collection.immutable.Map<String, Seq<String>>> parser) {
+    parser =
+        parser.map(
+            BodyParserHelpers.getHandleUrlEncodedMapF(),
+            Execution.Implicits$.MODULE$.internalContext());
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantJsonAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantJsonAdvice.java
new file mode 100644
index 00000000000..ac72c6eadc9
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantJsonAdvice.java
@@ -0,0 +1,16 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import net.bytebuddy.asm.Advice;
+import play.api.libs.json.JsValue;
+import play.api.mvc.BodyParser;
+import play.core.Execution;
+
+/** @see play.api.mvc.BodyParsers.parse$#tolerantJson(int) */
+public class PlayBodyParsersTolerantJsonAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  static void after(@Advice.Return(readOnly = false) BodyParser<JsValue> parser) {
+    parser =
+        parser.map(
+            BodyParserHelpers.getHandleJsonF(), Execution.Implicits$.MODULE$.internalContext());
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantTextAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantTextAdvice.java
new file mode 100644
index 00000000000..2c519597326
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/PlayBodyParsersTolerantTextAdvice.java
@@ -0,0 +1,15 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import net.bytebuddy.asm.Advice;
+import play.api.mvc.BodyParser;
+import play.core.Execution;
+
+public class PlayBodyParsersTolerantTextAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  static void after(@Advice.Return(readOnly = false) BodyParser<String> parser) {
+    parser =
+        parser.map(
+            BodyParserHelpers.getHandleStringMapF(),
+            Execution.Implicits$.MODULE$.internalContext());
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/RoutingDslRouteConstructorAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/RoutingDslRouteConstructorAdvice.java
new file mode 100644
index 00000000000..9ebc0a8bd6c
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/RoutingDslRouteConstructorAdvice.java
@@ -0,0 +1,19 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import net.bytebuddy.asm.Advice;
+import play.libs.F;
+
+public class RoutingDslRouteConstructorAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  static void before(@Advice.Argument(value = 3, readOnly = false) Object action) {
+    if (action instanceof Function) {
+      action = new ArgumentCaptureWrappers.ArgumentCaptureFunction<>((Function) action);
+    } else if (action instanceof BiFunction) {
+      action = new ArgumentCaptureWrappers.ArgumentCaptureBiFunction<>((BiFunction) action);
+    } else if (action instanceof F.Function3) {
+      action = new ArgumentCaptureWrappers.ArgumentCaptureFunction3<>((F.Function3) action);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/SirdPathExtractorExtractAdvice.java b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/SirdPathExtractorExtractAdvice.java
new file mode 100644
index 00000000000..2b42660650a
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/main/java_play25/datadog/trace/instrumentation/play25/appsec/SirdPathExtractorExtractAdvice.java
@@ -0,0 +1,34 @@
+package datadog.trace.instrumentation.play25.appsec;
+
+import datadog.trace.advice.ActiveRequestContext;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import java.util.HashMap;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import scala.collection.immutable.List;
+
+/** @see play.api.routing.sird.PathExtractor#extract(java.lang.String) */
+@RequiresRequestContext(RequestContextSlot.APPSEC)
+public class SirdPathExtractorExtractAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+  static void after(
+      @Advice.Return scala.Option<List<String>> ret,
+      @ActiveRequestContext RequestContext reqCtx,
+      @Advice.Thrown(readOnly = false) Throwable t) {
+    if (ret.isEmpty() || t != null) {
+      return;
+    }
+
+    Map<String, Object> conv = new HashMap<>();
+    List<String> stringList = ret.get();
+    for (int i = 0; i < stringList.size(); i++) {
+      conv.put(Integer.toString(i), stringList.apply(i));
+    }
+
+    t =
+        PathExtractionHelpers.callRequestPathParamsCallback(
+            reqCtx, conv, "sird.PathExtractor#extract");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/routeGenerator/scala/generator/CompileRoutes.scala b/dd-java-agent/instrumentation/play-2.4/src/routeGenerator/scala/generator/CompileRoutes.scala
new file mode 100644
index 00000000000..505135029a3
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/routeGenerator/scala/generator/CompileRoutes.scala
@@ -0,0 +1,17 @@
+package generator
+
+import play.routes.compiler.{InjectedRoutesGenerator, RoutesCompiler}
+
+import java.io.File
+import scala.collection.immutable
+
+object CompileRoutes extends App {
+  val routesFile = args(0)
+  val destinationDir = args(1)
+
+  val routesCompilerTask = RoutesCompiler.RoutesCompilerTask(
+    new File(routesFile), immutable.Seq.empty,
+    true, true, false)
+  RoutesCompiler.compile(
+    routesCompilerTask, InjectedRoutesGenerator, new File(destinationDir))
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/client/PlayWSClientTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/client/PlayWSClientTest.groovy
similarity index 90%
rename from dd-java-agent/instrumentation/play-2.4/src/test/groovy/client/PlayWSClientTest.groovy
rename to dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/client/PlayWSClientTest.groovy
index 4f860671e34..2e500fe2f93 100644
--- a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/client/PlayWSClientTest.groovy
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/client/PlayWSClientTest.groovy
@@ -1,8 +1,7 @@
-package client
+package datadog.trace.instrumentation.play25.client
 
 import datadog.trace.agent.test.base.HttpClientTest
 import datadog.trace.agent.test.naming.TestingNettyHttpNamingConventions
-import datadog.trace.instrumentation.netty40.client.NettyHttpClientDecorator
 import play.libs.ws.WS
 import spock.lang.AutoCleanup
 import spock.lang.Shared
@@ -36,7 +35,7 @@ abstract class PlayWSClientTest extends HttpClientTest {
 
   @Override
   String component() {
-    return NettyHttpClientDecorator.DECORATE.component()
+    'netty-client'
   }
 
 
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayAsyncServerTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayAsyncServerTest.groovy
new file mode 100644
index 00000000000..fec90b5ae72
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayAsyncServerTest.groovy
@@ -0,0 +1,14 @@
+package datadog.trace.instrumentation.play25.server
+
+import datadog.trace.agent.test.base.HttpServer
+import groovy.transform.CompileStatic
+import play.libs.concurrent.HttpExecution
+
+class PlayAsyncServerTest extends PlayServerTest {
+
+  @Override
+  @CompileStatic
+  HttpServer server() {
+    new PlayHttpServer(PlayRouters.async(HttpExecution.defaultContext()))
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayHttpServer.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayHttpServer.groovy
new file mode 100644
index 00000000000..d21243146ba
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayHttpServer.groovy
@@ -0,0 +1,77 @@
+package datadog.trace.instrumentation.play25.server
+
+import com.typesafe.config.ConfigFactory
+import datadog.trace.agent.test.base.HttpServer
+import groovy.transform.CompileStatic
+import play.api.Application
+import play.api.BuiltInComponentsFromContext
+import play.api.Environment
+import play.api.Mode
+import play.api.Play
+import play.api.http.HttpErrorHandler
+import play.core.server.NettyServerProvider
+import play.core.server.ServerConfig
+import play.routing.Router
+import scala.Option
+
+import java.util.concurrent.TimeoutException
+
+class PlayHttpServer implements HttpServer {
+  final Router router
+  def server
+  def port
+
+  PlayHttpServer(Router router) {
+    this.router = router
+  }
+
+  @Override
+  @CompileStatic
+  void start() throws TimeoutException {
+    play.api.routing.Router router = this.router.asScala()
+
+    play.api.ApplicationLoader.Context context = play.api.ApplicationLoader.Context$.MODULE$.apply(
+      Environment.simple(new File("."), Mode.Test()),
+      (scala.Option) scala.None$.MODULE$,
+      new play.core.DefaultWebCommands(),
+      play.api.Configuration$.MODULE$.apply(ConfigFactory.load())
+      )
+
+    BuiltInComponentsFromContext components = new BuiltInComponentsFromContext(context) {
+        @Override
+        play.api.routing.Router router() {
+          router
+        }
+
+        @Override
+        HttpErrorHandler httpErrorHandler() {
+          new play.core.j.JavaHttpErrorHandlerAdapter(TestHttpErrorHandler.INSTANCE)
+        }
+      }
+
+    Application application = components.application()
+    Play.start(application)
+    ServerConfig serverConfig = ServerConfig.apply(
+      getClass().getClassLoader(),
+      new File('.'),
+      (scala.Option) Option.apply(0),
+      Option.empty(),
+      '0.0.0.0',
+      Mode.Test(),
+      System.getProperties())
+    play.core.server.Server server = new NettyServerProvider().createServer(serverConfig, application)
+
+    this.server = server
+    this.port = server.httpPort().get()
+  }
+
+  @Override
+  void stop() {
+    server.stop()
+  }
+
+  @Override
+  URI address() {
+    return new URI("http://localhost:$port/")
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayRouters.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayRouters.groovy
new file mode 100644
index 00000000000..f0b49a51bfe
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayRouters.groovy
@@ -0,0 +1,300 @@
+package datadog.trace.instrumentation.play25.server
+
+import com.fasterxml.jackson.databind.JsonNode
+import com.fasterxml.jackson.databind.ObjectMapper
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.agent.test.base.HttpServerTest
+import groovy.transform.CompileStatic
+import play.api.mvc.RequestHeader
+import play.mvc.Http
+import play.mvc.Result
+import play.mvc.Results
+import play.routing.Router
+import play.routing.RoutingDsl
+import scala.Option
+import scala.collection.Seq
+
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.CompletionStage
+import java.util.concurrent.Executor
+import java.util.function.Function
+import java.util.function.Supplier
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_JSON
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_URLENCODED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CREATED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_HERE
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.PATH_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.USER_BLOCK
+import static datadog.trace.agent.test.base.HttpServerTest.controller
+
+class PlayRouters {
+  static Router sync() {
+    new RoutingDsl()
+      .GET(SUCCESS.path).routeTo({
+        controller(SUCCESS) {
+          Results.ok(SUCCESS.body)
+        }
+      } as Supplier)
+      .GET(FORWARDED.path).routeTo({
+        controller(FORWARDED) {
+          Option<String> headerValue = requestHeader.headers().get('x-forwarded-for')
+          Results.ok(headerValue.empty ? 'x-forwarded-for header not present' : headerValue.get())
+        }
+      } as Supplier)
+      .GET(QUERY_PARAM.path).routeTo({
+        controller(QUERY_PARAM) {
+          Option<Seq<String>> some = requestHeader.queryString().get('some')
+          Results.ok("some=${some.empty ? '(null)' : some.get().apply(0)}")
+        }
+      } as Supplier)
+      .GET(QUERY_ENCODED_QUERY.path).routeTo({
+        controller(QUERY_ENCODED_QUERY) {
+          Option<Seq<String>> some = requestHeader.queryString().get('some')
+          Results.ok("some=${some.empty ? '(null)' : some.get().apply(0)}")
+        }
+      } as Supplier)
+      .GET(QUERY_ENCODED_BOTH.rawPath).routeTo({
+        controller(QUERY_ENCODED_BOTH) {
+          Option<Seq<String>> some = requestHeader.queryString().get('some')
+          Results.ok("some=${some.empty ? '(null)' : some.get().apply(0)}").
+            withHeader(HttpServerTest.IG_RESPONSE_HEADER, HttpServerTest.IG_RESPONSE_HEADER_VALUE)
+        }
+      } as Supplier)
+      .GET(REDIRECT.path).routeTo({
+        controller(REDIRECT) {
+          Results.found(REDIRECT.body)
+        }
+      } as Supplier)
+      .GET(ERROR.path).routeTo({
+        controller(ERROR) {
+          Results.status(ERROR.status, ERROR.body)
+        }
+      } as Supplier)
+      .GET(EXCEPTION.path).routeTo({
+        controller(EXCEPTION) {
+          throw new RuntimeException(EXCEPTION.body)
+        }
+      } as Supplier)
+      .GET(CUSTOM_EXCEPTION.path).routeAsync({
+        controller(CUSTOM_EXCEPTION) {
+          throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.body)
+        }
+      } as Supplier)
+      .GET(NOT_HERE.path).routeTo({
+        controller(NOT_HERE) {
+          Results.notFound(NOT_HERE.body)
+        }
+      } as Supplier)
+      .GET("/path/:id/param").routeTo(PathParamSyncFunction.INSTANCE)
+      .GET(USER_BLOCK.path).routeTo({
+        controller(USER_BLOCK) {
+          controller(USER_BLOCK) {
+            Blocking.forUser('user-to-block').blockIfMatch()
+            Results.status(200, "should never be reached")
+          }
+        }
+      } as Supplier)
+      .POST(CREATED.path).routeTo({
+        ->
+        controller(CREATED) {
+          String body = body().asText()
+          Results.status(CREATED.status, "created: $body")
+        }
+      } as Supplier)
+      .POST(BODY_URLENCODED.path).routeTo({
+        ->
+        controller(BODY_URLENCODED) {
+          Map<String, String[]> body = body().asFormUrlEncoded()
+          Results.status(BODY_URLENCODED.status, body as String)
+        }
+      } as Supplier)
+      .POST(BODY_MULTIPART.path).routeTo({
+        ->
+        controller(BODY_MULTIPART) {
+          Map<String, String[]> body = body().asMultipartFormData().asFormUrlEncoded()
+          Results.status(BODY_MULTIPART.status, body as String)
+        }
+      } as Supplier)
+      .POST(BODY_JSON.path).routeTo({
+        ->
+        JsonNode json = body().asJson()
+        controller(BODY_JSON) {
+          Results.status(BODY_JSON.status, new ObjectMapper().writeValueAsString(json))
+        }
+      } as Supplier)
+      .build()
+  }
+
+  @CompileStatic
+  static Router async(Executor execContext) {
+    new RoutingDsl()
+      .GET(SUCCESS.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(SUCCESS) {
+            Results.ok(SUCCESS.body)
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(FORWARDED.getPath()).routeAsync({
+        Option<String> header = requestHeader.headers().get('x-forwarded-for')
+        CompletableFuture.supplyAsync({
+          controller(FORWARDED) {
+            Results.ok(header.empty ? '(null)' : header.get())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(QUERY_PARAM.getPath()).routeAsync({
+        Option<Seq<String>> some = requestHeader.queryString().get('some')
+        CompletableFuture.supplyAsync({
+          controller(QUERY_PARAM) {
+            Results.ok("some=${some.empty ? '(null)' : some.get().apply(0)}")
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(QUERY_ENCODED_QUERY.getPath()).routeAsync({
+        Option<Seq<String>> some = requestHeader.queryString().get('some')
+        CompletableFuture.supplyAsync({
+          controller(QUERY_ENCODED_QUERY) {
+            Results.ok("some=${some.empty ? '(null)' : some.get().apply(0)}")
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(QUERY_ENCODED_BOTH.getRawPath()).routeAsync({
+        Option<Seq<String>> some = requestHeader.queryString().get('some')
+        CompletableFuture.supplyAsync({
+          controller(QUERY_ENCODED_BOTH) {
+            Results.ok("some=${some.empty ? '(null)' : some.get().apply(0)}").
+              withHeader(HttpServerTest.IG_RESPONSE_HEADER, HttpServerTest.IG_RESPONSE_HEADER_VALUE) // cheating
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(REDIRECT.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(REDIRECT) {
+            Results.found(REDIRECT.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(ERROR.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(ERROR) {
+            Results.status(ERROR.getStatus(), ERROR.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(EXCEPTION.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(EXCEPTION) {
+            throw new RuntimeException(EXCEPTION.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(CUSTOM_EXCEPTION.path).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(CUSTOM_EXCEPTION) {
+            throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.body)
+          }
+        }, execContext)
+      } as Supplier)
+      .GET("/path/:id/param").routeAsync(new PathParamAsyncFunction(execContext))
+      .GET(USER_BLOCK.path).routeAsync({
+        CompletableFuture.supplyAsync({
+          ->
+          controller(USER_BLOCK) {
+            Blocking.forUser('user-to-block').blockIfMatch()
+            Results.status(200, "should never be reached")
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(CREATED.path).routeAsync({
+        ->
+        String body = body().asText()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(CREATED) {
+            Results.status(CREATED.status, "created: $body")
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_URLENCODED.path).routeAsync({
+        ->
+        Map<String, String[]> body = body().asFormUrlEncoded()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_URLENCODED) {
+            Results.status(BODY_URLENCODED.status, body as String)
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_MULTIPART.path).routeAsync({
+        ->
+        Map<String, String[]> body = body().asMultipartFormData().asFormUrlEncoded()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_MULTIPART) {
+            Results.status(BODY_MULTIPART.status, body as String)
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_JSON.path).routeAsync({
+        ->
+        JsonNode json = body().asJson()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_JSON) {
+            Results.status(BODY_JSON.status, new ObjectMapper().writeValueAsString(json))
+          }
+        }, execContext)
+      } as Supplier)
+      .build()
+  }
+
+  @CompileStatic
+  static enum PathParamSyncFunction implements Function<Integer, Result> {
+    INSTANCE
+
+    @Override
+    Result apply(Integer i) {
+      controller(PATH_PARAM) {
+        Results.ok(i as String)
+      }
+    }
+  }
+
+  @CompileStatic
+  static class PathParamAsyncFunction implements Function<Integer, CompletionStage<Result>> {
+    private final Executor executor
+
+    PathParamAsyncFunction(Executor executor) {
+      this.executor = executor
+    }
+
+    @Override
+    CompletionStage<Result> apply(Integer i) {
+      CompletableFuture.supplyAsync({
+        controller(PATH_PARAM) {
+          Results.ok(i as String)
+        }
+      }, executor)
+    }
+  }
+
+  private static RequestHeader getRequestHeader() {
+    Http.Context.current()._requestHeader()
+  }
+
+  private static play.mvc.Http.RequestBody body() {
+    Http.Context.current()._requestHeader().body
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayScalaAsyncServerTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayScalaAsyncServerTest.groovy
new file mode 100644
index 00000000000..378f911499b
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayScalaAsyncServerTest.groovy
@@ -0,0 +1,30 @@
+package datadog.trace.instrumentation.play25.server
+
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.instrumentation.play25.PlayRoutersScala
+import groovy.transform.CompileStatic
+import spock.lang.Shared
+
+import java.util.concurrent.ExecutorService
+import java.util.concurrent.Executors
+
+class PlayScalaAsyncServerTest extends PlayServerTest {
+  @Shared
+  ExecutorService executor
+
+  def cleanupSpec() {
+    executor.shutdown()
+  }
+
+  @Override
+  @CompileStatic
+  HttpServer server() {
+    executor = Executors.newCachedThreadPool()
+    new PlayHttpServer(PlayRoutersScala.async(executor).asJava())
+  }
+
+  @Override
+  Map<String, ?> expectedIGPathParams() {
+    ['0': '123']
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayScalaRoutesServerTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayScalaRoutesServerTest.groovy
new file mode 100644
index 00000000000..dc5b4317ae2
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayScalaRoutesServerTest.groovy
@@ -0,0 +1,110 @@
+package datadog.trace.instrumentation.play25.server
+
+import datadog.trace.agent.test.asserts.TraceAssert
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.DDTags
+import datadog.trace.api.config.TraceInstrumentationConfig
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.instrumentation.play25.PlayController
+import groovy.transform.CompileStatic
+import scala.concurrent.ExecutionContext$
+import spock.lang.Shared
+
+import java.util.concurrent.ExecutorService
+import java.util.concurrent.Executors
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.PATH_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+
+class PlayScalaRoutesServerTest extends PlayServerTest {
+  @Shared
+  ExecutorService executor
+
+  def cleanupSpec() {
+    executor.shutdown()
+  }
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig(TraceInstrumentationConfig.HTTP_SERVER_ROUTE_BASED_NAMING, 'false')
+  }
+
+  @Override
+  @CompileStatic
+  HttpServer server() {
+    executor = Executors.newCachedThreadPool()
+
+    def router = new router.Routes(
+      new play.core.j.JavaHttpErrorHandlerAdapter(TestHttpErrorHandler.INSTANCE),
+      new PlayController(ExecutionContext$.MODULE$.fromExecutor(executor))
+      )
+    new PlayHttpServer(router.asJava())
+  }
+
+  @Override
+  String testPathParam() {
+    '/path/?/param'
+  }
+
+  @Override
+  Map<String, ?> expectedIGPathParams() {
+    [path: '123']
+  }
+
+  private String routeFor(HttpServerTest.ServerEndpoint endpoint) {
+    switch (endpoint) {
+      case PATH_PARAM:
+        return '/path/$path<[^/]+>/param'
+      case NOT_FOUND:
+        return null
+      default:
+        endpoint.rawPath
+    }
+  }
+
+  @Override
+  Map<String, Serializable> expectedExtraServerTags(HttpServerTest.ServerEndpoint endpoint) {
+    [(Tags.HTTP_ROUTE): routeFor(endpoint)]
+  }
+
+  @Override
+  boolean hasHandlerSpan() {
+    true
+  }
+
+  @Override
+  void handlerSpan(TraceAssert trace, HttpServerTest.ServerEndpoint endpoint = SUCCESS) {
+    def expectedQueryTag = expectedQueryTag(endpoint)
+    trace.span {
+      serviceName expectedServiceName()
+      operationName 'play.request'
+      spanType DDSpanTypes.HTTP_SERVER
+      errored endpoint == EXCEPTION || endpoint == CUSTOM_EXCEPTION
+      childOfPrevious()
+      tags {
+        "$Tags.COMPONENT" 'play-action'
+        "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+        "$Tags.PEER_HOST_IPV4" { it == (endpoint == FORWARDED ? endpoint.body : '127.0.0.1') }
+        "$Tags.HTTP_CLIENT_IP" { it == (endpoint == FORWARDED ? endpoint.body : '127.0.0.1') }
+        "$Tags.HTTP_URL" String
+        "$Tags.HTTP_HOSTNAME" address.host
+        "$Tags.HTTP_METHOD" String
+        "$Tags.HTTP_ROUTE" this.routeFor(endpoint)
+        if (endpoint == EXCEPTION || endpoint == CUSTOM_EXCEPTION) {
+          errorTags(endpoint == CUSTOM_EXCEPTION ? TestHttpErrorHandler.CustomRuntimeException : RuntimeException, endpoint.body)
+        }
+        if (endpoint.query) {
+          "$DDTags.HTTP_QUERY" expectedQueryTag
+        }
+        defaultTags()
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayServerTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayServerTest.groovy
new file mode 100644
index 00000000000..dab1f327069
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/PlayServerTest.groovy
@@ -0,0 +1,145 @@
+package datadog.trace.instrumentation.play25.server
+
+import datadog.trace.agent.test.asserts.TraceAssert
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.DDTags
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.instrumentation.play24.PlayHttpServerDecorator
+import groovy.transform.CompileStatic
+import play.server.Server
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+
+class PlayServerTest extends HttpServerTest<Server> {
+
+  @Override
+  @CompileStatic
+  HttpServer server() {
+    new PlayHttpServer(PlayRouters.sync())
+  }
+
+  @Override
+  void stopServer(Server server) {
+    server.stop()
+  }
+
+  @Override
+  String component() {
+    'netty'
+  }
+
+  @Override
+  String expectedOperationName() {
+    'netty.request'
+  }
+
+  @Override
+  boolean hasHandlerSpan() {
+    true
+  }
+
+  @Override
+  boolean hasExtraErrorInformation() {
+    true
+  }
+
+  @Override
+  boolean changesAll404s() {
+    true
+  }
+
+  boolean testExceptionBody() {
+    // I can't figure out how to set a proper exception handler to customize the response body.
+    false
+  }
+
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean isRequestBodyNoStreaming() {
+    true
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    true
+  }
+
+  @Override
+  boolean testBodyMultipart() {
+    true
+  }
+
+  @Override
+  boolean testBodyJson() {
+    true
+  }
+
+  @Override
+  boolean testBlocking() {
+    true
+  }
+
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
+  @Override
+  String testPathParam() {
+    '/path/?/param'
+  }
+
+  @Override
+  Map<String, ?> expectedIGPathParams() {
+    ['0': 123]
+  }
+
+  @Override
+  Class<? extends Exception> expectedExceptionType() {
+    RuntimeException
+  }
+
+  @Override
+  Class<? extends Exception> expectedCustomExceptionType() {
+    TestHttpErrorHandler.CustomRuntimeException
+  }
+
+  @Override
+  void handlerSpan(TraceAssert trace, ServerEndpoint endpoint = SUCCESS) {
+    def expectedQueryTag = expectedQueryTag(endpoint)
+    trace.span {
+      serviceName expectedServiceName()
+      operationName "play.request"
+      spanType DDSpanTypes.HTTP_SERVER
+      errored endpoint == EXCEPTION || endpoint == CUSTOM_EXCEPTION
+      childOfPrevious()
+      tags {
+        "$Tags.COMPONENT" PlayHttpServerDecorator.DECORATE.component()
+        "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+        "$Tags.PEER_HOST_IPV4" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
+        "$Tags.HTTP_CLIENT_IP" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
+        "$Tags.HTTP_URL" String
+        "$Tags.HTTP_HOSTNAME" address.host
+        "$Tags.HTTP_METHOD" String
+        // BUG
+        //        "$Tags.HTTP_ROUTE" String
+        if (endpoint == EXCEPTION || endpoint == CUSTOM_EXCEPTION) {
+          errorTags(endpoint == CUSTOM_EXCEPTION ? TestHttpErrorHandler.CustomRuntimeException : RuntimeException, endpoint.body)
+        }
+        if (endpoint.query) {
+          "$DDTags.HTTP_QUERY" expectedQueryTag
+        }
+        defaultTags()
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/TestHttpErrorHandler.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/TestHttpErrorHandler.groovy
new file mode 100644
index 00000000000..1ae8f075361
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/datadog/trace/instrumentation/play25/server/TestHttpErrorHandler.groovy
@@ -0,0 +1,45 @@
+package datadog.trace.instrumentation.play25.server
+
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import play.http.HttpErrorHandler
+import play.mvc.Http.RequestHeader
+import play.mvc.Result
+import play.mvc.Results
+
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.CompletionStage
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+
+enum TestHttpErrorHandler implements HttpErrorHandler {
+  INSTANCE
+
+  private static final Logger LOG = LoggerFactory.getLogger(TestHttpErrorHandler)
+
+  static class CustomRuntimeException extends RuntimeException {
+    CustomRuntimeException(String message) {
+      super(message)
+    }
+  }
+
+  CompletionStage<Result> onClientError(
+    RequestHeader request, int statusCode, String message) {
+    return CompletableFuture.completedFuture(Results.status(statusCode, message))
+  }
+
+  CompletionStage<Result> onServerError(RequestHeader request, Throwable exception) {
+    LOG.warn('server error', exception)
+
+    Throwable cause = exception.getCause()
+    if (cause) {
+      exception = cause
+    }
+    if (exception instanceof CustomRuntimeException) {
+      return CompletableFuture.completedFuture(
+        Results.status(CUSTOM_EXCEPTION.status, exception.message))
+    }
+
+    CompletableFuture.completedFuture(Results.internalServerError(exception.message))
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayAsyncServerTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayAsyncServerTest.groovy
deleted file mode 100644
index 20809d198a4..00000000000
--- a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayAsyncServerTest.groovy
+++ /dev/null
@@ -1,86 +0,0 @@
-package server
-
-import datadog.trace.agent.test.base.HttpServer
-import play.libs.concurrent.HttpExecution
-import play.mvc.Results
-import play.routing.RoutingDsl
-
-import java.util.concurrent.CompletableFuture
-import java.util.function.Supplier
-
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
-
-class PlayAsyncServerTest extends PlayServerTest {
-
-  @Override
-  HttpServer server() {
-    def router =
-      new RoutingDsl()
-      .GET(SUCCESS.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(SUCCESS) {
-            Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(FORWARDED.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(FORWARDED) {
-            Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(QUERY_PARAM.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(QUERY_PARAM) {
-            Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(QUERY_ENCODED_QUERY.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(QUERY_ENCODED_QUERY) {
-            Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(QUERY_ENCODED_BOTH.getRawPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(QUERY_ENCODED_BOTH) {
-            Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
-              withHeader(IG_RESPONSE_HEADER, IG_RESPONSE_HEADER_VALUE) // cheating
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(REDIRECT.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(REDIRECT) {
-            Results.found(REDIRECT.getBody())
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(ERROR.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(ERROR) {
-            Results.status(ERROR.getStatus(), ERROR.getBody())
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-      .GET(EXCEPTION.getPath()).routeAsync({
-        CompletableFuture.supplyAsync({
-          controller(EXCEPTION) {
-            throw new Exception(EXCEPTION.getBody())
-          }
-        }, HttpExecution.defaultContext())
-      } as Supplier)
-
-    return new PlayHttpServer(router.build())
-  }
-}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayHttpServer.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayHttpServer.groovy
deleted file mode 100644
index efc2948baea..00000000000
--- a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayHttpServer.groovy
+++ /dev/null
@@ -1,33 +0,0 @@
-package server
-
-import datadog.trace.agent.test.base.HttpServer
-import play.routing.Router
-import play.server.Server
-
-import java.util.concurrent.TimeoutException
-
-class PlayHttpServer implements HttpServer {
-  final Router router
-  def server
-  def port
-
-  PlayHttpServer(Router router) {
-    this.router = router
-  }
-
-  @Override
-  void start() throws TimeoutException {
-    server = Server.forRouter(router, 0)
-    port = server.httpPort()
-  }
-
-  @Override
-  void stop() {
-    server.stop()
-  }
-
-  @Override
-  URI address() {
-    return new URI("http://localhost:$port/")
-  }
-}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayServerTest.groovy b/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayServerTest.groovy
deleted file mode 100644
index e28300dabec..00000000000
--- a/dd-java-agent/instrumentation/play-2.4/src/test/groovy/server/PlayServerTest.groovy
+++ /dev/null
@@ -1,125 +0,0 @@
-package server
-
-import datadog.trace.agent.test.asserts.TraceAssert
-import datadog.trace.agent.test.base.HttpServer
-import datadog.trace.agent.test.base.HttpServerTest
-import datadog.trace.api.DDSpanTypes
-import datadog.trace.api.DDTags
-import datadog.trace.bootstrap.instrumentation.api.Tags
-import datadog.trace.instrumentation.netty40.server.NettyHttpServerDecorator
-import datadog.trace.instrumentation.play24.PlayHttpServerDecorator
-import play.mvc.Results
-import play.routing.RoutingDsl
-import play.server.Server
-
-import java.util.function.Supplier
-
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
-
-class PlayServerTest extends HttpServerTest<Server> {
-
-  @Override
-  HttpServer server() {
-    def router =
-      new RoutingDsl()
-      .GET(SUCCESS.getPath()).routeTo({
-        controller(SUCCESS) {
-          Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
-        }
-      } as Supplier)
-      .GET(FORWARDED.getPath()).routeTo({
-        controller(FORWARDED) {
-          Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
-        }
-      } as Supplier)
-      .GET(QUERY_PARAM.getPath()).routeTo({
-        controller(QUERY_PARAM) {
-          Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
-        }
-      } as Supplier)
-      .GET(QUERY_ENCODED_QUERY.getPath()).routeTo({
-        controller(QUERY_ENCODED_QUERY) {
-          Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
-        }
-      } as Supplier)
-      .GET(QUERY_ENCODED_BOTH.getRawPath()).routeTo({
-        controller(QUERY_ENCODED_BOTH) {
-          Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
-            withHeader(IG_RESPONSE_HEADER, IG_RESPONSE_HEADER_VALUE) // cheating
-        }
-      } as Supplier)
-      .GET(REDIRECT.getPath()).routeTo({
-        controller(REDIRECT) {
-          Results.found(REDIRECT.getBody())
-        }
-      } as Supplier)
-      .GET(ERROR.getPath()).routeTo({
-        controller(ERROR) {
-          Results.status(ERROR.getStatus(), ERROR.getBody())
-        }
-      } as Supplier)
-      .GET(EXCEPTION.getPath()).routeTo({
-        controller(EXCEPTION) {
-          throw new Exception(EXCEPTION.getBody())
-        }
-      } as Supplier)
-    return new PlayHttpServer(router.build())
-  }
-
-  @Override
-  String component() {
-    return NettyHttpServerDecorator.DECORATE.component()
-  }
-
-  @Override
-  String expectedOperationName() {
-    return "netty.request"
-  }
-
-  @Override
-  boolean hasHandlerSpan() {
-    true
-  }
-
-  boolean testExceptionBody() {
-    // I can't figure out how to set a proper exception handler to customize the response body.
-    false
-  }
-
-  @Override
-  void handlerSpan(TraceAssert trace, ServerEndpoint endpoint = SUCCESS) {
-    def expectedQueryTag = expectedQueryTag(endpoint)
-    trace.span {
-      serviceName expectedServiceName()
-      operationName "play.request"
-      spanType DDSpanTypes.HTTP_SERVER
-      errored endpoint == EXCEPTION
-      childOfPrevious()
-      tags {
-        "$Tags.COMPONENT" PlayHttpServerDecorator.DECORATE.component()
-        "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
-        "$Tags.PEER_HOST_IPV4" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
-        "$Tags.HTTP_CLIENT_IP" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
-        "$Tags.HTTP_URL" String
-        "$Tags.HTTP_HOSTNAME" address.host
-        "$Tags.HTTP_METHOD" String
-        // BUG
-        //        "$Tags.HTTP_ROUTE" String
-        if (endpoint == EXCEPTION) {
-          errorTags(Exception, EXCEPTION.body)
-        }
-        if (endpoint.query) {
-          "$DDTags.HTTP_QUERY" expectedQueryTag
-        }
-        defaultTags()
-      }
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/routes/conf/routes b/dd-java-agent/instrumentation/play-2.4/src/test/routes/conf/routes
new file mode 100644
index 00000000000..83cbf85dd11
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/routes/conf/routes
@@ -0,0 +1,16 @@
+GET   /success                      datadog.trace.instrumentation.play25.PlayController.success()
+GET   /redirect                     datadog.trace.instrumentation.play25.PlayController.redirect()
+GET   /forwarded                    datadog.trace.instrumentation.play25.PlayController.forwarded()
+GET   /error-status                 datadog.trace.instrumentation.play25.PlayController.errorStatus()
+GET   /exception                    datadog.trace.instrumentation.play25.PlayController.exception()
+GET   /custom-exception             datadog.trace.instrumentation.play25.PlayController.customException()
+GET   /not-here                     datadog.trace.instrumentation.play25.PlayController.notHere()
+GET   /user-block                   datadog.trace.instrumentation.play25.PlayController.userBlock()
+GET   /query                        datadog.trace.instrumentation.play25.PlayController.query(some: String)
+GET   /encoded_query                datadog.trace.instrumentation.play25.PlayController.encodedQuery(some: String)
+GET   /encoded%20path%20query       datadog.trace.instrumentation.play25.PlayController.encodedPathQuery(some: String)
+GET   /path/:path/param             datadog.trace.instrumentation.play25.PlayController.pathParam(path: Integer)
+POST /created                       datadog.trace.instrumentation.play25.PlayController.created()
+POST /body-urlencoded               datadog.trace.instrumentation.play25.PlayController.bodyUrlencoded()
+POST /body-multipart                datadog.trace.instrumentation.play25.PlayController.bodyMultipart()
+POST /body-json                     datadog.trace.instrumentation.play25.PlayController.bodyJson()
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/PlayController.scala b/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/PlayController.scala
new file mode 100644
index 00000000000..ff00fa780a9
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/PlayController.scala
@@ -0,0 +1,93 @@
+package datadog.trace.instrumentation.play25
+
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.base.HttpServerTest.{ServerEndpoint, getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE}
+import datadog.trace.instrumentation.play25.Util.MapExtensions
+import groovy.lang.Closure
+import play.api.libs.json.{JsNull, JsValue, Json}
+import play.api.mvc._
+
+import scala.concurrent.{ExecutionContext, Future}
+
+class PlayController(implicit ec: ExecutionContext) extends Controller {
+  def success() = controller(ServerEndpoint.SUCCESS) { _ =>
+    Results.Ok(ServerEndpoint.SUCCESS.getBody)
+  }
+
+  def redirect = controller(ServerEndpoint.REDIRECT) { _ =>
+    Results.Redirect(ServerEndpoint.REDIRECT.getBody, 302)
+  }
+
+  def forwarded = controller(ServerEndpoint.FORWARDED) { request =>
+    Results.Status(ServerEndpoint.FORWARDED.getStatus)(request.headers.get("X-Forwarded-For").getOrElse("(no header)"))
+  }
+
+  def errorStatus = controller(ServerEndpoint.ERROR) { _ =>
+    Results.Status(ServerEndpoint.ERROR.getStatus)(ServerEndpoint.ERROR.getBody)
+  }
+
+  def exception = controller(ServerEndpoint.EXCEPTION) { _ =>
+    throw new RuntimeException(ServerEndpoint.EXCEPTION.getBody)
+  }
+
+  def customException = controller(ServerEndpoint.CUSTOM_EXCEPTION) { _ =>
+    throw Util.createCustomException(ServerEndpoint.CUSTOM_EXCEPTION.getBody)
+  }
+
+  def userBlock = controller(ServerEndpoint.USER_BLOCK) { _ =>
+    Blocking.forUser("user-to-block").blockIfMatch()
+    Results.Ok("should never be reached")
+  }
+
+  def query(some: String) = controller(ServerEndpoint.QUERY_PARAM) { _ =>
+    Results.Status(ServerEndpoint.QUERY_PARAM.getStatus)(s"some=$some")
+  }
+
+  def encodedQuery(some: String) = controller(ServerEndpoint.QUERY_ENCODED_QUERY) { _ =>
+    Results.Status(ServerEndpoint.QUERY_ENCODED_QUERY.getStatus)(s"some=$some")
+  }
+
+  def encodedPathQuery(some: String) = controller(ServerEndpoint.QUERY_ENCODED_BOTH) { _ =>
+    Results.Status(ServerEndpoint.QUERY_ENCODED_BOTH.getStatus)(s"some=$some")
+  }
+
+  def notHere = controller(ServerEndpoint.NOT_HERE) { _ =>
+    Results.NotFound(ServerEndpoint.NOT_HERE.getBody)
+  }
+
+  def pathParam(id: Integer) = controller(ServerEndpoint.PATH_PARAM) { _ =>
+    Results.Ok(id.toString)
+  }
+
+  def created = controller(ServerEndpoint.CREATED) { request =>
+    val body: String = request.body.asText.getOrElse("")
+    Results.Created(s"created: $body")
+  }
+
+  def bodyUrlencoded = controller(ServerEndpoint.BODY_URLENCODED) { request =>
+    val body: Map[String, Seq[String]] = request.body.asFormUrlEncoded.getOrElse(Map.empty)
+    Results.Ok(body.toStringAsGroovy)
+  }
+
+  def bodyMultipart = controller(ServerEndpoint.BODY_MULTIPART) { request =>
+    val body: Map[String, Seq[String]] = request.body.asMultipartFormData.map(_.asFormUrlEncoded).getOrElse(Map.empty)
+    Results.Ok(body.toStringAsGroovy)
+  }
+
+  def bodyJson = controller(ServerEndpoint.BODY_JSON) { request =>
+    val body: JsValue = request.body.asJson.getOrElse(JsNull)
+    Results.Ok(Json.stringify(body))
+  }
+
+  private def controller(endpoint: ServerEndpoint)(block: Request[AnyContent] => Result) : Action[AnyContent] = {
+    Action.async { request =>
+      Future {
+        HttpServerTest.controller(endpoint, new Closure[Result](this) {
+          def doCall() = block(request).withHeaders(
+            (getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE))
+        })
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/PlayRoutersScala.scala b/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/PlayRoutersScala.scala
new file mode 100644
index 00000000000..5f6b313fd7b
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/PlayRoutersScala.scala
@@ -0,0 +1,151 @@
+package datadog.trace.instrumentation.play25
+
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint._
+import datadog.trace.agent.test.base.HttpServerTest.{ServerEndpoint, getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE}
+import datadog.trace.instrumentation.play25.Util.MapExtensions
+import groovy.lang.Closure
+import play.api.BuiltInComponents
+import play.api.libs.json._
+import play.api.mvc._
+import play.api.routing.Router
+import play.api.routing.sird._
+
+import java.util.concurrent.{Executor, ExecutorService}
+import scala.concurrent.{ExecutionContext, Future}
+
+object PlayRoutersScala {
+
+  def async(executor: Executor): Router = {
+    val ec: ExecutionContext = ExecutionContext.fromExecutor(executor)
+    val parser = BodyParsers.parse.default
+
+    def controller(endpoint: ServerEndpoint)(block: => Result): Future[Result] = {
+      Future {
+        HttpServerTest.controller(endpoint, new Closure[Result](this) {
+          def doCall(): Result = block.withHeaders(
+            (getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE))
+        })
+      }(ec)
+    }
+
+    Router.from {
+      case GET(p"/success") =>
+        Action.async {
+          controller(SUCCESS) {
+            Results.Ok(SUCCESS.getBody)
+          }
+        }
+
+      case GET(p"/redirect") =>
+        Action.async {
+          controller(REDIRECT) {
+            Results.Redirect(REDIRECT.getBody, 302)
+          }
+        }
+
+      case GET(p"/forwarded") =>
+        Action.async { request =>
+          controller(FORWARDED) {
+            Results.Status(FORWARDED.getStatus)(request.headers.get("X-Forwarded-For").getOrElse("(no header)"))
+          }
+        }
+
+      // endpoint is not special; error results are returned the same way
+      case GET(p"/error-status") =>
+        Action.async {
+          controller(ERROR) {
+            Results.Status(ERROR.getStatus)(ERROR.getBody)
+          }
+        }
+
+      case GET(p"/exception") =>
+        Action.async {
+          controller(EXCEPTION) {
+            throw new RuntimeException(EXCEPTION.getBody)
+          }
+        }
+
+      case GET(p"/custom-exception") =>
+        Action.async {
+          controller(CUSTOM_EXCEPTION) {
+            throw Util.createCustomException(CUSTOM_EXCEPTION.getBody)
+          }
+        }
+
+      case GET(p"/not-here") =>
+        Action.async {
+          controller(NOT_HERE) {
+            Results.NotFound
+          }
+        }
+
+      case GET(p"/user-block") =>
+        Action.async {
+          controller(USER_BLOCK) {
+            Blocking.forUser("user-to-block").blockIfMatch()
+            Results.Ok("should never be reached")
+          }
+        }
+
+      case GET(p"/query" ? q"some=$some") =>
+        Action.async {
+          controller(QUERY_PARAM) {
+            Results.Status(QUERY_PARAM.getStatus)(s"some=$some")
+          }
+        }
+
+      case GET(p"/encoded_query" ? q"some=$some") =>
+        Action.async {
+          controller(QUERY_ENCODED_QUERY) {
+            Results.Status(QUERY_ENCODED_QUERY.getStatus)(s"some=$some")
+          }
+        }
+
+      case GET(p"/encoded%20path%20query" ? q"some=$some") =>
+        Action.async {
+          controller(QUERY_ENCODED_BOTH) {
+            Results.Status(QUERY_ENCODED_BOTH.getStatus)(s"some=$some")
+          }
+        }
+
+      case GET(p"/path/$path/param") =>
+        Action.async {
+          controller(PATH_PARAM) {
+            Results.Status(PATH_PARAM.getStatus)(path)
+          }
+        }
+
+      case POST(p"/created") => Action.async(parser) { request =>
+        controller(CREATED) {
+          val body: String = request.body.asText.getOrElse("")
+          Results.Created(s"created: $body")
+        }
+      }
+
+      case POST(p"/body-urlencoded") => Action.async(parser) { request =>
+        controller(BODY_URLENCODED) {
+          val body: Map[String, Seq[String]] = request.body.asFormUrlEncoded.getOrElse(Map.empty)
+          Results.Ok(body.toStringAsGroovy)
+        }
+      }
+
+      case POST(p"/body-multipart") => Action.async(parser) { request =>
+        controller(BODY_MULTIPART) {
+          val body: Map[String, scala.Seq[String]] = request.body.asMultipartFormData.getOrElse(
+            MultipartFormData(Map.empty, scala.Seq.empty, scala.Seq.empty)
+          ).asFormUrlEncoded
+          Results.Ok(body.toStringAsGroovy)
+        }
+      }
+
+      case POST(p"/body-json") => Action.async(parser) { request =>
+        controller(BODY_JSON) {
+          val body: JsValue = request.body.asJson.getOrElse(JsNull)
+          Results.Ok(Json.stringify(body))
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/Util.scala b/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/Util.scala
new file mode 100644
index 00000000000..076d6efca13
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.4/src/test/scala/datadog/trace/instrumentation/play25/Util.scala
@@ -0,0 +1,21 @@
+package datadog.trace.instrumentation.play25
+
+object Util {
+  implicit class MapExtensions[A](m: Iterable[(String, A)]) {
+    def toStringAsGroovy: String = {
+      def valueToString(value: Object) : String = value match {
+        case seq: Seq[_] => seq.map(x => valueToString(x.asInstanceOf[Object])).mkString("[", ",", "]")
+        case other => other.toString
+      }
+
+      m.map { case (key, value) => s"$key:${valueToString(value.asInstanceOf[Object])}" }
+        .mkString("[", ",", "]")
+    }
+  }
+
+  def createCustomException(msg: String): Exception = {
+    val clazz = Class.forName("datadog.trace.instrumentation.play25.server.TestHttpErrorHandler$CustomRuntimeException")
+    val constructor = clazz.getConstructor(classOf[String])
+    constructor.newInstance(msg).asInstanceOf[Exception]
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/build.gradle b/dd-java-agent/instrumentation/play-2.6/build.gradle
index 551dbaa114f..3a0f2f419df 100644
--- a/dd-java-agent/instrumentation/play-2.6/build.gradle
+++ b/dd-java-agent/instrumentation/play-2.6/build.gradle
@@ -8,26 +8,50 @@ def playVersion = '2.6.0'
 
 muzzle {
   pass {
+    name = 'play26Plus'
     group = 'com.typesafe.play'
     module = "play_$scalaVersion"
     versions = "[$playVersion,)"
     assertInverse = true
+    javaVersion = 11
   }
   pass {
+    name = 'play26Plus'
     group = 'com.typesafe.play'
     module = 'play_2.12'
     versions = "[$playVersion,)"
     assertInverse = true
+    javaVersion = 11
   }
   pass {
+    name = 'play26Plus'
     group = 'com.typesafe.play'
     module = 'play_2.13'
     versions = "[$playVersion,)"
     assertInverse = true
+    javaVersion = 11
+  }
+
+  pass {
+    name = 'play26Only'
+    group = 'com.typesafe.play'
+    module = 'play-java_2.11'
+    versions = "[2.6.0,2.7.0)"
+    assertInverse = true
+  }
+
+  pass {
+    name = 'play27'
+    group = 'com.typesafe.play'
+    module = 'play-java_2.13'
+    versions = "[2.7.0,)"
+    assertInverse = true
+    javaVersion = 11
   }
 }
 
 apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'scala'
 
 repositories {
   maven {
@@ -38,30 +62,144 @@ repositories {
   }
 }
 
-addTestSuiteForDir('latestDepTest', 'test')
+addTestSuiteForDir('baseTest', 'baseTest')
+addTestSuiteForDir('latestDepTest', 'latestDepTest')
+
+sourceSets {
+  main_play27 {
+    java.srcDirs "${project.projectDir}/src/main/java_play27"
+  }
+}
+jar {
+  from sourceSets.main_play27.output
+}
+compileMain_play27Java.dependsOn compileJava
+project.afterEvaluate { p ->
+  instrumentJava.dependsOn compileMain_play27Java
+  forbiddenApisMain_play27.dependsOn instrumentMain_play27Java
+}
+instrument {
+  additionalClasspath = [
+    instrumentJava: compileMain_play27Java.destinationDirectory
+  ]
+}
 
 dependencies {
   compileOnly group: 'com.typesafe.play', name: "play_$scalaVersion", version: playVersion
+  compileOnly group: 'com.typesafe.play', name: "play-java_$scalaVersion", version: playVersion
 
-  testImplementation project(':dd-java-agent:instrumentation:netty-4.0')
-  testImplementation project(':dd-java-agent:instrumentation:netty-4.1')
-  testImplementation project(':dd-java-agent:instrumentation:akka-http-10.0')
-  testImplementation project(':dd-java-agent:instrumentation:akka-concurrent')
-  testImplementation project(':dd-java-agent:instrumentation:akka-init')
-  testImplementation project(':dd-java-agent:instrumentation:scala-concurrent')
-  testImplementation project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.10')
-  testImplementation project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.13')
-  testImplementation(project(path: ':dd-java-agent:instrumentation:akka-http-10.0', configuration: 'testArtifacts'))
-
-  testImplementation group: 'com.typesafe.play', name: "play-java_$scalaVersion", version: playVersion
+  main_play27CompileOnly group: 'com.typesafe.play', name: "play-java_$scalaVersion", version: '2.7.0'
+  main_play27CompileOnly project(':internal-api')
+  main_play27CompileOnly project(':dd-java-agent:agent-tooling')
+  main_play27CompileOnly project(':dd-java-agent:agent-bootstrap')
+  main_play27CompileOnly files("${project.buildDir}/classes/java/raw") {
+    builtBy = ['compileJava']
+  }
+
+  baseTestImplementation group: 'com.typesafe.play', name: "play-java_$scalaVersion", version: playVersion
   // TODO: Play WS is a separately versioned library starting with 2.6 and needs separate instrumentation.
-  testImplementation(group: 'com.typesafe.play', name: "play-test_$scalaVersion", version: playVersion) {
+  baseTestImplementation(group: 'com.typesafe.play', name: "play-test_$scalaVersion", version: playVersion) {
     exclude group: 'org.eclipse.jetty.websocket', module: 'websocket-client'
   }
 
-  // TODO: This should be changed to the latest in scala 2.13 instead of 2.11 since its ahead
-  latestDepTestImplementation group: 'com.typesafe.play', name: "play-java_$scalaVersion", version: '2.+'
-  latestDepTestImplementation(group: 'com.typesafe.play', name: "play-test_$scalaVersion", version: '2.+') {
+  testRuntimeOnly project(':dd-java-agent:instrumentation:netty-4.0')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:netty-4.1')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:akka-http-10.0')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:akka-concurrent')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:akka-init')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:scala-concurrent')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.10')
+  testRuntimeOnly project(':dd-java-agent:instrumentation:scala-promise:scala-promise-2.13')
+
+  latestDepTestRuntimeOnly sourceSets.baseTest.output
+  latestDepTestImplementation deps.scala213
+  latestDepTestImplementation group: 'com.typesafe.play', name: "play-java_2.13", version: '2.+'
+  latestDepTestImplementation(group: 'com.typesafe.play', name: "play-test_2.13", version: '2.+') {
     exclude group: 'org.eclipse.jetty.websocket', module: 'websocket-client'
   }
+  latestDepTestImplementation group: 'com.typesafe.play', name: 'play-akka-http-server_2.13', version: '2.+'
+}
+configurations.matching({ it.name.startsWith('latestDepTest') }).each({
+  it.resolutionStrategy {
+    // logback-classic 1.4.11 doesn't like being loaded in the bootstrap classloader (NPE)
+    force group: 'ch.qos.logback', name: 'logback-classic', version: '1.4.5'
+  }
+})
+tasks.named("compileLatestDepTestJava").configure {
+  it.sourceCompatibility = JavaVersion.VERSION_11
+  it.targetCompatibility = JavaVersion.VERSION_11
+  setJavaVersion(it, 11)
+}
+compileLatestDepTestScala {
+  javaLauncher = getJavaLauncherFor(11)
+  classpath = classpath + files(compileBaseTestJava.destinationDirectory)
+  dependsOn 'compileBaseTestJava'
+}
+latestDepTest {
+  javaLauncher = getJavaLauncherFor(11)
+  testClassesDirs = testClassesDirs + sourceSets.baseTest.output.classesDirs
+}
+
+final generatedRoutes = layout.buildDirectory.dir('generated/sources/latestDepTestRoutes/scala')
+sourceSets {
+  routeGenerator {
+    scala {
+      srcDir "${project.projectDir}/src/routeGenerator/scala"
+    }
+  }
+  latestDepTestGenerated {
+    scala {
+      srcDir generatedRoutes
+    }
+  }
+}
+dependencies {
+  routeGeneratorImplementation deps.scala213
+  routeGeneratorImplementation group: 'com.typesafe.play', name: "routes-compiler_2.13", version: '2.+'
+}
+configurations {
+  latestDepTestGeneratedCompileClasspath.extendsFrom(latestDepTestCompileClasspath)
+}
+
+tasks.register('buildLatestDepTestRoutes', JavaExec) {
+  String routesFile = "${project.projectDir}/src/latestDepTest/routes/conf/routes"
+  def outputDir = generatedRoutes
+
+  it.inputs.file routesFile
+  it.outputs.dir outputDir
+
+  it.mainClass.set 'generator.CompileRoutes'
+  it.args routesFile, outputDir.get().asFile.absolutePath
+
+  it.classpath configurations.routeGeneratorRuntimeClasspath
+  it.classpath compileRouteGeneratorScala.destinationDirectory
+  it.classpath compileLatestDepTestScala.destinationDirectory
+
+  it.javaLauncher.set getJavaLauncherFor(11)
+
+  dependsOn compileRouteGeneratorScala, compileLatestDepTestScala
+}
+compileLatestDepTestGeneratedScala {
+  javaLauncher = getJavaLauncherFor(11)
+  classpath = classpath + files(compileLatestDepTestScala.destinationDirectory)
+  dependsOn buildLatestDepTestRoutes, compileLatestDepTestScala
+}
+forbiddenApisLatestDepTestGenerated {
+  enabled = false
+}
+
+compileLatestDepTestGroovy {
+  javaLauncher = getJavaLauncherFor(11)
+  classpath = classpath +
+    files(compileLatestDepTestScala.destinationDirectory) +
+    files(compileBaseTestGroovy.destinationDirectory) +
+    files(compileBaseTestJava.destinationDirectory) +
+    files(compileLatestDepTestGeneratedScala.destinationDirectory)
+  dependsOn 'compileLatestDepTestScala'
+  dependsOn 'compileBaseTestGroovy'
+  dependsOn 'compileBaseTestJava'
+  dependsOn 'compileLatestDepTestGeneratedScala'
+}
+dependencies {
+  latestDepTestRuntimeOnly sourceSets.latestDepTestGenerated.output
 }
diff --git a/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayAsyncServerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayAsyncServerTest.groovy
new file mode 100644
index 00000000000..4d9e443369d
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayAsyncServerTest.groovy
@@ -0,0 +1,23 @@
+package datadog.trace.instrumentation.play26.server
+
+import datadog.trace.agent.test.base.HttpServer
+import groovy.transform.CompileStatic
+import spock.lang.Shared
+
+import java.util.concurrent.Executors
+
+class PlayAsyncServerTest extends PlayServerTest {
+  @Shared
+  def executor
+
+  def cleanupSpec() {
+    executor.shutdown()
+  }
+
+  @CompileStatic
+  @Override
+  HttpServer server() {
+    executor = Executors.newCachedThreadPool()
+    return new PlayHttpServer(PlayRouters.&async.curry(executor))
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayAsyncServerWithErrorHandlerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayAsyncServerWithErrorHandlerTest.groovy
new file mode 100644
index 00000000000..8e84b25e8cf
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayAsyncServerWithErrorHandlerTest.groovy
@@ -0,0 +1,21 @@
+package datadog.trace.instrumentation.play26.server
+
+import datadog.trace.agent.test.base.HttpServer
+import spock.lang.Shared
+
+import java.util.concurrent.Executors
+
+class PlayAsyncServerWithErrorHandlerTest extends PlayServerWithErrorHandlerTest {
+  @Shared
+  def executor
+
+  def cleanupSpec() {
+    executor.shutdown()
+  }
+
+  @Override
+  HttpServer server() {
+    executor = Executors.newCachedThreadPool()
+    return new PlayHttpServer(PlayRouters.&async.curry(executor), new TestHttpErrorHandler())
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayHttpServer.groovy b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayHttpServer.groovy
similarity index 97%
rename from dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayHttpServer.groovy
rename to dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayHttpServer.groovy
index 5e41e9e7ca5..e4fac0aeb7b 100644
--- a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayHttpServer.groovy
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayHttpServer.groovy
@@ -1,4 +1,4 @@
-package server
+package datadog.trace.instrumentation.play26.server
 
 import datadog.trace.agent.test.base.HttpServer
 import play.ApplicationLoader
diff --git a/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayRouters.groovy b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayRouters.groovy
new file mode 100644
index 00000000000..2d3925a7f28
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayRouters.groovy
@@ -0,0 +1,339 @@
+package datadog.trace.instrumentation.play26.server
+
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.agent.test.base.HttpServerTest
+import groovy.transform.CompileStatic
+import play.BuiltInComponents
+import play.api.libs.json.JsValue
+import play.api.libs.json.Json$
+import play.api.mvc.AnyContent
+import play.libs.concurrent.HttpExecution
+import play.mvc.Http
+import play.mvc.Result
+import play.mvc.Results
+import play.routing.Router
+import play.routing.RoutingDsl
+import scala.collection.JavaConverters
+import scala.concurrent.ExecutionContextExecutor
+import scala.xml.NodeSeq
+
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.CompletionStage
+import java.util.concurrent.Executor
+import java.util.concurrent.ExecutorService
+import java.util.function.Function
+import java.util.function.Supplier
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_JSON
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_URLENCODED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_XML
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CREATED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.PATH_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.USER_BLOCK
+import static datadog.trace.agent.test.base.HttpServerTest.controller
+import static java.lang.Class.forName
+
+class PlayRouters {
+  static Router sync(BuiltInComponents components) {
+    try {
+      forName("datadog.trace.instrumentation.play26.server.latestdep.PlayRouters").sync components
+    } catch (ClassNotFoundException cnf) {
+      sync26(components)
+    }
+  }
+
+  static Router async(ExecutorService executor, BuiltInComponents components) {
+    try {
+      forName("datadog.trace.instrumentation.play26.server.latestdep.PlayRouters").async executor, components
+    } catch (ClassNotFoundException cnf) {
+      async26(executor, components)
+    }
+  }
+
+  private static Router sync26(BuiltInComponents components) {
+    RoutingDsl.fromComponents(components)
+      .GET(SUCCESS.path).routeTo({
+        controller(SUCCESS) {
+          Results.status(SUCCESS.status, SUCCESS.body)
+        }
+      } as Supplier)
+      .GET(FORWARDED.path).routeTo({
+        controller(FORWARDED) {
+          Results.status(FORWARDED.status, FORWARDED.body)
+        }
+      } as Supplier)
+      .GET(QUERY_PARAM.path).routeTo({
+        controller(QUERY_PARAM) {
+          Results.status(QUERY_PARAM.status, QUERY_PARAM.body)
+        }
+      } as Supplier)
+      .GET(QUERY_ENCODED_QUERY.path).routeTo({
+        controller(QUERY_ENCODED_QUERY) {
+          Results.status(QUERY_ENCODED_QUERY.status, QUERY_ENCODED_QUERY.body)
+        }
+      } as Supplier)
+      .GET(QUERY_ENCODED_BOTH.rawPath).routeTo({
+        controller(QUERY_ENCODED_BOTH) {
+          Results.status(QUERY_ENCODED_BOTH.status, QUERY_ENCODED_BOTH.body).
+            withHeader(HttpServerTest.IG_RESPONSE_HEADER, HttpServerTest.IG_RESPONSE_HEADER_VALUE)
+        }
+      } as Supplier)
+      .GET(REDIRECT.path).routeTo({
+        controller(REDIRECT) {
+          Results.found(REDIRECT.body)
+        }
+      } as Supplier)
+      .GET(ERROR.path).routeTo({
+        controller(ERROR) {
+          Results.status(ERROR.status, ERROR.body)
+        }
+      } as Supplier)
+      .GET(EXCEPTION.path).routeTo({
+        controller(EXCEPTION) {
+          throw new RuntimeException(EXCEPTION.body)
+        }
+      } as Supplier)
+      .GET(CUSTOM_EXCEPTION.path).routeAsync({
+        controller(CUSTOM_EXCEPTION) {
+          throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.body)
+        }
+      } as Supplier)
+      .GET("/path/:id/param").routeTo(PathParamSyncFunction.INSTANCE)
+      .GET(USER_BLOCK.path).routeTo({
+        controller(USER_BLOCK) {
+          controller(USER_BLOCK) {
+            Blocking.forUser('user-to-block').blockIfMatch()
+            Results.status(200, "should never be reached")
+          }
+        }
+      } as Supplier)
+      .POST(CREATED.path).routeTo({
+        ->
+        controller(CREATED) {
+          def body = body().asText().get()
+          Results.status(CREATED.status, "created: $body")
+        }
+      } as Supplier)
+      .POST(BODY_URLENCODED.path).routeTo({
+        ->
+        controller(BODY_URLENCODED) {
+          def body = body().asFormUrlEncoded().get()
+          def javaMap = JavaConverters.mapAsJavaMapConverter(body).asJava()
+          def res = javaMap.collectEntries {
+            [it.key, JavaConverters.asJavaCollectionConverter(it.value).asJavaCollection()]
+          }
+          Results.status(BODY_URLENCODED.status, res as String)
+        }
+      } as Supplier)
+      .POST(BODY_MULTIPART.path).routeTo({
+        ->
+        controller(BODY_MULTIPART) {
+          def body = body().asMultipartFormData().get().asFormUrlEncoded()
+          def javaMap = JavaConverters.mapAsJavaMapConverter(body).asJava()
+          def res = javaMap.collectEntries {
+            [it.key, JavaConverters.asJavaCollectionConverter(it.value).asJavaCollection()]
+          }
+          Results.status(BODY_MULTIPART.status, res as String)
+        }
+      } as Supplier)
+      .POST(BODY_JSON.path).routeTo({
+        ->
+        controller(BODY_JSON) {
+          JsValue json = body().asJson().get()
+          Results.status(BODY_JSON.status, Json$.MODULE$.stringify(json))
+        }
+      } as Supplier)
+      .POST(BODY_XML.path).routeTo({
+        ->
+        controller(BODY_XML) {
+          NodeSeq node = body().asXml().get()
+          Results.status(BODY_XML.status, node.toString())
+        }
+      } as Supplier)
+      .build()
+  }
+
+  static Router async26(ExecutorService executor, BuiltInComponents components) {
+    ExecutionContextExecutor execContext = HttpExecution.fromThread(executor)
+    RoutingDsl.fromComponents(components)
+      .GET(SUCCESS.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(SUCCESS) {
+            Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(FORWARDED.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(FORWARDED) {
+            Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(QUERY_PARAM.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(QUERY_PARAM) {
+            Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(QUERY_ENCODED_QUERY.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(QUERY_ENCODED_QUERY) {
+            Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(QUERY_ENCODED_BOTH.getRawPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(QUERY_ENCODED_BOTH) {
+            Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
+              withHeader(HttpServerTest.IG_RESPONSE_HEADER, HttpServerTest.IG_RESPONSE_HEADER_VALUE) // cheating
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(REDIRECT.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(REDIRECT) {
+            Results.found(REDIRECT.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(ERROR.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(ERROR) {
+            Results.status(ERROR.getStatus(), ERROR.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(EXCEPTION.getPath()).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(EXCEPTION) {
+            throw new RuntimeException(EXCEPTION.getBody())
+          }
+        }, execContext)
+      } as Supplier)
+      .GET(CUSTOM_EXCEPTION.path).routeAsync({
+        CompletableFuture.supplyAsync({
+          controller(CUSTOM_EXCEPTION) {
+            throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.body)
+          }
+        }, execContext)
+      } as Supplier)
+      .GET("/path/:id/param").routeAsync(new PathParamAsyncFunction(execContext))
+      .GET(USER_BLOCK.path).routeAsync({
+        CompletableFuture.supplyAsync({
+          ->
+          controller(USER_BLOCK) {
+            controller(USER_BLOCK) {
+              Blocking.forUser('user-to-block').blockIfMatch()
+              Results.status(200, "should never be reached")
+            }
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(CREATED.path).routeAsync({
+        ->
+        def body = body().asText().get()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(CREATED) {
+            Results.status(CREATED.status, "created: $body")
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_URLENCODED.path).routeAsync({
+        ->
+        def body = body().asFormUrlEncoded().get()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_URLENCODED) {
+            def javaMap = JavaConverters.mapAsJavaMapConverter(body).asJava()
+            def res = javaMap.collectEntries {
+              [it.key, JavaConverters.asJavaCollectionConverter(it.value).asJavaCollection()]
+            }
+            Results.status(BODY_URLENCODED.status, res as String)
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_MULTIPART.path).routeAsync({
+        ->
+        def body = body().asMultipartFormData().get().asFormUrlEncoded()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_MULTIPART) {
+            def javaMap = JavaConverters.mapAsJavaMapConverter(body).asJava()
+            def res = javaMap.collectEntries {
+              [it.key, JavaConverters.asJavaCollectionConverter(it.value).asJavaCollection()]
+            }
+            Results.status(BODY_MULTIPART.status, res as String)
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_JSON.path).routeAsync({
+        ->
+        JsValue json = body().asJson().get()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_JSON) {
+            Results.status(BODY_JSON.status, Json$.MODULE$.stringify(json))
+          }
+        }, execContext)
+      } as Supplier)
+      .POST(BODY_XML.path).routeAsync({
+        ->
+        NodeSeq node = body().asXml().get()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_XML) {
+            Results.status(BODY_XML.status, node.toString())
+          }
+        }, execContext)
+      } as Supplier)
+      .build()
+  }
+
+  private static AnyContent body() {
+    Http.Context.current()._requestHeader().body
+  }
+
+  @CompileStatic
+  static enum PathParamSyncFunction implements Function<Integer, Result> {
+    INSTANCE
+
+    @Override
+    Result apply(Integer i) {
+      controller(PATH_PARAM) {
+        Results.ok(i as String)
+      }
+    }
+  }
+
+  @CompileStatic
+  static class PathParamAsyncFunction implements Function<Integer, CompletionStage<Result>> {
+    private final Executor executor
+
+    PathParamAsyncFunction(Executor executor) {
+      this.executor = executor
+    }
+
+    @Override
+    CompletionStage<Result> apply(Integer i) {
+      CompletableFuture.supplyAsync({
+        controller(PATH_PARAM) {
+          Results.ok(i as String)
+        }
+      }, executor)
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayServerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayServerTest.groovy
similarity index 50%
rename from dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayServerTest.groovy
rename to dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayServerTest.groovy
index b19f41215b4..26ca37d551b 100644
--- a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayServerTest.groovy
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayServerTest.groovy
@@ -1,4 +1,4 @@
-package server
+package datadog.trace.instrumentation.play26.server
 
 import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.base.HttpServer
@@ -6,74 +6,24 @@ import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.api.DDSpanTypes
 import datadog.trace.api.DDTags
 import datadog.trace.bootstrap.instrumentation.api.Tags
-import datadog.trace.instrumentation.akkahttp.AkkaHttpServerDecorator
 import datadog.trace.instrumentation.play26.PlayHttpServerDecorator
-import play.BuiltInComponents
-import play.mvc.Results
-import play.routing.RoutingDsl
+import groovy.transform.CompileStatic
+import okhttp3.MediaType
+import okhttp3.RequestBody
 import play.server.Server
 
-import java.util.function.Supplier
-
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_XML
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
 
 class PlayServerTest extends HttpServerTest<Server> {
 
   @Override
+  @CompileStatic
   HttpServer server() {
-    return new PlayHttpServer({ BuiltInComponents components ->
-      RoutingDsl.fromComponents(components)
-        .GET(SUCCESS.getPath()).routeTo({
-          controller(SUCCESS) {
-            Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
-          }
-        } as Supplier)
-        .GET(FORWARDED.getPath()).routeTo({
-          controller(FORWARDED) {
-            Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
-          }
-        } as Supplier)
-        .GET(QUERY_PARAM.getPath()).routeTo({
-          controller(QUERY_PARAM) {
-            Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
-          }
-        } as Supplier)
-        .GET(QUERY_ENCODED_QUERY.getPath()).routeTo({
-          controller(QUERY_ENCODED_QUERY) {
-            Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
-          }
-        } as Supplier)
-        .GET(QUERY_ENCODED_BOTH.getRawPath()).routeTo({
-          controller(QUERY_ENCODED_BOTH) {
-            Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
-              withHeader(IG_RESPONSE_HEADER, IG_RESPONSE_HEADER_VALUE) // cheating
-          }
-        } as Supplier)
-        .GET(REDIRECT.getPath()).routeTo({
-          controller(REDIRECT) {
-            Results.found(REDIRECT.getBody())
-          }
-        } as Supplier)
-        .GET(ERROR.getPath()).routeTo({
-          controller(ERROR) {
-            Results.status(ERROR.getStatus(), ERROR.getBody())
-          }
-        } as Supplier)
-        .GET(EXCEPTION.getPath()).routeTo({
-          controller(EXCEPTION) {
-            throw new RuntimeException(EXCEPTION.getBody())
-          }
-        } as Supplier)
-        .build()
-    })
+    new PlayHttpServer(PlayRouters.&sync)
   }
 
   @Override
@@ -83,12 +33,12 @@ class PlayServerTest extends HttpServerTest<Server> {
 
   @Override
   String component() {
-    return AkkaHttpServerDecorator.DECORATE.component()
+    'akka-http-server'
   }
 
   @Override
   String expectedOperationName() {
-    return "akka-http.request"
+    'akka-http.request'
   }
 
   @Override
@@ -106,16 +56,56 @@ class PlayServerTest extends HttpServerTest<Server> {
     true
   }
 
-  @Override
-  boolean hasPeerPort() {
-    false
-  }
-
   boolean testExceptionBody() {
     // I can't figure out how to set a proper exception handler to customize the response body.
     false
   }
 
+  @Override
+  boolean testRequestBody() {
+    true
+  }
+
+  @Override
+  boolean isRequestBodyNoStreaming() {
+    true
+  }
+
+  @Override
+  boolean testBodyUrlencoded() {
+    true
+  }
+
+  @Override
+  boolean testBodyMultipart() {
+    true
+  }
+
+  @Override
+  boolean testBodyJson() {
+    true
+  }
+
+  @Override
+  boolean testBlocking() {
+    true
+  }
+
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
+  @Override
+  String testPathParam() {
+    '/path/?/param'
+  }
+
+  @Override
+  Map<String, ?> expectedIGPathParams() {
+    ['0': 123]
+  }
+
   @Override
   Class<? extends Exception> expectedExceptionType() {
     RuntimeException
@@ -138,8 +128,8 @@ class PlayServerTest extends HttpServerTest<Server> {
       tags {
         "$Tags.COMPONENT" PlayHttpServerDecorator.DECORATE.component()
         "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
-        "$Tags.PEER_HOST_IPV4" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
-        "$Tags.HTTP_CLIENT_IP" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
+        "$Tags.PEER_HOST_IPV4" '127.0.0.1'
+        "$Tags.HTTP_CLIENT_IP" { it == (endpoint == FORWARDED ? endpoint.body : '127.0.0.1') }
         "$Tags.HTTP_URL" String
         "$Tags.HTTP_HOSTNAME" address.host
         "$Tags.HTTP_METHOD" String
@@ -155,4 +145,29 @@ class PlayServerTest extends HttpServerTest<Server> {
       }
     }
   }
+
+  def 'test instrumentation gateway xml request body'() {
+    setup:
+    def request = request(
+      BODY_XML, 'POST',
+      RequestBody.create(MediaType.get('text/xml'), '<foo attr="attr_value">mytext<bar></bar></foo>'))
+      .build()
+    def response = client.newCall(request).execute()
+    if (isDataStreamsEnabled()) {
+      TEST_DATA_STREAMS_WRITER.waitForGroups(1)
+    }
+    String body = response.body().charStream().text
+
+
+    expect:
+    body == BODY_XML.body || body == '<?xml version="1.0" encoding="UTF-8"?><foo attr="attr_value">mytext<bar/></foo>'
+
+    when:
+    TEST_WRITER.waitForTraces(1)
+
+    then:
+    TEST_WRITER.get(0).any {
+      it.getTag('request.body.converted') == '[[children:[mytext, [:]], attributes:[attr:attr_value]]]'
+    }
+  }
 }
diff --git a/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayServerWithErrorHandlerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayServerWithErrorHandlerTest.groovy
new file mode 100644
index 00000000000..9d9c1bd99db
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/groovy/datadog/trace/instrumentation/play26/server/PlayServerWithErrorHandlerTest.groovy
@@ -0,0 +1,46 @@
+package datadog.trace.instrumentation.play26.server
+
+import datadog.trace.agent.test.base.HttpServer
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static org.junit.Assume.assumeTrue
+
+class PlayServerWithErrorHandlerTest extends PlayServerTest {
+  @Override
+  HttpServer server() {
+    new PlayHttpServer(PlayRouters.&sync, new TestHttpErrorHandler())
+  }
+
+  @Override
+  boolean testExceptionBody() {
+    true
+  }
+
+  def "test exception with custom status"() {
+    setup:
+    assumeTrue(testException())
+    def request = request(CUSTOM_EXCEPTION, 'GET', null).build()
+    def response = client.newCall(request).execute()
+
+    expect:
+    response.code() == CUSTOM_EXCEPTION.status
+    if (testExceptionBody()) {
+      assert response.body().string() == CUSTOM_EXCEPTION.body
+    }
+
+    and:
+    assertTraces(1) {
+      trace(spanCount(CUSTOM_EXCEPTION)) {
+        sortSpansByStart()
+        serverSpan(it, null, null, 'GET', CUSTOM_EXCEPTION)
+        if (hasHandlerSpan()) {
+          handlerSpan(it, CUSTOM_EXCEPTION)
+        }
+        controllerSpan(it, CUSTOM_EXCEPTION)
+        if (hasResponseSpan(CUSTOM_EXCEPTION)) {
+          responseSpan(it, CUSTOM_EXCEPTION)
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/test/java/server/TestHttpErrorHandler.java b/dd-java-agent/instrumentation/play-2.6/src/baseTest/java/datadog/trace/instrumentation/play26/server/TestHttpErrorHandler.java
similarity index 58%
rename from dd-java-agent/instrumentation/play-2.6/src/test/java/server/TestHttpErrorHandler.java
rename to dd-java-agent/instrumentation/play-2.6/src/baseTest/java/datadog/trace/instrumentation/play26/server/TestHttpErrorHandler.java
index c42f046976b..f4a4055480c 100644
--- a/dd-java-agent/instrumentation/play-2.6/src/test/java/server/TestHttpErrorHandler.java
+++ b/dd-java-agent/instrumentation/play-2.6/src/baseTest/java/datadog/trace/instrumentation/play26/server/TestHttpErrorHandler.java
@@ -1,16 +1,20 @@
-package server;
+package datadog.trace.instrumentation.play26.server;
 
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION;
 
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import play.http.HttpErrorHandler;
 import play.mvc.Http.RequestHeader;
 import play.mvc.Result;
 import play.mvc.Results;
 
 public class TestHttpErrorHandler implements HttpErrorHandler {
-  static class CustomRuntimeException extends RuntimeException {
+  private static final Logger log = LoggerFactory.getLogger(TestHttpErrorHandler.class);
+
+  public static class CustomRuntimeException extends RuntimeException {
     public CustomRuntimeException(String message) {
       super(message);
     }
@@ -22,12 +26,17 @@ public CompletionStage<Result> onClientError(
   }
 
   public CompletionStage<Result> onServerError(RequestHeader request, Throwable exception) {
+    log.warn("server error", exception);
+
     Throwable cause = exception.getCause();
-    if (cause instanceof CustomRuntimeException) {
+    if (cause != null) {
+      exception = cause;
+    }
+    if (exception instanceof CustomRuntimeException) {
       return CompletableFuture.completedFuture(
-          Results.status(CUSTOM_EXCEPTION.getStatus(), cause.getMessage()));
+          Results.status(CUSTOM_EXCEPTION.getStatus(), exception.getMessage()));
     }
-    return CompletableFuture.completedFuture(
-        Results.internalServerError(exception.getCause().getMessage()));
+
+    return CompletableFuture.completedFuture(Results.internalServerError(exception.getMessage()));
   }
 }
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayAsyncServerRoutesScalaWithErrorHandlerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayAsyncServerRoutesScalaWithErrorHandlerTest.groovy
new file mode 100644
index 00000000000..1b90b01b764
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayAsyncServerRoutesScalaWithErrorHandlerTest.groovy
@@ -0,0 +1,106 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+import datadog.trace.agent.test.asserts.TraceAssert
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.DDTags
+import datadog.trace.api.config.TraceInstrumentationConfig
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.instrumentation.play26.PlayHttpServerDecorator
+import datadog.trace.instrumentation.play26.server.PlayServerWithErrorHandlerTest
+import datadog.trace.instrumentation.play26.server.TestHttpErrorHandler
+import play.api.BuiltInComponents
+import play.libs.concurrent.ClassLoaderExecution
+import play.routing.Router
+import spock.lang.Shared
+
+import java.util.concurrent.ExecutorService
+import java.util.concurrent.Executors
+import java.util.function.Function
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.NOT_FOUND
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.PATH_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+
+class PlayAsyncServerRoutesScalaWithErrorHandlerTest extends PlayServerWithErrorHandlerTest {
+  @Shared
+  ExecutorService executor
+
+  @Override
+  protected void configurePreAgent() {
+    super.configurePreAgent()
+    // otherwise the resource name will be set from the raw path with higher priority.
+    // We expect non-raw (decoded) paths in resource names
+    // Bug in HttpResourceDecorator.withRoute(AgentSpan, CharSequence, CharSequence, boolean)
+    // by not checking value of http.server.raw.resource ?
+    injectSysConfig(TraceInstrumentationConfig.HTTP_SERVER_ROUTE_BASED_NAMING, 'false')
+  }
+
+  void cleanupSpec() {
+    executor.shutdown()
+  }
+
+  @Override
+  HttpServer server() {
+    executor = Executors.newCachedThreadPool()
+
+    Function<BuiltInComponents, Router> f = { play.api.BuiltInComponentsFromContext it ->
+      new router.Routes(
+        it.httpErrorHandler(),
+        new PlayController(it.controllerComponents(), ClassLoaderExecution.fromThread(executor))
+        )
+    } as Function<BuiltInComponents, Router>
+    new PlayHttpServerScala(f, new TestHttpErrorHandler())
+  }
+
+  @Override
+  Map<String, ?> expectedIGPathParams() {
+    [path: '123']
+  }
+
+  private String routeFor(HttpServerTest.ServerEndpoint endpoint) {
+
+    switch (endpoint) {
+      case PATH_PARAM:
+        return '/path/$path<[^/]+>/param'
+      case NOT_FOUND:
+        return null
+      default:
+        endpoint.path
+    }
+  }
+
+  // we set Tags.HTTP_ROUTE with a routes file; override method for this
+  @Override
+  void handlerSpan(TraceAssert trace, HttpServerTest.ServerEndpoint endpoint = SUCCESS) {
+    def expectedQueryTag = expectedQueryTag(endpoint)
+    trace.span {
+      serviceName expectedServiceName()
+      operationName "play.request"
+      spanType DDSpanTypes.HTTP_SERVER
+      errored endpoint == EXCEPTION || endpoint == CUSTOM_EXCEPTION
+      childOfPrevious()
+      tags {
+        "$Tags.COMPONENT" PlayHttpServerDecorator.DECORATE.component()
+        "$Tags.SPAN_KIND" Tags.SPAN_KIND_SERVER
+        "$Tags.PEER_HOST_IPV4" '127.0.0.1'
+        "$Tags.HTTP_CLIENT_IP" { it == (endpoint == FORWARDED ? endpoint.body : "127.0.0.1") }
+        "$Tags.HTTP_URL" String
+        "$Tags.HTTP_HOSTNAME" address.host
+        "$Tags.HTTP_METHOD" String
+        "$Tags.HTTP_ROUTE" this.routeFor(endpoint)
+        if (endpoint == EXCEPTION || endpoint == CUSTOM_EXCEPTION) {
+          errorTags(endpoint == CUSTOM_EXCEPTION ? TestHttpErrorHandler.CustomRuntimeException : RuntimeException, endpoint.body)
+        }
+        if (endpoint.query) {
+          "$DDTags.HTTP_QUERY" expectedQueryTag
+        }
+        defaultTags()
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayAsyncServerScalaWithErrorHandlerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayAsyncServerScalaWithErrorHandlerTest.groovy
new file mode 100644
index 00000000000..f1efed6da8b
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayAsyncServerScalaWithErrorHandlerTest.groovy
@@ -0,0 +1,36 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+import datadog.trace.agent.test.base.HttpServer
+import datadog.trace.instrumentation.play26.server.PlayServerWithErrorHandlerTest
+import datadog.trace.instrumentation.play26.server.TestHttpErrorHandler
+import play.api.BuiltInComponents
+import play.routing.Router
+import spock.lang.Shared
+
+import java.util.concurrent.ExecutorService
+import java.util.concurrent.Executors
+import java.util.function.Function
+
+class PlayAsyncServerScalaWithErrorHandlerTest extends PlayServerWithErrorHandlerTest {
+  @Shared
+  ExecutorService executor
+
+  def cleanupSpec() {
+    executor.shutdown()
+  }
+
+  @Override
+  HttpServer server() {
+    executor = Executors.newCachedThreadPool()
+
+    Function<BuiltInComponents, Router> f = { play.api.BuiltInComponents it ->
+      PlayRoutersScala$.MODULE$.async(executor, it)
+    } as Function<BuiltInComponents, Router>
+    new PlayHttpServerScala(f, new TestHttpErrorHandler())
+  }
+
+  @Override
+  Map<String, ?> expectedIGPathParams() {
+    ['0': '123']
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayHttpServerScala.groovy b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayHttpServerScala.groovy
new file mode 100644
index 00000000000..2a75fca703f
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayHttpServerScala.groovy
@@ -0,0 +1,97 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+import datadog.trace.agent.test.base.HttpServer
+import groovy.transform.CompileStatic
+import play.Mode
+import play.api.ApplicationLoader
+import play.api.BuiltInComponents
+import play.api.BuiltInComponentsFromContext
+import play.api.Configuration
+import play.api.Environment
+import play.api.Play
+import play.api.inject.DefaultApplicationLifecycle
+import play.api.routing.Router
+import play.core.j.JavaHttpErrorHandlerAdapter
+import play.core.server.AkkaHttpServerProvider
+import play.core.server.Server
+import play.core.server.ServerConfig
+import play.http.HttpErrorHandler
+import play.mvc.EssentialFilter
+import scala.None$
+import scala.Option
+import scala.collection.Map$
+import scala.collection.immutable.Map
+import scala.collection.immutable.Seq
+
+import java.util.concurrent.TimeoutException
+import java.util.function.Function
+
+@CompileStatic
+class PlayHttpServerScala implements HttpServer {
+  final Function<BuiltInComponents, Router> router
+  HttpErrorHandler httpErrorHandler
+  def application
+  def server
+  def port
+
+  PlayHttpServerScala(Function<BuiltInComponents, Router> router, HttpErrorHandler httpErrorHandler) {
+    this.router = router
+    this.httpErrorHandler = httpErrorHandler
+  }
+
+  @Override
+  void start() throws TimeoutException {
+    Environment environment = Environment.simple(new File('.'), play.api.Mode.Test$.MODULE$)
+    ApplicationLoader.Context context = ApplicationLoader.Context$.MODULE$.create(
+      environment,
+      Map$.MODULE$.empty() as Map,
+      new DefaultApplicationLifecycle(),
+      None$.empty()
+      )
+    application = new BuiltInComponentsFromContext(context) {
+        @Override
+        Router router() {
+          router.apply(this)
+        }
+
+        @Override
+        Seq<EssentialFilter> httpFilters() {
+          (Seq) scala.collection.immutable.Seq$.MODULE$.empty()
+        }
+
+        @Override
+        play.api.http.HttpErrorHandler httpErrorHandler() {
+          if (httpErrorHandler != null) {
+            return new JavaHttpErrorHandlerAdapter(httpErrorHandler)
+          }
+          super.httpErrorHandler()
+        }
+      }.application()
+    Play.start(this.application as play.api.Application)
+
+    def config = new ServerConfig(
+      new File('.'),
+      Option.apply(0) as Option,
+      Option.empty() as Option,
+      '0.0.0.0',
+      Mode.PROD.asScala(),
+      System.getProperties(),
+      Configuration.load(environment)
+      )
+
+    Server server = new AkkaHttpServerProvider().createServer(config,
+      application as play.api.Application)
+    this.server = server
+    port = server.httpPort().get()
+  }
+
+  @Override
+  void stop() {
+    (this.server as Server).stop()
+  }
+
+  @Override
+  URI address() {
+    new URI("http://localhost:$port/")
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayRouters.groovy b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayRouters.groovy
new file mode 100644
index 00000000000..4bf05bb12c5
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/groovy/datadog/trace/instrumentation/play26/server/latestdep/PlayRouters.groovy
@@ -0,0 +1,296 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+import com.fasterxml.jackson.databind.JsonNode
+import com.fasterxml.jackson.databind.ObjectMapper
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.instrumentation.play26.server.TestHttpErrorHandler
+import groovy.transform.CompileStatic
+import org.w3c.dom.Document
+import play.BuiltInComponents
+import play.libs.concurrent.ClassLoaderExecution
+import play.mvc.Http
+import play.mvc.Result
+import play.mvc.Results
+import play.routing.RequestFunctions
+import play.routing.Router
+import play.routing.RoutingDsl
+import scala.concurrent.ExecutionContextExecutor
+
+import javax.xml.transform.OutputKeys
+import javax.xml.transform.TransformerFactory
+import javax.xml.transform.dom.DOMSource
+import javax.xml.transform.stream.StreamResult
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.CompletionStage
+import java.util.concurrent.ExecutorService
+
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_JSON
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_MULTIPART
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_URLENCODED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.BODY_XML
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CREATED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.PATH_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.USER_BLOCK
+import static datadog.trace.agent.test.base.HttpServerTest.controller
+
+// TODO: a lot of this routes don't exercise query/parameter extraction, when they should
+class PlayRouters {
+  static Router sync(BuiltInComponents components) {
+    RoutingDsl.fromComponents(components)
+      .GET(SUCCESS.path).routingTo({
+        controller(SUCCESS) {
+          Results.ok(SUCCESS.body)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(FORWARDED.path).routingTo({ req ->
+        controller(FORWARDED) {
+          Results.status(FORWARDED.status, req.header('X-Forwarded-For').orElse('(no header)'))
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(QUERY_PARAM.path).routingTo({ req ->
+        controller(QUERY_PARAM) {
+          Results.status(QUERY_PARAM.status, "some=${req.queryString('some').orElse('(null)')}")
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(QUERY_ENCODED_QUERY.path).routingTo({ req ->
+        controller(QUERY_ENCODED_QUERY) {
+          Results.status(QUERY_ENCODED_QUERY.status, "some=${req.queryString('some').orElse('(null)')}")
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(QUERY_ENCODED_BOTH.rawPath).routingTo({ req ->
+        controller(QUERY_ENCODED_BOTH) {
+          Results.status(QUERY_ENCODED_BOTH.status, "some=${req.queryString('some').orElse('(null)')}").
+            withHeader(HttpServerTest.IG_RESPONSE_HEADER, HttpServerTest.IG_RESPONSE_HEADER_VALUE)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(REDIRECT.path).routingTo({
+        controller(REDIRECT) {
+          Results.found(REDIRECT.body)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(ERROR.path).routingTo({
+        controller(ERROR) {
+          Results.status(ERROR.status, ERROR.body)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(EXCEPTION.path).routingTo({
+        controller(EXCEPTION) {
+          throw new RuntimeException(EXCEPTION.body)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET(CUSTOM_EXCEPTION.path).routingTo({
+        controller(CUSTOM_EXCEPTION) {
+          throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.body)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .GET('/path/:id/param').routingTo(PathParamHandlerSync.INSTANCE)
+      .GET(USER_BLOCK.path).routingTo({
+        controller(USER_BLOCK) {
+          Blocking.forUser('user-to-block').blockIfMatch()
+          Results.status(200, "should never be reached")
+        }
+      } as RequestFunctions.Params0<Result>)
+      .POST(CREATED.path).routingTo({ Http.Request req ->
+        controller(CREATED) {
+          String body = req.body().asText()
+          Results.created("created: $body")
+        }
+      } as RequestFunctions.Params0<Result>)
+      .POST(BODY_URLENCODED.path).routingTo({ Http.Request req ->
+        controller(BODY_URLENCODED) {
+          Map<String, String[]> body = req.body()asFormUrlEncoded()
+          Results.status(BODY_URLENCODED.status, body as String)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .POST(BODY_MULTIPART.path).routingTo({ Http.Request req ->
+        controller(BODY_MULTIPART) {
+          Map<String, String[]> body = req.body().asMultipartFormData().asFormUrlEncoded()
+          Results.status(BODY_MULTIPART.status, body as String)
+        }
+      } as RequestFunctions.Params0<Result>)
+      .POST(BODY_JSON.path).routingTo({ Http.Request req ->
+        controller(BODY_JSON) {
+          JsonNode json = req.body().asJson()
+          Results.status(BODY_JSON.status, new ObjectMapper().writeValueAsString(json))
+        }
+      } as RequestFunctions.Params0<Result>)
+      .POST(BODY_XML.path).routingTo({ Http.Request req ->
+        controller(BODY_XML) {
+          Document xml = req.body().asXml()
+          Results.status(BODY_XML.status, documentToString(xml))
+        }
+      } as RequestFunctions.Params0<Result>)
+      .build()
+  }
+
+  @CompileStatic
+  private static enum PathParamHandlerSync implements RequestFunctions.Params1<Integer, Result> {
+    INSTANCE
+
+    @Override
+    Result apply(Http.Request request, Integer id) {
+      controller(PATH_PARAM) {
+        Results.ok(id as String)
+      }
+    }
+  }
+
+  static Router async(ExecutorService executor, BuiltInComponents components) {
+    ExecutionContextExecutor execContext = ClassLoaderExecution.fromThread(executor)
+    RoutingDsl.fromComponents(components)
+      .GET(SUCCESS.path).routingAsync({
+        CompletableFuture.supplyAsync({
+          controller(SUCCESS) {
+            Results.ok(SUCCESS.body)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(FORWARDED.path).routingAsync({ req ->
+        CompletableFuture.supplyAsync({
+          controller(FORWARDED) {
+            Results.status(FORWARDED.status, req.header('X-Forwarded-For').orElse('(no header)'))
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(QUERY_PARAM.path).routingAsync({ req ->
+        CompletableFuture.supplyAsync({
+          controller(QUERY_PARAM) {
+            Results.status(QUERY_PARAM.status, "some=${req.queryString('some').orElse('(null)')}")
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(QUERY_ENCODED_QUERY.path).routingAsync({ req ->
+        CompletableFuture.supplyAsync({
+          controller(QUERY_ENCODED_QUERY) {
+            Results.status(QUERY_ENCODED_QUERY.status, "some=${req.queryString('some').orElse('(null)')}")
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(QUERY_ENCODED_BOTH.getRawPath()).routingAsync({ req ->
+        CompletableFuture.supplyAsync({
+          controller(QUERY_ENCODED_BOTH) {
+            Results.status(QUERY_ENCODED_BOTH.status, "some=${req.queryString('some').orElse('(null)')}").
+              withHeader(HttpServerTest.IG_RESPONSE_HEADER, HttpServerTest.IG_RESPONSE_HEADER_VALUE) // cheating
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(REDIRECT.path).routingAsync({
+        CompletableFuture.supplyAsync({
+          controller(REDIRECT) {
+            Results.found(REDIRECT.body)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(ERROR.path).routingAsync({
+        CompletableFuture.supplyAsync({
+          controller(ERROR) {
+            Results.status(ERROR.status, ERROR.body)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(EXCEPTION.path).routingAsync({
+        CompletableFuture.supplyAsync({
+          controller(EXCEPTION) {
+            throw new RuntimeException(EXCEPTION.body)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET(CUSTOM_EXCEPTION.path).routingAsync({
+        CompletableFuture.supplyAsync({
+          controller(CUSTOM_EXCEPTION) {
+            throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.body)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .GET('/path/:id/param').routingAsync(PathParamHandlerAsync.INSTANCE)
+      .GET(USER_BLOCK.path).routingAsync({
+        CompletableFuture.supplyAsync({
+          ->
+          controller(USER_BLOCK) {
+            Blocking.forUser('user-to-block').blockIfMatch()
+            Results.status(200, "should never be reached")
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .POST(CREATED.path).routingAsync({ Http.Request req ->
+        def body = req.body().asText()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(CREATED) {
+            Results.created("created: $body")
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .POST(BODY_URLENCODED.path).routingAsync({ Http.Request req ->
+        CompletableFuture.supplyAsync({
+          ->
+          def body = req.body().asFormUrlEncoded()
+          controller(BODY_URLENCODED) {
+            Results.status(BODY_URLENCODED.status, body as String)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .POST(BODY_MULTIPART.path).routingAsync({
+        Map<String, String[]> body = it.body().asMultipartFormData().asFormUrlEncoded()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_MULTIPART) {
+            Results.status(BODY_MULTIPART.status, body as String)
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .POST(BODY_JSON.path).routingAsync({ Http.Request req ->
+        JsonNode json = req.body().asJson()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_JSON) {
+            Results.status(BODY_JSON.status, new ObjectMapper().writeValueAsString(json))
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .POST(BODY_XML.path).routingAsync({ Http.Request req ->
+        Document xml = req.body().asXml()
+        CompletableFuture.supplyAsync({
+          ->
+          controller(BODY_XML) {
+            Results.status(BODY_XML.status, documentToString(xml))
+          }
+        }, execContext)
+      } as RequestFunctions.Params0<? extends CompletionStage<Result>>)
+      .build()
+  }
+
+  @CompileStatic
+  private static enum PathParamHandlerAsync implements RequestFunctions.Params1<Integer, CompletionStage<Result>> {
+    INSTANCE
+
+    @Override
+    CompletionStage<Result> apply(Http.Request request, Integer id) {
+      CompletableFuture.supplyAsync({
+        ->
+        controller(PATH_PARAM) {
+          Results.ok(id as String)
+        }
+      })
+    }
+  }
+
+  private static String documentToString(Document doc) {
+    StringWriter writer = new StringWriter()
+    TransformerFactory.newInstance().newTransformer().with {
+      setOutputProperty(OutputKeys.INDENT, "no")
+      transform(new DOMSource(doc), new StreamResult(writer))
+    }
+    writer.toString()
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/routes/conf/routes b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/routes/conf/routes
new file mode 100644
index 00000000000..0ba1ae9cff2
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/routes/conf/routes
@@ -0,0 +1,17 @@
+GET   /success                      datadog.trace.instrumentation.play26.server.latestdep.PlayController.success()
+GET   /redirect                     datadog.trace.instrumentation.play26.server.latestdep.PlayController.redirect()
+GET   /forwarded                    datadog.trace.instrumentation.play26.server.latestdep.PlayController.forwarded()
+GET   /error-status                 datadog.trace.instrumentation.play26.server.latestdep.PlayController.errorStatus()
+GET   /exception                    datadog.trace.instrumentation.play26.server.latestdep.PlayController.exception()
+GET   /custom-exception             datadog.trace.instrumentation.play26.server.latestdep.PlayController.customException()
+GET   /not-here                     datadog.trace.instrumentation.play26.server.latestdep.PlayController.notHere()
+GET   /user-block                   datadog.trace.instrumentation.play26.server.latestdep.PlayController.userBlock()
+GET   /query                        datadog.trace.instrumentation.play26.server.latestdep.PlayController.query(some: String)
+GET   /encoded_query                datadog.trace.instrumentation.play26.server.latestdep.PlayController.encodedQuery(some: String)
+GET   /encoded%20path%20query       datadog.trace.instrumentation.play26.server.latestdep.PlayController.encodedPathQuery(some: String)
+GET   /path/:path/param             datadog.trace.instrumentation.play26.server.latestdep.PlayController.pathParam(path: Integer)
+POST /created                       datadog.trace.instrumentation.play26.server.latestdep.PlayController.created()
+POST /body-urlencoded               datadog.trace.instrumentation.play26.server.latestdep.PlayController.bodyUrlencoded()
+POST /body-multipart                datadog.trace.instrumentation.play26.server.latestdep.PlayController.bodyMultipart()
+POST /body-json                     datadog.trace.instrumentation.play26.server.latestdep.PlayController.bodyJson()
+POST /body-xml                      datadog.trace.instrumentation.play26.server.latestdep.PlayController.bodyXml()
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/ImplicitConversions.scala b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/ImplicitConversions.scala
new file mode 100644
index 00000000000..7896e2836ae
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/ImplicitConversions.scala
@@ -0,0 +1,15 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+object ImplicitConversions {
+  implicit class MapExtensions[A](m: Iterable[(String, A)]) {
+    def toStringAsGroovy: String = {
+      def valueToString(value: Object) : String = value match {
+        case seq: Seq[_] => seq.map(x => valueToString(x.asInstanceOf[Object])).mkString("[", ",", "]")
+        case other => other.toString
+      }
+
+      m.map { case (key, value) => s"$key:${valueToString(value.asInstanceOf[Object])}" }
+        .mkString("[", ",", "]")
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/PlayController.scala b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/PlayController.scala
new file mode 100644
index 00000000000..65a360ad27f
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/PlayController.scala
@@ -0,0 +1,100 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.base.HttpServerTest.{ServerEndpoint, getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE}
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.instrumentation.play26.server.TestHttpErrorHandler
+import datadog.trace.instrumentation.play26.server.latestdep.ImplicitConversions.MapExtensions
+import groovy.lang.Closure
+import play.api.libs.json.{JsNull, JsValue, Json}
+import play.api.mvc._
+
+import scala.concurrent.{ExecutionContext, Future}
+import scala.xml.NodeSeq
+
+class PlayController(cc: ControllerComponents)(implicit ec: ExecutionContext) extends AbstractController(cc) {
+  def success() = controller(ServerEndpoint.SUCCESS) { _ =>
+    Results.Ok(ServerEndpoint.SUCCESS.getBody)
+  }
+
+  def redirect = controller(ServerEndpoint.REDIRECT) { _ =>
+    Results.Redirect(ServerEndpoint.REDIRECT.getBody, 302)
+  }
+
+  def forwarded = controller(ServerEndpoint.FORWARDED) { request =>
+    Results.Status(ServerEndpoint.FORWARDED.getStatus)(request.headers.get("X-Forwarded-For").getOrElse("(no header)"))
+  }
+
+  def errorStatus = controller(ServerEndpoint.ERROR) { _ =>
+    Results.Status(ServerEndpoint.ERROR.getStatus)(ServerEndpoint.ERROR.getBody)
+  }
+
+  def exception = controller(ServerEndpoint.EXCEPTION) { _ =>
+    throw new RuntimeException(ServerEndpoint.EXCEPTION.getBody)
+  }
+
+  def customException = controller(ServerEndpoint.CUSTOM_EXCEPTION) { _ =>
+    throw new TestHttpErrorHandler.CustomRuntimeException(ServerEndpoint.CUSTOM_EXCEPTION.getBody)
+  }
+
+  def userBlock = controller(ServerEndpoint.USER_BLOCK) { _ =>
+    Blocking.forUser("user-to-block").blockIfMatch()
+    Results.Ok("should never be reached")
+  }
+
+  def query(some: String) = controller(ServerEndpoint.QUERY_PARAM) { _ =>
+    Results.Status(ServerEndpoint.QUERY_PARAM.getStatus)(s"some=$some")
+  }
+
+  def encodedQuery(some: String) = controller(ServerEndpoint.QUERY_ENCODED_QUERY) { _ =>
+    Results.Status(ServerEndpoint.QUERY_ENCODED_QUERY.getStatus)(s"some=$some")
+  }
+
+  def encodedPathQuery(some: String) = controller(ServerEndpoint.QUERY_ENCODED_BOTH) { _ =>
+    Results.Status(ServerEndpoint.QUERY_ENCODED_BOTH.getStatus)(s"some=$some")
+  }
+
+  def notHere = controller(ServerEndpoint.NOT_HERE) { _ =>
+    Results.NotFound(ServerEndpoint.NOT_HERE.getBody)
+  }
+
+  def pathParam(id: Integer) = controller(ServerEndpoint.PATH_PARAM) { _ =>
+    Results.Ok(id.toString)
+  }
+
+  def created = controller(ServerEndpoint.CREATED) { request =>
+    val body: String = request.body.asText.getOrElse("")
+    Results.Created(s"created: $body")
+  }
+
+  def bodyUrlencoded = controller(ServerEndpoint.BODY_URLENCODED) { request =>
+    val body: Map[String, Seq[String]] = request.body.asFormUrlEncoded.getOrElse(Map.empty)
+    Results.Ok(body.toStringAsGroovy)
+  }
+
+  def bodyMultipart = controller(ServerEndpoint.BODY_MULTIPART) { request =>
+    val body: Map[String, Seq[String]] = request.body.asMultipartFormData.map(_.asFormUrlEncoded).getOrElse(Map.empty)
+    Results.Ok(body.toStringAsGroovy)
+  }
+
+  def bodyJson = controller(ServerEndpoint.BODY_JSON) { request =>
+    val body: JsValue = request.body.asJson.getOrElse(JsNull)
+    Results.Ok(Json.stringify(body))
+  }
+
+  def bodyXml = controller(ServerEndpoint.BODY_XML) { request =>
+    val body : NodeSeq = request.body.asXml.getOrElse(NodeSeq.Empty)
+    Results.Ok(body.toString())
+  }
+
+  private def controller(endpoint: ServerEndpoint)(block: Request[AnyContent] => Result) : Action[AnyContent] = {
+    Action.async { request =>
+      Future {
+        HttpServerTest.controller(endpoint, new Closure[Result](this) {
+          def doCall() = block(request).withHeaders(
+            (getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE))
+        })
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/PlayRoutersScala.scala b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/PlayRoutersScala.scala
new file mode 100644
index 00000000000..aa3256e96ed
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/latestDepTest/scala/datadog/trace/instrumentation/play26/server/latestdep/PlayRoutersScala.scala
@@ -0,0 +1,163 @@
+package datadog.trace.instrumentation.play26.server.latestdep
+
+import datadog.appsec.api.blocking.Blocking
+import datadog.trace.agent.test.base.HttpServerTest
+import datadog.trace.agent.test.base.HttpServerTest.{ServerEndpoint, getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE}
+import datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint._
+import datadog.trace.instrumentation.play26.server.TestHttpErrorHandler.CustomRuntimeException
+import datadog.trace.instrumentation.play26.server.latestdep.ImplicitConversions.MapExtensions
+import groovy.lang.Closure
+import play.api.BuiltInComponents
+import play.api.libs.json._
+import play.api.mvc._
+import play.api.routing.Router
+import play.api.routing.sird._
+
+import java.util.concurrent.ExecutorService
+import scala.concurrent.{ExecutionContext, Future}
+import scala.xml.NodeSeq
+
+object PlayRoutersScala {
+
+  def async(executor: ExecutorService)(components: BuiltInComponents): Router = {
+    val ec: ExecutionContext = ExecutionContext.fromExecutor(executor)
+    val parser = components.defaultBodyParser
+
+    import components._
+
+    def controller(endpoint: ServerEndpoint)(block: => Result): Future[Result] = {
+      Future {
+        HttpServerTest.controller(endpoint, new Closure[Result](this) {
+          def doCall(): Result = block.withHeaders(
+            (getIG_RESPONSE_HEADER, getIG_RESPONSE_HEADER_VALUE))
+        })
+      }(ec)
+    }
+
+    Router.from {
+      case GET(p"/success") =>
+        defaultActionBuilder.async {
+          controller(SUCCESS) {
+            Results.Ok(SUCCESS.getBody)
+          }
+        }
+
+      case GET(p"/redirect") =>
+        defaultActionBuilder.async {
+          controller(REDIRECT) {
+            Results.Redirect(REDIRECT.getBody, 302)
+          }
+        }
+
+      case GET(p"/forwarded") =>
+        defaultActionBuilder.async { request =>
+          controller(FORWARDED) {
+            Results.Status(FORWARDED.getStatus)(request.headers.get("X-Forwarded-For").getOrElse("(no header)"))
+          }
+        }
+
+      // endpoint is not special; error results are returned the same way
+      case GET(p"/error-status") =>
+        defaultActionBuilder.async {
+          controller(ERROR) {
+            Results.Status(ERROR.getStatus)(ERROR.getBody)
+          }
+        }
+
+      case GET(p"/exception") =>
+        defaultActionBuilder.async {
+          controller(EXCEPTION) {
+            throw new RuntimeException(EXCEPTION.getBody)
+          }
+        }
+
+      case GET(p"/custom-exception") =>
+        defaultActionBuilder.async {
+          controller(CUSTOM_EXCEPTION) {
+            throw new CustomRuntimeException(CUSTOM_EXCEPTION.getBody)
+          }
+        }
+
+      case GET(p"/not-here") =>
+        defaultActionBuilder.async {
+          controller(NOT_HERE) {
+            Results.NotFound
+          }
+        }
+
+      case GET(p"/user-block") =>
+        defaultActionBuilder.async {
+          controller(USER_BLOCK) {
+            Blocking.forUser("user-to-block").blockIfMatch()
+            Results.Ok("should never be reached")
+          }
+        }
+
+      case GET(p"/query" ? q"some=$some") =>
+        defaultActionBuilder.async {
+          controller(QUERY_PARAM) {
+            Results.Status(QUERY_PARAM.getStatus)(s"some=$some")
+          }
+        }
+
+      case GET(p"/encoded_query" ? q"some=$some") =>
+        defaultActionBuilder.async {
+          controller(QUERY_ENCODED_QUERY) {
+            Results.Status(QUERY_ENCODED_QUERY.getStatus)(s"some=$some")
+          }
+        }
+
+      case GET(p"/encoded%20path%20query" ? q"some=$some") =>
+        defaultActionBuilder.async {
+          controller(QUERY_ENCODED_BOTH) {
+            Results.Status(QUERY_ENCODED_BOTH.getStatus)(s"some=$some")
+          }
+        }
+
+      case GET(p"/path/$path/param") =>
+        defaultActionBuilder.async {
+          controller(PATH_PARAM) {
+            Results.Status(PATH_PARAM.getStatus)(path)
+          }
+        }
+
+      case POST(p"/created") => defaultActionBuilder.async(parser) { request =>
+        controller(CREATED) {
+          val body: String = request.body.asText.getOrElse("")
+          Results.Created(s"created: $body")
+        }
+      }
+
+      case POST(p"/body-urlencoded") => defaultActionBuilder.async(parser) { request =>
+        controller(BODY_URLENCODED) {
+          val body: Map[String, Seq[String]] = request.body.asFormUrlEncoded.getOrElse(Map.empty)
+          Results.Ok(body.toStringAsGroovy)
+        }
+      }
+
+      case POST(p"/body-multipart") => defaultActionBuilder.async(parser) { request =>
+        controller(BODY_MULTIPART) {
+          val body: Map[String, scala.Seq[String]] = request.body.asMultipartFormData.getOrElse(
+            MultipartFormData(Map.empty, scala.Seq.empty, scala.Seq.empty)
+          ).asFormUrlEncoded
+          Results.Ok(body.toStringAsGroovy)
+        }
+      }
+
+      case POST(p"/body-json") => defaultActionBuilder.async(parser) { request =>
+        controller(BODY_JSON) {
+          val body: JsValue = request.body.asJson.getOrElse(JsNull)
+          Results.Ok(Json.stringify(body))
+        }
+      }
+
+      case POST(p"/body-xml") => defaultActionBuilder.async(parser) { request =>
+        controller(BODY_XML) {
+          val body: NodeSeq = request.body.asXml.getOrElse(NodeSeq.Empty)
+          Results.Ok(body.toString())
+        }
+      }
+    }
+  }
+
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/MuzzleReferences.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/MuzzleReferences.java
new file mode 100644
index 00000000000..227d1fdf3bc
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/MuzzleReferences.java
@@ -0,0 +1,16 @@
+package datadog.trace.instrumentation.play26;
+
+import datadog.trace.agent.tooling.muzzle.Reference;
+
+public class MuzzleReferences {
+  private MuzzleReferences() {}
+
+  public static final Reference[] PLAY_26_PLUS =
+      new Reference[] {new Reference.Builder("play.components.BodyParserComponents").build()};
+
+  public static final Reference[] PLAY_26_ONLY =
+      new Reference[] {
+        new Reference.Builder("play.components.BodyParserComponents").build(),
+        new Reference.Builder("play.Configuration").build()
+      };
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayAdvice.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayAdvice.java
index 9f3ab28cd02..51aaaef20ee 100644
--- a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayAdvice.java
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayAdvice.java
@@ -9,6 +9,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context;
+import datadog.trace.bootstrap.instrumentation.api.ResourceNamePriorities;
 import net.bytebuddy.asm.Advice;
 import play.api.mvc.Action;
 import play.api.mvc.Headers;
@@ -18,7 +19,9 @@
 
 public class PlayAdvice {
   @Advice.OnMethodEnter(suppress = Throwable.class)
-  public static AgentScope onEnter(@Advice.Argument(value = 0, readOnly = false) Request req) {
+  public static AgentScope onEnter(
+      @Advice.Argument(value = 0, readOnly = false) Request req,
+      @Advice.Local("extractedContext") Context.Extracted extractedContext) {
     final AgentSpan span;
 
     // If we have already added a `play.request` span, then don't do it again
@@ -28,7 +31,7 @@ public static AgentScope onEnter(@Advice.Argument(value = 0, readOnly = false) R
 
     if (activeSpan() == null) {
       final Headers headers = req.headers();
-      final Context.Extracted extractedContext = DECORATE.extract(headers);
+      extractedContext = DECORATE.extract(headers);
       span = DECORATE.startSpan(headers, extractedContext);
     } else {
       // An upstream framework (e.g. akka-http, netty) has already started the span.
@@ -48,6 +51,7 @@ public static AgentScope onEnter(@Advice.Argument(value = 0, readOnly = false) R
   @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
   public static void stopTraceOnResponse(
       @Advice.Enter final AgentScope playControllerScope,
+      @Advice.Local("extractedContext") Context.Extracted extractedContext,
       @Advice.This final Object thisAction,
       @Advice.Thrown final Throwable throwable,
       @Advice.Argument(0) final Request req,
@@ -60,7 +64,7 @@ public static void stopTraceOnResponse(
     final AgentSpan playControllerSpan = playControllerScope.span();
 
     // Call onRequest on return after tags are populated.
-    DECORATE.onRequest(playControllerSpan, req, req, null);
+    DECORATE.onRequest(playControllerSpan, req, req, extractedContext);
 
     if (throwable == null) {
       responseFuture.onComplete(
@@ -76,8 +80,9 @@ public static void stopTraceOnResponse(
 
     final AgentSpan rootSpan = activeSpan();
     // set the resource name on the upstream akka/netty span if there is one
-    if (rootSpan != null) {
-      DECORATE.onRequest(rootSpan, req, req, null);
+    if (rootSpan != null && playControllerSpan.getResourceName() != null) {
+      rootSpan.setResourceName(
+          playControllerSpan.getResourceName(), ResourceNamePriorities.HTTP_PATH_NORMALIZER);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayHttpServerDecorator.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayHttpServerDecorator.java
index 4ff4bfd99f3..b5267fe7540 100644
--- a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayHttpServerDecorator.java
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayHttpServerDecorator.java
@@ -19,6 +19,7 @@
 import play.api.mvc.Headers;
 import play.api.mvc.Request;
 import play.api.mvc.Result;
+import play.api.mvc.request.RemoteConnection;
 import play.api.routing.HandlerDef;
 import play.libs.typedmap.TypedKey;
 import play.routing.Router;
@@ -95,7 +96,12 @@ protected URIDataAdapter url(final Request request) {
 
   @Override
   protected String peerHostIP(final Request request) {
-    return request.remoteAddress();
+    RemoteConnection connection = request.connection();
+    if (connection instanceof RemoteConnectionWithRawAddress) {
+      return ((RemoteConnectionWithRawAddress) connection).rawRemoteAddressString();
+    } else {
+      return request.remoteAddress();
+    }
   }
 
   @Override
@@ -134,7 +140,7 @@ public AgentSpan onRequest(
         CharSequence path =
             PATH_CACHE.computeIfAbsent(
                 defOption.get().path(), p -> addMissingSlash(p, request.path()));
-        HTTP_RESOURCE_DECORATOR.withRoute(span, request.method(), path);
+        HTTP_RESOURCE_DECORATOR.withRoute(span, request.method(), path, true);
       }
     }
     return span;
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayInstrumentation.java
index 84f2f62c104..ffa1fcbbf8b 100644
--- a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayInstrumentation.java
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/PlayInstrumentation.java
@@ -18,6 +18,11 @@ public PlayInstrumentation() {
     super("play");
   }
 
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
   @Override
   public String hierarchyMarkerType() {
     return "play.api.mvc.Action";
@@ -35,9 +40,10 @@ public String[] helperClassNames() {
       packageName + ".PlayHeaders$Request",
       packageName + ".PlayHeaders$Result",
       packageName + ".PlayHttpServerDecorator",
+      packageName + ".RemoteConnectionWithRawAddress",
       packageName + ".RequestCompleteCallback",
       packageName + ".RequestURIDataAdapter",
-      packageName + ".HasPlayRequestSpan"
+      packageName + ".HasPlayRequestSpan",
     };
   }
 
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/RemoteConnectionWithRawAddress.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/RemoteConnectionWithRawAddress.java
new file mode 100644
index 00000000000..8d1976a0e16
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/RemoteConnectionWithRawAddress.java
@@ -0,0 +1,41 @@
+package datadog.trace.instrumentation.play26;
+
+import java.net.InetAddress;
+import java.security.cert.X509Certificate;
+import play.api.mvc.request.RemoteConnection;
+import scala.Option;
+import scala.collection.Seq;
+
+public class RemoteConnectionWithRawAddress implements RemoteConnection {
+  private final RemoteConnection rawConnection;
+  private final RemoteConnection delegate;
+
+  public RemoteConnectionWithRawAddress(RemoteConnection rawConnection, RemoteConnection delegate) {
+    this.rawConnection = rawConnection;
+    this.delegate = delegate;
+  }
+
+  @Override
+  public InetAddress remoteAddress() {
+    return delegate.remoteAddress();
+  }
+
+  @Override
+  public String remoteAddressString() {
+    return delegate.remoteAddressString();
+  }
+
+  public String rawRemoteAddressString() {
+    return rawConnection.remoteAddressString();
+  }
+
+  @Override
+  public boolean secure() {
+    return delegate.secure();
+  }
+
+  @Override
+  public Option<Seq<X509Certificate>> clientCertificateChain() {
+    return delegate.clientCertificateChain();
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/SaveRawRemoteConnectionInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/SaveRawRemoteConnectionInstrumentation.java
new file mode 100644
index 00000000000..0ce2ecd28ec
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/SaveRawRemoteConnectionInstrumentation.java
@@ -0,0 +1,59 @@
+package datadog.trace.instrumentation.play26;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+import play.api.mvc.request.RemoteConnection;
+
+@AutoService(Instrumenter.class)
+public class SaveRawRemoteConnectionInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public SaveRawRemoteConnectionInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {packageName + ".RemoteConnectionWithRawAddress"};
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.core.server.common.ForwardedHeaderHandler";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("forwardedConnection")
+            .and(not(isStatic()))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.api.mvc.request.RemoteConnection")))
+            .and(takesArgument(1, named("play.api.mvc.Headers")))
+            .and(returns(named("play.api.mvc.request.RemoteConnection"))),
+        SaveRawRemoteConnectionInstrumentation.class.getName() + "$ForwardedConnectionAdvice");
+  }
+
+  static class ForwardedConnectionAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(
+        @Advice.Argument(0) RemoteConnection rawConnection,
+        @Advice.Return(readOnly = false) RemoteConnection retConnection) {
+      if (rawConnection != retConnection && rawConnection != null) {
+        retConnection = new RemoteConnectionWithRawAddress(rawConnection, retConnection);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/ArgumentCaptureWrappers.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/ArgumentCaptureWrappers.java
new file mode 100644
index 00000000000..853fbb39f4a
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/ArgumentCaptureWrappers.java
@@ -0,0 +1,130 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import play.libs.F;
+
+public class ArgumentCaptureWrappers {
+  public static class ArgumentCaptureFunction<R> implements Function<Object, R> {
+    private final Function<Object, R> delegate;
+
+    public ArgumentCaptureFunction(Function<Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Object o) {
+      if (o == null) {
+        return delegate.apply(null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(o);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(o);
+      }
+
+      Map<String, Object> conv = Collections.singletonMap("0", o);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routeTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(o);
+    }
+  }
+
+  public static class ArgumentCaptureBiFunction<R> implements BiFunction<Object, Object, R> {
+    private final BiFunction<Object, Object, R> delegate;
+
+    public ArgumentCaptureBiFunction(BiFunction<Object, Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Object o1, Object o2) {
+      if (o1 == null && o2 == null) {
+        return delegate.apply(null, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(o1, o2);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(o1, o2);
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      conv.put("0", o1);
+      conv.put("1", o2);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routeTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(o1, o2);
+    }
+  }
+
+  public static class ArgumentCaptureFunction3<R>
+      implements F.Function3<Object, Object, Object, R> {
+    private final F.Function3<Object, Object, Object, R> delegate;
+
+    public ArgumentCaptureFunction3(F.Function3<Object, Object, Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Object o1, Object o2, Object o3) throws Throwable {
+      if (o1 == null && o2 == null && o3 == null) {
+        return delegate.apply(null, null, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(o1, o2, o3);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(o1, o2, o3);
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      conv.put("0", o1);
+      conv.put("1", o2);
+      conv.put("2", o3);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routeTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(o1, o2, o3);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/BodyParserHelpers.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/BodyParserHelpers.java
new file mode 100644
index 00000000000..87afd198a69
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/BodyParserHelpers.java
@@ -0,0 +1,450 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.DoubleNode;
+import com.fasterxml.jackson.databind.node.FloatNode;
+import com.fasterxml.jackson.databind.node.NullNode;
+import com.fasterxml.jackson.databind.node.NumericNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.fasterxml.jackson.databind.node.TextNode;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.BiFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.NodeList;
+import play.api.libs.json.JsArray;
+import play.api.libs.json.JsBoolean;
+import play.api.libs.json.JsNumber;
+import play.api.libs.json.JsObject;
+import play.api.libs.json.JsString;
+import play.api.libs.json.JsValue;
+import play.api.mvc.MultipartFormData;
+import scala.Function1;
+import scala.Tuple2;
+import scala.collection.Iterable;
+import scala.collection.Iterator;
+import scala.collection.Seq;
+import scala.compat.java8.JFunction1;
+import scala.xml.Elem;
+import scala.xml.Node;
+import scala.xml.NodeSeq;
+import scala.xml.Text;
+
+public class BodyParserHelpers {
+
+  public static final int MAX_CONVERSION_DEPTH = 10;
+  private static final Logger log = LoggerFactory.getLogger(BodyParserHelpers.class);
+  public static final int MAX_RECURSION = 15;
+
+  private static JFunction1<
+          scala.collection.immutable.Map<String, Seq<String>>,
+          scala.collection.immutable.Map<String, Seq<String>>>
+      HANDLE_URL_ENCODED = BodyParserHelpers::handleUrlEncoded;
+  private static JFunction1<String, String> HANDLE_TEXT = BodyParserHelpers::handleText;
+  private static JFunction1<MultipartFormData<?>, MultipartFormData<?>> HANDLE_MULTIPART_FORM_DATA =
+      BodyParserHelpers::handleMultipartFormData;
+  private static JFunction1<JsValue, JsValue> HANDLE_JSON = BodyParserHelpers::handleJson;
+  private static JFunction1<NodeSeq, NodeSeq> HANDLE_XML = BodyParserHelpers::handleXml;
+
+  private BodyParserHelpers() {}
+
+  public static Function1<
+          scala.collection.immutable.Map<String, Seq<String>>,
+          scala.collection.immutable.Map<String, Seq<String>>>
+      getHandleUrlEncodedMapF() {
+    return HANDLE_URL_ENCODED;
+  }
+
+  private static scala.collection.immutable.Map<String, Seq<String>> handleUrlEncoded(
+      scala.collection.immutable.Map<String, Seq<String>> data) {
+    if (data == null || data.isEmpty()) {
+      return data;
+    }
+
+    try {
+      Object conv = tryConvertingScalaContainers(data, MAX_CONVERSION_DEPTH);
+      handleArbitraryPostData(conv, "tolerantFormUrlEncoded");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of tolerantFormUrlEncoded BodyParser");
+    }
+    return data;
+  }
+
+  public static Function1<String, String> getHandleStringMapF() {
+    return HANDLE_TEXT;
+  }
+
+  private static String handleText(String s) {
+    if (s == null || s.isEmpty()) {
+      return s;
+    }
+
+    try {
+      handleArbitraryPostData(s, "tolerantText");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of tolerantText BodyParser");
+    }
+
+    return s;
+  }
+
+  public static Function1<MultipartFormData<?>, MultipartFormData<?>>
+      getHandleMultipartFormDataF() {
+    return HANDLE_MULTIPART_FORM_DATA;
+  }
+
+  private static MultipartFormData<?> handleMultipartFormData(MultipartFormData<?> data) {
+    scala.collection.immutable.Map<String, Seq<String>> mpfd = data.asFormUrlEncoded();
+
+    if (mpfd == null || mpfd.isEmpty()) {
+      return data;
+    }
+
+    try {
+      Object conv = tryConvertingScalaContainers(mpfd, MAX_CONVERSION_DEPTH);
+      handleArbitraryPostData(conv, "multipartFormData");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of multipartFormData BodyParser");
+    }
+    return data;
+  }
+
+  public static Function1<JsValue, JsValue> getHandleJsonF() {
+    return HANDLE_JSON;
+  }
+
+  private static JsValue handleJson(JsValue data) {
+    if (data == null) {
+      return null;
+    }
+    if (!isAppsecActiveForRequest()) {
+      // skip potentially expensive transformation
+      return data;
+    }
+
+    try {
+      Object conv = jsValueToJavaObject(data, MAX_RECURSION);
+      handleArbitraryPostData(conv, "json");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of json BodyParser");
+    }
+    return data;
+  }
+
+  public static Function1<NodeSeq, NodeSeq> getHandleXmlF() {
+    return HANDLE_XML;
+  }
+
+  private static NodeSeq handleXml(NodeSeq data) {
+    if (data == null) {
+      return null;
+    }
+    if (!isAppsecActiveForRequest()) {
+      // skip potentially expensive transformation
+      return data;
+    }
+
+    try {
+      Object conv = nodeSeqToJavaObject(data, MAX_RECURSION);
+      handleArbitraryPostData(conv, "xml");
+    } catch (Exception e) {
+      handleException(e, "Error handling result of xml BodyParser");
+    }
+    return data;
+  }
+
+  private static void executeCallback(
+      RequestContext reqCtx,
+      BiFunction<RequestContext, Object, Flow<Void>> callback,
+      Object conv,
+      String details) {
+    Flow<Void> flow = callback.apply(reqCtx, conv);
+    Flow.Action action = flow.getAction();
+    if (action instanceof Flow.Action.RequestBlockingAction) {
+      Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+      BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+      if (blockResponseFunction != null) {
+        boolean success =
+            blockResponseFunction.tryCommitBlockingResponse(
+                reqCtx.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
+        if (success) {
+          throw new BlockingException("Blocked request (for " + details + ")");
+        }
+      }
+    }
+  }
+
+  private static Object tryConvertingScalaContainers(Object obj, int depth) {
+    if (depth == 0) {
+      return obj;
+    }
+    if (obj instanceof scala.collection.Map) {
+      scala.collection.Map map = (scala.collection.Map) obj;
+      Map<Object, Object> ret = new HashMap<>();
+      Iterator<Tuple2> iterator = map.iterator();
+      while (iterator.hasNext()) {
+        Tuple2 next = iterator.next();
+        ret.put(next._1(), tryConvertingScalaContainers(next._2(), depth - 1));
+      }
+      return ret;
+    } else if (obj instanceof Iterable) {
+      List<Object> ret = new ArrayList<>();
+      Iterator iterator = ((Iterable) obj).iterator();
+      while (iterator.hasNext()) {
+        Object next = iterator.next();
+        ret.add(tryConvertingScalaContainers(next, depth - 1));
+      }
+      return ret;
+    }
+    return obj;
+  }
+
+  public static void handleJsonNode(JsonNode n, String source) {
+    Object o = jsNodeToJavaObject(n, MAX_RECURSION);
+    handleArbitraryPostDataWithSpanError(o, source);
+  }
+
+  private static boolean isAppsecActiveForRequest() {
+    AgentSpan span = activeSpan();
+    RequestContext reqCtx;
+
+    return span != null
+        && (reqCtx = span.getRequestContext()) != null
+        && reqCtx.getData(RequestContextSlot.APPSEC) != null;
+  }
+
+  public static void handleArbitraryPostDataWithSpanError(Object o, String source) {
+    AgentSpan span = activeSpan();
+    try {
+      doHandleArbitraryPostData(span, o, source);
+    } catch (BlockingException be) {
+      span.addThrowable(be);
+      throw be;
+    }
+  }
+
+  public static void handleArbitraryPostData(Object o, String source) {
+    doHandleArbitraryPostData(activeSpan(), o, source);
+  }
+
+  public static void doHandleArbitraryPostData(AgentSpan span, Object o, String source) {
+    RequestContext reqCtx;
+    if (span == null
+        || (reqCtx = span.getRequestContext()) == null
+        || reqCtx.getData(RequestContextSlot.APPSEC) == null) {
+      return;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Object, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestBodyProcessed());
+    if (callback == null) {
+      return;
+    }
+
+    // callback execution
+    executeCallback(reqCtx, callback, o, source);
+  }
+
+  private static void handleException(Exception e, String logMessage) {
+    if (e instanceof BlockingException) {
+      throw (BlockingException) e;
+    }
+
+    log.warn(logMessage, e);
+  }
+
+  private static Object jsValueToJavaObject(JsValue value, int maxRecursion) {
+    if (value == null || maxRecursion <= 0) {
+      return null;
+    }
+
+    if (value instanceof JsString) {
+      return ((JsString) value).value();
+    } else if (value instanceof JsNumber) {
+      return ((JsNumber) value).value();
+    } else if (value instanceof JsBoolean) {
+      return ((JsBoolean) value).value();
+    } else if (value instanceof JsObject) {
+      Map<String, Object> map = new HashMap<>();
+      JsObject jsonObject = (JsObject) value;
+      Iterator<Tuple2<String, JsValue>> iterator = jsonObject.fields().iterator();
+      while (iterator.hasNext()) {
+        Tuple2<String, JsValue> e = iterator.next();
+        map.put(e._1(), jsValueToJavaObject(e._2(), maxRecursion - 1));
+      }
+      return map;
+    } else if (value instanceof JsArray) {
+      List<Object> list = new ArrayList<>();
+      JsArray jsArray = (JsArray) value;
+      Iterator<JsValue> iterator = jsArray.value().iterator();
+      while (iterator.hasNext()) {
+        JsValue next = iterator.next();
+        list.add(jsValueToJavaObject(next, maxRecursion - 1));
+      }
+      return list;
+    } else {
+      return null;
+    }
+  }
+
+  private static Object jsNodeToJavaObject(JsonNode value, int maxRecursion) {
+    if (value == null || maxRecursion <= 0) {
+      return null;
+    }
+
+    if (value instanceof TextNode) {
+      return value.asText();
+    } else if (value instanceof FloatNode || value instanceof DoubleNode) {
+      return value.asDouble();
+    } else if (value instanceof NumericNode) {
+      return value.asLong();
+    } else if (value instanceof ObjectNode) {
+      Map<String, Object> map = new HashMap<>();
+      ObjectNode jsonObject = (ObjectNode) value;
+      java.util.Iterator<Map.Entry<String, JsonNode>> iterator = jsonObject.fields();
+      while (iterator.hasNext()) {
+        Map.Entry<String, JsonNode> e = iterator.next();
+        map.put(e.getKey(), jsNodeToJavaObject(e.getValue(), maxRecursion - 1));
+      }
+      return map;
+    } else if (value instanceof ArrayNode) {
+      List<Object> list = new ArrayList<>();
+      ArrayNode arrayNode = (ArrayNode) value;
+      java.util.Iterator<JsonNode> iterator = arrayNode.elements();
+      while (iterator.hasNext()) {
+        JsonNode next = iterator.next();
+        list.add(jsNodeToJavaObject(next, maxRecursion - 1));
+      }
+      return list;
+    } else if (value instanceof NullNode) {
+      return null;
+    } else {
+      return value.asText("");
+    }
+  }
+
+  private static Object nodeSeqToJavaObject(NodeSeq nodeSeq, int maxRecursion) {
+    if (nodeSeq.length() == 0 || maxRecursion <= 0) {
+      return null;
+    }
+
+    List<Object> ret = new ArrayList<>(nodeSeq.length());
+    Iterator<Node> iterator = nodeSeq.iterator();
+    while (iterator.hasNext()) {
+      Node node = iterator.next();
+      ret.add(nodeToJavaObject(node, maxRecursion));
+    }
+    return ret;
+  }
+
+  // we don't preserve element names
+  private static Object nodeToJavaObject(Node node, int maxRecursion) {
+    if (node == null || maxRecursion <= 0) {
+      return null;
+    }
+
+    if (node instanceof Elem) {
+      scala.collection.immutable.Map<String, String> attributes = node.attributes().asAttrMap();
+
+      int size = node.child().size();
+      List<Object> childList = Collections.emptyList();
+      if (size > 0) {
+        childList = new ArrayList<>();
+        Iterator<Node> iterator = node.child().iterator();
+        while (iterator.hasNext()) {
+          Node childNode = iterator.next();
+          childList.add(nodeToJavaObject(childNode, maxRecursion - 1));
+        }
+      }
+
+      Map<String, Object> nodeRepr = new HashMap<>();
+      if (!attributes.isEmpty()) {
+        nodeRepr.put("attributes", tryConvertingScalaContainers(attributes, 1));
+      }
+      if (!childList.isEmpty()) {
+        nodeRepr.put("children", childList);
+      }
+      return nodeRepr;
+    } else if (node instanceof Text) {
+      return node.text().trim();
+    } else {
+      return null;
+    }
+  }
+
+  public static void handleXmlDocument(Document ret, String source) {
+    if (ret == null) {
+      return;
+    }
+
+    Element documentElement = ret.getDocumentElement();
+    Object obj = convertW3cNode(documentElement, MAX_RECURSION);
+
+    // pass wrapped in a list for consistency with NodeSeq (scala) variant
+    handleArbitraryPostDataWithSpanError(Collections.singletonList(obj), source);
+  }
+
+  private static Object convertW3cNode(org.w3c.dom.Node node, int maxRecursion) {
+    if (node == null || maxRecursion <= 0) {
+      return null;
+    }
+
+    if (node instanceof Element) {
+      Map<String, String> attributes = Collections.emptyMap();
+      if (node.hasAttributes()) {
+        attributes = new HashMap<>();
+        NamedNodeMap attrMap = node.getAttributes();
+        for (int i = 0; i < attrMap.getLength(); i++) {
+          org.w3c.dom.Attr item = (Attr) attrMap.item(i);
+          attributes.put(item.getName(), item.getValue());
+        }
+      }
+
+      List<Object> children = Collections.emptyList();
+      if (node.hasChildNodes()) {
+        NodeList childNodes = node.getChildNodes();
+        children = new ArrayList<>(childNodes.getLength());
+        for (int i = 0; i < childNodes.getLength(); i++) {
+          org.w3c.dom.Node item = childNodes.item(i);
+          children.add(convertW3cNode(item, maxRecursion - 1));
+        }
+      }
+
+      Map<String, Object> repr = new HashMap<>();
+      if (!attributes.isEmpty()) {
+        repr.put("attributes", attributes);
+      }
+      if (!children.isEmpty()) {
+        repr.put("children", children);
+      }
+      return repr;
+    } else if (node instanceof org.w3c.dom.Text) {
+      return node.getTextContent();
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/DelegatingBodyParserInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/DelegatingBodyParserInstrumentation.java
new file mode 100644
index 00000000000..5672422c95c
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/DelegatingBodyParserInstrumentation.java
@@ -0,0 +1,76 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import net.bytebuddy.asm.Advice;
+import play.core.j.JavaParsers$;
+import play.mvc.BodyParser;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.DelegatingBodyParser */
+@AutoService(Instrumenter.class)
+public class DelegatingBodyParserInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public DelegatingBodyParserInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$DelegatingBodyParser";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".JavaMultipartFormDataRegisterExcF",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("apply")
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(returns(named("play.libs.streams.Accumulator"))),
+        DelegatingBodyParserInstrumentation.class.getName() + "$ApplyAdvice");
+  }
+
+  static class ApplyAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(
+        @Advice.This BodyParser.DelegatingBodyParser thiz,
+        @Advice.Return(readOnly = false) play.libs.streams.Accumulator ret) {
+      if (!thiz.getClass().getName().equals("play.mvc.BodyParser$MultipartFormData")) {
+        return;
+      }
+      play.libs.streams.Accumulator<
+              akka.util.ByteString,
+              play.libs.F.Either<
+                  play.mvc.Result, Http.MultipartFormData<play.libs.Files.TemporaryFile>>>
+          acc = ret;
+
+      ret =
+          acc.recover(
+              JavaMultipartFormDataRegisterExcF.INSTANCE, JavaParsers$.MODULE$.trampoline());
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/FormUrlEncodedInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/FormUrlEncodedInstrumentation.java
new file mode 100644
index 00000000000..a97e6422d5a
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/FormUrlEncodedInstrumentation.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.util.ByteString;
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.FormUrlEncoded#parse(Http.RequestHeader, ByteString) */
+@AutoService(Instrumenter.class)
+public class FormUrlEncodedInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public FormUrlEncodedInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$FormUrlEncoded";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(Map.class)),
+        FormUrlEncodedInstrumentation.class.getName() + "$ParseAdvice");
+  }
+
+  static class ParseAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Return Map<String, String[]> ret, @Advice.Thrown(readOnly = false) Throwable t) {
+      if (t != null) {
+        return;
+      }
+      try {
+        // error is reported as client error, which doesn't preserve the exception
+        BodyParserHelpers.handleArbitraryPostDataWithSpanError(ret, "FormUrlEncoded#parse");
+      } catch (BlockingException be) {
+        t = be;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/HttpErrorHandlerInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/HttpErrorHandlerInstrumentation.java
new file mode 100644
index 00000000000..844cc719dc5
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/HttpErrorHandlerInstrumentation.java
@@ -0,0 +1,88 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+import play.api.http.HttpErrorHandler;
+import play.api.mvc.RequestHeader;
+
+/** @see HttpErrorHandler#onServerError(RequestHeader, Throwable) */
+@AutoService(Instrumenter.class)
+public class HttpErrorHandlerInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForTypeHierarchy {
+  public HttpErrorHandlerInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS;
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPublic()
+            .and(named("onServerError"))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.api.mvc.RequestHeader")))
+            .and(takesArgument(1, Throwable.class))
+            .and(returns(named("scala.concurrent.Future"))),
+        HttpErrorHandlerInstrumentation.class.getName() + "$OnServerErrorAdvice");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "play.api.http.HttpErrorHandler";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named("play.api.http.HttpErrorHandler"));
+  }
+
+  static class OnServerErrorAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static void before(@Advice.Argument(1) Throwable t) {
+      int i = CallDepthThreadLocalMap.incrementCallDepth(HttpErrorHandler.class);
+      if (i > 0) {
+        return;
+      }
+
+      if (!(t instanceof BlockingException)) {
+        return;
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return;
+      }
+      agentSpan.addThrowable(t);
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after() {
+      CallDepthThreadLocalMap.decrementCallDepth(HttpErrorHandler.class);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/JavaMultipartFormDataRegisterExcF.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/JavaMultipartFormDataRegisterExcF.java
new file mode 100644
index 00000000000..bc6199c89f0
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/JavaMultipartFormDataRegisterExcF.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import java.lang.reflect.UndeclaredThrowableException;
+import java.util.concurrent.CompletionException;
+import java.util.function.Function;
+import play.libs.F;
+import play.libs.Files;
+import play.mvc.Http;
+import play.mvc.Result;
+
+public class JavaMultipartFormDataRegisterExcF
+    implements Function<Throwable, F.Either<Result, Http.MultipartFormData<Files.TemporaryFile>>> {
+  public static Function<Throwable, F.Either<Result, Http.MultipartFormData<Files.TemporaryFile>>>
+      INSTANCE = new JavaMultipartFormDataRegisterExcF();
+
+  private JavaMultipartFormDataRegisterExcF() {}
+
+  @Override
+  public F.Either<Result, Http.MultipartFormData<Files.TemporaryFile>> apply(Throwable exc) {
+    if (exc instanceof CompletionException) {
+      exc = exc.getCause();
+    }
+    if (exc instanceof BlockingException) {
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan != null) {
+        agentSpan.addThrowable(exc);
+      }
+    }
+    if (exc instanceof RuntimeException) {
+      throw (RuntimeException) exc;
+    } else {
+      throw new UndeclaredThrowableException(exc);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/NoDeclaredMethodMatcher.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/NoDeclaredMethodMatcher.java
new file mode 100644
index 00000000000..1075d1c34c7
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/NoDeclaredMethodMatcher.java
@@ -0,0 +1,23 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+public class NoDeclaredMethodMatcher implements ElementMatcher<MethodDescription> {
+  private final ElementMatcher<? super MethodDescription> methodMatcher;
+
+  public static ElementMatcher<MethodDescription> hasNoDeclaredMethod(
+      ElementMatcher<? super MethodDescription> em) {
+    return new NoDeclaredMethodMatcher(em);
+  }
+
+  private NoDeclaredMethodMatcher(ElementMatcher<? super MethodDescription> methodMatcher) {
+    this.methodMatcher = methodMatcher;
+  }
+
+  @Override
+  public boolean matches(MethodDescription target) {
+    return !target.getDeclaringType().getDeclaredMethods().stream()
+        .anyMatch(md -> this.methodMatcher.matches(md));
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PathExtractionHelpers.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PathExtractionHelpers.java
new file mode 100644
index 00000000000..0ff075cbf3e
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PathExtractionHelpers.java
@@ -0,0 +1,62 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.api.gateway.Events.EVENTS;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.gateway.CallbackProvider;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import java.util.Map;
+import java.util.function.BiFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PathExtractionHelpers {
+  private static final Logger log = LoggerFactory.getLogger(PathExtractionHelpers.class);
+
+  private PathExtractionHelpers() {}
+
+  public static BlockingException callRequestPathParamsCallback(
+      RequestContext reqCtx, Map<String, Object> params, String origin) {
+    try {
+      return doCallRequestPathParamsCallback(reqCtx, params, origin);
+    } catch (Exception e) {
+      log.warn("Error calling " + origin, e);
+      return null;
+    }
+  }
+
+  private static BlockingException doCallRequestPathParamsCallback(
+      RequestContext reqCtx, Map<String, Object> params, String origin) {
+    if (params == null || params.isEmpty()) {
+      return null;
+    }
+
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, Map<String, ?>, Flow<Void>> callback =
+        cbp.getCallback(EVENTS.requestPathParams());
+    if (callback == null) {
+      return null;
+    }
+
+    Flow<Void> flow = callback.apply(reqCtx, params);
+    Flow.Action action = flow.getAction();
+    if (!(action instanceof Flow.Action.RequestBlockingAction)) {
+      return null;
+    }
+
+    Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
+    BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
+    if (brf != null) {
+      brf.tryCommitBlockingResponse(
+          reqCtx.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
+    }
+    return new BlockingException("Blocked request (for " + origin + ")");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PathPatternInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PathPatternInstrumentation.java
new file mode 100644
index 00000000000..feac036e405
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PathPatternInstrumentation.java
@@ -0,0 +1,100 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.advice.ActiveRequestContext;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import net.bytebuddy.asm.Advice;
+import scala.Tuple2;
+import scala.collection.Iterator;
+import scala.util.Either;
+
+/** @see play.core.routing.PathPattern#apply(String) */
+@AutoService(Instrumenter.class)
+public class PathPatternInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public PathPatternInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".PathExtractionHelpers",
+    };
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.core.routing.PathPattern";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("apply")
+            .and(not(isStatic()))
+            .and(takesArguments(1))
+            .and(takesArgument(0, String.class))
+            .and(returns(named("scala.Option"))),
+        PathPatternInstrumentation.class.getName() + "$ApplyAdvice");
+  }
+
+  @RequiresRequestContext(RequestContextSlot.APPSEC)
+  static class ApplyAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Return(readOnly = false)
+            scala.Option<
+                    scala.collection.immutable.Map<String, scala.util.Either<Throwable, String>>>
+                ret,
+        @Advice.Thrown(readOnly = false) Throwable t,
+        @ActiveRequestContext RequestContext reqCtx) {
+      if (t != null) {
+        return;
+      }
+      if (ret.isEmpty()) {
+        return;
+      }
+
+      java.util.Map<String, Object> conv = new java.util.HashMap<>();
+
+      Iterator<Tuple2<String, Either<Throwable, String>>> iterator = ret.get().iterator();
+      while (iterator.hasNext()) {
+        Tuple2<String, Either<Throwable, String>> next = iterator.next();
+        Either<Throwable, String> value = next._2();
+        if (value.isLeft()) {
+          continue;
+        }
+
+        conv.put(next._1(), value.right().get());
+      }
+
+      BlockingException blockingException =
+          PathExtractionHelpers.callRequestPathParamsCallback(reqCtx, conv, "PathPattern#apply");
+      t = blockingException;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PlayBodyParsersInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PlayBodyParsersInstrumentation.java
new file mode 100644
index 00000000000..0b74d0be928
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/PlayBodyParsersInstrumentation.java
@@ -0,0 +1,151 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ScalaTraitMatchers.isTraitMethod;
+import static datadog.trace.instrumentation.play26.appsec.NoDeclaredMethodMatcher.hasNoDeclaredMethod;
+import static net.bytebuddy.matcher.ElementMatchers.is;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.CallDepthThreadLocalMap;
+import net.bytebuddy.asm.Advice;
+import play.api.libs.json.JsValue;
+import play.api.mvc.BodyParser;
+import play.api.mvc.MultipartFormData;
+import play.api.mvc.PlayBodyParsers;
+import play.core.Execution;
+import scala.collection.Seq;
+import scala.collection.immutable.Map;
+import scala.xml.NodeSeq;
+
+/** @see play.api.mvc.PlayBodyParsers$class#tolerantFormUrlEncoded(PlayBodyParsers, int) */
+@AutoService(Instrumenter.class)
+public class PlayBodyParsersInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForKnownTypes {
+  private static final String TRAIT_NAME = "play.api.mvc.PlayBodyParsers";
+
+  public PlayBodyParsersInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {TRAIT_NAME, TRAIT_NAME + "$class"};
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "tolerantFormUrlEncoded", is(int.class).or(is(long.class)))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        PlayBodyParsersInstrumentation.class.getName() + "$UrlEncodedAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "tolerantText", long.class)
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        PlayBodyParsersInstrumentation.class.getName() + "$TextAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "text", long.class)
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        PlayBodyParsersInstrumentation.class.getName() + "$TextAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "multipartFormData", "scala.Function1", long.class, boolean.class)
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        PlayBodyParsersInstrumentation.class.getName() + "$MultipartFormDataAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "multipartFormData", "scala.Function1", long.class)
+            .and(returns(named("play.api.mvc.BodyParser")))
+            .and(
+                /* only if prev didn't match */
+                hasNoDeclaredMethod(
+                    isTraitMethod(
+                            TRAIT_NAME,
+                            "multipartFormData",
+                            "scala.Function1",
+                            long.class,
+                            boolean.class)
+                        .and(returns(named("play.api.mvc.BodyParser"))))),
+        PlayBodyParsersInstrumentation.class.getName() + "$MultipartFormDataAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "tolerantJson", is(int.class).or(is(long.class)))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        PlayBodyParsersInstrumentation.class.getName() + "$JsonAdvice");
+    transformation.applyAdvice(
+        isTraitMethod(TRAIT_NAME, "tolerantXml", is(int.class).or(is(long.class)))
+            .and(returns(named("play.api.mvc.BodyParser"))),
+        PlayBodyParsersInstrumentation.class.getName() + "$XmlAdvice");
+  }
+
+  static class UrlEncodedAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(
+        @Advice.Return(readOnly = false) BodyParser<Map<String, Seq<String>>> parser) {
+
+      parser =
+          parser.map(
+              BodyParserHelpers.getHandleUrlEncodedMapF(),
+              Execution.Implicits$.MODULE$.trampoline());
+    }
+  }
+
+  static class TextAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static void before() {
+      CallDepthThreadLocalMap.incrementCallDepth(PlayBodyParsers.class);
+    }
+
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Return(readOnly = false) BodyParser<String> parser, @Advice.Thrown Throwable t) {
+      int depth = CallDepthThreadLocalMap.decrementCallDepth(PlayBodyParsers.class);
+      if (depth > 0 || t != null) {
+        return;
+      }
+
+      parser =
+          parser.map(
+              BodyParserHelpers.getHandleStringMapF(), Execution.Implicits$.MODULE$.trampoline());
+    }
+  }
+
+  static class MultipartFormDataAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) BodyParser<MultipartFormData<?>> parser) {
+
+      parser =
+          parser.map(
+              BodyParserHelpers.getHandleMultipartFormDataF(),
+              Execution.Implicits$.MODULE$.trampoline());
+    }
+  }
+
+  static class JsonAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) BodyParser<JsValue> parser) {
+
+      parser =
+          parser.map(BodyParserHelpers.getHandleJsonF(), Execution.Implicits$.MODULE$.trampoline());
+    }
+  }
+
+  static class XmlAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    static void after(@Advice.Return(readOnly = false) BodyParser<NodeSeq> parser) {
+
+      parser =
+          parser.map(BodyParserHelpers.getHandleXmlF(), Execution.Implicits$.MODULE$.trampoline());
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/RoutingDslInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/RoutingDslInstrumentation.java
new file mode 100644
index 00000000000..fb44978f5d1
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/RoutingDslInstrumentation.java
@@ -0,0 +1,84 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import net.bytebuddy.asm.Advice;
+import play.libs.F;
+import play.routing.RoutingDsl;
+
+/** @see RoutingDsl.Route */
+@AutoService(Instrumenter.class)
+public class RoutingDslInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public RoutingDslInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Only";
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.routing.RoutingDsl$Route";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return new Reference[] {
+      new Reference.Builder("play.routing.RoutingDsl$PathPatternMatcher")
+          .withMethod(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC | Reference.EXPECTS_PUBLIC,
+              "routeTo",
+              "Lplay/routing/RoutingDsl;",
+              "Ljava/util/function/Supplier;")
+          .build(),
+      MuzzleReferences.PLAY_26_ONLY[0],
+      MuzzleReferences.PLAY_26_ONLY[1],
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".ArgumentCaptureWrappers",
+      packageName + ".ArgumentCaptureWrappers$ArgumentCaptureFunction",
+      packageName + ".ArgumentCaptureWrappers$ArgumentCaptureBiFunction",
+      packageName + ".ArgumentCaptureWrappers$ArgumentCaptureFunction3",
+      packageName + ".PathExtractionHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(5))
+            .and(takesArgument(3, Object.class))
+            .and(takesArgument(4, java.lang.reflect.Method.class)),
+        RoutingDslInstrumentation.class.getName() + "$RouteConstructorAdvice");
+  }
+
+  static class RouteConstructorAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static void before(@Advice.Argument(value = 3, readOnly = false) Object action) {
+      if (action instanceof Function) {
+        action = new ArgumentCaptureWrappers.ArgumentCaptureFunction<>((Function) action);
+      } else if (action instanceof BiFunction) {
+        action = new ArgumentCaptureWrappers.ArgumentCaptureBiFunction<>((BiFunction) action);
+      } else if (action instanceof F.Function3) {
+        action = new ArgumentCaptureWrappers.ArgumentCaptureFunction3<>((F.Function3) action);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/SirdPathExtractorInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/SirdPathExtractorInstrumentation.java
new file mode 100644
index 00000000000..667546788b3
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/SirdPathExtractorInstrumentation.java
@@ -0,0 +1,83 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.advice.ActiveRequestContext;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import java.util.HashMap;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import scala.collection.immutable.List;
+
+/** @see play.api.routing.sird.PathExtractor */
+@AutoService(Instrumenter.class)
+public class SirdPathExtractorInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public SirdPathExtractorInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS; // force failure in <2.6
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.api.routing.sird.PathExtractor";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("extract")
+            .and(takesArguments(1))
+            .and(takesArgument(0, String.class))
+            .and(returns(named("scala.Option"))),
+        SirdPathExtractorInstrumentation.class.getName() + "$ExtractAdvice");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".PathExtractionHelpers",
+    };
+  }
+
+  @RequiresRequestContext(RequestContextSlot.APPSEC)
+  static class ExtractAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Return scala.Option<scala.collection.immutable.List<String>> ret,
+        @ActiveRequestContext RequestContext reqCtx,
+        @Advice.Thrown(readOnly = false) Throwable t) {
+      if (ret.isEmpty() || t != null) {
+        return;
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      List<String> stringList = ret.get();
+      for (int i = 0; i < stringList.size(); i++) {
+        conv.put(Integer.toString(i), stringList.apply(i));
+      }
+
+      t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              reqCtx, conv, "sird.PathExtractor#extract");
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantJsonInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantJsonInstrumentation.java
new file mode 100644
index 00000000000..7d959f0cbfd
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantJsonInstrumentation.java
@@ -0,0 +1,75 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.util.ByteString;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.advice.RequiresRequestContext;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import net.bytebuddy.asm.Advice;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.TolerantJson#parse(Http.RequestHeader, ByteString) */
+@AutoService(Instrumenter.class)
+public class TolerantJsonInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public TolerantJsonInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$TolerantJson";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(named("com.fasterxml.jackson.databind.JsonNode"))),
+        TolerantJsonInstrumentation.class.getName() + "$ParseAdvice");
+  }
+
+  @RequiresRequestContext(RequestContextSlot.APPSEC)
+  static class ParseAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(@Advice.Return JsonNode ret, @Advice.Thrown(readOnly = false) Throwable t) {
+      if (t != null) {
+        return;
+      }
+      try {
+        BodyParserHelpers.handleJsonNode(ret, "TolerantJson#parse");
+      } catch (BlockingException be) {
+        t = be;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantTextInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantTextInstrumentation.java
new file mode 100644
index 00000000000..2db389820d5
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantTextInstrumentation.java
@@ -0,0 +1,72 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.util.ByteString;
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import net.bytebuddy.asm.Advice;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.TolerantText#parse(Http.RequestHeader, ByteString) */
+@AutoService(Instrumenter.class)
+public class TolerantTextInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public TolerantTextInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$TolerantText";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(String.class)),
+        TolerantTextInstrumentation.class.getName() + "$ParseAdvice");
+  }
+
+  static class ParseAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(@Advice.Return String ret, @Advice.Thrown(readOnly = false) Throwable t) {
+      if (t != null) {
+        return;
+      }
+      try {
+        // error is reported as client error, which doesn't preserve the exception
+        BodyParserHelpers.handleArbitraryPostDataWithSpanError(ret, "TolerantText#parse");
+      } catch (BlockingException be) {
+        t = be;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantXmlInstrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantXmlInstrumentation.java
new file mode 100644
index 00000000000..878403c43ce
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play26/appsec/TolerantXmlInstrumentation.java
@@ -0,0 +1,72 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import akka.util.ByteString;
+import com.google.auto.service.AutoService;
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.instrumentation.play26.MuzzleReferences;
+import net.bytebuddy.asm.Advice;
+import play.mvc.Http;
+
+/** @see play.mvc.BodyParser.TolerantXml#parse(Http.RequestHeader, ByteString) */
+@AutoService(Instrumenter.class)
+public class TolerantXmlInstrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public TolerantXmlInstrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play26Plus";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return MuzzleReferences.PLAY_26_PLUS;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.mvc.BodyParser$TolerantXml";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".BodyParserHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("parse")
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("play.mvc.Http$RequestHeader")))
+            .and(takesArgument(1, named("akka.util.ByteString")))
+            .and(returns(named("org.w3c.dom.Document"))),
+        TolerantXmlInstrumentation.class.getName() + "$ParseAdvice");
+  }
+
+  static class ParseAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
+    static void after(
+        @Advice.Return org.w3c.dom.Document ret, @Advice.Thrown(readOnly = false) Throwable t) {
+      if (t != null) {
+        return;
+      }
+      try {
+        BodyParserHelpers.handleXmlDocument(ret, "TolerantXml#parse");
+      } catch (BlockingException be) {
+        t = be;
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play27/appsec/RoutingDsl27Instrumentation.java b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play27/appsec/RoutingDsl27Instrumentation.java
new file mode 100644
index 00000000000..137f485fbb3
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java/datadog/trace/instrumentation/play27/appsec/RoutingDsl27Instrumentation.java
@@ -0,0 +1,64 @@
+package datadog.trace.instrumentation.play27.appsec;
+
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.muzzle.Reference;
+import play.routing.RoutingDsl;
+
+/** @see RoutingDsl.Route */
+@AutoService(Instrumenter.class)
+public class RoutingDsl27Instrumentation extends Instrumenter.AppSec
+    implements Instrumenter.ForSingleType {
+  public RoutingDsl27Instrumentation() {
+    super("play");
+  }
+
+  @Override
+  public String muzzleDirective() {
+    return "play27";
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "play.routing.RoutingDsl$Route";
+  }
+
+  @Override
+  public Reference[] additionalMuzzleReferences() {
+    return new Reference[] {
+      new Reference.Builder("play.routing.RoutingDsl$PathPatternMatcher")
+          .withMethod(
+              new String[0],
+              Reference.EXPECTS_NON_STATIC | Reference.EXPECTS_PUBLIC,
+              "routingTo",
+              "Lplay/routing/RoutingDsl;",
+              "Lplay/routing/RequestFunctions$Params1;")
+          .build()
+    };
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".ArgumentCaptureAdvice",
+      packageName + ".ArgumentCaptureAdvice$ArgumentCaptureFunctionParam1",
+      packageName + ".ArgumentCaptureAdvice$ArgumentCaptureFunctionParam2",
+      packageName + ".ArgumentCaptureAdvice$ArgumentCaptureFunctionParam3",
+      "datadog.trace.instrumentation.play26.appsec.PathExtractionHelpers",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(5))
+            .and(takesArgument(3, Object.class))
+            .and(takesArgument(4, java.lang.reflect.Method.class)),
+        packageName + ".ArgumentCaptureAdvice$RouteConstructorAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/main/java_play27/datadog/trace/instrumentation/play27/appsec/ArgumentCaptureAdvice.java b/dd-java-agent/instrumentation/play-2.6/src/main/java_play27/datadog/trace/instrumentation/play27/appsec/ArgumentCaptureAdvice.java
new file mode 100644
index 00000000000..fefc4747eb1
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/main/java_play27/datadog/trace/instrumentation/play27/appsec/ArgumentCaptureAdvice.java
@@ -0,0 +1,151 @@
+package datadog.trace.instrumentation.play27.appsec;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+
+import datadog.appsec.api.blocking.BlockingException;
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.play26.appsec.PathExtractionHelpers;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import play.mvc.Http;
+import play.routing.RequestFunctions;
+
+public class ArgumentCaptureAdvice {
+  private static Logger log = LoggerFactory.getLogger(ArgumentCaptureAdvice.class);
+
+  public static class RouteConstructorAdvice {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    static void before(@Advice.Argument(value = 3, readOnly = false) Object action) {
+      if (action instanceof RequestFunctions.Params1) {
+        action = new ArgumentCaptureFunctionParam1((RequestFunctions.Params1) action);
+      } else if (action instanceof RequestFunctions.Params2) {
+        action = new ArgumentCaptureFunctionParam2((RequestFunctions.Params2) action);
+      } else if (action instanceof RequestFunctions.Params3) {
+        action = new ArgumentCaptureFunctionParam3((RequestFunctions.Params3) action);
+      }
+    }
+  }
+
+  public static class ArgumentCaptureFunctionParam1<R>
+      implements RequestFunctions.Params1<Object, R> {
+    private final RequestFunctions.Params1<Object, R> delegate;
+
+    public ArgumentCaptureFunctionParam1(RequestFunctions.Params1<Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Http.Request req, Object o1) {
+      if (o1 == null) {
+        return delegate.apply(req, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(req, o1);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(req, o1);
+      }
+
+      Map<String, Object> conv = Collections.singletonMap("0", o1);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routingTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(req, o1);
+    }
+  }
+
+  public static class ArgumentCaptureFunctionParam2<R>
+      implements RequestFunctions.Params2<Object, Object, R> {
+    private final RequestFunctions.Params2<Object, Object, R> delegate;
+
+    public ArgumentCaptureFunctionParam2(RequestFunctions.Params2<Object, Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Http.Request req, Object o1, Object o2) throws Throwable {
+      if (o1 == null && o2 == null) {
+        return delegate.apply(req, null, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(req, o1, o2);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(req, o1, o2);
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      conv.put("0", o1);
+      conv.put("1", o2);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routingTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(req, o1, o2);
+    }
+  }
+
+  public static class ArgumentCaptureFunctionParam3<R>
+      implements RequestFunctions.Params3<Object, Object, Object, R> {
+    private final RequestFunctions.Params3<Object, Object, Object, R> delegate;
+
+    public ArgumentCaptureFunctionParam3(
+        RequestFunctions.Params3<Object, Object, Object, R> delegate) {
+      this.delegate = delegate;
+    }
+
+    @Override
+    public R apply(Http.Request req, Object o1, Object o2, Object o3) throws Throwable {
+      if (o1 == null && o2 == null && o3 == null) {
+        return delegate.apply(req, null, null, null);
+      }
+
+      AgentSpan agentSpan = activeSpan();
+      if (agentSpan == null) {
+        return delegate.apply(req, o1, o2, o3);
+      }
+
+      RequestContext requestContext = agentSpan.getRequestContext();
+      if (requestContext.getData(RequestContextSlot.APPSEC) == null) {
+        return delegate.apply(req, o1, o2, o3);
+      }
+
+      Map<String, Object> conv = new HashMap<>();
+      conv.put("0", o1);
+      conv.put("1", o2);
+      conv.put("2", o3);
+
+      BlockingException t =
+          PathExtractionHelpers.callRequestPathParamsCallback(
+              requestContext, conv, "RoutingDsl#routingTo");
+      if (t != null) {
+        throw t;
+      }
+
+      return delegate.apply(req, o1, o2, o3);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/routeGenerator/scala/generator/CompileRoutes.scala b/dd-java-agent/instrumentation/play-2.6/src/routeGenerator/scala/generator/CompileRoutes.scala
new file mode 100644
index 00000000000..1b8ff7667ba
--- /dev/null
+++ b/dd-java-agent/instrumentation/play-2.6/src/routeGenerator/scala/generator/CompileRoutes.scala
@@ -0,0 +1,17 @@
+package generator
+
+import play.routes.compiler.{InjectedRoutesGenerator, RoutesCompiler}
+
+import java.io.File
+import scala.collection.immutable
+
+object CompileRoutes extends App {
+  val routesFile = args(0)
+  val destinationDir = args(1)
+
+  val routesCompilerTask = RoutesCompiler.RoutesCompilerTask(
+    new File(routesFile), immutable.Seq.empty,
+    true, false, false)
+  RoutesCompiler.compile(
+    routesCompilerTask, InjectedRoutesGenerator, new File(destinationDir))
+}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayAsyncServerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayAsyncServerTest.groovy
deleted file mode 100644
index 567c6dab618..00000000000
--- a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayAsyncServerTest.groovy
+++ /dev/null
@@ -1,97 +0,0 @@
-package server
-
-import datadog.trace.agent.test.base.HttpServer
-import play.BuiltInComponents
-import play.libs.concurrent.HttpExecution
-import play.mvc.Results
-import play.routing.RoutingDsl
-import spock.lang.Shared
-
-import java.util.concurrent.CompletableFuture
-import java.util.concurrent.Executors
-import java.util.function.Supplier
-
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
-
-class PlayAsyncServerTest extends PlayServerTest {
-  @Shared
-  def executor
-
-  def cleanupSpec() {
-    executor.shutdown()
-  }
-
-  @Override
-  HttpServer server() {
-    executor = Executors.newCachedThreadPool()
-    def execContext = HttpExecution.fromThread(executor)
-    return new PlayHttpServer({ BuiltInComponents components ->
-      RoutingDsl.fromComponents(components)
-        .GET(SUCCESS.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(SUCCESS) {
-              Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(FORWARDED.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(FORWARDED) {
-              Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(QUERY_PARAM.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(QUERY_PARAM) {
-              Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(QUERY_ENCODED_QUERY.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(QUERY_ENCODED_QUERY) {
-              Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(QUERY_ENCODED_BOTH.getRawPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(QUERY_ENCODED_BOTH) {
-              Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
-                withHeader(IG_RESPONSE_HEADER, IG_RESPONSE_HEADER_VALUE) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(REDIRECT.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(REDIRECT) {
-              Results.found(REDIRECT.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(ERROR.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(ERROR) {
-              Results.status(ERROR.getStatus(), ERROR.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(EXCEPTION.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(EXCEPTION) {
-              throw new RuntimeException(EXCEPTION.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .build()
-    })
-  }
-}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayAsyncServerWithErrorHandlerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayAsyncServerWithErrorHandlerTest.groovy
deleted file mode 100644
index 809c91bfd56..00000000000
--- a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayAsyncServerWithErrorHandlerTest.groovy
+++ /dev/null
@@ -1,105 +0,0 @@
-package server
-
-import datadog.trace.agent.test.base.HttpServer
-import play.BuiltInComponents
-import play.libs.concurrent.HttpExecution
-import play.mvc.Results
-import play.routing.RoutingDsl
-import spock.lang.Shared
-
-import java.util.concurrent.CompletableFuture
-import java.util.concurrent.Executors
-import java.util.function.Supplier
-
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
-
-class PlayAsyncServerWithErrorHandlerTest extends PlayServerWithErrorHandlerTest {
-  @Shared
-  def executor
-
-  def cleanupSpec() {
-    executor.shutdown()
-  }
-
-  @Override
-  HttpServer server() {
-    executor = Executors.newCachedThreadPool()
-    def execContext = HttpExecution.fromThread(executor)
-    return new PlayHttpServer({ BuiltInComponents components ->
-      RoutingDsl.fromComponents(components)
-        .GET(SUCCESS.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(SUCCESS) {
-              Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(FORWARDED.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(FORWARDED) {
-              Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(QUERY_PARAM.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(QUERY_PARAM) {
-              Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(QUERY_ENCODED_QUERY.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(QUERY_ENCODED_QUERY) {
-              Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(QUERY_ENCODED_BOTH.getRawPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(QUERY_ENCODED_BOTH) {
-              Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
-                withHeader(IG_RESPONSE_HEADER, IG_RESPONSE_HEADER_VALUE) // cheating
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(REDIRECT.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(REDIRECT) {
-              Results.found(REDIRECT.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(ERROR.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(ERROR) {
-              Results.status(ERROR.getStatus(), ERROR.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(EXCEPTION.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(EXCEPTION) {
-              throw new RuntimeException(EXCEPTION.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .GET(CUSTOM_EXCEPTION.getPath()).routeAsync({
-          CompletableFuture.supplyAsync({
-            controller(CUSTOM_EXCEPTION) {
-              throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.getBody())
-            }
-          }, execContext)
-        } as Supplier)
-        .build()
-    }, new TestHttpErrorHandler())
-  }
-}
diff --git a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayServerWithErrorHandlerTest.groovy b/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayServerWithErrorHandlerTest.groovy
deleted file mode 100644
index 5ef4dbd749e..00000000000
--- a/dd-java-agent/instrumentation/play-2.6/src/test/groovy/server/PlayServerWithErrorHandlerTest.groovy
+++ /dev/null
@@ -1,112 +0,0 @@
-package server
-
-import datadog.trace.agent.test.base.HttpServer
-import play.BuiltInComponents
-import play.mvc.Results
-import play.routing.RoutingDsl
-
-import java.util.function.Supplier
-
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.CUSTOM_EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_BOTH
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_ENCODED_QUERY
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.QUERY_PARAM
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.REDIRECT
-import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
-import static org.junit.Assume.assumeTrue
-
-class PlayServerWithErrorHandlerTest extends PlayServerTest {
-  @Override
-  HttpServer server() {
-    return new PlayHttpServer({ BuiltInComponents components ->
-      RoutingDsl.fromComponents(components)
-        .GET(SUCCESS.getPath()).routeTo({
-          controller(SUCCESS) {
-            Results.status(SUCCESS.getStatus(), SUCCESS.getBody())
-          }
-        } as Supplier)
-        .GET(FORWARDED.getPath()).routeTo({
-          controller(FORWARDED) {
-            Results.status(FORWARDED.getStatus(), FORWARDED.getBody()) // cheating
-          }
-        } as Supplier)
-        .GET(QUERY_PARAM.getPath()).routeTo({
-          controller(QUERY_PARAM) {
-            Results.status(QUERY_PARAM.getStatus(), QUERY_PARAM.getBody()) // cheating
-          }
-        } as Supplier)
-        .GET(QUERY_ENCODED_QUERY.getPath()).routeTo({
-          controller(QUERY_ENCODED_QUERY) {
-            Results.status(QUERY_ENCODED_QUERY.getStatus(), QUERY_ENCODED_QUERY.getBody()) // cheating
-          }
-        } as Supplier)
-        .GET(QUERY_ENCODED_BOTH.getRawPath()).routeTo({
-          controller(QUERY_ENCODED_BOTH) {
-            Results.status(QUERY_ENCODED_BOTH.getStatus(), QUERY_ENCODED_BOTH.getBody()).
-              withHeader(IG_RESPONSE_HEADER, IG_RESPONSE_HEADER_VALUE) // cheating
-          }
-        } as Supplier)
-        .GET(REDIRECT.getPath()).routeTo({
-          controller(REDIRECT) {
-            Results.found(REDIRECT.getBody())
-          }
-        } as Supplier)
-        .GET(ERROR.getPath()).routeTo({
-          controller(ERROR) {
-            Results.status(ERROR.getStatus(), ERROR.getBody())
-          }
-        } as Supplier)
-        .GET(EXCEPTION.getPath()).routeTo({
-          controller(EXCEPTION) {
-            throw new RuntimeException(EXCEPTION.getBody())
-          }
-        } as Supplier)
-        .GET(CUSTOM_EXCEPTION.getPath()).routeTo({
-          controller(CUSTOM_EXCEPTION) {
-            throw new TestHttpErrorHandler.CustomRuntimeException(CUSTOM_EXCEPTION.getBody())
-          }
-        } as Supplier)
-        .build()
-    }, new TestHttpErrorHandler())
-  }
-
-  @Override
-  boolean testExceptionBody() {
-    true
-  }
-
-  def "test exception with custom status"() {
-    setup:
-    assumeTrue(testException())
-    def request = request(CUSTOM_EXCEPTION, method, body).build()
-    def response = client.newCall(request).execute()
-
-    expect:
-    response.code() == CUSTOM_EXCEPTION.status
-    if (testExceptionBody()) {
-      assert response.body().string() == CUSTOM_EXCEPTION.body
-    }
-
-    and:
-    assertTraces(1) {
-      trace(spanCount(CUSTOM_EXCEPTION)) {
-        sortSpansByStart()
-        serverSpan(it, null, null, method, CUSTOM_EXCEPTION)
-        if (hasHandlerSpan()) {
-          handlerSpan(it, CUSTOM_EXCEPTION)
-        }
-        controllerSpan(it, CUSTOM_EXCEPTION)
-        if (hasResponseSpan(CUSTOM_EXCEPTION)) {
-          responseSpan(it, CUSTOM_EXCEPTION)
-        }
-      }
-    }
-
-    where:
-    method = "GET"
-    body = null
-  }
-}
diff --git a/dd-java-agent/instrumentation/play-ws-1/src/main/java/datadog/trace/instrumentation/playws1/AsyncHandlerWrapper.java b/dd-java-agent/instrumentation/play-ws-1/src/main/java/datadog/trace/instrumentation/playws1/AsyncHandlerWrapper.java
index cefb18f57cb..b4a9902325a 100644
--- a/dd-java-agent/instrumentation/play-ws-1/src/main/java/datadog/trace/instrumentation/playws1/AsyncHandlerWrapper.java
+++ b/dd-java-agent/instrumentation/play-ws-1/src/main/java/datadog/trace/instrumentation/playws1/AsyncHandlerWrapper.java
@@ -1,6 +1,6 @@
 package datadog.trace.instrumentation.playws1;
 
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.capture;
 import static datadog.trace.instrumentation.playws.PlayWSClientDecorator.DECORATE;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
@@ -21,7 +21,7 @@ public class AsyncHandlerWrapper implements AsyncHandler {
   public AsyncHandlerWrapper(final AsyncHandler delegate, final AgentSpan span) {
     this.delegate = delegate;
     this.span = span;
-    continuation = propagate().capture();
+    continuation = capture();
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/play-ws-2.1/src/main/java/datadog/trace/instrumentation/playws21/AsyncHandlerWrapper.java b/dd-java-agent/instrumentation/play-ws-2.1/src/main/java/datadog/trace/instrumentation/playws21/AsyncHandlerWrapper.java
index 4cde8d1b584..3db6978b8ec 100644
--- a/dd-java-agent/instrumentation/play-ws-2.1/src/main/java/datadog/trace/instrumentation/playws21/AsyncHandlerWrapper.java
+++ b/dd-java-agent/instrumentation/play-ws-2.1/src/main/java/datadog/trace/instrumentation/playws21/AsyncHandlerWrapper.java
@@ -1,6 +1,6 @@
 package datadog.trace.instrumentation.playws21;
 
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.capture;
 import static datadog.trace.instrumentation.playws.PlayWSClientDecorator.DECORATE;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
@@ -26,7 +26,7 @@ public class AsyncHandlerWrapper implements AsyncHandler {
   public AsyncHandlerWrapper(final AsyncHandler delegate, final AgentSpan span) {
     this.delegate = delegate;
     this.span = span;
-    continuation = propagate().capture();
+    continuation = capture();
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/play-ws-2/src/main/java/datadog/trace/instrumentation/playws2/AsyncHandlerWrapper.java b/dd-java-agent/instrumentation/play-ws-2/src/main/java/datadog/trace/instrumentation/playws2/AsyncHandlerWrapper.java
index f6eb1bb9330..3648531a5c0 100644
--- a/dd-java-agent/instrumentation/play-ws-2/src/main/java/datadog/trace/instrumentation/playws2/AsyncHandlerWrapper.java
+++ b/dd-java-agent/instrumentation/play-ws-2/src/main/java/datadog/trace/instrumentation/playws2/AsyncHandlerWrapper.java
@@ -1,6 +1,6 @@
 package datadog.trace.instrumentation.playws2;
 
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.capture;
 import static datadog.trace.instrumentation.playws.PlayWSClientDecorator.DECORATE;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
@@ -25,7 +25,7 @@ public class AsyncHandlerWrapper implements AsyncHandler {
   public AsyncHandlerWrapper(final AsyncHandler delegate, final AgentSpan span) {
     this.delegate = delegate;
     this.span = span;
-    continuation = propagate().capture();
+    continuation = capture();
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/build.gradle b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/build.gradle
index 9c3fc2ee9e0..de8ae2554d9 100644
--- a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/build.gradle
+++ b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/build.gradle
@@ -11,6 +11,9 @@ apply from: "$rootDir/gradle/java.gradle"
 
 addTestSuiteForDir('latestDepTest', 'test')
 
+addTestSuiteForDir('latestReactorTest', 'reactorTest')
+addTestSuite('reactorTest')
+
 dependencies {
   compileOnly group: 'com.rabbitmq', name: 'amqp-client', version: '2.7.0'
 
@@ -22,6 +25,9 @@ dependencies {
 
   latestDepTestImplementation group: 'com.rabbitmq', name: 'amqp-client', version: '+'
   latestDepTestImplementation group: 'org.springframework.amqp', name: 'spring-rabbit', version: '2.+'
+
+  reactorTestImplementation group: 'io.projectreactor.rabbitmq', name: 'reactor-rabbitmq', version: '1.0.0.RELEASE'
+  latestReactorTestImplementation group: 'io.projectreactor.rabbitmq', name: 'reactor-rabbitmq', version: '+'
 }
 
 configurations.testRuntimeOnly {
@@ -33,3 +39,7 @@ configurations.testRuntimeOnly {
 tasks.withType(Test).configureEach {
   usesService(testcontainersLimit)
 }
+
+tasks.named("latestDepTest").configure {
+  finalizedBy latestReactorTest
+}
diff --git a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitChannelInstrumentation.java b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitChannelInstrumentation.java
index 33ba116e614..4194816c7e8 100644
--- a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitChannelInstrumentation.java
+++ b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitChannelInstrumentation.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.rabbitmq.amqp;
 
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.nameEndsWith;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
@@ -64,7 +65,9 @@ public String hierarchyMarkerType() {
 
   @Override
   public ElementMatcher<TypeDescription> hierarchyMatcher() {
-    return implementsInterface(named(hierarchyMarkerType()));
+    return implementsInterface(named(hierarchyMarkerType()))
+        // Class is added to ignores trie, but it's not final so just being safe
+        .and(not(extendsClass(named("reactor.rabbitmq.ChannelProxy"))));
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitDecorator.java b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitDecorator.java
index f01219782b4..8b8aba561e3 100644
--- a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitDecorator.java
+++ b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/main/java/datadog/trace/instrumentation/rabbitmq/amqp/RabbitDecorator.java
@@ -51,17 +51,30 @@ public class RabbitDecorator extends MessagingClientDecorator {
   public static final boolean TIME_IN_QUEUE_ENABLED =
       Config.get().isTimeInQueueEnabled(!RABBITMQ_LEGACY_TRACING, "rabbit", "rabbitmq");
 
-  private static final String LOCAL_SERVICE_NAME =
-      RABBITMQ_LEGACY_TRACING ? "rabbitmq" : Config.get().getServiceName();
   public static final RabbitDecorator CLIENT_DECORATE =
       new RabbitDecorator(
-          Tags.SPAN_KIND_CLIENT, InternalSpanTypes.MESSAGE_CLIENT, LOCAL_SERVICE_NAME);
+          Tags.SPAN_KIND_CLIENT,
+          InternalSpanTypes.MESSAGE_CLIENT,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .outboundService("rabbitmq", RABBITMQ_LEGACY_TRACING));
   public static final RabbitDecorator PRODUCER_DECORATE =
       new RabbitDecorator(
-          Tags.SPAN_KIND_PRODUCER, InternalSpanTypes.MESSAGE_PRODUCER, LOCAL_SERVICE_NAME);
+          Tags.SPAN_KIND_PRODUCER,
+          InternalSpanTypes.MESSAGE_PRODUCER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .outboundService("rabbitmq", RABBITMQ_LEGACY_TRACING));
   public static final RabbitDecorator CONSUMER_DECORATE =
       new RabbitDecorator(
-          Tags.SPAN_KIND_CONSUMER, InternalSpanTypes.MESSAGE_CONSUMER, LOCAL_SERVICE_NAME);
+          Tags.SPAN_KIND_CONSUMER,
+          InternalSpanTypes.MESSAGE_CONSUMER,
+          SpanNaming.instance()
+              .namingSchema()
+              .messaging()
+              .inboundService("rabbitmq", RABBITMQ_LEGACY_TRACING));
   public static final RabbitDecorator BROKER_DECORATE =
       new RabbitDecorator(
           Tags.SPAN_KIND_BROKER,
@@ -234,7 +247,9 @@ public static AgentScope startReceivingSpan(
       sortedTags.put(DIRECTION_TAG, DIRECTION_IN);
       sortedTags.put(TOPIC_TAG, queue);
       sortedTags.put(TYPE_TAG, "rabbitmq");
-      AgentTracer.get().setDataStreamCheckpoint(span, sortedTags, produceMillis);
+      AgentTracer.get()
+          .getDataStreamsMonitoring()
+          .setCheckpoint(span, sortedTags, produceMillis, 0);
     }
 
     CONSUMER_DECORATE.afterStart(span);
diff --git a/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/reactorTest/groovy/ReactorRabbitMQTest.groovy b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/reactorTest/groovy/ReactorRabbitMQTest.groovy
new file mode 100644
index 00000000000..99df4e68360
--- /dev/null
+++ b/dd-java-agent/instrumentation/rabbitmq-amqp-2.7/src/reactorTest/groovy/ReactorRabbitMQTest.groovy
@@ -0,0 +1,68 @@
+import com.rabbitmq.client.AMQP
+import com.rabbitmq.client.Channel
+import com.rabbitmq.client.ConnectionFactory
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.agent.test.utils.PortUtils
+import org.testcontainers.containers.RabbitMQContainer
+import reactor.core.publisher.Mono
+import reactor.core.scheduler.Schedulers
+import reactor.rabbitmq.RabbitFlux
+import reactor.rabbitmq.Sender
+import reactor.rabbitmq.SenderOptions
+import spock.lang.Shared
+
+import java.time.Duration
+import java.util.concurrent.TimeUnit
+
+class ReactorRabbitMQTest extends AgentTestRunner {
+  @Shared
+  def rabbitMQContainer
+  @Shared
+  def defaultRabbitMQPort = 5672
+  @Shared
+  InetSocketAddress rabbitmqAddress = new InetSocketAddress("127.0.0.1", defaultRabbitMQPort)
+
+  ConnectionFactory factory
+
+  def setup() {
+    factory = new ConnectionFactory(host: rabbitmqAddress.hostName, port: rabbitmqAddress.port)
+  }
+
+  def setupSpec() {
+    rabbitMQContainer = new RabbitMQContainer('rabbitmq:3.9.20-alpine')
+      .withExposedPorts(defaultRabbitMQPort)
+      .withStartupTimeout(Duration.ofSeconds(120))
+    rabbitMQContainer.start()
+    rabbitmqAddress = new InetSocketAddress(
+      rabbitMQContainer.getHost(),
+      rabbitMQContainer.getMappedPort(defaultRabbitMQPort)
+      )
+    PortUtils.waitForPortToOpen(rabbitmqAddress.hostString, rabbitmqAddress.port, 5, TimeUnit.SECONDS)
+  }
+
+  def cleanupSpec() {
+    if (rabbitMQContainer) {
+      rabbitMQContainer.stop()
+    }
+  }
+
+  def "test reactor-rabbit does not cause exceptions from calling channel.asyncCompletableRpc"() {
+    setup:
+    SenderOptions senderOptions =  new SenderOptions()
+      .connectionFactory(factory)
+      .resourceManagementScheduler(Schedulers.elastic())
+    Sender sender = RabbitFlux.createSender(senderOptions)
+
+    Mono<Channel> channelMono = sender.getChannelMonoForResourceManagement(null)
+    Channel channel1 = channelMono.block()
+
+    expect:
+    channel1.getClass().getCanonicalName() == "reactor.rabbitmq.ChannelProxy"
+
+    when:
+    channel1.asyncCompletableRpc(new AMQP.Connection.Close.Builder().build())
+
+    then:
+    noExceptionThrown()
+  }
+}
diff --git a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/ContextParseAdvice.java b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/ContextParseAdvice.java
index 09069c90b3b..9b1959e0f1d 100644
--- a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/ContextParseAdvice.java
+++ b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/ContextParseAdvice.java
@@ -46,10 +46,12 @@ static void after(
       if (brf != null) {
         Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
         brf.tryCommitBlockingResponse(
-            rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+            reqCtx.getTraceSegment(),
+            rba.getStatusCode(),
+            rba.getBlockingContentType(),
+            rba.getExtraHeaders());
 
         t = new BlockingException("Blocked request (for DefaultContext/parse)");
-        reqCtx.getTraceSegment().effectivelyBlocked();
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/PathBindingPublishingHandler.java b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/PathBindingPublishingHandler.java
index ab3f628e612..e656ae5fa3b 100644
--- a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/PathBindingPublishingHandler.java
+++ b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/PathBindingPublishingHandler.java
@@ -32,7 +32,6 @@ public void handle(Context ctx) {
       if (doDelegation) {
         ctx.next();
       } else {
-        activeSpan().getRequestContext().getTraceSegment().effectivelyBlocked();
         throw new BlockingException("Blocking request");
       }
     }
@@ -69,7 +68,10 @@ private boolean maybePublishTokens(Context ctx) {
       }
       Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
       blockResponseFunction.tryCommitBlockingResponse(
-          rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+          requestContext.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
       return false;
     }
 
diff --git a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyCallGetBufferAdvice.java b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyCallGetBufferAdvice.java
index 48771edfcfe..4f8a23de3c7 100644
--- a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyCallGetBufferAdvice.java
+++ b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyCallGetBufferAdvice.java
@@ -46,7 +46,10 @@ static Throwable before(
       }
       Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
       blockResponseFunction.tryCommitBlockingResponse(
-          rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+          reqCtx.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
       return new BlockingException("Blocked request (for ByteBufBackedTypedData/getBuffer)");
     }
 
@@ -62,7 +65,6 @@ static void after(
       return;
     }
 
-    reqCtx.getTraceSegment().effectivelyBlocked();
     // it's questionable, but we don't replace existing exceptions with our BlockingException
     if (t == null) {
       t = enterThr;
diff --git a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyGetTextCalledAdvice.java b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyGetTextCalledAdvice.java
index 53fe2a9a834..7e06a6067f3 100644
--- a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyGetTextCalledAdvice.java
+++ b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RatpackRequestBodyGetTextCalledAdvice.java
@@ -37,10 +37,12 @@ static void after(
       }
       Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
       blockResponseFunction.tryCommitBlockingResponse(
-          rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+          reqCtx.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
       if (throwable == null) {
         throwable = new BlockingException("Blocked request (for ByteBufBackedTypedData/getText)");
-        reqCtx.getTraceSegment().effectivelyBlocked();
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RequestBodyCollectionPublisher.java b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RequestBodyCollectionPublisher.java
index 969b757bbc2..b8009feae18 100644
--- a/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RequestBodyCollectionPublisher.java
+++ b/dd-java-agent/instrumentation/ratpack-1.5/src/main/java/datadog/trace/instrumentation/ratpack/RequestBodyCollectionPublisher.java
@@ -82,12 +82,11 @@ private void block(Flow.Action.RequestBlockingAction rba, Throwable t) {
             if (blockResponseFunction == null) {
               return;
             }
-            boolean committedBlockingResponse =
-                blockResponseFunction.tryCommitBlockingResponse(
-                    rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-            if (committedBlockingResponse) {
-              requestContext.getTraceSegment().effectivelyBlocked();
-            }
+            blockResponseFunction.tryCommitBlockingResponse(
+                requestContext.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
 
             // we can't directly interrupt user code here by throwing an exception
             // user code must listen for errors and implement its own logic to prevent
diff --git a/dd-java-agent/instrumentation/ratpack-1.5/src/test/groovy/server/RatpackHttpServerTest.groovy b/dd-java-agent/instrumentation/ratpack-1.5/src/test/groovy/server/RatpackHttpServerTest.groovy
index 0c4188afcc4..373342c23e5 100644
--- a/dd-java-agent/instrumentation/ratpack-1.5/src/test/groovy/server/RatpackHttpServerTest.groovy
+++ b/dd-java-agent/instrumentation/ratpack-1.5/src/test/groovy/server/RatpackHttpServerTest.groovy
@@ -1,6 +1,5 @@
 package server
 
-
 import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
@@ -13,6 +12,7 @@ import ratpack.test.embed.EmbeddedApp
 
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.ERROR
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.EXCEPTION
+import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.FORWARDED
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.PATH_PARAM
 import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.SUCCESS
 
@@ -47,6 +47,11 @@ class RatpackHttpServerTest extends HttpServerTest<EmbeddedApp> {
     [id: '123']
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean hasHandlerSpan() {
     true
@@ -88,6 +93,11 @@ class RatpackHttpServerTest extends HttpServerTest<EmbeddedApp> {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   @Override
   Serializable expectedServerSpanRoute(ServerEndpoint endpoint) {
     return String
@@ -122,7 +132,7 @@ class RatpackHttpServerTest extends HttpServerTest<EmbeddedApp> {
         "$Tags.HTTP_METHOD" String
         "$Tags.HTTP_STATUS" Integer
         "$Tags.HTTP_ROUTE" String
-        "$Tags.HTTP_CLIENT_IP" "127.0.0.1"
+        "$Tags.HTTP_CLIENT_IP" (endpoint == FORWARDED ? endpoint.body : '127.0.0.1')
         if (endpoint == EXCEPTION) {
           errorTags(Exception, EXCEPTION.body)
         }
diff --git a/dd-java-agent/instrumentation/reactive-streams/build.gradle b/dd-java-agent/instrumentation/reactive-streams/build.gradle
new file mode 100644
index 00000000000..f6a415a03fc
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactive-streams/build.gradle
@@ -0,0 +1,24 @@
+def reactiveStreamsVersion = '1.0.0'
+
+muzzle {
+  pass {
+    group = 'org.reactivestreams'
+    module = 'reactive-streams'
+    versions = "[${reactiveStreamsVersion},)"
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'org.reactivestreams', name: 'reactive-streams', version: reactiveStreamsVersion
+  compileOnly group: 'com.google.auto.value', name: 'auto-value-annotations', version: '1.6.6'
+
+  testImplementation project(':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.20')
+  testImplementation group: 'org.reactivestreams', name: 'reactive-streams', version: reactiveStreamsVersion
+  testImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: '1.28.0'
+
+  latestDepTestImplementation group: 'org.reactivestreams', name: 'reactive-streams', version: '1+'
+}
diff --git a/dd-java-agent/instrumentation/reactive-streams/src/main/java/datadog/trace/instrumentation/reactivestreams/ReactiveStreamsAsyncResultSupportExtension.java b/dd-java-agent/instrumentation/reactive-streams/src/main/java/datadog/trace/instrumentation/reactivestreams/ReactiveStreamsAsyncResultSupportExtension.java
new file mode 100644
index 00000000000..63b73d93c16
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactive-streams/src/main/java/datadog/trace/instrumentation/reactivestreams/ReactiveStreamsAsyncResultSupportExtension.java
@@ -0,0 +1,84 @@
+package datadog.trace.instrumentation.reactivestreams;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator.AsyncResultSupportExtension;
+import org.reactivestreams.Publisher;
+import org.reactivestreams.Subscriber;
+import org.reactivestreams.Subscription;
+
+public class ReactiveStreamsAsyncResultSupportExtension implements AsyncResultSupportExtension {
+  static {
+    AsyncResultDecorator.registerExtension(new ReactiveStreamsAsyncResultSupportExtension());
+  }
+
+  /**
+   * Register the extension as an {@link AsyncResultSupportExtension} using static class
+   * initialization.<br>
+   * It uses an empty static method call to ensure the class loading and the one-time-only static
+   * class initialization. This will ensure this extension will only be registered once to the
+   * {@link AsyncResultDecorator}.
+   */
+  public static void initialize() {}
+
+  @Override
+  public boolean supports(Class<?> result) {
+    return Publisher.class.isAssignableFrom(result);
+  }
+
+  @Override
+  public Object apply(Object result, AgentSpan span) {
+    if (result instanceof Publisher) {
+      return new WrappedPublisher<>((Publisher) result, span);
+    }
+    return null;
+  }
+
+  private static class WrappedPublisher<T> implements Publisher<T> {
+    private final Publisher<T> delegate;
+    private final AgentSpan span;
+
+    public WrappedPublisher(Publisher<T> delegate, AgentSpan span) {
+      this.delegate = delegate;
+      this.span = span;
+    }
+
+    @Override
+    public void subscribe(Subscriber<? super T> s) {
+      this.delegate.subscribe(new WrappedSubscriber<>(s, this.span));
+    }
+  }
+
+  private static class WrappedSubscriber<T> implements Subscriber<T> {
+    private final Subscriber<T> delegate;
+    private final AgentSpan span;
+
+    public WrappedSubscriber(Subscriber<T> delegate, AgentSpan span) {
+      this.delegate = delegate;
+      this.span = span;
+    }
+
+    @Override
+    public void onSubscribe(Subscription s) {
+      this.delegate.onSubscribe(s);
+    }
+
+    @Override
+    public void onNext(T t) {
+      this.delegate.onNext(t);
+    }
+
+    @Override
+    public void onError(Throwable t) {
+      this.span.addThrowable(t);
+      this.span.finish();
+      this.delegate.onError(t);
+    }
+
+    @Override
+    public void onComplete() {
+      this.span.finish();
+      this.delegate.onComplete();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactive-streams/src/main/java/datadog/trace/instrumentation/reactivestreams/ReactiveStreamsInstrumentation.java b/dd-java-agent/instrumentation/reactive-streams/src/main/java/datadog/trace/instrumentation/reactivestreams/ReactiveStreamsInstrumentation.java
new file mode 100644
index 00000000000..b62f74164ae
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactive-streams/src/main/java/datadog/trace/instrumentation/reactivestreams/ReactiveStreamsInstrumentation.java
@@ -0,0 +1,63 @@
+package datadog.trace.instrumentation.reactivestreams;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+/**
+ * This instrumentation provides support for asynchronous type results.
+ *
+ * @see datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator
+ */
+@AutoService(Instrumenter.class)
+public class ReactiveStreamsInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+
+  public ReactiveStreamsInstrumentation() {
+    super("reactive-streams", "reactive-streams-1");
+  }
+
+  @Override
+  protected boolean defaultEnabled() {
+    // Only used with OpenTelemetry @WithSpan annotations
+    return InstrumenterConfig.get().isTraceOtelEnabled();
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "org.reactivestreams.Publisher";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named("org.reactivestreams.Publisher"));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      this.packageName + ".ReactiveStreamsAsyncResultSupportExtension",
+      this.packageName + ".ReactiveStreamsAsyncResultSupportExtension$WrappedPublisher",
+      this.packageName + ".ReactiveStreamsAsyncResultSupportExtension$WrappedSubscriber",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(isConstructor(), this.getClass().getName() + "$PublisherAdvice");
+  }
+
+  public static class PublisherAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void init() {
+      ReactiveStreamsAsyncResultSupportExtension.initialize();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactive-streams/src/test/groovy/ReactiveStreamsAsyncResultSupportExtensionTest.groovy b/dd-java-agent/instrumentation/reactive-streams/src/test/groovy/ReactiveStreamsAsyncResultSupportExtensionTest.groovy
new file mode 100644
index 00000000000..f640e979427
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactive-streams/src/test/groovy/ReactiveStreamsAsyncResultSupportExtensionTest.groovy
@@ -0,0 +1,102 @@
+import annotatedsample.ReactiveStreamsTracedMethods
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+
+import java.util.concurrent.CountDownLatch
+
+class ReactiveStreamsAsyncResultSupportExtensionTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.20.enabled", "true")
+    injectSysConfig("dd.integration.reactive-streams-1.enabled", "true")
+  }
+
+  def "test WithSpan annotated async method (Publisher)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def publisher = ReactiveStreamsTracedMethods.traceAsyncPublisher(latch)
+    def subscriber = new ReactiveStreamsTracedMethods.ConsummerSubscriber<String>()
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    publisher.subscribe(subscriber)
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactiveStreamsTracedMethods.traceAsyncPublisher"
+          operationName "ReactiveStreamsTracedMethods.traceAsyncPublisher"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (failing Publisher)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new IllegalStateException("Test exception")
+    def publisher = ReactiveStreamsTracedMethods.traceAsyncFailingPublisher(latch, expectedException)
+    def subscriber = new ReactiveStreamsTracedMethods.ConsummerSubscriber<String>()
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    publisher.subscribe(subscriber)
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactiveStreamsTracedMethods.traceAsyncFailingPublisher"
+          operationName "ReactiveStreamsTracedMethods.traceAsyncFailingPublisher"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (cancelled Publisher)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def publisher = ReactiveStreamsTracedMethods.traceAsyncPublisher(latch)
+    def subscriber = new ReactiveStreamsTracedMethods.CancellerSubscriber<String>()
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    publisher.subscribe(subscriber)
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactiveStreamsTracedMethods.traceAsyncPublisher"
+          operationName "ReactiveStreamsTracedMethods.traceAsyncPublisher"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactive-streams/src/test/java/annotatedsample/ReactiveStreamsTracedMethods.java b/dd-java-agent/instrumentation/reactive-streams/src/test/java/annotatedsample/ReactiveStreamsTracedMethods.java
new file mode 100644
index 00000000000..bf4c8a6ffa4
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactive-streams/src/test/java/annotatedsample/ReactiveStreamsTracedMethods.java
@@ -0,0 +1,91 @@
+package annotatedsample;
+
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import java.util.concurrent.CountDownLatch;
+import org.reactivestreams.Publisher;
+import org.reactivestreams.Subscriber;
+import org.reactivestreams.Subscription;
+
+public class ReactiveStreamsTracedMethods {
+  @WithSpan
+  public static Publisher<String> traceAsyncPublisher(CountDownLatch latch) {
+    return TestPublisher.ofComplete(latch, "hello");
+  }
+
+  @WithSpan
+  public static Publisher<String> traceAsyncFailingPublisher(
+      CountDownLatch latch, Throwable throwable) {
+    return TestPublisher.ofFailing(latch, throwable);
+  }
+
+  private static class TestPublisher implements Publisher<String> {
+    private final CountDownLatch latch;
+    private final String element;
+    private final Throwable error;
+
+    private TestPublisher(CountDownLatch latch, String element, Throwable error) {
+      this.latch = latch;
+      this.element = element;
+      this.error = error;
+    }
+
+    private static TestPublisher ofComplete(CountDownLatch latch, String element) {
+      return new TestPublisher(latch, element, null);
+    }
+
+    private static TestPublisher ofFailing(CountDownLatch latch, Throwable error) {
+      return new TestPublisher(latch, null, error);
+    }
+
+    @Override
+    public void subscribe(Subscriber<? super String> s) {
+      try {
+        if (!this.latch.await(5, SECONDS)) {
+          throw new IllegalStateException("Latch still locked");
+        }
+      } catch (InterruptedException e) {
+        throw new RuntimeException(e);
+      }
+      if (this.error != null) {
+        s.onError(this.error);
+      } else {
+        s.onNext(this.element);
+        s.onComplete();
+      }
+    }
+  }
+
+  public static class ConsummerSubscriber<T> implements Subscriber<T> {
+    @Override
+    public void onSubscribe(Subscription s) {
+      s.request(1);
+    }
+
+    @Override
+    public void onNext(T t) {}
+
+    @Override
+    public void onError(Throwable t) {}
+
+    @Override
+    public void onComplete() {}
+  }
+
+  public static class CancellerSubscriber<T> implements Subscriber<T> {
+    @Override
+    public void onSubscribe(Subscription s) {
+      s.cancel();
+    }
+
+    @Override
+    public void onNext(T t) {}
+
+    @Override
+    public void onError(Throwable t) {}
+
+    @Override
+    public void onComplete() {}
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactor-core-3.1/build.gradle b/dd-java-agent/instrumentation/reactor-core-3.1/build.gradle
index 0d11164bef1..263e2f52533 100644
--- a/dd-java-agent/instrumentation/reactor-core-3.1/build.gradle
+++ b/dd-java-agent/instrumentation/reactor-core-3.1/build.gradle
@@ -16,8 +16,10 @@ dependencies {
   compileOnly group: 'io.projectreactor', name: 'reactor-core', version: '3.1.0.RELEASE'
 
   testImplementation project(':dd-java-agent:instrumentation:trace-annotation')
+  testImplementation project(':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.20')
 
   testImplementation group: 'io.projectreactor', name: 'reactor-core', version: '3.1.0.RELEASE'
+  testImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: '1.28.0'
 
   latestDepTestImplementation group: 'io.projectreactor', name: 'reactor-core', version: '3.4.+'
   // Looks like later versions on reactor need this dependency for some reason even though it is marked as optional.
diff --git a/dd-java-agent/instrumentation/reactor-core-3.1/src/main/java/datadog/trace/instrumentation/reactor/core/MonoFluxInstrumentation.java b/dd-java-agent/instrumentation/reactor-core-3.1/src/main/java/datadog/trace/instrumentation/reactor/core/MonoFluxInstrumentation.java
new file mode 100644
index 00000000000..aa94265a199
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactor-core-3.1/src/main/java/datadog/trace/instrumentation/reactor/core/MonoFluxInstrumentation.java
@@ -0,0 +1,46 @@
+package datadog.trace.instrumentation.reactor.core;
+
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class MonoFluxInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForKnownTypes {
+  public MonoFluxInstrumentation() {
+    super("reactor-core");
+  }
+
+  @Override
+  protected boolean defaultEnabled() {
+    // Only used with OpenTelemetry @WithSpan annotations
+    return InstrumenterConfig.get().isTraceOtelEnabled();
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return new String[] {"reactor.core.publisher.Flux", "reactor.core.publisher.Mono"};
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".ReactorAsyncResultSupportExtension",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(isConstructor(), this.getClass().getName() + "$AsyncTypeAdvice");
+  }
+
+  public static class AsyncTypeAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void init() {
+      ReactorAsyncResultSupportExtension.initialize();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactor-core-3.1/src/main/java/datadog/trace/instrumentation/reactor/core/ReactorAsyncResultSupportExtension.java b/dd-java-agent/instrumentation/reactor-core-3.1/src/main/java/datadog/trace/instrumentation/reactor/core/ReactorAsyncResultSupportExtension.java
new file mode 100644
index 00000000000..d62f8acb089
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactor-core-3.1/src/main/java/datadog/trace/instrumentation/reactor/core/ReactorAsyncResultSupportExtension.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.reactor.core;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator.AsyncResultSupportExtension;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+public class ReactorAsyncResultSupportExtension implements AsyncResultSupportExtension {
+  static {
+    AsyncResultDecorator.registerExtension(new ReactorAsyncResultSupportExtension());
+  }
+
+  /**
+   * Register the extension as an {@link AsyncResultSupportExtension} using static class
+   * initialization.<br>
+   * It uses an empty static method call to ensure the class loading and the one-time-only static
+   * class initialization. This will ensure this extension will only be registered once to the
+   * {@link AsyncResultDecorator}.
+   */
+  public static void initialize() {}
+
+  @Override
+  public boolean supports(Class<?> result) {
+    return Flux.class.isAssignableFrom(result) || Mono.class.isAssignableFrom(result);
+  }
+
+  @Override
+  public Object apply(Object result, AgentSpan span) {
+    if (result instanceof Flux) {
+      return ((Flux<?>) result)
+          .doOnError(span::addThrowable)
+          .doOnTerminate(span::finish)
+          .doOnCancel(span::finish);
+    } else if (result instanceof Mono) {
+      return ((Mono<?>) result)
+          .doOnError(span::addThrowable)
+          .doOnTerminate(span::finish)
+          .doOnCancel(span::finish);
+    }
+    return null;
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactor-core-3.1/src/test/groovy/ReactorAsyncResultSupportExtensionTest.groovy b/dd-java-agent/instrumentation/reactor-core-3.1/src/test/groovy/ReactorAsyncResultSupportExtensionTest.groovy
new file mode 100644
index 00000000000..a80e5564117
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactor-core-3.1/src/test/groovy/ReactorAsyncResultSupportExtensionTest.groovy
@@ -0,0 +1,200 @@
+import annotatedsample.ReactorTracedMethods
+import com.google.common.util.concurrent.ListeningExecutorService
+import com.google.common.util.concurrent.MoreExecutors
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import spock.lang.Shared
+
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.Executors
+
+class ReactorAsyncResultSupportExtensionTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.trace.otel.enabled", "true")
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.20.enabled", "true")
+  }
+
+  @Shared
+  ListeningExecutorService executor
+
+  def setupSpec() {
+    this.executor = MoreExecutors.listeningDecorator(Executors.newSingleThreadExecutor())
+  }
+
+  def cleanupSpec() {
+    this.executor.shutdownNow()
+  }
+
+  def "test WithSpan annotated async method (Mono)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def mono = ReactorTracedMethods.traceAsyncMono(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    mono.block()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactorTracedMethods.traceAsyncMono"
+          operationName "ReactorTracedMethods.traceAsyncMono"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (failing Mono)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new IllegalStateException("Test exception")
+    def mono = ReactorTracedMethods.traceAsyncFailingMono(latch, expectedException)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    mono.block()
+
+    then:
+    thrown(IllegalStateException)
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactorTracedMethods.traceAsyncFailingMono"
+          operationName "ReactorTracedMethods.traceAsyncFailingMono"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (cancelled Mono)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def mono = ReactorTracedMethods.traceAsyncMono(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    mono.subscribe(new ReactorTracedMethods.CancelSubscriber<>())
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactorTracedMethods.traceAsyncMono"
+          operationName "ReactorTracedMethods.traceAsyncMono"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (Flux)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def flux = ReactorTracedMethods.traceAsyncFlux(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    flux.blockLast()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactorTracedMethods.traceAsyncFlux"
+          operationName "ReactorTracedMethods.traceAsyncFlux"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (failing Flux)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new IllegalStateException("Test exception")
+    def flux = ReactorTracedMethods.traceAsyncFailingFlux(latch, expectedException)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    flux.blockLast()
+
+    then:
+    thrown(IllegalStateException)
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactorTracedMethods.traceAsyncFailingFlux"
+          operationName "ReactorTracedMethods.traceAsyncFailingFlux"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+  }
+
+  def "test WithSpan annotated async method (cancelled Flux)"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def flux = ReactorTracedMethods.traceAsyncFlux(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    flux.subscribe(new ReactorTracedMethods.CancelSubscriber<>())
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "ReactorTracedMethods.traceAsyncFlux"
+          operationName "ReactorTracedMethods.traceAsyncFlux"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/reactor-core-3.1/src/test/java/annotatedsample/ReactorTracedMethods.java b/dd-java-agent/instrumentation/reactor-core-3.1/src/test/java/annotatedsample/ReactorTracedMethods.java
new file mode 100644
index 00000000000..a3450a31e20
--- /dev/null
+++ b/dd-java-agent/instrumentation/reactor-core-3.1/src/test/java/annotatedsample/ReactorTracedMethods.java
@@ -0,0 +1,75 @@
+package annotatedsample;
+
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import java.util.concurrent.CountDownLatch;
+import org.reactivestreams.Subscriber;
+import org.reactivestreams.Subscription;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+public class ReactorTracedMethods {
+  @WithSpan
+  public static Mono<String> traceAsyncMono(CountDownLatch latch) {
+    return Mono.fromCallable(
+        () -> {
+          await(latch);
+          return "hello";
+        });
+  }
+
+  @WithSpan
+  public static Mono<String> traceAsyncFailingMono(CountDownLatch latch, Exception exception) {
+    return Mono.fromCallable(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static Flux<String> traceAsyncFlux(CountDownLatch latch) {
+    return Flux.create(
+        emitter -> {
+          await(latch);
+          emitter.next("hello");
+          emitter.complete();
+        });
+  }
+
+  @WithSpan
+  public static Flux<String> traceAsyncFailingFlux(CountDownLatch latch, Exception exception) {
+    return Flux.create(
+        emitter -> {
+          await(latch);
+          emitter.error(exception);
+        });
+  }
+
+  private static void await(CountDownLatch latch) {
+    try {
+      if (!latch.await(5, SECONDS)) {
+        throw new IllegalStateException("Latch still locked");
+      }
+    } catch (InterruptedException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public static class CancelSubscriber<T> implements Subscriber<T> {
+    @Override
+    public void onSubscribe(Subscription s) {
+      s.cancel();
+    }
+
+    @Override
+    public void onNext(T t) {}
+
+    @Override
+    public void onError(Throwable t) {}
+
+    @Override
+    public void onComplete() {}
+  }
+}
diff --git a/dd-java-agent/instrumentation/rediscala-1.8.0/src/main/java/datadog/trace/instrumentation/rediscala/RediscalaClientDecorator.java b/dd-java-agent/instrumentation/rediscala-1.8.0/src/main/java/datadog/trace/instrumentation/rediscala/RediscalaClientDecorator.java
index edc5be86e68..3205409a63e 100644
--- a/dd-java-agent/instrumentation/rediscala-1.8.0/src/main/java/datadog/trace/instrumentation/rediscala/RediscalaClientDecorator.java
+++ b/dd-java-agent/instrumentation/rediscala-1.8.0/src/main/java/datadog/trace/instrumentation/rediscala/RediscalaClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.rediscala;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -17,7 +16,7 @@ public class RediscalaClientDecorator
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation("redis"));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), "redis");
+      SpanNaming.instance().namingSchema().cache().service("redis");
 
   @Override
   protected String[] instrumentationNames() {
diff --git a/dd-java-agent/instrumentation/redisson-2.0.0/src/main/java/datadog/trace/instrumentation/redisson/RedissonClientDecorator.java b/dd-java-agent/instrumentation/redisson-2.0.0/src/main/java/datadog/trace/instrumentation/redisson/RedissonClientDecorator.java
index 7b9a2238f90..481fd745e3b 100644
--- a/dd-java-agent/instrumentation/redisson-2.0.0/src/main/java/datadog/trace/instrumentation/redisson/RedissonClientDecorator.java
+++ b/dd-java-agent/instrumentation/redisson-2.0.0/src/main/java/datadog/trace/instrumentation/redisson/RedissonClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.redisson;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
@@ -14,7 +13,7 @@ public class RedissonClientDecorator
   public static final CharSequence OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation("redis"));
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), "redis");
+      SpanNaming.instance().namingSchema().cache().service("redis");
 
   private static final CharSequence COMPONENT_NAME = UTF8BytesString.create("redis-command");
 
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/CookieParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/CookieParamInjectorAdvice.java
index 826177eab26..c8e48925aa6 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/CookieParamInjectorAdvice.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/CookieParamInjectorAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.resteasy;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -9,21 +10,22 @@
 
 public class CookieParamInjectorAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_COOKIE_VALUE)
   public static void onExit(
       @Advice.Return Object result, @Advice.FieldValue("paramName") String paramName) {
     if (result instanceof String || result instanceof Collection) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         if (result instanceof Collection) {
-          Collection collection = (Collection) result;
+          Collection<?> collection = (Collection<?>) result;
+          final IastContext ctx = IastContext.Provider.get();
           for (Object o : collection) {
             if (o instanceof String) {
-              module.taint(SourceTypes.REQUEST_COOKIE_VALUE, paramName, (String) o);
+              module.taint(ctx, o, SourceTypes.REQUEST_COOKIE_VALUE, paramName);
             }
           }
         } else {
-          module.taint(SourceTypes.REQUEST_COOKIE_VALUE, paramName, (String) result);
+          module.taint(result, SourceTypes.REQUEST_COOKIE_VALUE, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/DecodedFormParametersInstrumentation.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/DecodedFormParametersInstrumentation.java
index a4c211aebe2..528e2127422 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/DecodedFormParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/DecodedFormParametersInstrumentation.java
@@ -134,7 +134,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for getDecodedFormParameters)");
           requestContext.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/FormParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/FormParamInjectorAdvice.java
index 73d025fe89d..cf6b629c28a 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/FormParamInjectorAdvice.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/FormParamInjectorAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.resteasy;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -9,21 +10,22 @@
 
 public class FormParamInjectorAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
   public static void onExit(
       @Advice.Return Object result, @Advice.FieldValue("paramName") String paramName) {
     if (result instanceof String || result instanceof Collection) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         if (result instanceof Collection) {
+          final IastContext ctx = IastContext.Provider.get();
           Collection<?> collection = (Collection<?>) result;
           for (Object o : collection) {
             if (o instanceof String) {
-              module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) o);
+              module.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
             }
           }
         } else {
-          module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) result);
+          module.taint(result, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/HeaderParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/HeaderParamInjectorAdvice.java
index 16090240b77..e6bd6f5cc09 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/HeaderParamInjectorAdvice.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/HeaderParamInjectorAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.resteasy;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -9,7 +10,7 @@
 
 public class HeaderParamInjectorAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_HEADER_VALUE)
   public static void onExit(
       @Advice.Return Object result, @Advice.FieldValue("paramName") String paramName) {
     if (result instanceof String || result instanceof Collection) {
@@ -17,14 +18,15 @@ public static void onExit(
       if (module != null) {
         try {
           if (result instanceof Collection) {
-            Collection collection = (Collection) result;
+            Collection<?> collection = (Collection<?>) result;
+            final IastContext ctx = IastContext.Provider.get();
             for (Object o : collection) {
               if (o instanceof String) {
-                module.taint(SourceTypes.REQUEST_HEADER_VALUE, paramName, (String) o);
+                module.taint(ctx, o, SourceTypes.REQUEST_HEADER_VALUE, paramName);
               }
             }
           } else {
-            module.taint(SourceTypes.REQUEST_HEADER_VALUE, paramName, (String) result);
+            module.taint(result, SourceTypes.REQUEST_HEADER_VALUE, paramName);
           }
         } catch (final Throwable e) {
           module.onUnexpectedException("HeaderParamInjectorAdvice.onExit threw", e);
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MessageBodyReaderInvocationInstrumentation.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MessageBodyReaderInvocationInstrumentation.java
index 09c2a4f4b33..56ffe94e412 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MessageBodyReaderInvocationInstrumentation.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MessageBodyReaderInvocationInstrumentation.java
@@ -80,7 +80,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t =
               new BlockingException(
                   "Blocked request (for AbstractReaderInterceptorContext/readFrom)");
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MethodExpressionInstrumentation.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MethodExpressionInstrumentation.java
index faee6d6947f..6487dc191b3 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MethodExpressionInstrumentation.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MethodExpressionInstrumentation.java
@@ -80,7 +80,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for MethodExpression/populatePathParams)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MultipartFormDataReaderInstrumentation.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MultipartFormDataReaderInstrumentation.java
index 5066ab64896..c18d2b562c7 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MultipartFormDataReaderInstrumentation.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/MultipartFormDataReaderInstrumentation.java
@@ -91,7 +91,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           t = new BlockingException("Blocked request (for MultipartFormDataInput/readFrom)");
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/PathParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/PathParamInjectorAdvice.java
index f6ece3d306b..6c2e140e497 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/PathParamInjectorAdvice.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/PathParamInjectorAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.resteasy;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -9,7 +10,7 @@
 
 public class PathParamInjectorAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
   public static void onExit(
       @Advice.Return Object result, @Advice.FieldValue("paramName") String paramName) {
     if (result instanceof String || result instanceof Collection) {
@@ -17,13 +18,14 @@ public static void onExit(
       if (module != null) {
         if (result instanceof Collection) {
           Collection<?> collection = (Collection<?>) result;
+          final IastContext ctx = IastContext.Provider.get();
           for (Object o : collection) {
             if (o instanceof String) {
-              module.taint(SourceTypes.REQUEST_PATH_PARAMETER, paramName, (String) o);
+              module.taint(ctx, o, SourceTypes.REQUEST_PATH_PARAMETER, paramName);
             }
           }
         } else {
-          module.taint(SourceTypes.REQUEST_PATH_PARAMETER, paramName, (String) result);
+          module.taint(result, SourceTypes.REQUEST_PATH_PARAMETER, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/QueryParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/QueryParamInjectorAdvice.java
index 21b94f775a9..811180e6489 100644
--- a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/QueryParamInjectorAdvice.java
+++ b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/QueryParamInjectorAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.resteasy;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -9,7 +10,7 @@
 
 public class QueryParamInjectorAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
   public static void onExit(
       @Advice.Return Object result, @Advice.FieldValue("encodedName") String paramName) {
     if (result instanceof String || result instanceof Collection) {
@@ -17,13 +18,14 @@ public static void onExit(
       if (module != null) {
         if (result instanceof Collection) {
           Collection<?> collection = (Collection<?>) result;
+          final IastContext ctx = IastContext.Provider.get();
           for (Object o : collection) {
             if (o instanceof String) {
-              module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) o);
+              module.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
             }
           }
         } else {
-          module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, paramName, (String) result);
+          module.taint(result, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/rxjava-1/src/main/java/datadog/trace/instrumentation/rxjava/TracedOnSubscribe.java b/dd-java-agent/instrumentation/rxjava-1/src/main/java/datadog/trace/instrumentation/rxjava/TracedOnSubscribe.java
index 28598211656..e4c7a4a6e4a 100644
--- a/dd-java-agent/instrumentation/rxjava-1/src/main/java/datadog/trace/instrumentation/rxjava/TracedOnSubscribe.java
+++ b/dd-java-agent/instrumentation/rxjava-1/src/main/java/datadog/trace/instrumentation/rxjava/TracedOnSubscribe.java
@@ -1,7 +1,7 @@
 package datadog.trace.instrumentation.rxjava;
 
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
-import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.propagate;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.capture;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
 
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
@@ -26,7 +26,7 @@ public TracedOnSubscribe(
     this.operationName = operationName;
     this.decorator = decorator;
 
-    continuation = propagate().capture();
+    continuation = capture();
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/rxjava-2/build.gradle b/dd-java-agent/instrumentation/rxjava-2/build.gradle
index b080e61fb11..b3e30f1e833 100644
--- a/dd-java-agent/instrumentation/rxjava-2/build.gradle
+++ b/dd-java-agent/instrumentation/rxjava-2/build.gradle
@@ -16,7 +16,9 @@ dependencies {
   compileOnly group: 'io.reactivex.rxjava2', name: 'rxjava', version: '2.0.0'
 
   testImplementation project(':dd-java-agent:instrumentation:trace-annotation')
+  testImplementation project(':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.20')
 
   testImplementation group: 'io.reactivex.rxjava2', name: 'rxjava', version: '2.0.5'
+  testImplementation group: 'io.opentelemetry.instrumentation', name: 'opentelemetry-instrumentation-annotations', version: '1.28.0'
   latestDepTestImplementation group: 'io.reactivex.rxjava2', name: 'rxjava', version: '+'
 }
diff --git a/dd-java-agent/instrumentation/rxjava-2/src/main/java/datadog/trace/instrumentation/rxjava2/RxJavaAsyncResultSupportExtension.java b/dd-java-agent/instrumentation/rxjava-2/src/main/java/datadog/trace/instrumentation/rxjava2/RxJavaAsyncResultSupportExtension.java
new file mode 100644
index 00000000000..e77536bc192
--- /dev/null
+++ b/dd-java-agent/instrumentation/rxjava-2/src/main/java/datadog/trace/instrumentation/rxjava2/RxJavaAsyncResultSupportExtension.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.rxjava2;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator;
+import io.reactivex.Completable;
+import io.reactivex.Flowable;
+import io.reactivex.Maybe;
+import io.reactivex.Observable;
+import io.reactivex.Single;
+
+public class RxJavaAsyncResultSupportExtension
+    implements AsyncResultDecorator.AsyncResultSupportExtension {
+  static {
+    AsyncResultDecorator.registerExtension(new RxJavaAsyncResultSupportExtension());
+  }
+
+  /**
+   * Register the extension as an {@link AsyncResultDecorator.AsyncResultSupportExtension} using
+   * static class initialization.<br>
+   * It uses an empty static method call to ensure the class loading and the one-time-only static
+   * class initialization. This will ensure this extension will only be registered once to the
+   * {@link AsyncResultDecorator}.
+   */
+  public static void initialize() {}
+
+  @Override
+  public boolean supports(Class<?> result) {
+    return Completable.class.isAssignableFrom(result)
+        || Maybe.class.isAssignableFrom(result)
+        || Single.class.isAssignableFrom(result)
+        || Observable.class.isAssignableFrom(result)
+        || Flowable.class.isAssignableFrom(result);
+  }
+
+  @Override
+  public Object apply(Object result, AgentSpan span) {
+    if (result instanceof Completable) {
+      return ((Completable) result)
+          .doOnEvent(throwable -> onError(span, throwable))
+          .doOnDispose(span::finish);
+    } else if (result instanceof Maybe) {
+      return ((Maybe<?>) result)
+          .doOnEvent((o, throwable) -> onError(span, throwable))
+          .doOnDispose(span::finish);
+    } else if (result instanceof Single) {
+      return ((Single<?>) result)
+          .doOnEvent((o, throwable) -> onError(span, throwable))
+          .doOnDispose(span::finish);
+    } else if (result instanceof Observable) {
+      return ((Observable<?>) result)
+          .doOnComplete(span::finish)
+          .doOnError(throwable -> onError(span, throwable))
+          .doOnDispose(span::finish);
+    } else if (result instanceof Flowable) {
+      return ((Flowable<?>) result)
+          .doOnComplete(span::finish)
+          .doOnError(throwable -> onError(span, throwable))
+          .doOnCancel(span::finish);
+    }
+    return null;
+  }
+
+  private static void onError(AgentSpan span, Throwable throwable) {
+    span.addThrowable(throwable);
+    span.finish();
+  }
+}
diff --git a/dd-java-agent/instrumentation/rxjava-2/src/main/java/datadog/trace/instrumentation/rxjava2/RxJavaPluginsInstrumentation.java b/dd-java-agent/instrumentation/rxjava-2/src/main/java/datadog/trace/instrumentation/rxjava2/RxJavaPluginsInstrumentation.java
new file mode 100644
index 00000000000..2b1b6ac6aed
--- /dev/null
+++ b/dd-java-agent/instrumentation/rxjava-2/src/main/java/datadog/trace/instrumentation/rxjava2/RxJavaPluginsInstrumentation.java
@@ -0,0 +1,47 @@
+package datadog.trace.instrumentation.rxjava2;
+
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.InstrumenterConfig;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class RxJavaPluginsInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public RxJavaPluginsInstrumentation() {
+    super("rxjava");
+  }
+
+  @Override
+  protected boolean defaultEnabled() {
+    // Only used with OpenTelemetry @WithSpan annotations
+    return InstrumenterConfig.get().isTraceOtelEnabled();
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.reactivex.plugins.RxJavaPlugins";
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".RxJavaAsyncResultSupportExtension",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(isMethod(), getClass().getName() + "$RxJavaPluginsAdvice");
+  }
+
+  public static class RxJavaPluginsAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void init() {
+      RxJavaAsyncResultSupportExtension.initialize();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/rxjava-2/src/test/groovy/RxJava2ResultSupportExtensionTest.groovy b/dd-java-agent/instrumentation/rxjava-2/src/test/groovy/RxJava2ResultSupportExtensionTest.groovy
new file mode 100644
index 00000000000..c3fd5e92dce
--- /dev/null
+++ b/dd-java-agent/instrumentation/rxjava-2/src/test/groovy/RxJava2ResultSupportExtensionTest.groovy
@@ -0,0 +1,127 @@
+import annotatedsample.RxJava2TracedMethods
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+
+import java.util.concurrent.CountDownLatch
+
+class RxJava2ResultSupportExtensionTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+
+    injectSysConfig("dd.trace.otel.enabled", "true")
+    injectSysConfig("dd.integration.opentelemetry-annotations-1.20.enabled", "true")
+  }
+
+  def "test WithSpan annotated async method #type"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def asyncType = RxJava2TracedMethods."$method"(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    asyncType."$operation"()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "RxJava2TracedMethods.$method"
+          operationName "RxJava2TracedMethods.traceAsync$type"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+
+    where:
+    type          | operation
+    'Completable' | 'blockingGet'
+    'Maybe'       | 'blockingGet'
+    'Single'      | 'blockingGet'
+    'Observable'  | 'blockingLast'
+    'Flowable'    | 'blockingLast'
+    method = "traceAsync$type"
+  }
+
+  def "test WithSpan annotated async method failing #type"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def expectedException = new IllegalStateException("Test exception")
+    def asyncType = RxJava2TracedMethods."$method"(latch, expectedException)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    asyncType."$operation"()
+
+    then:
+    thrown(IllegalStateException)
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "RxJava2TracedMethods.$method"
+          operationName "RxJava2TracedMethods.$method"
+          errored true
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+            errorTags(expectedException)
+          }
+        }
+      }
+    }
+
+    where:
+    type          | operation
+    'Completable' | 'blockingAwait'
+    'Maybe'       | 'blockingGet'
+    'Single'      | 'blockingGet'
+    'Observable'  | 'blockingLast'
+    'Flowable'    | 'blockingLast'
+    method = "traceAsyncFailing$type"
+  }
+
+  def "test WithSpan annotated async method cancelled #type"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def asyncType = RxJava2TracedMethods."$method"(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    asyncType.subscribe().dispose()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          resourceName "RxJava2TracedMethods.$method"
+          operationName "RxJava2TracedMethods.traceAsync$type"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "opentelemetry"
+          }
+        }
+      }
+    }
+
+    where:
+    type          | operation
+    'Completable' | 'blockingGet'
+    'Maybe'       | 'blockingGet'
+    'Single'      | 'blockingGet'
+    'Observable'  | 'blockingLast'
+    'Flowable'    | 'blockingLast'
+    method = "traceAsync$type"
+  }
+}
diff --git a/dd-java-agent/instrumentation/rxjava-2/src/test/java/annotatedsample/RxJava2TracedMethods.java b/dd-java-agent/instrumentation/rxjava-2/src/test/java/annotatedsample/RxJava2TracedMethods.java
new file mode 100644
index 00000000000..5036f5e0ff7
--- /dev/null
+++ b/dd-java-agent/instrumentation/rxjava-2/src/test/java/annotatedsample/RxJava2TracedMethods.java
@@ -0,0 +1,112 @@
+package annotatedsample;
+
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import io.reactivex.Completable;
+import io.reactivex.Flowable;
+import io.reactivex.Maybe;
+import io.reactivex.Observable;
+import io.reactivex.Single;
+import java.util.concurrent.CountDownLatch;
+
+public class RxJava2TracedMethods {
+  @WithSpan
+  public static Completable traceAsyncCompletable(CountDownLatch latch) {
+    return Completable.fromRunnable(() -> await(latch));
+  }
+
+  @WithSpan
+  public static Completable traceAsyncFailingCompletable(
+      CountDownLatch latch, Exception exception) {
+    return Completable.fromCallable(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static Maybe<String> traceAsyncMaybe(CountDownLatch latch) {
+    return Maybe.fromCallable(
+        () -> {
+          await(latch);
+          return "hello";
+        });
+  }
+
+  @WithSpan
+  public static Maybe<String> traceAsyncFailingMaybe(CountDownLatch latch, Exception exception) {
+    return Maybe.fromCallable(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static Single<String> traceAsyncSingle(CountDownLatch latch) {
+    return Single.fromCallable(
+        () -> {
+          await(latch);
+          return "hello";
+        });
+  }
+
+  @WithSpan
+  public static Single<String> traceAsyncFailingSingle(CountDownLatch latch, Exception exception) {
+    return Single.fromCallable(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static Observable<String> traceAsyncObservable(CountDownLatch latch) {
+    return Observable.fromCallable(
+        () -> {
+          await(latch);
+          return "hello";
+        });
+  }
+
+  @WithSpan
+  public static Observable<String> traceAsyncFailingObservable(
+      CountDownLatch latch, Exception exception) {
+    return Observable.fromCallable(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  @WithSpan
+  public static Flowable<String> traceAsyncFlowable(CountDownLatch latch) {
+    return Flowable.fromCallable(
+        () -> {
+          await(latch);
+          return "hello";
+        });
+  }
+
+  @WithSpan
+  public static Flowable<String> traceAsyncFailingFlowable(
+      CountDownLatch latch, Exception exception) {
+    return Flowable.fromCallable(
+        () -> {
+          await(latch);
+          throw exception;
+        });
+  }
+
+  private static void await(CountDownLatch latch) {
+    try {
+      if (!latch.await(5, SECONDS)) {
+        throw new IllegalStateException("Latch still locked");
+      }
+    } catch (InterruptedException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/build.gradle b/dd-java-agent/instrumentation/scala/build.gradle
new file mode 100644
index 00000000000..98b7ca13eb0
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/build.gradle
@@ -0,0 +1,63 @@
+muzzle {
+  pass {
+    group = 'org.scala-lang'
+    module = 'scala-library'
+    versions = '[2.3,4.0)'
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'scala'
+apply plugin: 'call-site-instrumentation'
+
+dependencies {
+  // First 2.10 version that accepts target 1.8
+  compileOnly group: 'org.scala-lang', name: 'scala-library', version: '2.10.7'
+  testImplementation group: 'org.scala-lang', name: 'scala-library', version: '2.10.7'
+  testImplementation(testFixtures(project(':dd-java-agent:agent-iast')))
+  testRuntimeOnly project(':dd-java-agent:instrumentation:iast-instrumenter')
+}
+
+final scalaVersions = [deps.scala211, deps.scala212, deps.scala213, 'org.scala-lang:scala3-library_3:3.3.0'] as List<String>
+
+final testTasks = scalaVersions.collect { scalaLibrary ->
+
+  final version = scalaLibrary.substring(scalaLibrary.lastIndexOf(':') + 1).replaceAll('\\.', '_')
+  def (major, minor) = version.split('_').collect(Integer.&valueOf)
+  final javaConcatenation = major > 2 || minor > 11 // after 2.11 scala uses java.lang.StringBuilder to perform concatenation
+
+  final configuration = configurations.create("${version}Implementation")
+
+  dependencies { handler ->
+    handler.add(configuration.name, scalaLibrary)
+    handler.add(configuration.name, deps.slf4j)
+    if (javaConcatenation) {
+      handler.add(configuration.name, project(':dd-java-agent:instrumentation:java-lang'))
+    }
+  }
+
+  final customSourceSet = sourceSets.create("${version}") {
+    scala {
+      srcDirs = ['src/test/scala']
+      compileClasspath += configuration
+    }
+  }
+
+  return tasks.register("test$version", Test) {
+    classpath = classpath
+      .filter { !it.toString().contains('scala-library') }   // exclude default scala-library
+      .minus(files(sourceSets.test.scala.classesDirectory))  // exclude default /build/classes/scala/test folder
+      .plus(customSourceSet.output.classesDirs)              // add /build/classes/scala/${version} folder
+      .plus(configuration)                                   // add new scala-library configuration
+    systemProperty('uses.java.concat', javaConcatenation)
+    dependsOn(tasks.named("compile${version.capitalize()}Scala"))
+    group = 'verification'
+  }
+}
+
+tasks.named('test', Test).configure {
+  systemProperty('uses.java.concat', false) // version 2.10.7 does not use java concatenation
+  finalizedBy(testTasks)
+}
+
diff --git a/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/RandomCallSite.java b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/RandomCallSite.java
new file mode 100644
index 00000000000..47e69e6562a
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/RandomCallSite.java
@@ -0,0 +1,35 @@
+package datadog.trace.instrumentation.scala;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import datadog.trace.api.iast.sink.WeakRandomnessModule;
+import scala.util.Random;
+
+@Sink(VulnerabilityTypes.WEAK_RANDOMNESS)
+@CallSite(spi = IastCallSites.class)
+public class RandomCallSite {
+
+  @CallSite.Before("boolean scala.util.Random.nextBoolean()")
+  @CallSite.Before("int scala.util.Random.nextInt()")
+  @CallSite.Before("int scala.util.Random.nextInt(int)")
+  @CallSite.Before("long scala.util.Random.nextLong()")
+  @CallSite.Before("float scala.util.Random.nextFloat()")
+  @CallSite.Before("double scala.util.Random.nextDouble()")
+  @CallSite.Before("double scala.util.Random.nextGaussian()")
+  @CallSite.Before("void scala.util.Random.nextBytes(byte[])")
+  @CallSite.Before("java.lang.String scala.util.Random.nextString(int)")
+  @CallSite.Before("char scala.util.Random.nextPrintableChar()")
+  public static void before(@CallSite.This final Random random) {
+    final WeakRandomnessModule module = InstrumentationBridge.WEAK_RANDOMNESS;
+    if (module != null && random != null) {
+      try {
+        module.onWeakRandom(random.getClass());
+      } catch (final Throwable e) {
+        module.onUnexpectedException("random threw", e);
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/ScalaJavaConverters.java b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/ScalaJavaConverters.java
new file mode 100644
index 00000000000..8946a2b9f8b
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/ScalaJavaConverters.java
@@ -0,0 +1,37 @@
+package datadog.trace.instrumentation.scala;
+
+import java.util.Iterator;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+public class ScalaJavaConverters {
+
+  public static <E> Iterable<E> toIterable(@Nonnull final scala.collection.Iterable<E> iterable) {
+    scala.collection.Iterator<E> iterator = iterable.iterator();
+    return () ->
+        new Iterator<E>() {
+          @Override
+          public boolean hasNext() {
+            return iterator.hasNext();
+          }
+
+          @Override
+          public E next() {
+            return iterator.next();
+          }
+        };
+  }
+
+  public static <E> Object[] toArray(@Nullable final scala.collection.Iterable<E> iterable) {
+    if (iterable == null) {
+      return new Object[0];
+    }
+    final int size = iterable.size();
+    final Object[] array = new Object[size];
+    int index = 0;
+    for (scala.collection.Iterator<E> iterator = iterable.iterator(); iterator.hasNext(); ) {
+      array[index++] = iterator.next();
+    }
+    return array;
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/SourceCallSite.java b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/SourceCallSite.java
new file mode 100644
index 00000000000..60423de3802
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/SourceCallSite.java
@@ -0,0 +1,66 @@
+package datadog.trace.instrumentation.scala;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import datadog.trace.api.iast.sink.PathTraversalModule;
+import datadog.trace.api.iast.sink.SsrfModule;
+import java.net.URI;
+import javax.annotation.Nullable;
+
+@Sink(VulnerabilityTypes.WEAK_RANDOMNESS)
+@CallSite(spi = IastCallSites.class)
+public class SourceCallSite {
+
+  @CallSite.Before(
+      "scala.io.BufferedSource scala.io.Source$.fromFile(java.lang.String, scala.io.Codec)")
+  @CallSite.Before(
+      "scala.io.BufferedSource scala.io.Source$.fromFile(java.lang.String, java.lang.String)")
+  public static void beforeFromFile(@CallSite.Argument(0) @Nullable final String path) {
+    if (path != null) {
+      final PathTraversalModule module = InstrumentationBridge.PATH_TRAVERSAL;
+      if (module != null) {
+        try {
+          module.onPathTraversal(path);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("beforeFromFile threw", e);
+        }
+      }
+    }
+  }
+
+  @CallSite.Before(
+      "scala.io.BufferedSource scala.io.Source$.fromFile(java.net.URI, scala.io.Codec)")
+  @CallSite.Before(
+      "scala.io.BufferedSource scala.io.Source$.fromFile(java.net.URI, java.lang.String)")
+  @CallSite.Before("scala.io.BufferedSource scala.io.Source$.fromURI(java.net.URI, scala.io.Codec)")
+  public static void beforeFromURI(@CallSite.Argument(0) @Nullable final URI path) {
+    if (path != null) {
+      final PathTraversalModule module = InstrumentationBridge.PATH_TRAVERSAL;
+      if (module != null) {
+        try {
+          module.onPathTraversal(path);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("beforeFromURI threw", e);
+        }
+      }
+    }
+  }
+
+  @CallSite.Before(
+      "scala.io.BufferedSource scala.io.Source$.fromURL(java.lang.String, java.lang.String)")
+  public static void beforeFromURL(@CallSite.Argument(0) @Nullable final String url) {
+    if (url != null) {
+      final SsrfModule module = InstrumentationBridge.SSRF;
+      if (module != null) {
+        try {
+          module.onURLConnection(url);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("beforeFromURL threw", e);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringBuilderCallSite.java b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringBuilderCallSite.java
new file mode 100644
index 00000000000..bd08bd0b28d
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringBuilderCallSite.java
@@ -0,0 +1,119 @@
+package datadog.trace.instrumentation.scala;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.StringModule;
+import datadog.trace.util.stacktrace.StackUtils;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import scala.collection.mutable.StringBuilder;
+
+@Propagation
+@CallSite(spi = IastCallSites.class)
+public class StringBuilderCallSite {
+
+  @CallSite.After("void scala.collection.mutable.StringBuilder.<init>(java.lang.String)")
+  @Nonnull
+  public static StringBuilder afterInit(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final StringBuilder result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+
+        module.onStringBuilderInit(result, (CharSequence) params[0]);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterInit threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After("void scala.collection.mutable.StringBuilder.<init>(int, java.lang.String)")
+  @Nonnull
+  public static StringBuilder afterInitWithCapacity(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final StringBuilder result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+
+        module.onStringBuilderInit(result, (CharSequence) params[1]);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterInitWithCapacity threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After(
+      "scala.collection.mutable.StringBuilder scala.collection.mutable.StringBuilder.append(java.lang.String)")
+  @CallSite.After(
+      "scala.collection.mutable.StringBuilder scala.collection.mutable.StringBuilder.append(scala.collection.mutable.StringBuilder)")
+  @Nonnull
+  public static StringBuilder afterAppend(
+      @CallSite.This @Nonnull final StringBuilder self,
+      @CallSite.Argument(0) @Nullable final CharSequence param,
+      @CallSite.Return @Nonnull final StringBuilder result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+        module.onStringBuilderAppend(self, param);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterAppend threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.Around(
+      "scala.collection.mutable.StringBuilder scala.collection.mutable.StringBuilder.append(java.lang.Object)")
+  @Nonnull
+  @SuppressFBWarnings(
+      "NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE") // we do check for null on self
+  // parameter
+  public static StringBuilder aroundAppend(
+      @CallSite.This @Nullable final StringBuilder self,
+      @CallSite.Argument(0) @Nullable final Object param)
+      throws Throwable {
+    try {
+      if (self == null) {
+        throw new NullPointerException();
+      }
+      final String paramStr = String.valueOf(param);
+      final StringBuilder result = self.append(paramStr);
+      final StringModule module = InstrumentationBridge.STRING;
+      if (module != null) {
+        try {
+          module.onStringBuilderAppend(self, paramStr);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("aroundAppend threw", e);
+        }
+      }
+      return result;
+    } catch (final Throwable e) {
+      final String clazz = StringBuilderCallSite.class.getName();
+      throw StackUtils.filterUntil(
+          e, s -> s.getClassName().equals(clazz) && s.getMethodName().equals("aroundAppend"));
+    }
+  }
+
+  @CallSite.After("java.lang.String scala.collection.mutable.StringBuilder.toString()")
+  @Nonnull
+  public static String afterToString(
+      @CallSite.This @Nonnull final StringBuilder self,
+      @CallSite.Return @Nonnull final String result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+        module.onStringBuilderToString(self, result);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterToString threw", e);
+      }
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringContextCallSite.java b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringContextCallSite.java
new file mode 100644
index 00000000000..a116b098314
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringContextCallSite.java
@@ -0,0 +1,35 @@
+package datadog.trace.instrumentation.scala;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.StringModule;
+import javax.annotation.Nonnull;
+import scala.StringContext;
+import scala.collection.Seq;
+
+@Propagation
+@CallSite(spi = IastCallSites.class, helpers = ScalaJavaConverters.class)
+public class StringContextCallSite {
+
+  @CallSite.After("java.lang.String scala.StringContext.s(scala.collection.Seq)")
+  @CallSite.After("java.lang.String scala.StringContext.raw(scala.collection.Seq)")
+  @Nonnull
+  public static String afterInterpolation(
+      @CallSite.This @Nonnull final StringContext context,
+      @CallSite.Argument final Seq<?> params,
+      @CallSite.Return @Nonnull final String result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+        final Iterable<String> literals = ScalaJavaConverters.toIterable(context.parts());
+        final Object[] args = ScalaJavaConverters.toArray(params);
+        module.onStringFormat(literals, args, result);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterInterpolation threw", e);
+      }
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringOpsCallSite.java b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringOpsCallSite.java
new file mode 100644
index 00000000000..91ea3402e56
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/main/java/datadog/trace/instrumentation/scala/StringOpsCallSite.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.scala;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.StringModule;
+import javax.annotation.Nonnull;
+import scala.collection.immutable.StringOps;
+
+@Propagation
+@CallSite(spi = IastCallSites.class, helpers = ScalaJavaConverters.class)
+public class StringOpsCallSite {
+
+  @CallSite.After(
+      "java.lang.String scala.collection.immutable.StringOps.format(scala.collection.Seq)")
+  public static String afterInterpolation(
+      @CallSite.This @Nonnull final StringOps stringOps,
+      @CallSite.Argument(0) final scala.collection.Seq<?> params,
+      @CallSite.Return @Nonnull final String result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+        final Object[] args = ScalaJavaConverters.toArray(params);
+        module.onStringFormat(stringOps.toString(), args, result);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterInterpolation threw", e);
+      }
+    }
+    return result;
+  }
+
+  @CallSite.After(
+      "java.lang.String scala.collection.StringOps$.format$extension(java.lang.String, scala.collection.immutable.Seq)")
+  public static String afterInterpolation(
+      @CallSite.This final Object target, // CSI forces to include the target of the invoke
+      @CallSite.Argument(0) @Nonnull final String pattern,
+      @CallSite.Argument(1) final scala.collection.immutable.Seq<?> params,
+      @CallSite.Return @Nonnull final String result) {
+    final StringModule module = InstrumentationBridge.STRING;
+    if (module != null) {
+      try {
+        final Object[] args = ScalaJavaConverters.toArray(params);
+        module.onStringFormat(pattern, args, result);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterInterpolation threw", e);
+      }
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/AbstractIastScalaTest.groovy b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/AbstractIastScalaTest.groovy
new file mode 100644
index 00000000000..b41dea616b5
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/AbstractIastScalaTest.groovy
@@ -0,0 +1,20 @@
+package datadog.trace.instrumentation.scala
+
+import com.datadog.iast.test.IastAgentTestRunner
+import spock.lang.Shared
+
+abstract class AbstractIastScalaTest extends IastAgentTestRunner {
+
+  @Shared
+  boolean usesJavaConcat = Boolean.getBoolean('uses.java.concat')
+
+  @Shared
+  Object testSuite = newSuite()
+
+  private Object newSuite() {
+    final clazz = Thread.currentThread().contextClassLoader.loadClass(suiteName())
+    return clazz.newInstance()
+  }
+
+  abstract String suiteName()
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/RandomCallSiteTest.groovy b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/RandomCallSiteTest.groovy
new file mode 100644
index 00000000000..4d803cbbe2d
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/RandomCallSiteTest.groovy
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.scala
+
+
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.sink.WeakRandomnessModule
+
+class RandomCallSiteTest extends AbstractIastScalaTest {
+
+  @Override
+  String suiteName() {
+    return 'foo.bar.TestRandomSuite'
+  }
+
+  void 'test scala.util.Random.#method'() {
+    setup:
+    final module = Mock(WeakRandomnessModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    testSuite.&"$method".call(args as Object[])
+
+    then:
+    1 * module.onWeakRandom(scala.util.Random)
+    0 * _
+
+    where:
+    method              | args
+    'nextBoolean'       | []
+    'nextInt'           | []
+    'nextInt'           | [3]
+    'nextLong'          | []
+    'nextFloat'         | []
+    'nextDouble'        | []
+    'nextGaussian'      | []
+    'nextBytes'         | [[1, 2, 3] as byte[]]
+    'nextString'        | [2]
+    'nextPrintableChar' | []
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/SourceCallSiteTest.groovy b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/SourceCallSiteTest.groovy
new file mode 100644
index 00000000000..b3c76bd964b
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/SourceCallSiteTest.groovy
@@ -0,0 +1,66 @@
+package datadog.trace.instrumentation.scala
+
+
+import datadog.trace.agent.test.server.http.TestHttpServer
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.sink.PathTraversalModule
+import datadog.trace.api.iast.sink.SsrfModule
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+
+import static datadog.trace.agent.test.server.http.TestHttpServer.httpServer
+
+class SourceCallSiteTest extends AbstractIastScalaTest {
+
+  @AutoCleanup
+  @Shared
+  private final TestHttpServer server = httpServer {
+    handlers {
+      prefix('/') {
+        response.status(200).send('Hello.')
+      }
+    }
+  }
+
+  @Override
+  String suiteName() {
+    return 'foo.bar.TestSourceSuite'
+  }
+
+  void 'test scala.io.Source.#method'() {
+    setup:
+    final module = Mock(PathTraversalModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    testSuite.&"$method".call(args as Object[])
+
+    then:
+    1 * module.onPathTraversal(args[0])
+    0 * _
+
+    where:
+    method     | args
+    'fromFile' | ['/etc/passwd']
+    'fromFile' | ['/etc/passwd', 'utf-8']
+    'fromFile' | [new URI('file:/etc/passwd')]
+    'fromFile' | [new URI('file:/etc/passwd'), 'utf-8']
+    'fromURI'  | [new URI('file:/etc/passwd')]
+  }
+
+  void 'test scala.io.Source.#method'() {
+    setup:
+    final module = Mock(SsrfModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    testSuite.&"$method".call(args as Object[])
+
+    then:
+    1 * module.onURLConnection(args[0])
+
+    where:
+    method     | args
+    'fromURL'  | [server.address.toString(), 'utf-8']
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/StringBuilderCallSiteTest.groovy b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/StringBuilderCallSiteTest.groovy
new file mode 100644
index 00000000000..b63ebd229e6
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/StringBuilderCallSiteTest.groovy
@@ -0,0 +1,127 @@
+package datadog.trace.instrumentation.scala
+
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.propagation.StringModule
+import scala.collection.mutable.StringBuilder as ScalaStringBuilder
+
+import java.lang.StringBuilder as JavaStringBuilder
+
+class StringBuilderCallSiteTest extends AbstractIastScalaTest {
+
+  @Override
+  String suiteName() {
+    return 'foo.bar.TestScalaStringBuilderSuite'
+  }
+
+  void 'test string builder new call site'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite.&init.call(args as Object[])
+
+    then:
+    result.toString() == expected
+    1 * iastModule.onStringBuilderInit(_ as CharSequence, 'Hello World!')
+    0 * _
+
+    where:
+    args                 | expected
+    ['Hello World!']     | 'Hello World!'
+    [12, 'Hello World!'] | 'Hello World!'
+  }
+
+  void 'test string builder append call site'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    if (param.class == String) {
+      testSuite.append(target, (String) param)
+    } else if (param.class == ScalaStringBuilder) {
+      testSuite.append(target, (ScalaStringBuilder) param)
+    } else {
+      testSuite.append(target, param)
+    }
+
+    then:
+    target.toString() == expected
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, _)
+    0 * _
+
+    where:
+    target                   | param                                  | expected
+    new ScalaStringBuilder() | new ScalaStringBuilder('Hello World!') | 'Hello World!'
+    new ScalaStringBuilder() | new JavaStringBuilder('Hello World!')  | 'Hello World!'
+    new ScalaStringBuilder() | 'Hello World!'                         | 'Hello World!'
+  }
+
+  void 'test string builder toString call site'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite.toString(target)
+
+    then:
+    result == 'Hello World!'
+    1 * iastModule.onStringBuilderToString(_ as CharSequence, 'Hello World!')
+    0 * _
+
+    where:
+    target                                 | _
+    new ScalaStringBuilder('Hello World!') | _
+  }
+
+  void 'test string builder call site in plus operations (JDK8)'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite.plus('Hello ', 'World!')
+
+    then:
+    result == 'Hello World!'
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, 'Hello ')
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, 'World!')
+    1 * iastModule.onStringBuilderToString(_ as CharSequence, 'Hello World!')
+    0 * _
+  }
+
+  void 'test string builder call site in plus operations with multiple objects (JDK8)'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final args = ['Come to my website ', new URL('https://www.datadoghq.com/'), ' today is ', new Date()] as Object[]
+    final expected = args.join()
+
+    when:
+    final result = testSuite.plus(args)
+
+    then:
+    result == expected
+
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, '')
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[0])
+    1 * iastModule.onStringBuilderToString(_ as CharSequence, args[0])
+
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[0])
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[1].toString())
+    1 * iastModule.onStringBuilderToString(_ as CharSequence, args[0..1].join())
+
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[0..1].join())
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[2])
+    1 * iastModule.onStringBuilderToString(_ as CharSequence, args[0..2].join())
+
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[0..2].join())
+    1 * iastModule.onStringBuilderAppend(_ as CharSequence, args[3].toString())
+    1 * iastModule.onStringBuilderToString(_ as CharSequence, args[0..3].join())
+
+    0 * _
+  }
+}
+
diff --git a/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/StringContextCallSiteTest.groovy b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/StringContextCallSiteTest.groovy
new file mode 100644
index 00000000000..baf43e9e091
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/groovy/datadog/trace/instrumentation/scala/StringContextCallSiteTest.groovy
@@ -0,0 +1,103 @@
+package datadog.trace.instrumentation.scala
+
+
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.propagation.StringModule
+import spock.lang.IgnoreIf
+
+class StringContextCallSiteTest extends AbstractIastScalaTest {
+
+  @Override
+  String suiteName() {
+    return 'foo.bar.TestStringInterpolationSuite'
+  }
+
+  void 'test #interpolator interpolator'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite."$interpolator"('left', 'right')
+
+    then:
+    result == 'Left is \'left\' and right is \'right\''
+    if (!usesJavaConcat) {
+      1 * iastModule.onStringFormat(
+        { it -> (it as List<String>) == ['Left is \'', '\' and right is \'', '\''] },
+        ['left', 'right'] as Object[],
+        'Left is \'left\' and right is \'right\''
+        )
+    } else {
+      1 * iastModule.onStringBuilderAppend(_ as StringBuilder, 'Left is \'')
+      1 * iastModule.onStringBuilderAppend(_ as StringBuilder, 'left')
+      1 * iastModule.onStringBuilderAppend(_ as StringBuilder, '\' and right is \'')
+      1 * iastModule.onStringBuilderAppend(_ as StringBuilder, 'right')
+      1 * iastModule.onStringBuilderAppend(_ as StringBuilder, '\'')
+      1 * iastModule.onStringBuilderToString(_ as StringBuilder, 'Left is \'left\' and right is \'right\'')
+    }
+    0 * _
+
+    where:
+    interpolator | _
+    's'          | _
+    'raw'        | _
+  }
+
+  void 'test f interpolator'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite.f('left', 'right')
+
+    then:
+    result == 'Left is \'left\' and right is \'right\''
+    1 * iastModule.onStringFormat(
+      'Left is \'%s\' and right is \'%s\'',
+      ['left', 'right'] as Object[],
+      'Left is \'left\' and right is \'right\''
+      )
+    0 * _
+  }
+
+  @IgnoreIf({ instance.usesJavaConcat })
+  void 'test leading empty chunk'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite.leadingChunk('START')
+
+    then:
+    result == 'START: is located at the beginning of the string'
+    1 * iastModule.onStringFormat(
+      { it -> (it as List<String>) == ['', ': is located at the beginning of the string'] },
+      ['START'] as Object[],
+      'START: is located at the beginning of the string'
+      )
+    0 * _
+  }
+
+  @IgnoreIf({ instance.usesJavaConcat })
+  void 'test trailing empty chunk'() {
+    setup:
+    final iastModule = Mock(StringModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+
+    when:
+    final result = testSuite.trailingChunk('END')
+
+    then:
+    result == 'The value is located at the end of the string: END'
+    1 * iastModule.onStringFormat(
+      { it -> (it as List<String>) == ['The value is located at the end of the string: ', ''] },
+      ['END'] as Object[],
+      'The value is located at the end of the string: END'
+      )
+    0 * _
+  }
+}
+
diff --git a/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestRandomSuite.scala b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestRandomSuite.scala
new file mode 100644
index 00000000000..2491b28555b
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestRandomSuite.scala
@@ -0,0 +1,83 @@
+package foo.bar
+
+import org.slf4j.LoggerFactory
+
+import scala.util.Random
+
+class TestRandomSuite {
+
+  private val LOGGER = LoggerFactory.getLogger("TestRandomSuite")
+
+  private val random: Random = new Random()
+
+  def nextBoolean: Boolean = {
+    LOGGER.debug("Before nextBoolean")
+    val result = random.nextBoolean
+    LOGGER.debug("After nextBoolean {}", result)
+    result
+  }
+
+  def nextInt: Int = {
+    LOGGER.debug("Before nextInt")
+    val result = random.nextInt
+    LOGGER.debug("After nextInt {}", result)
+    result
+  }
+
+  def nextInt(i: Int): Int = {
+    LOGGER.debug("Before nextInt {}", i)
+    val result = random.nextInt(i)
+    LOGGER.debug("After nextInt {}", result)
+    result
+  }
+
+  def nextLong: Long = {
+    LOGGER.debug("Before nextLong")
+    val result = random.nextLong
+    LOGGER.debug("After nextLong {}", result)
+    result
+  }
+
+  def nextFloat: Float = {
+    LOGGER.debug("Before nextFloat")
+    val result = random.nextFloat
+    LOGGER.debug("After nextFloat {}", result)
+    result
+  }
+
+  def nextDouble: Double = {
+    LOGGER.debug("Before nextDouble")
+    val result = random.nextDouble
+    LOGGER.debug("After nextDouble {}", result)
+    result
+  }
+
+  def nextGaussian: Double = {
+    LOGGER.debug("Before nextGaussian")
+    val result = random.nextGaussian
+    LOGGER.debug("After nextDouble {}", result)
+    result
+  }
+
+  def nextBytes(bytes: Array[Byte]): Array[Byte] = {
+    LOGGER.debug("Before nextBytes {}", bytes)
+    random.nextBytes(bytes)
+    LOGGER.debug("After nextBytes")
+    bytes
+  }
+
+  def nextString(length: Int): String = {
+    LOGGER.debug("Before nextString {}", length)
+    val result = random.nextString(length)
+    LOGGER.debug("After nextString")
+    result
+  }
+
+  def nextPrintableChar(): Char = {
+    LOGGER.debug("Before nextPrintableChar")
+    val result = random.nextPrintableChar()
+    LOGGER.debug("After nextPrintableChar")
+    result
+  }
+
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestScalaStringBuilderSuite.scala b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestScalaStringBuilderSuite.scala
new file mode 100644
index 00000000000..b40ea4c3c73
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestScalaStringBuilderSuite.scala
@@ -0,0 +1,79 @@
+package foo.bar
+
+import org.slf4j.LoggerFactory
+
+
+class TestScalaStringBuilderSuite {
+
+  private val LOGGER = LoggerFactory.getLogger("TestStringBuilderSuite")
+
+  def init(param: String): StringBuilder = {
+    LOGGER.debug("Before new string builder {}", param)
+    val result: StringBuilder = new StringBuilder(param)
+    LOGGER.debug("After new string builder {}", result)
+    result
+  }
+
+  def init(capacity: Int, param: String): StringBuilder = {
+    LOGGER.debug("Before new string builder {}", param)
+    val result: StringBuilder = new StringBuilder(capacity, param)
+    LOGGER.debug("After new string builder {}", result)
+    result
+  }
+
+  def init(param: java.lang.StringBuilder): StringBuilder = {
+    LOGGER.debug("Before new string builder {}", param)
+    val result: StringBuilder = new StringBuilder(param)
+    LOGGER.debug("After new string builder {}", result)
+    result
+  }
+
+  def append(builder: StringBuilder, param: String): Unit = {
+    LOGGER.debug("Before string builder append {}", param)
+    val result: StringBuilder = builder.append(param)
+    LOGGER.debug("After string builder append {}", result)
+  }
+
+  def append(builder: StringBuilder, param: StringBuilder): Unit = {
+    LOGGER.debug("Before string builder append {}", param)
+    val result: StringBuilder = builder.append(param)
+    LOGGER.debug("After string builder append {}", result)
+  }
+
+  def append(builder: StringBuilder, param: Any): Unit = {
+    LOGGER.debug("Before string builder append {}", param)
+    val result: StringBuilder = builder.append(param)
+    LOGGER.debug("After string builder append {}", result)
+  }
+
+  def toString(builder: StringBuilder): String = {
+    LOGGER.debug("Before string builder toString {}", builder)
+    val result: String = builder.toString
+    LOGGER.debug("After string builder toString {}", result)
+    result
+  }
+
+  def plus(left: String, right: String): String = {
+    LOGGER.debug("Before string plus {} {}", Array(left, right):_*)
+    val result: String = left + right
+    LOGGER.debug("After string plus {}", result)
+    result
+  }
+
+  def plus(left: String, right: AnyRef): String = {
+    LOGGER.debug("Before string plus object {} {}", Array(left, right):_*)
+    val result: String = left + right
+    LOGGER.debug("After string plus object {}", result)
+    result
+  }
+
+  def plus(items: Array[AnyRef]): String = {
+    LOGGER.debug("Before string plus array {}", items:_*)
+    var result: String = ""
+    for (item <- items) {
+      result += item
+    }
+    LOGGER.debug("After string plus array {}", result)
+    result
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestSourceSuite.scala b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestSourceSuite.scala
new file mode 100644
index 00000000000..8f188fbecc4
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestSourceSuite.scala
@@ -0,0 +1,53 @@
+package foo.bar
+
+import org.slf4j.LoggerFactory
+
+import java.net.URI
+import scala.io.{BufferedSource, Source}
+
+class TestSourceSuite {
+
+  private val LOGGER = LoggerFactory.getLogger("TestSourceSuite")
+
+  def fromFile(name: String): BufferedSource = {
+    LOGGER.debug("Before fromFile {}", name)
+    val result = Source.fromFile(name)
+    LOGGER.debug("After fromFile {}", result)
+    result
+  }
+
+  def fromFile(name: String, enc: String): BufferedSource = {
+    LOGGER.debug("Before fromFile {} {}", Array(name, enc):_*)
+    val result = Source.fromFile(name, enc)
+    LOGGER.debug("After fromFile {}", result)
+    result
+  }
+
+  def fromFile(uri: URI): BufferedSource = {
+    LOGGER.debug("Before fromFile {}", uri)
+    val result = Source.fromFile(uri)
+    LOGGER.debug("After fromFile {}", result)
+    result
+  }
+
+  def fromFile(uri: URI, enc: String): BufferedSource = {
+    LOGGER.debug("Before fromFile {} {}", Array(uri, enc):_*)
+    val result = Source.fromFile(uri, enc)
+    LOGGER.debug("After fromFile {}", result)
+    result
+  }
+
+  def fromURI(uri: URI): BufferedSource = {
+    LOGGER.debug("Before fromURI {}", uri)
+    val result = Source.fromURI(uri)
+    LOGGER.debug("After fromURI {}", result)
+    result
+  }
+
+  def fromURL(name: String, enc: String): BufferedSource = {
+    LOGGER.debug("Before fromURL {} {}", Array(name, enc):_*)
+    val result = Source.fromURL(name, enc)
+    LOGGER.debug("After fromURL {}", result)
+    result
+  }
+}
diff --git a/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestStringInterpolationSuite.scala b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestStringInterpolationSuite.scala
new file mode 100644
index 00000000000..9437f0ffc27
--- /dev/null
+++ b/dd-java-agent/instrumentation/scala/src/test/scala/foo/bar/TestStringInterpolationSuite.scala
@@ -0,0 +1,44 @@
+package foo.bar
+
+import org.slf4j.LoggerFactory
+
+class TestStringInterpolationSuite {
+
+  private val LOGGER = LoggerFactory.getLogger("TestStringOpsSuite")
+
+  def f(left: AnyRef, right: AnyRef): String = {
+    LOGGER.debug("Before f {} {}", Array(left, right): _*)
+    val result: String = f"Left is '$left' and right is '$right'"
+    LOGGER.debug("After f {}", result)
+    result
+  }
+
+  def s(left: AnyRef, right: AnyRef): String = {
+    LOGGER.debug("Before s {} {}", Array(left, right): _*)
+    val result: String = s"Left is '$left' and right is '$right'"
+    LOGGER.debug("After s {}", result)
+    result
+  }
+
+  def raw(left: AnyRef, right: AnyRef): String = {
+    LOGGER.debug("Before raw {} {}", Array(left, right): _*)
+    val result: String = raw"Left is '$left' and right is '$right'"
+    LOGGER.debug("After raw {}", result)
+    result
+  }
+
+  def leadingChunk(value: AnyRef): String = {
+    LOGGER.debug("Before leadingChunk {}", value)
+    val result: String = raw"$value: is located at the beginning of the string"
+    LOGGER.debug("After leadingChunk {}", result)
+    result
+  }
+
+  def trailingChunk(value: AnyRef): String = {
+    LOGGER.debug("Before trailingChunk {}", value)
+    val result: String = raw"The value is located at the end of the string: $value"
+    LOGGER.debug("After trailingChunk {}", result)
+    result
+  }
+
+}
diff --git a/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/HttpServletResponseInstrumentation.java b/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/HttpServletResponseInstrumentation.java
index ff2fc9309ed..191f8ecc992 100644
--- a/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/HttpServletResponseInstrumentation.java
+++ b/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/HttpServletResponseInstrumentation.java
@@ -110,8 +110,8 @@ public static class EncodeURLAdvice {
     public static void onExit(@Advice.Argument(0) final String url, @Advice.Return String encoded) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        if (null != url && url.length() > 0 && null != encoded && encoded.length() > 0) {
-          module.taintIfInputIsTainted(encoded, url);
+        if (null != url && !url.isEmpty() && null != encoded && !encoded.isEmpty()) {
+          module.taintIfTainted(encoded, url);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/ServletBlockingHelper.java b/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/ServletBlockingHelper.java
index ffcc0bab77e..48e51382c31 100644
--- a/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/ServletBlockingHelper.java
+++ b/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/ServletBlockingHelper.java
@@ -2,6 +2,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import java.io.IOException;
 import java.io.OutputStream;
@@ -16,6 +17,7 @@ public class ServletBlockingHelper {
   private static final Logger log = LoggerFactory.getLogger(ServletBlockingHelper.class);
 
   public static void commitBlockingResponse(
+      TraceSegment segment,
       HttpServletRequest httpServletRequest,
       HttpServletResponse resp,
       int statusCode_,
@@ -43,6 +45,9 @@ public static void commitBlockingResponse(
     } else {
       template = EMPTY_BYTE_ARRAY;
     }
+
+    segment.effectivelyBlocked();
+
     try {
       OutputStream os = resp.getOutputStream();
       os.write(template);
@@ -53,11 +58,13 @@ public static void commitBlockingResponse(
   }
 
   public static void commitBlockingResponse(
+      TraceSegment segment,
       HttpServletRequest httpServletRequest,
       HttpServletResponse resp,
       Flow.Action.RequestBlockingAction rba) {
 
     commitBlockingResponse(
+        segment,
         httpServletRequest,
         resp,
         rba.getStatusCode(),
diff --git a/dd-java-agent/instrumentation/servlet-common/src/test/groovy/HttpServletResponseInstrumentationTest.groovy b/dd-java-agent/instrumentation/servlet-common/src/test/groovy/HttpServletResponseInstrumentationTest.groovy
index 87a42a2213d..40e7b978b70 100644
--- a/dd-java-agent/instrumentation/servlet-common/src/test/groovy/HttpServletResponseInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/servlet-common/src/test/groovy/HttpServletResponseInstrumentationTest.groovy
@@ -75,7 +75,7 @@ class HttpServletResponseInstrumentationTest extends AgentTestRunner {
     final response = new DummyResponse()
 
     when:
-    response.addCookie(null)
+    response.addCookie((Cookie) null)
 
     then:
     0 * _
@@ -180,7 +180,7 @@ class HttpServletResponseInstrumentationTest extends AgentTestRunner {
 
     then:
     noExceptionThrown()
-    1 * module.taintIfInputIsTainted(_, "http://dummy.url.com")
+    1 * module.taintIfTainted(_, "http://dummy.url.com")
     0 * _
   }
 
@@ -195,7 +195,32 @@ class HttpServletResponseInstrumentationTest extends AgentTestRunner {
 
     then:
     noExceptionThrown()
-    1 * module.taintIfInputIsTainted(_, "http://dummy.url.com")
+    1 * module.taintIfTainted(_, "http://dummy.url.com")
+    0 * _
+  }
+
+  void 'test instrumentation with unknown types'() {
+    setup:
+    final module = Mock(HttpResponseHeaderModule)
+    InstrumentationBridge.registerIastModule(module)
+    final response = new DummyResponse()
+
+    when:
+    response.addCookie(new DummyResponse.CustomCookie())
+
+    then:
+    0 * _
+
+    when:
+    response.addHeader(new DummyResponse.CustomHeaderName(), "value")
+
+    then:
+    0 * _
+
+    when:
+    response.setHeader(new DummyResponse.CustomHeaderName(), "value")
+
+    then:
     0 * _
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet-common/src/test/java/foo/bar/DummyResponse.java b/dd-java-agent/instrumentation/servlet-common/src/test/java/foo/bar/DummyResponse.java
index 71c04e343f2..adcc8440641 100644
--- a/dd-java-agent/instrumentation/servlet-common/src/test/java/foo/bar/DummyResponse.java
+++ b/dd-java-agent/instrumentation/servlet-common/src/test/java/foo/bar/DummyResponse.java
@@ -11,6 +11,8 @@ public class DummyResponse implements HttpServletResponse {
   @Override
   public void addCookie(Cookie cookie) {}
 
+  public void addCookie(CustomCookie cookie) {}
+
   @Override
   public boolean containsHeader(String name) {
     return false;
@@ -54,9 +56,13 @@ public void addDateHeader(String name, long date) {}
   @Override
   public void setHeader(String name, String value) {}
 
+  public void setHeader(CustomHeaderName name, String value) {}
+
   @Override
   public void addHeader(String name, String value) {}
 
+  public void addHeader(CustomHeaderName name, String value) {}
+
   @Override
   public void setIntHeader(String name, int value) {}
 
@@ -119,4 +125,8 @@ public void setLocale(Locale loc) {}
   public Locale getLocale() {
     return null;
   }
+
+  public static class CustomCookie {}
+
+  public static class CustomHeaderName {}
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-2/src/main/java/datadog/trace/instrumentation/servlet2/Servlet2Advice.java b/dd-java-agent/instrumentation/servlet/request-2/src/main/java/datadog/trace/instrumentation/servlet2/Servlet2Advice.java
index 959f649a5ea..ac31baaa709 100644
--- a/dd-java-agent/instrumentation/servlet/request-2/src/main/java/datadog/trace/instrumentation/servlet2/Servlet2Advice.java
+++ b/dd-java-agent/instrumentation/servlet/request-2/src/main/java/datadog/trace/instrumentation/servlet2/Servlet2Advice.java
@@ -64,7 +64,10 @@ public static boolean onEnter(
     Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
     if (rba != null) {
       ServletBlockingHelper.commitBlockingResponse(
-          httpServletRequest, (HttpServletResponse) response, rba);
+          span.getRequestContext().getTraceSegment(),
+          httpServletRequest,
+          (HttpServletResponse) response,
+          rba);
       span.getRequestContext().getTraceSegment().effectivelyBlocked();
       return true; // skip method body
     }
diff --git a/dd-java-agent/instrumentation/servlet/request-2/src/test/groovy/JettyServlet2Test.groovy b/dd-java-agent/instrumentation/servlet/request-2/src/test/groovy/JettyServlet2Test.groovy
index 7a33cf3c73e..5e0e167dc08 100644
--- a/dd-java-agent/instrumentation/servlet/request-2/src/test/groovy/JettyServlet2Test.groovy
+++ b/dd-java-agent/instrumentation/servlet/request-2/src/test/groovy/JettyServlet2Test.groovy
@@ -91,6 +91,11 @@ abstract class JettyServlet2Test extends HttpServerTest<Server> {
     return operation()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testNotFound() {
     false
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/MultipartInstrumentation.java b/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/MultipartInstrumentation.java
new file mode 100644
index 00000000000..10bcde43a04
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/MultipartInstrumentation.java
@@ -0,0 +1,118 @@
+package datadog.trace.instrumentation.servlet3;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.util.Collection;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class MultipartInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForTypeHierarchy {
+
+  public MultipartInstrumentation() {
+    super("servlet", "multipart");
+  }
+
+  public String muzzleDirective() {
+    return "servlet-3.x";
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "javax.servlet.http.Part";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("getName").and(isPublic()).and(takesArguments(0)),
+        getClass().getName() + "$GetNameAdvice");
+    transformation.applyAdvice(
+        named("getHeader").and(isPublic()).and(takesArguments(String.class)),
+        getClass().getName() + "$GetHeaderAdvice");
+    transformation.applyAdvice(
+        named("getHeaders").and(isPublic()).and(takesArguments(String.class)),
+        getClass().getName() + "$GetHeadersAdvice");
+    transformation.applyAdvice(
+        named("getHeaderNames").and(isPublic()).and(takesArguments(0)),
+        getClass().getName() + "$GetHeaderNamesAdvice");
+  }
+
+  public static class GetNameAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static String onExit(@Advice.Return final String name) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        module.taint(name, SourceTypes.REQUEST_MULTIPART_PARAMETER, "Content-Disposition");
+      }
+      return name;
+    }
+  }
+
+  public static class GetHeaderAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static String onExit(
+        @Advice.Return final String value, @Advice.Argument(0) final String name) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        module.taint(value, SourceTypes.REQUEST_MULTIPART_PARAMETER, name);
+      }
+      return value;
+    }
+  }
+
+  public static class GetHeadersAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static void onExit(
+        @Advice.Argument(0) final String headerName,
+        @Advice.Return Collection<String> headerValues) {
+      if (null == headerValues || headerValues.isEmpty()) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (final String value : headerValues) {
+          module.taint(ctx, value, SourceTypes.REQUEST_MULTIPART_PARAMETER, headerName);
+        }
+      }
+    }
+  }
+
+  public static class GetHeaderNamesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static void onExit(@Advice.Return final Collection<String> headerNames) {
+      if (null == headerNames || headerNames.isEmpty()) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (final String name : headerNames) {
+          module.taint(ctx, name, SourceTypes.REQUEST_MULTIPART_PARAMETER);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/Servlet3Advice.java b/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/Servlet3Advice.java
index d4a381de925..b61545ed29f 100644
--- a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/Servlet3Advice.java
+++ b/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/Servlet3Advice.java
@@ -81,7 +81,8 @@ public static boolean onEnter(
 
     Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
     if (rba != null) {
-      ServletBlockingHelper.commitBlockingResponse(httpServletRequest, httpServletResponse, rba);
+      ServletBlockingHelper.commitBlockingResponse(
+          span.getRequestContext().getTraceSegment(), httpServletRequest, httpServletResponse, rba);
       span.getRequestContext().getTraceSegment().effectivelyBlocked();
       return true; // skip method body
     }
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/callsite/HttpServlet3RequestCallSite.java b/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/callsite/HttpServlet3RequestCallSite.java
deleted file mode 100644
index 4d00a38417f..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/callsite/HttpServlet3RequestCallSite.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package datadog.trace.instrumentation.servlet3.callsite;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.source.WebModule;
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-
-@CallSite(spi = IastCallSites.class)
-public class HttpServlet3RequestCallSite {
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After("java.util.Map javax.servlet.http.HttpServletRequest.getParameterMap()")
-  @CallSite.After("java.util.Map javax.servlet.http.HttpServletRequestWrapper.getParameterMap()")
-  public static java.util.Map<java.lang.String, java.lang.String[]> afterGetParameterMap(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final Map<String, String[]> map) {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module != null) {
-      try {
-        module.onParameterValues(map);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return map;
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/callsite/Servlet3RequestCallSite.java b/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/callsite/Servlet3RequestCallSite.java
deleted file mode 100644
index fbd8831500a..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/callsite/Servlet3RequestCallSite.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package datadog.trace.instrumentation.servlet3.callsite;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.source.WebModule;
-import java.util.Map;
-import javax.servlet.ServletRequest;
-
-@CallSite(spi = IastCallSites.class)
-public class Servlet3RequestCallSite {
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After("java.util.Map javax.servlet.ServletRequest.getParameterMap()")
-  @CallSite.After("java.util.Map javax.servlet.ServletRequestWrapper.getParameterMap()")
-  public static java.util.Map<java.lang.String, java.lang.String[]> afterGetParameterMap(
-      @CallSite.This final ServletRequest self, @CallSite.Return final Map<String, String[]> map) {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module != null) {
-      try {
-        module.onParameterValues(map);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return map;
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/AbstractServlet3Test.groovy b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/AbstractServlet3Test.groovy
index 09a3d572a2d..62213dfb27f 100644
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/AbstractServlet3Test.groovy
+++ b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/AbstractServlet3Test.groovy
@@ -21,6 +21,11 @@ import static datadog.trace.agent.test.base.HttpServerTest.ServerEndpoint.UNKNOW
 import static org.junit.Assume.assumeTrue
 
 abstract class AbstractServlet3Test<SERVER, CONTEXT> extends HttpServerTest<SERVER> implements TestingGenericHttpNamingConventions.ServerV0 {
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testRequestBody() {
     true
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/JettyServlet3Test.groovy b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/JettyServlet3Test.groovy
index c8216e77079..48f29338d03 100644
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/JettyServlet3Test.groovy
+++ b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/JettyServlet3Test.groovy
@@ -297,6 +297,13 @@ class JettyServlet3TestInclude extends JettyServlet3Test {
     return true
   }
 
+  @Override
+  boolean testBlocking() {
+    // setting response code from included dispatches is not supported by servlet,
+    // and would require version-dependent hacks on Jetty
+    false
+  }
+
   @Override
   boolean testUserBlocking() {
     false
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/MultipartInstrumentationForkedTest.groovy b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/MultipartInstrumentationForkedTest.groovy
new file mode 100644
index 00000000000..73377c8822f
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/MultipartInstrumentationForkedTest.groovy
@@ -0,0 +1,73 @@
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.SourceTypes
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.smoketest.MockPart
+
+class MultipartInstrumentationForkedTest extends AgentTestRunner {
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig('dd.iast.enabled', 'true')
+  }
+
+  @Override
+  void cleanup() {
+    InstrumentationBridge.clearIastModules()
+  }
+
+  void 'test getName'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getName()
+
+    then:
+    1 * module.taint('partName', SourceTypes.REQUEST_MULTIPART_PARAMETER, 'Content-Disposition')
+    0 * _
+  }
+
+  void 'test getHeader'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getHeader('headerName')
+
+    then:
+    1 * module.taint('headerValue', SourceTypes.REQUEST_MULTIPART_PARAMETER, 'headerName')
+    0 * _
+  }
+
+  void 'test getHeaders'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getHeaders('headerName')
+
+    then:
+    1 * module.taint(_, 'headerValue', SourceTypes.REQUEST_MULTIPART_PARAMETER, 'headerName')
+    0 * _
+  }
+
+  void 'test getHeaderNames'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getHeaderNames()
+
+    then:
+    1 * module.taint(_, 'headerName', SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    0 * _
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/Servlet3TestGetParameterInstrumentation.groovy b/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/Servlet3TestGetParameterInstrumentation.groovy
deleted file mode 100644
index 417f2424acc..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/Servlet3TestGetParameterInstrumentation.groovy
+++ /dev/null
@@ -1,45 +0,0 @@
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.iast.InstrumentationBridge
-import datadog.trace.api.iast.source.WebModule
-import foo.bar.smoketest.HttpServlet3TestSuite
-import foo.bar.smoketest.HttpServletWrapper3TestSuite
-import foo.bar.smoketest.Servlet3TestSuite
-
-import javax.servlet.ServletRequest
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletRequestWrapper
-
-class Servlet3TestGetParameterInstrumentation extends AgentTestRunner {
-
-  @Override
-  protected void configurePreAgent() {
-    injectSysConfig("dd.iast.enabled", "true")
-  }
-
-  void cleanup() {
-    InstrumentationBridge.clearIastModules()
-  }
-
-  void 'test getParameter'() {
-    setup:
-    final iastModule = Mock(WebModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final map = [param1: ['value1', 'value2'] as String[]]
-    final request = Mock(requestClass) {
-      getParameterMap() >> map
-    }
-
-    when:
-    final returnedMap = suite.getParameterMap(request)
-
-    then:
-    returnedMap == map
-    1 * iastModule.onParameterValues(map)
-
-    where:
-    suite                              | requestClass
-    new Servlet3TestSuite()            | ServletRequest
-    new HttpServlet3TestSuite()        | HttpServletRequest
-    new HttpServletWrapper3TestSuite() | HttpServletRequestWrapper
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/HttpServlet3TestSuite.java b/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/HttpServlet3TestSuite.java
deleted file mode 100644
index 073a426ff30..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/HttpServlet3TestSuite.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package foo.bar.smoketest;
-
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-
-public class HttpServlet3TestSuite implements ServletSuite<HttpServletRequest> {
-
-  @Override
-  public Map<String, String[]> getParameterMap(HttpServletRequest request) {
-    return request.getParameterMap();
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/HttpServletWrapper3TestSuite.java b/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/HttpServletWrapper3TestSuite.java
deleted file mode 100644
index 185370b1a76..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/HttpServletWrapper3TestSuite.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package foo.bar.smoketest;
-
-import java.util.Map;
-import javax.servlet.http.HttpServletRequestWrapper;
-
-public class HttpServletWrapper3TestSuite implements ServletSuite<HttpServletRequestWrapper> {
-
-  @Override
-  public Map<String, String[]> getParameterMap(HttpServletRequestWrapper request) {
-    return request.getParameterMap();
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/MockPart.java b/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/MockPart.java
new file mode 100644
index 00000000000..cde71fdd6ac
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/MockPart.java
@@ -0,0 +1,73 @@
+package foo.bar.smoketest;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import javax.servlet.http.Part;
+
+public class MockPart implements Part {
+  private final String name;
+
+  private final Map<String, Collection<String>> headers;
+
+  public MockPart(final String name, final Map<String, Collection<String>> headers) {
+    this.name = name;
+    this.headers = headers;
+  }
+
+  public MockPart(final String name, final String headerName, final String... headerValue) {
+    this.name = name;
+    this.headers = new HashMap<>();
+    this.headers.put(headerName, Arrays.asList(headerValue));
+  }
+
+  @Override
+  public InputStream getInputStream() throws IOException {
+    return null;
+  }
+
+  @Override
+  public String getContentType() {
+    return null;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String getSubmittedFileName() {
+    return null;
+  }
+
+  @Override
+  public long getSize() {
+    return 0;
+  }
+
+  @Override
+  public void write(String fileName) throws IOException {}
+
+  @Override
+  public void delete() throws IOException {}
+
+  @Override
+  public String getHeader(String name) {
+    final Collection<String> values = this.headers.get(name);
+    return values == null || values.isEmpty() ? null : values.iterator().next();
+  }
+
+  @Override
+  public Collection<String> getHeaders(String name) {
+    return headers.get(name);
+  }
+
+  @Override
+  public Collection<String> getHeaderNames() {
+    return this.headers.keySet();
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/Servlet3TestSuite.java b/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/Servlet3TestSuite.java
deleted file mode 100644
index e3d1ccfd606..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/Servlet3TestSuite.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package foo.bar.smoketest;
-
-import java.util.Map;
-import javax.servlet.ServletRequest;
-
-public class Servlet3TestSuite implements ServletSuite<ServletRequest> {
-
-  @Override
-  public Map<String, String[]> getParameterMap(ServletRequest request) {
-    return request.getParameterMap();
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/ServletSuite.java b/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/ServletSuite.java
deleted file mode 100644
index 7e55e71ecba..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-3/src/test/java/foo/bar/smoketest/ServletSuite.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package foo.bar.smoketest;
-
-import java.util.Map;
-import javax.servlet.ServletRequest;
-
-public interface ServletSuite<S extends ServletRequest> {
-
-  Map<String, String[]> getParameterMap(S request);
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestCallSite.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestCallSite.java
index fdcc295a4bb..9691777a6e8 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestCallSite.java
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestCallSite.java
@@ -3,128 +3,57 @@
 import datadog.trace.agent.tooling.csi.CallSite;
 import datadog.trace.api.iast.IastCallSites;
 import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Sink;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.VulnerabilityTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
-import datadog.trace.api.iast.source.WebModule;
-import datadog.trace.util.stacktrace.StackUtils;
 import jakarta.servlet.http.HttpServletRequest;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Map;
 
+/**
+ * Calls to these methods are often triggered outside of customer code, we use call sites to avoid
+ * all these unwanted tainting operations
+ */
 @CallSite(spi = IastCallSites.class)
 public class JakartaHttpServletRequestCallSite {
 
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_PATH)
+  @CallSite.After("java.lang.String jakarta.servlet.http.HttpServletRequest.getRequestURI()")
+  @CallSite.After("java.lang.String jakarta.servlet.http.HttpServletRequestWrapper.getRequestURI()")
+  @CallSite.After("java.lang.String jakarta.servlet.http.HttpServletRequest.getPathInfo()")
+  @CallSite.After("java.lang.String jakarta.servlet.http.HttpServletRequestWrapper.getPathInfo()")
+  @CallSite.After("java.lang.String jakarta.servlet.http.HttpServletRequest.getPathTranslated()")
   @CallSite.After(
-      "java.lang.String jakarta.servlet.http.HttpServletRequest.getParameter(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String jakarta.servlet.http.HttpServletRequestWrapper.getParameter(java.lang.String)")
-  public static String afterGetParameter(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Argument final String name,
-      @CallSite.Return final String value) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, name, value);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return value;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_NAME_STRING)
-  @CallSite.After(
-      "java.util.Enumeration jakarta.servlet.http.HttpServletRequest.getParameterNames()")
-  @CallSite.After(
-      "java.util.Enumeration jakarta.servlet.http.HttpServletRequestWrapper.getParameterNames()")
-  public static Enumeration<String> afterGetParameterNames(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final Enumeration<String> enumeration)
-      throws Throwable {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module == null) {
-      return enumeration;
-    }
-    try {
-      final List<String> parameterNames = new ArrayList<>();
-      while (enumeration.hasMoreElements()) {
-        final String paramName = enumeration.nextElement();
-        parameterNames.add(paramName);
-      }
-      try {
-        module.onParameterNames(parameterNames);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameterNames threw", e);
+      "java.lang.String jakarta.servlet.http.HttpServletRequestWrapper.getPathTranslated()")
+  public static String afterPath(
+      @CallSite.This final HttpServletRequest self, @CallSite.Return final String retValue) {
+    if (null != retValue && !retValue.isEmpty()) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        try {
+          module.taint(retValue, SourceTypes.REQUEST_PATH);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("afterPath threw", e);
+        }
       }
-      return Collections.enumeration(parameterNames);
-    } catch (final Throwable e) {
-      module.onUnexpectedException(
-          "afterGetParameterNames threw while iterating parameter names", e);
-      throw StackUtils.filterFirstDatadog(e);
     }
+    return retValue;
   }
 
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After(
-      "java.lang.String[] jakarta.servlet.http.HttpServletRequest.getParameterValues(java.lang.String)")
+  @Source(SourceTypes.REQUEST_URI)
+  @CallSite.After("java.lang.StringBuffer jakarta.servlet.http.HttpServletRequest.getRequestURL()")
   @CallSite.After(
-      "java.lang.String[] jakarta.servlet.http.HttpServletRequestWrapper.getParameterValues(java.lang.String)")
-  public static String[] afterGetParameterValues(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Argument final String paramName,
-      @CallSite.Return final String[] parameterValues) {
-    if (null != parameterValues) {
-      final WebModule module = InstrumentationBridge.WEB;
+      "java.lang.StringBuffer jakarta.servlet.http.HttpServletRequestWrapper.getRequestURL()")
+  public static StringBuffer afterGetRequestURL(
+      @CallSite.This final HttpServletRequest self, @CallSite.Return final StringBuffer retValue) {
+    if (null != retValue && retValue.length() > 0) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.onParameterValues(paramName, parameterValues);
+          module.taint(retValue, SourceTypes.REQUEST_URI);
         } catch (final Throwable e) {
-          module.onUnexpectedException("afterGetParameterValues threw", e);
+          module.onUnexpectedException("afterGetRequestURL threw", e);
         }
       }
     }
-    return parameterValues;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After("java.util.Map jakarta.servlet.http.HttpServletRequest.getParameterMap()")
-  @CallSite.After("java.util.Map jakarta.servlet.http.HttpServletRequestWrapper.getParameterMap()")
-  public static java.util.Map<java.lang.String, java.lang.String[]> afterGetParameterMap(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final Map<String, String[]> map) {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module != null) {
-      try {
-        module.onParameterValues(map);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return map;
-  }
-
-  @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
-  @CallSite.Before(
-      "jakarta.servlet.RequestDispatcher jakarta.servlet.http.HttpServletRequest.getRequestDispatcher(java.lang.String)")
-  @CallSite.Before(
-      "jakarta.servlet.RequestDispatcher jakarta.servlet.http.HttpServletRequestWrapper.getRequestDispatcher(java.lang.String)")
-  public static void beforeRequestDispatcher(@CallSite.Argument final String path) {
-    final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
-    if (module != null) {
-      try {
-        module.onRedirect(path);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("beforeRequestDispatcher threw", e);
-      }
-    }
+    return retValue;
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestInputStreamCallSite.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestInputStreamCallSite.java
deleted file mode 100644
index 7b51cf18f6f..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestInputStreamCallSite.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package datadog.trace.instrumentation.servlet5;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.propagation.PropagationModule;
-import jakarta.servlet.ServletInputStream;
-import jakarta.servlet.http.HttpServletRequest;
-
-@CallSite(spi = IastCallSites.class)
-public class JakartaHttpServletRequestInputStreamCallSite {
-
-  @Source(SourceTypes.REQUEST_BODY_STRING)
-  @CallSite.After(
-      "jakarta.servlet.ServletInputStream jakarta.servlet.http.HttpServletRequest.getInputStream()")
-  @CallSite.After(
-      "jakarta.servlet.ServletInputStream jakarta.servlet.http.HttpServletRequestWrapper.getInputStream()")
-  public static ServletInputStream afterGetInputStream(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final ServletInputStream inputStream) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObject(SourceTypes.REQUEST_BODY, inputStream);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetInputStream threw", e);
-      }
-    }
-    return inputStream;
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestInstrumentation.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestInstrumentation.java
new file mode 100644
index 00000000000..e9d373b9fb8
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletRequestInstrumentation.java
@@ -0,0 +1,285 @@
+package datadog.trace.instrumentation.servlet5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.TaintableEnumeration;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
+import jakarta.servlet.http.Cookie;
+import java.util.Enumeration;
+import java.util.Map;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@SuppressWarnings("unused")
+@AutoService(Instrumenter.class)
+public class JakartaHttpServletRequestInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForTypeHierarchy {
+
+  private static final String CLASS_NAME = JakartaHttpServletRequestInstrumentation.class.getName();
+  private static final ElementMatcher.Junction<? super TypeDescription> WRAPPER_CLASS =
+      named("jakarta.servlet.http.HttpServletRequestWrapper");
+
+  public JakartaHttpServletRequestInstrumentation() {
+    super("servlet", "servlet-5", "servlet-request");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "jakarta.servlet.http.HttpServletRequest";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()))
+        .and(not(WRAPPER_CLASS))
+        .and(not(extendsClass(WRAPPER_CLASS)));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {"datadog.trace.agent.tooling.iast.TaintableEnumeration"};
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("getHeader")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetHeaderAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getHeaders")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetHeadersAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getHeaderNames")).and(takesArguments(0)),
+        CLASS_NAME + "$GetHeaderNamesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameter")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetParameterAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameterValues")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetParameterValuesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameterMap")).and(takesArguments(0)),
+        CLASS_NAME + "$GetParameterMapAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameterNames")).and(takesArguments(0)),
+        CLASS_NAME + "$GetParameterNamesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getCookies")).and(takesArguments(0)),
+        CLASS_NAME + "$GetCookiesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getQueryString")).and(takesArguments(0)),
+        CLASS_NAME + "$GetQueryStringAdvice");
+    transformation.applyAdvice(
+        isMethod().and(namedOneOf("getInputStream", "getReader")).and(takesArguments(0)),
+        CLASS_NAME + "$GetBodyAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getRequestDispatcher")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetRequestDispatcherAdvice");
+  }
+
+  public static class GetHeaderAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name, @Advice.Return final String value) {
+      if (value == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(value, SourceTypes.REQUEST_HEADER_VALUE, name);
+    }
+  }
+
+  public static class GetHeadersAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name,
+        @Advice.Return(readOnly = false) Enumeration<String> enumeration) {
+      if (enumeration == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      enumeration =
+          TaintableEnumeration.wrap(enumeration, module, SourceTypes.REQUEST_HEADER_VALUE, name);
+    }
+  }
+
+  public static class GetHeaderNamesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_NAME)
+    public static void onExit(@Advice.Return(readOnly = false) Enumeration<String> enumeration) {
+      if (enumeration == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      enumeration =
+          TaintableEnumeration.wrap(enumeration, module, SourceTypes.REQUEST_HEADER_NAME, true);
+    }
+  }
+
+  public static class GetParameterAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name, @Advice.Return final String value) {
+      if (value == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+    }
+  }
+
+  public static class GetParameterValuesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name, @Advice.Return final String[] values) {
+      if (values == null || values.length == 0) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (final String value : values) {
+        module.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+      }
+    }
+  }
+
+  public static class GetParameterMapAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    public static void onExit(@Advice.Return final Map<String, String[]> parameters) {
+      if (parameters == null || parameters.isEmpty()) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (final Map.Entry<String, String[]> entry : parameters.entrySet()) {
+        final String name = entry.getKey();
+        module.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+        final String[] values = entry.getValue();
+        if (values != null) {
+          for (final String value : entry.getValue()) {
+            module.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+          }
+        }
+      }
+    }
+  }
+
+  public static class GetParameterNamesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_NAME)
+    public static void onExit(@Advice.Return(readOnly = false) Enumeration<String> enumeration) {
+      if (enumeration == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      enumeration =
+          TaintableEnumeration.wrap(enumeration, module, SourceTypes.REQUEST_PARAMETER_NAME, true);
+    }
+  }
+
+  public static class GetCookiesAdvice {
+
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
+    public static void onExit(@Advice.Return final Cookie[] cookies) {
+      if (cookies == null || cookies.length == 0) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (final Cookie cookie : cookies) {
+        module.taint(ctx, cookie, SourceTypes.REQUEST_COOKIE_VALUE);
+      }
+    }
+  }
+
+  public static class GetQueryStringAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_QUERY)
+    public static void onExit(@Advice.Return final String queryString) {
+      if (queryString == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(queryString, SourceTypes.REQUEST_QUERY);
+    }
+  }
+
+  public static class GetBodyAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
+    public static void onExit(@Advice.Return final Object body) {
+      if (body == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(body, SourceTypes.REQUEST_BODY);
+    }
+  }
+
+  public static class GetRequestDispatcherAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
+    public static void onExit(@Advice.Argument(0) final String path) {
+      if (path == null) {
+        return;
+      }
+      final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
+      if (module == null) {
+        return;
+      }
+      module.onRedirect(path);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletResponseInstrumentation.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletResponseInstrumentation.java
index a47b5c9129e..af06d7a6b2c 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletResponseInstrumentation.java
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaHttpServletResponseInstrumentation.java
@@ -7,6 +7,7 @@
 import static net.bytebuddy.matcher.ElementMatchers.not;
 import static net.bytebuddy.matcher.ElementMatchers.returns;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
@@ -41,9 +42,14 @@ public ElementMatcher<TypeDescription> hierarchyMatcher() {
 
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
-    transformation.applyAdvice(named("addCookie"), getClass().getName() + "$AddCookieAdvice");
     transformation.applyAdvice(
-        namedOneOf("setHeader", "addHeader"), getClass().getName() + "$AddHeaderAdvice");
+        named("addCookie")
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("jakarta.servlet.http.Cookie"))),
+        getClass().getName() + "$AddCookieAdvice");
+    transformation.applyAdvice(
+        namedOneOf("setHeader", "addHeader").and(takesArguments(String.class, String.class)),
+        getClass().getName() + "$AddHeaderAdvice");
     transformation.applyAdvice(
         namedOneOf("encodeRedirectURL", "encodeURL")
             .and(takesArgument(0, String.class))
@@ -76,7 +82,7 @@ public static class AddHeaderAdvice {
     @Sink(VulnerabilityTypes.RESPONSE_HEADER)
     public static void onEnter(
         @Advice.Argument(0) final String name, @Advice.Argument(1) String value) {
-      if (null != value && value.length() > 0) {
+      if (null != value && !value.isEmpty()) {
         HttpResponseHeaderModule mod = InstrumentationBridge.RESPONSE_HEADER_MODULE;
         if (mod != null) {
           mod.onHeader(name, value);
@@ -91,7 +97,7 @@ public static class SendRedirectAdvice {
     public static void onEnter(@Advice.Argument(0) final String location) {
       final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
       if (module != null) {
-        if (null != location && location.length() > 0) {
+        if (null != location && !location.isEmpty()) {
           module.onRedirect(location);
         }
       }
@@ -103,8 +109,8 @@ public static class EncodeURLAdvice {
     public static void onExit(@Advice.Argument(0) final String url, @Advice.Return String encoded) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        if (null != url && url.length() > 0 && null != encoded && encoded.length() > 0) {
-          module.taintIfInputIsTainted(encoded, url);
+        if (null != url && !url.isEmpty() && null != encoded && !encoded.isEmpty()) {
+          module.taintIfTainted(encoded, url);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaMultipartInstrumentation.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaMultipartInstrumentation.java
new file mode 100644
index 00000000000..6957a3f894d
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaMultipartInstrumentation.java
@@ -0,0 +1,114 @@
+package datadog.trace.instrumentation.servlet5;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.util.Collection;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class JakartaMultipartInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForTypeHierarchy {
+
+  public JakartaMultipartInstrumentation() {
+    super("servlet", "servlet-5", "multipart");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "jakarta.servlet.http.Part";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        named("getName").and(isPublic()).and(takesArguments(0)),
+        getClass().getName() + "$GetNameAdvice");
+    transformation.applyAdvice(
+        named("getHeader").and(isPublic()).and(takesArguments(String.class)),
+        getClass().getName() + "$GetHeaderAdvice");
+    transformation.applyAdvice(
+        named("getHeaders").and(isPublic()).and(takesArguments(String.class)),
+        getClass().getName() + "$GetHeadersAdvice");
+    transformation.applyAdvice(
+        named("getHeaderNames").and(isPublic()).and(takesArguments(0)),
+        getClass().getName() + "$GetHeaderNamesAdvice");
+  }
+
+  public static class GetNameAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static String onExit(@Advice.Return final String name) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        module.taint(name, SourceTypes.REQUEST_MULTIPART_PARAMETER, "Content-Disposition");
+      }
+      return name;
+    }
+  }
+
+  public static class GetHeaderAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static String onExit(
+        @Advice.Return final String value, @Advice.Argument(0) final String name) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        module.taint(value, SourceTypes.REQUEST_MULTIPART_PARAMETER, name);
+      }
+      return value;
+    }
+  }
+
+  public static class GetHeadersAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static void onExit(
+        @Advice.Argument(0) final String headerName,
+        @Advice.Return Collection<String> headerValues) {
+      if (null == headerValues || headerValues.isEmpty()) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (final String value : headerValues) {
+          module.taint(ctx, value, SourceTypes.REQUEST_MULTIPART_PARAMETER, headerName);
+        }
+      }
+    }
+  }
+
+  public static class GetHeaderNamesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    public static void onExit(@Advice.Return final Collection<String> headerNames) {
+      if (null == headerNames || headerNames.isEmpty()) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (final String name : headerNames) {
+          module.taint(ctx, name, SourceTypes.REQUEST_MULTIPART_PARAMETER);
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaServletBlockingHelper.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaServletBlockingHelper.java
new file mode 100644
index 00000000000..5387b06e889
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaServletBlockingHelper.java
@@ -0,0 +1,86 @@
+package datadog.trace.instrumentation.servlet5;
+
+import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
+import datadog.trace.bootstrap.blocking.BlockingActionHelper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class JakartaServletBlockingHelper {
+  private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
+  private static final Logger log = LoggerFactory.getLogger(JakartaServletBlockingHelper.class);
+
+  public static void commitBlockingResponse(
+      TraceSegment segment,
+      HttpServletRequest httpServletRequest,
+      HttpServletResponse resp,
+      int statusCode_,
+      BlockingContentType bct,
+      Map<String, String> extraHeaders) {
+    int statusCode = BlockingActionHelper.getHttpCode(statusCode_);
+    if (!start(resp, statusCode)) {
+      return;
+    }
+
+    for (Map.Entry<String, String> h : extraHeaders.entrySet()) {
+      resp.setHeader(h.getKey(), h.getValue());
+    }
+
+    byte[] template;
+    if (bct != BlockingContentType.NONE) {
+      String acceptHeader = httpServletRequest.getHeader("Accept");
+      BlockingActionHelper.TemplateType type =
+          BlockingActionHelper.determineTemplateType(bct, acceptHeader);
+      template = BlockingActionHelper.getTemplate(type);
+      String contentType = BlockingActionHelper.getContentType(type);
+
+      resp.setHeader("Content-length", Integer.toString(template.length));
+      resp.setHeader("Content-type", contentType);
+    } else {
+      template = EMPTY_BYTE_ARRAY;
+    }
+    segment.effectivelyBlocked();
+
+    try {
+      OutputStream os = resp.getOutputStream();
+      os.write(template);
+      os.close();
+    } catch (IOException e) {
+      log.warn("Error sending error page", e);
+    }
+  }
+
+  public static void commitBlockingResponse(
+      TraceSegment segment,
+      HttpServletRequest httpServletRequest,
+      HttpServletResponse resp,
+      Flow.Action.RequestBlockingAction rba) {
+
+    commitBlockingResponse(
+        segment,
+        httpServletRequest,
+        resp,
+        rba.getStatusCode(),
+        rba.getBlockingContentType(),
+        rba.getExtraHeaders());
+  }
+
+  private static boolean start(HttpServletResponse resp, int statusCode) {
+    if (resp.isCommitted()) {
+      log.warn("response already committed, we can't change it");
+    }
+
+    log.debug("Committing blocking response");
+
+    resp.reset();
+    resp.setStatus(statusCode);
+
+    return true;
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaServletRequestCallSite.java b/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaServletRequestCallSite.java
deleted file mode 100644
index 699a2782bed..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/JakartaServletRequestCallSite.java
+++ /dev/null
@@ -1,146 +0,0 @@
-package datadog.trace.instrumentation.servlet5;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Sink;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.VulnerabilityTypes;
-import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
-import datadog.trace.api.iast.source.WebModule;
-import datadog.trace.util.stacktrace.StackUtils;
-import jakarta.servlet.ServletInputStream;
-import jakarta.servlet.ServletRequest;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Map;
-
-@CallSite(spi = IastCallSites.class)
-public class JakartaServletRequestCallSite {
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After("java.lang.String jakarta.servlet.ServletRequest.getParameter(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String jakarta.servlet.ServletRequestWrapper.getParameter(java.lang.String)")
-  public static String afterGetParameter(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Argument final String name,
-      @CallSite.Return final String value) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, name, value);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return value;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_NAME_STRING)
-  @CallSite.After("java.util.Enumeration jakarta.servlet.ServletRequest.getParameterNames()")
-  @CallSite.After("java.util.Enumeration jakarta.servlet.ServletRequestWrapper.getParameterNames()")
-  public static Enumeration<String> afterGetParameterNames(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Return final Enumeration<String> enumeration)
-      throws Throwable {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module == null) {
-      return enumeration;
-    }
-    try {
-      final List<String> parameterNames = new ArrayList<>();
-      while (enumeration.hasMoreElements()) {
-        final String paramName = enumeration.nextElement();
-        parameterNames.add(paramName);
-      }
-      try {
-        module.onParameterNames(parameterNames);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameterNames threw", e);
-      }
-      return Collections.enumeration(parameterNames);
-    } catch (final Throwable e) {
-      module.onUnexpectedException(
-          "afterGetParameterNames threw while iterating parameter names", e);
-      throw StackUtils.filterFirstDatadog(e);
-    }
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After(
-      "java.lang.String[] jakarta.servlet.ServletRequest.getParameterValues(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String[] jakarta.servlet.ServletRequestWrapper.getParameterValues(java.lang.String)")
-  public static String[] afterGetParameterValues(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Argument final String paramName,
-      @CallSite.Return final String[] parameterValues) {
-    if (null != parameterValues) {
-      final WebModule module = InstrumentationBridge.WEB;
-      if (module != null) {
-        try {
-          module.onParameterValues(paramName, parameterValues);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("afterGetParameterValues threw", e);
-        }
-      }
-    }
-    return parameterValues;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After("java.util.Map jakarta.servlet.ServletRequest.getParameterMap()")
-  @CallSite.After("java.util.Map jakarta.servlet.ServletRequestWrapper.getParameterMap()")
-  public static java.util.Map<java.lang.String, java.lang.String[]> afterGetParameterMap(
-      @CallSite.This final ServletRequest self, @CallSite.Return final Map<String, String[]> map) {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module != null) {
-      try {
-        module.onParameterValues(map);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return map;
-  }
-
-  @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
-  @CallSite.Before(
-      "jakarta.servlet.RequestDispatcher jakarta.servlet.ServletRequest.getRequestDispatcher(java.lang.String)")
-  @CallSite.Before(
-      "jakarta.servlet.RequestDispatcher jakarta.servlet.ServletRequestWrapper.getRequestDispatcher(java.lang.String)")
-  public static void beforeRequestDispatcher(@CallSite.Argument final String path) {
-    final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
-    if (module != null) {
-      try {
-        module.onRedirect(path);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("beforeRequestDispatcher threw", e);
-      }
-    }
-  }
-
-  @Source(SourceTypes.REQUEST_BODY_STRING)
-  @CallSite.After(
-      "jakarta.servlet.ServletInputStream jakarta.servlet.ServletRequest.getInputStream()")
-  @CallSite.After(
-      "jakarta.servlet.ServletInputStream jakarta.servlet.ServletRequestWrapper.getInputStream()")
-  public static ServletInputStream afterGetInputStream(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Return final ServletInputStream inputStream) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObject(SourceTypes.REQUEST_BODY, inputStream);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetInputStream threw", e);
-      }
-    }
-    return inputStream;
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletRequestInstrumentationTest.groovy b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletRequestInstrumentationTest.groovy
new file mode 100644
index 00000000000..7c27dc724f1
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletRequestInstrumentationTest.groovy
@@ -0,0 +1,459 @@
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.SourceTypes
+import datadog.trace.api.iast.propagation.PropagationModule
+import datadog.trace.api.iast.sink.UnvalidatedRedirectModule
+import foo.bar.smoketest.JakartaHttpServletRequestTestSuite
+import foo.bar.smoketest.JakartaHttpServletRequestWrapperTestSuite
+import foo.bar.smoketest.ServletRequestTestSuite
+import jakarta.servlet.RequestDispatcher
+import jakarta.servlet.ServletInputStream
+import jakarta.servlet.http.Cookie
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletRequestWrapper
+
+import datadog.trace.agent.tooling.iast.TaintableEnumeration
+
+class JakartaHttpServletRequestInstrumentationTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig('dd.iast.enabled', 'true')
+  }
+
+  void cleanup() {
+    InstrumentationBridge.clearIastModules()
+  }
+
+  void 'test getHeader'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeader('header')
+
+    then:
+    result == 'value'
+    1 * mock.getHeader('header') >> 'value'
+    1 * iastModule.taint('value', SourceTypes.REQUEST_HEADER_VALUE, 'header')
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getHeaders'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final headers = ['value1', 'value2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeaders('headers').collect()
+
+    then:
+    result == headers
+    1 * mock.getHeaders('headers') >> Collections.enumeration(headers)
+    headers.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_HEADER_VALUE, 'headers') }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getHeaderNames'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final headers = ['header1', 'header2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeaderNames().collect()
+
+    then:
+    result == headers
+    1 * mock.getHeaderNames() >> Collections.enumeration(headers)
+    headers.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_HEADER_NAME, it) }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameter'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameter('parameter')
+
+    then:
+    result == 'value'
+    1 * mock.getParameter('parameter') >> 'value'
+    1 * iastModule.taint('value', SourceTypes.REQUEST_PARAMETER_VALUE, 'parameter')
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameterValues'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final values = ['value1', 'value2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameterValues('parameter').collect()
+
+    then:
+    result == values
+    1 * mock.getParameterValues('parameter') >> { values as String[] }
+    values.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_PARAMETER_VALUE, 'parameter') }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameterMap'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final parameters = [parameter: ['header1', 'header2'] as String[]]
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameterMap()
+
+    then:
+    result == parameters
+    1 * mock.getParameterMap() >> parameters
+    parameters.each { key, values ->
+      1 * iastModule.taint(_, key, SourceTypes.REQUEST_PARAMETER_NAME, key)
+      values.each { value ->
+        1 * iastModule.taint(_, value, SourceTypes.REQUEST_PARAMETER_VALUE, key)
+      }
+    }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+
+  void 'test getParameterNames'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final parameters = ['param1', 'param2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameterNames().collect()
+
+    then:
+    result == parameters
+    1 * mock.getParameterNames() >> Collections.enumeration(parameters)
+    parameters.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_PARAMETER_NAME, it) }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getCookies'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final cookies = [new Cookie('name1', 'value1'), new Cookie('name2', 'value2')] as Cookie[]
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getCookies()
+
+    then:
+    result == cookies
+    1 * mock.getCookies() >> cookies
+    cookies.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_COOKIE_VALUE) }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test that get headers does not fail when servlet related code fails'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final enumeration = Mock(Enumeration) {
+      hasMoreElements() >> { throw new NuclearBomb('Boom!!!') }
+    }
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final headers = request.getHeaders('header')
+
+    then:
+    1 * mock.getHeaders('header') >> enumeration
+    noExceptionThrown()
+
+    when:
+    headers.hasMoreElements()
+
+    then:
+    final bomb = thrown(NuclearBomb)
+    bomb.stackTrace.find { it.className == TaintableEnumeration.name } == null
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test that get header names does not fail when servlet related code fails'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final enumeration = Mock(Enumeration) {
+      hasMoreElements() >> { throw new NuclearBomb('Boom!!!') }
+    }
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeaderNames()
+
+    then:
+    1 * mock.getHeaderNames() >> enumeration
+    noExceptionThrown()
+
+    when:
+    result.hasMoreElements()
+
+    then:
+    final bomb = thrown(NuclearBomb)
+    bomb.stackTrace.find { it.className == TaintableEnumeration.name } == null
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test get query string'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final queryString = 'paramName=paramValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final String result = request.getQueryString()
+
+    then:
+    result == queryString
+    1 * mock.getQueryString() >> queryString
+    1 * iastModule.taint(queryString, SourceTypes.REQUEST_QUERY)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getInputStream'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final is = Mock(ServletInputStream)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getInputStream()
+
+    then:
+    result == is
+    1 * mock.getInputStream() >> is
+    1 * iastModule.taint(is, SourceTypes.REQUEST_BODY)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getReader'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final reader = Mock(BufferedReader)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getReader()
+
+    then:
+    result == reader
+    1 * mock.getReader() >> reader
+    1 * iastModule.taint(reader, SourceTypes.REQUEST_BODY)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getRequestDispatcher'() {
+    setup:
+    final iastModule = Mock(UnvalidatedRedirectModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final path = 'http://dummy.location.com'
+    final dispatcher = Mock(RequestDispatcher)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getRequestDispatcher(path)
+
+    then:
+    result == dispatcher
+    1 * mock.getRequestDispatcher(path) >> dispatcher
+    1 * iastModule.onRedirect(path)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getRequestURI'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final uri = 'retValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getRequestURI()
+
+    then:
+    result == uri
+    1 * mock.getRequestURI() >> uri
+    1 * iastModule.taint(uri, SourceTypes.REQUEST_PATH)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  void 'test getPathInfo'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final pathInfo = 'retValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getPathInfo()
+
+    then:
+    result == pathInfo
+    1 * mock.getPathInfo() >> pathInfo
+    1 * iastModule.taint(pathInfo, SourceTypes.REQUEST_PATH)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  void 'test getPathTranslated'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final pathTranslated = 'retValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getPathTranslated()
+
+    then:
+    result == pathTranslated
+    1 * mock.getPathTranslated() >> pathTranslated
+    1 * iastModule.taint(pathTranslated, SourceTypes.REQUEST_PATH)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  void 'test getRequestURL'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final url = new StringBuffer('retValue')
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getRequestURL()
+
+    then:
+    result == url
+    1 * mock.getRequestURL() >> url
+    1 * iastModule.taint(url, SourceTypes.REQUEST_URI)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  private List<Closure<? extends HttpServletRequest>> testSuite() {
+    return [
+      { HttpServletRequest request -> new CustomRequest(request: request) },
+      { HttpServletRequest request -> new CustomRequestWrapper(new CustomRequest(request: request)) },
+      { HttpServletRequest request ->
+        new HttpServletRequestWrapper(new CustomRequest(request: request))
+      }
+    ]
+  }
+
+  private List<Closure<? extends ServletRequestTestSuite>> testSuiteCallSites() {
+    return [
+      { HttpServletRequest request -> new JakartaHttpServletRequestTestSuite(request) },
+      { HttpServletRequest request -> new JakartaHttpServletRequestWrapperTestSuite(new CustomRequestWrapper(request)) },
+    ]
+  }
+
+  private static class NuclearBomb extends RuntimeException {
+    NuclearBomb(final String message) {
+      super(message)
+    }
+  }
+
+  private static class CustomRequest implements HttpServletRequest {
+    @Delegate
+    private HttpServletRequest request
+  }
+
+  private static class CustomRequestWrapper extends HttpServletRequestWrapper {
+
+    CustomRequestWrapper(final HttpServletRequest request) {
+      super(request)
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletResponseInstrumentationTest.groovy b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletResponseInstrumentationTest.groovy
index 8c164826e12..230119f8ff6 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletResponseInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaHttpServletResponseInstrumentationTest.groovy
@@ -82,7 +82,7 @@ class JakartaHttpServletResponseInstrumentationTest extends AgentTestRunner {
     final response = new DummyResponse()
 
     when:
-    response.addCookie(null)
+    response.addCookie((Cookie) null)
 
     then:
     0 * _
@@ -108,7 +108,7 @@ class JakartaHttpServletResponseInstrumentationTest extends AgentTestRunner {
     final response = new DummyResponse()
 
     when:
-    response.addHeader(null, null)
+    response.addHeader((String) null, null)
 
     then:
     noExceptionThrown()
@@ -135,7 +135,7 @@ class JakartaHttpServletResponseInstrumentationTest extends AgentTestRunner {
     final response = new DummyResponse()
 
     when:
-    response.setHeader(null, null)
+    response.setHeader((String) null, null)
 
     then:
     noExceptionThrown()
@@ -206,13 +206,13 @@ class JakartaHttpServletResponseInstrumentationTest extends AgentTestRunner {
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
     final response = new DummyResponse()
+    final url = 'http://dummy.url.com'
 
     when:
-    response.encodeRedirectURL("http://dummy.url.com")
+    final result = response.encodeRedirectURL(url)
 
     then:
-    noExceptionThrown()
-    1 * module.taintIfInputIsTainted(_, "http://dummy.url.com")
+    1 * module.taintIfTainted(_, url) >> { args -> assert args[0] == result }
     0 * _
   }
 
@@ -221,13 +221,38 @@ class JakartaHttpServletResponseInstrumentationTest extends AgentTestRunner {
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
     final response = new DummyResponse()
+    final url = 'http://dummy.url.com'
 
     when:
-    response.encodeURL("http://dummy.url.com")
+    final result = response.encodeURL(url)
+
+    then:
+    1 * module.taintIfTainted(_, url) >> { args -> assert args[0] == result }
+    0 * _
+  }
+
+  void 'test instrumentation with unknown types'() {
+    setup:
+    final module = Mock(HttpResponseHeaderModule)
+    InstrumentationBridge.registerIastModule(module)
+    final response = new DummyResponse()
+
+    when:
+    response.addCookie(new DummyResponse.CustomCookie())
+
+    then:
+    0 * _
+
+    when:
+    response.addHeader(new DummyResponse.CustomHeaderName(), "value")
+
+    then:
+    0 * _
+
+    when:
+    response.setHeader(new DummyResponse.CustomHeaderName(), "value")
 
     then:
-    noExceptionThrown()
-    1 * module.taintIfInputIsTainted(_, "http://dummy.url.com")
     0 * _
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaMultipartInstrumentationTest.groovy b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaMultipartInstrumentationTest.groovy
new file mode 100644
index 00000000000..19c8a5eb990
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaMultipartInstrumentationTest.groovy
@@ -0,0 +1,73 @@
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.SourceTypes
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.smoketest.MockPart
+
+class JakartaMultipartInstrumentationTest extends AgentTestRunner {
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig('dd.iast.enabled', 'true')
+  }
+
+  @Override
+  void cleanup() {
+    InstrumentationBridge.clearIastModules()
+  }
+
+  void 'test getName'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getName()
+
+    then:
+    1 * module.taint('partName', SourceTypes.REQUEST_MULTIPART_PARAMETER, 'Content-Disposition')
+    0 * _
+  }
+
+  void 'test getHeader'(){
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getHeader('headerName')
+
+    then:
+    1 * module.taint('headerValue', SourceTypes.REQUEST_MULTIPART_PARAMETER, 'headerName')
+    0 * _
+  }
+
+  void 'test getHeaders'(){
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getHeaders('headerName')
+
+    then:
+    1 * module.taint(_, 'headerValue', SourceTypes.REQUEST_MULTIPART_PARAMETER, 'headerName')
+    0 * _
+  }
+
+  void 'test getHeaderNames'(){
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+    final part = new MockPart('partName', 'headerName', 'headerValue')
+
+    when:
+    part.getHeaderNames()
+
+    then:
+    1 * module.taint(_, 'headerName', SourceTypes.REQUEST_MULTIPART_PARAMETER)
+    0 * _
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaServletRequestCallSiteTest.groovy b/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaServletRequestCallSiteTest.groovy
deleted file mode 100644
index 354587a5ed1..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/JakartaServletRequestCallSiteTest.groovy
+++ /dev/null
@@ -1,137 +0,0 @@
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.iast.InstrumentationBridge
-import datadog.trace.api.iast.SourceTypes
-import datadog.trace.api.iast.propagation.PropagationModule
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule
-import datadog.trace.api.iast.source.WebModule
-import foo.bar.smoketest.JakartaHttpServletRequestTestSuite
-import foo.bar.smoketest.JakartaHttpServletRequestWrapperTestSuite
-import foo.bar.smoketest.JakartaServletRequestTestSuite
-import foo.bar.smoketest.JakartaServletRequestWrapperTestSuite
-import groovy.transform.CompileDynamic
-import jakarta.servlet.ServletInputStream
-
-@CompileDynamic
-class JakartaServletRequestCallSiteTest extends AgentTestRunner {
-
-  @Override
-  protected void configurePreAgent() {
-    injectSysConfig("dd.iast.enabled", "true")
-  }
-
-  void cleanup() {
-    InstrumentationBridge.clearIastModules()
-  }
-
-  void 'test getParameter map'() {
-    setup:
-    final iastModule = Mock(WebModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final servletRequest = Mock(clazz)
-    testSuite.init(servletRequest)
-    final map = [param1: ['value1', 'value2'] as String[]]
-    servletRequest.getParameterMap() >> map
-
-    when:
-    final returnedMap = testSuite.getParameterMap()
-
-    then:
-    returnedMap == map
-    1 * iastModule.onParameterValues(map)
-
-    where:
-    testSuite                                       | clazz
-    new JakartaServletRequestTestSuite()            | jakarta.servlet.ServletRequest
-    new JakartaHttpServletRequestTestSuite()        | jakarta.servlet.http.HttpServletRequest
-    new JakartaServletRequestWrapperTestSuite()     | jakarta.servlet.ServletRequestWrapper
-    new JakartaHttpServletRequestWrapperTestSuite() | jakarta.servlet.http.HttpServletRequestWrapper
-  }
-
-  void 'test getParameterValues and getParameterNames'() {
-    setup:
-    final webMod = Mock(WebModule)
-    final propMod = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(webMod)
-    InstrumentationBridge.registerIastModule(propMod)
-    final map = [param1: ['value1', 'value2'] as String[]]
-    final servletRequest = Mock(clazz) {
-      getParameter(_ as String) >> { map.get(it[0]).first() }
-      getParameterValues(_ as String) >> { map.get(it[0]) }
-      getParameterNames() >> { Collections.enumeration(map.keySet()) }
-    }
-
-    testSuite.init(servletRequest)
-
-    when:
-    testSuite.getParameter('param1')
-
-    then:
-    1 * propMod.taint(SourceTypes.REQUEST_PARAMETER_VALUE, 'param1', 'value1')
-
-    when:
-    testSuite.getParameterValues('param1')
-
-    then:
-    1 * webMod.onParameterValues('param1', ['value1', 'value2'])
-
-    when:
-    testSuite.getParameterNames()
-
-    then:
-    1 * webMod.onParameterNames(['param1'])
-
-    where:
-    testSuite                                       | clazz
-    new JakartaServletRequestTestSuite()            | jakarta.servlet.ServletRequest
-    new JakartaHttpServletRequestTestSuite()        | jakarta.servlet.http.HttpServletRequest
-    new JakartaServletRequestWrapperTestSuite()     | jakarta.servlet.ServletRequestWrapper
-    new JakartaHttpServletRequestWrapperTestSuite() | jakarta.servlet.http.HttpServletRequestWrapper
-  }
-
-  void 'test getRequestDispatcher'() {
-    setup:
-    final iastModule = Mock(UnvalidatedRedirectModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final servletRequest = Mock(clazz)
-    final path = 'http://dummy.location.com'
-    testSuite.init(servletRequest)
-
-    when:
-    testSuite.getRequestDispatcher(path)
-
-    then:
-    1 * servletRequest.getRequestDispatcher(path)
-    1 * iastModule.onRedirect(path)
-
-    where:
-    testSuite                                       | clazz
-    new JakartaServletRequestTestSuite()            | jakarta.servlet.ServletRequest
-    new JakartaHttpServletRequestTestSuite()        | jakarta.servlet.http.HttpServletRequest
-    new JakartaServletRequestWrapperTestSuite()     | jakarta.servlet.ServletRequestWrapper
-    new JakartaHttpServletRequestWrapperTestSuite() | jakarta.servlet.http.HttpServletRequestWrapper
-  }
-
-  void 'test getInputStream'() {
-    setup:
-    final iastModule = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final stream = Mock(ServletInputStream)
-    final servletRequest = Mock(clazz) {
-      getInputStream() >> stream
-    }
-    testSuite.init(servletRequest)
-
-    when:
-    testSuite.getInputStream()
-
-    then:
-    1 * iastModule.taintObject(SourceTypes.REQUEST_BODY, stream)
-
-    where:
-    testSuite                                       | clazz
-    new JakartaServletRequestTestSuite()            | jakarta.servlet.ServletRequest
-    new JakartaHttpServletRequestTestSuite()        | jakarta.servlet.http.HttpServletRequest
-    new JakartaServletRequestWrapperTestSuite()     | jakarta.servlet.ServletRequestWrapper
-    new JakartaHttpServletRequestWrapperTestSuite() | jakarta.servlet.http.HttpServletRequestWrapper
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/DummyResponse.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/DummyResponse.java
index 8170e771e75..cdd806f3580 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/DummyResponse.java
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/DummyResponse.java
@@ -12,6 +12,8 @@ public class DummyResponse implements HttpServletResponse {
   @Override
   public void addCookie(Cookie cookie) {}
 
+  public void addCookie(CustomCookie cookie) {}
+
   @Override
   public boolean containsHeader(String name) {
     return false;
@@ -55,9 +57,13 @@ public void addDateHeader(String name, long date) {}
   @Override
   public void setHeader(String name, String value) {}
 
+  public void setHeader(CustomHeaderName name, String value) {}
+
   @Override
   public void addHeader(String name, String value) {}
 
+  public void addHeader(CustomHeaderName name, String value) {}
+
   @Override
   public void setIntHeader(String name, int value) {}
 
@@ -151,4 +157,8 @@ public void setLocale(Locale loc) {}
   public Locale getLocale() {
     return null;
   }
+
+  public static class CustomCookie {}
+
+  public static class CustomHeaderName {}
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestTestSuite.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestTestSuite.java
index b25e9925599..41f3b87641e 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestTestSuite.java
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestTestSuite.java
@@ -1,47 +1,31 @@
 package foo.bar.smoketest;
 
-import jakarta.servlet.RequestDispatcher;
-import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
-import java.io.IOException;
-import java.util.Enumeration;
 
-public class JakartaHttpServletRequestTestSuite
-    implements ServletRequestTestSuite<HttpServletRequest> {
-  HttpServletRequest request;
+public class JakartaHttpServletRequestTestSuite implements ServletRequestTestSuite {
+  private final HttpServletRequest request;
 
-  @Override
-  public void init(HttpServletRequest request) {
+  public JakartaHttpServletRequestTestSuite(final HttpServletRequest request) {
     this.request = request;
   }
 
   @Override
-  public java.util.Map<String, String[]> getParameterMap() {
-    return request.getParameterMap();
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
+  public String getRequestURI() {
+    return request.getRequestURI();
   }
 
   @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
+  public String getPathInfo() {
+    return request.getPathInfo();
   }
 
   @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
+  public String getPathTranslated() {
+    return request.getPathTranslated();
   }
 
   @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
+  public StringBuffer getRequestURL() {
+    return request.getRequestURL();
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestWrapperTestSuite.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestWrapperTestSuite.java
index 318c5a631df..80039d4cdca 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestWrapperTestSuite.java
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaHttpServletRequestWrapperTestSuite.java
@@ -1,47 +1,31 @@
 package foo.bar.smoketest;
 
-import jakarta.servlet.RequestDispatcher;
-import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequestWrapper;
-import java.io.IOException;
-import java.util.Enumeration;
 
-public class JakartaHttpServletRequestWrapperTestSuite
-    implements ServletRequestTestSuite<HttpServletRequestWrapper> {
-  HttpServletRequestWrapper request;
+public class JakartaHttpServletRequestWrapperTestSuite implements ServletRequestTestSuite {
+  private final HttpServletRequestWrapper request;
 
-  @Override
-  public void init(HttpServletRequestWrapper request) {
+  public JakartaHttpServletRequestWrapperTestSuite(final HttpServletRequestWrapper request) {
     this.request = request;
   }
 
   @Override
-  public java.util.Map<String, String[]> getParameterMap() {
-    return request.getParameterMap();
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
+  public String getRequestURI() {
+    return request.getRequestURI();
   }
 
   @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
+  public String getPathInfo() {
+    return request.getPathInfo();
   }
 
   @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
+  public String getPathTranslated() {
+    return request.getPathTranslated();
   }
 
   @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
+  public StringBuffer getRequestURL() {
+    return request.getRequestURL();
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaServletRequestTestSuite.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaServletRequestTestSuite.java
deleted file mode 100644
index 486af8292e8..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaServletRequestTestSuite.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package foo.bar.smoketest;
-
-import jakarta.servlet.RequestDispatcher;
-import jakarta.servlet.ServletInputStream;
-import jakarta.servlet.ServletRequest;
-import java.io.IOException;
-import java.util.Enumeration;
-
-public class JakartaServletRequestTestSuite implements ServletRequestTestSuite<ServletRequest> {
-  ServletRequest request;
-
-  @Override
-  public void init(ServletRequest request) {
-    this.request = request;
-  }
-
-  @Override
-  public java.util.Map<String, String[]> getParameterMap() {
-    return request.getParameterMap();
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
-  }
-
-  @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
-  }
-
-  @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
-  }
-
-  @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaServletRequestWrapperTestSuite.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaServletRequestWrapperTestSuite.java
deleted file mode 100644
index 710cc7a4d37..00000000000
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/JakartaServletRequestWrapperTestSuite.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package foo.bar.smoketest;
-
-import jakarta.servlet.RequestDispatcher;
-import jakarta.servlet.ServletInputStream;
-import jakarta.servlet.ServletRequestWrapper;
-import java.io.IOException;
-import java.util.Enumeration;
-
-public class JakartaServletRequestWrapperTestSuite
-    implements ServletRequestTestSuite<ServletRequestWrapper> {
-  ServletRequestWrapper request;
-
-  @Override
-  public void init(ServletRequestWrapper request) {
-    this.request = request;
-  }
-
-  @Override
-  public java.util.Map<String, String[]> getParameterMap() {
-    return request.getParameterMap();
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
-  }
-
-  @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
-  }
-
-  @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
-  }
-
-  @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/MockPart.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/MockPart.java
new file mode 100644
index 00000000000..0dcb52282e1
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/MockPart.java
@@ -0,0 +1,73 @@
+package foo.bar.smoketest;
+
+import jakarta.servlet.http.Part;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
+public class MockPart implements Part {
+  private final String name;
+
+  private final Map<String, Collection<String>> headers;
+
+  public MockPart(final String name, final Map<String, Collection<String>> headers) {
+    this.name = name;
+    this.headers = headers;
+  }
+
+  public MockPart(final String name, final String headerName, final String... headerValue) {
+    this.name = name;
+    this.headers = new HashMap<>();
+    this.headers.put(headerName, Arrays.asList(headerValue));
+  }
+
+  @Override
+  public InputStream getInputStream() throws IOException {
+    return null;
+  }
+
+  @Override
+  public String getContentType() {
+    return null;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String getSubmittedFileName() {
+    return null;
+  }
+
+  @Override
+  public long getSize() {
+    return 0;
+  }
+
+  @Override
+  public void write(String fileName) throws IOException {}
+
+  @Override
+  public void delete() throws IOException {}
+
+  @Override
+  public String getHeader(String name) {
+    final Collection<String> values = this.headers.get(name);
+    return values == null || values.isEmpty() ? null : values.iterator().next();
+  }
+
+  @Override
+  public Collection<String> getHeaders(String name) {
+    return headers.get(name);
+  }
+
+  @Override
+  public Collection<String> getHeaderNames() {
+    return this.headers.keySet();
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/ServletRequestTestSuite.java b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/ServletRequestTestSuite.java
index 0fd50c559d8..c1e5e45cde4 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/ServletRequestTestSuite.java
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/test/java/foo/bar/smoketest/ServletRequestTestSuite.java
@@ -1,23 +1,12 @@
 package foo.bar.smoketest;
 
-import jakarta.servlet.RequestDispatcher;
-import jakarta.servlet.ServletInputStream;
-import java.io.IOException;
-import java.util.Enumeration;
+public interface ServletRequestTestSuite {
 
-public interface ServletRequestTestSuite<E> {
+  String getRequestURI();
 
-  void init(final E request);
+  String getPathInfo();
 
-  java.util.Map<String, String[]> getParameterMap();
+  String getPathTranslated();
 
-  String getParameter(String paramName);
-
-  String[] getParameterValues(String paramName);
-
-  Enumeration getParameterNames();
-
-  RequestDispatcher getRequestDispatcher(String path);
-
-  ServletInputStream getInputStream() throws IOException;
+  StringBuffer getRequestURL();
 }
diff --git a/dd-java-agent/instrumentation/servlet/request-5/src/testFixtures/groovy/datadog/trace/instrumentation/servlet5/TestServlet5.groovy b/dd-java-agent/instrumentation/servlet/request-5/src/testFixtures/groovy/datadog/trace/instrumentation/servlet5/TestServlet5.groovy
index f7b5752f3b4..749fca1bc63 100644
--- a/dd-java-agent/instrumentation/servlet/request-5/src/testFixtures/groovy/datadog/trace/instrumentation/servlet5/TestServlet5.groovy
+++ b/dd-java-agent/instrumentation/servlet/request-5/src/testFixtures/groovy/datadog/trace/instrumentation/servlet5/TestServlet5.groovy
@@ -103,4 +103,19 @@ class TestServlet5 extends HttpServlet {
       }
     }
   }
+  static HttpServerTest.ServerEndpoint getEndpoint(HttpServletRequest req) {
+    String truePath
+    if (req.servletPath == "") {
+      truePath = req.requestURI - ~'^/[^/]+'
+    } else {
+      // Most correct would be to get the dispatched path from the request
+      // This is not part of the spec varies by implementation so the simplest is just removing
+      // "/dispatch"
+      truePath = req.servletPath.replace("/dispatch", "")
+    }
+    return HttpServerTest.ServerEndpoint.forPath(truePath)
+  }
+  HttpServerTest.ServerEndpoint determineEndpoint(HttpServletRequest req) {
+    getEndpoint(req)
+  }
 }
diff --git a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/CookieInstrumentation.java b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/CookieInstrumentation.java
index 8bb047c1641..37c7b7b2589 100644
--- a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/CookieInstrumentation.java
+++ b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/CookieInstrumentation.java
@@ -42,13 +42,13 @@ public AdviceTransformer transformer() {
 
   public static class GetNameAdvice {
     @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_COOKIE_NAME_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_NAME)
     public static void afterGetName(
         @Advice.This final Object self, @Advice.Return final String result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, result, result, self);
+          module.taintIfTainted(result, self, SourceTypes.REQUEST_COOKIE_NAME, result);
         } catch (final Throwable e) {
           module.onUnexpectedException("afterGetName threw", e);
         }
@@ -59,7 +59,7 @@ public static void afterGetName(
   public static class GetValueAdvice {
 
     @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void afterGetValue(
         @Advice.This final Object self,
         @Advice.FieldValue("name") final String name,
@@ -67,7 +67,7 @@ public static void afterGetValue(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_VALUE, name, result, self);
+          module.taintIfTainted(result, self, SourceTypes.REQUEST_COOKIE_VALUE, name);
         } catch (final Throwable e) {
           module.onUnexpectedException("getValue threw", e);
         }
diff --git a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/HttpServletRequestCallSite.java b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/HttpServletRequestCallSite.java
new file mode 100644
index 00000000000..fce80bb78bc
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/HttpServletRequestCallSite.java
@@ -0,0 +1,59 @@
+package datadog.trace.instrumentation.servlet.http;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Calls to these methods are often triggered outside of customer code, we use call sites to avoid
+ * all these unwanted tainting operations
+ */
+@CallSite(spi = IastCallSites.class)
+public class HttpServletRequestCallSite {
+
+  @Source(SourceTypes.REQUEST_PATH)
+  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequest.getRequestURI()")
+  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequestWrapper.getRequestURI()")
+  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequest.getPathInfo()")
+  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequestWrapper.getPathInfo()")
+  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequest.getPathTranslated()")
+  @CallSite.After(
+      "java.lang.String javax.servlet.http.HttpServletRequestWrapper.getPathTranslated()")
+  public static String afterPath(
+      @CallSite.This final HttpServletRequest self, @CallSite.Return final String retValue) {
+    if (null != retValue && !retValue.isEmpty()) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        try {
+          module.taint(retValue, SourceTypes.REQUEST_PATH);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("afterPath threw", e);
+        }
+      }
+    }
+    return retValue;
+  }
+
+  @Source(SourceTypes.REQUEST_URI)
+  @CallSite.After("java.lang.StringBuffer javax.servlet.http.HttpServletRequest.getRequestURL()")
+  @CallSite.After(
+      "java.lang.StringBuffer javax.servlet.http.HttpServletRequestWrapper.getRequestURL()")
+  public static StringBuffer afterGetRequestURL(
+      @CallSite.This final HttpServletRequest self, @CallSite.Return final StringBuffer retValue) {
+    if (null != retValue && retValue.length() > 0) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        try {
+          module.taint(retValue, SourceTypes.REQUEST_URI);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("afterGetRequestURL threw", e);
+        }
+      }
+    }
+    return retValue;
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/HttpServletRequestInstrumentation.java b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/HttpServletRequestInstrumentation.java
new file mode 100644
index 00000000000..952e95f4409
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/http/HttpServletRequestInstrumentation.java
@@ -0,0 +1,285 @@
+package datadog.trace.instrumentation.servlet.http;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.extendsClass;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.namedOneOf;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.not;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.TaintableEnumeration;
+import datadog.trace.api.iast.IastContext;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.Source;
+import datadog.trace.api.iast.SourceTypes;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
+import java.util.Enumeration;
+import java.util.Map;
+import javax.servlet.http.Cookie;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@SuppressWarnings("unused")
+@AutoService(Instrumenter.class)
+public class HttpServletRequestInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForTypeHierarchy {
+
+  private static final String CLASS_NAME = HttpServletRequestInstrumentation.class.getName();
+  private static final ElementMatcher.Junction<? super TypeDescription> WRAPPER_CLASS =
+      named("javax.servlet.http.HttpServletRequestWrapper");
+
+  public HttpServletRequestInstrumentation() {
+    super("servlet", "servlet-request");
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "javax.servlet.http.HttpServletRequest";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()))
+        .and(not(WRAPPER_CLASS))
+        .and(not(extendsClass(WRAPPER_CLASS)));
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {"datadog.trace.agent.tooling.iast.TaintableEnumeration"};
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("getHeader")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetHeaderAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getHeaders")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetHeadersAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getHeaderNames")).and(takesArguments(0)),
+        CLASS_NAME + "$GetHeaderNamesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameter")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetParameterAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameterValues")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetParameterValuesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameterMap")).and(takesArguments(0)),
+        CLASS_NAME + "$GetParameterMapAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getParameterNames")).and(takesArguments(0)),
+        CLASS_NAME + "$GetParameterNamesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getCookies")).and(takesArguments(0)),
+        CLASS_NAME + "$GetCookiesAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getQueryString")).and(takesArguments(0)),
+        CLASS_NAME + "$GetQueryStringAdvice");
+    transformation.applyAdvice(
+        isMethod().and(namedOneOf("getInputStream", "getReader")).and(takesArguments(0)),
+        CLASS_NAME + "$GetBodyAdvice");
+    transformation.applyAdvice(
+        isMethod().and(named("getRequestDispatcher")).and(takesArguments(String.class)),
+        CLASS_NAME + "$GetRequestDispatcherAdvice");
+  }
+
+  public static class GetHeaderAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name, @Advice.Return final String value) {
+      if (value == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(value, SourceTypes.REQUEST_HEADER_VALUE, name);
+    }
+  }
+
+  public static class GetHeadersAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name,
+        @Advice.Return(readOnly = false) Enumeration<String> enumeration) {
+      if (enumeration == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      enumeration =
+          TaintableEnumeration.wrap(enumeration, module, SourceTypes.REQUEST_HEADER_VALUE, name);
+    }
+  }
+
+  public static class GetHeaderNamesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_NAME)
+    public static void onExit(@Advice.Return(readOnly = false) Enumeration<String> enumeration) {
+      if (enumeration == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      enumeration =
+          TaintableEnumeration.wrap(enumeration, module, SourceTypes.REQUEST_HEADER_NAME, true);
+    }
+  }
+
+  public static class GetParameterAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name, @Advice.Return final String value) {
+      if (value == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+    }
+  }
+
+  public static class GetParameterValuesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    public static void onExit(
+        @Advice.Argument(0) final String name, @Advice.Return final String[] values) {
+      if (values == null || values.length == 0) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (final String value : values) {
+        module.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+      }
+    }
+  }
+
+  public static class GetParameterMapAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
+    public static void onExit(@Advice.Return final Map<String, String[]> parameters) {
+      if (parameters == null || parameters.isEmpty()) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (final Map.Entry<String, String[]> entry : parameters.entrySet()) {
+        final String name = entry.getKey();
+        module.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+        final String[] values = entry.getValue();
+        if (values != null) {
+          for (final String value : entry.getValue()) {
+            module.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+          }
+        }
+      }
+    }
+  }
+
+  public static class GetParameterNamesAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_NAME)
+    public static void onExit(@Advice.Return(readOnly = false) Enumeration<String> enumeration) {
+      if (enumeration == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      enumeration =
+          TaintableEnumeration.wrap(enumeration, module, SourceTypes.REQUEST_PARAMETER_NAME, true);
+    }
+  }
+
+  public static class GetCookiesAdvice {
+
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
+    public static void onExit(@Advice.Return final Cookie[] cookies) {
+      if (cookies == null || cookies.length == 0) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      final IastContext ctx = IastContext.Provider.get();
+      for (final Cookie cookie : cookies) {
+        module.taint(ctx, cookie, SourceTypes.REQUEST_COOKIE_VALUE);
+      }
+    }
+  }
+
+  public static class GetQueryStringAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_QUERY)
+    public static void onExit(@Advice.Return final String queryString) {
+      if (queryString == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(queryString, SourceTypes.REQUEST_QUERY);
+    }
+  }
+
+  public static class GetBodyAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
+    public static void onExit(@Advice.Return final Object body) {
+      if (body == null) {
+        return;
+      }
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module == null) {
+        return;
+      }
+      module.taint(body, SourceTypes.REQUEST_BODY);
+    }
+  }
+
+  public static class GetRequestDispatcherAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
+    public static void onExit(@Advice.Argument(0) final String path) {
+      if (path == null) {
+        return;
+      }
+      final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
+      if (module == null) {
+        return;
+      }
+      module.onRedirect(path);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/HttpServletRequestCallSite.java b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/HttpServletRequestCallSite.java
deleted file mode 100644
index ee76e98212d..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/HttpServletRequestCallSite.java
+++ /dev/null
@@ -1,253 +0,0 @@
-package datadog.trace.instrumentation.servlet.request;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Sink;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.VulnerabilityTypes;
-import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
-import datadog.trace.api.iast.source.WebModule;
-import datadog.trace.util.stacktrace.StackUtils;
-import java.io.BufferedReader;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-@CallSite(spi = IastCallSites.class)
-public class HttpServletRequestCallSite {
-
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
-  @CallSite.After(
-      "java.lang.String javax.servlet.http.HttpServletRequest.getHeader(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String javax.servlet.http.HttpServletRequestWrapper.getHeader(java.lang.String)")
-  public static String afterGetHeader(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Argument final String name,
-      @CallSite.Return final String value) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taint(SourceTypes.REQUEST_HEADER_VALUE, name, value);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetHeader threw", e);
-      }
-    }
-    return value;
-  }
-
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
-  @CallSite.After(
-      "java.util.Enumeration javax.servlet.http.HttpServletRequest.getHeaders(java.lang.String)")
-  @CallSite.After(
-      "java.util.Enumeration javax.servlet.http.HttpServletRequestWrapper.getHeaders(java.lang.String)")
-  public static Enumeration<String> afterGetHeaders(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Argument final String headerName,
-      @CallSite.Return final Enumeration<String> enumeration)
-      throws Throwable {
-    if (enumeration == null) {
-      return null;
-    }
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module == null) {
-      return enumeration;
-    }
-    try {
-      final List<String> headerValues = new ArrayList<>();
-      while (enumeration.hasMoreElements()) {
-        final String headerValue = enumeration.nextElement();
-        headerValues.add(headerValue);
-      }
-      try {
-        module.onHeaderValues(headerName, headerValues);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetHeaders threw", e);
-      }
-      return Collections.enumeration(headerValues);
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterGetHeaders threw while iterating headers", e);
-      throw StackUtils.filterFirstDatadog(e);
-    }
-  }
-
-  @Source(SourceTypes.REQUEST_HEADER_NAME_STRING)
-  @CallSite.After("java.util.Enumeration javax.servlet.http.HttpServletRequest.getHeaderNames()")
-  @CallSite.After(
-      "java.util.Enumeration javax.servlet.http.HttpServletRequestWrapper.getHeaderNames()")
-  public static Enumeration<String> afterGetHeaderNames(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final Enumeration<String> enumeration)
-      throws Throwable {
-    if (enumeration == null) {
-      return null;
-    }
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module == null) {
-      return enumeration;
-    }
-    try {
-      final List<String> headerNames = new ArrayList<>();
-      while (enumeration.hasMoreElements()) {
-        final String headerName = enumeration.nextElement();
-        headerNames.add(headerName);
-      }
-      try {
-        module.onHeaderNames(headerNames);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetHeaderNames threw", e);
-      }
-      return Collections.enumeration(headerNames);
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterGetHeaderNames threw while iterating header names", e);
-      throw StackUtils.filterFirstDatadog(e);
-    }
-  }
-
-  @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
-  @CallSite.After("javax.servlet.http.Cookie[] javax.servlet.http.HttpServletRequest.getCookies()")
-  @CallSite.After(
-      "javax.servlet.http.Cookie[] javax.servlet.http.HttpServletRequestWrapper.getCookies()")
-  public static Cookie[] afterGetCookies(
-      @CallSite.This final HttpServletRequest self, @CallSite.Return final Cookie[] cookies) {
-    if (null != cookies && cookies.length > 0) {
-      final PropagationModule module = InstrumentationBridge.PROPAGATION;
-      if (module != null) {
-        try {
-          module.taintObjects(SourceTypes.REQUEST_COOKIE_VALUE, cookies);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("afterGetCookies threw", e);
-        }
-      }
-    }
-    return cookies;
-  }
-
-  @Source(SourceTypes.REQUEST_QUERY_STRING)
-  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequest.getQueryString()")
-  @CallSite.After("java.lang.String javax.servlet.http.HttpServletRequestWrapper.getQueryString()")
-  public static String afterGetQueryString(
-      @CallSite.This final HttpServletRequest self, @CallSite.Return final String queryString) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taint(SourceTypes.REQUEST_QUERY, null, queryString);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetQueryString threw", e);
-      }
-    }
-    return queryString;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After(
-      "java.lang.String javax.servlet.http.HttpServletRequest.getParameter(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String javax.servlet.http.HttpServletRequestWrapper.getParameter(java.lang.String)")
-  public static String afterGetParameter(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Argument final String name,
-      @CallSite.Return final String value) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, name, value);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return value;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_NAME_STRING)
-  @CallSite.After("java.util.Enumeration javax.servlet.http.HttpServletRequest.getParameterNames()")
-  @CallSite.After(
-      "java.util.Enumeration javax.servlet.http.HttpServletRequestWrapper.getParameterNames()")
-  public static Enumeration<String> afterGetParameterNames(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final Enumeration<String> enumeration)
-      throws Throwable {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module == null) {
-      return enumeration;
-    }
-    try {
-      final List<String> parameterNames = new ArrayList<>();
-      while (enumeration.hasMoreElements()) {
-        final String paramName = enumeration.nextElement();
-        parameterNames.add(paramName);
-      }
-      try {
-        module.onParameterNames(parameterNames);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameterNames threw", e);
-      }
-      return Collections.enumeration(parameterNames);
-    } catch (final Throwable e) {
-      module.onUnexpectedException(
-          "afterGetParameterNames threw while iterating parameter names", e);
-      throw StackUtils.filterFirstDatadog(e);
-    }
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After(
-      "java.lang.String[] javax.servlet.http.HttpServletRequest.getParameterValues(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String[] javax.servlet.http.HttpServletRequestWrapper.getParameterValues(java.lang.String)")
-  public static String[] afterGetParameterValues(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Argument final String paramName,
-      @CallSite.Return final String[] parameterValues) {
-    if (null != parameterValues) {
-      final WebModule module = InstrumentationBridge.WEB;
-      if (module != null) {
-        try {
-          module.onParameterValues(paramName, parameterValues);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("afterGetParameterValues threw", e);
-        }
-      }
-    }
-    return parameterValues;
-  }
-
-  @Source(SourceTypes.REQUEST_BODY_STRING)
-  @CallSite.After("java.io.BufferedReader javax.servlet.http.HttpServletRequest.getReader()")
-  @CallSite.After("java.io.BufferedReader javax.servlet.http.HttpServletRequestWrapper.getReader()")
-  public static BufferedReader afterGetReader(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final BufferedReader bufferedReader) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObject(SourceTypes.REQUEST_BODY, bufferedReader);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetReader threw", e);
-      }
-    }
-    return bufferedReader;
-  }
-
-  @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
-  @CallSite.Before(
-      "javax.servlet.RequestDispatcher javax.servlet.http.HttpServletRequest.getRequestDispatcher(java.lang.String)")
-  @CallSite.Before(
-      "javax.servlet.RequestDispatcher javax.servlet.http.HttpServletRequestWrapper.getRequestDispatcher(java.lang.String)")
-  public static void beforeRequestDispatcher(@CallSite.Argument final String path) {
-    final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
-    if (module != null) {
-      try {
-        module.onRedirect(path);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("beforeRequestDispatcher threw", e);
-      }
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/HttpServletRequestInputStreamCallSite.java b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/HttpServletRequestInputStreamCallSite.java
deleted file mode 100644
index 9d8f360e593..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/HttpServletRequestInputStreamCallSite.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package datadog.trace.instrumentation.servlet.request;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.propagation.PropagationModule;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-
-@CallSite(spi = IastCallSites.class)
-public class HttpServletRequestInputStreamCallSite {
-
-  @Source(SourceTypes.REQUEST_BODY_STRING)
-  @CallSite.After(
-      "javax.servlet.ServletInputStream javax.servlet.http.HttpServletRequest.getInputStream()")
-  @CallSite.After(
-      "javax.servlet.ServletInputStream javax.servlet.http.HttpServletRequestWrapper.getInputStream()")
-  public static ServletInputStream afterGetInputStream(
-      @CallSite.This final HttpServletRequest self,
-      @CallSite.Return final ServletInputStream inputStream) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObject(SourceTypes.REQUEST_BODY, inputStream);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetInputStream threw", e);
-      }
-    }
-    return inputStream;
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/ServletRequestCallSite.java b/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/ServletRequestCallSite.java
deleted file mode 100644
index dbdef0ce0ae..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/main/java/datadog/trace/instrumentation/servlet/request/ServletRequestCallSite.java
+++ /dev/null
@@ -1,146 +0,0 @@
-package datadog.trace.instrumentation.servlet.request;
-
-import datadog.trace.agent.tooling.csi.CallSite;
-import datadog.trace.api.iast.IastCallSites;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Sink;
-import datadog.trace.api.iast.Source;
-import datadog.trace.api.iast.SourceTypes;
-import datadog.trace.api.iast.VulnerabilityTypes;
-import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
-import datadog.trace.api.iast.source.WebModule;
-import datadog.trace.util.stacktrace.StackUtils;
-import java.io.BufferedReader;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.List;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletRequest;
-
-@CallSite(spi = IastCallSites.class)
-public class ServletRequestCallSite {
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After("java.lang.String javax.servlet.ServletRequest.getParameter(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String javax.servlet.ServletRequestWrapper.getParameter(java.lang.String)")
-  public static String afterGetParameter(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Argument final String name,
-      @CallSite.Return final String value) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taint(SourceTypes.REQUEST_PARAMETER_VALUE, name, value);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameter threw", e);
-      }
-    }
-    return value;
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_NAME_STRING)
-  @CallSite.After("java.util.Enumeration javax.servlet.ServletRequest.getParameterNames()")
-  @CallSite.After("java.util.Enumeration javax.servlet.ServletRequestWrapper.getParameterNames()")
-  public static Enumeration<String> afterGetParameterNames(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Return final Enumeration<String> enumeration)
-      throws Throwable {
-    final WebModule module = InstrumentationBridge.WEB;
-    if (module == null) {
-      return enumeration;
-    }
-    try {
-      final List<String> parameterNames = new ArrayList<>();
-      while (enumeration.hasMoreElements()) {
-        final String paramName = enumeration.nextElement();
-        parameterNames.add(paramName);
-      }
-      try {
-        module.onParameterNames(parameterNames);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetParameterNames threw", e);
-      }
-      return Collections.enumeration(parameterNames);
-    } catch (final Throwable e) {
-      module.onUnexpectedException(
-          "afterGetParameterNames threw while iterating parameter names", e);
-      throw StackUtils.filterFirstDatadog(e);
-    }
-  }
-
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
-  @CallSite.After(
-      "java.lang.String[] javax.servlet.ServletRequest.getParameterValues(java.lang.String)")
-  @CallSite.After(
-      "java.lang.String[] javax.servlet.ServletRequestWrapper.getParameterValues(java.lang.String)")
-  public static String[] afterGetParameterValues(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Argument final String paramName,
-      @CallSite.Return final String[] parameterValues) {
-    if (null != parameterValues) {
-      final WebModule module = InstrumentationBridge.WEB;
-      if (module != null) {
-        try {
-          module.onParameterValues(paramName, parameterValues);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("afterGetParameterValues threw", e);
-        }
-      }
-    }
-    return parameterValues;
-  }
-
-  @Source(SourceTypes.REQUEST_BODY_STRING)
-  @CallSite.After("javax.servlet.ServletInputStream javax.servlet.ServletRequest.getInputStream()")
-  @CallSite.After(
-      "javax.servlet.ServletInputStream javax.servlet.ServletRequestWrapper.getInputStream()")
-  public static ServletInputStream afterGetInputStream(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Return final ServletInputStream inputStream) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObject(SourceTypes.REQUEST_BODY, inputStream);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetInputStream threw", e);
-      }
-    }
-    return inputStream;
-  }
-
-  @Source(SourceTypes.REQUEST_BODY_STRING)
-  @CallSite.After("java.io.BufferedReader javax.servlet.ServletRequest.getReader()")
-  @CallSite.After("java.io.BufferedReader javax.servlet.ServletRequestWrapper.getReader()")
-  public static BufferedReader afterGetReader(
-      @CallSite.This final ServletRequest self,
-      @CallSite.Return final BufferedReader bufferedReader) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObject(SourceTypes.REQUEST_BODY, bufferedReader);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterGetReader threw", e);
-      }
-    }
-    return bufferedReader;
-  }
-
-  @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
-  @CallSite.Before(
-      "javax.servlet.RequestDispatcher javax.servlet.ServletRequest.getRequestDispatcher(java.lang.String)")
-  @CallSite.Before(
-      "javax.servlet.RequestDispatcher javax.servlet.ServletRequestWrapper.getRequestDispatcher(java.lang.String)")
-  public static void beforeRequestDispatcher(@CallSite.Argument final String path) {
-    final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
-    if (module != null) {
-      try {
-        module.onRedirect(path);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("beforeRequestDispatcher threw", e);
-      }
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/groovy/CookieInstrumentationTest.groovy b/dd-java-agent/instrumentation/servlet/src/test/groovy/CookieInstrumentationTest.groovy
index ccea6f41e4b..2d7173c8446 100644
--- a/dd-java-agent/instrumentation/servlet/src/test/groovy/CookieInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/servlet/src/test/groovy/CookieInstrumentationTest.groovy
@@ -1,10 +1,11 @@
-import datadog.smoketest.controller.CookieTestSuite
 import datadog.trace.agent.test.AgentTestRunner
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.propagation.PropagationModule
 import groovy.transform.CompileDynamic
 
+import javax.servlet.http.Cookie
+
 @CompileDynamic
 class CookieInstrumentationTest extends AgentTestRunner {
 
@@ -20,27 +21,27 @@ class CookieInstrumentationTest extends AgentTestRunner {
     setup:
     final iastModule = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(iastModule)
-    final cookieTestSuite = new CookieTestSuite(NAME, VALUE)
+    final cookie = new Cookie(NAME, VALUE)
 
     when:
-    final result = cookieTestSuite.getName()
+    final result = cookie.getName()
 
     then:
     result == NAME
-    1 * iastModule.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, NAME, NAME, cookieTestSuite.getCookie())
+    1 * iastModule.taintIfTainted(NAME, cookie, SourceTypes.REQUEST_COOKIE_NAME, NAME)
   }
 
   void 'test getValue'() {
     setup:
     final iastModule = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(iastModule)
-    final cookieTestSuite = new CookieTestSuite(NAME, VALUE)
+    final cookie = new Cookie(NAME, VALUE)
 
     when:
-    final result = cookieTestSuite.getValue()
+    final result = cookie.getValue()
 
     then:
     result == VALUE
-    1 * iastModule.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_VALUE, NAME, VALUE, cookieTestSuite.getCookie())
+    1 * iastModule.taintIfTainted(VALUE, cookie, SourceTypes.REQUEST_COOKIE_VALUE, NAME)
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestCallSiteTest.groovy b/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestCallSiteTest.groovy
deleted file mode 100644
index 56a89cf1bb3..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestCallSiteTest.groovy
+++ /dev/null
@@ -1,186 +0,0 @@
-import datadog.smoketest.controller.TestHttpServletRequestCallSiteSuite
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.iast.InstrumentationBridge
-import datadog.trace.api.iast.SourceTypes
-import datadog.trace.api.iast.propagation.PropagationModule
-import datadog.trace.api.iast.source.WebModule
-import datadog.trace.instrumentation.servlet.request.HttpServletRequestCallSite
-import groovy.transform.CompileDynamic
-
-import javax.servlet.http.Cookie
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletRequestWrapper
-
-@CompileDynamic
-class HttpServletRequestCallSiteTest extends AgentTestRunner {
-
-  @Override
-  protected void configurePreAgent() {
-    injectSysConfig('dd.iast.enabled', 'true')
-  }
-
-  def cleanup() {
-    InstrumentationBridge.clearIastModules()
-  }
-
-  def 'test getHeader'(final Class<? extends HttpServletRequest> clazz) {
-    setup:
-    final iastModule = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getHeader('header') >> 'value'
-    })
-
-    when:
-    final result = testSuite.getHeader('header')
-
-    then:
-    result == 'value'
-    1 * iastModule.taint(SourceTypes.REQUEST_HEADER_VALUE, 'header', 'value')
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  void 'test getHeaders'() {
-    setup:
-    final iastModule = Mock(WebModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getHeaders('headers') >> Collections.enumeration(['value1', 'value2'])
-    })
-
-    when:
-    final result = testSuite.getHeaders('headers')?.toList()
-
-    then:
-    result == ['value1', 'value2']
-    1 * iastModule.onHeaderValues('headers', ['value1', 'value2'])
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  void 'test getHeaderNames'() {
-    setup:
-    final iastModule = Mock(WebModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final headers = ['header1', 'header2']
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getHeaderNames() >> Collections.enumeration(headers)
-    })
-
-    when:
-    final result = testSuite.getHeaderNames()?.toList()
-
-    then:
-    result == headers
-    1 * iastModule.onHeaderNames(headers)
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  void 'test getCookies'(final Class<? extends HttpServletRequest> clazz) {
-    setup:
-    final iastModule = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final cookies = [new Cookie('name1', 'value1'), new Cookie('name2', 'value2')] as Cookie[]
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getCookies() >> cookies
-    })
-
-    when:
-    final result = testSuite.getCookies()
-
-    then:
-    result == cookies
-    1 * iastModule.taintObjects(SourceTypes.REQUEST_COOKIE_VALUE, cookies)
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  def 'test that get headers does not fail when servlet related code fails'(final Class<? extends HttpServletRequest> clazz) {
-    setup:
-    final iastModule = Mock(WebModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final enumeration = Mock(Enumeration) {
-      hasMoreElements() >> { throw new NuclearBomb('Boom!!!')}
-    }
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getHeaders('header') >> enumeration
-    })
-
-    when:
-    testSuite.getHeaders('header')
-
-    then:
-    final bomb = thrown(NuclearBomb)
-    bomb.stackTrace.find { it.className == HttpServletRequestCallSite.name } == null
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  def 'test that get header names does not fail when servlet related code fails'(final Class<? extends HttpServletRequest> clazz) {
-    setup:
-    final iastModule = Mock(WebModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final enumeration = Mock(Enumeration) {
-      hasMoreElements() >> { throw new NuclearBomb('Boom!!!')}
-    }
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getHeaderNames() >> enumeration
-    })
-
-    when:
-    testSuite.getHeaderNames()
-
-    then:
-    final bomb = thrown(NuclearBomb)
-    bomb.stackTrace.find { it.className == HttpServletRequestCallSite.name } == null
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  void 'test get query string'() {
-    setup:
-    final iastModule = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final testSuite = new TestHttpServletRequestCallSiteSuite(Mock(clazz) {
-      getQueryString() >> 'paramName=paramValue'
-    })
-
-    when:
-    testSuite.getQueryString()
-
-    then:
-
-    1 * iastModule.taint(SourceTypes.REQUEST_QUERY, null, 'paramName=paramValue')
-
-    where:
-    clazz                     | _
-    HttpServletRequest        | _
-    HttpServletRequestWrapper | _
-  }
-
-  private static class NuclearBomb extends RuntimeException {
-    NuclearBomb(final String message) {
-      super(message)
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestTest.groovy b/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestTest.groovy
new file mode 100644
index 00000000000..c501d89ad47
--- /dev/null
+++ b/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestTest.groovy
@@ -0,0 +1,459 @@
+import datadog.smoketest.controller.JavaxHttpServletRequestTestSuite
+import datadog.smoketest.controller.JavaxHttpServletRequestWrapperTestSuite
+import datadog.smoketest.controller.ServletRequestTestSuite
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.SourceTypes
+import datadog.trace.api.iast.propagation.PropagationModule
+import datadog.trace.api.iast.sink.UnvalidatedRedirectModule
+
+import javax.servlet.RequestDispatcher
+import javax.servlet.ServletInputStream
+import javax.servlet.http.Cookie
+import javax.servlet.http.HttpServletRequest
+import javax.servlet.http.HttpServletRequestWrapper
+
+import datadog.trace.agent.tooling.iast.TaintableEnumeration
+
+class HttpServletRequestTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig('dd.iast.enabled', 'true')
+  }
+
+  void cleanup() {
+    InstrumentationBridge.clearIastModules()
+  }
+
+  void 'test getHeader'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeader('header')
+
+    then:
+    result == 'value'
+    1 * mock.getHeader('header') >> 'value'
+    1 * iastModule.taint('value', SourceTypes.REQUEST_HEADER_VALUE, 'header')
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getHeaders'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final headers = ['value1', 'value2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeaders('headers').collect()
+
+    then:
+    result == headers
+    1 * mock.getHeaders('headers') >> Collections.enumeration(headers)
+    headers.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_HEADER_VALUE, 'headers') }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getHeaderNames'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final headers = ['header1', 'header2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeaderNames().collect()
+
+    then:
+    result == headers
+    1 * mock.getHeaderNames() >> Collections.enumeration(headers)
+    headers.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_HEADER_NAME, it) }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameter'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameter('parameter')
+
+    then:
+    result == 'value'
+    1 * mock.getParameter('parameter') >> 'value'
+    1 * iastModule.taint('value', SourceTypes.REQUEST_PARAMETER_VALUE, 'parameter')
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameterValues'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final values = ['value1', 'value2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameterValues('parameter').collect()
+
+    then:
+    result == values
+    1 * mock.getParameterValues('parameter') >> { values as String[] }
+    values.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_PARAMETER_VALUE, 'parameter') }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameterMap'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final parameters = [parameter: ['header1', 'header2'] as String[]]
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameterMap()
+
+    then:
+    result == parameters
+    1 * mock.getParameterMap() >> parameters
+    parameters.each { key, values ->
+      1 * iastModule.taint(_, key, SourceTypes.REQUEST_PARAMETER_NAME, key)
+      values.each { value ->
+        1 * iastModule.taint(_, value, SourceTypes.REQUEST_PARAMETER_VALUE, key)
+      }
+    }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getParameterNames'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final parameters = ['param1', 'param2']
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getParameterNames().collect()
+
+    then:
+    result == parameters
+    1 * mock.getParameterNames() >> Collections.enumeration(parameters)
+    parameters.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_PARAMETER_NAME, it) }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getCookies'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final cookies = [new Cookie('name1', 'value1'), new Cookie('name2', 'value2')] as Cookie[]
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getCookies()
+
+    then:
+    result == cookies
+    1 * mock.getCookies() >> cookies
+    cookies.each { 1 * iastModule.taint(_, it, SourceTypes.REQUEST_COOKIE_VALUE) }
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test that get headers does not fail when servlet related code fails'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final enumeration = Mock(Enumeration) {
+      hasMoreElements() >> { throw new NuclearBomb('Boom!!!') }
+    }
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final headers = request.getHeaders('header')
+
+    then:
+    1 * mock.getHeaders('header') >> enumeration
+    noExceptionThrown()
+
+    when:
+    headers.hasMoreElements()
+
+    then:
+    final bomb = thrown(NuclearBomb)
+    bomb.stackTrace.find { it.className == TaintableEnumeration.name } == null
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test that get header names does not fail when servlet related code fails'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final enumeration = Mock(Enumeration) {
+      hasMoreElements() >> { throw new NuclearBomb('Boom!!!') }
+    }
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getHeaderNames()
+
+    then:
+    1 * mock.getHeaderNames() >> enumeration
+    noExceptionThrown()
+
+    when:
+    result.hasMoreElements()
+
+    then:
+    final bomb = thrown(NuclearBomb)
+    bomb.stackTrace.find { it.className == TaintableEnumeration.name } == null
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test get query string'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final queryString = 'paramName=paramValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final String result = request.getQueryString()
+
+    then:
+    result == queryString
+    1 * mock.getQueryString() >> queryString
+    1 * iastModule.taint(queryString, SourceTypes.REQUEST_QUERY)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getInputStream'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final is = Mock(ServletInputStream)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getInputStream()
+
+    then:
+    result == is
+    1 * mock.getInputStream() >> is
+    1 * iastModule.taint(is, SourceTypes.REQUEST_BODY)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getReader'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final reader = Mock(BufferedReader)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getReader()
+
+    then:
+    result == reader
+    1 * mock.getReader() >> reader
+    1 * iastModule.taint(reader, SourceTypes.REQUEST_BODY)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getRequestDispatcher'() {
+    setup:
+    final iastModule = Mock(UnvalidatedRedirectModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final path = 'http://dummy.location.com'
+    final dispatcher = Mock(RequestDispatcher)
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getRequestDispatcher(path)
+
+    then:
+    result == dispatcher
+    1 * mock.getRequestDispatcher(path) >> dispatcher
+    1 * iastModule.onRedirect(path)
+    0 * _
+
+    where:
+    suite << testSuite()
+  }
+
+  void 'test getRequestURI'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final uri = 'retValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getRequestURI()
+
+    then:
+    result == uri
+    1 * mock.getRequestURI() >> uri
+    1 * iastModule.taint(uri, SourceTypes.REQUEST_PATH)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  void 'test getPathInfo'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final pathInfo = 'retValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getPathInfo()
+
+    then:
+    result == pathInfo
+    1 * mock.getPathInfo() >> pathInfo
+    1 * iastModule.taint(pathInfo, SourceTypes.REQUEST_PATH)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  void 'test getPathTranslated'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final pathTranslated = 'retValue'
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getPathTranslated()
+
+    then:
+    result == pathTranslated
+    1 * mock.getPathTranslated() >> pathTranslated
+    1 * iastModule.taint(pathTranslated, SourceTypes.REQUEST_PATH)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  void 'test getRequestURL'() {
+    setup:
+    final iastModule = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(iastModule)
+    final url = new StringBuffer('retValue')
+    final mock = Mock(HttpServletRequest)
+    final request = suite.call(mock)
+
+    when:
+    final result = request.getRequestURL()
+
+    then:
+    result == url
+    1 * mock.getRequestURL() >> url
+    1 * iastModule.taint(url, SourceTypes.REQUEST_URI)
+    0 * _
+
+    where:
+    suite << testSuiteCallSites()
+  }
+
+  private List<Closure<? extends HttpServletRequest>> testSuite() {
+    return [
+      { HttpServletRequest request -> new CustomRequest(request: request) },
+      { HttpServletRequest request -> new CustomRequestWrapper(new CustomRequest(request: request)) },
+      { HttpServletRequest request ->
+        new HttpServletRequestWrapper(new CustomRequest(request: request))
+      }
+    ]
+  }
+
+  private List<Closure<? extends ServletRequestTestSuite>> testSuiteCallSites() {
+    return [
+      { HttpServletRequest request -> new JavaxHttpServletRequestTestSuite(request) },
+      { HttpServletRequest request -> new JavaxHttpServletRequestWrapperTestSuite(new CustomRequestWrapper(request)) },
+    ]
+  }
+
+  private static class NuclearBomb extends RuntimeException {
+    NuclearBomb(final String message) {
+      super(message)
+    }
+  }
+
+  private static class CustomRequest implements HttpServletRequest {
+    @Delegate
+    private HttpServletRequest request
+  }
+
+  private static class CustomRequestWrapper extends HttpServletRequestWrapper {
+
+    CustomRequestWrapper(final HttpServletRequest request) {
+      super(request)
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/groovy/ServletRequestCallSiteTest.groovy b/dd-java-agent/instrumentation/servlet/src/test/groovy/ServletRequestCallSiteTest.groovy
deleted file mode 100644
index 7f16a5e9e2d..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/groovy/ServletRequestCallSiteTest.groovy
+++ /dev/null
@@ -1,96 +0,0 @@
-import datadog.smoketest.controller.JavaxHttpServletRequestTestSuite
-import datadog.smoketest.controller.JavaxHttpServletRequestWrapperTestSuite
-import datadog.smoketest.controller.JavaxServletRequestTestSuite
-import datadog.smoketest.controller.JavaxServletRequestWrapperTestSuite
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.iast.InstrumentationBridge
-import datadog.trace.api.iast.SourceTypes
-import datadog.trace.api.iast.propagation.PropagationModule
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule
-import groovy.transform.CompileDynamic
-
-import javax.servlet.ServletInputStream
-
-@CompileDynamic
-class ServletRequestCallSiteTest extends AgentTestRunner {
-
-  @Override
-  protected void configurePreAgent() {
-    injectSysConfig("dd.iast.enabled", "true")
-  }
-
-  void 'test getInputStream'() {
-    setup:
-    final iastModule = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final is = Mock(ServletInputStream)
-    final servletRequest = Mock(clazz) {
-      getInputStream() >> is
-    }
-    testSuite.init(servletRequest)
-
-    when:
-    final result = testSuite.getInputStream()
-
-    then:
-    result == is
-    1 * iastModule.taintObject(SourceTypes.REQUEST_BODY, is)
-
-    where:
-    testSuite                                     | clazz
-    new JavaxServletRequestTestSuite()            | javax.servlet.ServletRequest
-    new JavaxHttpServletRequestTestSuite()        | javax.servlet.http.HttpServletRequest
-    new JavaxServletRequestWrapperTestSuite()     | javax.servlet.ServletRequestWrapper
-    new JavaxHttpServletRequestWrapperTestSuite() | javax.servlet.http.HttpServletRequestWrapper
-  }
-
-  void 'test getReader'() {
-    setup:
-    final iastModule = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final reader = Mock(BufferedReader)
-    final servletRequest = Mock(clazz) {
-      getReader() >> reader
-    }
-
-    testSuite.init(servletRequest)
-
-    when:
-    final result = testSuite.getReader()
-
-    then:
-    result == reader
-    1 * iastModule.taintObject(SourceTypes.REQUEST_BODY, reader)
-
-    where:
-    testSuite                                     | clazz
-    new JavaxServletRequestTestSuite()            | javax.servlet.ServletRequest
-    new JavaxHttpServletRequestTestSuite()        | javax.servlet.http.HttpServletRequest
-    new JavaxServletRequestWrapperTestSuite()     | javax.servlet.ServletRequestWrapper
-    new JavaxHttpServletRequestWrapperTestSuite() | javax.servlet.http.HttpServletRequestWrapper
-  }
-
-  void 'test getRequestDispatcher'() {
-    setup:
-    final iastModule = Mock(UnvalidatedRedirectModule)
-    InstrumentationBridge.registerIastModule(iastModule)
-    final servletRequest = Mock(clazz)
-    final path = 'http://dummy.location.com'
-
-    testSuite.init(servletRequest)
-
-    when:
-    testSuite.getRequestDispatcher(path)
-
-    then:
-    1 * servletRequest.getRequestDispatcher(path)
-    1 * iastModule.onRedirect(path)
-
-    where:
-    testSuite                                     | clazz
-    new JavaxServletRequestTestSuite()            | javax.servlet.ServletRequest
-    new JavaxHttpServletRequestTestSuite()        | javax.servlet.http.HttpServletRequest
-    new JavaxServletRequestWrapperTestSuite()     | javax.servlet.ServletRequestWrapper
-    new JavaxHttpServletRequestWrapperTestSuite() | javax.servlet.http.HttpServletRequestWrapper
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/groovy/TestGetParameterInstrumentation.groovy b/dd-java-agent/instrumentation/servlet/src/test/groovy/TestGetParameterInstrumentation.groovy
deleted file mode 100644
index d98aa037127..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/groovy/TestGetParameterInstrumentation.groovy
+++ /dev/null
@@ -1,64 +0,0 @@
-import datadog.smoketest.controller.JavaxHttpServletRequestTestSuite
-import datadog.smoketest.controller.JavaxHttpServletRequestWrapperTestSuite
-import datadog.smoketest.controller.JavaxServletRequestTestSuite
-import datadog.smoketest.controller.JavaxServletRequestWrapperTestSuite
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.config.TracerConfig
-import datadog.trace.api.iast.InstrumentationBridge
-import datadog.trace.api.iast.SourceTypes
-import datadog.trace.api.iast.propagation.PropagationModule
-import datadog.trace.api.iast.source.WebModule
-import groovy.transform.CompileDynamic
-
-@CompileDynamic
-class TestGetParameterInstrumentation extends AgentTestRunner {
-
-  @Override
-  protected void configurePreAgent() {
-    injectSysConfig(TracerConfig.SCOPE_ITERATION_KEEP_ALIVE, "1") // don't let iteration spans linger
-    injectSysConfig("dd.iast.enabled", "true")
-  }
-
-  void cleanup() {
-    InstrumentationBridge.clearIastModules()
-  }
-
-  void 'test getParameter'() {
-    final webMod = Mock(WebModule)
-    final propMod = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(webMod)
-    InstrumentationBridge.registerIastModule(propMod)
-    final map = [param1: ['value1', 'value2'] as String[]]
-    final servletRequest = Mock(clazz) {
-      getParameter(_ as String) >> { map.get(it[0]).first() }
-      getParameterValues(_ as String) >> { map.get(it[0]) }
-      getParameterNames() >> { Collections.enumeration(map.keySet()) }
-    }
-    testSuite.init(servletRequest)
-
-    when:
-    testSuite.getParameter('param1')
-
-    then:
-    1 * propMod.taint(SourceTypes.REQUEST_PARAMETER_VALUE, 'param1', 'value1')
-
-    when:
-    testSuite.getParameterValues('param1')
-
-    then:
-    1 * webMod.onParameterValues('param1', ['value1', 'value2'])
-
-    when:
-    testSuite.getParameterNames()
-
-    then:
-    1 * webMod.onParameterNames(['param1'])
-
-    where:
-    testSuite                                     | clazz
-    new JavaxServletRequestTestSuite()            | javax.servlet.ServletRequest
-    new JavaxHttpServletRequestTestSuite()        | javax.servlet.http.HttpServletRequest
-    new JavaxServletRequestWrapperTestSuite()     | javax.servlet.ServletRequestWrapper
-    new JavaxHttpServletRequestWrapperTestSuite() | javax.servlet.http.HttpServletRequestWrapper
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/CookieTestSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/CookieTestSuite.java
deleted file mode 100644
index 2987529a120..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/CookieTestSuite.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package datadog.smoketest.controller;
-
-import javax.servlet.http.Cookie;
-
-public class CookieTestSuite {
-
-  private Cookie cookie;
-
-  public CookieTestSuite(final String name, final String value) {
-    cookie = new Cookie(name, value);
-  }
-
-  public String getName() {
-    return cookie.getName();
-  }
-
-  public String getValue() {
-    return cookie.getValue();
-  }
-
-  public Cookie getCookie() {
-    return cookie;
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestTestSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestTestSuite.java
index 2cdc3fe2429..0c55d315158 100644
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestTestSuite.java
+++ b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestTestSuite.java
@@ -1,48 +1,31 @@
 package datadog.smoketest.controller;
 
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.util.Enumeration;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 
-public class JavaxHttpServletRequestTestSuite
-    implements ServletRequestTestSuite<HttpServletRequest> {
-  HttpServletRequest request;
+public class JavaxHttpServletRequestTestSuite implements ServletRequestTestSuite {
+  private final HttpServletRequest request;
 
-  @Override
-  public void init(HttpServletRequest request) {
+  public JavaxHttpServletRequestTestSuite(final HttpServletRequest request) {
     this.request = request;
   }
 
   @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
-  }
-
-  @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
+  public String getRequestURI() {
+    return request.getRequestURI();
   }
 
   @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
+  public String getPathInfo() {
+    return request.getPathInfo();
   }
 
   @Override
-  public BufferedReader getReader() throws IOException {
-    return request.getReader();
+  public String getPathTranslated() {
+    return request.getPathTranslated();
   }
 
   @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
+  public StringBuffer getRequestURL() {
+    return request.getRequestURL();
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestWrapperTestSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestWrapperTestSuite.java
index 12952c8bb2e..79a81ef2f3b 100644
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestWrapperTestSuite.java
+++ b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxHttpServletRequestWrapperTestSuite.java
@@ -1,48 +1,32 @@
 package datadog.smoketest.controller;
 
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.util.Enumeration;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequestWrapper;
 
-public class JavaxHttpServletRequestWrapperTestSuite
-    implements ServletRequestTestSuite<HttpServletRequestWrapper> {
-  HttpServletRequestWrapper request;
+public class JavaxHttpServletRequestWrapperTestSuite implements ServletRequestTestSuite {
 
-  @Override
-  public void init(HttpServletRequestWrapper request) {
-    this.request = request;
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
+  private final HttpServletRequestWrapper request;
 
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
+  public JavaxHttpServletRequestWrapperTestSuite(final HttpServletRequestWrapper request) {
+    this.request = request;
   }
 
   @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
+  public String getRequestURI() {
+    return request.getRequestURI();
   }
 
   @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
+  public String getPathInfo() {
+    return request.getPathInfo();
   }
 
   @Override
-  public BufferedReader getReader() throws IOException {
-    return request.getReader();
+  public String getPathTranslated() {
+    return request.getPathTranslated();
   }
 
   @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
+  public StringBuffer getRequestURL() {
+    return request.getRequestURL();
   }
 }
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxServletRequestTestSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxServletRequestTestSuite.java
deleted file mode 100644
index bf9f1a66f68..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxServletRequestTestSuite.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package datadog.smoketest.controller;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.util.Enumeration;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletRequest;
-
-public class JavaxServletRequestTestSuite implements ServletRequestTestSuite<ServletRequest> {
-  ServletRequest request;
-
-  @Override
-  public void init(ServletRequest request) {
-    this.request = request;
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
-  }
-
-  @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
-  }
-
-  @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
-  }
-
-  @Override
-  public BufferedReader getReader() throws IOException {
-    return request.getReader();
-  }
-
-  @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxServletRequestWrapperTestSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxServletRequestWrapperTestSuite.java
deleted file mode 100644
index 35947b5e255..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/JavaxServletRequestWrapperTestSuite.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package datadog.smoketest.controller;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.util.Enumeration;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletRequestWrapper;
-
-public class JavaxServletRequestWrapperTestSuite
-    implements ServletRequestTestSuite<ServletRequestWrapper> {
-  ServletRequestWrapper request;
-
-  @Override
-  public void init(ServletRequestWrapper request) {
-    this.request = request;
-  }
-
-  @Override
-  public String getParameter(String paramName) {
-    return request.getParameter(paramName);
-  }
-
-  @Override
-  public String[] getParameterValues(String paramName) {
-    return request.getParameterValues(paramName);
-  }
-
-  @Override
-  public Enumeration getParameterNames() {
-    return request.getParameterNames();
-  }
-
-  @Override
-  public ServletInputStream getInputStream() throws IOException {
-    return request.getInputStream();
-  }
-
-  @Override
-  public BufferedReader getReader() throws IOException {
-    return request.getReader();
-  }
-
-  @Override
-  public RequestDispatcher getRequestDispatcher(String path) {
-    return request.getRequestDispatcher(path);
-  }
-}
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/ServletRequestTestSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/ServletRequestTestSuite.java
index 5a021e89541..cfa4c98d997 100644
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/ServletRequestTestSuite.java
+++ b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/ServletRequestTestSuite.java
@@ -1,24 +1,12 @@
 package datadog.smoketest.controller;
 
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.util.Enumeration;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
+public interface ServletRequestTestSuite {
 
-public interface ServletRequestTestSuite<E> {
+  String getRequestURI();
 
-  void init(final E request);
+  String getPathInfo();
 
-  String getParameter(String paramName);
+  String getPathTranslated();
 
-  String[] getParameterValues(String paramName);
-
-  Enumeration getParameterNames();
-
-  RequestDispatcher getRequestDispatcher(String path);
-
-  ServletInputStream getInputStream() throws IOException;
-
-  BufferedReader getReader() throws IOException;
+  StringBuffer getRequestURL();
 }
diff --git a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/TestHttpServletRequestCallSiteSuite.java b/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/TestHttpServletRequestCallSiteSuite.java
deleted file mode 100644
index 747ed4c022a..00000000000
--- a/dd-java-agent/instrumentation/servlet/src/test/java/datadog/smoketest/controller/TestHttpServletRequestCallSiteSuite.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package datadog.smoketest.controller;
-
-import java.util.Enumeration;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-public class TestHttpServletRequestCallSiteSuite {
-
-  private HttpServletRequest request;
-
-  public TestHttpServletRequestCallSiteSuite(final HttpServletRequest request) {
-    this.request = request;
-  }
-
-  public String getHeader(final String headerName) {
-    return request.getHeader(headerName);
-  }
-
-  public Enumeration<?> getHeaders(final String headerName) {
-    return request.getHeaders(headerName);
-  }
-
-  public Enumeration<?> getHeaderNames() {
-    return request.getHeaderNames();
-  }
-
-  public Cookie[] getCookies() {
-    return request.getCookies();
-  }
-
-  public String getQueryString() {
-    return request.getQueryString();
-  }
-}
diff --git a/dd-java-agent/instrumentation/spark/build.gradle b/dd-java-agent/instrumentation/spark/build.gradle
index 4eeee5f2f36..8712def61b8 100644
--- a/dd-java-agent/instrumentation/spark/build.gradle
+++ b/dd-java-agent/instrumentation/spark/build.gradle
@@ -1,34 +1,21 @@
-muzzle {
-  pass {
-    group = "org.apache.spark"
-    module = "spark-sql_2.12"
-    versions = "[2.4.0,)"
-  }
+plugins {
+  id 'java-test-fixtures'
 }
 
 apply from: "$rootDir/gradle/java.gradle"
 
-addTestSuiteForDir('latestDepTest', 'test')
-
-ext {
-  // Hadoop does not behave correctly with OpenJ9 https://issues.apache.org/jira/browse/HADOOP-18174
-  excludeJdk = ['SEMERU8']
-
-  // Spark does not support Java > 11 until 3.3.0 https://issues.apache.org/jira/browse/SPARK-33772
-  maxJavaVersionForTests = JavaVersion.VERSION_11
-}
-
 dependencies {
   compileOnly group: 'org.apache.spark', name: 'spark-core_2.12', version: '2.4.0'
   compileOnly group: 'org.apache.spark', name: 'spark-sql_2.12', version: '2.4.0'
 
-  testImplementation group: 'com.datadoghq', name: 'sketches-java', version: '0.8.2'
-  testImplementation group: 'com.google.protobuf', name: 'protobuf-java', version: '3.14.0'
-  testImplementation group: 'org.apache.spark', name: 'spark-core_2.12', version: '2.4.0'
-  testImplementation group: 'org.apache.spark', name: 'spark-sql_2.12', version: '2.4.0' // Needed to instantiate spark in tests
-  testImplementation group: 'org.apache.spark', name: 'spark-yarn_2.12', version: '2.4.0'
+  testFixturesImplementation group: 'com.datadoghq', name: 'sketches-java', version: '0.8.2'
+  testFixturesImplementation group: 'com.google.protobuf', name: 'protobuf-java', version: '3.14.0'
+
+  testFixturesApi project(':dd-trace-api')
+  testFixturesApi project(':dd-java-agent:instrumentation:trace-annotation')
+  testFixturesApi project(':dd-java-agent:testing')
 
-  latestDepTestImplementation group: 'org.apache.spark', name: 'spark-core_2.12', version: '+'
-  latestDepTestImplementation group: 'org.apache.spark', name: 'spark-sql_2.12', version: '+' // Needed to instantiate spark in tests
-  latestDepTestImplementation group: 'org.apache.spark', name: 'spark-yarn_2.12', version: '+'
+  testFixturesCompileOnly group: 'org.apache.spark', name: 'spark-core_2.12', version: '2.4.0'
+  testFixturesCompileOnly group: 'org.apache.spark', name: 'spark-sql_2.12', version: '2.4.0'
+  testFixturesCompileOnly group: 'org.apache.spark', name: 'spark-yarn_2.12', version: '2.4.0'
 }
diff --git a/dd-java-agent/instrumentation/spark/spark_2.12/build.gradle b/dd-java-agent/instrumentation/spark/spark_2.12/build.gradle
new file mode 100644
index 00000000000..505875540e4
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.12/build.gradle
@@ -0,0 +1,43 @@
+plugins {
+  id 'java-test-fixtures'
+}
+
+def sparkVersion = '2.4.0'
+def scalaVersion = '2.12'
+
+muzzle {
+  pass {
+    group = "org.apache.spark"
+    module = "spark-sql_$scalaVersion"
+    versions = "[$sparkVersion,)"
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+ext {
+  // Hadoop does not behave correctly with OpenJ9 https://issues.apache.org/jira/browse/HADOOP-18174
+  excludeJdk = ['SEMERU8', 'SEMERU11']
+
+  // Spark does not support Java > 11 until 3.3.0 https://issues.apache.org/jira/browse/SPARK-33772
+  maxJavaVersionForTests = JavaVersion.VERSION_11
+}
+
+dependencies {
+  implementation project(':dd-java-agent:instrumentation:spark')
+
+  compileOnly group: 'org.apache.spark', name: "spark-core_$scalaVersion", version: "$sparkVersion"
+  compileOnly group: 'org.apache.spark', name: "spark-sql_$scalaVersion", version: "$sparkVersion"
+
+  testImplementation(testFixtures(project(":dd-java-agent:instrumentation:spark")))
+  testImplementation group: 'org.apache.spark', name: "spark-core_$scalaVersion", version: "$sparkVersion"
+  testImplementation group: 'org.apache.spark', name: "spark-sql_$scalaVersion", version: "$sparkVersion"
+  testImplementation group: 'org.apache.spark', name: "spark-yarn_$scalaVersion", version: "$sparkVersion"
+
+  latestDepTestImplementation group: 'org.apache.spark', name: "spark-core_$scalaVersion", version: '+'
+  latestDepTestImplementation group: 'org.apache.spark', name: "spark-sql_$scalaVersion", version: '+'
+  latestDepTestImplementation group: 'org.apache.spark', name: "spark-yarn_$scalaVersion", version: '+'
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.12/src/main/java/datadog/trace/instrumentation/spark/DatadogSpark212Listener.java b/dd-java-agent/instrumentation/spark/spark_2.12/src/main/java/datadog/trace/instrumentation/spark/DatadogSpark212Listener.java
new file mode 100644
index 00000000000..59a0c033fa5
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.12/src/main/java/datadog/trace/instrumentation/spark/DatadogSpark212Listener.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.spark;
+
+import java.util.ArrayList;
+import org.apache.spark.SparkConf;
+import org.apache.spark.scheduler.SparkListenerJobStart;
+
+/**
+ * DatadogSparkListener compiled for Scala 2.12
+ *
+ * <p>The signature of scala.Seq change between 2.12 and 2.13. Methods using scala.Seq needs to be
+ * compiled with the specific scala version
+ */
+public class DatadogSpark212Listener extends AbstractDatadogSparkListener {
+  public DatadogSpark212Listener(SparkConf sparkConf, String appId, String sparkVersion) {
+    super(sparkConf, appId, sparkVersion);
+  }
+
+  @Override
+  protected ArrayList<Integer> getSparkJobStageIds(SparkListenerJobStart jobStart) {
+    ArrayList<Integer> javaIds = new ArrayList<>(jobStart.stageInfos().length());
+    jobStart.stageInfos().foreach(stage -> javaIds.add(stage.stageId()));
+    return javaIds;
+  }
+
+  @Override
+  protected String getSparkJobName(SparkListenerJobStart jobStart) {
+    if (jobStart.stageInfos().nonEmpty()) {
+      // In the spark UI, the name of a job is the name of its last stage
+      return jobStart.stageInfos().last().name();
+    }
+
+    return null;
+  }
+
+  @Override
+  protected int getStageCount(SparkListenerJobStart jobStart) {
+    return jobStart.stageInfos().length();
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.12/src/main/java/datadog/trace/instrumentation/spark/Spark212Instrumentation.java b/dd-java-agent/instrumentation/spark/spark_2.12/src/main/java/datadog/trace/instrumentation/spark/Spark212Instrumentation.java
new file mode 100644
index 00000000000..0727a5b0d6e
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.12/src/main/java/datadog/trace/instrumentation/spark/Spark212Instrumentation.java
@@ -0,0 +1,45 @@
+package datadog.trace.instrumentation.spark;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.*;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+import org.apache.spark.SparkContext;
+
+@AutoService(Instrumenter.class)
+public class Spark212Instrumentation extends AbstractSparkInstrumentation {
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".AbstractDatadogSparkListener",
+      packageName + ".DatabricksParentContext",
+      packageName + ".DatadogSpark212Listener",
+      packageName + ".SparkAggregatedTaskMetrics",
+      packageName + ".SparkConfAllowList",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    super.adviceTransformations(transformation);
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("setupAndStartListenerBus"))
+            .and(isDeclaredBy(named("org.apache.spark.SparkContext")))
+            .and(takesNoArguments()),
+        Spark212Instrumentation.class.getName() + "$InjectListener");
+  }
+
+  public static class InjectListener {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void enter(@Advice.This SparkContext sparkContext) {
+      AbstractDatadogSparkListener.listener =
+          new DatadogSpark212Listener(
+              sparkContext.getConf(), sparkContext.applicationId(), sparkContext.version());
+      sparkContext.listenerBus().addToSharedQueue(AbstractDatadogSparkListener.listener);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkListenerTest.groovy b/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkListenerTest.groovy
new file mode 100644
index 00000000000..e34cd1ab08e
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkListenerTest.groovy
@@ -0,0 +1,12 @@
+import datadog.trace.instrumentation.spark.AbstractSparkListenerTest
+import datadog.trace.instrumentation.spark.DatadogSpark212Listener
+import org.apache.spark.SparkConf
+import org.apache.spark.scheduler.SparkListener
+
+class SparkListenerTest extends AbstractSparkListenerTest {
+  @Override
+  protected SparkListener getTestDatadogSparkListener() {
+    def conf = new SparkConf()
+    return new DatadogSpark212Listener(conf, "some_app_id", "some_version")
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkStructuredStreamingTest.groovy b/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkStructuredStreamingTest.groovy
new file mode 100644
index 00000000000..c004e152502
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkStructuredStreamingTest.groovy
@@ -0,0 +1,3 @@
+import datadog.trace.instrumentation.spark.AbstractSparkStructuredStreamingTest
+
+class SparkStructuredStreamingTest extends AbstractSparkStructuredStreamingTest {}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkTest.groovy b/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkTest.groovy
new file mode 100644
index 00000000000..054fb96c2c1
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.12/src/test/groovy/SparkTest.groovy
@@ -0,0 +1,3 @@
+import datadog.trace.instrumentation.spark.AbstractSparkTest
+
+class SparkTest extends AbstractSparkTest {}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.13/build.gradle b/dd-java-agent/instrumentation/spark/spark_2.13/build.gradle
new file mode 100644
index 00000000000..f21cd547d8d
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.13/build.gradle
@@ -0,0 +1,45 @@
+plugins {
+  id 'java-test-fixtures'
+}
+
+// Support for 2.13 added in 3.2.0 https://issues.apache.org/jira/browse/SPARK-25075
+def sparkVersion = '3.2.0'
+def scalaVersion = '2.13'
+
+muzzle {
+  pass {
+    group = "org.apache.spark"
+    module = "spark-sql_$scalaVersion"
+    versions = "[$sparkVersion,)"
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+ext {
+  // Hadoop does not behave correctly with OpenJ9 https://issues.apache.org/jira/browse/HADOOP-18174
+  // Hadoop 3.3.1 (used by spark 3.2) does not support IBM java https://issues.apache.org/jira/browse/HADOOP-17971
+  excludeJdk = ['SEMERU8', 'SEMERU11', 'IBM8']
+
+  // Spark does not support Java > 11 until 3.3.0 https://issues.apache.org/jira/browse/SPARK-33772
+  maxJavaVersionForTests = JavaVersion.VERSION_11
+}
+
+dependencies {
+  implementation project(':dd-java-agent:instrumentation:spark')
+
+  compileOnly group: 'org.apache.spark', name: "spark-core_$scalaVersion", version: "$sparkVersion"
+  compileOnly group: 'org.apache.spark', name: "spark-sql_$scalaVersion", version: "$sparkVersion"
+
+  testImplementation(testFixtures(project(":dd-java-agent:instrumentation:spark")))
+  testImplementation group: 'org.apache.spark', name: "spark-core_$scalaVersion", version: "$sparkVersion"
+  testImplementation group: 'org.apache.spark', name: "spark-sql_$scalaVersion", version: "$sparkVersion"
+  testImplementation group: 'org.apache.spark', name: "spark-yarn_$scalaVersion", version: "$sparkVersion"
+
+  latestDepTestImplementation group: 'org.apache.spark', name: "spark-core_$scalaVersion", version: '+'
+  latestDepTestImplementation group: 'org.apache.spark', name: "spark-sql_$scalaVersion", version: '+'
+  latestDepTestImplementation group: 'org.apache.spark', name: "spark-yarn_$scalaVersion", version: '+'
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.13/src/main/java/datadog/trace/instrumentation/spark/DatadogSpark213Listener.java b/dd-java-agent/instrumentation/spark/spark_2.13/src/main/java/datadog/trace/instrumentation/spark/DatadogSpark213Listener.java
new file mode 100644
index 00000000000..20f2fabe054
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.13/src/main/java/datadog/trace/instrumentation/spark/DatadogSpark213Listener.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.spark;
+
+import java.util.ArrayList;
+import org.apache.spark.SparkConf;
+import org.apache.spark.scheduler.SparkListenerJobStart;
+
+/**
+ * DatadogSparkListener compiled for Scala 2.13
+ *
+ * <p>The signature of scala.Seq change between 2.12 and 2.13. Methods using scala.Seq needs to be
+ * compiled with the specific scala version
+ */
+public class DatadogSpark213Listener extends AbstractDatadogSparkListener {
+  public DatadogSpark213Listener(SparkConf sparkConf, String appId, String sparkVersion) {
+    super(sparkConf, appId, sparkVersion);
+  }
+
+  @Override
+  protected ArrayList<Integer> getSparkJobStageIds(SparkListenerJobStart jobStart) {
+    ArrayList<Integer> javaIds = new ArrayList<>(jobStart.stageInfos().length());
+    jobStart.stageInfos().foreach(stage -> javaIds.add(stage.stageId()));
+    return javaIds;
+  }
+
+  @Override
+  protected String getSparkJobName(SparkListenerJobStart jobStart) {
+    if (jobStart.stageInfos().nonEmpty()) {
+      // In the spark UI, the name of a job is the name of its last stage
+      return jobStart.stageInfos().last().name();
+    }
+
+    return null;
+  }
+
+  @Override
+  protected int getStageCount(SparkListenerJobStart jobStart) {
+    return jobStart.stageInfos().length();
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.13/src/main/java/datadog/trace/instrumentation/spark/Spark213Instrumentation.java b/dd-java-agent/instrumentation/spark/spark_2.13/src/main/java/datadog/trace/instrumentation/spark/Spark213Instrumentation.java
new file mode 100644
index 00000000000..4a04dc5a069
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.13/src/main/java/datadog/trace/instrumentation/spark/Spark213Instrumentation.java
@@ -0,0 +1,45 @@
+package datadog.trace.instrumentation.spark;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.*;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import net.bytebuddy.asm.Advice;
+import org.apache.spark.SparkContext;
+
+@AutoService(Instrumenter.class)
+public class Spark213Instrumentation extends AbstractSparkInstrumentation {
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".AbstractDatadogSparkListener",
+      packageName + ".DatabricksParentContext",
+      packageName + ".DatadogSpark213Listener",
+      packageName + ".SparkAggregatedTaskMetrics",
+      packageName + ".SparkConfAllowList",
+    };
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    super.adviceTransformations(transformation);
+
+    transformation.applyAdvice(
+        isMethod()
+            .and(named("setupAndStartListenerBus"))
+            .and(isDeclaredBy(named("org.apache.spark.SparkContext")))
+            .and(takesNoArguments()),
+        Spark213Instrumentation.class.getName() + "$InjectListener");
+  }
+
+  public static class InjectListener {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static void enter(@Advice.This SparkContext sparkContext) {
+      AbstractDatadogSparkListener.listener =
+          new DatadogSpark213Listener(
+              sparkContext.getConf(), sparkContext.applicationId(), sparkContext.version());
+      sparkContext.listenerBus().addToSharedQueue(AbstractDatadogSparkListener.listener);
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkListenerTest.groovy b/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkListenerTest.groovy
new file mode 100644
index 00000000000..a358f95e4f3
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkListenerTest.groovy
@@ -0,0 +1,12 @@
+import datadog.trace.instrumentation.spark.AbstractSparkListenerTest
+import datadog.trace.instrumentation.spark.DatadogSpark213Listener
+import org.apache.spark.SparkConf
+import org.apache.spark.scheduler.SparkListener
+
+class SparkListenerTest extends AbstractSparkListenerTest {
+  @Override
+  protected SparkListener getTestDatadogSparkListener() {
+    def conf = new SparkConf()
+    return new DatadogSpark213Listener(conf, "some_app_id", "some_version")
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkStructuredStreamingTest.groovy b/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkStructuredStreamingTest.groovy
new file mode 100644
index 00000000000..c004e152502
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkStructuredStreamingTest.groovy
@@ -0,0 +1,3 @@
+import datadog.trace.instrumentation.spark.AbstractSparkStructuredStreamingTest
+
+class SparkStructuredStreamingTest extends AbstractSparkStructuredStreamingTest {}
diff --git a/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkTest.groovy b/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkTest.groovy
new file mode 100644
index 00000000000..054fb96c2c1
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/spark_2.13/src/test/groovy/SparkTest.groovy
@@ -0,0 +1,3 @@
+import datadog.trace.instrumentation.spark.AbstractSparkTest
+
+class SparkTest extends AbstractSparkTest {}
diff --git a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/DatadogSparkListener.java b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/AbstractDatadogSparkListener.java
similarity index 61%
rename from dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/DatadogSparkListener.java
rename to dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/AbstractDatadogSparkListener.java
index 9717bfde919..7cf2c98ecb0 100644
--- a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/DatadogSparkListener.java
+++ b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/AbstractDatadogSparkListener.java
@@ -1,5 +1,8 @@
 package datadog.trace.instrumentation.spark;
 
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.DDTraceId;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
@@ -18,8 +21,11 @@
 import org.apache.spark.SparkConf;
 import org.apache.spark.TaskFailedReason;
 import org.apache.spark.scheduler.*;
+import org.apache.spark.sql.execution.SQLExecution;
 import org.apache.spark.sql.execution.streaming.MicroBatchExecution;
 import org.apache.spark.sql.execution.streaming.StreamExecution;
+import org.apache.spark.sql.execution.ui.SparkListenerSQLExecutionEnd;
+import org.apache.spark.sql.execution.ui.SparkListenerSQLExecutionStart;
 import org.apache.spark.sql.streaming.SourceProgress;
 import org.apache.spark.sql.streaming.StateOperatorProgress;
 import org.apache.spark.sql.streaming.StreamingQueryListener;
@@ -27,18 +33,19 @@
 import scala.Tuple2;
 
 /**
- * Implementation of the SparkListener {@link org.apache.spark.scheduler.SparkListener} to generate
- * spans from the execution of a spark application.
+ * Implementation of the SparkListener {@link SparkListener} to generate spans from the execution of
+ * a spark application.
  *
  * <p>All the callbacks are called inside the spark driver and in the same thread, but since some
  * methods (like finishApplication) are called from the instrumentation advice, thread-safety is
  * still needed
  */
-public class DatadogSparkListener extends SparkListener {
-  public static volatile DatadogSparkListener listener = null;
+public abstract class AbstractDatadogSparkListener extends SparkListener {
+  public static volatile AbstractDatadogSparkListener listener = null;
   public static volatile boolean finishTraceOnApplicationEnd = true;
 
   private final int MAX_COLLECTION_SIZE = 1000;
+  private final String RUNTIME_TAGS_PREFIX = "spark.datadog.tags.";
 
   private final SparkConf sparkConf;
   private final String sparkVersion;
@@ -49,6 +56,7 @@ public class DatadogSparkListener extends SparkListener {
   private AgentSpan applicationSpan;
   private SparkListenerApplicationStart applicationStart;
   private final HashMap<String, AgentSpan> streamingBatchSpans = new HashMap<>();
+  private final HashMap<Long, AgentSpan> sqlSpans = new HashMap<>();
   private final HashMap<Integer, AgentSpan> jobSpans = new HashMap<>();
   private final HashMap<Long, AgentSpan> stageSpans = new HashMap<>();
 
@@ -57,14 +65,18 @@ public class DatadogSparkListener extends SparkListener {
 
   private final SparkAggregatedTaskMetrics applicationMetrics = new SparkAggregatedTaskMetrics();
   private final HashMap<String, SparkAggregatedTaskMetrics> streamingBatchMetrics = new HashMap<>();
+  private final HashMap<Long, SparkAggregatedTaskMetrics> sqlMetrics = new HashMap<>();
   private final HashMap<Integer, SparkAggregatedTaskMetrics> jobMetrics = new HashMap<>();
   private final HashMap<Long, SparkAggregatedTaskMetrics> stageMetrics = new HashMap<>();
 
   private final HashMap<UUID, StreamingQueryListener.QueryStartedEvent> streamingQueries =
       new HashMap<>();
+  private final HashMap<Long, SparkListenerSQLExecutionStart> sqlQueries = new HashMap<>();
   private final HashMap<String, SparkListenerExecutorAdded> liveExecutors = new HashMap<>();
 
   private final boolean isRunningOnDatabricks;
+  private final String databricksClusterName;
+  private final String databricksServiceName;
 
   private boolean lastJobFailed = false;
   private String lastJobFailedMessage;
@@ -76,7 +88,7 @@ public class DatadogSparkListener extends SparkListener {
 
   private boolean applicationEnded = false;
 
-  public DatadogSparkListener(SparkConf sparkConf, String appId, String sparkVersion) {
+  public AbstractDatadogSparkListener(SparkConf sparkConf, String appId, String sparkVersion) {
     tracer = AgentTracer.get();
 
     this.sparkConf = sparkConf;
@@ -84,8 +96,19 @@ public DatadogSparkListener(SparkConf sparkConf, String appId, String sparkVersi
     this.sparkVersion = sparkVersion;
 
     isRunningOnDatabricks = sparkConf.contains("spark.databricks.sparkContextId");
+    databricksClusterName = sparkConf.get("spark.databricks.clusterUsageTags.clusterName", null);
+    databricksServiceName = getDatabricksServiceName(sparkConf, databricksClusterName);
   }
 
+  /** Resource name of the spark job. Provide an implementation based on a specific scala version */
+  protected abstract String getSparkJobName(SparkListenerJobStart jobStart);
+
+  /** Stage ids of the spark job. Provide an implementation based on a specific scala version */
+  protected abstract ArrayList<Integer> getSparkJobStageIds(SparkListenerJobStart jobStart);
+
+  /** Stage count of the spark job. Provide an implementation based on a specific scala version */
+  protected abstract int getStageCount(SparkListenerJobStart jobStart);
+
   @Override
   public synchronized void onApplicationStart(SparkListenerApplicationStart applicationStart) {
     this.applicationStart = applicationStart;
@@ -96,7 +119,7 @@ private void initApplicationSpanIfNotInitialized() {
       return;
     }
 
-    AgentTracer.SpanBuilder builder = buildSparkSpan("spark.application");
+    AgentTracer.SpanBuilder builder = buildSparkSpan("spark.application", null);
 
     if (applicationStart != null) {
       builder
@@ -109,12 +132,7 @@ private void initApplicationSpanIfNotInitialized() {
       }
     }
 
-    for (Tuple2<String, String> conf : sparkConf.getAll()) {
-      if (SparkConfAllowList.canCaptureApplicationParameter(conf._1)) {
-        builder.withTag("config." + conf._1.replace(".", "_"), conf._2);
-      }
-    }
-    builder.withTag("config.spark_version", sparkVersion);
+    captureApplicationParameters(builder);
 
     applicationSpan = builder.start();
     applicationSpan.setMeasured(true);
@@ -158,15 +176,101 @@ public synchronized void finishApplication(
       applicationSpan.setTag(DDTags.ERROR_STACK, lastJobFailedStackTrace);
     }
 
-    applicationMetrics.setSpanMetrics(applicationSpan, "spark_application_metrics");
-    applicationSpan.setMetric("spark_application_metrics.max_executor_count", maxExecutorCount);
+    applicationMetrics.setSpanMetrics(applicationSpan);
+    applicationSpan.setMetric("spark.max_executor_count", maxExecutorCount);
     applicationSpan.setMetric(
-        "spark_application_metrics.available_executor_time",
-        computeCurrentAvailableExecutorTime(time));
+        "spark.available_executor_time", computeCurrentAvailableExecutorTime(time));
 
     applicationSpan.finish(time * 1000);
   }
 
+  private AgentSpan getOrCreateStreamingBatchSpan(
+      String batchKey, Long timeMs, Properties jobProperties) {
+    AgentSpan batchSpan = streamingBatchSpans.get(batchKey);
+    if (batchSpan != null) {
+      return batchSpan;
+    }
+
+    AgentTracer.SpanBuilder builder =
+        buildSparkSpan("spark.streaming_batch", jobProperties).withStartTimestamp(timeMs * 1000);
+
+    // Streaming spans will always be the root span, capturing all parameters on those
+    captureApplicationParameters(builder);
+    captureJobParameters(builder, jobProperties);
+
+    if (isRunningOnDatabricks) {
+      addDatabricksSpecificTags(builder, jobProperties, false);
+    }
+
+    batchSpan = builder.start();
+    streamingBatchSpans.put(batchKey, batchSpan);
+    return batchSpan;
+  }
+
+  private void addDatabricksSpecificTags(
+      AgentTracer.SpanBuilder builder, Properties properties, boolean withParentContext) {
+    // In databricks, there is no application span. Adding the spark conf parameters to the top
+    // level spark span
+    captureApplicationParameters(builder);
+    captureJobParameters(builder, properties);
+
+    if (properties != null) {
+      String databricksJobId = getDatabricksJobId(properties);
+      String databricksJobRunId = getDatabricksJobRunId(properties, databricksClusterName);
+      String databricksTaskRunId = getDatabricksTaskRunId(properties);
+
+      // ids to link those spans to databricks job/task traces
+      builder.withTag("databricks_job_id", databricksJobId);
+      builder.withTag("databricks_job_run_id", databricksJobRunId);
+      builder.withTag("databricks_task_run_id", databricksTaskRunId);
+
+      if (withParentContext) {
+        AgentSpan.Context parentContext =
+            new DatabricksParentContext(databricksJobId, databricksJobRunId, databricksTaskRunId);
+
+        if (parentContext.getTraceId() != DDTraceId.ZERO) {
+          builder.asChildOf(parentContext);
+        }
+      }
+    }
+  }
+
+  private AgentSpan getOrCreateSqlSpan(
+      long sqlExecutionId, String batchKey, Properties jobProperties) {
+    AgentSpan span = sqlSpans.get(sqlExecutionId);
+    if (span != null) {
+      return span;
+    }
+
+    SparkListenerSQLExecutionStart queryStart = sqlQueries.get(sqlExecutionId);
+    if (queryStart == null) {
+      return null;
+    }
+
+    AgentTracer.SpanBuilder spanBuilder =
+        buildSparkSpan("spark.sql", jobProperties)
+            .withStartTimestamp(queryStart.time() * 1000)
+            .withTag("query_id", sqlExecutionId)
+            .withTag("description", queryStart.description())
+            .withTag("details", queryStart.details())
+            .withTag(DDTags.RESOURCE_NAME, queryStart.description());
+
+    if (batchKey != null) {
+      AgentSpan batchSpan =
+          getOrCreateStreamingBatchSpan(batchKey, queryStart.time(), jobProperties);
+      spanBuilder.asChildOf(batchSpan.context());
+    } else if (isRunningOnDatabricks) {
+      addDatabricksSpecificTags(spanBuilder, jobProperties, true);
+    } else {
+      initApplicationSpanIfNotInitialized();
+      spanBuilder.asChildOf(applicationSpan.context());
+    }
+
+    AgentSpan sqlSpan = spanBuilder.start();
+    sqlSpans.put(sqlExecutionId, sqlSpan);
+    return sqlSpan;
+  }
+
   @Override
   public synchronized void onJobStart(SparkListenerJobStart jobStart) {
     jobCount++;
@@ -175,80 +279,53 @@ public synchronized void onJobStart(SparkListenerJobStart jobStart) {
     }
 
     AgentTracer.SpanBuilder jobSpanBuilder =
-        buildSparkSpan("spark.job")
+        buildSparkSpan("spark.job", jobStart.properties())
             .withStartTimestamp(jobStart.time() * 1000)
             .withTag("job_id", jobStart.jobId())
-            .withTag("stage_count", jobStart.stageInfos().size());
+            .withTag("stage_count", getStageCount(jobStart));
 
     String batchKey = getStreamingBatchKey(jobStart.properties());
+    Long sqlExecutionId = getSqlExecutionId(jobStart.properties());
+    AgentSpan sqlSpan = null;
 
-    if (batchKey != null) {
-      AgentSpan batchSpan = streamingBatchSpans.get(batchKey);
-
-      if (batchSpan == null) {
-        batchSpan =
-            buildSparkSpan("spark.batch").withStartTimestamp(jobStart.time() * 1000).start();
-
-        streamingBatchSpans.put(batchKey, batchSpan);
-      }
+    if (sqlExecutionId != null) {
+      sqlSpan = getOrCreateSqlSpan(sqlExecutionId, batchKey, jobStart.properties());
+    }
 
-      // In streaming mode, the batch spans are the local root spans
+    /*-
+     * The spark.job span hierarchy depends on the setup:
+     *
+     * spark.application | spark.streaming_batch | databricks.task depending on the environment where spark is running
+     *               \          |                   /
+     *                    [spark.sql] optional, only present if using spark-sql
+     *                          |
+     *                      spark.job
+     */
+    if (sqlSpan != null) {
+      jobSpanBuilder.asChildOf(sqlSpan.context());
+    } else if (batchKey != null) {
+      AgentSpan batchSpan =
+          getOrCreateStreamingBatchSpan(batchKey, jobStart.time(), jobStart.properties());
       jobSpanBuilder.asChildOf(batchSpan.context());
     } else if (isRunningOnDatabricks) {
-      // In databricks, the spark jobs are the local root spans so adding the spark conf parameters
-      // to the job spans
-      for (Tuple2<String, String> conf : sparkConf.getAll()) {
-        if (SparkConfAllowList.canCaptureApplicationParameter(conf._1)) {
-          jobSpanBuilder.withTag("config." + conf._1.replace(".", "_"), conf._2);
-        }
-      }
-
-      if (jobStart.properties() != null) {
-        String databricksJobId = (String) jobStart.properties().get("spark.databricks.job.id");
-        String databricksJobRunId = getDatabricksJobRunId(jobStart.properties());
-
-        // spark.databricks.job.runId is the runId of the task, not of the Job
-        String databricksTaskRunId =
-            (String) jobStart.properties().get("spark.databricks.job.runId");
-
-        // ids to link those spans to databricks job/task traces
-        jobSpanBuilder.withTag("databricks_job_id", databricksJobId);
-        jobSpanBuilder.withTag("databricks_job_run_id", databricksJobRunId);
-        jobSpanBuilder.withTag("databricks_task_run_id", databricksTaskRunId);
-
-        AgentSpan.Context parentContext =
-            new DatabricksParentContext(databricksJobId, databricksJobRunId, databricksTaskRunId);
-
-        if (parentContext.getTraceId() != DDTraceId.ZERO) {
-          jobSpanBuilder.asChildOf(parentContext);
-        }
-      }
+      addDatabricksSpecificTags(jobSpanBuilder, jobStart.properties(), true);
     } else {
       // In non-databricks, non-streaming env, the spark application is the local root span
       initApplicationSpanIfNotInitialized();
       jobSpanBuilder.asChildOf(applicationSpan.context());
     }
 
-    if (jobStart.stageInfos().nonEmpty()) {
-      // In the spark UI, the name of a job is the name of its last stage
-      jobSpanBuilder.withTag(DDTags.RESOURCE_NAME, jobStart.stageInfos().last().name());
-    }
+    jobSpanBuilder.withTag(DDTags.RESOURCE_NAME, getSparkJobName(jobStart));
+
+    // Some properties can change at runtime, so capturing properties of all jobs
+    captureJobParameters(jobSpanBuilder, jobStart.properties());
 
     AgentSpan jobSpan = jobSpanBuilder.start();
     jobSpan.setMeasured(true);
 
-    // Some properties can change at runtime, so capturing properties of all jobs
-    if (jobStart.properties() != null) {
-      for (final Map.Entry<Object, Object> entry : jobStart.properties().entrySet()) {
-        if (SparkConfAllowList.canCaptureJobParameter(entry.getKey().toString())) {
-          jobSpan.setTag("config." + entry.getKey().toString().replace('.', '_'), entry.getValue());
-        }
-      }
+    for (int stageId : getSparkJobStageIds(jobStart)) {
+      stageToJob.put(stageId, jobStart.jobId());
     }
-    jobSpan.setTag("config.spark_version", sparkVersion);
-
-    jobStart.stageInfos().foreach(stage -> stageToJob.put(stage.stageId(), jobStart.jobId()));
-
     jobSpans.put(jobStart.jobId(), jobSpan);
   }
 
@@ -278,7 +355,7 @@ public synchronized void onJobEnd(SparkListenerJobEnd jobEnd) {
 
     SparkAggregatedTaskMetrics metrics = jobMetrics.remove(jobEnd.jobId());
     if (metrics != null) {
-      metrics.setSpanMetrics(jobSpan, "spark_job_metrics");
+      metrics.setSpanMetrics(jobSpan);
     }
 
     jobSpan.finish(jobEnd.time() * 1000);
@@ -317,13 +394,12 @@ public synchronized void onStageSubmitted(SparkListenerStageSubmitted stageSubmi
     stageProperties.put(stageSpanKey, stageSubmitted.properties());
 
     AgentSpan stageSpan =
-        buildSparkSpan("spark.stage")
+        buildSparkSpan("spark.stage", stageSubmitted.properties())
             .asChildOf(jobSpan.context())
             .withStartTimestamp(submissionTimeMs * 1000)
             .withTag("stage_id", stageId)
             .withTag("task_count", stageSubmitted.stageInfo().numTasks())
             .withTag("attempt_id", stageAttemptId)
-            .withTag("parent_stages_ids", stageSubmitted.stageInfo().parentIds())
             .withTag("details", stageSubmitted.stageInfo().details())
             .withTag(DDTags.RESOURCE_NAME, stageSubmitted.stageInfo().name())
             .start();
@@ -357,8 +433,6 @@ public synchronized void onStageCompleted(SparkListenerStageCompleted stageCompl
       span.setTag(DDTags.ERROR_TYPE, "Spark Stage Failed");
     }
 
-    stageInfo.rddInfos().foreach(rdd -> span.setTag("rdd." + rdd.name(), rdd.toString()));
-
     long completionTimeMs;
     if (stageCompleted.stageInfo().completionTime().isDefined()) {
       completionTimeMs = (long) stageCompleted.stageInfo().completionTime().get();
@@ -374,7 +448,7 @@ public synchronized void onStageCompleted(SparkListenerStageCompleted stageCompl
     SparkAggregatedTaskMetrics stageMetric = stageMetrics.remove(stageSpanKey);
     if (stageMetric != null) {
       stageMetric.computeSkew();
-      stageMetric.setSpanMetrics(span, "spark_stage_metrics");
+      stageMetric.setSpanMetrics(span);
       applicationMetrics.accumulateStageMetrics(stageMetric);
 
       jobMetrics
@@ -389,6 +463,13 @@ public synchronized void onStageCompleted(SparkListenerStageCompleted stageCompl
             .computeIfAbsent(batchKey, k -> new SparkAggregatedTaskMetrics())
             .accumulateStageMetrics(stageMetric);
       }
+
+      Long sqlExecutionId = getSqlExecutionId(prop);
+      if (sqlExecutionId != null) {
+        sqlMetrics
+            .computeIfAbsent(sqlExecutionId, k -> new SparkAggregatedTaskMetrics())
+            .accumulateStageMetrics(stageMetric);
+      }
     }
 
     span.finish(completionTimeMs * 1000);
@@ -429,12 +510,14 @@ public void onTaskEnd(SparkListenerTaskEnd taskEnd) {
       return;
     }
 
-    sendTaskSpan(stageSpan, taskEnd);
+    Properties props = stageProperties.get(stageSpanKey);
+    sendTaskSpan(stageSpan, taskEnd, props);
   }
 
-  private void sendTaskSpan(AgentSpan stageSpan, SparkListenerTaskEnd taskEnd) {
+  private void sendTaskSpan(
+      AgentSpan stageSpan, SparkListenerTaskEnd taskEnd, Properties properties) {
     AgentSpan taskSpan =
-        buildSparkSpan("spark.task")
+        buildSparkSpan("spark.task", properties)
             .asChildOf(stageSpan.context())
             .withStartTimestamp(taskEnd.taskInfo().launchTime() * 1000)
             .withTag("task_id", taskEnd.taskInfo().taskId())
@@ -500,6 +583,28 @@ public void onOtherEvent(SparkListenerEvent event) {
       onStreamingQueryProgressEvent((StreamingQueryListener.QueryProgressEvent) event);
     } else if (event instanceof StreamingQueryListener.QueryTerminatedEvent) {
       onStreamingQueryTerminatedEvent((StreamingQueryListener.QueryTerminatedEvent) event);
+    } else if (event instanceof SparkListenerSQLExecutionStart) {
+      onSQLExecutionStart((SparkListenerSQLExecutionStart) event);
+    } else if (event instanceof SparkListenerSQLExecutionEnd) {
+      onSQLExecutionEnd((SparkListenerSQLExecutionEnd) event);
+    }
+  }
+
+  private synchronized void onSQLExecutionStart(SparkListenerSQLExecutionStart sqlStart) {
+    sqlQueries.put(sqlStart.executionId(), sqlStart);
+  }
+
+  private synchronized void onSQLExecutionEnd(SparkListenerSQLExecutionEnd sqlEnd) {
+    AgentSpan span = sqlSpans.remove(sqlEnd.executionId());
+    SparkAggregatedTaskMetrics metrics = sqlMetrics.remove(sqlEnd.executionId());
+    sqlQueries.remove(sqlEnd.executionId());
+
+    if (span != null) {
+      if (metrics != null) {
+        metrics.setSpanMetrics(span);
+      }
+
+      span.finish(sqlEnd.time() * 1000);
     }
   }
 
@@ -530,14 +635,14 @@ private synchronized void onStreamingQueryTerminatedEvent(
 
       if (batchSpan != null) {
         if (metrics != null) {
-          metrics.setSpanMetrics(batchSpan, "spark");
+          metrics.setSpanMetrics(batchSpan);
         }
 
-        batchSpan.setTag("id", event.id());
-        batchSpan.setTag("run_id", event.runId());
-        batchSpan.setTag("batch_id", getBatchIdFromBatchKey(batchKey));
+        batchSpan.setTag("streaming_query.id", event.id());
+        batchSpan.setTag("streaming_query.run_id", event.runId());
+        batchSpan.setTag("streaming_query.batch_id", getBatchIdFromBatchKey(batchKey));
         if (startedEvent != null) {
-          batchSpan.setTag("name", startedEvent.name());
+          batchSpan.setTag("streaming_query.name", startedEvent.name());
           batchSpan.setTag(DDTags.RESOURCE_NAME, startedEvent.name());
         }
 
@@ -565,13 +670,13 @@ private synchronized void onStreamingQueryProgressEvent(
     SparkAggregatedTaskMetrics metrics = streamingBatchMetrics.remove(batchKey);
     if (batchSpan != null) {
       if (metrics != null) {
-        metrics.setSpanMetrics(batchSpan, "spark");
+        metrics.setSpanMetrics(batchSpan);
       }
 
-      batchSpan.setTag("id", progress.id());
-      batchSpan.setTag("run_id", progress.runId());
-      batchSpan.setTag("batch_id", progress.batchId());
-      batchSpan.setTag("name", progress.name());
+      batchSpan.setTag("streaming_query.id", progress.id());
+      batchSpan.setTag("streaming_query.run_id", progress.runId());
+      batchSpan.setTag("streaming_query.batch_id", progress.batchId());
+      batchSpan.setTag("streaming_query.name", progress.name());
       batchSpan.setTag(DDTags.RESOURCE_NAME, progress.name());
 
       batchSpan.setMetric("spark.num_input_rows", progress.numInputRows());
@@ -581,6 +686,11 @@ private synchronized void onStreamingQueryProgressEvent(
       Long watermark = convertStringDateToMillis(progress.eventTime().get("watermark"));
       if (watermark != null) {
         batchSpan.setMetric("spark.event_time.watermark", watermark);
+
+        Long progressTimestamp = convertStringDateToMillis(progress.timestamp());
+        if (watermark > 0 && progressTimestamp != null) {
+          batchSpan.setMetric("spark.event_time.watermark_gap", progressTimestamp - watermark);
+        }
       }
       Long maxEventTime = convertStringDateToMillis(progress.eventTime().get("max"));
       if (maxEventTime != null) {
@@ -643,8 +753,32 @@ private synchronized void onStreamingQueryProgressEvent(
     }
   }
 
-  private AgentTracer.SpanBuilder buildSparkSpan(String spanName) {
-    return tracer.buildSpan(spanName).withSpanType("spark").withTag("app_id", appId);
+  private AgentTracer.SpanBuilder buildSparkSpan(String spanName, Properties properties) {
+    AgentTracer.SpanBuilder builder =
+        tracer.buildSpan(spanName).withSpanType("spark").withTag("app_id", appId);
+
+    if (databricksServiceName != null) {
+      builder.withServiceName(databricksServiceName);
+    }
+
+    addPropertiesTags(builder, properties);
+
+    return builder;
+  }
+
+  private void addPropertiesTags(AgentTracer.SpanBuilder builder, Properties properties) {
+    if (properties == null) {
+      return;
+    }
+
+    for (String propertyName : properties.stringPropertyNames()) {
+      if (propertyName.startsWith(RUNTIME_TAGS_PREFIX)) {
+        String value = properties.getProperty(propertyName);
+        String key = propertyName.substring(RUNTIME_TAGS_PREFIX.length());
+
+        builder.withTag(key, value);
+      }
+    }
   }
 
   private long stageSpanKey(int stageId, int attemptId) {
@@ -652,9 +786,51 @@ private long stageSpanKey(int stageId, int attemptId) {
   }
 
   @SuppressForbidden // split with one-char String use a fast-path without regex usage
-  private static String getDatabricksJobRunId(Properties jobProperties) {
-    String clusterName =
-        (String) jobProperties.get("spark.databricks.clusterUsageTags.clusterName");
+  private static String getDatabricksJobId(Properties properties) {
+    String jobId = properties.getProperty("spark.databricks.job.id");
+    if (jobId != null) {
+      return jobId;
+    }
+
+    // First fallback, use spark.jobGroup.id with the pattern
+    // <scheduler_id>_job-<job_id>-run-<task_run_id>-action-<action_id>
+    String jobGroupId = properties.getProperty("spark.jobGroup.id");
+    if (jobGroupId != null) {
+      int startIndex = jobGroupId.indexOf("job-");
+      int endIndex = jobGroupId.indexOf("-run", startIndex);
+      if (startIndex != -1 && endIndex != -1) {
+        return jobGroupId.substring(startIndex + 4, endIndex);
+      }
+    }
+
+    // Second fallback, use spark.databricks.workload.id with pattern
+    // <org_id>-<job_id>-<task_run_id>
+    String workloadId = properties.getProperty("spark.databricks.workload.id");
+    if (workloadId != null) {
+      String[] parts = workloadId.split("-");
+      if (parts.length > 1) {
+        return parts[1];
+      }
+    }
+
+    return null;
+  }
+
+  @SuppressForbidden // split with one-char String use a fast-path without regex usage
+  private static String getDatabricksJobRunId(
+      Properties jobProperties, String databricksClusterName) {
+    String jobRunId = jobProperties.getProperty("spark.databricks.job.parentRunId");
+    if (jobRunId != null) {
+      return jobRunId;
+    }
+
+    // Fallback, extract the jobRunId from the cluster name for job clusters having the pattern
+    // job-<job_id>-run-<job_run_id>
+    String clusterName = jobProperties.getProperty("spark.databricks.clusterUsageTags.clusterName");
+
+    // Using the databricksClusterName as fallback, if not present in jobProperties
+    clusterName = (clusterName == null) ? databricksClusterName : clusterName;
+
     if (clusterName == null) {
       return null;
     }
@@ -668,6 +844,38 @@ private static String getDatabricksJobRunId(Properties jobProperties) {
     return null;
   }
 
+  @SuppressForbidden // split with one-char String use a fast-path without regex usage
+  private static String getDatabricksTaskRunId(Properties properties) {
+    // spark.databricks.job.runId is the runId of the task, not of the Job
+    String taskRunId = properties.getProperty("spark.databricks.job.runId");
+    if (taskRunId != null) {
+      return taskRunId;
+    }
+
+    // First fallback, use spark.jobGroup.id with the pattern
+    // <scheduler_id>_job-<job_id>-run-<task_run_id>-action-<action_id>
+    String jobGroupId = properties.getProperty("spark.jobGroup.id");
+    if (jobGroupId != null) {
+      int startIndex = jobGroupId.indexOf("run-");
+      int endIndex = jobGroupId.indexOf("-action", startIndex);
+      if (startIndex != -1 && endIndex != -1) {
+        return jobGroupId.substring(startIndex + 4, endIndex);
+      }
+    }
+
+    // Second fallback, use spark.databricks.workload.id with pattern
+    // <org_id>-<job_id>-<task_run_id>
+    String workloadId = properties.getProperty("spark.databricks.workload.id");
+    if (workloadId != null) {
+      String[] parts = workloadId.split("-");
+      if (parts.length > 2) {
+        return parts[2];
+      }
+    }
+
+    return null;
+  }
+
   private String stackTraceToString(Throwable e) {
     StringWriter stringWriter = new StringWriter();
     e.printStackTrace(new PrintWriter(stringWriter));
@@ -698,6 +906,44 @@ private long computeCurrentAvailableExecutorTime(long time) {
     return currentAvailableExecutorTime;
   }
 
+  private void captureApplicationParameters(AgentTracer.SpanBuilder builder) {
+    for (Tuple2<String, String> conf : sparkConf.getAll()) {
+      if (SparkConfAllowList.canCaptureApplicationParameter(conf._1)) {
+        builder.withTag("config." + conf._1.replace(".", "_"), conf._2);
+      }
+    }
+    builder.withTag("config.spark_version", sparkVersion);
+  }
+
+  private void captureJobParameters(AgentTracer.SpanBuilder builder, Properties properties) {
+    if (properties != null) {
+      for (final Map.Entry<Object, Object> entry : properties.entrySet()) {
+        if (SparkConfAllowList.canCaptureJobParameter(entry.getKey().toString())) {
+          builder.withTag(
+              "config." + entry.getKey().toString().replace('.', '_'), entry.getValue());
+        }
+      }
+    }
+    builder.withTag("config.spark_version", sparkVersion);
+  }
+
+  private static Long getSqlExecutionId(Properties properties) {
+    if (properties == null) {
+      return null;
+    }
+
+    String sqlExecutionId = properties.getProperty(SQLExecution.EXECUTION_ID_KEY());
+    if (sqlExecutionId == null) {
+      return null;
+    }
+
+    try {
+      return Long.parseLong(sqlExecutionId);
+    } catch (NumberFormatException e) {
+      return null;
+    }
+  }
+
   private static Long convertStringDateToMillis(String isoUtcDateStr) {
     if (isoUtcDateStr == null) {
       return null;
@@ -732,4 +978,51 @@ private static String getStreamingBatchKey(String queryId, String batchId) {
   private static String getBatchIdFromBatchKey(String batchKey) {
     return batchKey.substring(batchKey.lastIndexOf(".") + 1);
   }
+
+  private static String getDatabricksServiceName(SparkConf conf, String databricksClusterName) {
+    if (Config.get().isServiceNameSetByUser()) {
+      return null;
+    }
+
+    String serviceName = null;
+    String runName = getDatabricksRunName(conf);
+    if (runName != null) {
+      serviceName = "databricks.job-cluster." + runName;
+    } else if (databricksClusterName != null) {
+      serviceName = "databricks.all-purpose-cluster." + databricksClusterName;
+    }
+
+    return serviceName;
+  }
+
+  private static String getDatabricksRunName(SparkConf conf) {
+    String allTags = conf.get("spark.databricks.clusterUsageTags.clusterAllTags", null);
+    if (allTags == null) {
+      return null;
+    }
+
+    try {
+      // Using the jackson JSON lib used by spark
+      // https://mvnrepository.com/artifact/org.apache.spark/spark-core_2.12/3.5.0
+      ObjectMapper objectMapper = new ObjectMapper();
+      JsonNode jsonNode = objectMapper.readTree(allTags);
+
+      for (JsonNode node : jsonNode) {
+        String key = node.get("key").asText();
+        if ("RunName".equals(key)) {
+          // Databricks jobs launched by Azure Data Factory have an uuid at the end of the name
+          return removeUuidFromEndOfString(node.get("value").asText());
+        }
+      }
+    } catch (Exception ignored) {
+    }
+
+    return null;
+  }
+
+  @SuppressForbidden // called at most once per spark application
+  private static String removeUuidFromEndOfString(String input) {
+    return input.replaceAll(
+        "_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", "");
+  }
 }
diff --git a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkInstrumentation.java b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/AbstractSparkInstrumentation.java
similarity index 52%
rename from dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkInstrumentation.java
rename to dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/AbstractSparkInstrumentation.java
index ac00a28eba8..f7b40312ee2 100644
--- a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkInstrumentation.java
+++ b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/AbstractSparkInstrumentation.java
@@ -1,18 +1,17 @@
 package datadog.trace.instrumentation.spark;
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
-import static net.bytebuddy.matcher.ElementMatchers.*;
+import static net.bytebuddy.matcher.ElementMatchers.isDeclaredBy;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.nameEndsWith;
 
-import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import net.bytebuddy.asm.Advice;
-import org.apache.spark.SparkContext;
 
-@AutoService(Instrumenter.class)
-public class SparkInstrumentation extends Instrumenter.Tracing
+public abstract class AbstractSparkInstrumentation extends Instrumenter.Tracing
     implements Instrumenter.ForKnownTypes {
 
-  public SparkInstrumentation() {
+  public AbstractSparkInstrumentation() {
     super("spark", "apache-spark");
   }
 
@@ -30,60 +29,33 @@ public String[] knownMatchingTypes() {
     };
   }
 
-  @Override
-  public String[] helperClassNames() {
-    return new String[] {
-      packageName + ".DatabricksParentContext",
-      packageName + ".DatadogSparkListener",
-      packageName + ".SparkAggregatedTaskMetrics",
-      packageName + ".SparkConfAllowList",
-    };
-  }
-
   @Override
   public void adviceTransformations(AdviceTransformation transformation) {
-    transformation.applyAdvice(
-        isMethod()
-            .and(named("setupAndStartListenerBus"))
-            .and(isDeclaredBy(named("org.apache.spark.SparkContext")))
-            .and(takesNoArguments()),
-        SparkInstrumentation.class.getName() + "$InjectListener");
-
     // SparkSubmit class used for non YARN/Mesos environment
     transformation.applyAdvice(
         isMethod()
             .and(nameEndsWith("runMain"))
             .and(isDeclaredBy(named("org.apache.spark.deploy.SparkSubmit"))),
-        SparkInstrumentation.class.getName() + "$RunMainAdvice");
+        AbstractSparkInstrumentation.class.getName() + "$RunMainAdvice");
 
     // ApplicationMaster class is used when running in a YARN cluster
     transformation.applyAdvice(
         isMethod()
             .and(named("finish"))
             .and(isDeclaredBy(named("org.apache.spark.deploy.yarn.ApplicationMaster"))),
-        SparkInstrumentation.class.getName() + "$YarnFinishAdvice");
-  }
-
-  public static class InjectListener {
-    @Advice.OnMethodEnter(suppress = Throwable.class)
-    public static void enter(@Advice.This SparkContext sparkContext) {
-      DatadogSparkListener.listener =
-          new DatadogSparkListener(
-              sparkContext.getConf(), sparkContext.applicationId(), sparkContext.version());
-      sparkContext.listenerBus().addToSharedQueue(DatadogSparkListener.listener);
-    }
+        AbstractSparkInstrumentation.class.getName() + "$YarnFinishAdvice");
   }
 
   public static class RunMainAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void enter() {
-      DatadogSparkListener.finishTraceOnApplicationEnd = false;
+      AbstractDatadogSparkListener.finishTraceOnApplicationEnd = false;
     }
 
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
     public static void exit(@Advice.Thrown Throwable throwable) {
-      if (DatadogSparkListener.listener != null) {
-        DatadogSparkListener.listener.finishApplication(
+      if (AbstractDatadogSparkListener.listener != null) {
+        AbstractDatadogSparkListener.listener.finishApplication(
             System.currentTimeMillis(), throwable, 0, null);
       }
     }
@@ -92,8 +64,8 @@ public static void exit(@Advice.Thrown Throwable throwable) {
   public static class YarnFinishAdvice {
     @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void enter(@Advice.Argument(1) int exitCode, @Advice.Argument(2) String msg) {
-      if (DatadogSparkListener.listener != null) {
-        DatadogSparkListener.listener.finishApplication(
+      if (AbstractDatadogSparkListener.listener != null) {
+        AbstractDatadogSparkListener.listener.finishApplication(
             System.currentTimeMillis(), null, exitCode, msg);
       }
     }
diff --git a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkAggregatedTaskMetrics.java b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkAggregatedTaskMetrics.java
index 08ad298ecb5..641f7bbf1cc 100644
--- a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkAggregatedTaskMetrics.java
+++ b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkAggregatedTaskMetrics.java
@@ -197,41 +197,41 @@ public void computeSkew() {
     }
   }
 
-  public void setSpanMetrics(AgentSpan span, String prefix) {
-    span.setMetric(prefix + ".executor_deserialize_time", executorDeserializeTime);
-    span.setMetric(prefix + ".executor_deserialize_cpu_time", executorDeserializeCpuTime);
-    span.setMetric(prefix + ".executor_run_time", executorRunTime);
-    span.setMetric(prefix + ".executor_cpu_time", executorCpuTime);
-    span.setMetric(prefix + ".result_size", resultSize);
-    span.setMetric(prefix + ".jvm_gc_time", jvmGCTime);
-    span.setMetric(prefix + ".result_serialization_time", resultSerializationTime);
-    span.setMetric(prefix + ".memory_bytes_spilled", memoryBytesSpilled);
-    span.setMetric(prefix + ".disk_bytes_spilled", diskBytesSpilled);
-    span.setMetric(prefix + ".peak_execution_memory", peakExecutionMemory);
-
-    span.setMetric(prefix + ".input_bytes", inputBytesRead);
-    span.setMetric(prefix + ".input_records", inputRecordsRead);
-    span.setMetric(prefix + ".output_bytes", outputBytesWritten);
-    span.setMetric(prefix + ".output_records", outputRecordsWritten);
-
-    span.setMetric(prefix + ".shuffle_read_bytes", shuffleReadBytes);
-    span.setMetric(prefix + ".shuffle_read_bytes_local", shuffleReadBytesLocal);
-    span.setMetric(prefix + ".shuffle_read_bytes_remote", shuffleReadBytesRemote);
-    span.setMetric(prefix + ".shuffle_read_bytes_remote_to_disk", shuffleReadBytesRemoteToDisk);
-    span.setMetric(prefix + ".shuffle_read_fetch_wait_time", shuffleReadFetchWaitTime);
-    span.setMetric(prefix + ".shuffle_read_records", shuffleReadRecords);
-
-    span.setMetric(prefix + ".shuffle_write_bytes", shuffleWriteBytes);
-    span.setMetric(prefix + ".shuffle_write_records", shuffleWriteRecords);
-    span.setMetric(prefix + ".shuffle_write_time", shuffleWriteTime);
-
-    span.setMetric(prefix + ".task_completed_count", taskCompletedCount);
-    span.setMetric(prefix + ".task_failed_count", taskFailedCount);
-    span.setMetric(prefix + ".task_retried_count", taskRetriedCount);
-    span.setMetric(prefix + ".task_with_output_count", taskWithOutputCount);
-
-    span.setMetric(prefix + ".available_executor_time", attributedAvailableExecutorTime);
-    span.setMetric(prefix + ".skew_time", skewTime);
+  public void setSpanMetrics(AgentSpan span) {
+    span.setMetric("spark.executor_deserialize_time", executorDeserializeTime);
+    span.setMetric("spark.executor_deserialize_cpu_time", executorDeserializeCpuTime);
+    span.setMetric("spark.executor_run_time", executorRunTime);
+    span.setMetric("spark.executor_cpu_time", executorCpuTime);
+    span.setMetric("spark.result_size", resultSize);
+    span.setMetric("spark.jvm_gc_time", jvmGCTime);
+    span.setMetric("spark.result_serialization_time", resultSerializationTime);
+    span.setMetric("spark.memory_bytes_spilled", memoryBytesSpilled);
+    span.setMetric("spark.disk_bytes_spilled", diskBytesSpilled);
+    span.setMetric("spark.peak_execution_memory", peakExecutionMemory);
+
+    span.setMetric("spark.input_bytes", inputBytesRead);
+    span.setMetric("spark.input_records", inputRecordsRead);
+    span.setMetric("spark.output_bytes", outputBytesWritten);
+    span.setMetric("spark.output_records", outputRecordsWritten);
+
+    span.setMetric("spark.shuffle_read_bytes", shuffleReadBytes);
+    span.setMetric("spark.shuffle_read_bytes_local", shuffleReadBytesLocal);
+    span.setMetric("spark.shuffle_read_bytes_remote", shuffleReadBytesRemote);
+    span.setMetric("spark.shuffle_read_bytes_remote_to_disk", shuffleReadBytesRemoteToDisk);
+    span.setMetric("spark.shuffle_read_fetch_wait_time", shuffleReadFetchWaitTime);
+    span.setMetric("spark.shuffle_read_records", shuffleReadRecords);
+
+    span.setMetric("spark.shuffle_write_bytes", shuffleWriteBytes);
+    span.setMetric("spark.shuffle_write_records", shuffleWriteRecords);
+    span.setMetric("spark.shuffle_write_time", shuffleWriteTime);
+
+    span.setMetric("spark.task_completed_count", taskCompletedCount);
+    span.setMetric("spark.task_failed_count", taskFailedCount);
+    span.setMetric("spark.task_retried_count", taskRetriedCount);
+    span.setMetric("spark.task_with_output_count", taskWithOutputCount);
+
+    span.setMetric("spark.available_executor_time", attributedAvailableExecutorTime);
+    span.setMetric("spark.skew_time", skewTime);
 
     if (taskRunTimeHistogram != null && taskRunTimeHistogram.getCount() > 0) {
       span.setTag("_dd.spark.task_run_time", histogramToBase64(taskRunTimeHistogram));
diff --git a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkConfAllowList.java b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkConfAllowList.java
index c3aed3686bd..6128e29ce80 100644
--- a/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkConfAllowList.java
+++ b/dd-java-agent/instrumentation/spark/src/main/java/datadog/trace/instrumentation/spark/SparkConfAllowList.java
@@ -66,15 +66,20 @@ class SparkConfAllowList {
               "spark.databricks.clusterUsageTags.sparkVersion",
               "spark.databricks.clusterUsageTags.workerEnvironmentId",
               "spark.databricks.env",
+              "spark.databricks.job.parentRunId",
               "spark.databricks.job.type",
               "spark.databricks.sparkContextId",
+              "spark.databricks.workload.name",
               "spark.job.description",
               "spark.jobGroup.id",
               "spark.sql.execution.id",
+              "sql.streaming.queryId",
+              "streaming.sql.batchId",
               "user"));
 
   public static boolean canCaptureApplicationParameter(String parameterName) {
-    return allowedApplicationParams.contains(parameterName);
+    return allowedApplicationParams.contains(parameterName)
+        || allowedJobParams.contains(parameterName);
   }
 
   public static boolean canCaptureJobParameter(String parameterName) {
diff --git a/dd-java-agent/instrumentation/spark/src/test/groovy/SparkTest.groovy b/dd-java-agent/instrumentation/spark/src/test/groovy/SparkTest.groovy
deleted file mode 100644
index 12ec1b4134e..00000000000
--- a/dd-java-agent/instrumentation/spark/src/test/groovy/SparkTest.groovy
+++ /dev/null
@@ -1,304 +0,0 @@
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.DDSpanId
-import datadog.trace.api.DDTraceId
-import datadog.trace.instrumentation.spark.DatabricksParentContext
-import datadog.trace.instrumentation.spark.DatadogSparkListener
-import datadog.trace.test.util.Flaky
-import org.apache.hadoop.yarn.api.records.FinalApplicationStatus
-import org.apache.hadoop.yarn.conf.YarnConfiguration
-import org.apache.spark.deploy.SparkSubmit
-import org.apache.spark.deploy.yarn.ApplicationMaster
-import org.apache.spark.deploy.yarn.ApplicationMasterArguments
-import org.apache.spark.sql.SparkSession
-import scala.reflect.ClassTag$
-
-class SparkTest extends AgentTestRunner {
-
-  @Override
-  void configurePreAgent() {
-    super.configurePreAgent()
-    injectSysConfig("dd.integration.spark.enabled", "true")
-  }
-
-  def "generate application span with child job and stages"() {
-    setup:
-    def sparkSession = SparkSession.builder()
-      .config("spark.master", "local")
-      .config("spark.default.parallelism", "2") // Small parallelism to speed up tests
-      .config("spark.sql.shuffle.partitions", "2")
-      .appName("Sample Spark App")
-      .getOrCreate()
-
-    TestSparkComputation.generateTestSparkComputation(sparkSession)
-
-    sparkSession.stop()
-
-    expect:
-    assertTraces(1) {
-      trace(4) {
-        span {
-          operationName "spark.application"
-          resourceName "spark.application"
-          spanType "spark"
-          errored false
-          parent()
-        }
-        span {
-          operationName "spark.job"
-          resourceName "count at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(0))
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "count at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(1))
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "distinct at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(1))
-        }
-      }
-    }
-  }
-
-  private ApplicationMaster createApplicationMaster(SparkSession spark) {
-    // Constructor of ApplicationMaster changed starting spark 3.0
-    if (spark.version() < "3") {
-      return new ApplicationMaster(new ApplicationMasterArguments([] as String[]))
-    }
-
-    new ApplicationMaster(
-      new ApplicationMasterArguments([] as String[]),
-      spark.sparkContext().conf(),
-      new YarnConfiguration()
-      )
-  }
-
-  def "instrument yarn application master finish"() {
-    setup:
-    def spark = SparkSession.builder().config("spark.master", "local").getOrCreate()
-    def am = createApplicationMaster(spark)
-    am.finish(FinalApplicationStatus.FAILED, 9, "User class threw exception: org.apache.spark.sql.AnalysisException: Column 'foo' does not exist\n\tat com.datadog.spark.MySparkApp.main(MySparkApp.scala:6)")
-
-    expect:
-    assertTraces(1) {
-      trace(1) {
-        span {
-          operationName "spark.application"
-          resourceName "spark.application"
-          spanType "spark"
-          assert span.tags["error.type"] == "Spark Application Failed with exit code 9"
-          assert span.tags["error.message"] == "User class threw exception: org.apache.spark.sql.AnalysisException: Column 'foo' does not exist\n"
-          assert span.tags["error.stack"] == "User class threw exception: org.apache.spark.sql.AnalysisException: Column 'foo' does not exist\n\tat com.datadog.spark.MySparkApp.main(MySparkApp.scala:6)"
-          errored true
-          parent()
-        }
-      }
-    }
-
-    cleanup:
-    spark.stop()
-  }
-
-  @Flaky('sometimes spark.job is the first span')
-  def "generate error tags in failed spans"() {
-    def sparkSession = SparkSession.builder()
-      .config("spark.master", "local")
-      .getOrCreate()
-
-    try {
-      TestSparkComputation.generateTestFailingSparkComputation(sparkSession)
-    }
-    catch (Exception ignored) {}
-
-    def datadogSparkListener = (DatadogSparkListener)sparkSession
-      .sparkContext()
-      .listenerBus()
-      .findListenersByClass(ClassTag$.MODULE$.apply(DatadogSparkListener))
-      .apply(0)
-
-    blockUntilChildSpansFinished(datadogSparkListener.applicationSpan, 3)
-    sparkSession.stop()
-
-    expect:
-    assertTraces(1) {
-      trace(4) {
-        span {
-          operationName "spark.application"
-          resourceName "spark.application"
-          spanType "spark"
-          errored true
-          parent()
-          assert span.tags["error.type"] == "Spark Application Failed"
-          assert span.tags["error.message"] =~ /^Job aborted due to stage failure.*java.lang.NullPointerException$/
-          assert span.tags["error.stack"] =~ /(?s)^org.apache.spark.SparkException.*Caused by: java.lang.NullPointerException.*$/
-        }
-        span {
-          operationName "spark.job"
-          resourceName "collect at TestSparkComputation.java:26"
-          spanType "spark"
-          errored true
-          childOf(span(0))
-          assert span.tags["error.type"] == "Spark Job Failed"
-          assert span.tags["error.message"] =~ /^Job aborted due to stage failure.*java.lang.NullPointerException$/
-          assert span.tags["error.stack"] =~ /(?s)^org.apache.spark.SparkException.*Caused by: java.lang.NullPointerException.*$/
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "collect at TestSparkComputation.java:26"
-          spanType "spark"
-          errored true
-          childOf(span(1))
-          assert span.tags["error.type"] == "Spark Stage Failed"
-          assert span.tags["error.message"] =~ /^Job aborted due to stage failure.*java.lang.NullPointerException$/
-          assert span.tags["error.stack"] =~ /(?s).*\n\tat TestSparkComputation.{500,}\$/
-        }
-        span {
-          operationName "spark.task"
-          spanType "spark"
-          errored true
-          childOf(span(2))
-          assert span.tags["error.type"] == "Spark Task Failed"
-          assert span.tags["error.message"] == "java.lang.NullPointerException: null"
-          assert span.tags["error.stack"] =~ /(?s)^java.lang.NullPointerException\n\tat TestSparkComputation.{500,}\$/
-        }
-      }
-    }
-  }
-
-  def "capture SparkSubmit.runMain() errors"() {
-    setup:
-    def sparkSession = SparkSession.builder()
-      .config("spark.master", "local[2]")
-      .getOrCreate()
-
-    try {
-      // Generating a fake spark submit to trigger the runMain() method
-      // it will fail since TestClass and test-jar.jar don't exist
-      def sparkSubmit = new SparkSubmit()
-      sparkSubmit.doSubmit(["--class", "TestClass", "test-jar.jar"] as String[])
-    }
-    catch (Exception ignored) {}
-
-    expect:
-    assertTraces(1) {
-      trace(1) {
-        span {
-          operationName "spark.application"
-          resourceName "spark.application"
-          spanType "spark"
-          errored true
-          assert span.tags["error.type"] == "org.apache.spark.SparkUserAppException"
-          assert span.tags["error.message"] == "User application exited with 101"
-          parent()
-        }
-      }
-    }
-
-    cleanup:
-    sparkSession.stop()
-    DatadogSparkListener.finishTraceOnApplicationEnd = true
-  }
-
-  def "generate databricks spans"() {
-    setup:
-    def sparkSession = SparkSession.builder()
-      .config("spark.master", "local")
-      .config("spark.default.parallelism", "2") // Small parallelism to speed up tests
-      .config("spark.sql.shuffle.partitions", "2")
-      .config("spark.databricks.sparkContextId", "some_id")
-      .getOrCreate()
-
-    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.id", "1234")
-    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.runId", "9012")
-    sparkSession.sparkContext().setLocalProperty("spark.databricks.clusterUsageTags.clusterName", "job-1234-run-5678-Job_cluster")
-    TestSparkComputation.generateTestSparkComputation(sparkSession)
-
-    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.id", null)
-    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.runId", null)
-    sparkSession.sparkContext().setLocalProperty("spark.databricks.clusterUsageTags.clusterName", null)
-    TestSparkComputation.generateTestSparkComputation(sparkSession)
-
-    expect:
-    assertTraces(2) {
-      trace(3) {
-        span {
-          operationName "spark.job"
-          resourceName "count at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          traceId 8944764253919609482G
-          parentSpanId 15104224823446433673G
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "count at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(0))
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "distinct at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(0))
-        }
-      }
-      trace(3) {
-        span {
-          operationName "spark.job"
-          resourceName "count at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          parent()
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "count at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(0))
-        }
-        span {
-          operationName "spark.stage"
-          resourceName "distinct at TestSparkComputation.java:17"
-          spanType "spark"
-          errored false
-          childOf(span(0))
-        }
-      }
-    }
-
-    cleanup:
-    sparkSession.stop()
-  }
-
-  def "compute the databricks parent context"() {
-    setup:
-    def contextWithJobRunId = new DatabricksParentContext("1234", "5678", "9012")
-    def contextWithoutJobRunId = new DatabricksParentContext("1234", null, "9012")
-    def contextWithoutJobId = new DatabricksParentContext(null, "5678", "9012")
-    def contextWithoutTaskRunId = new DatabricksParentContext(null, "5678", null)
-
-    expect:
-    contextWithJobRunId.getTraceId() == DDTraceId.from("8944764253919609482")
-    contextWithJobRunId.getSpanId() == DDSpanId.from("15104224823446433673")
-
-    contextWithoutJobRunId.getTraceId() == DDTraceId.from("15104224823446433673")
-    contextWithoutJobRunId.getSpanId() == DDSpanId.from("15104224823446433673")
-
-    contextWithoutJobId.getTraceId() == DDTraceId.ZERO
-    contextWithoutJobId.getSpanId() == DDSpanId.ZERO
-
-    contextWithoutTaskRunId.getTraceId() == DDTraceId.ZERO
-    contextWithoutTaskRunId.getSpanId() == DDSpanId.ZERO
-  }
-}
diff --git a/dd-java-agent/instrumentation/spark/src/test/groovy/SparkListenerTest.groovy b/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkListenerTest.groovy
similarity index 76%
rename from dd-java-agent/instrumentation/spark/src/test/groovy/SparkListenerTest.groovy
rename to dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkListenerTest.groovy
index 296b0dc1183..0bf54b26f7c 100644
--- a/dd-java-agent/instrumentation/spark/src/test/groovy/SparkListenerTest.groovy
+++ b/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkListenerTest.groovy
@@ -1,12 +1,13 @@
+package datadog.trace.instrumentation.spark
+
 import com.datadoghq.sketch.ddsketch.DDSketchProtoBinding
 import com.datadoghq.sketch.ddsketch.proto.DDSketch
 import com.datadoghq.sketch.ddsketch.store.CollapsingLowestDenseStore
 import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.instrumentation.spark.DatadogSparkListener
-import org.apache.spark.SparkConf
 import org.apache.spark.Success$
 import org.apache.spark.executor.TaskMetrics
 import org.apache.spark.scheduler.JobSucceeded$
+import org.apache.spark.scheduler.SparkListener
 import org.apache.spark.scheduler.SparkListenerApplicationEnd
 import org.apache.spark.scheduler.SparkListenerApplicationStart
 import org.apache.spark.scheduler.SparkListenerExecutorAdded
@@ -26,15 +27,14 @@ import scala.collection.immutable.HashMap
 import scala.collection.immutable.Seq
 
 import scala.collection.JavaConverters
+import spock.lang.Unroll
 
-class SparkListenerTest extends AgentTestRunner {
+@Unroll
+abstract class AbstractSparkListenerTest extends AgentTestRunner {
 
-  private getTestDatadogSparkListener() {
-    def conf = new SparkConf()
-    return new DatadogSparkListener(conf, "some_app_id", "some_version")
-  }
+  protected abstract SparkListener getTestDatadogSparkListener()
 
-  private applicationStartEvent(time=0L) {
+  protected applicationStartEvent(time=0L) {
     // Constructor of SparkListenerApplicationStart changed starting spark 3.0
     if (TestSparkComputation.getSparkVersion() < "3") {
       return new SparkListenerApplicationStart(
@@ -58,7 +58,7 @@ class SparkListenerTest extends AgentTestRunner {
       )
   }
 
-  private jobStartEvent(Integer jobId, Long time, ArrayList<Integer> stageIds) {
+  protected jobStartEvent(Integer jobId, Long time, ArrayList<Integer> stageIds) {
     def stageInfos = stageIds.collect { stageId ->
       createStageInfo(stageId)
     }
@@ -71,7 +71,7 @@ class SparkListenerTest extends AgentTestRunner {
       )
   }
 
-  private createStageInfo(Integer stageId) {
+  protected createStageInfo(Integer stageId) {
     if (TestSparkComputation.getSparkVersion() < "3") {
       return new StageInfo(
         stageId,
@@ -86,6 +86,22 @@ class SparkListenerTest extends AgentTestRunner {
         )
     }
 
+    if (TestSparkComputation.getSparkVersion() < "3.3") {
+      return new StageInfo(
+        stageId,
+        0,
+        "stage_name",
+        0,
+        JavaConverters.asScalaBuffer([]).toSeq() as Seq<RDDInfo>,
+        JavaConverters.asScalaBuffer([]).toSeq() as Seq<Integer>,
+        "stage_details",
+        null as TaskMetrics,
+        null,
+        Option.apply(),
+        0,
+        )
+    }
+
     return new StageInfo(
       stageId,
       0,
@@ -103,24 +119,24 @@ class SparkListenerTest extends AgentTestRunner {
       )
   }
 
-  private jobEndEvent(Integer jobId, Long time) {
+  protected jobEndEvent(Integer jobId, Long time) {
     return new SparkListenerJobEnd(jobId, time, JobSucceeded$.MODULE$)
   }
 
-  private stageSubmittedEvent(Integer stageId, Long time) {
+  protected stageSubmittedEvent(Integer stageId, Long time) {
     def stageInfo = createStageInfo(stageId)
     stageInfo.submissionTime = Option.apply(time)
 
     return new SparkListenerStageSubmitted(stageInfo, null)
   }
 
-  private stageCompletedEvent(Integer stageId, Long time) {
+  protected stageCompletedEvent(Integer stageId, Long time) {
     def stageInfo = createStageInfo(stageId)
     stageInfo.completionTime = Option.apply(time)
     return new SparkListenerStageCompleted(stageInfo)
   }
 
-  private taskEndEvent(Integer stageId, Long launchTime, Long executorTime, Long deserializeTime = 0L, Long resultSerializeTime = 0L, Long peakExecutionMemory = 0L) {
+  protected taskEndEvent(Integer stageId, Long launchTime, Long executorTime, Long deserializeTime = 0L, Long resultSerializeTime = 0L, Long peakExecutionMemory = 0L) {
     def taskInfo = new TaskInfo(
       0,
       0,
@@ -160,7 +176,7 @@ class SparkListenerTest extends AgentTestRunner {
       )
   }
 
-  private executorAddedEvent(time=0L, executorId="executor-0", totalCores=0) {
+  protected executorAddedEvent(time=0L, executorId="executor-0", totalCores=0) {
     new SparkListenerExecutorAdded(
       time,
       executorId,
@@ -172,7 +188,7 @@ class SparkListenerTest extends AgentTestRunner {
       )
   }
 
-  private executorRemovedEvent(time=0L, executorId="0") {
+  protected executorRemovedEvent(time=0L, executorId="0") {
     new SparkListenerExecutorRemoved(
       time,
       executorId,
@@ -199,7 +215,7 @@ class SparkListenerTest extends AgentTestRunner {
         span {
           operationName "spark.application"
           spanType "spark"
-          assert span.tags["spark_application_metrics.available_executor_time"] == expectedExecutorTime
+          assert span.tags["spark.available_executor_time"] == expectedExecutorTime
         }
       }
     }
@@ -248,48 +264,48 @@ class SparkListenerTest extends AgentTestRunner {
       trace(5) {
         span {
           operationName "spark.application"
-          assert span.tags["spark_application_metrics.available_executor_time"] == 8000L
-          assert span.tags["spark_application_metrics.executor_run_time"] == 2900L
-          assert span.tags["spark_application_metrics.executor_deserialize_time"] == 100L
-          assert span.tags["spark_application_metrics.result_serialization_time"] == 100L
+          assert span.tags["spark.available_executor_time"] == 8000L
+          assert span.tags["spark.executor_run_time"] == 2900L
+          assert span.tags["spark.executor_deserialize_time"] == 100L
+          assert span.tags["spark.result_serialization_time"] == 100L
           spanType "spark"
         }
         span {
           operationName "spark.job"
-          assert span.tags["spark_job_metrics.available_executor_time"] == 4800L
-          assert span.tags["spark_job_metrics.executor_run_time"] == 2900L
-          assert span.tags["spark_job_metrics.executor_deserialize_time"] == 100L
-          assert span.tags["spark_job_metrics.result_serialization_time"] == 100L
+          assert span.tags["spark.available_executor_time"] == 4800L
+          assert span.tags["spark.executor_run_time"] == 2900L
+          assert span.tags["spark.executor_deserialize_time"] == 100L
+          assert span.tags["spark.result_serialization_time"] == 100L
           spanType "spark"
           childOf(span(0))
         }
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 3
-          assert span.tags["spark_stage_metrics.available_executor_time"] == 3000L
-          assert span.tags["spark_stage_metrics.executor_run_time"] == 1900L
-          assert span.tags["spark_stage_metrics.executor_deserialize_time"] == 0L
-          assert span.tags["spark_stage_metrics.result_serialization_time"] == 0L
+          assert span.tags["spark.available_executor_time"] == 3000L
+          assert span.tags["spark.executor_run_time"] == 1900L
+          assert span.tags["spark.executor_deserialize_time"] == 0L
+          assert span.tags["spark.result_serialization_time"] == 0L
           spanType "spark"
           childOf(span(1))
         }
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 2
-          assert span.tags["spark_stage_metrics.available_executor_time"] == 1000L
-          assert span.tags["spark_stage_metrics.executor_run_time"] == 900L
-          assert span.tags["spark_stage_metrics.executor_deserialize_time"] == 0L
-          assert span.tags["spark_stage_metrics.result_serialization_time"] == 100L
+          assert span.tags["spark.available_executor_time"] == 1000L
+          assert span.tags["spark.executor_run_time"] == 900L
+          assert span.tags["spark.executor_deserialize_time"] == 0L
+          assert span.tags["spark.result_serialization_time"] == 100L
           spanType "spark"
           childOf(span(1))
         }
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 1
-          assert span.tags["spark_stage_metrics.available_executor_time"] == 800L
-          assert span.tags["spark_stage_metrics.executor_run_time"] == 100L
-          assert span.tags["spark_stage_metrics.executor_deserialize_time"] == 100L
-          assert span.tags["spark_stage_metrics.result_serialization_time"] == 0L
+          assert span.tags["spark.available_executor_time"] == 800L
+          assert span.tags["spark.executor_run_time"] == 100L
+          assert span.tags["spark.executor_deserialize_time"] == 100L
+          assert span.tags["spark.result_serialization_time"] == 0L
           spanType "spark"
           childOf(span(1))
         }
@@ -322,26 +338,26 @@ class SparkListenerTest extends AgentTestRunner {
       trace(4) {
         span {
           operationName "spark.application"
-          assert span.tags["spark_application_metrics.peak_execution_memory"] == 1400L
+          assert span.tags["spark.peak_execution_memory"] == 1400L
           spanType "spark"
         }
         span {
           operationName "spark.job"
-          assert span.tags["spark_job_metrics.peak_execution_memory"] == 1400L
+          assert span.tags["spark.peak_execution_memory"] == 1400L
           spanType "spark"
           childOf(span(0))
         }
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 2
-          assert span.tags["spark_stage_metrics.peak_execution_memory"] == 1400L
+          assert span.tags["spark.peak_execution_memory"] == 1400L
           spanType "spark"
           childOf(span(1))
         }
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 1
-          assert span.tags["spark_stage_metrics.peak_execution_memory"] == 1200L
+          assert span.tags["spark.peak_execution_memory"] == 1200L
           spanType "spark"
           childOf(span(1))
         }
@@ -414,19 +430,19 @@ class SparkListenerTest extends AgentTestRunner {
       trace(4) {
         span {
           operationName "spark.application"
-          validateRelativeError(span.tags["spark_application_metrics.skew_time"] as double, 7700, relativeAccuracy)
+          validateRelativeError(span.tags["spark.skew_time"] as double, 7700, relativeAccuracy)
           spanType "spark"
         }
         span {
           operationName "spark.job"
           spanType "spark"
-          validateRelativeError(span.tags["spark_job_metrics.skew_time"] as double, 7700, relativeAccuracy)
+          validateRelativeError(span.tags["spark.skew_time"] as double, 7700, relativeAccuracy)
           childOf(span(0))
         }
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 2
-          validateRelativeError(span.tags["spark_stage_metrics.skew_time"] as double, 7500, relativeAccuracy)
+          validateRelativeError(span.tags["spark.skew_time"] as double, 7500, relativeAccuracy)
           validateSerializedHistogram(span.tags["_dd.spark.task_run_time"] as String, 7500, 11250, 15000, relativeAccuracy)
           spanType "spark"
           childOf(span(1))
@@ -434,7 +450,7 @@ class SparkListenerTest extends AgentTestRunner {
         span {
           operationName "spark.stage"
           assert span.tags["stage_id"] == 1
-          validateRelativeError(span.tags["spark_stage_metrics.skew_time"] as double, 200, relativeAccuracy)
+          validateRelativeError(span.tags["spark.skew_time"] as double, 200, relativeAccuracy)
           validateSerializedHistogram(span.tags["_dd.spark.task_run_time"] as String, 100, 200, 300, relativeAccuracy)
           spanType "spark"
           childOf(span(1))
@@ -443,12 +459,12 @@ class SparkListenerTest extends AgentTestRunner {
     }
   }
 
-  private validateRelativeError(double value, double expected, double relativeAccuracy) {
+  protected validateRelativeError(double value, double expected, double relativeAccuracy) {
     double relativeError = Math.abs(value - expected) / expected
     assert relativeError < relativeAccuracy
   }
 
-  private validateSerializedHistogram(String base64Hist, double expectedP50, double expectedP75, double expectedMax, double relativeAccuracy) {
+  protected validateSerializedHistogram(String base64Hist, double expectedP50, double expectedP75, double expectedMax, double relativeAccuracy) {
     byte[] bytes = Base64.getDecoder().decode(base64Hist)
 
     def sketch = DDSketchProtoBinding.fromProto({
diff --git a/dd-java-agent/instrumentation/spark/src/test/groovy/SparkStructuredStreamingTest.groovy b/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkStructuredStreamingTest.groovy
similarity index 79%
rename from dd-java-agent/instrumentation/spark/src/test/groovy/SparkStructuredStreamingTest.groovy
rename to dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkStructuredStreamingTest.groovy
index 81178a69a2a..32b381bdbbd 100644
--- a/dd-java-agent/instrumentation/spark/src/test/groovy/SparkStructuredStreamingTest.groovy
+++ b/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkStructuredStreamingTest.groovy
@@ -1,12 +1,21 @@
+package datadog.trace.instrumentation.spark
+
 import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.Platform
 import org.apache.spark.sql.Encoders
 import org.apache.spark.sql.execution.streaming.MemoryStream
 import org.apache.spark.sql.SparkSession
 import scala.Option
 import scala.collection.JavaConverters
 import scala.collection.immutable.Seq
+import spock.lang.IgnoreIf
+import spock.lang.Unroll
 
-class SparkStructuredStreamingTest extends AgentTestRunner {
+@Unroll
+@IgnoreIf(reason="https://issues.apache.org/jira/browse/HADOOP-18174", value = {
+  Platform.isJ9()
+})
+class AbstractSparkStructuredStreamingTest extends AgentTestRunner {
 
   @Override
   void configurePreAgent() {
@@ -54,20 +63,20 @@ class SparkStructuredStreamingTest extends AgentTestRunner {
 
     expect:
     assertTraces(2) {
-      trace(4) {
+      trace(5) {
         span {
-          operationName "spark.batch"
+          operationName "spark.streaming_batch"
           resourceName "test-query"
           spanType "spark"
           parent()
           tags {
             defaultTags()
             // Streaming tags
-            "batch_id" 0
-            "name" "test-query"
+            "streaming_query.batch_id" 0
+            "streaming_query.name" "test-query"
             "app_id" String
-            "id" UUID
-            "run_id" UUID
+            "streaming_query.id" UUID
+            "streaming_query.run_id" UUID
             "spark.num_input_rows" 3
             "spark.add_batch_duration" Long
             "spark.get_batch_duration" Long
@@ -122,45 +131,70 @@ class SparkStructuredStreamingTest extends AgentTestRunner {
             "spark.task_failed_count" Long
             "spark.task_retried_count" Long
             "spark.task_with_output_count" Long
+
+            // Config tags
+            "config.spark_version" String
+            "config.spark_app_id" String
+            "config.spark_app_name" String
+            "config.spark_jobGroup_id" String
+            "config.spark_job_description" String
+            "config.spark_master" String
+            "config.spark_sql_execution_id" String
+            "config.spark_sql_shuffle_partitions" String
+            "config.sql_streaming_queryId" String
+            "config.streaming_sql_batchId" String
+            if (TestSparkComputation.sparkVersion >= '3') {
+              "config.spark_app_startTime" String
+            }
           }
         }
         span {
-          operationName "spark.job"
+          operationName "spark.sql"
           spanType "spark"
           childOf(span(0))
         }
         span {
-          operationName "spark.stage"
+          operationName "spark.job"
           spanType "spark"
           childOf(span(1))
         }
         span {
           operationName "spark.stage"
           spanType "spark"
-          childOf(span(1))
+          childOf(span(2))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(2))
         }
       }
-      trace(4) {
+      trace(5) {
         span {
-          operationName "spark.batch"
+          operationName "spark.streaming_batch"
           spanType "spark"
-          assert span.tags["batch_id"] == 1
+          assert span.tags["streaming_query.batch_id"] == 1
           parent()
         }
         span {
-          operationName "spark.job"
+          operationName "spark.sql"
           spanType "spark"
           childOf(span(0))
         }
         span {
-          operationName "spark.stage"
+          operationName "spark.job"
           spanType "spark"
           childOf(span(1))
         }
         span {
           operationName "spark.stage"
           spanType "spark"
-          childOf(span(1))
+          childOf(span(2))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(2))
         }
       }
     }
@@ -186,27 +220,32 @@ class SparkStructuredStreamingTest extends AgentTestRunner {
     sparkSession.stop()
 
     assertTraces(1) {
-      trace(4) {
+      trace(5, true) {
         span {
-          operationName "spark.batch"
-          resourceName "failing-query"
+          operationName "spark.job"
           spanType "spark"
           errored true
-          assert span.tags["error.message"] =~ /org.apache.spark.SparkException: .*\n/
-          assert span.tags["error.stack"] =~ /(?s).*Job aborted due to stage failure.*Caused by: java.lang.NullPointerException.*/
-          parent()
+          childOf(span(1))
         }
         span {
-          operationName "spark.job"
+          operationName "spark.sql"
+          spanType "spark"
+          childOf(span(3))
+        }
+        span {
+          operationName "spark.stage"
           spanType "spark"
           errored true
           childOf(span(0))
         }
         span {
-          operationName "spark.stage"
+          operationName "spark.streaming_batch"
+          resourceName "failing-query"
           spanType "spark"
           errored true
-          childOf(span(1))
+          assert span.tags["error.message"] =~ /org.apache.spark.SparkException: .*\n/
+          assert span.tags["error.stack"] =~ /(?s).*Job aborted due to stage failure.*Caused by: java.lang.NullPointerException.*/
+          parent()
         }
         span {
           operationName "spark.task"
diff --git a/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkTest.groovy b/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkTest.groovy
new file mode 100644
index 00000000000..a297b2f6091
--- /dev/null
+++ b/dd-java-agent/instrumentation/spark/src/testFixtures/groovy/datadog/trace/instrumentation/spark/AbstractSparkTest.groovy
@@ -0,0 +1,574 @@
+package datadog.trace.instrumentation.spark
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.DDSpanId
+import datadog.trace.api.DDTraceId
+import datadog.trace.api.Platform
+import datadog.trace.test.util.Flaky
+import org.apache.hadoop.yarn.api.records.FinalApplicationStatus
+import org.apache.hadoop.yarn.conf.YarnConfiguration
+import org.apache.spark.deploy.SparkSubmit
+import org.apache.spark.deploy.yarn.ApplicationMaster
+import org.apache.spark.deploy.yarn.ApplicationMasterArguments
+import org.apache.spark.sql.Dataset
+import org.apache.spark.sql.Row
+import org.apache.spark.sql.RowFactory
+import org.apache.spark.sql.SparkSession
+import org.apache.spark.sql.types.StructType
+import spock.lang.IgnoreIf
+import spock.lang.Unroll
+
+@Unroll
+@IgnoreIf(reason="https://issues.apache.org/jira/browse/HADOOP-18174", value = {
+  Platform.isJ9()
+})
+abstract class AbstractSparkTest extends AgentTestRunner {
+
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig("dd.integration.spark.enabled", "true")
+  }
+
+  def "generate application span with child job and stages"() {
+    setup:
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local")
+      .config("spark.default.parallelism", "2") // Small parallelism to speed up tests
+      .config("spark.sql.shuffle.partitions", "2")
+      .appName("Sample Spark App")
+      .getOrCreate()
+
+    TestSparkComputation.generateTestSparkComputation(sparkSession)
+
+    sparkSession.stop()
+
+    expect:
+    assertTraces(1) {
+      trace(4) {
+        span {
+          operationName "spark.application"
+          resourceName "spark.application"
+          spanType "spark"
+          errored false
+          parent()
+        }
+        span {
+          operationName "spark.job"
+          resourceName "count at TestSparkComputation.java:19"
+          spanType "spark"
+          errored false
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.stage"
+          resourceName "count at TestSparkComputation.java:19"
+          spanType "spark"
+          errored false
+          childOf(span(1))
+        }
+        span {
+          operationName "spark.stage"
+          resourceName "distinct at TestSparkComputation.java:19"
+          spanType "spark"
+          errored false
+          childOf(span(1))
+        }
+      }
+    }
+  }
+
+  private ApplicationMaster createApplicationMaster(SparkSession spark) {
+    // Constructor of ApplicationMaster changed starting spark 3.0
+    if (spark.version() < "3") {
+      return new ApplicationMaster(new ApplicationMasterArguments([] as String[]))
+    }
+
+    new ApplicationMaster(
+      new ApplicationMasterArguments([] as String[]),
+      spark.sparkContext().conf(),
+      new YarnConfiguration()
+      )
+  }
+
+  def "instrument yarn application master finish"() {
+    setup:
+    def spark = SparkSession.builder().config("spark.master", "local").getOrCreate()
+    def am = createApplicationMaster(spark)
+    am.finish(FinalApplicationStatus.FAILED, 9, "User class threw exception: org.apache.spark.sql.AnalysisException: Column 'foo' does not exist\n\tat com.datadog.spark.MySparkApp.main(MySparkApp.scala:6)")
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          operationName "spark.application"
+          resourceName "spark.application"
+          spanType "spark"
+          assert span.tags["error.type"] == "Spark Application Failed with exit code 9"
+          assert span.tags["error.message"] == "User class threw exception: org.apache.spark.sql.AnalysisException: Column 'foo' does not exist\n"
+          assert span.tags["error.stack"] == "User class threw exception: org.apache.spark.sql.AnalysisException: Column 'foo' does not exist\n\tat com.datadog.spark.MySparkApp.main(MySparkApp.scala:6)"
+          errored true
+          parent()
+        }
+      }
+    }
+
+    cleanup:
+    spark.stop()
+  }
+
+  @Flaky('sometimes spark.job is the first span')
+  def "generate error tags in failed spans"() {
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local")
+      .getOrCreate()
+
+    try {
+      TestSparkComputation.generateTestFailingSparkComputation(sparkSession)
+    }
+    catch (Exception ignored) {}
+
+    sparkSession
+      .sparkContext()
+      .listenerBus()
+      .waitUntilEmpty(1000)
+
+    sparkSession.stop()
+
+    expect:
+    assertTraces(1) {
+      trace(4) {
+        span {
+          operationName "spark.application"
+          resourceName "spark.application"
+          spanType "spark"
+          errored true
+          parent()
+          assert span.tags["error.type"] == "Spark Application Failed"
+          assert span.tags["error.message"] =~ /^Job aborted due to stage failure.*java.lang.NullPointerException$/
+          assert span.tags["error.stack"] =~ /(?s)^org.apache.spark.SparkException.*Caused by: java.lang.NullPointerException.*$/
+        }
+        span {
+          operationName "spark.job"
+          resourceName "collect at TestSparkComputation.java:28"
+          spanType "spark"
+          errored true
+          childOf(span(0))
+          assert span.tags["error.type"] == "Spark Job Failed"
+          assert span.tags["error.message"] =~ /^Job aborted due to stage failure.*java.lang.NullPointerException$/
+          assert span.tags["error.stack"] =~ /(?s)^org.apache.spark.SparkException.*Caused by: java.lang.NullPointerException.*$/
+        }
+        span {
+          operationName "spark.stage"
+          resourceName "collect at TestSparkComputation.java:28"
+          spanType "spark"
+          errored true
+          childOf(span(1))
+          assert span.tags["error.type"] == "Spark Stage Failed"
+          assert span.tags["error.message"] =~ /^Job aborted due to stage failure.*java.lang.NullPointerException$/
+          assert span.tags["error.stack"] =~ /(?s).*\n\tat datadog.trace.instrumentation.spark.TestSparkComputation.{500,}\$/
+        }
+        span {
+          operationName "spark.task"
+          spanType "spark"
+          errored true
+          childOf(span(2))
+          assert span.tags["error.type"] == "Spark Task Failed"
+          assert span.tags["error.message"] == "java.lang.NullPointerException: null"
+          assert span.tags["error.stack"] =~ /(?s)^java.lang.NullPointerException\n\tat datadog.trace.instrumentation.spark.TestSparkComputation.{500,}\$/
+        }
+      }
+    }
+  }
+
+  def "capture SparkSubmit.runMain() errors"() {
+    setup:
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local[2]")
+      .getOrCreate()
+
+    try {
+      // Generating a fake spark submit to trigger the runMain() method
+      // it will fail since TestClass and test-jar.jar don't exist
+      def sparkSubmit = new SparkSubmit()
+      sparkSubmit.doSubmit(["--class", "TestClass", "test-jar.jar"] as String[])
+    }
+    catch (Exception ignored) {}
+
+    expect:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          operationName "spark.application"
+          resourceName "spark.application"
+          spanType "spark"
+          errored true
+          assert span.tags["error.type"] == "org.apache.spark.SparkUserAppException"
+          assert span.tags["error.message"] == "User application exited with 101"
+          parent()
+        }
+      }
+    }
+
+    cleanup:
+    sparkSession.stop()
+    AbstractDatadogSparkListener.finishTraceOnApplicationEnd = true
+  }
+
+  def "generate databricks spans"() {
+    setup:
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local")
+      .config("spark.default.parallelism", "2") // Small parallelism to speed up tests
+      .config("spark.sql.shuffle.partitions", "2")
+      .config("spark.databricks.sparkContextId", "some_id")
+      .config("spark.databricks.clusterUsageTags.clusterName", "job-1234-run-8765-Job_cluster")
+      .getOrCreate()
+
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.id", "1234")
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.runId", "9012")
+    sparkSession.sparkContext().setLocalProperty("spark.jobGroup.id", "0000_job-3456-run-7890-action-0000")
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.workload.id", "01-123-456")
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.parentRunId", "5678")
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.clusterUsageTags.clusterName", "job-1234-run-901-Job_cluster")
+    TestSparkComputation.generateTestSparkComputation(sparkSession)
+
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.id", null)
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.runId", null)
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.parentRunId", null)
+    TestSparkComputation.generateTestSparkComputation(sparkSession)
+
+    sparkSession.sparkContext().setLocalProperty("spark.jobGroup.id", null)
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.parentRunId", null)
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.clusterUsageTags.clusterName", null)
+    TestSparkComputation.generateTestSparkComputation(sparkSession)
+
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.workload.id", null)
+    TestSparkComputation.generateTestSparkComputation(sparkSession)
+
+    expect:
+    assertTraces(4) {
+      trace(3) {
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          traceId 8944764253919609482G
+          parentSpanId 15104224823446433673G
+          assert span.tags["databricks_job_id"] == "1234"
+          assert span.tags["databricks_job_run_id"] == "5678"
+          assert span.tags["databricks_task_run_id"] == "9012"
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+      }
+      trace(3) {
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          traceId 5240384461065211484G
+          parentSpanId 14128229261586201946G
+          assert span.tags["databricks_job_id"] == "3456"
+          assert span.tags["databricks_job_run_id"] == "901"
+          assert span.tags["databricks_task_run_id"] == "7890"
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+      }
+      trace(3) {
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          traceId 2235374731114184741G
+          parentSpanId 8956125882166502063G
+          assert span.tags["databricks_job_id"] == "123"
+          assert span.tags["databricks_job_run_id"] == "8765"
+          assert span.tags["databricks_task_run_id"] == "456"
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+      }
+      trace(3) {
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          parent()
+          assert span.tags["databricks_job_id"] == null
+          assert span.tags["databricks_job_run_id"] == "8765"
+          assert span.tags["databricks_task_run_id"] == null
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(0))
+        }
+      }
+    }
+
+    cleanup:
+    sparkSession.stop()
+  }
+
+  def "compute the databricks parent context"() {
+    setup:
+    def contextWithJobRunId = new DatabricksParentContext("1234", "5678", "9012")
+    def contextWithoutJobRunId = new DatabricksParentContext("1234", null, "9012")
+    def contextWithoutJobId = new DatabricksParentContext(null, "5678", "9012")
+    def contextWithoutTaskRunId = new DatabricksParentContext(null, "5678", null)
+
+    expect:
+    contextWithJobRunId.getTraceId() == DDTraceId.from("8944764253919609482")
+    contextWithJobRunId.getSpanId() == DDSpanId.from("15104224823446433673")
+
+    contextWithoutJobRunId.getTraceId() == DDTraceId.from("15104224823446433673")
+    contextWithoutJobRunId.getSpanId() == DDSpanId.from("15104224823446433673")
+
+    contextWithoutJobId.getTraceId() == DDTraceId.ZERO
+    contextWithoutJobId.getSpanId() == DDSpanId.ZERO
+
+    contextWithoutTaskRunId.getTraceId() == DDTraceId.ZERO
+    contextWithoutTaskRunId.getSpanId() == DDSpanId.ZERO
+  }
+
+  private Dataset<Row> generateSampleDataframe(SparkSession spark) {
+    def structType = new StructType()
+    structType = structType.add("col", "String", false)
+
+    def rows = new ArrayList<Row>()
+    rows.add(RowFactory.create("value"))
+    spark.createDataFrame(rows, structType)
+  }
+
+  def "generate spark sql spans"() {
+    setup:
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local[2]")
+      .config("spark.sql.shuffle.partitions", "2")
+      .getOrCreate()
+
+    def df = generateSampleDataframe(sparkSession)
+    df.coalesce(1).count()
+    sparkSession.stop()
+
+    expect:
+    assertTraces(1) {
+      trace(4) {
+        span {
+          operationName "spark.application"
+          spanType "spark"
+          parent()
+        }
+        span {
+          operationName "spark.sql"
+          spanType "spark"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          childOf(span(1))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(2))
+        }
+      }
+    }
+  }
+
+  def "generate spark sql spans on databricks"() {
+    setup:
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local[2]")
+      .config("spark.sql.shuffle.partitions", "2")
+      .config("spark.databricks.sparkContextId", "some_id")
+      .config("spark.databricks.clusterUsageTags.clusterName", "job-1234-run-5678-Job_cluster")
+      .getOrCreate()
+
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.id", "1234")
+    sparkSession.sparkContext().setLocalProperty("spark.databricks.job.runId", "9012")
+
+    def df = generateSampleDataframe(sparkSession)
+    df.coalesce(1).count()
+    sparkSession.stop()
+
+    expect:
+    assertTraces(1) {
+      trace(3) {
+        span {
+          operationName "spark.sql"
+          spanType "spark"
+          traceId 8944764253919609482G
+          parentSpanId 15104224823446433673G
+        }
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(1))
+        }
+      }
+    }
+  }
+
+  def "add custom tags to spark spans"() {
+    def sparkSession = SparkSession.builder()
+      .config("spark.master", "local[2]")
+      .config("spark.sql.shuffle.partitions", "2")
+      .getOrCreate()
+
+    def df = generateSampleDataframe(sparkSession)
+
+    sparkSession.sparkContext().setLocalProperty("spark.datadog.tags.tag_1", "value_1")
+    sparkSession.sparkContext().setLocalProperty("spark.datadog.tags.tag_2", "value_2")
+    df.coalesce(1).count()
+
+    sparkSession.sparkContext().setLocalProperty("spark.datadog.tags.tag_1", "value_11")
+    sparkSession.sparkContext().setLocalProperty("spark.datadog.tags.tag_2", null)
+    df.coalesce(1).count()
+    sparkSession.stop()
+
+    expect:
+    assertTraces(1) {
+      trace(7) {
+        span {
+          operationName "spark.application"
+          spanType "spark"
+          assert span.tags["tag_1"] == null
+          assert span.tags["tag_2"] == null
+          parent()
+        }
+        span {
+          operationName "spark.sql"
+          spanType "spark"
+          assert span.tags["tag_1"] == "value_11"
+          assert span.tags["tag_2"] == null
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          assert span.tags["tag_1"] == "value_11"
+          assert span.tags["tag_2"] == null
+          childOf(span(1))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          assert span.tags["tag_1"] == "value_11"
+          assert span.tags["tag_2"] == null
+          childOf(span(2))
+        }
+        span {
+          operationName "spark.sql"
+          spanType "spark"
+          assert span.tags["tag_1"] == "value_1"
+          assert span.tags["tag_2"] == "value_2"
+          childOf(span(0))
+        }
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          assert span.tags["tag_1"] == "value_1"
+          assert span.tags["tag_2"] == "value_2"
+          childOf(span(4))
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          assert span.tags["tag_1"] == "value_1"
+          assert span.tags["tag_2"] == "value_2"
+          childOf(span(5))
+        }
+      }
+    }
+  }
+
+  def "set the proper databricks service"(String ddService, String clusterName, String clusterAllTags, String expectedService) {
+    setup:
+    if (ddService != null) {
+      injectSysConfig("dd.service", ddService)
+    }
+
+    def builder = SparkSession.builder()
+      .config("spark.master", "local[2]")
+      .config("spark.databricks.sparkContextId", "some_id")
+
+    if (clusterName) {
+      builder.config("spark.databricks.clusterUsageTags.clusterName", clusterName)
+    }
+    if (clusterAllTags) {
+      builder.config("spark.databricks.clusterUsageTags.clusterAllTags", clusterAllTags)
+    }
+
+    when:
+    def sparkSession = builder.getOrCreate()
+    def df = generateSampleDataframe(sparkSession)
+    df.coalesce(1).count()
+    sparkSession.stop()
+
+    then:
+    assertTraces(1) {
+      trace(3) {
+        span {
+          operationName "spark.sql"
+          spanType "spark"
+          span.serviceName ==~ expectedService
+        }
+        span {
+          operationName "spark.job"
+          spanType "spark"
+          childOf(span(0))
+          span.serviceName ==~ expectedService
+        }
+        span {
+          operationName "spark.stage"
+          spanType "spark"
+          childOf(span(1))
+          span.serviceName ==~ expectedService
+        }
+      }
+    }
+
+    where:
+    ddService | clusterName         | clusterAllTags                                                                         | expectedService
+    "foobar"  | "some_cluster_name" | """[{"key": "foo"}, {"key": "RunName", "value": "some_run_name"}]"""                   | "^(databricks)"
+    null      | "some_cluster_name" | """[{"key": "foo"}, {"key": "RunName", "value": "some_run_name"}]"""                   | "databricks.job-cluster.some_run_name"
+    null      | "some_cluster_name" | """[{"key":"RunName","value":"some_run_name_9975a7ba-5e04-11ee-8c99-0242ac120002"}]""" | "databricks.job-cluster.some_run_name"
+    null      | "some_cluster_name" | """invalid_json"""                                                                     | "databricks.all-purpose-cluster.some_cluster_name"
+    null      | null                | null                                                                                   | "^(databricks)"
+  }
+}
diff --git a/dd-java-agent/instrumentation/spark/src/test/java/TestSparkComputation.java b/dd-java-agent/instrumentation/spark/src/testFixtures/java/datadog/trace/instrumentation/spark/TestSparkComputation.java
similarity index 97%
rename from dd-java-agent/instrumentation/spark/src/test/java/TestSparkComputation.java
rename to dd-java-agent/instrumentation/spark/src/testFixtures/java/datadog/trace/instrumentation/spark/TestSparkComputation.java
index c5676491778..1682f7e8984 100644
--- a/dd-java-agent/instrumentation/spark/src/test/java/TestSparkComputation.java
+++ b/dd-java-agent/instrumentation/spark/src/testFixtures/java/datadog/trace/instrumentation/spark/TestSparkComputation.java
@@ -1,3 +1,5 @@
+package datadog.trace.instrumentation.spark;
+
 import java.util.concurrent.TimeoutException;
 import org.apache.spark.api.java.function.MapFunction;
 import org.apache.spark.sql.Dataset;
diff --git a/dd-java-agent/instrumentation/spring-messaging-4/src/main/java/datadog/trace/instrumentation/springmessaging/SpringMessageExtractAdapter.java b/dd-java-agent/instrumentation/spring-messaging-4/src/main/java/datadog/trace/instrumentation/springmessaging/SpringMessageExtractAdapter.java
index 102bd7bd4b9..d11e4f7fc43 100644
--- a/dd-java-agent/instrumentation/spring-messaging-4/src/main/java/datadog/trace/instrumentation/springmessaging/SpringMessageExtractAdapter.java
+++ b/dd-java-agent/instrumentation/spring-messaging-4/src/main/java/datadog/trace/instrumentation/springmessaging/SpringMessageExtractAdapter.java
@@ -3,7 +3,9 @@
 import datadog.trace.api.cache.DDCache;
 import datadog.trace.api.cache.DDCaches;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.messaging.DatadogAttributeParser;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
+import java.nio.ByteBuffer;
 import java.util.Locale;
 import java.util.Map;
 import java.util.function.Function;
@@ -11,6 +13,7 @@
 
 public final class SpringMessageExtractAdapter
     implements AgentPropagation.ContextVisitor<Message<?>> {
+
   private static final Function<String, String> KEY_MAPPER =
       new Function<String, String>() {
         @SuppressForbidden
@@ -31,9 +34,16 @@ public String apply(String key) {
   @Override
   public void forEachKey(Message<?> carrier, AgentPropagation.KeyClassifier classifier) {
     for (Map.Entry<String, ?> header : carrier.getHeaders().entrySet()) {
-      if (header.getValue() instanceof String) {
+      Object headerValue = header.getValue();
+      if ("_datadog".equals(header.getKey())) {
+        if (headerValue instanceof String) {
+          DatadogAttributeParser.forEachProperty(classifier, (String) headerValue);
+        } else if (headerValue instanceof ByteBuffer) {
+          DatadogAttributeParser.forEachProperty(classifier, (ByteBuffer) headerValue);
+        }
+      } else if (headerValue instanceof String) {
         String lowerCaseKey = cache.computeIfAbsent(header.getKey(), KEY_MAPPER);
-        if (!classifier.accept(lowerCaseKey, (String) header.getValue())) {
+        if (!classifier.accept(lowerCaseKey, (String) headerValue)) {
           return;
         }
       }
diff --git a/dd-java-agent/instrumentation/spring-messaging-4/src/test/groovy/SpringListenerSQSTest.groovy b/dd-java-agent/instrumentation/spring-messaging-4/src/test/groovy/SpringListenerSQSTest.groovy
index 2d9d060ccf2..7e29c1219db 100644
--- a/dd-java-agent/instrumentation/spring-messaging-4/src/test/groovy/SpringListenerSQSTest.groovy
+++ b/dd-java-agent/instrumentation/spring-messaging-4/src/test/groovy/SpringListenerSQSTest.groovy
@@ -11,6 +11,7 @@ import io.awspring.cloud.sqs.operations.SqsTemplate
 import listener.Config
 import org.elasticmq.rest.sqs.SQSRestServer
 import org.springframework.context.annotation.AnnotationConfigApplicationContext
+import org.springframework.messaging.support.GenericMessage
 import software.amazon.awssdk.services.sqs.SqsAsyncClient
 
 class SpringListenerSQSTest extends AgentTestRunner {
@@ -55,6 +56,75 @@ class SpringListenerSQSTest extends AgentTestRunner {
     }
   }
 
+  def "embedded _datadog context used when no immediate context"() {
+    setup:
+    def context = new AnnotationConfigApplicationContext(Config)
+    def address = context.getBean(SQSRestServer).waitUntilStarted().localAddress()
+    def template = SqsTemplate.newTemplate(context.getBean(SqsAsyncClient))
+    TEST_WRITER.waitForTraces(2)
+    TEST_WRITER.clear()
+
+    when:
+    def message = new GenericMessage("a message", [
+      '_datadog' : "{\"x-datadog-trace-id\": \"4948377316357291421\", \"x-datadog-parent-id\": \"6746998015037429512\", \"x-datadog-sampling-priority\": \"1\"}"
+    ])
+    TraceUtils.runUnderTrace("parent") {
+      template.sendAsync("SpringListenerSQS", message)
+    }
+
+    then:
+    assertTraces(4, SORT_TRACES_BY_START) {
+      trace(3) {
+        sendMessage(it, address, span(2))
+        getQueueUrl(it, address, span(2))
+        basicSpan(it, "parent")
+      }
+      trace(1) {
+        span {
+          serviceName "sqs"
+          operationName "aws.http"
+          resourceName "Sqs.ReceiveMessage"
+          spanType DDSpanTypes.MESSAGE_CONSUMER
+          errored false
+          measured true
+          traceId(4948377316357291421 as BigInteger)
+          parentSpanId(6746998015037429512 as BigInteger)
+          tags {
+            "$Tags.COMPONENT" "java-aws-sdk"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CONSUMER
+            "aws.service" "Sqs"
+            "aws_service" "Sqs"
+            "aws.operation" "ReceiveMessage"
+            "aws.agent" "java-aws-sdk"
+            "aws.queue.url" "http://localhost:${address.port}/000000000000/SpringListenerSQS"
+            "aws.requestId" "00000000-0000-0000-0000-000000000000"
+            defaultTags(true)
+          }
+        }
+      }
+      trace(1) {
+        span {
+          serviceName "my-service"
+          operationName "spring.consume"
+          resourceName "TestListener.observe"
+          spanType DDSpanTypes.MESSAGE_CONSUMER
+          errored false
+          measured true
+          traceId(4948377316357291421 as BigInteger)
+          parentSpanId(6746998015037429512 as BigInteger)
+          tags {
+            "$Tags.COMPONENT" "spring-messaging"
+            "$Tags.SPAN_KIND" Tags.SPAN_KIND_CONSUMER
+            defaultTags(true)
+          }
+        }
+      }
+      trace(1) {
+        deleteMessageBatch(it, address)
+      }
+    }
+  }
+
   static sendMessage(TraceAssert traceAssert, InetSocketAddress address, DDSpan parentSpan) {
     traceAssert.span {
       serviceName "sqs"
diff --git a/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AbstractUserDetailsAuthenticationProviderAdvice.java b/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AbstractUserDetailsAuthenticationProviderAdvice.java
index ba554426058..837584bc44b 100644
--- a/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AbstractUserDetailsAuthenticationProviderAdvice.java
+++ b/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AbstractUserDetailsAuthenticationProviderAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.springsecurity5;
 
+import datadog.trace.bootstrap.ActiveSubsystems;
 import net.bytebuddy.asm.Advice;
 import org.springframework.security.core.AuthenticationException;
 
@@ -9,9 +10,11 @@ public class AbstractUserDetailsAuthenticationProviderAdvice {
   public static boolean onEnter(
       @Advice.FieldValue(value = "hideUserNotFoundExceptions", readOnly = false)
           boolean hideUserNotFoundExceptions) {
-    // Ensure we are not hiding exception
     boolean originalValue = hideUserNotFoundExceptions;
-    hideUserNotFoundExceptions = false;
+    if (ActiveSubsystems.APPSEC_ACTIVE) {
+      // Ensure we are not hiding exception
+      hideUserNotFoundExceptions = false;
+    }
     return originalValue;
   }
 
diff --git a/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AuthenticationProviderAdvice.java b/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AuthenticationProviderAdvice.java
index f612d69c174..9afaa255ff0 100644
--- a/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AuthenticationProviderAdvice.java
+++ b/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/AuthenticationProviderAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.springsecurity5;
 
+import datadog.trace.bootstrap.ActiveSubsystems;
 import net.bytebuddy.asm.Advice;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -11,6 +12,8 @@ public static void onExit(
       @Advice.Argument(value = 0, readOnly = false) Authentication authentication,
       @Advice.Return final Authentication result,
       @Advice.Thrown final AuthenticationException throwable) {
-    SpringSecurityUserEventDecorator.DECORATE.onLogin(authentication, throwable, result);
+    if (ActiveSubsystems.APPSEC_ACTIVE) {
+      SpringSecurityUserEventDecorator.DECORATE.onLogin(authentication, throwable, result);
+    }
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/UserDetailsManagerAdvice.java b/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/UserDetailsManagerAdvice.java
index c4a2076d2b1..bd092180bcb 100644
--- a/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/UserDetailsManagerAdvice.java
+++ b/dd-java-agent/instrumentation/spring-security-5/src/main/java17/datadog/trace/instrumentation/springsecurity5/UserDetailsManagerAdvice.java
@@ -1,5 +1,6 @@
 package datadog.trace.instrumentation.springsecurity5;
 
+import datadog.trace.bootstrap.ActiveSubsystems;
 import net.bytebuddy.asm.Advice;
 import org.springframework.security.core.userdetails.UserDetails;
 
@@ -7,6 +8,8 @@ public class UserDetailsManagerAdvice {
 
   @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
   public static void onExit(@Advice.Argument(value = 0, readOnly = false) UserDetails user) {
-    SpringSecurityUserEventDecorator.DECORATE.onSignup(user);
+    if (ActiveSubsystems.APPSEC_ACTIVE) {
+      SpringSecurityUserEventDecorator.DECORATE.onSignup(user);
+    }
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy b/dd-java-agent/instrumentation/spring-webflux-5/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy
index a98352ffaab..59e650cf296 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy
@@ -226,7 +226,7 @@ class IastWebFluxTest extends IastRequestTestRunner {
     (respBody =~ "URI: http://[^/]+/iast/shr\\?var1=foo").find()
     (respBody =~ "Path: /iast/shr").find()
     respBody.contains 'Query params: [var1 (tainted):[foo (tainted)]]'
-    respBody.contains 'Cookies: [var2:[var2 -> bar (tainted)]]'
+    respBody.contains 'Cookies: [var2 (tainted):[var2 (tainted) -> bar (tainted)]]'
     (respBody =~ "User-Agent: okhttp/[\\d.]+ \\(tainted\\)").find()
 
     when:
@@ -241,11 +241,10 @@ class IastWebFluxTest extends IastRequestTestRunner {
       value 'foo'
       range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'foo')
     }
-    // WebModule is not tainting cookie names
-    //    toc.hasTaintedObject {
-    //      value 'var2'
-    //      range 0, 4, source(SourceTypes.REQUEST_COOKIE_NAME, 'var2', null)
-    //    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_COOKIE_NAME, 'var2', 'var2')
+    }
     toc.hasTaintedObject {
       value 'bar'
       range 0, 3, source(SourceTypes.REQUEST_COOKIE_VALUE, 'var2',  'bar')
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/DataBufferAsInputStreamAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/DataBufferAsInputStreamAdvice.java
index 2085354e019..b812c77a2a7 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/DataBufferAsInputStreamAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/DataBufferAsInputStreamAdvice.java
@@ -21,6 +21,6 @@ public static void after(@Advice.This DataBuffer dataBuffer, @Advice.Return Inpu
       return;
     }
 
-    mod.taintIfInputIsTainted(is, dataBuffer);
+    mod.taintIfTainted(is, dataBuffer);
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/HandleMatchAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/HandleMatchAdvice.java
index f2d1f326cf2..5ac2054dec7 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/HandleMatchAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/HandleMatchAdvice.java
@@ -4,6 +4,7 @@
 import datadog.trace.advice.RequiresRequestContext;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -18,7 +19,7 @@ public class HandleMatchAdvice {
 
   @SuppressWarnings("Duplicates")
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+  @Source(SourceTypes.REQUEST_PATH_PARAMETER)
   public static void after(
       @Advice.Argument(2) ServerWebExchange xchg, @ActiveRequestContext RequestContext reqCtx) {
 
@@ -28,7 +29,7 @@ public static void after(
       return;
     }
 
-    Object iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
+    IastContext iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
 
     PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
@@ -40,7 +41,7 @@ public static void after(
             continue; // should not happen
           }
           module.taint(
-              iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+              iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
         }
       }
 
@@ -58,15 +59,15 @@ public static void after(
             if (innerKey != null) {
               module.taint(
                   iastRequestContext,
+                  innerKey,
                   SourceTypes.REQUEST_MATRIX_PARAMETER,
-                  parameterName,
-                  innerKey);
+                  parameterName);
             }
             Iterable<String> innerValues = ie.getValue();
             if (innerValues != null) {
               for (String iv : innerValues) {
                 module.taint(
-                    iastRequestContext, SourceTypes.REQUEST_MATRIX_PARAMETER, parameterName, iv);
+                    iastRequestContext, iv, SourceTypes.REQUEST_MATRIX_PARAMETER, parameterName);
               }
             }
           }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/Jackson2TokenizerApplyAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/Jackson2TokenizerApplyAdvice.java
index b1321ef1cf1..53b6ebb8cfc 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/Jackson2TokenizerApplyAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/Jackson2TokenizerApplyAdvice.java
@@ -14,7 +14,7 @@
 @RequiresRequestContext(RequestContextSlot.IAST)
 class Jackson2TokenizerApplyAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_BODY_STRING)
+  @Source(SourceTypes.REQUEST_BODY)
   public static void after(
       @Advice.Argument(0) DataBuffer dataBuffer,
       @Advice.Return(readOnly = false) Flux<TokenBuffer> flux) {
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/RequestHeaderMapResolveAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/RequestHeaderMapResolveAdvice.java
index 6a4ce766058..5b1b4695e29 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/RequestHeaderMapResolveAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/RequestHeaderMapResolveAdvice.java
@@ -2,11 +2,11 @@
 
 import datadog.trace.advice.RequiresRequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import java.util.List;
 import java.util.Map;
 import net.bytebuddy.asm.Advice;
@@ -16,26 +16,29 @@
 @RequiresRequestContext(RequestContextSlot.IAST)
 public class RequestHeaderMapResolveAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_HEADER_VALUE)
   public static void after(@Advice.Return(typing = Assigner.Typing.DYNAMIC) Map<String, ?> values) {
-    WebModule module = InstrumentationBridge.WEB;
     PropagationModule prop = InstrumentationBridge.PROPAGATION;
-    if (module == null || prop == null || values == null) {
+    if (prop == null || values == null || values.isEmpty()) {
       return;
     }
 
-    module.onHeaderNames(values.keySet());
-
+    final IastContext ctx = IastContext.Provider.get();
     if (values instanceof MultiValueMap) {
       for (Map.Entry<String, List<String>> e :
           ((MultiValueMap<String, String>) values).entrySet()) {
+        final String name = e.getKey();
+        prop.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
         for (String v : e.getValue()) {
-          prop.taint(SourceTypes.REQUEST_HEADER_VALUE, e.getKey(), v);
+          prop.taint(ctx, v, SourceTypes.REQUEST_HEADER_VALUE, name);
         }
       }
     } else {
       for (Map.Entry<String, String> e : ((Map<String, String>) values).entrySet()) {
-        prop.taint(SourceTypes.REQUEST_HEADER_VALUE, e.getKey(), e.getValue());
+        final String name = e.getKey();
+        final String value = e.getValue();
+        prop.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
+        prop.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintCookiesAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintCookiesAdvice.java
index 1e29fc9b8d7..3fa7d645f1c 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintCookiesAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintCookiesAdvice.java
@@ -2,6 +2,7 @@
 
 import datadog.trace.advice.RequiresRequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
@@ -16,13 +17,17 @@ class TaintCookiesAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
   public static void after(@Advice.Return MultiValueMap<String, HttpCookie> cookies) {
     PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module == null) {
+    if (module == null || cookies.isEmpty()) {
       return;
     }
 
+    final IastContext ctx = IastContext.Provider.get();
     for (List<HttpCookie> cookieList : cookies.values()) {
       for (HttpCookie cookie : cookieList) {
-        module.taint(SourceTypes.REQUEST_COOKIE_VALUE, cookie.getName(), cookie.getValue());
+        final String name = cookie.getName();
+        final String value = cookie.getValue();
+        module.taint(ctx, name, SourceTypes.REQUEST_COOKIE_NAME, name);
+        module.taint(ctx, value, SourceTypes.REQUEST_COOKIE_VALUE, name);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintFluxElementsFunction.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintFluxElementsFunction.java
index e8f632fcb3d..5c8a0e65906 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintFluxElementsFunction.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintFluxElementsFunction.java
@@ -13,7 +13,7 @@ public TaintFluxElementsFunction(PropagationModule propagationModule) {
 
   @Override
   public T apply(T t) {
-    propagation.taintObject(SourceTypes.REQUEST_BODY, t);
+    propagation.taint(t, SourceTypes.REQUEST_BODY);
     return t;
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintGetBodyAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintGetBodyAdvice.java
index 45cbf06eccc..ddcf315eeae 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintGetBodyAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintGetBodyAdvice.java
@@ -21,7 +21,7 @@ public static void after(@Advice.Return(readOnly = false) Flux<DataBuffer> flux)
     }
 
     // taint both the flux and the individual DataBuffers
-    propagation.taintObject(SourceTypes.REQUEST_BODY, flux);
+    propagation.taint(flux, SourceTypes.REQUEST_BODY);
     flux = flux.map(new TaintFluxElementsFunction<>(propagation));
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetAdvice.java
index 2226cccfa1a..963720cee6a 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetAdvice.java
@@ -2,6 +2,7 @@
 
 import datadog.trace.advice.RequiresRequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -14,18 +15,19 @@
 @RequiresRequestContext(RequestContextSlot.IAST)
 class TaintHttpHeadersGetAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_HEADER_VALUE)
   public static void after(@Advice.Argument(0) Object arg, @Advice.Return List<String> values) {
     PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module == null || values == null) {
+    if (module == null || values == null || values.isEmpty()) {
       return;
     }
     if (!(arg instanceof String)) {
       return;
     }
+    final IastContext ctx = IastContext.Provider.get();
     String lc = ((String) arg).toLowerCase(Locale.ROOT);
     for (String value : values) {
-      module.taint(SourceTypes.REQUEST_HEADER_VALUE, lc, value);
+      module.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, lc);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetFirstAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetFirstAdvice.java
index 0c7875d34fe..2dbffa0debc 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetFirstAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersGetFirstAdvice.java
@@ -12,12 +12,12 @@
 @RequiresRequestContext(RequestContextSlot.IAST)
 class TaintHttpHeadersGetFirstAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_HEADER_VALUE)
   public static void after(@Advice.Argument(0) String arg, @Advice.Return String value) {
     PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module == null || arg == null || value == null) {
       return;
     }
-    module.taint(SourceTypes.REQUEST_HEADER_VALUE, arg, value);
+    module.taint(value, SourceTypes.REQUEST_HEADER_VALUE, arg);
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersToSingleValueMapAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersToSingleValueMapAdvice.java
index 274d0bc1b98..1a85435d3f4 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersToSingleValueMapAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintHttpHeadersToSingleValueMapAdvice.java
@@ -2,11 +2,11 @@
 
 import datadog.trace.advice.RequiresRequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import java.util.Map;
 import net.bytebuddy.asm.Advice;
 import org.springframework.http.HttpHeaders;
@@ -15,17 +15,19 @@
 @RequiresRequestContext(RequestContextSlot.IAST)
 class TaintHttpHeadersToSingleValueMapAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_HEADER_VALUE)
   public static void after(@Advice.Return Map<String, String> values) {
-    PropagationModule propModule = InstrumentationBridge.PROPAGATION;
-    WebModule module = InstrumentationBridge.WEB;
-    if (module == null || propModule == null || values == null) {
+    PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module == null || values == null || values.isEmpty()) {
       return;
     }
 
-    module.onHeaderNames(values.keySet());
+    final IastContext ctx = IastContext.Provider.get();
     for (Map.Entry<String, String> e : values.entrySet()) {
-      propModule.taint(SourceTypes.REQUEST_HEADER_VALUE, e.getKey(), e.getValue());
+      final String name = e.getKey();
+      final String value = e.getValue();
+      module.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
+      module.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintQueryParamsAdvice.java b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintQueryParamsAdvice.java
index 5ea29f893c1..1e371eefa88 100644
--- a/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintQueryParamsAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webflux-5/src/main/java/datadog/trace/instrumentation/springwebflux/server/iast/TaintQueryParamsAdvice.java
@@ -2,11 +2,11 @@
 
 import datadog.trace.advice.RequiresRequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import datadog.trace.api.iast.source.WebModule;
 import java.util.List;
 import java.util.Map;
 import net.bytebuddy.asm.Advice;
@@ -17,20 +17,19 @@ class TaintQueryParamsAdvice {
 
   @SuppressWarnings("Duplicates")
   @Advice.OnMethodExit(suppress = Throwable.class)
-  @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+  @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
   public static void after(@Advice.Return MultiValueMap<String, String> queryParams) {
-    final WebModule web = InstrumentationBridge.WEB;
     final PropagationModule prop = InstrumentationBridge.PROPAGATION;
-    if (web == null || prop == null) {
+    if (prop == null || queryParams == null || queryParams.isEmpty()) {
       return;
     }
 
-    web.onParameterNames(queryParams.keySet());
-
+    final IastContext ctx = IastContext.Provider.get();
     for (Map.Entry<String, List<String>> e : queryParams.entrySet()) {
       String name = e.getKey();
+      prop.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
       for (String value : e.getValue()) {
-        prop.taint(SourceTypes.REQUEST_PARAMETER_VALUE, name, value);
+        prop.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/spring-webflux-6/build.gradle b/dd-java-agent/instrumentation/spring-webflux-6/build.gradle
index 65197f94f7a..5ef5a096e3e 100644
--- a/dd-java-agent/instrumentation/spring-webflux-6/build.gradle
+++ b/dd-java-agent/instrumentation/spring-webflux-6/build.gradle
@@ -2,6 +2,15 @@ ext {
   minJavaVersionForTests = JavaVersion.VERSION_17
 }
 
+muzzle {
+  pass {
+    group = 'org.springframework'
+    module = 'spring-webflux'
+    versions = "[6,)"
+    javaVersion = "17"
+  }
+}
+
 apply from: "$rootDir/gradle/java.gradle"
 
 [compileMain_java17Java, compileTestJava].each {
@@ -15,10 +24,6 @@ apply from: "$rootDir/gradle/java.gradle"
 // test that webflux5 instrumentation works for webflux6 too
 addTestSuite('iastTest')
 
-tasks.named('muzzle').configure {
-  enabled = false
-}
-
 [compileTestGroovy, compileIastTestGroovy].each {
   it.javaLauncher = getJavaLauncherFor(17)
 }
diff --git a/dd-java-agent/instrumentation/spring-webflux-6/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy b/dd-java-agent/instrumentation/spring-webflux-6/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy
index 329a37c47bd..726b9f4b7bb 100644
--- a/dd-java-agent/instrumentation/spring-webflux-6/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webflux-6/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy
@@ -229,7 +229,7 @@ class IastWebFluxTest extends IastRequestTestRunner {
     (respBody =~ "URI: http://[^/]+/iast/shr\\?var1=foo").find()
     (respBody =~ "Path: /iast/shr").find()
     respBody.contains 'Query params: [var1 (tainted):[foo (tainted)]]'
-    respBody.contains 'Cookies: [var2:[var2 -> bar (tainted)]]'
+    respBody.contains 'Cookies: [var2 (tainted):[var2 (tainted) -> bar (tainted)]]'
     (respBody =~ "User-Agent: okhttp/[\\d.]+ \\(tainted\\)").find()
 
     when:
@@ -244,11 +244,10 @@ class IastWebFluxTest extends IastRequestTestRunner {
       value 'foo'
       range 0, 3, source(SourceTypes.REQUEST_PARAMETER_VALUE, 'var1', 'foo')
     }
-    // WebModule is not tainting cookie names
-    //    toc.hasTaintedObject {
-    //      value 'var2'
-    //      range 0, 4, source(SourceTypes.REQUEST_COOKIE_NAME, 'var2', null)
-    //    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_COOKIE_NAME, 'var2', 'var2')
+    }
     toc.hasTaintedObject {
       value 'bar'
       range 0, 3, source(SourceTypes.REQUEST_COOKIE_VALUE, 'var2',  'bar')
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HandlerMethodReturnValueHandlerCompositeInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HandlerMethodReturnValueHandlerCompositeInstrumentation.java
new file mode 100644
index 00000000000..29688fa00dd
--- /dev/null
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HandlerMethodReturnValueHandlerCompositeInstrumentation.java
@@ -0,0 +1,69 @@
+package datadog.trace.instrumentation.springweb;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
+import datadog.trace.api.iast.sink.XssModule;
+import net.bytebuddy.asm.Advice;
+import org.springframework.core.MethodParameter;
+import org.springframework.web.method.support.HandlerMethodReturnValueHandler;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor;
+import org.springframework.web.servlet.view.AbstractUrlBasedView;
+
+@AutoService(Instrumenter.class)
+public final class HandlerMethodReturnValueHandlerCompositeInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+
+  public HandlerMethodReturnValueHandlerCompositeInstrumentation() {
+    super("spring-web");
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(named("selectHandler")),
+        HandlerMethodReturnValueHandlerCompositeInstrumentation.class.getName() + "$SpringAdvice");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite";
+  }
+
+  public static class SpringAdvice {
+
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Sink(VulnerabilityTypes.SPRING_RESPONSE)
+    public static void checkReturnedObject(
+        @Advice.Return HandlerMethodReturnValueHandler handler,
+        @Advice.Argument(0) final Object value,
+        @Advice.Argument(1) MethodParameter returnType) {
+      final UnvalidatedRedirectModule unvalidatedRedirectModule =
+          InstrumentationBridge.UNVALIDATED_REDIRECT;
+      final XssModule xssModule = InstrumentationBridge.XSS;
+      if (handler != null && value != null && returnType != null) {
+        String clazz = returnType.getMethod().getDeclaringClass().getName();
+        String method = returnType.getMethod().getName();
+        if (unvalidatedRedirectModule != null && value instanceof AbstractUrlBasedView) {
+          unvalidatedRedirectModule.onRedirect(
+              ((AbstractUrlBasedView) value).getUrl(), clazz, method);
+        } else if (unvalidatedRedirectModule != null && value instanceof ModelAndView) {
+          unvalidatedRedirectModule.onRedirect(((ModelAndView) value).getViewName(), clazz, method);
+        } else if (value instanceof String) {
+          if (xssModule != null && handler instanceof RequestResponseBodyMethodProcessor) {
+            xssModule.onXss((String) value, clazz, method);
+          } else if (unvalidatedRedirectModule != null) {
+            unvalidatedRedirectModule.onRedirect((String) value, clazz, method);
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HttpMessageConverterInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HttpMessageConverterInstrumentation.java
index b10caea2c61..e099e45d726 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HttpMessageConverterInstrumentation.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HttpMessageConverterInstrumentation.java
@@ -96,9 +96,11 @@ public static void after(
         BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
         if (brf != null) {
           brf.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
         }
-        reqCtx.getTraceSegment().effectivelyBlocked();
         t = new BlockingException("Blocked request (for HttpMessageConverter/read)");
       }
     }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/InvocableHandlerMethodInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/InvocableHandlerMethodInstrumentation.java
deleted file mode 100644
index a87a9db5a28..00000000000
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/InvocableHandlerMethodInstrumentation.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package datadog.trace.instrumentation.springweb;
-
-import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
-import static net.bytebuddy.matcher.ElementMatchers.isMethod;
-
-import com.google.auto.service.AutoService;
-import datadog.trace.agent.tooling.Instrumenter;
-import datadog.trace.api.iast.InstrumentationBridge;
-import datadog.trace.api.iast.Sink;
-import datadog.trace.api.iast.VulnerabilityTypes;
-import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
-import net.bytebuddy.asm.Advice;
-import org.springframework.web.method.support.InvocableHandlerMethod;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.view.AbstractUrlBasedView;
-
-@AutoService(Instrumenter.class)
-public final class InvocableHandlerMethodInstrumentation extends Instrumenter.Iast
-    implements Instrumenter.ForSingleType {
-
-  public InvocableHandlerMethodInstrumentation() {
-    super("spring-web");
-  }
-
-  @Override
-  public void adviceTransformations(AdviceTransformation transformation) {
-    transformation.applyAdvice(
-        isMethod().and(named("invokeForRequest")),
-        InvocableHandlerMethodInstrumentation.class.getName() + "$ControllerAdvice");
-  }
-
-  @Override
-  public String instrumentedType() {
-    return "org.springframework.web.method.support.InvocableHandlerMethod";
-  }
-
-  public static class ControllerAdvice {
-
-    @Advice.OnMethodExit(suppress = Throwable.class)
-    @Sink(VulnerabilityTypes.UNVALIDATED_REDIRECT)
-    public static void checkReturnedObject(
-        @Advice.Return Object returned, @Advice.This InvocableHandlerMethod self) {
-      final UnvalidatedRedirectModule module = InstrumentationBridge.UNVALIDATED_REDIRECT;
-      if (module != null && returned != null) {
-        String clazz = self.getMethod().getDeclaringClass().getName();
-        String method = self.getMethod().getName();
-        if (returned instanceof AbstractUrlBasedView) {
-          module.onRedirect(((AbstractUrlBasedView) returned).getUrl(), clazz, method);
-        } else if (returned instanceof ModelAndView) {
-          module.onRedirect(((ModelAndView) returned).getViewName(), clazz, method);
-        } else if (returned instanceof String) {
-          module.onRedirect((String) returned, clazz, method);
-        }
-      }
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateAndMatrixVariablesInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateAndMatrixVariablesInstrumentation.java
index 01b2b3f898b..e3945f4441f 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateAndMatrixVariablesInstrumentation.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateAndMatrixVariablesInstrumentation.java
@@ -11,11 +11,13 @@
 import com.google.auto.service.AutoService;
 import datadog.appsec.api.blocking.BlockingException;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import datadog.trace.api.gateway.BlockResponseFunction;
 import datadog.trace.api.gateway.CallbackProvider;
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -33,15 +35,21 @@
 /** Obtain template and matrix variables for RequestMappingInfoHandlerMapping. */
 @AutoService(Instrumenter.class)
 public class TemplateAndMatrixVariablesInstrumentation extends Instrumenter.Default
-    implements Instrumenter.ForSingleType {
+    implements Instrumenter.ForSingleType, Instrumenter.WithPostProcessor {
+
+  private Advice.PostProcessor.Factory postProcessorFactory;
+
   public TemplateAndMatrixVariablesInstrumentation() {
     super("spring-web");
   }
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return enabledSystems.contains(TargetSystem.APPSEC)
-        || enabledSystems.contains(TargetSystem.IAST);
+    if (enabledSystems.contains(TargetSystem.IAST)) {
+      postProcessorFactory = IastPostProcessorFactory.INSTANCE;
+      return true;
+    }
+    return enabledSystems.contains(TargetSystem.APPSEC);
   }
 
   @Override
@@ -77,6 +85,11 @@ public String[] helperClassNames() {
     };
   }
 
+  @Override
+  public Advice.PostProcessor.Factory postProcessor() {
+    return postProcessorFactory;
+  }
+
   public static class HandleMatchAdvice {
     private static final String URI_TEMPLATE_VARIABLES_ATTRIBUTE =
         "org.springframework.web.servlet.HandlerMapping.uriTemplateVariables";
@@ -85,7 +98,7 @@ public static class HandleMatchAdvice {
 
     @SuppressWarnings("Duplicates")
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-    @Source(SourceTypes.REQUEST_MATRIX_PARAMETER_STRING)
+    @Source(SourceTypes.REQUEST_MATRIX_PARAMETER)
     public static void after(
         @Advice.Argument(2) final HttpServletRequest req,
         @Advice.Thrown(readOnly = false) Throwable t) {
@@ -154,9 +167,11 @@ public static void after(
                 BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
                 if (brf != null) {
                   brf.tryCommitBlockingResponse(
-                      rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                      reqCtx.getTraceSegment(),
+                      rba.getStatusCode(),
+                      rba.getBlockingContentType(),
+                      rba.getExtraHeaders());
                 }
-                reqCtx.getTraceSegment().effectivelyBlocked();
                 t =
                     new BlockingException(
                         "Blocked request (for RequestMappingInfoHandlerMapping/handleMatch)");
@@ -167,7 +182,7 @@ public static void after(
       }
 
       { // iast
-        Object iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
+        IastContext iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
         if (iastRequestContext != null) {
           PropagationModule module = InstrumentationBridge.PROPAGATION;
           if (module != null) {
@@ -179,7 +194,7 @@ public static void after(
                   continue; // should not happen
                 }
                 module.taint(
-                    iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+                    iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
               }
             }
 
@@ -197,18 +212,18 @@ public static void after(
                   if (innerKey != null) {
                     module.taint(
                         iastRequestContext,
+                        innerKey,
                         SourceTypes.REQUEST_MATRIX_PARAMETER,
-                        parameterName,
-                        innerKey);
+                        parameterName);
                   }
                   Iterable<String> innerValues = ie.getValue();
                   if (innerValues != null) {
                     for (String iv : innerValues) {
                       module.taint(
                           iastRequestContext,
+                          iv,
                           SourceTypes.REQUEST_MATRIX_PARAMETER,
-                          parameterName,
-                          iv);
+                          parameterName);
                     }
                   }
                 }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateVariablesUrlHandlerInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateVariablesUrlHandlerInstrumentation.java
index 4e235f63837..b17266cd3cf 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateVariablesUrlHandlerInstrumentation.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/TemplateVariablesUrlHandlerInstrumentation.java
@@ -11,11 +11,13 @@
 import com.google.auto.service.AutoService;
 import datadog.appsec.api.blocking.BlockingException;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import datadog.trace.api.gateway.BlockResponseFunction;
 import datadog.trace.api.gateway.CallbackProvider;
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -32,7 +34,9 @@
 /** Obtain template and matrix variables for AbstractUrlHandlerMapping */
 @AutoService(Instrumenter.class)
 public class TemplateVariablesUrlHandlerInstrumentation extends Instrumenter.Default
-    implements Instrumenter.ForSingleType {
+    implements Instrumenter.ForSingleType, Instrumenter.WithPostProcessor {
+
+  private Advice.PostProcessor.Factory postProcessorFactory;
 
   public TemplateVariablesUrlHandlerInstrumentation() {
     super("spring-web");
@@ -40,8 +44,11 @@ public TemplateVariablesUrlHandlerInstrumentation() {
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return enabledSystems.contains(TargetSystem.APPSEC)
-        || enabledSystems.contains(TargetSystem.IAST);
+    if (enabledSystems.contains(TargetSystem.IAST)) {
+      postProcessorFactory = IastPostProcessorFactory.INSTANCE;
+      return true;
+    }
+    return enabledSystems.contains(TargetSystem.APPSEC);
   }
 
   @Override
@@ -68,13 +75,18 @@ public void adviceTransformations(AdviceTransformation transformation) {
         TemplateVariablesUrlHandlerInstrumentation.class.getName() + "$InterceptorPreHandleAdvice");
   }
 
+  @Override
+  public Advice.PostProcessor.Factory postProcessor() {
+    return postProcessorFactory;
+  }
+
   public static class InterceptorPreHandleAdvice {
     private static final String URI_TEMPLATE_VARIABLES_ATTRIBUTE =
         "org.springframework.web.servlet.HandlerMapping.uriTemplateVariables";
 
     @SuppressWarnings("Duplicates")
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-    @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+    @Source(SourceTypes.REQUEST_PATH_PARAMETER)
     public static void after(
         @Advice.Argument(0) final HttpServletRequest req,
         @Advice.Thrown(readOnly = false) Throwable t) {
@@ -115,9 +127,11 @@ public static void after(
               BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
               if (brf != null) {
                 brf.tryCommitBlockingResponse(
-                    rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                    reqCtx.getTraceSegment(),
+                    rba.getStatusCode(),
+                    rba.getBlockingContentType(),
+                    rba.getExtraHeaders());
               }
-              reqCtx.getTraceSegment().effectivelyBlocked();
               t =
                   new BlockingException(
                       "Blocked request (for UriTemplateVariablesHandlerInterceptor/preHandle)");
@@ -127,7 +141,7 @@ public static void after(
       }
 
       { // iast
-        Object iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
+        IastContext iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
         if (iastRequestContext != null) {
           PropagationModule module = InstrumentationBridge.PROPAGATION;
           if (module != null) {
@@ -138,7 +152,7 @@ public static void after(
                 continue; // should not happen
               }
               module.taint(
-                  iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+                  iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
             }
           }
         }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/SetupSpecHelper.groovy b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/SetupSpecHelper.groovy
index 1c943b69846..b4fb296da8f 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/SetupSpecHelper.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/SetupSpecHelper.groovy
@@ -9,6 +9,7 @@ import datadog.trace.api.gateway.Events
 import datadog.trace.api.gateway.Flow
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.internal.TraceSegment
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter
 import datadog.trace.instrumentation.servlet.ServletBlockingHelper
@@ -40,11 +41,11 @@ class SetupSpecHelper {
     INSTANCE
 
     @Override
-    boolean tryCommitBlockingResponse(int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+    boolean tryCommitBlockingResponse(TraceSegment segment, int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
       ServletRequestAttributes attributes = RequestContextHolder.requestAttributes
       if (attributes) {
         ServletBlockingHelper
-          .commitBlockingResponse(attributes.request, attributes.response, statusCode, templateType, extraHeaders)
+          .commitBlockingResponse(segment, attributes.request, attributes.response, statusCode, templateType, extraHeaders)
       }
       true
     }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/boot/SpringBootBasedTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/boot/SpringBootBasedTest.groovy
index 6a6b31a3330..bf35356ba14 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/boot/SpringBootBasedTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/boot/SpringBootBasedTest.groovy
@@ -5,6 +5,7 @@ import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.api.DDSpanTypes
 import datadog.trace.api.DDTags
+import datadog.trace.api.iast.IastContext
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.propagation.PropagationModule
@@ -82,6 +83,11 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
     return "servlet.request"
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean hasHandlerSpan() {
     true
@@ -253,7 +259,7 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
     TEST_WRITER.waitForTraces(1)
 
     then:
-    1 * mod.taint(_, SourceTypes.REQUEST_PATH_PARAMETER, 'id', '123')
+    1 * mod.taint(_ as IastContext, '123', SourceTypes.REQUEST_PATH_PARAMETER, 'id')
     0 * mod._
 
     cleanup:
@@ -289,11 +295,11 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
     TEST_WRITER.waitForTraces(1)
 
     then:
-    1 * mod.taint(_, SourceTypes.REQUEST_PATH_PARAMETER, 'var', 'a=x,y;a=z')
-    1 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'a')
-    1 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'x')
-    1 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'y')
-    1 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'z')
+    1 * mod.taint(_ as IastContext, 'a=x,y;a=z', SourceTypes.REQUEST_PATH_PARAMETER, 'var')
+    1 * mod.taint(_ as IastContext, 'a', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
+    1 * mod.taint(_ as IastContext, 'x', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
+    1 * mod.taint(_ as IastContext, 'y', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
+    1 * mod.taint(_ as IastContext, 'z', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
     0 * mod._
 
     cleanup:
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/dynamic/DynamicRoutingTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/dynamic/DynamicRoutingTest.groovy
index 6eceb0166fc..e2ff666182d 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/dynamic/DynamicRoutingTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/dynamic/DynamicRoutingTest.groovy
@@ -76,6 +76,11 @@ class DynamicRoutingTest extends HttpServerTest<ConfigurableApplicationContext>
     return "servlet.request"
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/filter/ServletFilterTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/filter/ServletFilterTest.groovy
index 71622eda88a..abce0764793 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/filter/ServletFilterTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/filter/ServletFilterTest.groovy
@@ -73,6 +73,11 @@ class ServletFilterTest extends HttpServerTest<ConfigurableApplicationContext> {
     return "servlet.request"
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean hasHandlerSpan() {
     false
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/iast/HandlerMethodReturnValueHandlerCompositeInstrumentationTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/iast/HandlerMethodReturnValueHandlerCompositeInstrumentationTest.groovy
new file mode 100644
index 00000000000..b59c3c3a369
--- /dev/null
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/iast/HandlerMethodReturnValueHandlerCompositeInstrumentationTest.groovy
@@ -0,0 +1,67 @@
+package test.iast
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.sink.UnvalidatedRedirectModule
+import datadog.trace.api.iast.sink.XssModule
+import org.springframework.core.MethodParameter
+import org.springframework.web.method.support.HandlerMethodReturnValueHandler
+import org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite
+import org.springframework.web.servlet.ModelAndView
+import org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor
+import org.springframework.web.servlet.view.AbstractUrlBasedView
+
+class HandlerMethodReturnValueHandlerCompositeInstrumentationTest extends AgentTestRunner {
+
+  private static final TARGET_CLASS_NAME = 'org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite'
+
+  @Override
+  void setup() {
+    // Currently theres a failure during re-transforming that prevents our target class from being instrumented:
+    //
+    // d.t.a.t.AgentInstaller$RedefinitionLoggingListener - Exception while retransforming 233 classes:
+    // java.lang.UnsupportedOperationException: class redefinition failed: attempted to change superclass or interfaces
+    //
+    // Do a single re-transformation to ensure our target class is properly instrumented
+    INSTRUMENTATION.retransformClasses(Class.forName(TARGET_CLASS_NAME))
+  }
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  void 'test HandlerMethodReturnValueHandlerComposite selectHandler instrumentation'(){
+    setup:
+    InstrumentationBridge.clearIastModules()
+    final urModule= Mock(UnvalidatedRedirectModule)
+    InstrumentationBridge.registerIastModule(urModule)
+    final xssModule= Mock(XssModule)
+    InstrumentationBridge.registerIastModule(xssModule)
+    final returnType = new MethodParameter(String.getMethods()[0], -1)//Get any method parameter for testing
+    final handler = isBodyProcessor? Mock(RequestResponseBodyMethodProcessor) : Mock(HandlerMethodReturnValueHandler)
+    handler.supportsReturnType(_) >> true
+    def composite = new HandlerMethodReturnValueHandlerComposite()
+    composite = composite.addHandler(handler)
+    final value = valueClass == String? 'String' : Mock(valueClass)
+
+    when:
+    composite.selectHandler(value,returnType)
+
+    then:
+    urExpected * urModule.onRedirect(_ , _, _)
+    xssExpected * xssModule.onXss(_ , _, _)
+    0 * urModule._
+    0 * xssModule._
+
+    where:
+    valueClass | isBodyProcessor |  urExpected | xssExpected
+    AbstractUrlBasedView | true | 1 | 0
+    AbstractUrlBasedView | false | 1 | 0
+    ModelAndView| true | 1  | 0
+    ModelAndView| false | 1  | 0
+    String | true | 0 | 1
+    String | false | 1 | 0
+
+  }
+}
diff --git a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/urlhandlermapping/UrlHandlerMappingTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/urlhandlermapping/UrlHandlerMappingTest.groovy
index 2f67c021c16..cbfb014bed4 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/urlhandlermapping/UrlHandlerMappingTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-3.1/src/test/groovy/test/urlhandlermapping/UrlHandlerMappingTest.groovy
@@ -4,6 +4,7 @@ import datadog.trace.agent.test.asserts.TraceAssert
 import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.iast.IastContext
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.propagation.PropagationModule
@@ -85,6 +86,11 @@ class UrlHandlerMappingTest extends HttpServerTest<ConfigurableApplicationContex
     SetupSpecHelper.provideBlockResponseFunction()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testException() {
     // generates extra trace for the error handling invocation
@@ -186,7 +192,7 @@ class UrlHandlerMappingTest extends HttpServerTest<ConfigurableApplicationContex
 
   void 'tainting on template var'() {
     setup:
-    PropagationModule mod = Mock()
+    final mod = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(mod)
     Request request = this.request(PATH_PARAM, 'GET', null).build()
 
@@ -197,7 +203,7 @@ class UrlHandlerMappingTest extends HttpServerTest<ConfigurableApplicationContex
     TEST_WRITER.waitForTraces(1)
 
     then:
-    1 * mod.taint(_, SourceTypes.REQUEST_PATH_PARAMETER, 'id', '123')
+    1 * mod.taint(_ as IastContext, '123', SourceTypes.REQUEST_PATH_PARAMETER, 'id')
     0 * mod._
 
     cleanup:
diff --git a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/main/java/datadog/trace/instrumentation/springweb/HtmlUtilsCallSite.java b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/main/java/datadog/trace/instrumentation/springweb/EscapeUtilsCallSite.java
similarity index 63%
rename from dd-java-agent/instrumentation/spring-webmvc-5.3/src/main/java/datadog/trace/instrumentation/springweb/HtmlUtilsCallSite.java
rename to dd-java-agent/instrumentation/spring-webmvc-5.3/src/main/java/datadog/trace/instrumentation/springweb/EscapeUtilsCallSite.java
index 42129de8eb6..5db0c0e4492 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/main/java/datadog/trace/instrumentation/springweb/HtmlUtilsCallSite.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/main/java/datadog/trace/instrumentation/springweb/EscapeUtilsCallSite.java
@@ -6,22 +6,24 @@
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.VulnerabilityMarks;
 import datadog.trace.api.iast.propagation.PropagationModule;
-import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 @Propagation
 @CallSite(spi = IastCallSites.class)
-public class HtmlUtilsCallSite {
+public class EscapeUtilsCallSite {
 
   @CallSite.After(
       "java.lang.String org.springframework.web.util.HtmlUtils.htmlEscape(java.lang.String)")
-  public static String afterHtmlEscape1(
-      @CallSite.Argument(0) @Nonnull final String input, @CallSite.Return final String result) {
+  @CallSite.After(
+      "java.lang.String org.springframework.web.util.JavaScriptUtils.javaScriptEscape(java.lang.String)")
+  public static String afterEscape(
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.XSS_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
       } catch (final Throwable e) {
-        module.onUnexpectedException("afterHtmlEscape1 threw", e);
+        module.onUnexpectedException("afterEscape threw", e);
       }
     }
     return result;
@@ -30,13 +32,13 @@ public static String afterHtmlEscape1(
   @CallSite.After(
       "java.lang.String org.springframework.web.util.HtmlUtils.htmlEscape(java.lang.String, java.lang.String)")
   public static String afterHtmlEscape2(
-      @CallSite.Argument(0) @Nonnull final String input,
-      @CallSite.Argument(1) @Nonnull final String encoding,
+      @CallSite.Argument(0) @Nullable final String input,
+      @CallSite.Argument(1) @Nullable final String encoding,
       @CallSite.Return final String result) {
     final PropagationModule module = InstrumentationBridge.PROPAGATION;
     if (module != null) {
       try {
-        module.taintIfInputIsTaintedWithMarks(result, input, VulnerabilityMarks.XSS_MARK);
+        module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
       } catch (final Throwable e) {
         module.onUnexpectedException("afterHtmlEscape2 threw", e);
       }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/groovy/EscapeUtilsCallSiteTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/groovy/EscapeUtilsCallSiteTest.groovy
new file mode 100644
index 00000000000..f18f2691391
--- /dev/null
+++ b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/groovy/EscapeUtilsCallSiteTest.groovy
@@ -0,0 +1,53 @@
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.VulnerabilityMarks
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.TestEscapeUtilsSuite
+
+class EscapeUtilsCallSiteTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  void 'test #method'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    final result = TestEscapeUtilsSuite.&"$method".call(args)
+
+    then:
+    result == expected
+    1 * module.taintIfTainted(_ as String, args[0], false, VulnerabilityMarks.XSS_MARK)
+    0 * _
+
+    where:
+    method             | args                                                            | expected
+    'htmlEscape'       | ['Ø-This is a quote']                                           | '&Oslash;-This is a quote'
+    'htmlEscape'       | ['Ø-This is a quote', 'ISO-8859-1']                             | '&Oslash;-This is a quote'
+    'javaScriptEscape' | ['<script>function a(){console.log("escape this < ")}<script>'] | '\\u003Cscript\\u003Efunction a(){console.log(\\"escape this \\u003C \\")}\\u003Cscript\\u003E'
+  }
+
+  void 'test #method with null args throws exception'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    TestEscapeUtilsSuite.&"$method".call(args)
+
+    then:
+    def ex = thrown(Exception)
+    assert ex.stackTrace[0].getClassName().startsWith('org.springframework')
+    0 * _
+
+    where:
+    method             | args
+    'htmlEscape'       | [null]
+    'htmlEscape'       | [null, null]
+    'javaScriptEscape' | [null]
+  }
+}
diff --git a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/groovy/HtmlUtilsCallSiteTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/groovy/HtmlUtilsCallSiteTest.groovy
deleted file mode 100644
index 60c51e4bd27..00000000000
--- a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/groovy/HtmlUtilsCallSiteTest.groovy
+++ /dev/null
@@ -1,34 +0,0 @@
-import datadog.trace.agent.test.AgentTestRunner
-import datadog.trace.api.iast.InstrumentationBridge
-import datadog.trace.api.iast.VulnerabilityMarks
-import datadog.trace.api.iast.propagation.PropagationModule
-import foo.bar.TestHtmlUtilsSuite
-import groovy.transform.CompileDynamic
-
-@CompileDynamic
-class HtmlUtilsCallSiteTest extends AgentTestRunner {
-
-  @Override
-  protected void configurePreAgent() {
-    injectSysConfig("dd.iast.enabled", "true")
-  }
-
-  void 'test htmlEscape'() {
-    given:
-    final module = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(module)
-
-    when:
-    final result = TestHtmlUtilsSuite.&htmlEscape.call(args)
-
-    then:
-    result == expected
-    1 * module.taintIfInputIsTaintedWithMarks(_ as String, args[0], VulnerabilityMarks.XSS_MARK)
-    0 * _
-
-    where:
-    args                                | expected
-    ['Ø-This is a quote']               | '&Oslash;-This is a quote'
-    ['Ø-This is a quote', 'ISO-8859-1'] | '&Oslash;-This is a quote'
-  }
-}
diff --git a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/java/foo/bar/TestHtmlUtilsSuite.java b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/java/foo/bar/TestEscapeUtilsSuite.java
similarity index 58%
rename from dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/java/foo/bar/TestHtmlUtilsSuite.java
rename to dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/java/foo/bar/TestEscapeUtilsSuite.java
index 36fefb0fa0d..47ca737e725 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/java/foo/bar/TestHtmlUtilsSuite.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-5.3/src/test/java/foo/bar/TestEscapeUtilsSuite.java
@@ -1,8 +1,9 @@
 package foo.bar;
 
 import org.springframework.web.util.HtmlUtils;
+import org.springframework.web.util.JavaScriptUtils;
 
-public class TestHtmlUtilsSuite {
+public class TestEscapeUtilsSuite {
 
   public static String htmlEscape(String input) {
     return HtmlUtils.htmlEscape(input);
@@ -11,4 +12,8 @@ public static String htmlEscape(String input) {
   public static String htmlEscape(String input, String encoding) {
     return HtmlUtils.htmlEscape(input, encoding);
   }
+
+  public static String javaScriptEscape(String input) {
+    return JavaScriptUtils.javaScriptEscape(input);
+  }
 }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/build.gradle b/dd-java-agent/instrumentation/spring-webmvc-6.0/build.gradle
index 422f2b05330..8c9284dcd84 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/build.gradle
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/build.gradle
@@ -2,6 +2,16 @@ ext {
   minJavaVersionForTests = JavaVersion.VERSION_17
 }
 
+muzzle {
+  pass {
+    group = 'org.springframework'
+    module = 'spring-webmvc'
+    versions = "[6,)"
+    javaVersion = "17"
+    extraDependency "jakarta.servlet:jakarta.servlet-api:5.0.0"
+  }
+}
+
 apply from: "$rootDir/gradle/java.gradle"
 
 [compileMain_java17Java, compileTestJava].each {
@@ -12,10 +22,6 @@ apply from: "$rootDir/gradle/java.gradle"
   }
 }
 
-tasks.named('muzzle').configure {
-  enabled = false
-}
-
 compileTestGroovy {
   javaLauncher = getJavaLauncherFor(17)
 }
@@ -24,9 +30,6 @@ dependencies {
   main_java17CompileOnly(group: 'org.springframework', name: 'spring-webmvc', version: '6.0.0')
   main_java17CompileOnly group: 'jakarta.servlet', name: 'jakarta.servlet-api', version: '5.0.0'
 
-  main_java17CompileOnly project(':dd-java-agent:instrumentation:spring-webmvc-3.1')
-  main_java17CompileOnly project(':dd-java-agent:instrumentation:spring-webmvc-5.3')
-
   testImplementation(project(':dd-java-agent:testing')) {
     exclude(module: 'jetty-server') // incompatible servlet api
   }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateAndMatrixVariablesInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateAndMatrixVariablesInstrumentation.java
index 1ada86e2233..5ab12ade1f4 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateAndMatrixVariablesInstrumentation.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateAndMatrixVariablesInstrumentation.java
@@ -9,21 +9,29 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import java.util.Set;
+import net.bytebuddy.asm.Advice;
 import net.bytebuddy.matcher.ElementMatcher;
 
 /** Obtain template and matrix variables for RequestMappingInfoHandlerMapping. */
 @AutoService(Instrumenter.class)
 public class TemplateAndMatrixVariablesInstrumentation extends Instrumenter.Default
-    implements Instrumenter.ForSingleType {
+    implements Instrumenter.ForSingleType, Instrumenter.WithPostProcessor {
+
+  private Advice.PostProcessor.Factory postProcessorFactory;
+
   public TemplateAndMatrixVariablesInstrumentation() {
     super("spring-web");
   }
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return enabledSystems.contains(TargetSystem.APPSEC)
-        || enabledSystems.contains(TargetSystem.IAST);
+    if (enabledSystems.contains(TargetSystem.IAST)) {
+      postProcessorFactory = IastPostProcessorFactory.INSTANCE;
+      return true;
+    }
+    return enabledSystems.contains(TargetSystem.APPSEC);
   }
 
   @Override
@@ -55,7 +63,12 @@ public void adviceTransformations(AdviceTransformation transformation) {
   @Override
   public String[] helperClassNames() {
     return new String[] {
-      "datadog.trace.instrumentation.springweb.PairList",
+      packageName + ".PairList",
     };
   }
+
+  @Override
+  public Advice.PostProcessor.Factory postProcessor() {
+    return postProcessorFactory;
+  }
 }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateVariablesUrlHandlerInstrumentation.java b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateVariablesUrlHandlerInstrumentation.java
index 2d1e03c5f6d..a1bfdadf3cc 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateVariablesUrlHandlerInstrumentation.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java/datadog/trace/instrumentation/springweb6/TemplateVariablesUrlHandlerInstrumentation.java
@@ -9,13 +9,17 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import java.util.Set;
+import net.bytebuddy.asm.Advice;
 import net.bytebuddy.matcher.ElementMatcher;
 
 /** Obtain template and matrix variables for AbstractUrlHandlerMapping */
 @AutoService(Instrumenter.class)
 public class TemplateVariablesUrlHandlerInstrumentation extends Instrumenter.Default
-    implements Instrumenter.ForSingleType {
+    implements Instrumenter.ForSingleType, Instrumenter.WithPostProcessor {
+
+  private Advice.PostProcessor.Factory postProcessorFactory;
 
   public TemplateVariablesUrlHandlerInstrumentation() {
     super("spring-web");
@@ -23,8 +27,11 @@ public TemplateVariablesUrlHandlerInstrumentation() {
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return enabledSystems.contains(TargetSystem.APPSEC)
-        || enabledSystems.contains(TargetSystem.IAST);
+    if (enabledSystems.contains(TargetSystem.IAST)) {
+      postProcessorFactory = IastPostProcessorFactory.INSTANCE;
+      return true;
+    }
+    return enabledSystems.contains(TargetSystem.APPSEC);
   }
 
   @Override
@@ -50,4 +57,9 @@ public void adviceTransformations(AdviceTransformation transformation) {
             .and(takesArgument(2, Object.class)),
         packageName + ".InterceptorPreHandleAdvice");
   }
+
+  @Override
+  public Advice.PostProcessor.Factory postProcessor() {
+    return postProcessorFactory;
+  }
 }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/HandleMatchAdvice.java b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/HandleMatchAdvice.java
index b5501f94f22..20e8458c3ed 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/HandleMatchAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/HandleMatchAdvice.java
@@ -8,13 +8,13 @@
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
-import datadog.trace.instrumentation.springweb.PairList;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.HashMap;
 import java.util.Map;
@@ -29,7 +29,7 @@ public class HandleMatchAdvice {
 
   @SuppressWarnings("Duplicates")
   @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-  @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+  @Source(SourceTypes.REQUEST_PATH_PARAMETER)
   public static void after(
       @Advice.Argument(2) final HttpServletRequest req,
       @Advice.Thrown(readOnly = false) Throwable t) {
@@ -98,9 +98,11 @@ public static void after(
               BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
               if (brf != null) {
                 brf.tryCommitBlockingResponse(
-                    rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                    reqCtx.getTraceSegment(),
+                    rba.getStatusCode(),
+                    rba.getBlockingContentType(),
+                    rba.getExtraHeaders());
               }
-              reqCtx.getTraceSegment().effectivelyBlocked();
               t =
                   new BlockingException(
                       "Blocked request (for RequestMappingInfoHandlerMapping/handleMatch)");
@@ -111,7 +113,7 @@ public static void after(
     }
 
     { // iast
-      Object iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
+      IastContext iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
       if (iastRequestContext != null) {
         PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
@@ -123,7 +125,7 @@ public static void after(
                 continue; // should not happen
               }
               module.taint(
-                  iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+                  iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
             }
           }
 
@@ -141,18 +143,18 @@ public static void after(
                 if (innerKey != null) {
                   module.taint(
                       iastRequestContext,
+                      innerKey,
                       SourceTypes.REQUEST_MATRIX_PARAMETER,
-                      parameterName,
-                      innerKey);
+                      parameterName);
                 }
                 Iterable<String> innerValues = ie.getValue();
                 if (innerValues != null) {
                   for (String iv : innerValues) {
                     module.taint(
                         iastRequestContext,
+                        iv,
                         SourceTypes.REQUEST_MATRIX_PARAMETER,
-                        parameterName,
-                        iv);
+                        parameterName);
                   }
                 }
               }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/InterceptorPreHandleAdvice.java b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/InterceptorPreHandleAdvice.java
index ac3662a408e..3e293762f66 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/InterceptorPreHandleAdvice.java
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/InterceptorPreHandleAdvice.java
@@ -8,6 +8,7 @@
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -25,7 +26,7 @@ public class InterceptorPreHandleAdvice {
 
   @SuppressWarnings("Duplicates")
   @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-  @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+  @Source(SourceTypes.REQUEST_PATH_PARAMETER)
   public static void after(
       @Advice.Argument(0) final HttpServletRequest req,
       @Advice.Thrown(readOnly = false) Throwable t) {
@@ -66,9 +67,11 @@ public static void after(
             BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
             if (brf != null) {
               brf.tryCommitBlockingResponse(
-                  rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                  reqCtx.getTraceSegment(),
+                  rba.getStatusCode(),
+                  rba.getBlockingContentType(),
+                  rba.getExtraHeaders());
             }
-            reqCtx.getTraceSegment().effectivelyBlocked();
             t =
                 new BlockingException(
                     "Blocked request (for UriTemplateVariablesHandlerInterceptor/preHandle)");
@@ -78,7 +81,7 @@ public static void after(
     }
 
     { // iast
-      Object iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
+      IastContext iastRequestContext = reqCtx.getData(RequestContextSlot.IAST);
       if (iastRequestContext != null) {
         PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
@@ -89,7 +92,7 @@ public static void after(
               continue; // should not happen
             }
             module.taint(
-                iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+                iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/PairList.java b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/PairList.java
new file mode 100644
index 00000000000..bf3490ee3ad
--- /dev/null
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/main/java17/datadog/trace/instrumentation/springweb6/PairList.java
@@ -0,0 +1,29 @@
+package datadog.trace.instrumentation.springweb6;
+
+import java.util.AbstractList;
+
+public class PairList extends AbstractList<Object> {
+  private final Object obj1;
+  private final Object obj2;
+
+  public PairList(Object obj1, Object obj2) {
+    this.obj1 = obj1;
+    this.obj2 = obj2;
+  }
+
+  @Override
+  public Object get(int index) {
+    if (index == 0) {
+      return obj1;
+    } else if (index == 1) {
+      return obj2;
+    } else {
+      throw new IndexOutOfBoundsException("Valid indices are 0 and 1");
+    }
+  }
+
+  @Override
+  public int size() {
+    return 2;
+  }
+}
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/SetupSpecHelper.groovy b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/SetupSpecHelper.groovy
index e183399e8a2..757696b29f8 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/SetupSpecHelper.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/SetupSpecHelper.groovy
@@ -9,6 +9,7 @@ import datadog.trace.api.gateway.Events
 import datadog.trace.api.gateway.Flow
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.internal.TraceSegment
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter
 import datadog.trace.instrumentation.servlet5.ServletBlockingHelper
@@ -40,11 +41,11 @@ class SetupSpecHelper {
     INSTANCE
 
     @Override
-    boolean tryCommitBlockingResponse(int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+    boolean tryCommitBlockingResponse(TraceSegment segment, int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
       ServletRequestAttributes attributes = RequestContextHolder.requestAttributes
       if (attributes) {
         ServletBlockingHelper
-          .commitBlockingResponse(attributes.request, attributes.response, statusCode, templateType, extraHeaders)
+          .commitBlockingResponse(segment, attributes.request, attributes.response, statusCode, templateType, extraHeaders)
       }
       true
     }
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/boot/SpringBootBasedTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/boot/SpringBootBasedTest.groovy
index e51f1996f8f..89a10033b6d 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/boot/SpringBootBasedTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/boot/SpringBootBasedTest.groovy
@@ -5,6 +5,7 @@ import datadog.trace.agent.test.base.HttpServer
 import datadog.trace.agent.test.base.HttpServerTest
 import datadog.trace.api.ConfigDefaults
 import datadog.trace.api.DDSpanTypes
+import datadog.trace.api.iast.IastContext
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.propagation.PropagationModule
@@ -113,6 +114,11 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
     return "servlet.request"
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean hasHandlerSpan() {
     true
@@ -269,7 +275,7 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
 
     then:
     // spring-security filter causes uri matching to happen twice
-    2 * mod.taint(_, SourceTypes.REQUEST_PATH_PARAMETER, 'id', '123')
+    2 * mod.taint(_, '123', SourceTypes.REQUEST_PATH_PARAMETER, 'id')
     0 * mod._
 
     cleanup:
@@ -308,11 +314,11 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
 
     then:
     // spring-security filter (AuthorizationFilter.java:95) causes uri matching to happen twice
-    2 * mod.taint(_, SourceTypes.REQUEST_PATH_PARAMETER, 'var', 'a=x,y') // this version of spring removes ;a=z
-    2 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'a')
-    2 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'x')
-    2 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'y')
-    2 * mod.taint(_, SourceTypes.REQUEST_MATRIX_PARAMETER, 'var', 'z')
+    2 * mod.taint(_ as IastContext, 'a=x,y', SourceTypes.REQUEST_PATH_PARAMETER, 'var') // this version of spring removes ;a=z
+    2 * mod.taint(_ as IastContext, 'a', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
+    2 * mod.taint(_ as IastContext, 'x', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
+    2 * mod.taint(_ as IastContext, 'y', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
+    2 * mod.taint(_ as IastContext, 'z', SourceTypes.REQUEST_MATRIX_PARAMETER, 'var')
     0 * mod._
 
     cleanup:
diff --git a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/urlhandlermapping/UrlHandlerMappingTest.groovy b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/urlhandlermapping/UrlHandlerMappingTest.groovy
index 325e3fda87f..9c211b34aad 100644
--- a/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/urlhandlermapping/UrlHandlerMappingTest.groovy
+++ b/dd-java-agent/instrumentation/spring-webmvc-6.0/src/test/groovy/datadog/trace/instrumentation/springweb6/urlhandlermapping/UrlHandlerMappingTest.groovy
@@ -88,6 +88,11 @@ class UrlHandlerMappingTest extends HttpServerTest<ConfigurableApplicationContex
     SetupSpecHelper.provideBlockResponseFunction()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testException() {
     // generates extra trace for the error handling invocation
@@ -202,7 +207,7 @@ class UrlHandlerMappingTest extends HttpServerTest<ConfigurableApplicationContex
     TEST_WRITER.waitForTraces(1)
 
     then:
-    1 * mod.taint(_, SourceTypes.REQUEST_PATH_PARAMETER, 'id', '123')
+    1 * mod.taint(_, '123', SourceTypes.REQUEST_PATH_PARAMETER, 'id')
     0 * mod._
 
     cleanup:
diff --git a/dd-java-agent/instrumentation/spring-ws-2/src/main/java/datadog/trace/instrumentation/springws2/MethodEndpointInstrumentation.java b/dd-java-agent/instrumentation/spring-ws-2/src/main/java/datadog/trace/instrumentation/springws2/MethodEndpointInstrumentation.java
index 310123db770..46213b563d0 100644
--- a/dd-java-agent/instrumentation/spring-ws-2/src/main/java/datadog/trace/instrumentation/springws2/MethodEndpointInstrumentation.java
+++ b/dd-java-agent/instrumentation/spring-ws-2/src/main/java/datadog/trace/instrumentation/springws2/MethodEndpointInstrumentation.java
@@ -2,12 +2,12 @@
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static datadog.trace.bootstrap.instrumentation.api.ErrorPriorities.UNSET;
 import static net.bytebuddy.matcher.ElementMatchers.isMethod;
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.ErrorPriorities;
 import net.bytebuddy.asm.Advice;
 
 @AutoService(Instrumenter.class)
@@ -43,14 +43,8 @@ public static void captureUserCodeException(@Advice.Thrown final Throwable throw
         if (rootSpan != null) {
           span = rootSpan;
         }
-        // Check if the span is already in error
-        boolean error = span.isError();
-        // Capture the exception
-        span.addThrowable(throwable);
-        // Restore the error state using UNSET priority to not override prior decision
-        if (!error) {
-          span.setError(false, ErrorPriorities.UNSET);
-        }
+        // Capture the exception without setting span as errored
+        span.addThrowable(throwable, UNSET);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/spymemcached-2.10/src/main/java/datadog/trace/instrumentation/spymemcached/MemcacheClientDecorator.java b/dd-java-agent/instrumentation/spymemcached-2.10/src/main/java/datadog/trace/instrumentation/spymemcached/MemcacheClientDecorator.java
index 854d2e3a6d3..bcfc58674d5 100644
--- a/dd-java-agent/instrumentation/spymemcached-2.10/src/main/java/datadog/trace/instrumentation/spymemcached/MemcacheClientDecorator.java
+++ b/dd-java-agent/instrumentation/spymemcached-2.10/src/main/java/datadog/trace/instrumentation/spymemcached/MemcacheClientDecorator.java
@@ -1,6 +1,5 @@
 package datadog.trace.instrumentation.spymemcached;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -15,7 +14,7 @@ public class MemcacheClientDecorator
   public static final String DB_TYPE = "memcached";
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), DB_TYPE);
+      SpanNaming.instance().namingSchema().cache().service(DB_TYPE);
   public static final UTF8BytesString OPERATION_NAME =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation(DB_TYPE));
   public static final MemcacheClientDecorator DECORATE = new MemcacheClientDecorator();
diff --git a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGInstrumentation.java b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGInstrumentation.java
index f6cff009286..7a5bdd45302 100644
--- a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGInstrumentation.java
+++ b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGInstrumentation.java
@@ -49,8 +49,7 @@ public static void addTracingListener(@Advice.This final TestNG testNG) {
         }
       }
 
-      final String version = TestNGUtils.getTestNGVersion();
-      final TracingListener tracingListener = new TracingListener(version);
+      final TracingListener tracingListener = new TracingListener();
       testNG.addListener((ITestNGListener) tracingListener);
 
       TestNGSuiteListener suiteListener = new TestNGSuiteListener(tracingListener);
diff --git a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGItrInstrumentation.java b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGItrInstrumentation.java
index 170006e912c..d5c82eeebfb 100644
--- a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGItrInstrumentation.java
+++ b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGItrInstrumentation.java
@@ -10,6 +10,7 @@
 import datadog.trace.api.civisibility.InstrumentationBridge;
 import datadog.trace.api.civisibility.config.SkippableTest;
 import java.lang.reflect.Method;
+import java.util.List;
 import java.util.Set;
 import net.bytebuddy.asm.Advice;
 import org.testng.SkipException;
@@ -61,6 +62,11 @@ public static void invokeMethod(
         @Advice.Argument(0) final Method method,
         @Advice.Argument(1) final Object instance,
         @Advice.Argument(2) final Object[] parameters) {
+      List<String> groups = TestNGUtils.getGroups(method);
+      if (groups.contains(InstrumentationBridge.ITR_UNSKIPPABLE_TAG)) {
+        return;
+      }
+
       SkippableTest skippableTest = TestNGUtils.toSkippableTest(method, instance, parameters);
       if (TestEventsHandlerHolder.TEST_EVENTS_HANDLER.skip(skippableTest)) {
         throw new SkipException(InstrumentationBridge.ITR_SKIP_REASON);
diff --git a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGUtils.java b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGUtils.java
index c6c006d742e..ee7c396f12a 100644
--- a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGUtils.java
+++ b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TestNGUtils.java
@@ -111,6 +111,26 @@ public static List<String> getGroups(ITestClass testClass) {
     return !groups.isEmpty() ? groups : null;
   }
 
+  public static List<String> getGroups(Method method) {
+    List<String> groups = new ArrayList<>();
+
+    Test methodAnnotation = method.getAnnotation(Test.class);
+    if (methodAnnotation != null) {
+      Collections.addAll(groups, methodAnnotation.groups());
+    }
+
+    Class<?> clazz = method.getDeclaringClass();
+    do {
+      Test classAnnotation = clazz.getAnnotation(Test.class);
+      if (classAnnotation != null) {
+        Collections.addAll(groups, classAnnotation.groups());
+      }
+      clazz = clazz.getSuperclass();
+    } while (clazz != null);
+
+    return groups;
+  }
+
   public static TestNGClassListener getTestNGClassListener(ITestContext testContext) {
     try {
       if (!(testContext instanceof ITestResultNotifier)) {
@@ -154,7 +174,8 @@ public static boolean isParallelized(ITestClass testClass) {
   }
 
   public static SkippableTest toSkippableTest(Method method, Object instance, Object[] parameters) {
-    String testSuiteName = instance.getClass().getName();
+    Class<?> testClass = instance != null ? instance.getClass() : method.getDeclaringClass();
+    String testSuiteName = testClass.getName();
     String testName = method.getName();
     String testParameters = TestNGUtils.getParameters(parameters);
     return new SkippableTest(testSuiteName, testName, testParameters, null);
diff --git a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TracingListener.java b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TracingListener.java
index ec9bc3537b8..4442c93a8fc 100644
--- a/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TracingListener.java
+++ b/dd-java-agent/instrumentation/testng/src/main/java/datadog/trace/instrumentation/testng/TracingListener.java
@@ -11,12 +11,8 @@
 public class TracingListener extends TestNGClassListener
     implements ITestListener, IConfigurationListener {
 
-  private static final String TESTNG_FRAMEWORK = "testng";
-  private final String version;
-
-  public TracingListener(final String version) {
-    this.version = version;
-  }
+  public static final String FRAMEWORK_NAME = "testng";
+  public static final String FRAMEWORK_VERSION = TestNGUtils.getTestNGVersion();
 
   @Override
   public void onStart(final ITestContext context) {
@@ -34,7 +30,7 @@ protected void onBeforeClass(ITestClass testClass, boolean parallelized) {
     Class<?> testSuiteClass = testClass.getRealClass();
     List<String> groups = TestNGUtils.getGroups(testClass);
     TestEventsHandlerHolder.TEST_EVENTS_HANDLER.onTestSuiteStart(
-        testSuiteName, TESTNG_FRAMEWORK, version, testSuiteClass, groups, parallelized);
+        testSuiteName, FRAMEWORK_NAME, FRAMEWORK_VERSION, testSuiteClass, groups, parallelized);
   }
 
   @Override
@@ -79,8 +75,8 @@ public void onTestStart(final ITestResult result) {
         testSuiteName,
         testName,
         result,
-        TESTNG_FRAMEWORK,
-        version,
+        FRAMEWORK_NAME,
+        FRAMEWORK_VERSION,
         testParameters,
         groups,
         testClass,
diff --git a/dd-java-agent/instrumentation/testng/src/testFixtures/groovy/datadog/trace/instrumentation/testng/TestNGTest.groovy b/dd-java-agent/instrumentation/testng/src/testFixtures/groovy/datadog/trace/instrumentation/testng/TestNGTest.groovy
index 006656f121b..313b185b7a0 100644
--- a/dd-java-agent/instrumentation/testng/src/testFixtures/groovy/datadog/trace/instrumentation/testng/TestNGTest.groovy
+++ b/dd-java-agent/instrumentation/testng/src/testFixtures/groovy/datadog/trace/instrumentation/testng/TestNGTest.groovy
@@ -3,6 +3,7 @@ package datadog.trace.instrumentation.testng
 import datadog.trace.agent.test.asserts.ListWriterAssert
 import datadog.trace.api.DDTags
 import datadog.trace.api.civisibility.CIConstants
+import datadog.trace.api.civisibility.InstrumentationBridge
 import datadog.trace.api.civisibility.config.SkippableTest
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.civisibility.CiVisibilityTest
@@ -19,9 +20,11 @@ import org.example.TestSkippedClass
 import org.example.TestSkippedNested
 import org.example.TestSucceed
 import org.example.TestSucceedAndSkipped
+import org.example.TestSucceedDataProvider
 import org.example.TestSucceedGroups
 import org.example.TestSucceedMultiple
 import org.example.TestSucceedNested
+import org.example.TestSucceedUnskippable
 import org.testng.TestNG
 import org.testng.xml.SuiteXmlParser
 import org.testng.xml.XmlSuite
@@ -485,6 +488,27 @@ abstract class TestNGTest extends CiVisibilityTest {
     testTags = testCaseTagsIfSuiteSetUpFailedOrSkipped("Ignore reason in class")
   }
 
+  def "test factory data provider tests"() {
+    setup:
+
+    runTests(TestSucceedDataProvider)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS)
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedDataProvider", CIConstants.TEST_PASS)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedDataProvider", "testMethod", "testMethod()V", CIConstants.TEST_PASS)
+      }
+    })
+  }
+
   def "test successful test cases executed in parallel"() {
     setup:
     runTests(new Class[] { TestSucceedMultiple }, "methods")
@@ -780,7 +804,105 @@ abstract class TestNGTest extends CiVisibilityTest {
     testTags_1 = [(Tags.TEST_PARAMETERS): '{"arguments":{"0":"\\\"goodbye\\\"","1":"false"}}']
   }
 
-  private void runTests(Class[] testClasses, String parallelMode = null) {
+  def "test ITR skipping for factory data provider tests"() {
+    setup:
+    givenSkippableTests([
+      new SkippableTest("org.example.TestSucceedDataProvider", "testMethod", null, null),
+    ])
+
+    runTests(TestSucceedDataProvider)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_SKIP)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_SKIP, [
+          (DDTags.CI_ITR_TESTS_SKIPPED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 1,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedDataProvider", CIConstants.TEST_SKIP)
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedDataProvider", "testMethod", "testMethod()V", CIConstants.TEST_SKIP, testTags_0)
+      }
+    })
+
+    where:
+    testTags_0 = [
+      (Tags.TEST_SKIP_REASON): "Skipped by Datadog Intelligent Test Runner",
+      (Tags.TEST_SKIPPED_BY_ITR): true
+    ]
+  }
+
+  def "test ITR unskippable"() {
+    setup:
+    givenSkippableTests([
+      new SkippableTest("org.example.TestSucceedUnskippable", "test_succeed", null, null),
+    ])
+
+    runTests(TestSucceedUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippable", CIConstants.TEST_PASS,
+        null, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippable", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+        testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true, (Tags.TEST_ITR_FORCED_RUN): true]
+  }
+
+  def "test unskippable ITR test that is not supposed to be skipped"() {
+    setup:
+    givenSkippableTests([])
+    runTests(TestSucceedUnskippable)
+
+    expect:
+    ListWriterAssert.assertTraces(TEST_WRITER, 2, false, SORT_TRACES_BY_DESC_SIZE_THEN_BY_NAMES, {
+      long testSessionId
+      long testModuleId
+      long testSuiteId
+      trace(3, true) {
+        testSessionId = testSessionSpan(it, 1, CIConstants.TEST_PASS)
+        testModuleId = testModuleSpan(it, 0, testSessionId, CIConstants.TEST_PASS, [
+          (Tags.TEST_ITR_TESTS_SKIPPING_ENABLED): true,
+          (Tags.TEST_ITR_TESTS_SKIPPING_TYPE): "test",
+          (Tags.TEST_ITR_TESTS_SKIPPING_COUNT): 0,
+        ])
+        testSuiteId = testSuiteSpan(it, 2, testSessionId, testModuleId, "org.example.TestSucceedUnskippable", CIConstants.TEST_PASS,
+        null, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+      trace(1) {
+        testSpan(it, 0, testSessionId, testModuleId, testSuiteId, "org.example.TestSucceedUnskippable", "test_succeed", "test_succeed()V", CIConstants.TEST_PASS,
+        testTags, null, false, [InstrumentationBridge.ITR_UNSKIPPABLE_TAG])
+      }
+    })
+
+    where:
+    testTags = [(Tags.TEST_ITR_UNSKIPPABLE): true]
+  }
+
+  protected void runTests(Class[] testClasses, String parallelMode = null) {
     TestEventsHandlerHolder.start()
 
     def testNG = new TestNG()
@@ -810,17 +932,22 @@ abstract class TestNGTest extends CiVisibilityTest {
 
   @Override
   String expectedOperationPrefix() {
-    return "testng"
+    "testng"
   }
 
   @Override
   String expectedTestFramework() {
-    return "testng"
+    TracingListener.FRAMEWORK_NAME
+  }
+
+  @Override
+  String expectedTestFrameworkVersion() {
+    TracingListener.FRAMEWORK_VERSION
   }
 
   @Override
   String component() {
-    return "testng"
+    "testng"
   }
 
   abstract String assertionErrorMessage()
diff --git a/dd-java-agent/instrumentation/testng/src/testFixtures/java/org/example/TestSucceedDataProvider.java b/dd-java-agent/instrumentation/testng/src/testFixtures/java/org/example/TestSucceedDataProvider.java
new file mode 100644
index 00000000000..5d4c003bc47
--- /dev/null
+++ b/dd-java-agent/instrumentation/testng/src/testFixtures/java/org/example/TestSucceedDataProvider.java
@@ -0,0 +1,27 @@
+package org.example;
+
+import static org.testng.Assert.assertEquals;
+
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Factory;
+import org.testng.annotations.Test;
+
+public class TestSucceedDataProvider {
+
+  private final int param;
+
+  @Factory(dataProvider = "dataMethod")
+  public TestSucceedDataProvider(int param) {
+    this.param = param;
+  }
+
+  @DataProvider
+  public static Object[][] dataMethod() {
+    return new Object[][] {{0}};
+  }
+
+  @Test
+  public void testMethod() {
+    assertEquals(param, 0);
+  }
+}
diff --git a/dd-java-agent/instrumentation/testng/src/testFixtures/java/org/example/TestSucceedUnskippable.java b/dd-java-agent/instrumentation/testng/src/testFixtures/java/org/example/TestSucceedUnskippable.java
new file mode 100644
index 00000000000..48c37b6eb60
--- /dev/null
+++ b/dd-java-agent/instrumentation/testng/src/testFixtures/java/org/example/TestSucceedUnskippable.java
@@ -0,0 +1,15 @@
+package org.example;
+
+import static org.testng.Assert.assertTrue;
+
+import datadog.trace.api.civisibility.InstrumentationBridge;
+import org.testng.annotations.Test;
+
+@Test(groups = InstrumentationBridge.ITR_UNSKIPPABLE_TAG)
+public class TestSucceedUnskippable {
+
+  @Test
+  public void test_succeed() {
+    assertTrue(true);
+  }
+}
diff --git a/dd-java-agent/instrumentation/testng/testng-6.4/build.gradle b/dd-java-agent/instrumentation/testng/testng-6/build.gradle
similarity index 54%
rename from dd-java-agent/instrumentation/testng/testng-6.4/build.gradle
rename to dd-java-agent/instrumentation/testng/testng-6/build.gradle
index 2005d4158d0..4e78bbbee1c 100644
--- a/dd-java-agent/instrumentation/testng/testng-6.4/build.gradle
+++ b/dd-java-agent/instrumentation/testng/testng-6/build.gradle
@@ -8,9 +8,8 @@ muzzle {
   pass {
     group = 'org.testng'
     module = 'testng'
-    versions = '[6.4,7.5)'
+    versions = '[6.4,7.0.0)'
     skipVersions += "6.13" // depends on non-existent jcommander-1.66
-    skipVersions += "7.1.0" //  depends on non-existent guice-4.1.0-no_aop
   }
 }
 
@@ -20,10 +19,14 @@ dependencies {
   implementation project(':dd-java-agent:instrumentation:testng')
 
   testImplementation testFixtures(project(':dd-java-agent:instrumentation:testng'))
+  testImplementation group: 'org.testng', name: 'testng', version: '6.4'
+}
 
-  testImplementation(group: 'org.testng', name: 'testng') {
-    version {
-      strictly '6.4'
-    }
+// gradle can't downgrade the testng dependencies with `strictly`
+// and IntelliJ IDEA reports an error when importing the project
+configurations.matching({ it.name.startsWith('test') }).each({
+  it.resolutionStrategy {
+    force group: 'org.testng', name: 'testng', version: '6.4'
   }
-}
+})
+
diff --git a/dd-java-agent/instrumentation/testng/testng-6.4/src/main/java/datadog/trace/instrumentation/testng64/TestNGClassListenerInstrumentation.java b/dd-java-agent/instrumentation/testng/testng-6/src/main/java/datadog/trace/instrumentation/testng6/TestNGClassListenerInstrumentation.java
similarity index 79%
rename from dd-java-agent/instrumentation/testng/testng-6.4/src/main/java/datadog/trace/instrumentation/testng64/TestNGClassListenerInstrumentation.java
rename to dd-java-agent/instrumentation/testng/testng-6/src/main/java/datadog/trace/instrumentation/testng6/TestNGClassListenerInstrumentation.java
index 4dbca3bfd55..28dbdbf8c72 100644
--- a/dd-java-agent/instrumentation/testng/testng-6.4/src/main/java/datadog/trace/instrumentation/testng64/TestNGClassListenerInstrumentation.java
+++ b/dd-java-agent/instrumentation/testng/testng-6/src/main/java/datadog/trace/instrumentation/testng6/TestNGClassListenerInstrumentation.java
@@ -1,6 +1,8 @@
-package datadog.trace.instrumentation.testng64;
+package datadog.trace.instrumentation.testng6;
 
+import static datadog.trace.agent.tooling.bytebuddy.matcher.ClassLoaderMatchers.hasClassNamed;
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.not;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
 
 import com.google.auto.service.AutoService;
@@ -9,6 +11,7 @@
 import datadog.trace.instrumentation.testng.TestNGUtils;
 import datadog.trace.util.Strings;
 import net.bytebuddy.asm.Advice;
+import net.bytebuddy.matcher.ElementMatcher;
 import org.testng.IMethodInstance;
 import org.testng.ITestClass;
 import org.testng.ITestContext;
@@ -21,7 +24,14 @@ public class TestNGClassListenerInstrumentation extends Instrumenter.CiVisibilit
   private final String commonPackageName = Strings.getPackageName(TestNGUtils.class.getName());
 
   public TestNGClassListenerInstrumentation() {
-    super("testng-64-class-listener");
+    super("ci-visibility", "testng", "testng-6");
+  }
+
+  @Override
+  public ElementMatcher<ClassLoader> classLoaderMatcher() {
+    // do not apply to TestNG 7.x and above
+    // since those versions are handled by a different instrumentation
+    return not(hasClassNamed("org.testng.annotations.CustomAttribute"));
   }
 
   @Override
@@ -65,8 +75,8 @@ public static void invokeBeforeClass(
     }
 
     // TestNG 6.4 and above
-    public static void muzzleCheck(final DataProvider dataProvider) {
-      dataProvider.name();
+    public static String muzzleCheck(final DataProvider dataProvider) {
+      return dataProvider.name();
     }
   }
 
@@ -82,8 +92,8 @@ public static void invokeAfterClass(
     }
 
     // TestNG 6.4 and above
-    public static void muzzleCheck(final DataProvider dataProvider) {
-      dataProvider.name();
+    public static String muzzleCheck(final DataProvider dataProvider) {
+      return dataProvider.name();
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/testng/testng-6.4/src/test/groovy/TestNG64Test.groovy b/dd-java-agent/instrumentation/testng/testng-6/src/test/groovy/TestNG6Test.groovy
similarity index 82%
rename from dd-java-agent/instrumentation/testng/testng-6.4/src/test/groovy/TestNG64Test.groovy
rename to dd-java-agent/instrumentation/testng/testng-6/src/test/groovy/TestNG6Test.groovy
index aea7e620dc1..8193d366edf 100644
--- a/dd-java-agent/instrumentation/testng/testng-6.4/src/test/groovy/TestNG64Test.groovy
+++ b/dd-java-agent/instrumentation/testng/testng-6/src/test/groovy/TestNG6Test.groovy
@@ -1,11 +1,6 @@
 import datadog.trace.instrumentation.testng.TestNGTest
 
-class TestNG64Test extends TestNGTest {
-
-  @Override
-  String expectedTestFrameworkVersion() {
-    return "6.4.0"
-  }
+class TestNG6Test extends TestNGTest {
 
   @Override
   String assertionErrorMessage() {
diff --git a/dd-java-agent/instrumentation/testng/testng-7.5/build.gradle b/dd-java-agent/instrumentation/testng/testng-7.5/build.gradle
deleted file mode 100644
index 1c484edbc4c..00000000000
--- a/dd-java-agent/instrumentation/testng/testng-7.5/build.gradle
+++ /dev/null
@@ -1,31 +0,0 @@
-plugins {
-  id 'java-test-fixtures'
-}
-
-apply from: "$rootDir/gradle/java.gradle"
-
-muzzle {
-  /**
-   * TestNG 7.6+ passes if muzzle is run with Java 11 but fails otherwise because it
-   * is compiled with Java 11, so we can't validate with muzzle which uses Java 8.
-   */
-  pass {
-    group = 'org.testng'
-    module = 'testng'
-    versions = '[7.5,7.6)'
-  }
-}
-
-dependencies {
-  compileOnly group: 'org.testng', name: 'testng', version: '7.5'
-
-  implementation project(':dd-java-agent:instrumentation:testng')
-
-  testImplementation testFixtures(project(':dd-java-agent:instrumentation:testng'))
-
-  testImplementation(group: 'org.testng', name: 'testng') {
-    version {
-      strictly '7.5'
-    }
-  }
-}
diff --git a/dd-java-agent/instrumentation/testng/testng-7/build.gradle b/dd-java-agent/instrumentation/testng/testng-7/build.gradle
new file mode 100644
index 00000000000..494468800e5
--- /dev/null
+++ b/dd-java-agent/instrumentation/testng/testng-7/build.gradle
@@ -0,0 +1,49 @@
+plugins {
+  id 'java-test-fixtures'
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = 'org.testng'
+    module = 'testng'
+    versions = '[7.0.0,7.6)'
+    skipVersions += "7.1.0" //  depends on non-existent guice-4.1.0-no_aop
+  }
+  // TestNG 7.6+ is compiled with Java 11
+  pass {
+    group = 'org.testng'
+    module = 'testng'
+    versions = '[7.6,)'
+    javaVersion = 11
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'org.testng', name: 'testng', version: '7.0.0'
+
+  implementation project(':dd-java-agent:instrumentation:testng')
+
+  testImplementation testFixtures(project(':dd-java-agent:instrumentation:testng'))
+  testImplementation group: 'org.testng', name: 'testng', version: '7.0.0'
+
+  latestDepTestImplementation group: 'org.testng', name: 'testng', version: '+'
+}
+
+// gradle can't downgrade the testng dependencies with `strictly`
+// and IntelliJ IDEA reports an error when importing the project
+configurations.matching({ it.name.startsWith('test') }).each({
+  it.resolutionStrategy {
+    force group: 'org.testng', name: 'testng', version: '7.0.0'
+  }
+})
+
+configurations.matching({ it.name.startsWith('latestDepTest') }).each({
+  it.resolutionStrategy {
+    // TestNG 7.6+ is compiled with Java 11
+    force group: 'org.testng', name: 'testng', version: (JavaVersion.current().java11Compatible ? '+' : '7.5')
+  }
+})
diff --git a/dd-java-agent/instrumentation/testng/testng-7.5/src/main/java/datadog/trace/instrumentation/testng75/TestNGClassListenerInstrumentation.java b/dd-java-agent/instrumentation/testng/testng-7/src/main/java/datadog/trace/instrumentation/testng7/TestNGClassListenerInstrumentation.java
similarity index 81%
rename from dd-java-agent/instrumentation/testng/testng-7.5/src/main/java/datadog/trace/instrumentation/testng75/TestNGClassListenerInstrumentation.java
rename to dd-java-agent/instrumentation/testng/testng-7/src/main/java/datadog/trace/instrumentation/testng7/TestNGClassListenerInstrumentation.java
index e0847c01738..82656adb9ac 100644
--- a/dd-java-agent/instrumentation/testng/testng-7.5/src/main/java/datadog/trace/instrumentation/testng75/TestNGClassListenerInstrumentation.java
+++ b/dd-java-agent/instrumentation/testng/testng-7/src/main/java/datadog/trace/instrumentation/testng7/TestNGClassListenerInstrumentation.java
@@ -1,4 +1,4 @@
-package datadog.trace.instrumentation.testng75;
+package datadog.trace.instrumentation.testng7;
 
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
@@ -12,23 +12,26 @@
 import org.testng.IMethodInstance;
 import org.testng.ITestClass;
 import org.testng.ITestContext;
-import org.testng.internal.invokers.TestMethodWorker;
+import org.testng.annotations.CustomAttribute;
 import org.testng.xml.XmlSuite;
 import org.testng.xml.XmlTest;
 
 @AutoService(Instrumenter.class)
 public class TestNGClassListenerInstrumentation extends Instrumenter.CiVisibility
-    implements Instrumenter.ForSingleType {
+    implements Instrumenter.ForKnownTypes {
 
   private final String commonPackageName = Strings.getPackageName(TestNGUtils.class.getName());
 
   public TestNGClassListenerInstrumentation() {
-    super("testng-75-class-listener");
+    super("ci-visibility", "testng", "testng-7");
   }
 
   @Override
-  public String instrumentedType() {
-    return "org.testng.internal.invokers.TestMethodWorker";
+  public String[] knownMatchingTypes() {
+    return new String[] {
+      "org.testng.internal.TestMethodWorker", // TestNG 7.0-7.4
+      "org.testng.internal.invokers.TestMethodWorker" // TestNG 7.5+
+    };
   }
 
   @Override
@@ -70,9 +73,9 @@ public static void invokeBeforeClass(
       listener.invokeBeforeClass(testClass, parallelized);
     }
 
-    // TestNG 7.5 and above
-    public static void muzzleCheck(final TestMethodWorker testMethodWorker) {
-      testMethodWorker.completed();
+    // TestNG 7.0 and above
+    public static String muzzleCheck(final CustomAttribute customAttribute) {
+      return customAttribute.name();
     }
   }
 
@@ -87,9 +90,9 @@ public static void invokeAfterClass(
       listener.invokeAfterClass(testClass, methodInstance);
     }
 
-    // TestNG 7.5 and above
-    public static void muzzleCheck(final TestMethodWorker testMethodWorker) {
-      testMethodWorker.completed();
+    // TestNG 7.0 and above
+    public static String muzzleCheck(final CustomAttribute customAttribute) {
+      return customAttribute.name();
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/testng/testng-7.5/src/test/groovy/TestNG75Test.groovy b/dd-java-agent/instrumentation/testng/testng-7/src/test/groovy/TestNG7Test.groovy
similarity index 55%
rename from dd-java-agent/instrumentation/testng/testng-7.5/src/test/groovy/TestNG75Test.groovy
rename to dd-java-agent/instrumentation/testng/testng-7/src/test/groovy/TestNG7Test.groovy
index bc0fa20aecc..111b60efeb4 100644
--- a/dd-java-agent/instrumentation/testng/testng-7.5/src/test/groovy/TestNG75Test.groovy
+++ b/dd-java-agent/instrumentation/testng/testng-7/src/test/groovy/TestNG7Test.groovy
@@ -1,16 +1,15 @@
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.instrumentation.testng.TestNGTest
+import datadog.trace.instrumentation.testng.TracingListener
 
-class TestNG75Test extends TestNGTest {
-
-  @Override
-  String expectedTestFrameworkVersion() {
-    return '7.5'
-  }
+class TestNG7Test extends TestNGTest {
 
   @Override
   String assertionErrorMessage() {
-    "expected [true] but found [false]"
+    // error message format differs based on framework version
+    TracingListener.FRAMEWORK_VERSION >= "7.5"
+      ? "expected [true] but found [false]"
+      : "did not expect to find [true] but found [false]"
   }
 
   @Override
diff --git a/dd-java-agent/instrumentation/thymeleaf/build.gradle b/dd-java-agent/instrumentation/thymeleaf/build.gradle
new file mode 100644
index 00000000000..609b9e4e63a
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/build.gradle
@@ -0,0 +1,23 @@
+muzzle {
+  pass {
+    group = 'org.thymeleaf'
+    module = 'thymeleaf'
+    versions = '[3.0.0.RELEASE,]'
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+
+  compileOnly group: 'org.thymeleaf', name: 'thymeleaf', version: '3.0.0.RELEASE'
+
+  testImplementation group: 'org.thymeleaf', name: 'thymeleaf', version: '3.0.0.RELEASE'
+
+  testRuntimeOnly project(':dd-java-agent:instrumentation:iast-instrumenter')
+
+  latestDepTestImplementation group: 'org.thymeleaf', name: 'thymeleaf', version: '+'
+}
diff --git a/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/BodyAdvice.java b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/BodyAdvice.java
new file mode 100644
index 00000000000..a5279033349
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/BodyAdvice.java
@@ -0,0 +1,28 @@
+package datadog.trace.instrumentation.thymeleaf;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Sink;
+import datadog.trace.api.iast.VulnerabilityTypes;
+import datadog.trace.api.iast.sink.XssModule;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import net.bytebuddy.asm.Advice;
+import org.thymeleaf.engine.ElementTagStructureHandler;
+import org.thymeleaf.processor.element.IElementTagStructureHandler;
+
+public class BodyAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  @Sink(VulnerabilityTypes.XSS)
+  public static void setBody(
+      @Advice.This ElementTagStructureHandler self, @Advice.Argument(0) final CharSequence text) {
+    final XssModule module = InstrumentationBridge.XSS;
+    if (module != null) {
+      ContextStore<IElementTagStructureHandler, ThymeleafContext> contextStore =
+          InstrumentationContext.get(IElementTagStructureHandler.class, ThymeleafContext.class);
+      ThymeleafContext ctx = contextStore.get(self);
+      if (ctx != null) {
+        module.onXss(text, ctx.getTemplateName(), ctx.getLine());
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ElementTagStructureHandlerInstrumentation.java b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ElementTagStructureHandlerInstrumentation.java
new file mode 100644
index 00000000000..11ace7c8058
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ElementTagStructureHandlerInstrumentation.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.thymeleaf;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class ElementTagStructureHandlerInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+  public ElementTagStructureHandlerInstrumentation() {
+    super("thymeleaf");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.thymeleaf.engine.ElementTagStructureHandler";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+
+    transformation.applyAdvice(
+        isMethod().and(named("setBody")).and(takesArgument(0, CharSequence.class)),
+        packageName + ".BodyAdvice");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {packageName + ".ThymeleafContext"};
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap(
+        "org.thymeleaf.processor.element.IElementTagStructureHandler",
+        "datadog.trace.instrumentation.thymeleaf.ThymeleafContext");
+  }
+}
diff --git a/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ProcessAdvice.java b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ProcessAdvice.java
new file mode 100644
index 00000000000..72f0e163870
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ProcessAdvice.java
@@ -0,0 +1,24 @@
+package datadog.trace.instrumentation.thymeleaf;
+
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import net.bytebuddy.asm.Advice;
+import org.thymeleaf.model.IProcessableElementTag;
+import org.thymeleaf.processor.element.IElementTagStructureHandler;
+
+public class ProcessAdvice {
+
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  @Propagation
+  public static void doProcess(
+      @Advice.Argument(1) final IProcessableElementTag tag,
+      @Advice.Argument(4) final IElementTagStructureHandler handler) {
+    if (InstrumentationBridge.XSS != null) {
+      ContextStore<IElementTagStructureHandler, ThymeleafContext> contextStore =
+          InstrumentationContext.get(IElementTagStructureHandler.class, ThymeleafContext.class);
+      contextStore.put(handler, new ThymeleafContext(tag.getTemplateName(), tag.getLine()));
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/StandardUtextTagProcessorInstrumentation.java b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/StandardUtextTagProcessorInstrumentation.java
new file mode 100644
index 00000000000..78788767fd2
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/StandardUtextTagProcessorInstrumentation.java
@@ -0,0 +1,40 @@
+package datadog.trace.instrumentation.thymeleaf;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class StandardUtextTagProcessorInstrumentation extends Instrumenter.Iast
+    implements Instrumenter.ForSingleType {
+
+  public StandardUtextTagProcessorInstrumentation() {
+    super("thymeleaf");
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(isMethod().and(named("doProcess")), packageName + ".ProcessAdvice");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {packageName + ".ThymeleafContext"};
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap(
+        "org.thymeleaf.processor.element.IElementTagStructureHandler",
+        "datadog.trace.instrumentation.thymeleaf.ThymeleafContext");
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "org.thymeleaf.standard.processor.StandardUtextTagProcessor";
+  }
+}
diff --git a/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ThymeleafContext.java b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ThymeleafContext.java
new file mode 100644
index 00000000000..ff8bcbdcb49
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/src/main/java/datadog/trace/instrumentation/thymeleaf/ThymeleafContext.java
@@ -0,0 +1,21 @@
+package datadog.trace.instrumentation.thymeleaf;
+
+public class ThymeleafContext {
+
+  private final String templateName;
+
+  private final int line;
+
+  public ThymeleafContext(final String file, final int line) {
+    this.templateName = file;
+    this.line = line;
+  }
+
+  public String getTemplateName() {
+    return templateName;
+  }
+
+  public int getLine() {
+    return line;
+  }
+}
diff --git a/dd-java-agent/instrumentation/thymeleaf/src/test/groovy/datadog/trace/instrumentation/thymeleaf/ThymeleafXssTest.groovy b/dd-java-agent/instrumentation/thymeleaf/src/test/groovy/datadog/trace/instrumentation/thymeleaf/ThymeleafXssTest.groovy
new file mode 100644
index 00000000000..803207eb5cc
--- /dev/null
+++ b/dd-java-agent/instrumentation/thymeleaf/src/test/groovy/datadog/trace/instrumentation/thymeleaf/ThymeleafXssTest.groovy
@@ -0,0 +1,38 @@
+package datadog.trace.instrumentation.thymeleaf
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.sink.XssModule
+import org.thymeleaf.TemplateEngine
+import org.thymeleaf.context.Context
+
+class ThymeleafXssTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  void 'test that XssModule is called' (){
+    given:
+    XssModule xssModule = Mock(XssModule)
+    if(hasModule){
+      InstrumentationBridge.registerIastModule(xssModule)
+    }
+    final engine = new TemplateEngine()
+    final context = new Context(Locale.getDefault(), [q:'this is vulnerable'])
+
+    when:
+    engine.process(template, context)
+
+    then:
+    expected * xssModule.onXss('this is vulnerable', template, 1)
+    0 * _
+
+    where:
+    hasModule | template | expected
+    false | '<span th:utext="${q}"></span>'  | 0
+    true | '<span th:utext="${q}"></span>'  | 1
+    true | '<span th:text="${q}"></span>'  | 0
+  }
+}
diff --git a/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatBlockingHelper.java b/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatBlockingHelper.java
index 4f43ce0106a..676c069883c 100644
--- a/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatBlockingHelper.java
+++ b/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatBlockingHelper.java
@@ -2,6 +2,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper.TemplateType;
 import datadog.trace.bootstrap.instrumentation.decorator.HttpServerDecorator;
@@ -34,12 +35,18 @@ public class TomcatBlockingHelper {
   }
 
   public static void commitBlockingResponse(
-      Request request, Response resp, Flow.Action.RequestBlockingAction rba) {
+      TraceSegment segment, Request request, Response resp, Flow.Action.RequestBlockingAction rba) {
     commitBlockingResponse(
-        request, resp, rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+        segment,
+        request,
+        resp,
+        rba.getStatusCode(),
+        rba.getBlockingContentType(),
+        rba.getExtraHeaders());
   }
 
   public static boolean commitBlockingResponse(
+      TraceSegment segment,
       Request request,
       Response resp,
       int statusCode,
@@ -67,6 +74,7 @@ public static boolean commitBlockingResponse(
       } catch (IllegalStateException ise) {
         tryWriteWithWriter(request, resp, templateType);
       }
+      segment.effectivelyBlocked();
     } catch (Throwable e) {
       log.info("Error sending error page", e);
     }
diff --git a/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatDecorator.java b/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatDecorator.java
index aa8de15ef67..ca857dfd880 100644
--- a/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatDecorator.java
+++ b/dd-java-agent/instrumentation/tomcat-5.5-common/src/main/java/datadog/trace/instrumentation/tomcat/TomcatDecorator.java
@@ -4,6 +4,7 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.gateway.BlockResponseFunction;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.URIDataAdapter;
@@ -145,9 +146,12 @@ public TomcatBlockResponseFunction(Request request) {
 
     @Override
     public boolean tryCommitBlockingResponse(
-        int statusCode, BlockingContentType bct, Map<String, String> extraHeaders) {
+        TraceSegment segment,
+        int statusCode,
+        BlockingContentType bct,
+        Map<String, String> extraHeaders) {
       return TomcatBlockingHelper.commitBlockingResponse(
-          request, request.getResponse(), statusCode, bct, extraHeaders);
+          segment, request, request.getResponse(), statusCode, bct, extraHeaders);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/tomcat-5.5/src/main/java/datadog/trace/instrumentation/tomcat/TomcatServerInstrumentation.java b/dd-java-agent/instrumentation/tomcat-5.5/src/main/java/datadog/trace/instrumentation/tomcat/TomcatServerInstrumentation.java
index 55d0e9ee658..d413f18ce7a 100644
--- a/dd-java-agent/instrumentation/tomcat-5.5/src/main/java/datadog/trace/instrumentation/tomcat/TomcatServerInstrumentation.java
+++ b/dd-java-agent/instrumentation/tomcat-5.5/src/main/java/datadog/trace/instrumentation/tomcat/TomcatServerInstrumentation.java
@@ -172,8 +172,8 @@ public static void afterParse(
         DECORATE.onRequest(span, req, req, ctx);
         Flow.Action.RequestBlockingAction rba = span.getRequestBlockingAction();
         if (rba != null) {
-          span.getRequestContext().getTraceSegment().effectivelyBlocked();
-          TomcatBlockingHelper.commitBlockingResponse(req, resp, rba);
+          TomcatBlockingHelper.commitBlockingResponse(
+              span.getRequestContext().getTraceSegment(), req, resp, rba);
           ret = false; // skip pipeline
         }
       }
diff --git a/dd-java-agent/instrumentation/tomcat-5.5/src/test/groovy/AbstractServletTest.groovy b/dd-java-agent/instrumentation/tomcat-5.5/src/test/groovy/AbstractServletTest.groovy
index 4992ffa3bb9..9c768648e9e 100644
--- a/dd-java-agent/instrumentation/tomcat-5.5/src/test/groovy/AbstractServletTest.groovy
+++ b/dd-java-agent/instrumentation/tomcat-5.5/src/test/groovy/AbstractServletTest.groovy
@@ -21,6 +21,11 @@ abstract class AbstractServletTest<SERVER, CONTEXT> extends HttpServerTest<SERVE
     return TomcatDecorator.TOMCAT_SERVER
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   String expectedServiceName() {
     context
diff --git a/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/CommitActionInstrumentation.java b/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/CommitActionInstrumentation.java
index f792c5cd35e..900b910a27e 100644
--- a/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/CommitActionInstrumentation.java
+++ b/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/CommitActionInstrumentation.java
@@ -112,8 +112,10 @@ static class ProcessCommitActionAdvice {
         BlockResponseFunction brf = requestContext.getBlockResponseFunction();
         if (brf != null) {
           brf.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          requestContext.getTraceSegment().effectivelyBlocked();
+              requestContext.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           thiz.action(ActionCode.ACTION_CLOSE, null);
           return true;
         }
diff --git a/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/ParsedBodyParametersInstrumentation.java b/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/ParsedBodyParametersInstrumentation.java
index 4de01dd8283..00da2cd6bd2 100644
--- a/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/ParsedBodyParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/tomcat-appsec-5.5/src/main/java/datadog/trace/instrumentation/tomcat55/ParsedBodyParametersInstrumentation.java
@@ -143,10 +143,12 @@ static void after(
           BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
           if (blockResponseFunction != null) {
             blockResponseFunction.tryCommitBlockingResponse(
-                rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                reqCtx.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
             if (t == null) {
               t = new BlockingException("Blocked request (for processParameters)");
-              reqCtx.getTraceSegment().effectivelyBlocked();
             }
           }
         }
diff --git a/dd-java-agent/instrumentation/tomcat-appsec-6/src/main/java/datadog/trace/instrumentation/tomcat6/ParsedBodyParametersInstrumentation.java b/dd-java-agent/instrumentation/tomcat-appsec-6/src/main/java/datadog/trace/instrumentation/tomcat6/ParsedBodyParametersInstrumentation.java
index 2c416728673..96c0ee8163a 100644
--- a/dd-java-agent/instrumentation/tomcat-appsec-6/src/main/java/datadog/trace/instrumentation/tomcat6/ParsedBodyParametersInstrumentation.java
+++ b/dd-java-agent/instrumentation/tomcat-appsec-6/src/main/java/datadog/trace/instrumentation/tomcat6/ParsedBodyParametersInstrumentation.java
@@ -132,9 +132,11 @@ static void after(
           if (blockResponseFunction != null) {
             boolean committedBlockingResponse =
                 blockResponseFunction.tryCommitBlockingResponse(
-                    rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                    reqCtx.getTraceSegment(),
+                    rba.getStatusCode(),
+                    rba.getBlockingContentType(),
+                    rba.getExtraHeaders());
             if (committedBlockingResponse) {
-              reqCtx.getTraceSegment().effectivelyBlocked();
               if (t == null) {
                 t = new BlockingException("Blocked request (for processParameters)");
               }
diff --git a/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/CommitActionInstrumentation.java b/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/CommitActionInstrumentation.java
index 7cfa5bf2043..30f290aea8a 100644
--- a/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/CommitActionInstrumentation.java
+++ b/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/CommitActionInstrumentation.java
@@ -112,8 +112,10 @@ static class ProcessCommitActionAdvice {
         BlockResponseFunction brf = requestContext.getBlockResponseFunction();
         if (brf != null) {
           brf.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          requestContext.getTraceSegment().effectivelyBlocked();
+              requestContext.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           thiz.action(ActionCode.CLOSE, null);
           return true;
         }
diff --git a/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/ParsePartsInstrumentation.java b/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/ParsePartsInstrumentation.java
index 4a353151a21..23cca5a2865 100644
--- a/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/ParsePartsInstrumentation.java
+++ b/dd-java-agent/instrumentation/tomcat-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/ParsePartsInstrumentation.java
@@ -117,8 +117,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-          reqCtx.getTraceSegment().effectivelyBlocked();
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           if (t == null) {
             t = new BlockingException("Blocked request (for Request/parseParts)");
           }
diff --git a/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceAdvice.java b/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceAdvice.java
index 3527bd75de8..548fce528bd 100644
--- a/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceAdvice.java
+++ b/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceAdvice.java
@@ -6,6 +6,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import java.lang.reflect.Method;
 import net.bytebuddy.asm.Advice;
+import net.bytebuddy.implementation.bytecode.assign.Assigner;
 
 public class TraceAdvice {
 
@@ -16,10 +17,12 @@ public static AgentScope onEnter(@Advice.Origin final Method method) {
 
   @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
   public static void stopSpan(
-      @Advice.Enter final AgentScope scope, @Advice.Thrown final Throwable throwable) {
+      @Advice.Enter final AgentScope scope,
+      @Advice.Return(typing = Assigner.Typing.DYNAMIC, readOnly = false) Object result,
+      @Advice.Thrown final Throwable throwable) {
     DECORATE.onError(scope, throwable);
     DECORATE.beforeFinish(scope);
     scope.close();
-    scope.span().finish();
+    result = DECORATE.wrapAsyncResultOrFinishSpan(result, scope.span());
   }
 }
diff --git a/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceDecorator.java b/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceDecorator.java
index 25ad277da8f..984ed51daba 100644
--- a/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceDecorator.java
+++ b/dd-java-agent/instrumentation/trace-annotation/src/main/java/datadog/trace/instrumentation/trace_annotation/TraceDecorator.java
@@ -6,16 +6,18 @@
 import datadog.trace.api.Trace;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
-import datadog.trace.bootstrap.instrumentation.decorator.BaseDecorator;
+import datadog.trace.bootstrap.instrumentation.decorator.AsyncResultDecorator;
 import java.lang.reflect.Method;
 
-public class TraceDecorator extends BaseDecorator {
+public class TraceDecorator extends AsyncResultDecorator {
   public static TraceDecorator DECORATE = new TraceDecorator();
   private static final String INSTRUMENTATION_NAME = "trace-annotation";
 
-  private static final boolean useLegacyOperationName =
+  private static final boolean USE_LEGACY_OPERATION_NAME =
       InstrumenterConfig.get().isLegacyInstrumentationEnabled(true, "trace.annotations");
 
+  private static final boolean ASYNC_SUPPORT = InstrumenterConfig.get().isTraceAnnotationAsync();
+
   private static final CharSequence TRACE = UTF8BytesString.create("trace");
 
   private static final String DEFAULT_OPERATION_NAME = "trace.annotation";
@@ -37,13 +39,14 @@ protected CharSequence component() {
   }
 
   public boolean useLegacyOperationName() {
-    return useLegacyOperationName;
+    return USE_LEGACY_OPERATION_NAME;
   }
 
   public AgentSpan startMethodSpan(Method method) {
     CharSequence operationName = null;
     CharSequence resourceName = null;
     boolean measured = false;
+    boolean noParent = false;
 
     Trace traceAnnotation = method.getAnnotation(Trace.class);
     if (null != traceAnnotation) {
@@ -59,6 +62,12 @@ public AgentSpan startMethodSpan(Method method) {
       } catch (Throwable ignore) {
         // dd-trace-api < 1.10.0 on classpath
       }
+
+      try {
+        noParent = traceAnnotation.noParent();
+      } catch (Throwable ignore) {
+        // dd-trace-api < 1.22.0 on classpath
+      }
     }
 
     if (operationName == null || operationName.length() == 0) {
@@ -73,7 +82,11 @@ public AgentSpan startMethodSpan(Method method) {
       resourceName = DECORATE.spanNameForMethod(method);
     }
 
-    AgentSpan span = startSpan(INSTRUMENTATION_NAME, operationName);
+    AgentSpan span =
+        noParent
+            ? startSpan(INSTRUMENTATION_NAME, operationName, null)
+            : startSpan(INSTRUMENTATION_NAME, operationName);
+
     DECORATE.afterStart(span);
     span.setResourceName(resourceName);
 
@@ -83,4 +96,14 @@ public AgentSpan startMethodSpan(Method method) {
 
     return span;
   }
+
+  @Override
+  public Object wrapAsyncResultOrFinishSpan(Object result, AgentSpan span) {
+    if (ASYNC_SUPPORT) {
+      return super.wrapAsyncResultOrFinishSpan(result, span);
+    } else {
+      span.finish();
+      return result;
+    }
+  }
 }
diff --git a/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsAsyncTest.groovy b/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsAsyncTest.groovy
new file mode 100644
index 00000000000..2ad5f5be278
--- /dev/null
+++ b/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsAsyncTest.groovy
@@ -0,0 +1,41 @@
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import dd.test.trace.annotation.SayTracedHello
+
+import java.util.concurrent.CountDownLatch
+
+class TraceAnnotationsAsyncTest extends AgentTestRunner {
+  @Override
+  void configurePreAgent() {
+    super.configurePreAgent()
+    injectSysConfig("dd.trace.annotation.async", "true")
+  }
+
+  def "test span finish with async type support"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def completableFuture = SayTracedHello.sayHelloFuture(latch)
+
+    expect:
+    TEST_WRITER.size() == 0
+
+    when:
+    latch.countDown()
+    completableFuture.join()
+
+    then:
+    assertTraces(1) {
+      trace(1) {
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHelloFuture"
+          operationName "trace.annotation"
+          tags {
+            defaultTags()
+            "$Tags.COMPONENT" "trace"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsTest.groovy b/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsTest.groovy
index 7f03155e76e..e8acea20b83 100644
--- a/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsTest.groovy
+++ b/dd-java-agent/instrumentation/trace-annotation/src/test/groovy/TraceAnnotationsTest.groovy
@@ -1,4 +1,5 @@
 import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.agent.test.utils.TraceUtils
 import datadog.trace.api.Trace
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import dd.test.trace.annotation.SayTracedHello
@@ -388,5 +389,126 @@ class TraceAnnotationsTest extends AgentTestRunner {
       }
     }
   }
+
+  def "test measured attribute"() {
+    setup:
+    TraceUtils.runUnderTrace("parent", () -> {
+      SayTracedHello.sayHello()
+      SayTracedHello.sayHelloMeasured()
+      SayTracedHello.sayHello()
+    })
+
+    expect:
+    assertTraces(1) {
+      trace(4) {
+        span {
+          hasServiceName()
+          resourceName "parent"
+          operationName "parent"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+          }
+        }
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHello"
+          operationName "trace.annotation"
+          childOf(span(0))
+          errored false
+          measured false
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHelloMeasured"
+          operationName "trace.annotation"
+          childOf(span(0))
+          errored false
+          measured true
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHello"
+          operationName "trace.annotation"
+          childOf(span(0))
+          errored false
+          measured false
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+      }
+    }
+  }
+
+  def "test noParent attribute"() {
+    setup:
+    TraceUtils.runUnderTrace("parent", () -> {
+      SayTracedHello.sayHello()
+      SayTracedHello.sayHelloNoParent()
+      SayTracedHello.sayHello()
+    })
+
+    expect:
+    assertTraces(2) {
+      trace(3) {
+        span {
+          hasServiceName()
+          resourceName "parent"
+          operationName "parent"
+          parent()
+          errored false
+          tags {
+            defaultTags()
+          }
+        }
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHello"
+          operationName "trace.annotation"
+          childOf(span(0))
+          errored false
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHello"
+          operationName "trace.annotation"
+          childOf(span(0))
+          errored false
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+      }
+      trace(1) {
+        span {
+          serviceName "test"
+          resourceName "SayTracedHello.sayHelloNoParent"
+          operationName "trace.annotation"
+          parent()
+          errored false
+          tags {
+            "$Tags.COMPONENT" "trace"
+            defaultTags()
+          }
+        }
+      }
+    }
+  }
 }
 
diff --git a/dd-java-agent/instrumentation/trace-annotation/src/test/java/dd/test/trace/annotation/SayTracedHello.java b/dd-java-agent/instrumentation/trace-annotation/src/test/java/dd/test/trace/annotation/SayTracedHello.java
index 90f15df910b..24c4468ec9e 100644
--- a/dd-java-agent/instrumentation/trace-annotation/src/test/java/dd/test/trace/annotation/SayTracedHello.java
+++ b/dd-java-agent/instrumentation/trace-annotation/src/test/java/dd/test/trace/annotation/SayTracedHello.java
@@ -5,6 +5,8 @@
 import datadog.trace.api.DDTags;
 import datadog.trace.api.Trace;
 import java.util.concurrent.Callable;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CountDownLatch;
 
 public class SayTracedHello {
 
@@ -52,6 +54,18 @@ public static String sayHELLOsayHAMixedResourceChildren() {
     return sayHello() + sayHAWithResource();
   }
 
+  @Trace(measured = true)
+  public static String sayHelloMeasured() {
+    activeSpan().setTag(DDTags.SERVICE_NAME, "test");
+    return "hello!";
+  }
+
+  @Trace(noParent = true)
+  public static String sayHelloNoParent() {
+    activeSpan().setTag(DDTags.SERVICE_NAME, "test");
+    return "hello!";
+  }
+
   @Trace(operationName = "ERROR")
   public static String sayERROR() {
     throw new RuntimeException();
@@ -62,6 +76,20 @@ public static String sayERRORWithResource() {
     throw new RuntimeException();
   }
 
+  @Trace
+  public static CompletableFuture<String> sayHelloFuture(CountDownLatch latch) {
+    activeSpan().setTag(DDTags.SERVICE_NAME, "test");
+    return CompletableFuture.supplyAsync(
+        () -> {
+          try {
+            latch.await();
+          } catch (InterruptedException e) {
+            throw new RuntimeException(e);
+          }
+          return "hello!";
+        });
+  }
+
   public static String fromCallable() throws Exception {
     return new Callable<String>() {
       @com.newrelic.api.agent.Trace
diff --git a/dd-java-agent/instrumentation/unbescape/build.gradle b/dd-java-agent/instrumentation/unbescape/build.gradle
new file mode 100644
index 00000000000..fd9a6d6eff7
--- /dev/null
+++ b/dd-java-agent/instrumentation/unbescape/build.gradle
@@ -0,0 +1,23 @@
+muzzle {
+  pass {
+    group = 'org.unbescape'
+    module = 'unbescape'
+    versions = '[1.1.0.RELEASE,]'
+    assertInverse = true
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+apply plugin: 'call-site-instrumentation'
+
+addTestSuiteForDir('latestDepTest', 'test')
+
+dependencies {
+  compileOnly group: 'org.unbescape', name: 'unbescape', version: '1.1.0.RELEASE'
+
+  testImplementation group: 'org.unbescape', name: 'unbescape', version: '1.1.0.RELEASE'
+
+  testRuntimeOnly project(':dd-java-agent:instrumentation:iast-instrumenter')
+
+  latestDepTestImplementation group: 'org.unbescape', name: 'unbescape', version: '+'
+}
diff --git a/dd-java-agent/instrumentation/unbescape/src/main/java/datadog/trace/instrumentation/unbescape/EscapeUtilsCallSite.java b/dd-java-agent/instrumentation/unbescape/src/main/java/datadog/trace/instrumentation/unbescape/EscapeUtilsCallSite.java
new file mode 100644
index 00000000000..6a70cf3c71b
--- /dev/null
+++ b/dd-java-agent/instrumentation/unbescape/src/main/java/datadog/trace/instrumentation/unbescape/EscapeUtilsCallSite.java
@@ -0,0 +1,35 @@
+package datadog.trace.instrumentation.unbescape;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.VulnerabilityMarks;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import javax.annotation.Nullable;
+
+@Propagation
+@CallSite(spi = IastCallSites.class)
+public class EscapeUtilsCallSite {
+
+  @CallSite.After("java.lang.String org.unbescape.html.HtmlEscape.escapeHtml4Xml(java.lang.String)")
+  @CallSite.After("java.lang.String org.unbescape.html.HtmlEscape.escapeHtml4(java.lang.String)")
+  @CallSite.After("java.lang.String org.unbescape.html.HtmlEscape.escapeHtml5Xml(java.lang.String)")
+  @CallSite.After("java.lang.String org.unbescape.html.HtmlEscape.escapeHtml5(java.lang.String)")
+  @CallSite.After(
+      "java.lang.String org.unbescape.javascript.JavaScriptEscape.escapeJavaScript(java.lang.String)")
+  public static String afterEscape(
+      @CallSite.Argument(0) @Nullable final String input, @CallSite.Return final String result) {
+    if (input != null && result != null) {
+      final PropagationModule module = InstrumentationBridge.PROPAGATION;
+      if (module != null) {
+        try {
+          module.taintIfTainted(result, input, false, VulnerabilityMarks.XSS_MARK);
+        } catch (final Throwable e) {
+          module.onUnexpectedException("afterEscape threw", e);
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/dd-java-agent/instrumentation/unbescape/src/test/groovy/datadog/trace/instrumentation/unbescape/EscapeUtilsCallSiteTest.groovy b/dd-java-agent/instrumentation/unbescape/src/test/groovy/datadog/trace/instrumentation/unbescape/EscapeUtilsCallSiteTest.groovy
new file mode 100644
index 00000000000..d21427da07d
--- /dev/null
+++ b/dd-java-agent/instrumentation/unbescape/src/test/groovy/datadog/trace/instrumentation/unbescape/EscapeUtilsCallSiteTest.groovy
@@ -0,0 +1,59 @@
+package datadog.trace.instrumentation.unbescape
+
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.api.iast.InstrumentationBridge
+import datadog.trace.api.iast.VulnerabilityMarks
+import datadog.trace.api.iast.propagation.PropagationModule
+import foo.bar.TestEscapeUtilsSuite
+
+class EscapeUtilsCallSiteTest extends AgentTestRunner {
+
+  @Override
+  protected void configurePreAgent() {
+    injectSysConfig("dd.iast.enabled", "true")
+  }
+
+  void 'test #method'() {
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    final result = TestEscapeUtilsSuite.&"$method".call(args)
+
+    then:
+    result == expected
+    1 * module.taintIfTainted(_ as String, args[0], false, VulnerabilityMarks.XSS_MARK)
+    0 * _
+
+    where:
+    method             | args                                                            | expected
+    'escapeHtml4Xml'   | ['<htmlTag>"escape this < </htmlTag>']                          | '&lt;htmlTag&gt;&quot;escape this &lt; &lt;/htmlTag&gt;'
+    'escapeHtml4'      | ['<htmlTag>"escape this < </htmlTag>']                          | '&lt;htmlTag&gt;&quot;escape this &lt; &lt;/htmlTag&gt;'
+    'escapeHtml5'      | ['<htmlTag>"escape this < </htmlTag>']                          | '&lt;htmlTag&gt;&quot;escape this &lt; &lt;/htmlTag&gt;'
+    'escapeHtml5Xml'   | ['<htmlTag>"escape this < </htmlTag>']                          | '&lt;htmlTag&gt;&quot;escape this &lt; &lt;/htmlTag&gt;'
+    'escapeJavaScript' | ['<script>function a(){console.log("escape this < ")}<script>'] | '<script>function a(){console.log(\\"escape this < \\")}<script>'
+  }
+
+  void 'test #method with null args not thrown exception'() {
+
+    given:
+    final module = Mock(PropagationModule)
+    InstrumentationBridge.registerIastModule(module)
+
+    when:
+    TestEscapeUtilsSuite.&"$method".call(null)
+
+    then:
+    notThrown(Exception)
+    0 * _
+
+    where:
+    method             | _
+    'escapeHtml4Xml'   | _
+    'escapeHtml4'      | _
+    'escapeHtml5'      | _
+    'escapeHtml5Xml'   | _
+    'escapeJavaScript' | _
+  }
+}
diff --git a/dd-java-agent/instrumentation/unbescape/src/test/java/foo/bar/TestEscapeUtilsSuite.java b/dd-java-agent/instrumentation/unbescape/src/test/java/foo/bar/TestEscapeUtilsSuite.java
new file mode 100644
index 00000000000..f917c2ea09f
--- /dev/null
+++ b/dd-java-agent/instrumentation/unbescape/src/test/java/foo/bar/TestEscapeUtilsSuite.java
@@ -0,0 +1,27 @@
+package foo.bar;
+
+import org.unbescape.html.HtmlEscape;
+import org.unbescape.javascript.JavaScriptEscape;
+
+public class TestEscapeUtilsSuite {
+
+  public static String escapeHtml4Xml(String input) {
+    return HtmlEscape.escapeHtml4Xml(input);
+  }
+
+  public static String escapeHtml4(String input) {
+    return HtmlEscape.escapeHtml4(input);
+  }
+
+  public static String escapeHtml5(String input) {
+    return HtmlEscape.escapeHtml5(input);
+  }
+
+  public static String escapeHtml5Xml(String input) {
+    return HtmlEscape.escapeHtml5Xml(input);
+  }
+
+  public static String escapeJavaScript(String input) {
+    return JavaScriptEscape.escapeJavaScript(input);
+  }
+}
diff --git a/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockResponseFunction.java b/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockResponseFunction.java
index c39dc7cdf02..20440c188d4 100644
--- a/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockResponseFunction.java
+++ b/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockResponseFunction.java
@@ -3,6 +3,7 @@
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.BlockResponseFunction;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import io.undertow.server.HttpServerExchange;
 import java.util.Map;
 
@@ -15,9 +16,13 @@ public UndertowBlockResponseFunction(HttpServerExchange exchange) {
 
   @Override
   public boolean tryCommitBlockingResponse(
-      int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders) {
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType templateType,
+      Map<String, String> extraHeaders) {
     Flow.Action.RequestBlockingAction rab =
         new Flow.Action.RequestBlockingAction(statusCode, templateType, extraHeaders);
+    exchange.putAttachment(UndertowBlockingHandler.TRACE_SEGMENT, segment);
     exchange.putAttachment(UndertowBlockingHandler.REQUEST_BLOCKING_DATA, rab);
     if (exchange.isInIoThread()) {
       exchange.dispatch(UndertowBlockingHandler.INSTANCE);
diff --git a/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockingHandler.java b/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockingHandler.java
index ee7ceab9fd2..c7ccfc85032 100644
--- a/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockingHandler.java
+++ b/dd-java-agent/instrumentation/undertow/src/main/java/datadog/trace/instrumentation/undertow/UndertowBlockingHandler.java
@@ -4,6 +4,7 @@
 
 import datadog.appsec.api.blocking.BlockingContentType;
 import datadog.trace.api.gateway.Flow;
+import datadog.trace.api.internal.TraceSegment;
 import datadog.trace.bootstrap.blocking.BlockingActionHelper;
 import datadog.trace.bootstrap.instrumentation.api.AgentScope;
 import io.undertow.server.HttpHandler;
@@ -28,6 +29,8 @@ public class UndertowBlockingHandler implements HttpHandler {
 
   public static final AttachmentKey<Flow.Action.RequestBlockingAction> REQUEST_BLOCKING_DATA =
       AttachmentKey.create(Flow.Action.RequestBlockingAction.class);
+  public static final AttachmentKey<TraceSegment> TRACE_SEGMENT =
+      AttachmentKey.create(TraceSegment.class);
 
   private UndertowBlockingHandler() {}
 
@@ -44,6 +47,7 @@ private static void commitBlockingResponse(
       return;
     }
 
+    TraceSegment segment = xchg.getAttachment(TRACE_SEGMENT);
     xchg.putAttachment(IgnoreSendAttribute.IGNORE_SEND_KEY, IgnoreSendAttribute.INSTANCE);
 
     try {
@@ -70,6 +74,8 @@ private static void commitBlockingResponse(
         buffer = EMPTY_BB;
       }
 
+      segment.effectivelyBlocked();
+
       // blocking response to avoid having the intercepted caller and its callers interfere
       // even if this is an IO thread...
       // The async alternative at this level would be to set a write listener and call
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/FormDataParserInstrumentation.java b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/FormDataParserInstrumentation.java
index 44f33ebb613..772ead0066c 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/FormDataParserInstrumentation.java
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/FormDataParserInstrumentation.java
@@ -91,7 +91,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           if (t == null) {
             t = new BlockingException("Blocked request (for FormEncodedDataParser/doParse)");
           }
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HandlerInstrumentation.java b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HandlerInstrumentation.java
index b3462a876db..10064c0ccdf 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HandlerInstrumentation.java
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HandlerInstrumentation.java
@@ -3,6 +3,7 @@
 import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
 import static datadog.trace.instrumentation.undertow.UndertowBlockingHandler.REQUEST_BLOCKING_DATA;
+import static datadog.trace.instrumentation.undertow.UndertowBlockingHandler.TRACE_SEGMENT;
 import static datadog.trace.instrumentation.undertow.UndertowDecorator.DD_UNDERTOW_CONTINUATION;
 import static datadog.trace.instrumentation.undertow.UndertowDecorator.DECORATE;
 import static net.bytebuddy.matcher.ElementMatchers.isMethod;
@@ -109,6 +110,7 @@ public static void onEnter(
       RequestBlockingAction rab = span.getRequestBlockingAction();
       if (rab != null) {
         exchange.putAttachment(REQUEST_BLOCKING_DATA, rab);
+        exchange.putAttachment(TRACE_SEGMENT, span.getRequestContext().getTraceSegment());
         handler = UndertowBlockingHandler.INSTANCE;
       }
     }
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HttpServerExchangeSenderInstrumentation.java b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HttpServerExchangeSenderInstrumentation.java
index ff5e7a3e6a9..ff7dbb54282 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HttpServerExchangeSenderInstrumentation.java
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/HttpServerExchangeSenderInstrumentation.java
@@ -80,6 +80,8 @@ static class GetResponseChannelAdvice {
       Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
 
       xchg.putAttachment(UndertowBlockingHandler.REQUEST_BLOCKING_DATA, rba);
+      xchg.putAttachment(
+          UndertowBlockingHandler.TRACE_SEGMENT, span.getRequestContext().getTraceSegment());
       UndertowBlockingHandler.INSTANCE.handleRequest(xchg);
       return true;
     }
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/MultiPartUploadHandlerInstrumentation.java b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/MultiPartUploadHandlerInstrumentation.java
index 9f2521cf584..c367904f8d2 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/MultiPartUploadHandlerInstrumentation.java
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/main/java/datadog/trace/instrumentation/undertow/MultiPartUploadHandlerInstrumentation.java
@@ -97,7 +97,10 @@ static void after(
         BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
         if (blockResponseFunction != null) {
           blockResponseFunction.tryCommitBlockingResponse(
-              rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+              reqCtx.getTraceSegment(),
+              rba.getStatusCode(),
+              rba.getBlockingContentType(),
+              rba.getExtraHeaders());
           if (t == null) {
             t = new BlockingException("Blocked request (for MultiPartUploadHandler/parseBlocking)");
           }
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowDispatcherTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowDispatcherTest.groovy
index 878da86ccb8..a2b516e5170 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowDispatcherTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowDispatcherTest.groovy
@@ -170,6 +170,11 @@ abstract class UndertowDispatcherTest extends HttpServerTest<Undertow> {
     return operation()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletAsyncTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletAsyncTest.groovy
index 1619ae7e1a6..e4d0a95908a 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletAsyncTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletAsyncTest.groovy
@@ -250,6 +250,11 @@ class UndertowServletAsyncTest extends HttpServerTest<Undertow> {
     'undertow-http-server'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   String expectedOperationName() {
     operation()
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletTest.groovy
index 4d869a3574a..ac4323ffa19 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowServletTest.groovy
@@ -106,6 +106,11 @@ abstract class UndertowServletTest extends HttpServerTest<Undertow> {
     return operation()
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowTest.groovy
index 8aa39ba290f..3258925ad1e 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/groovy/UndertowTest.groovy
@@ -161,6 +161,11 @@ class UndertowTest extends HttpServerTest<Undertow> {
     return 'undertow-http.request'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowDispatcherTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowDispatcherTest.groovy
index 17fd70cea08..f1c8f69c8f3 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowDispatcherTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowDispatcherTest.groovy
@@ -157,6 +157,11 @@ class UndertowDispatcherTest extends HttpServerTest<Undertow> {
     return 'undertow-http.request'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowServletTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowServletTest.groovy
index ffd7e8afa27..dd3769209b8 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowServletTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowServletTest.groovy
@@ -57,7 +57,6 @@ class UndertowServletTest extends HttpServerTest<Undertow> {
 
       DeploymentManager manager = container.addDeployment(builder)
       manager.deploy()
-      System.out.println(">>> builder.getContextPath(): " + builder.getContextPath())
       root.addPrefixPath(builder.getContextPath(), manager.start())
 
       undertowServer = Undertow.builder()
@@ -100,6 +99,11 @@ class UndertowServletTest extends HttpServerTest<Undertow> {
     return 'servlet.request'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowTest.groovy b/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowTest.groovy
index 18549d94c5c..c369cce9e43 100644
--- a/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowTest.groovy
+++ b/dd-java-agent/instrumentation/undertow/undertow-2.2/src/test/groovy/UndertowTest.groovy
@@ -155,6 +155,11 @@ class UndertowTest extends HttpServerTest<Undertow> {
     return 'undertow-http.request'
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   boolean testExceptionBody() {
     false
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_sql_client/VertxSqlClientDecorator.java b/dd-java-agent/instrumentation/vertx-mysql-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_sql_client/VertxSqlClientDecorator.java
index 00095ba99d0..d93c9604eaa 100644
--- a/dd-java-agent/instrumentation/vertx-mysql-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_sql_client/VertxSqlClientDecorator.java
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_sql_client/VertxSqlClientDecorator.java
@@ -4,6 +4,7 @@
 import static datadog.trace.bootstrap.instrumentation.api.Tags.DB_OPERATION;
 
 import datadog.trace.api.Pair;
+import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
@@ -24,6 +25,8 @@ public class VertxSqlClientDecorator extends DatabaseClientDecorator<DBInfo> {
       UTF8BytesString.create("vertx-sql-statement");
   private static final UTF8BytesString VERTX_PREPARED_STATEMENT =
       UTF8BytesString.create("vertx-sql-prepared_statement");
+  private static final String DEFAULT_SERVICE_NAME =
+      SpanNaming.instance().namingSchema().database().service("vertx-sql");
 
   @Override
   protected String[] instrumentationNames() {
@@ -32,7 +35,7 @@ protected String[] instrumentationNames() {
 
   @Override
   protected String service() {
-    return "vertx-sql"; // Overridden by onConnection
+    return DEFAULT_SERVICE_NAME; // Overridden by onConnection
   }
 
   @Override
@@ -105,7 +108,9 @@ public <T> AgentSpan startAndDecorateSpanForStatement(
   @Override
   protected void postProcessServiceAndOperationName(
       AgentSpan span, DatabaseClientDecorator.NamingEntry namingEntry) {
-    span.setServiceName(namingEntry.getService());
+    if (namingEntry.getService() != null) {
+      span.setServiceName(namingEntry.getService());
+    }
     span.setOperationName(namingEntry.getOperation());
   }
 }
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/build.gradle b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/build.gradle
new file mode 100644
index 00000000000..b4219914d5e
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/build.gradle
@@ -0,0 +1,36 @@
+
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = 'io.vertx'
+    module = 'vertx-mysql-client'
+    versions = '[4.0.0,5.0.0)'
+    assertInverse = true
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+addTestSuiteExtendingForDir('latestDepForkedTest', 'latestDepTest', 'test')
+
+apply from: "$rootDir/gradle/configure_tests.gradle"
+
+latestDepTest {
+  finalizedBy 'latestDepForkedTest'
+}
+
+dependencies {
+  compileOnly group: 'io.vertx', name: 'vertx-mysql-client', version: '4.0.0'
+
+  testImplementation group: 'io.vertx', name: 'vertx-mysql-client', version: '4.0.0'
+
+  // This is needed for the test container to start
+  testImplementation group: 'mysql', name: 'mysql-connector-java', version: '8.0.23'
+  testImplementation "org.testcontainers:mysql:${versions.testcontainers}"
+
+  latestDepTestImplementation group: 'io.vertx', name: 'vertx-mysql-client', version: '4.0.+'
+}
+
+tasks.withType(Test).configureEach {
+  usesService(testcontainersLimit)
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/CursorImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/CursorImplInstrumentation.java
new file mode 100644
index 00000000000..630af5379c6
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/CursorImplInstrumentation.java
@@ -0,0 +1,46 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class CursorImplInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public CursorImplInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.sqlclient.PreparedStatement", "datadog.trace.api.Pair");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".QueryResultHandlerWrapper", packageName + ".VertxSqlClientDecorator",
+    };
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.sqlclient.impl.CursorImpl";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("read"))
+            .and(takesArgument(1, named("io.vertx.core.Handler"))),
+        packageName + ".CursorReadAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/CursorReadAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/CursorReadAdvice.java
new file mode 100644
index 00000000000..f02405d8f58
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/CursorReadAdvice.java
@@ -0,0 +1,56 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.captureSpan;
+import static datadog.trace.instrumentation.vertx_sql_client_4.VertxSqlClientDecorator.DECORATE;
+
+import datadog.trace.api.Pair;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.vertx.core.AsyncResult;
+import io.vertx.core.Handler;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.PreparedStatement;
+import io.vertx.sqlclient.Row;
+import io.vertx.sqlclient.RowSet;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.implementation.bytecode.assign.Assigner;
+
+public class CursorReadAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  public static AgentScope beforeRead(
+      @Advice.Argument(value = 1, readOnly = false) Handler<AsyncResult<RowSet<Row>>> handler,
+      @Advice.FieldValue(value = "ps", typing = Assigner.Typing.DYNAMIC)
+          final PreparedStatement ps) {
+    if (handler instanceof QueryResultHandlerWrapper) {
+      return null;
+    }
+    final AgentSpan parentSpan = activeSpan();
+    final AgentScope.Continuation parentContinuation =
+        null == parentSpan ? null : captureSpan(parentSpan);
+    final AgentSpan clientSpan =
+        DECORATE.startAndDecorateSpanForStatement(
+            ps, InstrumentationContext.get(PreparedStatement.class, Pair.class), true);
+    if (null == clientSpan) {
+      return null;
+    }
+    handler = new QueryResultHandlerWrapper<>(handler, clientSpan, parentContinuation);
+
+    return activateSpan(clientSpan, true);
+  }
+
+  @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+  public static void afterRead(
+      @Advice.Thrown final Throwable throwable, @Advice.Enter final AgentScope clientScope) {
+    if (null != clientScope) {
+      clientScope.close();
+    }
+  }
+
+  // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionFactoryConstructorAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionFactoryConstructorAdvice.java
new file mode 100644
index 00000000000..92832a1df92
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionFactoryConstructorAdvice.java
@@ -0,0 +1,31 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import io.vertx.mysqlclient.MySQLConnectOptions;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.mysqlclient.impl.MySQLConnectionFactory;
+import net.bytebuddy.asm.Advice;
+
+public class MySQLConnectionFactoryConstructorAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterConstructor(
+      @Advice.This final MySQLConnectionFactory zis,
+      @Advice.Argument(1) final MySQLConnectOptions options) {
+    DBInfo.Builder builder = DBInfo.DEFAULT.toBuilder();
+    DBInfo info =
+        builder
+            .host(options.getHost())
+            .port(options.getPort())
+            .db(options.getDatabase())
+            .user(options.getUser())
+            .type("mysql")
+            .build();
+    InstrumentationContext.get(MySQLConnectionFactory.class, DBInfo.class).put(zis, info);
+  }
+
+  // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionFactoryInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionFactoryInstrumentation.java
new file mode 100644
index 00000000000..c11c49a68be
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionFactoryInstrumentation.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class MySQLConnectionFactoryInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public MySQLConnectionFactoryInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.mysqlclient.impl.MySQLConnectionFactory", DBInfo.class.getName());
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.mysqlclient.impl.MySQLConnectionFactory";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(2))
+            .and(takesArgument(1, named("io.vertx.mysqlclient.MySQLConnectOptions"))),
+        packageName + ".MySQLConnectionFactoryConstructorAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionImplConstructorAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionImplConstructorAdvice.java
new file mode 100644
index 00000000000..8651dca62cd
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionImplConstructorAdvice.java
@@ -0,0 +1,24 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.mysqlclient.impl.MySQLConnectionFactory;
+import io.vertx.sqlclient.SqlClient;
+import net.bytebuddy.asm.Advice;
+
+public class MySQLConnectionImplConstructorAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterConstructor(
+      @Advice.This final SqlClient zis, @Advice.Argument(0) final MySQLConnectionFactory factory) {
+    InstrumentationContext.get(SqlClient.class, DBInfo.class)
+        .put(
+            zis,
+            InstrumentationContext.get(MySQLConnectionFactory.class, DBInfo.class).get(factory));
+  }
+
+  // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionImplInstrumentation.java
new file mode 100644
index 00000000000..74f40612db6
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLConnectionImplInstrumentation.java
@@ -0,0 +1,40 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class MySQLConnectionImplInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public MySQLConnectionImplInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStores = new HashMap<>();
+    contextStores.put("io.vertx.mysqlclient.impl.MySQLConnectionFactory", DBInfo.class.getName());
+    contextStores.put("io.vertx.sqlclient.SqlClient", DBInfo.class.getName());
+    return contextStores;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.mysqlclient.impl.MySQLConnectionImpl";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArgument(0, named("io.vertx.mysqlclient.impl.MySQLConnectionFactory"))),
+        packageName + ".MySQLConnectionImplConstructorAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLPoolImplAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLPoolImplAdvice.java
new file mode 100644
index 00000000000..9702604f48c
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLPoolImplAdvice.java
@@ -0,0 +1,31 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import io.vertx.mysqlclient.MySQLConnectOptions;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.SqlClient;
+import net.bytebuddy.asm.Advice;
+
+public class MySQLPoolImplAdvice {
+
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterCreate(
+      @Advice.Return final SqlClient zis, @Advice.Argument(2) MySQLConnectOptions options) {
+    DBInfo.Builder builder = DBInfo.DEFAULT.toBuilder();
+    DBInfo info =
+        builder
+            .host(options.getHost())
+            .port(options.getPort())
+            .db(options.getDatabase())
+            .user(options.getUser())
+            .type("mysql")
+            .build();
+    InstrumentationContext.get(SqlClient.class, DBInfo.class).put(zis, info);
+  }
+
+  // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLPoolImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLPoolImplInstrumentation.java
new file mode 100644
index 00000000000..4ae86586766
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/MySQLPoolImplInstrumentation.java
@@ -0,0 +1,44 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.isStatic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class MySQLPoolImplInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public MySQLPoolImplInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.sqlclient.SqlClient", DBInfo.class.getName());
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.mysqlclient.impl.MySQLPoolImpl";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isStatic()
+            .and(isPublic())
+            .and(isMethod())
+            .and(named("create"))
+            .and(takesArguments(4))
+            .and(takesArgument(2, named("io.vertx.mysqlclient.MySQLConnectOptions"))),
+        packageName + ".MySQLPoolImplAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PrepareHandlerWrapper.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PrepareHandlerWrapper.java
new file mode 100644
index 00000000000..202db4fcc66
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PrepareHandlerWrapper.java
@@ -0,0 +1,32 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.api.Pair;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBQueryInfo;
+import io.vertx.core.AsyncResult;
+import io.vertx.core.Handler;
+import io.vertx.sqlclient.PreparedStatement;
+
+public class PrepareHandlerWrapper implements Handler<AsyncResult<PreparedStatement>> {
+  private final Handler<AsyncResult<PreparedStatement>> handler;
+  private final ContextStore<PreparedStatement, Pair> contextStore;
+  private final Pair<DBInfo, DBQueryInfo> queryInfo;
+
+  public PrepareHandlerWrapper(
+      Handler<AsyncResult<PreparedStatement>> handler,
+      ContextStore<PreparedStatement, Pair> contextStore,
+      Pair<DBInfo, DBQueryInfo> queryInfo) {
+    this.handler = handler;
+    this.contextStore = contextStore;
+    this.queryInfo = queryInfo;
+  }
+
+  @Override
+  public void handle(AsyncResult<PreparedStatement> event) {
+    if (event.succeeded()) {
+      contextStore.put(event.result(), queryInfo);
+    }
+    handler.handle(event);
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedQueryInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedQueryInstrumentation.java
new file mode 100644
index 00000000000..947edd345ee
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedQueryInstrumentation.java
@@ -0,0 +1,71 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.HierarchyMatchers.implementsInterface;
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.isVirtual;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.Map;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+@AutoService(Instrumenter.class)
+public class PreparedQueryInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForTypeHierarchy {
+  public PreparedQueryInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.sqlclient.Query", "datadog.trace.api.Pair");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".QueryResultHandlerWrapper", packageName + ".VertxSqlClientDecorator",
+    };
+  }
+
+  @Override
+  public String hierarchyMarkerType() {
+    return "io.vertx.sqlclient.PreparedQuery";
+  }
+
+  @Override
+  public ElementMatcher<TypeDescription> hierarchyMatcher() {
+    return implementsInterface(named(hierarchyMarkerType()));
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("execute"))
+            .and(takesArguments(2))
+            .and(takesArgument(1, named("io.vertx.core.Handler"))),
+        packageName + ".QueryAdvice$Execute");
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("executeBatch"))
+            .and(takesArguments(2))
+            .and(takesArgument(1, named("io.vertx.core.Handler"))),
+        packageName + ".QueryAdvice$Execute");
+    transformation.applyAdvice(
+        isMethod()
+            .and(isVirtual())
+            .and(named("copy"))
+            .and(returns(named("io.vertx.sqlclient.impl.QueryBase"))),
+        packageName + ".QueryAdvice$Copy");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedStatementImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedStatementImplInstrumentation.java
new file mode 100644
index 00000000000..3f0d1a129b6
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedStatementImplInstrumentation.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesNoArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.HashMap;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class PreparedStatementImplInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public PreparedStatementImplInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStores = new HashMap<>();
+    contextStores.put("io.vertx.sqlclient.PreparedStatement", "datadog.trace.api.Pair");
+    contextStores.put("io.vertx.sqlclient.Query", "datadog.trace.api.Pair");
+    return contextStores;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.sqlclient.impl.PreparedStatementImpl";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod().and(isPublic()).and(named("query")).and(takesNoArguments()),
+        packageName + ".PreparedStatementQueryAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedStatementQueryAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedStatementQueryAdvice.java
new file mode 100644
index 00000000000..be541910ec7
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/PreparedStatementQueryAdvice.java
@@ -0,0 +1,22 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.api.Pair;
+import datadog.trace.bootstrap.InstrumentationContext;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.PreparedStatement;
+import io.vertx.sqlclient.Query;
+import net.bytebuddy.asm.Advice;
+
+public class PreparedStatementQueryAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterQuery(
+      @Advice.This final PreparedStatement zis, @Advice.Return final Query query) {
+    InstrumentationContext.get(Query.class, Pair.class)
+        .put(query, InstrumentationContext.get(PreparedStatement.class, Pair.class).get(zis));
+  }
+
+  // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryAdvice.java
new file mode 100644
index 00000000000..3ee9ba79e59
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryAdvice.java
@@ -0,0 +1,82 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.captureSpan;
+import static datadog.trace.instrumentation.vertx_sql_client_4.VertxSqlClientDecorator.DECORATE;
+
+import datadog.trace.api.Pair;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.vertx.core.AsyncResult;
+import io.vertx.core.Handler;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.Query;
+import io.vertx.sqlclient.SqlResult;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.implementation.bytecode.assign.Assigner;
+
+public class QueryAdvice {
+  public static class Copy {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void afterCopy(
+        @Advice.This final Query<?> zis, @Advice.Return final Query<?> ret) {
+      ContextStore<Query, Pair> contextStore = InstrumentationContext.get(Query.class, Pair.class);
+      contextStore.put(ret, contextStore.get(zis));
+    }
+
+    // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+    private static void muzzleCheck(MySQLConnection connection) {
+      connection.ping();
+    }
+  }
+
+  public static class Execute {
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    public static <T, R extends SqlResult<T>> AgentScope beforeExecute(
+        @Advice.This final Query<?> zis,
+        @Advice.Argument(
+                value = 0,
+                readOnly = false,
+                optional = true,
+                typing = Assigner.Typing.DYNAMIC)
+            Object maybeHandler,
+        @Advice.Argument(value = 1, readOnly = false, optional = true)
+            Handler<AsyncResult<R>> handler) {
+      final boolean prepared = !(maybeHandler instanceof Handler);
+
+      final AgentSpan parentSpan = activeSpan();
+      final AgentScope.Continuation parentContinuation =
+          null == parentSpan ? null : captureSpan(parentSpan);
+      final AgentSpan clientSpan =
+          DECORATE.startAndDecorateSpanForStatement(
+              zis, InstrumentationContext.get(Query.class, Pair.class), prepared);
+      if (null == clientSpan) {
+        return null;
+      }
+      if (prepared) {
+        handler = new QueryResultHandlerWrapper<>(handler, clientSpan, parentContinuation);
+      } else {
+        maybeHandler =
+            new QueryResultHandlerWrapper<>(
+                (Handler<AsyncResult<R>>) maybeHandler, clientSpan, parentContinuation);
+      }
+      return activateSpan(clientSpan);
+    }
+
+    @Advice.OnMethodExit(onThrowable = Throwable.class, suppress = Throwable.class)
+    public static void afterExecute(
+        @Advice.Thrown final Throwable throwable, @Advice.Enter final AgentScope clientScope) {
+      if (null != clientScope) {
+        clientScope.close();
+      }
+    }
+
+    // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+    private static void muzzleCheck(MySQLConnection connection) {
+      connection.ping();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryImplInstrumentation.java
new file mode 100644
index 00000000000..5d1bc38ddb7
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryImplInstrumentation.java
@@ -0,0 +1,56 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.isVirtual;
+import static net.bytebuddy.matcher.ElementMatchers.returns;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class QueryImplInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public QueryImplInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.sqlclient.Query", "datadog.trace.api.Pair");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".QueryResultHandlerWrapper", packageName + ".VertxSqlClientDecorator",
+    };
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.sqlclient.impl.SqlClientBase$QueryImpl";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("execute"))
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("io.vertx.core.Handler"))),
+        packageName + ".QueryAdvice$Execute");
+    transformation.applyAdvice(
+        isMethod()
+            .and(isVirtual())
+            .and(named("copy"))
+            .and(returns(named("io.vertx.sqlclient.impl.QueryBase"))),
+        packageName + ".QueryAdvice$Copy");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryResultHandlerWrapper.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryResultHandlerWrapper.java
new file mode 100644
index 00000000000..e0d77a5a613
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/QueryResultHandlerWrapper.java
@@ -0,0 +1,41 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import io.vertx.core.AsyncResult;
+import io.vertx.core.Handler;
+import io.vertx.sqlclient.SqlResult;
+
+public class QueryResultHandlerWrapper<T, R extends SqlResult<T>>
+    implements Handler<AsyncResult<R>> {
+  private final Handler<AsyncResult<R>> handler;
+  private final AgentSpan clientSpan;
+  private final AgentScope.Continuation parentContinuation;
+
+  public QueryResultHandlerWrapper(
+      final Handler<AsyncResult<R>> handler,
+      final AgentSpan clientSpan,
+      final AgentScope.Continuation parentContinuation) {
+    this.handler = handler;
+    this.clientSpan = clientSpan;
+    this.parentContinuation = parentContinuation;
+  }
+
+  @Override
+  public void handle(final AsyncResult<R> event) {
+    AgentScope scope = null;
+    try {
+      if (null != clientSpan) {
+        clientSpan.finish();
+      }
+      if (null != parentContinuation) {
+        scope = parentContinuation.activate();
+      }
+      handler.handle(event);
+    } finally {
+      if (null != scope) {
+        scope.close();
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlClientBaseAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlClientBaseAdvice.java
new file mode 100644
index 00000000000..354440516fa
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlClientBaseAdvice.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.api.Pair;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBQueryInfo;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.Query;
+import io.vertx.sqlclient.SqlClient;
+import net.bytebuddy.asm.Advice;
+
+public class SqlClientBaseAdvice {
+  public static class NormalQuery {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void afterQuery(
+        @Advice.This final SqlClient zis,
+        @Advice.Argument(0) final String sql,
+        @Advice.Return final Query query) {
+
+      Pair<DBInfo, DBQueryInfo> info =
+          Pair.of(
+              InstrumentationContext.get(SqlClient.class, DBInfo.class).get(zis),
+              DBQueryInfo.ofStatement(sql));
+      InstrumentationContext.get(Query.class, Pair.class).put(query, info);
+    }
+
+    // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+    private static void muzzleCheck(MySQLConnection connection) {
+      connection.ping();
+    }
+  }
+
+  public static class PreparedQuery {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void afterPreparedQuery(
+        @Advice.This final SqlClient zis,
+        @Advice.Argument(0) final String sql,
+        @Advice.Return final Query query) {
+      Pair<DBInfo, DBQueryInfo> info =
+          Pair.of(
+              InstrumentationContext.get(SqlClient.class, DBInfo.class).get(zis),
+              DBQueryInfo.ofPreparedStatement(sql));
+      InstrumentationContext.get(Query.class, Pair.class).put(query, info);
+    }
+
+    // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+    private static void muzzleCheck(MySQLConnection connection) {
+      connection.ping();
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlClientBaseInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlClientBaseInstrumentation.java
new file mode 100644
index 00000000000..b1c9cdea6bf
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlClientBaseInstrumentation.java
@@ -0,0 +1,52 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class SqlClientBaseInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public SqlClientBaseInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStores = new HashMap<>();
+    contextStores.put("io.vertx.sqlclient.SqlClient", DBInfo.class.getName());
+    contextStores.put("io.vertx.sqlclient.Query", "datadog.trace.api.Pair");
+    return contextStores;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.sqlclient.impl.SqlClientBase";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("query"))
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("java.lang.String"))),
+        packageName + ".SqlClientBaseAdvice$NormalQuery");
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("preparedQuery"))
+            .and(takesArguments(1))
+            .and(takesArgument(0, named("java.lang.String"))),
+        packageName + ".SqlClientBaseAdvice$PreparedQuery");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlConnectionBaseInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlConnectionBaseInstrumentation.java
new file mode 100644
index 00000000000..0d5640b4f5e
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlConnectionBaseInstrumentation.java
@@ -0,0 +1,51 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class SqlConnectionBaseInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public SqlConnectionBaseInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStores = new HashMap<>();
+    contextStores.put("io.vertx.sqlclient.SqlClient", DBInfo.class.getName());
+    contextStores.put("io.vertx.sqlclient.PreparedStatement", "datadog.trace.api.Pair");
+    return contextStores;
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {packageName + ".PrepareHandlerWrapper"};
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.sqlclient.impl.SqlConnectionBase";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPublic())
+            .and(named("prepare"))
+            .and(takesArguments(2))
+            .and(takesArgument(0, named("java.lang.String")))
+            .and(takesArgument(1, named("io.vertx.core.Handler"))),
+        packageName + ".SqlConnectionBasePrepareAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlConnectionBasePrepareAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlConnectionBasePrepareAdvice.java
new file mode 100644
index 00000000000..736084d67a7
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/SqlConnectionBasePrepareAdvice.java
@@ -0,0 +1,35 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import datadog.trace.api.Pair;
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBQueryInfo;
+import io.vertx.core.AsyncResult;
+import io.vertx.core.Handler;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.PreparedStatement;
+import io.vertx.sqlclient.SqlClient;
+import net.bytebuddy.asm.Advice;
+
+public class SqlConnectionBasePrepareAdvice {
+  @Advice.OnMethodEnter(suppress = Throwable.class)
+  public static void beforePrepare(
+      @Advice.This final SqlClient zis,
+      @Advice.Argument(0) final String sql,
+      @Advice.Argument(value = 1, readOnly = false)
+          Handler<AsyncResult<PreparedStatement>> handler) {
+    Pair<DBInfo, DBQueryInfo> info =
+        Pair.of(
+            InstrumentationContext.get(SqlClient.class, DBInfo.class).get(zis),
+            DBQueryInfo.ofStatement(sql));
+
+    handler =
+        new PrepareHandlerWrapper(
+            handler, InstrumentationContext.get(PreparedStatement.class, Pair.class), info);
+  }
+
+  // Limit ourselves to 4.x by checking for the ping() method that was added in 4.x
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/VertxSqlClientDecorator.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/VertxSqlClientDecorator.java
new file mode 100644
index 00000000000..a1b19c81169
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4/VertxSqlClientDecorator.java
@@ -0,0 +1,115 @@
+package datadog.trace.instrumentation.vertx_sql_client_4;
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
+import static datadog.trace.bootstrap.instrumentation.api.Tags.DB_OPERATION;
+
+import datadog.trace.api.Pair;
+import datadog.trace.api.naming.SpanNaming;
+import datadog.trace.bootstrap.ContextStore;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
+import datadog.trace.bootstrap.instrumentation.api.Tags;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.bootstrap.instrumentation.decorator.DatabaseClientDecorator;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBQueryInfo;
+
+public class VertxSqlClientDecorator extends DatabaseClientDecorator<DBInfo> {
+
+  public static final VertxSqlClientDecorator DECORATE = new VertxSqlClientDecorator();
+
+  private static final CharSequence VERTX_SQL = UTF8BytesString.create("vertx-sql");
+  private static final CharSequence DATABASE_QUERY = UTF8BytesString.create("database.query");
+  private static final UTF8BytesString DB_QUERY = UTF8BytesString.create("DB Query");
+  private static final UTF8BytesString VERTX_STATEMENT =
+      UTF8BytesString.create("vertx-sql-statement");
+  private static final UTF8BytesString VERTX_PREPARED_STATEMENT =
+      UTF8BytesString.create("vertx-sql-prepared_statement");
+  private static final String DEFAULT_SERVICE_NAME =
+      SpanNaming.instance().namingSchema().database().service("vertx-sql");
+
+  @Override
+  protected String[] instrumentationNames() {
+    return new String[] {"vertx", "vertx-sql-client"};
+  }
+
+  @Override
+  protected String service() {
+    return DEFAULT_SERVICE_NAME; // Overridden by onConnection
+  }
+
+  @Override
+  protected CharSequence component() {
+    return VERTX_SQL; // Overridden by onStatement and onPreparedStatement
+  }
+
+  @Override
+  protected CharSequence spanType() {
+    return InternalSpanTypes.SQL;
+  }
+
+  @Override
+  protected String dbType() {
+    return "vertx-sql";
+  }
+
+  @Override
+  protected String dbUser(final DBInfo info) {
+    return info.getUser();
+  }
+
+  @Override
+  protected String dbInstance(final DBInfo info) {
+    if (info.getInstance() != null) {
+      return info.getInstance();
+    } else {
+      return info.getDb();
+    }
+  }
+
+  @Override
+  protected String dbHostname(final DBInfo info) {
+    return info.getHost();
+  }
+
+  public <T> AgentSpan startAndDecorateSpanForStatement(
+      T query, ContextStore<T, Pair> contextStore, boolean prepared) {
+    CharSequence component = prepared ? VERTX_PREPARED_STATEMENT : VERTX_STATEMENT;
+    AgentSpan span = startSpan(DATABASE_QUERY);
+    if (null == span) {
+      return null;
+    }
+    afterStart(span);
+
+    DBInfo dbInfo = null;
+    DBQueryInfo dbQueryInfo = null;
+    Pair<DBInfo, DBQueryInfo> queryInfo = contextStore.get(query);
+    if (queryInfo != null) {
+      dbInfo = queryInfo.getLeft();
+      dbQueryInfo = queryInfo.getRight();
+    }
+
+    if (dbInfo != null) {
+      processDatabaseType(span, dbInfo.getType());
+    }
+    super.onConnection(span, dbInfo);
+    if (null != dbQueryInfo) {
+      span.setResourceName(dbQueryInfo.getSql());
+      span.setTag(DB_OPERATION, dbQueryInfo.getOperation());
+    } else {
+      span.setResourceName(DB_QUERY);
+    }
+    span.setTag(Tags.COMPONENT, component);
+
+    return span;
+  }
+
+  @Override
+  protected void postProcessServiceAndOperationName(
+      AgentSpan span, DatabaseClientDecorator.NamingEntry namingEntry) {
+    if (namingEntry.getService() != null) {
+      span.setServiceName(namingEntry.getService());
+    }
+    span.setOperationName(namingEntry.getOperation());
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/test/groovy/VertxSqlClientForkedTest.groovy b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/test/groovy/VertxSqlClientForkedTest.groovy
new file mode 100644
index 00000000000..b32c36759b5
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/test/groovy/VertxSqlClientForkedTest.groovy
@@ -0,0 +1,345 @@
+import TestDatabases.TestDBInfo
+import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.agent.test.asserts.TraceAssert
+import datadog.trace.bootstrap.instrumentation.api.Tags
+import datadog.trace.core.DDSpan
+import io.vertx.core.AsyncResult
+import io.vertx.core.Vertx
+import io.vertx.core.VertxOptions
+import io.vertx.mysqlclient.MySQLConnectOptions
+import io.vertx.mysqlclient.MySQLPool
+import io.vertx.sqlclient.Cursor
+import io.vertx.sqlclient.Pool
+import io.vertx.sqlclient.PoolOptions
+import io.vertx.sqlclient.PreparedQuery
+import io.vertx.sqlclient.PreparedStatement
+import io.vertx.sqlclient.Query
+import io.vertx.sqlclient.Row
+import io.vertx.sqlclient.RowSet
+import io.vertx.sqlclient.SqlConnection
+import io.vertx.sqlclient.Tuple
+import io.vertx.sqlclient.impl.ArrayTuple
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+import spock.lang.Unroll
+
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.TimeUnit
+import java.util.concurrent.atomic.AtomicReference
+
+import static datadog.trace.agent.test.utils.TraceUtils.basicSpan
+import static datadog.trace.agent.test.utils.TraceUtils.runUnderTrace
+
+class VertxSqlClientForkedTest extends AgentTestRunner {
+  @AutoCleanup
+  @Shared
+  // This database name must match up with the name in the CircleCI MySQL Docker definition
+  def dbs = TestDatabases.initialise("jdbcUnitTest")
+
+  @AutoCleanup
+  @Shared
+  def vertx = Vertx.vertx(new VertxOptions())
+
+  @Unroll
+  def "test #type"() {
+    when:
+    AsyncResult<RowSet<Row>> asyncResult = runUnderTrace("parent") {
+      return executeQueryWithHandler(query)
+    }
+
+    then:
+    asyncResult.succeeded()
+
+    when:
+    def result = asyncResult.result()
+
+    then:
+    result.size() == 1
+    result[0].getInteger(0) == 7
+    assertTraces(1) {
+      trace(3, true) {
+        basicSpan(it, "handler", span(2))
+        checkDBSpan(it, span(2), "SELECT ?", "SELECT", dbs.DBInfos.mysql, prepared)
+        basicSpan(it, "parent")
+      }
+    }
+
+    cleanup:
+    pool.close()
+
+    where:
+    type                 | pool   | query                                         | prepared
+    'query'              | pool() | pool.query('SELECT 7')                        | false
+    'prepared query'     | pool() | pool.preparedQuery("SELECT ?")                | true
+    'prepared statement' | pool() | prepare(connection(pool), "SELECT ?").query() | true
+  }
+
+  @Unroll
+  def "test #type without parent"() {
+    when:
+    AsyncResult<RowSet<Row>> asyncResult = executeQueryWithHandler(query)
+
+    then:
+    asyncResult.succeeded()
+
+    when:
+    def result = asyncResult.result()
+
+    then:
+    result.size() == 1
+    result[0].getInteger(0) == 7
+    assertTraces(2) {
+      trace(1) {
+        checkDBSpan(it, null, "SELECT ?", "SELECT", dbs.DBInfos.mysql, prepared)
+      }
+      trace(1) {
+        basicSpan(it, "handler")
+      }
+    }
+
+    cleanup:
+    pool.close()
+
+    where:
+    type                 | pool   | query                                         | prepared
+    'query'              | pool() | pool.query('SELECT 7')                        | false
+    'prepared query'     | pool() | pool.preparedQuery("SELECT ?")                | true
+    'prepared statement' | pool() | prepare(connection(pool), "SELECT ?").query() | true
+  }
+
+  @Unroll
+  def "test #type mapped"() {
+    setup:
+    def mapped = query.mapping({ row ->
+      return row.getInteger(0)
+    })
+
+    when:
+    AsyncResult<RowSet<Integer>> asyncResult = runUnderTrace("parent") {
+      return executeQueryWithHandler(mapped)
+    }
+
+    then:
+    asyncResult.succeeded()
+
+    when:
+    def result = asyncResult.result()
+
+    then:
+    result.size() == 1
+    result[0] == 7
+    assertTraces(1) {
+      trace(3, true) {
+        basicSpan(it, "handler", span(2))
+        checkDBSpan(it, span(2), "SELECT ?", "SELECT", dbs.DBInfos.mysql, prepared)
+        basicSpan(it, "parent")
+      }
+    }
+
+    cleanup:
+    pool.close()
+
+    where:
+    type                 | pool   | query                                         | prepared
+    'query'              | pool() | pool.query('SELECT 7')                        | false
+    'prepared query'     | pool() | pool.preparedQuery("SELECT ?")                | true
+    'prepared statement' | pool() | prepare(connection(pool), "SELECT ?").query() | true
+  }
+
+  @Unroll
+  def "test #type mapped without parent"() {
+    setup:
+    def mapped = query.mapping({ row ->
+      return row.getInteger(0)
+    })
+
+    when:
+    AsyncResult<RowSet<Integer>> asyncResult = executeQueryWithHandler(mapped)
+
+    then:
+    asyncResult.succeeded()
+
+    when:
+    def result = asyncResult.result()
+
+    then:
+    result.size() == 1
+    result[0] == 7
+    assertTraces(2) {
+      trace(1) {
+        checkDBSpan(it, null, "SELECT ?", "SELECT", dbs.DBInfos.mysql, prepared)
+      }
+      trace(1) {
+        basicSpan(it, "handler")
+      }
+    }
+
+    cleanup:
+    pool.close()
+
+    where:
+    type                 | pool   | query                                         | prepared
+    'query'              | pool() | pool.query('SELECT 7')                        | false
+    'prepared query'     | pool() | pool.preparedQuery("SELECT ?")                | true
+    'prepared statement' | pool() | prepare(connection(pool), "SELECT ?").query() | true
+  }
+
+  def "test cursor"() {
+    setup:
+    def pool = pool()
+    def cursor = prepare(connection(pool), "SELECT 7").cursor()
+
+    when:
+    def asyncResult = runUnderTrace("parent") {
+      queryCursorWithHandler(cursor)
+    }
+
+    then:
+    asyncResult.succeeded()
+
+    when:
+    def result = asyncResult.result()
+
+    then:
+    result.size() == 1
+    result[0].getInteger(0) == 7
+    assertTraces(1) {
+      trace(3, true) {
+        basicSpan(it, "handler", span(2))
+        checkDBSpan(it, span(2), "SELECT ?", "SELECT", dbs.DBInfos.mysql, true)
+        basicSpan(it, "parent")
+      }
+    }
+
+    cleanup:
+    pool.close()
+  }
+
+  def "test row stream"() {
+    setup:
+    def pool = pool()
+    def connection = connection(pool)
+    def statement = prepare(connection, "SELECT 7")
+    def result = new AtomicReference<Row>()
+    def latch = new CountDownLatch(1)
+
+    when:
+    def tx = connection.begin()
+    def stream = statement.createStream(0, ArrayTuple.EMPTY)
+    stream.endHandler({
+      tx.commit()
+    })
+    runUnderTrace("parent") {
+      stream.handler({ row ->
+        if (latch.getCount() != 0) {
+          runUnderTrace("handler") {
+            result.set(row)
+            stream.close()
+          }
+          latch.countDown()
+        }
+      })
+    }
+    assert latch.await(10, TimeUnit.SECONDS)
+
+    then:
+    result.get().getInteger(0) == 7
+    assertTraces(1) {
+      trace(3, true) {
+        basicSpan(it, "handler", span(2))
+        checkDBSpan(it, span(2), "SELECT ?", "SELECT", dbs.DBInfos.mysql, true)
+        basicSpan(it, "parent")
+      }
+    }
+
+    cleanup:
+    pool.close()
+  }
+
+  Pool pool() {
+    def connectOptions = MySQLConnectOptions.fromUri(dbs.DBInfos.mysql.uri)
+    def poolOptions = new PoolOptions().setMaxSize(2)
+    return MySQLPool.pool(vertx, connectOptions, poolOptions)
+  }
+
+  def <T> AsyncResult<RowSet<T>> executeQueryWithHandler(Query<RowSet<T>> query) {
+    def latch = new CountDownLatch(1)
+    AsyncResult<RowSet<T>> result = null
+
+    if (query instanceof PreparedQuery) {
+      query.execute(Tuple.of(7)) { rowSetAR ->
+        runUnderTrace("handler") {
+          result = rowSetAR
+        }
+        latch.countDown()
+      }
+    } else {
+      query.execute { rowSetAR ->
+        runUnderTrace("handler") {
+          result = rowSetAR
+        }
+        latch.countDown()
+      }
+    }
+    assert latch.await(10, TimeUnit.SECONDS)
+    return result
+  }
+
+  AsyncResult<RowSet<Row>> queryCursorWithHandler(Cursor cursor) {
+    def latch = new CountDownLatch(1)
+    AsyncResult<RowSet<Row>> result = null
+    cursor.read(0) { rowSetAR ->
+      runUnderTrace("handler") {
+        result = rowSetAR
+      }
+      latch.countDown()
+    }
+    assert latch.await(10, TimeUnit.SECONDS)
+    return result
+  }
+
+  SqlConnection connection(Pool pool) {
+    def latch = new CountDownLatch(1)
+    SqlConnection result = null
+    pool.getConnection({ connectionAR ->
+      result = connectionAR.result()
+      latch.countDown()
+    })
+    assert latch.await(10, TimeUnit.SECONDS)
+    return result
+  }
+
+  PreparedStatement prepare(SqlConnection connection, String sql) {
+    def latch = new CountDownLatch(1)
+    PreparedStatement result = null
+    connection.prepare(sql, { statementAR ->
+      result = statementAR.result()
+      latch.countDown()
+    })
+    assert latch.await(10, TimeUnit.SECONDS)
+    return result
+  }
+
+  void checkDBSpan(TraceAssert ta, DDSpan parent, String resource, String operation, TestDBInfo info, boolean prepared = false) {
+    ta.span(ta.nextSpanId()) {
+      if (parent != null) {
+        childOf(parent)
+      }
+      operationName info ? "${info.type}.query" : "database.query"
+      resourceName resource
+      spanType "sql"
+      tags {
+        "$Tags.COMPONENT" prepared ? "vertx-sql-prepared_statement" : "vertx-sql-statement"
+        "$Tags.SPAN_KIND" Tags.SPAN_KIND_CLIENT
+        "$Tags.DB_OPERATION" operation
+        if (info) {
+          "$Tags.DB_TYPE" info.type
+          "$Tags.DB_INSTANCE" info.dbName
+          "$Tags.DB_USER" info.user
+          "$Tags.PEER_HOSTNAME" info.host
+        }
+        defaultTags()
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/test/java/TestDatabases.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/test/java/TestDatabases.java
new file mode 100644
index 00000000000..d3b86359399
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.0/src/test/java/TestDatabases.java
@@ -0,0 +1,101 @@
+import datadog.trace.agent.test.utils.PortUtils;
+import java.io.Closeable;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import org.testcontainers.containers.MySQLContainer;
+
+public class TestDatabases implements Closeable {
+
+  private final MySQLContainer mysql;
+  private final Map<String, TestDBInfo> dbInfos;
+
+  private TestDatabases(String dbName) {
+    Map<String, TestDBInfo> infos = new HashMap<>();
+    mysql =
+        new MySQLContainer("mysql:8.0")
+            .withDatabaseName(dbName)
+            .withUsername("sa")
+            .withPassword("sa");
+    // https://github.com/testcontainers/testcontainers-java/issues/914
+    mysql.addParameter("TC_MY_CNF", null);
+    mysql.start();
+    TestDBInfo info =
+        new TestDBInfo(
+            mysql.getUsername(),
+            mysql.getPassword(),
+            mysql.getHost(),
+            mysql.getMappedPort(MySQLContainer.MYSQL_PORT),
+            "mysql",
+            dbName);
+    PortUtils.waitForPortToOpen(info.host, info.port, 5, TimeUnit.SECONDS);
+    infos.put("mysql", info);
+    dbInfos = Collections.unmodifiableMap(infos);
+  }
+
+  public static TestDatabases initialise(String dbName) {
+    return new TestDatabases(dbName);
+  }
+
+  @Override
+  public void close() throws IOException {
+    if (null != mysql) {
+      mysql.close();
+    }
+  }
+
+  public Map<String, TestDBInfo> getDBInfos() {
+    return dbInfos;
+  }
+
+  public static class TestDBInfo {
+    private final String user;
+    private final String password;
+    private final String host;
+    private final Integer port;
+    private final String type;
+    private final String dbName;
+    private final String uri;
+
+    public TestDBInfo(
+        String user, String password, String host, Integer port, String type, String dbName) {
+      this.user = user;
+      this.password = password;
+      this.host = host;
+      this.port = port;
+      this.type = type;
+      this.dbName = dbName;
+      this.uri = type + "://" + user + ":" + password + "@" + host + ":" + port + "/" + dbName;
+    }
+
+    public String getUser() {
+      return user;
+    }
+
+    public String getPassword() {
+      return password;
+    }
+
+    public String getHost() {
+      return host;
+    }
+
+    public String getPort() {
+      return port.toString();
+    }
+
+    public String getType() {
+      return type;
+    }
+
+    public String getDbName() {
+      return dbName;
+    }
+
+    public String getUri() {
+      return uri;
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/build.gradle b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/build.gradle
new file mode 100644
index 00000000000..2d2a33be79c
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/build.gradle
@@ -0,0 +1,36 @@
+
+apply from: "$rootDir/gradle/java.gradle"
+
+muzzle {
+  pass {
+    group = 'io.vertx'
+    module = 'vertx-mysql-client'
+    versions = '[4.4.2,4.5.0)'
+    assertInverse = true
+  }
+}
+
+addTestSuiteForDir('latestDepTest', 'test')
+addTestSuiteExtendingForDir('latestDepForkedTest', 'latestDepTest', 'test')
+
+apply from: "$rootDir/gradle/configure_tests.gradle"
+
+latestDepTest {
+  finalizedBy 'latestDepForkedTest'
+}
+
+dependencies {
+  compileOnly group: 'io.vertx', name: 'vertx-mysql-client', version: '4.4.2'
+
+  testImplementation group: 'io.vertx', name: 'vertx-mysql-client', version: '4.4.2'
+
+  // This is needed for the test container to start
+  testImplementation group: 'mysql', name: 'mysql-connector-java', version: '8.0.23'
+  testImplementation "org.testcontainers:mysql:${versions.testcontainers}"
+
+  latestDepTestImplementation group: 'io.vertx', name: 'vertx-mysql-client', version: '4.4.4'
+}
+
+tasks.withType(Test).configureEach {
+  usesService(testcontainersLimit)
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLConnectionFactoryConstructorAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLConnectionFactoryConstructorAdvice.java
new file mode 100644
index 00000000000..4cf000caae2
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLConnectionFactoryConstructorAdvice.java
@@ -0,0 +1,40 @@
+package datadog.trace.instrumentation.vertx_sql_client_4_4_2;
+
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import io.vertx.core.Future;
+import io.vertx.mysqlclient.MySQLConnectOptions;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.mysqlclient.impl.MySQLConnectionFactory;
+import io.vertx.sqlclient.SqlConnectOptions;
+import io.vertx.sqlclient.impl.SingletonSupplier;
+import java.util.function.Supplier;
+import net.bytebuddy.asm.Advice;
+
+public class MySQLConnectionFactoryConstructorAdvice {
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterConstructor(
+      @Advice.This final MySQLConnectionFactory factory,
+      @Advice.Argument(1) final Supplier<? extends Future<? extends SqlConnectOptions>> databases) {
+    if (databases instanceof SingletonSupplier) {
+      SqlConnectOptions options = (SqlConnectOptions) ((SingletonSupplier) databases).unwrap();
+      DBInfo.Builder builder = DBInfo.DEFAULT.toBuilder();
+      DBInfo info =
+          builder
+              .host(options.getHost())
+              .port(options.getPort())
+              .db(options.getDatabase())
+              .user(options.getUser())
+              .type("mysql")
+              .build();
+      InstrumentationContext.get(MySQLConnectionFactory.class, DBInfo.class).put(factory, info);
+    }
+  }
+
+  // Limit ourselves to 4.4.2+ by using SingletonSupplier which was added in 4.4.2
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+    Supplier<Future<MySQLConnectOptions>> supplier =
+        SingletonSupplier.wrap(new MySQLConnectOptions());
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLConnectionFactoryInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLConnectionFactoryInstrumentation.java
new file mode 100644
index 00000000000..7eb6b96b2c8
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLConnectionFactoryInstrumentation.java
@@ -0,0 +1,39 @@
+package datadog.trace.instrumentation.vertx_sql_client_4_4_2;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class MySQLConnectionFactoryInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public MySQLConnectionFactoryInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.mysqlclient.impl.MySQLConnectionFactory", DBInfo.class.getName());
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.mysqlclient.impl.MySQLConnectionFactory";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(2))
+            .and(takesArgument(1, named("java.util.function.Supplier"))),
+        packageName + ".MySQLConnectionFactoryConstructorAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLDriverAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLDriverAdvice.java
new file mode 100644
index 00000000000..e2f839d75e9
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLDriverAdvice.java
@@ -0,0 +1,42 @@
+package datadog.trace.instrumentation.vertx_sql_client_4_4_2;
+
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import io.vertx.core.Future;
+import io.vertx.mysqlclient.MySQLConnectOptions;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.sqlclient.SqlClient;
+import io.vertx.sqlclient.SqlConnectOptions;
+import io.vertx.sqlclient.impl.SingletonSupplier;
+import java.util.function.Supplier;
+import net.bytebuddy.asm.Advice;
+
+public class MySQLDriverAdvice {
+
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterNewPoolImpl(
+      @Advice.Return final SqlClient zis,
+      @Advice.Argument(1) final Supplier<? extends Future<? extends SqlConnectOptions>> databases) {
+
+    if (databases instanceof SingletonSupplier) {
+      SqlConnectOptions options = (SqlConnectOptions) ((SingletonSupplier) databases).unwrap();
+      DBInfo.Builder builder = DBInfo.DEFAULT.toBuilder();
+      DBInfo info =
+          builder
+              .host(options.getHost())
+              .port(options.getPort())
+              .db(options.getDatabase())
+              .user(options.getUser())
+              .type("mysql")
+              .build();
+      InstrumentationContext.get(SqlClient.class, DBInfo.class).put(zis, info);
+    }
+  }
+
+  // Limit ourselves to 4.4.2+ by using SingletonSupplier which was added in 4.4.2
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+    Supplier<Future<MySQLConnectOptions>> supplier =
+        SingletonSupplier.wrap(new MySQLConnectOptions());
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLDriverInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLDriverInstrumentation.java
new file mode 100644
index 00000000000..8b064e1b2f7
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/MySQLDriverInstrumentation.java
@@ -0,0 +1,40 @@
+package datadog.trace.instrumentation.vertx_sql_client_4_4_2;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static java.util.Collections.singletonMap;
+import static net.bytebuddy.matcher.ElementMatchers.isPrivate;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class MySQLDriverInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+
+  public MySQLDriverInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    return singletonMap("io.vertx.sqlclient.SqlClient", DBInfo.class.getName());
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.mysqlclient.spi.MySQLDriver";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isPrivate()
+            .and(named("newPoolImpl"))
+            .and(takesArguments(4).and(takesArgument(1, named("java.util.function.Supplier")))),
+        packageName + ".MySQLDriverAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/SqlConnectionBaseConstructorAdvice.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/SqlConnectionBaseConstructorAdvice.java
new file mode 100644
index 00000000000..b121d818bf6
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/SqlConnectionBaseConstructorAdvice.java
@@ -0,0 +1,37 @@
+package datadog.trace.instrumentation.vertx_sql_client_4_4_2;
+
+import datadog.trace.bootstrap.InstrumentationContext;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import io.vertx.core.Future;
+import io.vertx.mysqlclient.MySQLConnectOptions;
+import io.vertx.mysqlclient.MySQLConnection;
+import io.vertx.mysqlclient.impl.MySQLConnectionFactory;
+import io.vertx.sqlclient.SqlClient;
+import io.vertx.sqlclient.impl.SingletonSupplier;
+import io.vertx.sqlclient.spi.ConnectionFactory;
+import java.util.function.Supplier;
+import net.bytebuddy.asm.Advice;
+
+public class SqlConnectionBaseConstructorAdvice {
+
+  @Advice.OnMethodExit(suppress = Throwable.class)
+  public static void afterConstructor(
+      @Advice.This final SqlClient zis,
+      @Advice.Argument(1) final ConnectionFactory connectionFactory) {
+
+    if (connectionFactory instanceof MySQLConnectionFactory) {
+      InstrumentationContext.get(SqlClient.class, DBInfo.class)
+          .put(
+              zis,
+              InstrumentationContext.get(MySQLConnectionFactory.class, DBInfo.class)
+                  .get((MySQLConnectionFactory) connectionFactory));
+    }
+  }
+
+  // Limit ourselves to 4.4.2+ by using SingletonSupplier which was added in 4.4.2
+  private static void muzzleCheck(MySQLConnection connection) {
+    connection.ping();
+    Supplier<Future<MySQLConnectOptions>> supplier =
+        SingletonSupplier.wrap(new MySQLConnectOptions());
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/SqlConnectionBaseInstrumentation.java b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/SqlConnectionBaseInstrumentation.java
new file mode 100644
index 00000000000..c23bd6b9c16
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-mysql-client-4.4.2/src/main/java/datadog/trace/instrumentation/vertx_sql_client_4_4_2/SqlConnectionBaseInstrumentation.java
@@ -0,0 +1,43 @@
+package datadog.trace.instrumentation.vertx_sql_client_4_4_2;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static net.bytebuddy.matcher.ElementMatchers.isConstructor;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.jdbc.DBInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+@AutoService(Instrumenter.class)
+public class SqlConnectionBaseInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForSingleType {
+  public SqlConnectionBaseInstrumentation() {
+    super("vertx", "vertx-sql-client");
+  }
+
+  @Override
+  public Map<String, String> contextStore() {
+    Map<String, String> contextStores = new HashMap<>();
+    contextStores.put("io.vertx.sqlclient.SqlClient", DBInfo.class.getName());
+    contextStores.put("io.vertx.mysqlclient.impl.MySQLConnectionFactory", DBInfo.class.getName());
+    return contextStores;
+  }
+
+  @Override
+  public String instrumentedType() {
+    return "io.vertx.sqlclient.impl.SqlConnectionBase";
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+
+    transformation.applyAdvice(
+        isConstructor()
+            .and(takesArguments(4))
+            .and(takesArgument(1, named("io.vertx.sqlclient.spi.ConnectionFactory"))),
+        packageName + ".SqlConnectionBaseConstructorAdvice");
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-redis-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_redis_client/VertxRedisClientDecorator.java b/dd-java-agent/instrumentation/vertx-redis-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_redis_client/VertxRedisClientDecorator.java
index 56c38752807..8c7bff5ef73 100644
--- a/dd-java-agent/instrumentation/vertx-redis-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_redis_client/VertxRedisClientDecorator.java
+++ b/dd-java-agent/instrumentation/vertx-redis-client-3.9/src/main/java/datadog/trace/instrumentation/vertx_redis_client/VertxRedisClientDecorator.java
@@ -2,7 +2,6 @@
 
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.startSpan;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.cache.DDCache;
 import datadog.trace.api.cache.DDCaches;
 import datadog.trace.api.naming.SpanNaming;
@@ -20,7 +19,7 @@ public class VertxRedisClientDecorator
   public static final VertxRedisClientDecorator DECORATE = new VertxRedisClientDecorator();
 
   private static final String SERVICE_NAME =
-      SpanNaming.instance().namingSchema().cache().service(Config.get().getServiceName(), "redis");
+      SpanNaming.instance().namingSchema().cache().service("redis");
   public static final CharSequence REDIS_COMMAND =
       UTF8BytesString.create(SpanNaming.instance().namingSchema().cache().operation("redis"));
 
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/AbstractHttpServerRequestInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/AbstractHttpServerRequestInstrumentation.java
index 501b07f0c3a..26b4388f78f 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/AbstractHttpServerRequestInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/AbstractHttpServerRequestInstrumentation.java
@@ -52,15 +52,15 @@ public void adviceTransformations(final AdviceTransformation transformation) {
 
   public static class ParamsAdvice {
 
-    @Advice.OnMethodEnter
+    @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void onEnter(
         @Advice.Local("beforeParams") Object beforeParams,
         @Advice.FieldValue("params") final Object params) {
       beforeParams = params;
     }
 
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void onExit(
         @Advice.Local("beforeParams") final Object beforeParams,
         @Advice.Return final Object multiMap) {
@@ -68,11 +68,7 @@ public static void onExit(
       if (beforeParams != multiMap) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          try {
-            module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, multiMap);
-          } catch (final Throwable e) {
-            module.onUnexpectedException("params threw", e);
-          }
+          module.taint(multiMap, SourceTypes.REQUEST_PARAMETER_VALUE);
         }
       }
     }
@@ -80,15 +76,15 @@ public static void onExit(
 
   public static class AttributesAdvice {
 
-    @Advice.OnMethodEnter
+    @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void onEnter(
         @Advice.Local("beforeAttributes") Object beforeAttributes,
         @Advice.FieldValue("attributes") final Object attributes) {
       beforeAttributes = attributes;
     }
 
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void onExit(
         @Advice.Local("beforeAttributes") final Object beforeAttributes,
         @Advice.Return final Object multiMap) {
@@ -96,11 +92,7 @@ public static void onExit(
       if (beforeAttributes != multiMap) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          try {
-            module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, multiMap);
-          } catch (final Throwable e) {
-            module.onUnexpectedException("formAttributes threw", e);
-          }
+          module.taint(multiMap, SourceTypes.REQUEST_PARAMETER_VALUE);
         }
       }
     }
@@ -108,16 +100,12 @@ public static void onExit(
 
   public static class DataAdvice {
 
-    @Advice.OnMethodEnter
-    @Source(SourceTypes.REQUEST_BODY_STRING)
+    @Advice.OnMethodEnter(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_BODY)
     public static void onExit(@Advice.Argument(0) final Object data) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        try {
-          module.taintObject(SourceTypes.REQUEST_BODY, data);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("handleData threw", e);
-        }
+        module.taint(data, SourceTypes.REQUEST_BODY);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/BufferInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/BufferInstrumentation.java
index ee346dc6332..2a1c8a34cfa 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/BufferInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/BufferInstrumentation.java
@@ -64,7 +64,7 @@ public static void get(@Advice.This final Object self, @Advice.Return final Stri
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfInputIsTainted(result, self);
+          module.taintIfTainted(result, self);
         } catch (final Throwable e) {
           module.onUnexpectedException("toString threw", e);
         }
@@ -79,7 +79,7 @@ public static void get(@Advice.This final Object self, @Advice.Return final Obje
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfInputIsTainted(result, self);
+          module.taintIfTainted(result, self);
         } catch (final Throwable e) {
           module.onUnexpectedException("getByteBuf threw", e);
         }
@@ -95,7 +95,7 @@ public static void get(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         try {
-          module.taintIfInputIsTainted(result, buffer);
+          module.taintIfTainted(result, buffer);
         } catch (final Throwable e) {
           module.onUnexpectedException("appendBuffer threw", e);
         }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/CaseInsensitiveHeadersInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/CaseInsensitiveHeadersInstrumentation.java
index dded9204c3a..c9e368fe651 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/CaseInsensitiveHeadersInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/CaseInsensitiveHeadersInstrumentation.java
@@ -13,11 +13,13 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.bytebuddy.iast.TaintableVisitor;
 import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -73,71 +75,74 @@ public AdviceTransformer transformer() {
   }
 
   public static class GetAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void afterGet(
         @Advice.This final Object self,
         @Advice.Argument(0) final String name,
         @Advice.Return final String result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
       if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(
-              SourceTypes.REQUEST_PARAMETER_VALUE, name, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("get threw", e);
-        }
+        propagation.taintIfTainted(result, self, SourceTypes.REQUEST_PARAMETER_VALUE, name);
       }
     }
   }
 
   public static class GetAllAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void afterGetAll(
         @Advice.This final Object self,
         @Advice.Argument(0) final String name,
         @Advice.Return final Collection<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(
-              SourceTypes.REQUEST_PARAMETER_VALUE, name, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("getAll threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          for (final String value : result) {
+            propagation.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+          }
         }
       }
     }
   }
 
   public static class EntriesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void afterEntries(
         @Advice.This final Object self,
         @Advice.Return final List<Map.Entry<String, String>> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_VALUE, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("entries threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          final Set<String> names = new HashSet<>();
+          for (final Map.Entry<String, String> entry : result) {
+            final String name = entry.getKey();
+            final String value = entry.getValue();
+            if (names.add(name)) {
+              propagation.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+            }
+            propagation.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, name);
+          }
         }
       }
     }
   }
 
   public static class NamesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_PARAMETER_NAME_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_PARAMETER_NAME)
     public static void afterNames(
         @Advice.This final Object self, @Advice.Return final Set<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_NAME, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("names threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          for (final String name : result) {
+            propagation.taint(ctx, name, SourceTypes.REQUEST_PARAMETER_NAME, name);
+          }
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HeadersAdaptorInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HeadersAdaptorInstrumentation.java
index 3e7d348ecbe..4b865b9ed2e 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HeadersAdaptorInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HeadersAdaptorInstrumentation.java
@@ -11,11 +11,13 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.bytebuddy.iast.TaintableVisitor;
 import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -65,77 +67,75 @@ public AdviceTransformer transformer() {
   }
 
   public static class GetAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void afterGet(
         @Advice.This final Object self,
         @Advice.Argument(0) final CharSequence name,
         @Advice.Return final String result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
       if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(
-              SourceTypes.REQUEST_HEADER_VALUE,
-              name == null ? null : name.toString(),
-              result,
-              self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("get threw", e);
-        }
+        propagation.taintIfTainted(result, self, SourceTypes.REQUEST_HEADER_VALUE, name);
       }
     }
   }
 
   public static class GetAllAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void afterGetAll(
         @Advice.This final Object self,
         @Advice.Argument(0) final CharSequence name,
         @Advice.Return final Collection<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(
-              SourceTypes.REQUEST_HEADER_VALUE,
-              name == null ? null : name.toString(),
-              result,
-              self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("getAll threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          final String headerName = name == null ? null : name.toString();
+          for (final String value : result) {
+            propagation.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, headerName);
+          }
         }
       }
     }
   }
 
   public static class EntriesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void afterEntries(
         @Advice.This final Object self,
         @Advice.Return final List<Map.Entry<String, String>> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("entries threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          final Set<String> names = new HashSet<>();
+          for (Map.Entry<String, String> entry : result) {
+            final String name = entry.getKey();
+            final String value = entry.getValue();
+            if (names.add(name)) {
+              propagation.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
+            }
+            propagation.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
+          }
         }
       }
     }
   }
 
   public static class NamesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_NAME_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_NAME)
     public static void afterNames(
         @Advice.This final Object self, @Advice.Return final Set<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_NAME, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("names threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          for (final String name : result) {
+            propagation.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
+          }
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/Http2ServerRequestInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/Http2ServerRequestInstrumentation.java
index 8dc0a674195..9e648c95cb0 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/Http2ServerRequestInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/Http2ServerRequestInstrumentation.java
@@ -45,8 +45,8 @@ public static void onEnter(
       beforeHeaders = headersMap;
     }
 
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onExit(
         @Advice.Local("beforeHeaders") final Object beforeHeaders,
         @Advice.Return final Object multiMap) {
@@ -54,11 +54,7 @@ public static void onExit(
       if (beforeHeaders != multiMap) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          try {
-            module.taintObject(SourceTypes.REQUEST_HEADER_VALUE, multiMap);
-          } catch (final Throwable e) {
-            module.onUnexpectedException("headers threw", e);
-          }
+          module.taint(multiMap, SourceTypes.REQUEST_HEADER_VALUE);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HttpServerRequestInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HttpServerRequestInstrumentation.java
index d3888383581..a2186330199 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HttpServerRequestInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/HttpServerRequestInstrumentation.java
@@ -39,15 +39,15 @@ public void adviceTransformations(AdviceTransformation transformation) {
 
   public static class HeadersAdvice {
 
-    @Advice.OnMethodEnter
+    @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void onEnter(
         @Advice.Local("beforeHeaders") Object beforeHeaders,
         @Advice.FieldValue("headers") final Object headers) {
       beforeHeaders = headers;
     }
 
-    @Advice.OnMethodExit()
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onExit(
         @Advice.Local("beforeHeaders") final Object beforeHeaders,
         @Advice.Return final Object multiMap) {
@@ -55,11 +55,7 @@ public static void onExit(
       if (beforeHeaders != multiMap) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          try {
-            module.taintObject(SourceTypes.REQUEST_HEADER_VALUE, multiMap);
-          } catch (final Throwable e) {
-            module.onUnexpectedException("headers threw", e);
-          }
+          module.taint(multiMap, SourceTypes.REQUEST_HEADER_VALUE);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/CookieImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/CookieImplInstrumentation.java
index 7693489340a..b06d2b56ffd 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/CookieImplInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/CookieImplInstrumentation.java
@@ -51,36 +51,27 @@ public AdviceTransformer transformer() {
   }
 
   public static class GetNameAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_COOKIE_NAME_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_NAME)
     public static void afterGetName(
         @Advice.This final Cookie self, @Advice.Return final String result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        try {
-          module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, result, result, self);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("getName threw", e);
-        }
+        module.taintIfTainted(result, self, SourceTypes.REQUEST_COOKIE_NAME, result);
       }
     }
   }
 
   public static class GetValueAdvice {
 
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void afterGetValue(
         @Advice.This final Cookie self, @Advice.Return final String result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        try {
-          // TODO calling self.getName() actually taints the name of the cookie
-          module.taintIfInputIsTainted(
-              SourceTypes.REQUEST_COOKIE_VALUE, self.getName(), result, self);
-        } catch (final Throwable e) {
-          module.onUnexpectedException("getValue threw", e);
-        }
+        // TODO calling self.getName() actually taints the name of the cookie
+        module.taintIfTainted(result, self, SourceTypes.REQUEST_COOKIE_VALUE, self.getName());
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/IastRoutingContextImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/IastRoutingContextImplInstrumentation.java
index ffee4cec2e7..cd685575017 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/IastRoutingContextImplInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/IastRoutingContextImplInstrumentation.java
@@ -9,6 +9,7 @@
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Sink;
 import datadog.trace.api.iast.Source;
@@ -52,25 +53,26 @@ public void adviceTransformations(final AdviceTransformation transformation) {
   }
 
   public static class CookiesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onCookies(@Advice.Return final Set<Object> cookies) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
-      try {
-        module.taintObjects(SourceTypes.REQUEST_COOKIE_VALUE, cookies);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("cookies threw", e);
+      if (module != null && cookies != null && !cookies.isEmpty()) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (final Object cookie : cookies) {
+          module.taint(ctx, cookie, SourceTypes.REQUEST_COOKIE_VALUE);
+        }
       }
     }
   }
 
   public static class GetCookieAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onGetCookie(@Advice.Return final Object cookie) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintObject(SourceTypes.REQUEST_COOKIE_VALUE, cookie);
+        module.taint(cookie, SourceTypes.REQUEST_COOKIE_VALUE);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/PathParameterPublishingHelper.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/PathParameterPublishingHelper.java
index 37b10cc9328..3cc69be3913 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/PathParameterPublishingHelper.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/PathParameterPublishingHelper.java
@@ -9,6 +9,7 @@
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
@@ -49,17 +50,19 @@ public static Throwable publishParams(Map<String, String> params) {
           } else {
             Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
             brf.tryCommitBlockingResponse(
-                rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                requestContext.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
 
             be = new BlockingException("Blocked request (for route/matches)");
-            requestContext.getTraceSegment().effectivelyBlocked();
           }
         }
       }
     }
 
     { // iast
-      Object iastRequestContext = requestContext.getData(RequestContextSlot.IAST);
+      IastContext iastRequestContext = requestContext.getData(RequestContextSlot.IAST);
       if (iastRequestContext != null) {
         PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
@@ -70,7 +73,7 @@ public static Throwable publishParams(Map<String, String> params) {
               continue; // should not happen
             }
             module.taint(
-                iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+                iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteImplInstrumentation.java
index 2292d9f832e..29bb5a3b46e 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteImplInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteImplInstrumentation.java
@@ -10,12 +10,16 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import datadog.trace.agent.tooling.muzzle.Reference;
 import java.util.Set;
+import net.bytebuddy.asm.Advice;
 
 @AutoService(Instrumenter.class)
 public class RouteImplInstrumentation extends Instrumenter.Default
-    implements Instrumenter.ForKnownTypes {
+    implements Instrumenter.ForKnownTypes, Instrumenter.WithPostProcessor {
+
+  private Advice.PostProcessor.Factory postProcessorFactory;
 
   public RouteImplInstrumentation() {
     super("vertx", "vertx-3.4");
@@ -28,8 +32,11 @@ public Reference[] additionalMuzzleReferences() {
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return enabledSystems.contains(TargetSystem.APPSEC)
-        || enabledSystems.contains(TargetSystem.IAST);
+    if (enabledSystems.contains(TargetSystem.IAST)) {
+      postProcessorFactory = IastPostProcessorFactory.INSTANCE;
+      return true;
+    }
+    return enabledSystems.contains(TargetSystem.APPSEC);
   }
 
   @Override
@@ -71,4 +78,9 @@ public void adviceTransformations(AdviceTransformation transformation) {
             .and(returns(boolean.class)),
         packageName + ".RouteMatchesAdvice$BooleanReturnVariant");
   }
+
+  @Override
+  public Advice.PostProcessor.Factory postProcessor() {
+    return postProcessorFactory;
+  }
 }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteMatchesAdvice.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteMatchesAdvice.java
index 09f2619b09a..7aec8ec2487 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteMatchesAdvice.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RouteMatchesAdvice.java
@@ -8,7 +8,7 @@
 
 class RouteMatchesAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-  @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+  @Source(SourceTypes.REQUEST_PATH_PARAMETER)
   static void after(
       @Advice.Return int ret,
       @Advice.Argument(0) final RoutingContext ctx,
@@ -27,7 +27,7 @@ static void after(
 
   static class BooleanReturnVariant {
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-    @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+    @Source(SourceTypes.REQUEST_PATH_PARAMETER)
     static void after(
         @Advice.Return boolean ret,
         @Advice.Argument(0) final RoutingContext ctx,
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RoutingContextJsonAdvice.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RoutingContextJsonAdvice.java
index 22674380503..a4598d9749f 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RoutingContextJsonAdvice.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/RoutingContextJsonAdvice.java
@@ -46,8 +46,10 @@ static void after(
       }
       Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
       blockResponseFunction.tryCommitBlockingResponse(
-          rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-      reqCtx.getTraceSegment().effectivelyBlocked();
+          reqCtx.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
       if (throwable == null) {
         throwable = new BlockingException("Blocked request (for RoutingContextImpl/getBodyAsJson)");
       }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/WafPublishingBodyHandler.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/WafPublishingBodyHandler.java
index 7f9e84fa298..1ac134af24b 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/WafPublishingBodyHandler.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/server/WafPublishingBodyHandler.java
@@ -71,8 +71,10 @@ private void publishRequestBody(Object body) {
         }
         Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
         blockResponseFunction.tryCommitBlockingResponse(
-            rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-        reqCtx.getTraceSegment().effectivelyBlocked();
+            reqCtx.getTraceSegment(),
+            rba.getStatusCode(),
+            rba.getBlockingContentType(),
+            rba.getExtraHeaders());
         throw new BlockingException(
             "Blocked request (for Buffer/toString or Buffer/toJson{Object,Array})");
       }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/BufferInstrumentationTest.groovy b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/BufferInstrumentationTest.groovy
index 6a6d9f05f49..29aba239e1e 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/BufferInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/BufferInstrumentationTest.groovy
@@ -27,7 +27,7 @@ class BufferInstrumentationTest extends AgentTestRunner {
     method.call(buffer)
 
     then:
-    1 * module.taintIfInputIsTainted(_, buffer)
+    1 * module.taintIfTainted(_, buffer)
 
     where:
     _ | method
@@ -46,7 +46,7 @@ class BufferInstrumentationTest extends AgentTestRunner {
     method.call(buffer, tainted)
 
     then:
-    1 * module.taintIfInputIsTainted(buffer, tainted)
+    1 * module.taintIfTainted(buffer, tainted)
 
     where:
     _ | method
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/CaseInsensitiveHeadersInstrumentationTest.groovy b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/CaseInsensitiveHeadersInstrumentationTest.groovy
index 832bb0e4b4a..a153c15c200 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/CaseInsensitiveHeadersInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/CaseInsensitiveHeadersInstrumentationTest.groovy
@@ -7,6 +7,7 @@ import datadog.trace.api.iast.propagation.PropagationModule
 import groovy.transform.CompileDynamic
 import io.vertx.core.MultiMap
 import io.vertx.core.http.CaseInsensitiveHeaders
+import org.junit.Assume
 
 @CompileDynamic
 class CaseInsensitiveHeadersInstrumentationTest extends AgentTestRunner {
@@ -27,7 +28,7 @@ class CaseInsensitiveHeadersInstrumentationTest extends AgentTestRunner {
     headers.get('key')
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_VALUE, 'key', 'value', headers)
+    1 * module.taintIfTainted('value', headers, SourceTypes.REQUEST_PARAMETER_VALUE, 'key')
   }
 
   void 'test that getAll() is instrumented'() {
@@ -41,7 +42,16 @@ class CaseInsensitiveHeadersInstrumentationTest extends AgentTestRunner {
     headers.getAll('key')
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_VALUE, 'key', ['value1', 'value2'], headers)
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
+    when:
+    headers.getAll('key')
+
+    then:
+    1 * module.isTainted(headers) >> { true }
+    1 * module.taint(_, 'value1', SourceTypes.REQUEST_PARAMETER_VALUE, 'key')
+    1 * module.taint(_, 'value2', SourceTypes.REQUEST_PARAMETER_VALUE, 'key')
   }
 
   void 'test that names() is instrumented'() {
@@ -55,26 +65,43 @@ class CaseInsensitiveHeadersInstrumentationTest extends AgentTestRunner {
     headers.names()
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_NAME, _, headers) >> {
-      final names = it[1] as List<String>
-      assert names == ['key']
-    }
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
+    when:
+    headers.names()
+
+    then:
+    1 * module.isTainted(headers) >> { true }
+    1 * module.taint(_, 'key', SourceTypes.REQUEST_PARAMETER_NAME, 'key')
   }
 
   void 'test that entries() is instrumented'() {
     given:
+    // latest versions of vertx 3.x define the entries in the MultiMap interface, so we will lose propagation
+    Assume.assumeTrue(hasMethod(CaseInsensitiveHeaders, 'entries'))
     final headers = new CaseInsensitiveHeaders()
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
     addAll([[key: 'value1'], [key: 'value2']], headers)
 
+    when:
+    final result = headers.entries()
+
+    then:
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
     when:
     headers.entries()
 
     then:
-    // latest versions of vertx 3.x define the entries in the MultiMap interface, so we will lose propagation
-    if (hasMethod(CaseInsensitiveHeaders, 'entries')) {
-      1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_VALUE, _, headers)
+    1 * module.isTainted(headers) >> { true }
+    result.collect { it.key }.unique().each {
+      1 * module.taint(_, it, SourceTypes.REQUEST_PARAMETER_NAME, it)
+    }
+    result.each {
+      1 * module.taint(_, it.value, SourceTypes.REQUEST_PARAMETER_VALUE, it.key)
     }
   }
 
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/HeadersAdaptorInstrumentationTest.groovy b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/HeadersAdaptorInstrumentationTest.groovy
index d8a579c5e66..6964b5e46c3 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/HeadersAdaptorInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/core/HeadersAdaptorInstrumentationTest.groovy
@@ -10,6 +10,7 @@ import io.netty.handler.codec.http2.DefaultHttp2Headers
 import io.vertx.core.MultiMap
 import io.vertx.core.http.impl.HeadersAdaptor
 import io.vertx.core.http.impl.Http2HeadersAdaptor
+import org.junit.Assume
 
 @CompileDynamic
 class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
@@ -29,7 +30,7 @@ class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
     headers.get('key')
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, 'key', 'value', headers)
+    1 * module.taintIfTainted('value', headers, SourceTypes.REQUEST_HEADER_VALUE, 'key')
 
     where:
     headers        | _
@@ -47,7 +48,16 @@ class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
     headers.getAll('key')
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, 'key', ['value1', 'value2'], headers)
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
+    when:
+    headers.getAll('key')
+
+    then:
+    1 * module.isTainted(headers) >> { true }
+    1 * module.taint(_, 'value1', SourceTypes.REQUEST_HEADER_VALUE, 'key')
+    1 * module.taint(_, 'value2', SourceTypes.REQUEST_HEADER_VALUE, 'key')
 
     where:
     headers        | _
@@ -65,10 +75,15 @@ class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
     headers.names()
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_NAME, _, headers) >> {
-      final names = it[1] as List<String>
-      assert names == ['key']
-    }
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
+    when:
+    headers.names()
+
+    then:
+    1 * module.isTainted(headers) >> { true }
+    1 * module.taint(_, 'key', SourceTypes.REQUEST_HEADER_NAME, 'key')
 
     where:
     headers        | _
@@ -78,17 +93,29 @@ class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
 
   void 'test that entries() is instrumented'() {
     given:
+    // latest versions of vertx 3.x define the entries in the MultiMap interface, so we will lose propagation
+    Assume.assumeTrue(hasMethod(headers.getClass(), 'entries'))
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
     addAll([[key: 'value1'], [key: 'value2']], headers)
 
+    when:
+    final result = headers.entries()
+
+    then:
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
     when:
     headers.entries()
 
     then:
-    // latest versions of vertx 3.x define the entries in the MultiMap interface, so we will lose propagation
-    if (hasMethod(headers.getClass(), 'entries')) {
-      1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, _ as List<Map.Entry<String, String>>, headers)
+    1 * module.isTainted(headers) >> { true }
+    result.collect { it.key }.unique().each {
+      1 * module.taint(_, it, SourceTypes.REQUEST_HEADER_NAME, it)
+    }
+    result.each {
+      1 * module.taint(_, it.value, SourceTypes.REQUEST_HEADER_VALUE, it.key)
     }
 
     where:
@@ -97,7 +124,7 @@ class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
     http2Adaptor() | _
   }
 
-  private static boolean hasMethod(final Class<?> target, final String name, final Class<?>...types) {
+  private static boolean hasMethod(final Class<?> target, final String name, final Class<?>... types) {
     try {
       target.getDeclaredMethod(name, types) != null
     } catch (Throwable e) {
@@ -118,6 +145,6 @@ class HeadersAdaptorInstrumentationTest extends AgentTestRunner {
   }
 
   private static void addAll(final List<Map<String, String>> list, final MultiMap headers) {
-    list.each { addAll(it, headers)  }
+    list.each { addAll(it, headers) }
   }
 }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/IastSourceTest.groovy b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/IastSourceTest.groovy
index f61d00cbf4d..237cf356592 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/IastSourceTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/IastSourceTest.groovy
@@ -1,6 +1,6 @@
 package server
 
-
+import datadog.trace.api.iast.IastContext
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.propagation.PropagationModule
@@ -21,13 +21,13 @@ class IastSourceTest extends IastVertx34Server {
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
     final url = "${address}/iast/propagation/cookies"
-    final request = new Request.Builder().url(url).build()
+    final request = new Request.Builder().url(url).addHeader('Cookie', 'cookie=test').build()
 
     when:
     client.newCall(request).execute()
 
     then:
-    1 * module.taintObjects(SourceTypes.REQUEST_COOKIE_VALUE, _)
+    (1.._) * module.taint(_ as IastContext, _, SourceTypes.REQUEST_COOKIE_VALUE)
   }
 
   void 'test that getCookie is instrumented'() {
@@ -35,13 +35,13 @@ class IastSourceTest extends IastVertx34Server {
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
     final url = "${address}/iast/propagation/getcookie"
-    final request = new Request.Builder().url(url).build()
+    final request = new Request.Builder().url(url).addHeader('Cookie', 'cookie=test').build()
 
     when:
     client.newCall(request).execute()
 
     then:
-    1 * module.taintObject(SourceTypes.REQUEST_COOKIE_VALUE, _)
+    1 * module.taint(_, SourceTypes.REQUEST_COOKIE_VALUE)
   }
 
   void 'test that cookie getName is instrumented'() {
@@ -55,7 +55,7 @@ class IastSourceTest extends IastVertx34Server {
     client.newCall(request).execute()
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, 'cookieName', 'cookieName', _)
+    1 * module.taintIfTainted('cookieName', _, SourceTypes.REQUEST_COOKIE_NAME, 'cookieName')
   }
 
   void 'test that cookie getValue is instrumented'() {
@@ -69,8 +69,8 @@ class IastSourceTest extends IastVertx34Server {
     client.newCall(request).execute()
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, 'cookieName', 'cookieName', _)
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_VALUE, 'cookieName', 'cookieValue', _)
+    1 * module.taintIfTainted('cookieName', _, SourceTypes.REQUEST_COOKIE_NAME, 'cookieName')
+    1 * module.taintIfTainted('cookieValue', _, SourceTypes.REQUEST_COOKIE_VALUE, 'cookieName')
   }
 
   void 'test that headers() is instrumented'() {
@@ -84,7 +84,7 @@ class IastSourceTest extends IastVertx34Server {
     client.newCall(request).execute()
 
     then:
-    1 * module.taintObject(SourceTypes.REQUEST_HEADER_VALUE, _)
+    1 * module.taint(_, SourceTypes.REQUEST_HEADER_VALUE)
   }
 
   void 'test that params() is instrumented'() {
@@ -98,7 +98,7 @@ class IastSourceTest extends IastVertx34Server {
     client.newCall(request).execute()
 
     then:
-    1 * module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, _)
+    1 * module.taint(_, SourceTypes.REQUEST_PARAMETER_VALUE)
   }
 
   void 'test that formAttributes() is instrumented'() {
@@ -113,9 +113,9 @@ class IastSourceTest extends IastVertx34Server {
     client.newCall(request).execute()
 
     then:
-    1 * module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, _ as MultiMap) // once for formAttributes()
-    1 * module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, _ as MultiMap) // once for params()
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_PARAMETER_VALUE, 'formAttribute', 'form', _ as MultiMap)
+    1 * module.taint(_ as MultiMap, SourceTypes.REQUEST_PARAMETER_VALUE) // once for formAttributes()
+    1 * module.taint(_ as MultiMap, SourceTypes.REQUEST_PARAMETER_VALUE) // once for params()
+    1 * module.taintIfTainted('form', _ as MultiMap, SourceTypes.REQUEST_PARAMETER_VALUE, 'formAttribute')
   }
 
   void 'test that handleData()/onData() is instrumented'() {
@@ -130,8 +130,8 @@ class IastSourceTest extends IastVertx34Server {
     client.newCall(request).execute()
 
     then:
-    1 * module.taintObject(SourceTypes.REQUEST_BODY, _ as Buffer)
-    1 * module.taintIfInputIsTainted('{ "my_key": "my_value" }', _ as Buffer)
+    1 * module.taint(_ as Buffer, SourceTypes.REQUEST_BODY)
+    1 * module.taintIfTainted('{ "my_key": "my_value" }', _ as Buffer)
   }
 
 
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/VertxHttpServerForkedTest.groovy b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/VertxHttpServerForkedTest.groovy
index 01075ae5377..54cf85bff5d 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/VertxHttpServerForkedTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/groovy/server/VertxHttpServerForkedTest.groovy
@@ -41,6 +41,11 @@ class VertxHttpServerForkedTest extends HttpServerTest<Vertx> {
     "netty.request"
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   String testPathParam() {
     routerBasePath() + "path/:id/param"
@@ -87,6 +92,11 @@ class VertxHttpServerForkedTest extends HttpServerTest<Vertx> {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   @Override
   Class<? extends Exception> expectedExceptionType() {
     return RuntimeException
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/java/server/IastSourceVerticle.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/java/server/IastSourceVerticle.java
index 05997f3cc2a..e73ca00d610 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.4/src/test/java/server/IastSourceVerticle.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.4/src/test/java/server/IastSourceVerticle.java
@@ -6,6 +6,7 @@
 import io.vertx.ext.web.Cookie;
 import io.vertx.ext.web.Router;
 import io.vertx.ext.web.handler.BodyHandler;
+import io.vertx.ext.web.handler.CookieHandler;
 import io.vertx.ext.web.impl.CookieImpl;
 
 public class IastSourceVerticle extends AbstractVerticle {
@@ -17,6 +18,7 @@ public void start(final Future<Void> startPromise) {
     final int port = config().getInteger(CONFIG_HTTP_SERVER_PORT);
     Router router = Router.router(vertx);
     router.route().handler(BodyHandler.create());
+    router.route().handler(CookieHandler.create());
     router
         .route("/iast/propagation/cookies")
         .handler(
diff --git a/dd-java-agent/instrumentation/vertx-web-3.5/src/main/java/datadog/trace/instrumentation/vertx_3_5/core/VertxHttpHeadersInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.5/src/main/java/datadog/trace/instrumentation/vertx_3_5/core/VertxHttpHeadersInstrumentation.java
index 460653ab775..7337d7a9422 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.5/src/main/java/datadog/trace/instrumentation/vertx_3_5/core/VertxHttpHeadersInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-3.5/src/main/java/datadog/trace/instrumentation/vertx_3_5/core/VertxHttpHeadersInstrumentation.java
@@ -10,11 +10,13 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.bytebuddy.iast.TaintableVisitor;
 import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -71,77 +73,74 @@ public AdviceTransformer transformer() {
   }
 
   public static class GetAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void afterGet(
         @Advice.This final Object self,
         @Advice.Argument(0) final CharSequence name,
         @Advice.Return final String result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
       if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(
-              SourceTypes.REQUEST_HEADER_VALUE,
-              name == null ? null : name.toString(),
-              result,
-              self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("get threw", e);
-        }
+        propagation.taintIfTainted(result, self, SourceTypes.REQUEST_HEADER_VALUE, name);
       }
     }
   }
 
   public static class GetAllAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void afterGetAll(
         @Advice.This final Object self,
         @Advice.Argument(0) final CharSequence name,
         @Advice.Return final Collection<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(
-              SourceTypes.REQUEST_HEADER_VALUE,
-              name == null ? null : name.toString(),
-              result,
-              self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("getAll threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          for (final String value : result) {
+            propagation.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
+          }
         }
       }
     }
   }
 
   public static class EntriesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void afterEntries(
         @Advice.This final Object self,
         @Advice.Return final List<Map.Entry<String, String>> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("entries threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          final Set<String> names = new HashSet<>();
+          for (final Map.Entry<String, String> entry : result) {
+            final String name = entry.getKey();
+            final String value = entry.getValue();
+            if (names.add(name)) {
+              propagation.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
+            }
+            propagation.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
+          }
         }
       }
     }
   }
 
   public static class NamesAdvice {
-    @Advice.OnMethodExit
-    @Source(SourceTypes.REQUEST_HEADER_NAME_STRING)
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    @Source(SourceTypes.REQUEST_HEADER_NAME)
     public static void afterNames(
         @Advice.This final Object self, @Advice.Return final Set<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        try {
-          propagation.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_NAME, result, self);
-        } catch (final Throwable e) {
-          propagation.onUnexpectedException("names threw", e);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        if (propagation.isTainted(self)) {
+          final IastContext ctx = IastContext.Provider.get();
+          for (final String name : result) {
+            propagation.taint(ctx, name, SourceTypes.REQUEST_HEADER_NAME, name);
+          }
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/vertx-web-3.5/src/test/groovy/core/VertxHttpHeadersInstrumentationTest.groovy b/dd-java-agent/instrumentation/vertx-web-3.5/src/test/groovy/core/VertxHttpHeadersInstrumentationTest.groovy
index 2affc4e7133..422a95cfd87 100644
--- a/dd-java-agent/instrumentation/vertx-web-3.5/src/test/groovy/core/VertxHttpHeadersInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-3.5/src/test/groovy/core/VertxHttpHeadersInstrumentationTest.groovy
@@ -27,7 +27,7 @@ class VertxHttpHeadersInstrumentationTest extends AgentTestRunner {
     headers.get('key')
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, 'key', 'value', headers)
+    1 * module.taintIfTainted('value', headers, SourceTypes.REQUEST_HEADER_VALUE, 'key')
   }
 
   void 'test that getAll() is instrumented'() {
@@ -41,7 +41,16 @@ class VertxHttpHeadersInstrumentationTest extends AgentTestRunner {
     headers.getAll('key')
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, 'key', ['value1', 'value2'], headers)
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
+    when:
+    headers.getAll('key')
+
+    then:
+    1 * module.isTainted(headers) >> { true }
+    1 * module.taint(_, 'value1', SourceTypes.REQUEST_HEADER_VALUE, 'key')
+    1 * module.taint(_, 'value2', SourceTypes.REQUEST_HEADER_VALUE, 'key')
   }
 
   void 'test that names() is instrumented'() {
@@ -55,7 +64,15 @@ class VertxHttpHeadersInstrumentationTest extends AgentTestRunner {
     headers.names()
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_NAME, ['key'] as Set<String>, headers)
+    1 * module.isTainted(headers) >> { false }
+    0 * _
+
+    when:
+    headers.names()
+
+    then:
+    1 * module.isTainted(headers) >> { true }
+    1 * module.taint(_, 'key', SourceTypes.REQUEST_HEADER_NAME, 'key')
   }
 
   void 'test that entries() is instrumented'() {
@@ -65,11 +82,24 @@ class VertxHttpHeadersInstrumentationTest extends AgentTestRunner {
     InstrumentationBridge.registerIastModule(module)
     addAll([[key: 'value1'], [key: 'value2']], headers)
 
+    when:
+    final result = headers.entries()
+
+    then:
+    module.isTainted(headers) >> { false }
+    0 * _
+
     when:
     headers.entries()
 
     then:
-    1 * module.taintIfInputIsTainted(SourceTypes.REQUEST_HEADER_VALUE, _ as List<Map.Entry<String, String>>, headers)
+    module.isTainted(headers) >> { true }
+    result.collect { it.key }.unique().each {
+      (1.._) * module.taint(_, it, SourceTypes.REQUEST_HEADER_NAME, it) // entries relies on names() on some impls
+    }
+    result.each {
+      1 * module.taint(_, it.value, SourceTypes.REQUEST_HEADER_VALUE, it.key)
+    }
   }
 
   private static void addAll(final Map<String, String> map, final MultiMap headers) {
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/build.gradle b/dd-java-agent/instrumentation/vertx-web-4.0/build.gradle
index 2a40f98ddaf..bc887e6929a 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/build.gradle
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/build.gradle
@@ -27,6 +27,8 @@ artifacts {
 }
 
 dependencies {
+  api project(':dd-java-agent:instrumentation:netty-4.1-shared')
+
   compileOnly group: 'io.vertx', name: 'vertx-web', version: '4.2.7'
 
   testImplementation project(':dd-java-agent:instrumentation:netty-4.1')
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/client/HttpClientRequestBaseInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/client/HttpClientRequestBaseInstrumentation.java
new file mode 100644
index 00000000000..bed2f3d2fb0
--- /dev/null
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/client/HttpClientRequestBaseInstrumentation.java
@@ -0,0 +1,67 @@
+package datadog.trace.instrumentation.vertx_4_0.client;
+
+import static datadog.trace.agent.tooling.bytebuddy.matcher.NameMatchers.named;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activateSpan;
+import static datadog.trace.bootstrap.instrumentation.httpurlconnection.HttpUrlConnectionDecorator.DECORATE;
+import static net.bytebuddy.matcher.ElementMatchers.isMethod;
+import static net.bytebuddy.matcher.ElementMatchers.isPackagePrivate;
+import static net.bytebuddy.matcher.ElementMatchers.takesArgument;
+
+import com.google.auto.service.AutoService;
+import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.bootstrap.instrumentation.api.AgentScope;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.instrumentation.netty41.AttributeKeys;
+import io.vertx.core.http.impl.HttpClientStream;
+import net.bytebuddy.asm.Advice;
+
+@AutoService(Instrumenter.class)
+public class HttpClientRequestBaseInstrumentation extends Instrumenter.Tracing
+    implements Instrumenter.ForKnownTypes {
+  static final String[] CONCRETE_TYPES = {
+    "io.vertx.core.http.impl.HttpClientRequestImpl",
+    "io.vertx.core.http.impl.HttpClientRequestPushPromise"
+  };
+
+  public HttpClientRequestBaseInstrumentation() {
+    super("vertx", "vertx-4.0");
+  }
+
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {"datadog.trace.instrumentation.netty41.AttributeKeys"};
+  }
+
+  @Override
+  public void adviceTransformations(AdviceTransformation transformation) {
+    transformation.applyAdvice(
+        isMethod()
+            .and(isPackagePrivate())
+            .and(named("reset"))
+            .and(takesArgument(0, named("java.lang.Throwable"))),
+        HttpClientRequestBaseInstrumentation.class.getName() + "$ResetAdvice");
+  }
+
+  @Override
+  public String[] knownMatchingTypes() {
+    return CONCRETE_TYPES;
+  }
+
+  public static class ResetAdvice {
+    @Advice.OnMethodExit(suppress = Throwable.class)
+    public static void onExit(
+        @Advice.Argument(value = 0) Throwable cause,
+        @Advice.FieldValue("stream") final HttpClientStream stream,
+        @Advice.Return(readOnly = false) boolean result) {
+      if (result) {
+        AgentSpan nettySpan =
+            stream.connection().channel().attr(AttributeKeys.SPAN_ATTRIBUTE_KEY).get();
+        if (nettySpan != null) {
+          try (final AgentScope scope = activateSpan(nettySpan)) {
+            DECORATE.onError(scope, cause);
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/AbstractHttpServerRequestInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/AbstractHttpServerRequestInstrumentation.java
index 57483fe70c9..92ba216eabe 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/AbstractHttpServerRequestInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/AbstractHttpServerRequestInstrumentation.java
@@ -11,6 +11,7 @@
 
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Source;
 import datadog.trace.api.iast.SourceTypes;
@@ -69,7 +70,7 @@ public static void onEnter(
     }
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void onExit(
         @Advice.Local("beforeParams") final Object beforeParams,
         @Advice.Return final Object multiMap) {
@@ -77,7 +78,7 @@ public static void onExit(
       if (beforeParams != multiMap) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, multiMap);
+          module.taint(multiMap, SourceTypes.REQUEST_PARAMETER_VALUE);
         }
       }
     }
@@ -93,7 +94,7 @@ public static void onEnter(
     }
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_PARAMETER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_PARAMETER_VALUE)
     public static void onExit(
         @Advice.Local("beforeAttributes") final Object beforeAttributes,
         @Advice.Return final Object multiMap) {
@@ -101,7 +102,7 @@ public static void onExit(
       if (beforeAttributes != multiMap) {
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
-          module.taintObject(SourceTypes.REQUEST_PARAMETER_VALUE, multiMap);
+          module.taint(multiMap, SourceTypes.REQUEST_PARAMETER_VALUE);
         }
       }
     }
@@ -110,11 +111,11 @@ public static void onExit(
   public static class HeadersAdvice {
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_HEADER_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_HEADER_VALUE)
     public static void onExit(@Advice.Return final Object multiMap) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintObject(SourceTypes.REQUEST_HEADER_VALUE, multiMap);
+        module.taint(multiMap, SourceTypes.REQUEST_HEADER_VALUE);
       }
     }
   }
@@ -122,11 +123,11 @@ public static void onExit(@Advice.Return final Object multiMap) {
   public static class DataAdvice {
 
     @Advice.OnMethodEnter(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_BODY_STRING)
+    @Source(SourceTypes.REQUEST_BODY)
     public static void onExit(@Advice.Argument(0) final Object data) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintObject(SourceTypes.REQUEST_BODY, data);
+        module.taint(data, SourceTypes.REQUEST_BODY);
       }
     }
   }
@@ -134,11 +135,14 @@ public static void onExit(@Advice.Argument(0) final Object data) {
   public static class CookiesAdvice {
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onExit(@Advice.Return final Set<Object> cookies) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
-      if (module != null) {
-        module.taintObjects(SourceTypes.REQUEST_COOKIE_VALUE, cookies);
+      if (module != null && cookies != null && !cookies.isEmpty()) {
+        final IastContext ctx = IastContext.Provider.get();
+        for (final Object cookie : cookies) {
+          module.taint(ctx, cookie, SourceTypes.REQUEST_COOKIE_VALUE);
+        }
       }
     }
   }
@@ -146,11 +150,11 @@ public static void onExit(@Advice.Return final Set<Object> cookies) {
   public static class GetCookieAdvice {
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void onExit(@Advice.Return final Object cookie) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintObject(SourceTypes.REQUEST_COOKIE_VALUE, cookie);
+        module.taint(cookie, SourceTypes.REQUEST_COOKIE_VALUE);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/BufferInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/BufferInstrumentation.java
index 82110a92c66..a8a16ca0660 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/BufferInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/BufferInstrumentation.java
@@ -62,7 +62,7 @@ public static class ToStringAdvice {
     public static void get(@Advice.This final Object self, @Advice.Return final String result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(result, self);
+        module.taintIfTainted(result, self);
       }
     }
   }
@@ -73,7 +73,7 @@ public static class GetByteBuffAdvice {
     public static void get(@Advice.This final Object self, @Advice.Return final Object result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(result, self);
+        module.taintIfTainted(result, self);
       }
     }
   }
@@ -85,7 +85,7 @@ public static void get(
         @Advice.Argument(0) final Object buffer, @Advice.Return final Object result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(result, buffer);
+        module.taintIfTainted(result, buffer);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/MultiMapInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/MultiMapInstrumentation.java
index 8bd6dfab5cd..4d0d8770849 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/MultiMapInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/core/MultiMapInstrumentation.java
@@ -10,11 +10,13 @@
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.bytebuddy.iast.TaintableVisitor;
 import datadog.trace.agent.tooling.muzzle.Reference;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.Taintable.Source;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -73,10 +75,9 @@ public static void afterGet(
         @Advice.Return final String result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
       if (propagation != null) {
-        final Source source = propagation.firstTaintedSource(self);
+        final Source source = propagation.findSource(self);
         if (source != null) {
-          propagation.taintIfInputIsTainted(
-              source.getOrigin(), name == null ? null : name.toString(), result, self);
+          propagation.taint(result, source.getOrigin(), name);
         }
       }
     }
@@ -90,11 +91,13 @@ public static void afterGetAll(
         @Advice.Argument(0) final CharSequence name,
         @Advice.Return final Collection<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        final Source source = propagation.firstTaintedSource(self);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        final Source source = propagation.findSource(self);
         if (source != null) {
-          propagation.taintIfInputIsTainted(
-              source.getOrigin(), name == null ? null : name.toString(), result, self);
+          final IastContext ctx = IastContext.Provider.get();
+          for (final String value : result) {
+            propagation.taint(ctx, value, source.getOrigin(), name);
+          }
         }
       }
     }
@@ -107,10 +110,20 @@ public static void afterEntries(
         @Advice.This final Object self,
         @Advice.Return final List<Map.Entry<String, String>> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        final Source source = propagation.firstTaintedSource(self);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        final Source source = propagation.findSource(self);
         if (source != null) {
-          propagation.taintIfInputIsTainted(source.getOrigin(), result, self);
+          final IastContext ctx = IastContext.Provider.get();
+          final byte nameOrigin = namedSource(source.getOrigin());
+          final Set<String> keys = new HashSet<>();
+          for (final Map.Entry<String, String> entry : result) {
+            final String name = entry.getKey();
+            final String value = entry.getValue();
+            if (keys.add(name)) {
+              propagation.taint(ctx, name, nameOrigin, name);
+            }
+            propagation.taint(ctx, value, source.getOrigin(), name);
+          }
         }
       }
     }
@@ -122,10 +135,14 @@ public static class NamesAdvice {
     public static void afterNames(
         @Advice.This final Object self, @Advice.Return final Set<String> result) {
       final PropagationModule propagation = InstrumentationBridge.PROPAGATION;
-      if (propagation != null) {
-        final Source source = propagation.firstTaintedSource(self);
+      if (propagation != null && result != null && !result.isEmpty()) {
+        final Source source = propagation.findSource(self);
         if (source != null) {
-          propagation.taintIfInputIsTainted(namedSource(source.getOrigin()), result, self);
+          final IastContext ctx = IastContext.Provider.get();
+          final byte nameOrigin = namedSource(source.getOrigin());
+          for (final String name : result) {
+            propagation.taint(ctx, name, nameOrigin, name);
+          }
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/CookieImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/CookieImplInstrumentation.java
index 1973cfdbd09..efdc2cd0194 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/CookieImplInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/CookieImplInstrumentation.java
@@ -50,12 +50,12 @@ public AdviceTransformer transformer() {
 
   public static class GetNameAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_NAME_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_NAME)
     public static void afterGetName(
         @Advice.This final Cookie self, @Advice.Return final String result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(SourceTypes.REQUEST_COOKIE_NAME, result, result, self);
+        module.taintIfTainted(result, self, SourceTypes.REQUEST_COOKIE_NAME, result);
       }
     }
   }
@@ -63,13 +63,12 @@ public static void afterGetName(
   public static class GetValueAdvice {
 
     @Advice.OnMethodExit(suppress = Throwable.class)
-    @Source(SourceTypes.REQUEST_COOKIE_VALUE_STRING)
+    @Source(SourceTypes.REQUEST_COOKIE_VALUE)
     public static void afterGetValue(
         @Advice.This final Cookie self, @Advice.Return final String result) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        module.taintIfInputIsTainted(
-            SourceTypes.REQUEST_COOKIE_VALUE, self.getName(), result, self);
+        module.taintIfTainted(result, self, SourceTypes.REQUEST_COOKIE_VALUE, self.getName());
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/PathParameterPublishingHelper.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/PathParameterPublishingHelper.java
index cac27a03598..07b5e9538a3 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/PathParameterPublishingHelper.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/PathParameterPublishingHelper.java
@@ -9,6 +9,7 @@
 import datadog.trace.api.gateway.Flow;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.propagation.PropagationModule;
@@ -47,9 +48,11 @@ public static Throwable publishParams(Map<String, String> params) {
           } else {
             Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
             brf.tryCommitBlockingResponse(
-                rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+                requestContext.getTraceSegment(),
+                rba.getStatusCode(),
+                rba.getBlockingContentType(),
+                rba.getExtraHeaders());
 
-            requestContext.getTraceSegment().effectivelyBlocked();
             return new BlockingException("Blocked request (for route/matches)");
           }
         }
@@ -57,7 +60,7 @@ public static Throwable publishParams(Map<String, String> params) {
     }
 
     { // iast
-      Object iastRequestContext = requestContext.getData(RequestContextSlot.IAST);
+      IastContext iastRequestContext = requestContext.getData(RequestContextSlot.IAST);
       if (iastRequestContext != null) {
         PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
@@ -68,7 +71,7 @@ public static Throwable publishParams(Map<String, String> params) {
               continue; // should not happen
             }
             module.taint(
-                iastRequestContext, SourceTypes.REQUEST_PATH_PARAMETER, parameterName, value);
+                iastRequestContext, value, SourceTypes.REQUEST_PATH_PARAMETER, parameterName);
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteImplInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteImplInstrumentation.java
index a51acc4e7cc..ae71a83d345 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteImplInstrumentation.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteImplInstrumentation.java
@@ -8,12 +8,16 @@
 
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
+import datadog.trace.agent.tooling.iast.IastPostProcessorFactory;
 import datadog.trace.agent.tooling.muzzle.Reference;
 import java.util.Set;
+import net.bytebuddy.asm.Advice;
 
 @AutoService(Instrumenter.class)
 public class RouteImplInstrumentation extends Instrumenter.Default
-    implements Instrumenter.ForKnownTypes {
+    implements Instrumenter.ForKnownTypes, Instrumenter.WithPostProcessor {
+
+  private Advice.PostProcessor.Factory postProcessorFactory;
 
   public RouteImplInstrumentation() {
     super("vertx", "vertx-4.0");
@@ -26,8 +30,11 @@ public Reference[] additionalMuzzleReferences() {
 
   @Override
   public boolean isApplicable(Set<TargetSystem> enabledSystems) {
-    return enabledSystems.contains(TargetSystem.APPSEC)
-        || enabledSystems.contains(TargetSystem.IAST);
+    if (enabledSystems.contains(TargetSystem.IAST)) {
+      postProcessorFactory = IastPostProcessorFactory.INSTANCE;
+      return true;
+    }
+    return enabledSystems.contains(TargetSystem.APPSEC);
   }
 
   @Override
@@ -69,4 +76,9 @@ public void adviceTransformations(AdviceTransformation transformation) {
             .and(returns(boolean.class)),
         packageName + ".RouteMatchesAdvice$BooleanReturnVariant");
   }
+
+  @Override
+  public Advice.PostProcessor.Factory postProcessor() {
+    return postProcessorFactory;
+  }
 }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteMatchesAdvice.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteMatchesAdvice.java
index b21616aa1ad..80ab5bed5a4 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteMatchesAdvice.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RouteMatchesAdvice.java
@@ -8,7 +8,7 @@
 
 class RouteMatchesAdvice {
   @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-  @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+  @Source(SourceTypes.REQUEST_PATH_PARAMETER)
   static void after(
       @Advice.Return int ret,
       @Advice.Argument(0) final RoutingContext ctx,
@@ -27,7 +27,7 @@ static void after(
 
   static class BooleanReturnVariant {
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
-    @Source(SourceTypes.REQUEST_PATH_PARAMETER_STRING)
+    @Source(SourceTypes.REQUEST_PATH_PARAMETER)
     static void after(
         @Advice.Return boolean ret,
         @Advice.Argument(0) final RoutingContext ctx,
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RoutingContextJsonAdvice.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RoutingContextJsonAdvice.java
index 33821e8c501..ac48d8d77b8 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RoutingContextJsonAdvice.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/RoutingContextJsonAdvice.java
@@ -46,8 +46,10 @@ static void after(
       }
       Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
       blockResponseFunction.tryCommitBlockingResponse(
-          rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-      reqCtx.getTraceSegment().effectivelyBlocked();
+          reqCtx.getTraceSegment(),
+          rba.getStatusCode(),
+          rba.getBlockingContentType(),
+          rba.getExtraHeaders());
       if (throwable == null) {
         throwable = new BlockingException("Blocked request (for RoutingContextImpl/getBodyAsJson)");
       }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/WafPublishingBodyHandler.java b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/WafPublishingBodyHandler.java
index f1ff3001253..e90d72ad710 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/WafPublishingBodyHandler.java
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/main/java/datadog/trace/instrumentation/vertx_4_0/server/WafPublishingBodyHandler.java
@@ -71,8 +71,10 @@ private void publishRequestBody(Object body) {
         }
         Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
         blockResponseFunction.tryCommitBlockingResponse(
-            rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
-        reqCtx.getTraceSegment().effectivelyBlocked();
+            reqCtx.getTraceSegment(),
+            rba.getStatusCode(),
+            rba.getBlockingContentType(),
+            rba.getExtraHeaders());
         throw new BlockingException(
             "Blocked request (for Buffer/toString or Buffer/toJson{Object,Array})");
       }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/client/VertxHttpClientForkedTest.groovy b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/client/VertxHttpClientForkedTest.groovy
index 1c28b437401..b1a5ba3f1f4 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/client/VertxHttpClientForkedTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/client/VertxHttpClientForkedTest.groovy
@@ -8,6 +8,8 @@ import io.vertx.core.VertxOptions
 import io.vertx.core.http.HttpClientOptions
 import io.vertx.core.http.HttpClientResponse
 import io.vertx.core.http.HttpMethod
+import io.vertx.core.http.RequestOptions
+import io.vertx.core.http.impl.NoStackTraceTimeoutException
 import spock.lang.AutoCleanup
 import spock.lang.Shared
 
@@ -37,9 +39,20 @@ class VertxHttpClientForkedTest extends HttpClientTest implements TestingNettyHt
 
   @Override
   int doRequest(String method, URI uri, Map<String, String> headers, String body, Closure callback) {
+    return doRequest(method, uri, headers, body, callback, -1)
+  }
+
+  int doRequest(String method, URI uri, Map<String, String> headers, String body, Closure callback, long timeout) {
     CompletableFuture<HttpClientResponse> future = new CompletableFuture<>()
 
-    httpClient.request(HttpMethod.valueOf(method), uri.port, uri.host, "$uri", { requestReadyToBeSend ->
+    RequestOptions requestOptions = new RequestOptions()
+      .setMethod(HttpMethod.valueOf(method))
+      .setHost(uri.host)
+      .setPort(uri.port)
+      .setURI(uri.toString())
+      .setTimeout(timeout)
+
+    httpClient.request(requestOptions, { requestReadyToBeSend ->
       def request = requestReadyToBeSend.result()
       headers.each { request.putHeader(it.key, it.value) }
       request.send(body, { response ->
@@ -52,7 +65,8 @@ class VertxHttpClientForkedTest extends HttpClientTest implements TestingNettyHt
       })
     })
 
-    return future.get(10, TimeUnit.SECONDS).statusCode()
+    HttpClientResponse response = future.get(10, TimeUnit.SECONDS)
+    return response == null ? 0 : response.statusCode()
   }
 
   @Override
@@ -74,4 +88,23 @@ class VertxHttpClientForkedTest extends HttpClientTest implements TestingNettyHt
     // FIXME: figure out how to configure timeouts.
     false
   }
+
+  def "handle timeout"() {
+    when:
+    def status = doRequest(method, url, [:], "", null, timeout)
+
+    then:
+    status == 0
+    assertTraces(1) {
+      trace(size(1)) {
+        clientSpan(it, null, method, false, false, url, null, true, ex)
+      }
+    }
+
+    where:
+    timeout = 1000
+    method = "GET"
+    url = server.address.resolve("/timeout")
+    ex = new NoStackTraceTimeoutException("The timeout period of ${timeout}ms has been exceeded while executing GET http://localhost:${url.port}/timeout for server localhost:${url.port}")
+  }
 }
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/BufferInstrumentationTest.groovy b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/BufferInstrumentationTest.groovy
index 6a6d9f05f49..29aba239e1e 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/BufferInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/BufferInstrumentationTest.groovy
@@ -27,7 +27,7 @@ class BufferInstrumentationTest extends AgentTestRunner {
     method.call(buffer)
 
     then:
-    1 * module.taintIfInputIsTainted(_, buffer)
+    1 * module.taintIfTainted(_, buffer)
 
     where:
     _ | method
@@ -46,7 +46,7 @@ class BufferInstrumentationTest extends AgentTestRunner {
     method.call(buffer, tainted)
 
     then:
-    1 * module.taintIfInputIsTainted(buffer, tainted)
+    1 * module.taintIfTainted(buffer, tainted)
 
     where:
     _ | method
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/MultiMapInstrumentationTest.groovy b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/MultiMapInstrumentationTest.groovy
index 8fae3406c4f..85deed3ce6b 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/MultiMapInstrumentationTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/core/MultiMapInstrumentationTest.groovy
@@ -36,8 +36,15 @@ class MultiMapInstrumentationTest extends AgentTestRunner {
     instance.get('key')
 
     then:
-    1 * module.firstTaintedSource(instance) >> { mockedSource(origin) }
-    1 * module.taintIfInputIsTainted(origin, 'key', 'value', instance)
+    1 * module.findSource(instance) >> { null }
+    0 * _
+
+    when:
+    instance.get('key')
+
+    then:
+    1 * module.findSource(instance) >> { mockedSource(origin) }
+    1 * module.taint('value', origin, 'key')
 
     where:
     instance << multiMaps()
@@ -54,8 +61,16 @@ class MultiMapInstrumentationTest extends AgentTestRunner {
     instance.getAll('key')
 
     then:
-    1 * module.firstTaintedSource(instance) >> { mockedSource(origin) }
-    1 * module.taintIfInputIsTainted(origin, 'key', ['value1', 'value2'], instance)
+    1 * module.findSource(instance) >> { null }
+    0 * _
+
+    when:
+    instance.getAll('key')
+
+    then:
+    1 * module.findSource(instance) >> { mockedSource(origin) }
+    1 * module.taint(_, 'value1', origin, 'key')
+    1 * module.taint(_, 'value2', origin, 'key')
 
     where:
     instance << multiMaps()
@@ -72,11 +87,15 @@ class MultiMapInstrumentationTest extends AgentTestRunner {
     instance.names()
 
     then:
-    1 * module.firstTaintedSource(instance) >> { mockedSource(origin) }
-    1 * module.taintIfInputIsTainted(namedSource(origin), _, instance) >> {
-      final names = it[1] as List<String>
-      assert names == ['key']
-    }
+    1 * module.findSource(instance) >> { null }
+    0 * _
+
+    when:
+    instance.names()
+
+    then:
+    1 * module.findSource(instance) >> { mockedSource(origin) }
+    1 * module.taint(_, 'key', namedSource(origin), 'key')
 
     where:
     instance << multiMaps()
@@ -95,8 +114,17 @@ class MultiMapInstrumentationTest extends AgentTestRunner {
     instance.entries()
 
     then:
-    1 * module.firstTaintedSource(instance) >> { mockedSource(origin) }
-    1 * module.taintIfInputIsTainted(origin, _, instance)
+    1 * module.findSource(instance) >> { null }
+    0 * _
+
+    when:
+    instance.entries()
+
+    then:
+    1 * module.findSource(instance) >> { mockedSource(origin) }
+    1 * module.taint(_, 'key', namedSource(origin), 'key')
+    1 * module.taint(_, 'value1', origin, 'key')
+    1 * module.taint(_, 'value2', origin, 'key')
 
     where:
     instance << multiMaps()
diff --git a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/server/VertxHttpServerForkedTest.groovy b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/server/VertxHttpServerForkedTest.groovy
index 89b55bac3b0..a79fe77403c 100644
--- a/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/server/VertxHttpServerForkedTest.groovy
+++ b/dd-java-agent/instrumentation/vertx-web-4.0/src/test/groovy/server/VertxHttpServerForkedTest.groovy
@@ -41,6 +41,11 @@ class VertxHttpServerForkedTest extends HttpServerTest<Vertx> {
     "netty.request"
   }
 
+  @Override
+  protected boolean enabledFinishTimingChecks() {
+    true
+  }
+
   @Override
   String testPathParam() {
     routerBasePath() + "path/:id/param"
@@ -82,6 +87,11 @@ class VertxHttpServerForkedTest extends HttpServerTest<Vertx> {
     true
   }
 
+  @Override
+  boolean testBlockingOnResponse() {
+    true
+  }
+
   @Override
   boolean isRequestBodyNoStreaming() {
     true
diff --git a/dd-java-agent/src/main/java/datadog/trace/bootstrap/AgentBootstrap.java b/dd-java-agent/src/main/java/datadog/trace/bootstrap/AgentBootstrap.java
index 67f41c09844..332f41f469b 100644
--- a/dd-java-agent/src/main/java/datadog/trace/bootstrap/AgentBootstrap.java
+++ b/dd-java-agent/src/main/java/datadog/trace/bootstrap/AgentBootstrap.java
@@ -55,10 +55,7 @@ public static void premain(final String agentArgs, final Instrumentation inst) {
   }
 
   public static void agentmain(final String agentArgs, final Instrumentation inst) {
-    if (checkAndLogIfInitializedTwice(System.out)) {
-      return;
-    }
-    if (checkAndLogIfLessThanJava8()) {
+    if (alreadyInitialized() || lessThanJava8() || isJdkTool()) {
       return;
     }
 
@@ -95,12 +92,12 @@ static boolean exceptionCauseChainContains(Throwable ex, String exClassName) {
     return false;
   }
 
-  private static boolean checkAndLogIfLessThanJava8() {
-    return checkAndLogIfLessThanJava8(System.getProperty("java.version"), System.out);
+  private static boolean lessThanJava8() {
+    return lessThanJava8(System.getProperty("java.version"), System.out);
   }
 
   // Reachable for testing
-  static boolean checkAndLogIfLessThanJava8(String version, PrintStream output) {
+  static boolean lessThanJava8(String version, PrintStream output) {
     if (parseJavaMajorVersion(version) < 8) {
       String agentVersion = "This version"; // If we can't find the agent version
       try {
@@ -121,16 +118,56 @@ static boolean checkAndLogIfLessThanJava8(String version, PrintStream output) {
     return false;
   }
 
-  static boolean checkAndLogIfInitializedTwice(final PrintStream output) {
+  private static boolean alreadyInitialized() {
     if (initialized) {
-      output.println(
-          "Warning: dd-java-agent is being initialized more than once. Please, check that you are defining -javaagent:dd-java-agent.jar only once.");
+      System.out.println(
+          "Warning: dd-java-agent is being initialized more than once. Please check that you are defining -javaagent:dd-java-agent.jar only once.");
       return true;
     }
     initialized = true;
     return false;
   }
 
+  private static boolean isJdkTool() {
+    String moduleMain = System.getProperty("jdk.module.main");
+    if (null != moduleMain && !moduleMain.isEmpty() && moduleMain.charAt(0) == 'j') {
+      switch (moduleMain) {
+        case "java.base": // keytool
+        case "java.corba":
+        case "java.desktop":
+        case "java.rmi":
+        case "java.scripting":
+        case "java.security.jgss":
+        case "jdk.aot":
+        case "jdk.compiler":
+        case "jdk.dev":
+        case "jdk.hotspot.agent":
+        case "jdk.httpserver":
+        case "jdk.jartool":
+        case "jdk.javadoc":
+        case "jdk.jcmd":
+        case "jdk.jconsole":
+        case "jdk.jdeps":
+        case "jdk.jdi":
+        case "jdk.jfr":
+        case "jdk.jlink":
+        case "jdk.jpackage":
+        case "jdk.jshell":
+        case "jdk.jstatd":
+        case "jdk.jvmstat.rmi":
+        case "jdk.pack":
+        case "jdk.pack200":
+        case "jdk.policytool":
+        case "jdk.rmic":
+        case "jdk.scripting.nashorn.shell":
+        case "jdk.xml.bind":
+        case "jdk.xml.ws":
+          return true;
+      }
+    }
+    return false;
+  }
+
   // Reachable for testing
   static int parseJavaMajorVersion(String version) {
     int major = 0;
@@ -158,7 +195,7 @@ static int parseJavaMajorVersion(String version) {
   }
 
   public static void main(final String[] args) {
-    if (checkAndLogIfLessThanJava8()) {
+    if (lessThanJava8()) {
       return;
     }
     AgentJar.main(args);
diff --git a/dd-java-agent/src/test/groovy/datadog/trace/agent/CustomLogManagerTest.groovy b/dd-java-agent/src/test/groovy/datadog/trace/agent/CustomLogManagerTest.groovy
index fad6e50cb2e..9ff2d97e32d 100644
--- a/dd-java-agent/src/test/groovy/datadog/trace/agent/CustomLogManagerTest.groovy
+++ b/dd-java-agent/src/test/groovy/datadog/trace/agent/CustomLogManagerTest.groovy
@@ -55,7 +55,7 @@ class CustomLogManagerTest extends Specification {
         "-Djava.util.logging.manager=jvmbootstraptest.MissingLogManager"
       ] as String[]
       , "" as String[]
-      , ["DD_API_KEY": API_KEY]
+      , ["DD_API_KEY": API_KEY, "DD_SITE": ""]
       , true) == 0
   }
 
@@ -87,7 +87,7 @@ class CustomLogManagerTest extends Specification {
         "-Ddd.app.customjmxbuilder=false"
       ] as String[]
       , "" as String[]
-      , ["JBOSS_HOME": "/", "DD_API_KEY": API_KEY]
+      , ["JBOSS_HOME": "/", "DD_API_KEY": API_KEY, "DD_SITE": ""]
       , true) == 0
   }
 
diff --git a/dd-java-agent/src/test/groovy/datadog/trace/agent/integration/classloading/ShadowPackageRenamingTest.groovy b/dd-java-agent/src/test/groovy/datadog/trace/agent/integration/classloading/ShadowPackageRenamingTest.groovy
index 47f0c8bc483..a5dc8229d67 100644
--- a/dd-java-agent/src/test/groovy/datadog/trace/agent/integration/classloading/ShadowPackageRenamingTest.groovy
+++ b/dd-java-agent/src/test/groovy/datadog/trace/agent/integration/classloading/ShadowPackageRenamingTest.groovy
@@ -17,7 +17,7 @@ class ShadowPackageRenamingTest extends Specification {
     final URL agentOkioDep =
       ddClass
       .getClassLoader()
-      .loadClass("okio.BufferedSink")
+      .loadClass("datadog.okio.BufferedSink")
       .getProtectionDomain()
       .getCodeSource()
       .getLocation()
diff --git a/dd-java-agent/src/test/groovy/datadog/trace/bootstrap/AgentBootstrapTest.groovy b/dd-java-agent/src/test/groovy/datadog/trace/bootstrap/AgentBootstrapTest.groovy
index 1f024abfb05..ddeb330b672 100644
--- a/dd-java-agent/src/test/groovy/datadog/trace/bootstrap/AgentBootstrapTest.groovy
+++ b/dd-java-agent/src/test/groovy/datadog/trace/bootstrap/AgentBootstrapTest.groovy
@@ -52,7 +52,7 @@ class AgentBootstrapTest extends Specification {
     def logStream = new PrintStream(baos)
 
     when:
-    def isLowerThan8 = AgentBootstrap.checkAndLogIfLessThanJava8(version, logStream)
+    def isLowerThan8 = AgentBootstrap.lessThanJava8(version, logStream)
     logStream.flush()
     def logLines = Arrays.asList(baos.toString().split('\n'))
     // If the list only contains a single String and that is the empty String, then the set is empty
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/AgentTestRunner.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/AgentTestRunner.groovy
index 91025a982b8..3d1798b5548 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/AgentTestRunner.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/AgentTestRunner.groovy
@@ -16,9 +16,13 @@ import datadog.trace.agent.tooling.Instrumenter
 import datadog.trace.agent.tooling.TracerInstaller
 import datadog.trace.agent.tooling.bytebuddy.matcher.GlobalIgnores
 import datadog.trace.api.*
+import datadog.trace.api.config.GeneralConfig
 import datadog.trace.api.config.TracerConfig
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.internal.TraceSegment
 import datadog.trace.api.time.SystemTimeSource
 import datadog.trace.bootstrap.ActiveSubsystems
+import datadog.trace.bootstrap.CallDepthThreadLocalMap
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer.TracerAPI
 import datadog.trace.bootstrap.instrumentation.api.AgentDataStreamsMonitoring
@@ -31,7 +35,6 @@ import datadog.trace.core.CoreTracer
 import datadog.trace.core.DDSpan
 import datadog.trace.core.PendingTrace
 import datadog.trace.core.datastreams.DefaultDataStreamsMonitoring
-import datadog.trace.core.datastreams.NoopDataStreamsMonitoring
 import datadog.trace.test.util.DDSpecification
 import datadog.trace.util.Strings
 import de.thetaphi.forbiddenapis.SuppressForbidden
@@ -48,11 +51,13 @@ import okhttp3.OkHttpClient
 import org.junit.runner.RunWith
 import org.slf4j.LoggerFactory
 import org.spockframework.mock.MockUtil
+import org.spockframework.mock.runtime.MockInvocation
 import spock.lang.Shared
 
 import java.lang.instrument.ClassFileTransformer
 import java.lang.instrument.Instrumentation
 import java.nio.ByteBuffer
+import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.TimeUnit
 import java.util.concurrent.TimeoutException
 import java.util.concurrent.atomic.AtomicInteger
@@ -171,8 +176,66 @@ abstract class AgentTestRunner extends DDSpecification implements AgentBuilder.L
   @Shared
   boolean isLatestDepTest = Boolean.getBoolean('test.dd.latestDepTest')
 
+  @SuppressWarnings('PropertyName')
+  @Shared
+  TraceConfig MOCK_DSM_TRACE_CONFIG = new TraceConfig() {
+    @Override
+    boolean isDebugEnabled() {
+      return true
+    }
+
+    @Override
+    boolean isRuntimeMetricsEnabled() {
+      return true
+    }
+
+    @Override
+    boolean isLogsInjectionEnabled() {
+      return true
+    }
+
+    @Override
+    boolean isDataStreamsEnabled() {
+      return AgentTestRunner.this.isDataStreamsEnabled()
+    }
+
+    @Override
+    Map<String, String> getServiceMapping() {
+      return null
+    }
+
+    @Override
+    Map<String, String> getRequestHeaderTags() {
+      return null
+    }
+
+    @Override
+    Map<String, String> getResponseHeaderTags() {
+      return null
+    }
+
+    @Override
+    Map<String, String> getBaggageMapping() {
+      return null
+    }
+
+    @Override
+    Double getTraceSampleRate() {
+      return null
+    }
+  }
+
   boolean originalAppSecRuntimeValue
 
+  @Shared
+  ConcurrentHashMap<DDSpan, List<Exception>> spanFinishLocations = new ConcurrentHashMap<>()
+  @Shared
+  ConcurrentHashMap<DDSpan, DDSpan> originalToSpySpan = new ConcurrentHashMap<>()
+
+  protected boolean enabledFinishTimingChecks() {
+    false
+  }
+
   protected boolean isDataStreamsEnabled() {
     return false
   }
@@ -221,13 +284,12 @@ abstract class AgentTestRunner extends DDSpecification implements AgentBuilder.L
 
         void register(EventListener listener) {}
       }
-    TEST_DATA_STREAMS_MONITORING = new NoopDataStreamsMonitoring()
-    if (isDataStreamsEnabled()) {
-      // Fast enough so tests don't take forever
-      long bucketDuration = TimeUnit.MILLISECONDS.toNanos(50)
-      WellKnownTags wellKnownTags = new WellKnownTags("runtimeid", "hostname", "my-env", "service", "version", "language")
-      TEST_DATA_STREAMS_MONITORING = new DefaultDataStreamsMonitoring(sink, features, SystemTimeSource.INSTANCE, wellKnownTags, TEST_DATA_STREAMS_WRITER, bucketDuration)
-    }
+
+    // Fast enough so tests don't take forever
+    long bucketDuration = TimeUnit.MILLISECONDS.toNanos(50)
+    WellKnownTags wellKnownTags = new WellKnownTags("runtimeid", "hostname", "my-env", "service", "version", "language")
+    TEST_DATA_STREAMS_MONITORING = new DefaultDataStreamsMonitoring(sink, features, SystemTimeSource.INSTANCE, { MOCK_DSM_TRACE_CONFIG }, wellKnownTags, TEST_DATA_STREAMS_WRITER, bucketDuration)
+
     TEST_WRITER = new ListWriter()
 
     if (isTestAgentEnabled()) {
@@ -253,10 +315,70 @@ abstract class AgentTestRunner extends DDSpecification implements AgentBuilder.L
     TEST_TRACER.registerCheckpointer(TEST_CHECKPOINTER)
     TracerInstaller.forceInstallGlobalTracer(TEST_TRACER)
 
+    boolean enabledFinishTimingChecks = this.enabledFinishTimingChecks()
     TEST_TRACER.startSpan(*_) >> {
-      def agentSpan = callRealMethod()
+      DDSpan agentSpan = callRealMethod()
       TEST_SPANS.add(agentSpan.spanId)
-      agentSpan
+      if (!enabledFinishTimingChecks) {
+        return agentSpan
+      }
+
+      // rest of closure if for checking duplicate finishes and tags set after finish
+      DDSpan spiedAgentSpan = Spy(agentSpan)
+      originalToSpySpan[agentSpan] = spiedAgentSpan
+      def handleFinish = { MockInvocation mi ->
+        def depth = CallDepthThreadLocalMap.incrementCallDepth(DDSpan)
+        try {
+          if (depth > 0) {
+            return
+          }
+          List<Exception> locations
+          List<Exception> newLocations
+          do {
+            locations = spanFinishLocations.get(agentSpan)
+            newLocations = (locations ?: []) + new Exception()
+          } while (!(locations == null ?
+          spanFinishLocations.putIfAbsent(agentSpan, newLocations) == null :
+          spanFinishLocations.replace(agentSpan, locations, newLocations)))
+            mi.callRealMethod()
+        } finally {
+          CallDepthThreadLocalMap.decrementCallDepth(DDSpan)
+        }
+      }
+      spiedAgentSpan.finish() >> {
+        handleFinish(delegate)
+      }
+      spiedAgentSpan.finish(_ as long) >> {
+        handleFinish(delegate)
+      }
+      spiedAgentSpan.finishWithDuration() >> {
+        handleFinish(delegate)
+      }
+      spiedAgentSpan.finishWithEndToEnd() >> {
+        handleFinish(delegate)
+      }
+      spiedAgentSpan.getLocalRootSpan() >> {
+        DDSpan unwrappedSpan = callRealMethod()
+        originalToSpySpan.getOrDefault(unwrappedSpan, unwrappedSpan)
+      }
+      RequestContext requestContext = agentSpan.getRequestContext()
+      TraceSegment segment = requestContext.getTraceSegment()
+      RequestContext spiedReqCtx = Spy(requestContext)
+      TraceSegment checkedSegment = new PreconditionCheckTraceSegment(
+        check: {
+          -> if (spiedAgentSpan.localRootSpan.isFinished()) {
+            throw new AssertionError("Interaction with TraceSegment after root span has already finished: $spiedAgentSpan")
+          }},
+        delegate: segment
+        )
+      spiedAgentSpan.getRequestContext() >> {
+        spiedReqCtx
+      }
+      spiedReqCtx.getTraceSegment() >> {
+        checkedSegment
+      }
+
+      spiedAgentSpan
     }
 
     assert ServiceLoader.load(Instrumenter, AgentTestRunner.getClassLoader())
@@ -269,6 +391,7 @@ abstract class AgentTestRunner extends DDSpecification implements AgentBuilder.L
   /** Override to set config before the agent is installed */
   protected void configurePreAgent() {
     injectSysConfig(TracerConfig.SCOPE_ITERATION_KEEP_ALIVE, "1") // don't let iteration spans linger
+    injectSysConfig(GeneralConfig.DATA_STREAMS_ENABLED, String.valueOf(isDataStreamsEnabled()))
   }
 
   void setup() {
@@ -336,6 +459,74 @@ abstract class AgentTestRunner extends DDSpecification implements AgentBuilder.L
     util.detachMock(TEST_CHECKPOINTER)
 
     ActiveSubsystems.APPSEC_ACTIVE = originalAppSecRuntimeValue
+
+    try {
+      if (enabledFinishTimingChecks()) {
+        doCheckRepeatedFinish()
+      }
+    } finally {
+      spanFinishLocations.clear()
+      originalToSpySpan.clear()
+    }
+  }
+
+  private void doCheckRepeatedFinish() {
+    for (Map.Entry<DDSpan, List<Exception>> entry: this.spanFinishLocations.entrySet()) {
+      if (entry.value.size() == 1) {
+        continue
+      }
+      def sw = new StringWriter()
+      PrintWriter pw = new PrintWriter(sw)
+      entry.value.eachWithIndex { Exception e, int i ->
+        pw.write('\n' as char)
+        pw.write "Location $i:\n"
+        def st = e.stackTrace
+        int loc = st.findIndexOf {
+          it.className.startsWith('datadog.trace.core.DDSpan$SpockMock$') &&
+            it.methodName.startsWith('finish')
+        }
+        for (int j = loc == -1 ? 0 : loc; j < st.length; j++) {
+          pw.println("\tat ${st[j]}")
+        }
+      }
+      pw.flush()
+      throw new AssertionError("The span ${entry.key} was finished more than once.\n${sw}")
+    }
+  }
+
+  class PreconditionCheckTraceSegment implements TraceSegment {
+    Closure check
+    TraceSegment delegate
+
+    @Override
+    void setTagTop(String key, Object value, boolean sanitize) {
+      check()
+      delegate.setTagTop(key, value, sanitize)
+    }
+
+    @Override
+    void setTagCurrent(String key, Object value, boolean sanitize) {
+      check()
+      delegate.setTagCurrent(key, value, sanitize)
+    }
+
+    @Override
+    void setDataTop(String key, Object value) {
+      check()
+      delegate.setDataTop(key, value)
+    }
+
+    @Override
+    void effectivelyBlocked() {
+      check()
+      delegate.effectivelyBlocked()
+    }
+
+    @Override
+    void setDataCurrent(String key, Object value) {
+      check()
+      delegate.setDataCurrent(key, value)
+    }
   }
 
   /** Override to clean up things after the agent is removed */
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/TestProfilingContextIntegration.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/TestProfilingContextIntegration.groovy
index ee645f3f765..a03b1a1824f 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/TestProfilingContextIntegration.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/TestProfilingContextIntegration.groovy
@@ -1,7 +1,7 @@
 package datadog.trace.agent.test
 
-import datadog.trace.api.experimental.ProfilingContextSetter
-import datadog.trace.api.experimental.ProfilingScope
+import datadog.trace.api.profiling.ProfilingContextAttribute
+import datadog.trace.api.profiling.ProfilingScope
 import datadog.trace.bootstrap.instrumentation.api.ProfilerContext
 import datadog.trace.bootstrap.instrumentation.api.ProfilingContextIntegration
 
@@ -42,8 +42,8 @@ class TestProfilingContextIntegration implements ProfilingContextIntegration {
   }
 
   @Override
-  ProfilingContextSetter createContextSetter(String attribute) {
-    return ProfilingContextSetter.NoOp.INSTANCE
+  ProfilingContextAttribute createContextAttribute(String attribute) {
+    return ProfilingContextAttribute.NoOp.INSTANCE
   }
 
   @Override
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/asserts/TagsAssert.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/asserts/TagsAssert.groovy
index 5048b18096d..c1e9defdaa2 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/asserts/TagsAssert.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/asserts/TagsAssert.groovy
@@ -60,7 +60,7 @@ class TagsAssert {
     assertedTags.add(DDTags.PID_TAG)
     assertedTags.add(DDTags.SCHEMA_VERSION_TAG_KEY)
     assertedTags.add(DDTags.PROFILING_ENABLED)
-
+    assertedTags.add(DDTags.BASE_SERVICE)
 
     assert tags["thread.name"] != null
     assert tags["thread.id"] != null
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpClientTest.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpClientTest.groovy
index 881f5b2e0c6..418bd56eebf 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpClientTest.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpClientTest.groovy
@@ -87,6 +87,10 @@ abstract class HttpClientTest extends VersionedNamingTestBase {
           .addHeader('x-datadog-test-response-header', 'baz')
           .send(msg)
       }
+      prefix("/timeout") {
+        Thread.sleep(10_000)
+        throw new IllegalStateException("Should never happen")
+      }
     }
   }
 
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy
index d46e426ca35..f8561bdbbc3 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy
@@ -23,6 +23,7 @@ import datadog.trace.api.gateway.IGSpanInfo
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.http.StoredBodySupplier
+import datadog.trace.api.iast.IastContext
 import datadog.trace.api.normalize.SimpleHttpPathNormalizer
 import datadog.trace.bootstrap.blocking.BlockingActionHelper
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
@@ -104,7 +105,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
   }
 
   @CompileStatic
-  def setupSpec() {
+  void setupSpec() {
     // Register the Instrumentation Gateway callbacks
     def ss = get().getSubscriptionService(RequestContextSlot.APPSEC)
     def callbacks = new IGCallbacks()
@@ -362,6 +363,10 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
     true
   }
 
+  boolean testResponseHeadersMapping() {
+    true // bug in liberty-20
+  }
+
   @Override
   int version() {
     return 0
@@ -384,6 +389,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
     BODY_URLENCODED("body-urlencoded?ignore=pair", 200, '[a:[x]]'),
     BODY_MULTIPART("body-multipart?ignore=pair", 200, '[a:[x]]'),
     BODY_JSON("body-json", 200, '{"a":"x"}'),
+    BODY_XML("body-xml", 200, '<foo attr="attr_value">mytext<bar/></foo>'),
     REDIRECT("redirect", 302, "/redirected"),
     FORWARDED("forwarded", 200, "1.2.3.4"),
     ERROR("error-status", 500, "controller error"), // "error" is a special path for some frameworks
@@ -685,6 +691,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
   @Flaky(value = "https://github.com/DataDog/dd-trace-java/issues/4690", suites = ["MuleHttpServerForkedTest"])
   def "test QUERY_ENCODED_BOTH with response header x-ig-response-header tag mapping"() {
     setup:
+    assumeTrue(testResponseHeadersMapping())
     def endpoint = QUERY_ENCODED_BOTH
     def method = 'GET'
     def body = null
@@ -1627,7 +1634,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
 
   def 'test blocking of request for request body variant #variant'() {
     setup:
-    assumeTrue(testUserBlocking())
+    assumeTrue(testBlocking())
     assumeTrue(executeTest)
 
     def request = request(
@@ -1718,8 +1725,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
           if (blockResponseFunction == null) {
             throw new UnsupportedOperationException("Do not know how to commit blocking response for this server")
           }
-          reqCtx.getTraceSegment().effectivelyBlocked()
-          blockResponseFunction.tryCommitBlockingResponse(statusCode, type, extraHeaders)
+          blockResponseFunction.tryCommitBlockingResponse(reqCtx.traceSegment, statusCode, type, extraHeaders)
         }
       }
     Blocking.blockingService = bs
@@ -1939,6 +1945,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
   static final String IG_PARAMETERS_BLOCK_HEADER = "x-block-parameters"
   static final String IG_BODY_END_BLOCK_HEADER = "x-block-body-end"
   static final String IG_BODY_CONVERTED_HEADER = "x-block-body-converted"
+  static final String IG_ASK_FOR_RESPONSE_HEADER_TAGS_HEADER = "x-include-response-headers-in-tags"
   static final String IG_PEER_ADDRESS = "ig-peer-address"
   static final String IG_PEER_PORT = "ig-peer-port"
   static final String IG_RESPONSE_STATUS = "ig-response-status"
@@ -1960,6 +1967,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
       String responseBlock
       boolean bodyEndBlock
       boolean bodyConvertedBlock
+      boolean responseHeadersInTags
     }
 
     static final String stringOrEmpty(String string) {
@@ -2010,6 +2018,9 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
       if (IG_BODY_CONVERTED_HEADER.equalsIgnoreCase(key)) {
         context.bodyConvertedBlock = true
       }
+      if (IG_ASK_FOR_RESPONSE_HEADER_TAGS_HEADER.equalsIgnoreCase(key)) {
+        context.responseHeadersInTags = true
+      }
     } as TriConsumer<RequestContext, String, String>
 
     final Function<RequestContext, Flow<Void>> requestHeaderDoneCb =
@@ -2086,8 +2097,9 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
           [
             it.key,
             (it.value instanceof Iterable || it.value instanceof String[]) ? it.value : [it.value]
-          ]}
-      } else if (!(obj instanceof String)) {
+          ]
+        }
+      } else if (!(obj instanceof String) && !(obj instanceof List)) {
         obj = obj.properties
           .findAll { it.key != 'class' }
           .collectEntries { [it.key, it.value instanceof Iterable ? it.value : [it.value]] }
@@ -2113,6 +2125,9 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
     final TriConsumer<RequestContext, String, String> responseHeaderCb =
     { RequestContext rqCtxt, String key, String value ->
       Context context = rqCtxt.getData(RequestContextSlot.APPSEC)
+      if (context.responseHeadersInTags) {
+        context.tags["response.header.${key.toLowerCase()}"] = value
+      }
       if (IG_RESPONSE_HEADER.equalsIgnoreCase(key)) {
         context.igResponseHeaderValue = stringOrEmpty(context.igResponseHeaderValue) + value
       }
@@ -2155,7 +2170,7 @@ abstract class HttpServerTest<SERVER> extends WithHttpServer<SERVER> {
   }
 
   class IastIGCallbacks {
-    static class Context {
+    static class Context implements IastContext {
     }
 
     final Supplier<Flow<Context>> requestStartedCb =
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/WithHttpServer.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/WithHttpServer.groovy
index 1be5fdbd744..235aa2a7933 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/WithHttpServer.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/base/WithHttpServer.groovy
@@ -8,6 +8,8 @@ import okhttp3.OkHttpClient
 import spock.lang.Shared
 import spock.lang.Subject
 
+import java.lang.management.ManagementFactory
+import java.lang.management.RuntimeMXBean
 import java.util.concurrent.TimeUnit
 import java.util.concurrent.TimeoutException
 
@@ -16,8 +18,12 @@ abstract class WithHttpServer<SERVER> extends VersionedNamingTestBase {
   @Shared
   @Subject
   HttpServer server
+
+  @Lazy
+  private static int timeoutValue = debugging ? 1500 : 15
+
   @Shared
-  OkHttpClient client = OkHttpUtils.client(15, 15, TimeUnit.SECONDS)
+  OkHttpClient client = OkHttpUtils.client(timeoutValue, timeoutValue, TimeUnit.SECONDS)
 
   @Shared
   URI address = null
@@ -93,4 +99,15 @@ abstract class WithHttpServer<SERVER> extends VersionedNamingTestBase {
   void stopServer(SERVER server) {
     throw new UnsupportedOperationException()
   }
+
+  private static boolean isDebugging() {
+    RuntimeMXBean runtimeMXBean = ManagementFactory.runtimeMXBean
+    List<String> inputArguments = runtimeMXBean.inputArguments
+    for (String arg : inputArguments) {
+      if (arg.contains("-agentlib:jdwp")) {
+        return true
+      }
+    }
+    false
+  }
 }
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/datastreams/RecordingDatastreamsPayloadWriter.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/datastreams/RecordingDatastreamsPayloadWriter.groovy
index b231b1edc11..4ddb26b51af 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/datastreams/RecordingDatastreamsPayloadWriter.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/datastreams/RecordingDatastreamsPayloadWriter.groovy
@@ -3,10 +3,11 @@ package datadog.trace.agent.test.datastreams
 import datadog.trace.core.datastreams.DatastreamsPayloadWriter
 import datadog.trace.core.datastreams.StatsBucket
 import datadog.trace.core.datastreams.StatsGroup
-
+import groovy.util.logging.Slf4j
 
 import java.util.concurrent.TimeUnit
 
+@Slf4j
 class RecordingDatastreamsPayloadWriter implements DatastreamsPayloadWriter {
   @SuppressWarnings('UnusedPrivateField') // bug in codenarc
   private final List<StatsBucket> payloads = []
@@ -19,6 +20,7 @@ class RecordingDatastreamsPayloadWriter implements DatastreamsPayloadWriter {
 
   @Override
   synchronized void writePayload(Collection<StatsBucket> data) {
+    log.info("payload written - {}", data)
     this.@payloads.addAll(data)
     data.each { this.@groups.addAll(it.groups) }
     for (StatsBucket bucket : data) {
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/server/http/TestHttpServer.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/server/http/TestHttpServer.groovy
index be61e024468..1a9d89f63e4 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/server/http/TestHttpServer.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/server/http/TestHttpServer.groovy
@@ -55,6 +55,7 @@ class TestHttpServer implements AutoCloseable {
 
   private final Server internalServer
   private HandlersSpec handlers
+  private Closure customizer =  {}
 
   public String keystorePath
   private URI address
@@ -121,6 +122,8 @@ class TestHttpServer implements AutoCloseable {
         https.setPort(0)
         internalServer.addConnector(https)
 
+        customizer.call(internalServer)
+
         internalServer.start()
         // set after starting, otherwise two callbacks get added.
         internalServer.stopAtShutdown = true
@@ -194,6 +197,10 @@ class TestHttpServer implements AutoCloseable {
     return last.get()
   }
 
+  void customizer(Closure<Closure> spec) {
+    this.customizer = spec.call()
+  }
+
   void handlers(@DelegatesTo(value = HandlersSpec, strategy = Closure.DELEGATE_FIRST) Closure spec) {
     assert handlers == null: "handlers already defined"
     handlers = new HandlersSpec()
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/timer/TestTimer.groovy b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/timer/TestTimer.groovy
index 88faecac054..da57d9db2d5 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/timer/TestTimer.groovy
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/timer/TestTimer.groovy
@@ -1,5 +1,6 @@
 package datadog.trace.agent.test.timer
 
+import datadog.trace.bootstrap.instrumentation.api.TaskWrapper
 import datadog.trace.api.profiling.QueueTiming
 import datadog.trace.api.profiling.Timer
 import datadog.trace.api.profiling.Timing
@@ -47,8 +48,8 @@ class TestTimer implements Timer {
     }
 
     @Override
-    void setTask(Class<?> task) {
-      this.task = task
+    void setTask(Object task) {
+      this.task = TaskWrapper.getUnwrappedType(task)
     }
 
     @Override
diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/PortUtils.java b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/PortUtils.java
index 97c6b0f550c..3f57d25666a 100644
--- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/PortUtils.java
+++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/PortUtils.java
@@ -114,12 +114,8 @@ public static void waitForPortToOpen(
         throw new RuntimeException("Interrupted while waiting for " + port + " to be opened");
       }
 
-      // Note: we should have used `process.isAlive()` here but it is java8 only
-      try {
-        process.exitValue();
+      if (!process.isAlive()) {
         throw new RuntimeException("Process died before port " + port + " was opened");
-      } catch (final IllegalThreadStateException e) {
-        // process is still alive, things are good.
       }
 
       if (isPortOpen(port)) {
diff --git a/dd-java-agent/testing/src/test/groovy/server/HttpServerTest.groovy b/dd-java-agent/testing/src/test/groovy/server/HttpServerTest.groovy
index a7bff72db73..3748330b054 100644
--- a/dd-java-agent/testing/src/test/groovy/server/HttpServerTest.groovy
+++ b/dd-java-agent/testing/src/test/groovy/server/HttpServerTest.groovy
@@ -68,7 +68,7 @@ class HttpServerTest extends AgentTestRunner {
 
     then:
     clientResponse.code() == 404
-    clientResponse.body().string().contains("<title>Error 404 </title>")
+    clientResponse.body().string().contains("<title>Error 404")
 
     cleanup:
     server.stop()
diff --git a/dd-smoke-tests/appsec/springboot-security/src/main/java/datadog/smoketest/appsec/springbootsecurity/WebSecurityConfig.java b/dd-smoke-tests/appsec/springboot-security/src/main/java/datadog/smoketest/appsec/springbootsecurity/WebSecurityConfig.java
index 20b341ee843..819244a520a 100644
--- a/dd-smoke-tests/appsec/springboot-security/src/main/java/datadog/smoketest/appsec/springbootsecurity/WebSecurityConfig.java
+++ b/dd-smoke-tests/appsec/springboot-security/src/main/java/datadog/smoketest/appsec/springbootsecurity/WebSecurityConfig.java
@@ -3,9 +3,14 @@
 import javax.sql.DataSource;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.DependsOn;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.jdbc.datasource.init.DataSourceInitializer;
+import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
@@ -36,7 +41,27 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
   }
 
   @Bean
+  @DependsOn("dataSource")
+  public DataSourceInitializer dataSourceInitializer() {
+    ResourceDatabasePopulator populator = new ResourceDatabasePopulator();
+    populator.addScript(new ClassPathResource("schema.sql"));
+
+    DataSourceInitializer initializer = new DataSourceInitializer();
+    initializer.setDataSource(dataSource);
+    initializer.setDatabasePopulator(populator);
+
+    return initializer;
+  }
+
+  @Bean
+  @DependsOn("dataSourceInitializer")
   public UserDetailsManager userDetailsService() {
-    return new JdbcUserDetailsManager(dataSource);
+    UserDetailsManager userDetailsManager = new JdbcUserDetailsManager(dataSource);
+
+    // Create some default for case when user creation happens outside request
+    userDetailsManager.createUser(
+        User.withUsername("default_user").password("{noop}").roles("USER").build());
+
+    return userDetailsManager;
   }
 }
diff --git a/dd-smoke-tests/appsec/springboot-security/src/main/resources/application.properties b/dd-smoke-tests/appsec/springboot-security/src/main/resources/application.properties
index 88fe6c2784b..7f052cabbea 100644
--- a/dd-smoke-tests/appsec/springboot-security/src/main/resources/application.properties
+++ b/dd-smoke-tests/appsec/springboot-security/src/main/resources/application.properties
@@ -1,6 +1,8 @@
 spring.datasource.url=jdbc:h2:mem:authDB;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=sa
 spring.datasource.password=
+# DB Initialization happens in WebSecurityConfig.dataSourceInitializer()
+spring.sql.init.enabled=false
 
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
 spring.jpa.hibernate.ddl-auto=update
diff --git a/dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy b/dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy
index 7098194913c..a129f481c55 100644
--- a/dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy
+++ b/dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy
@@ -1,19 +1,68 @@
 package datadog.smoketest.appsec
 
 import datadog.trace.agent.test.utils.ThreadUtils
+import groovy.json.JsonGenerator
+import groovy.json.JsonSlurper
 import okhttp3.MediaType
 import okhttp3.Request
 import okhttp3.RequestBody
+import org.apache.commons.io.IOUtils
+import spock.lang.Shared
+
+import java.nio.charset.StandardCharsets
+import java.util.jar.JarFile
 
 class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {
+
+  @Shared
+  String buildDir = new File(System.getProperty("datadog.smoketest.builddir")).absolutePath
+  @Shared
+  String customRulesPath = "${buildDir}/appsec_custom_rules.json"
+
+  def prepareCustomRules() {
+    // Prepare ruleset with additional test rules
+    final jarFile = new JarFile(shadowJarPath)
+    final zipEntry = jarFile.getEntry("appsec/default_config.json")
+    final content = IOUtils.toString(jarFile.getInputStream(zipEntry), StandardCharsets.UTF_8)
+    final json = new JsonSlurper().parseText(content) as Map<String, Object>
+    final rules = json.rules as List<Map<String, Object>>
+    rules.add([
+      id: '__test_request_body_block',
+      name: 'test rule to block on request body',
+      tags: [
+        type: 'test',
+        category: 'test',
+        confidence: '1',
+      ],
+      conditions: [
+        [
+          parameters: [
+            inputs: [ [ address: 'server.request.body' ] ],
+            regex: 'dd-test-request-body-block',
+          ],
+          operator: 'match_regex',
+        ]
+      ],
+      transformers: [],
+      on_match: [ 'block' ]
+    ])
+    final gen = new JsonGenerator.Options().build()
+    IOUtils.write(gen.toJson(json), new FileOutputStream(customRulesPath, false), StandardCharsets.UTF_8)
+  }
+
   @Override
   ProcessBuilder createProcessBuilder() {
+    // We run this here to ensure it runs before starting the process. Child setupSpec runs after parent setupSpec,
+    // so it is not a valid location.
+    prepareCustomRules()
+
     String springBootShadowJar = System.getProperty("datadog.smoketest.appsec.springboot.shadowJar.path")
 
     List<String> command = new ArrayList<>()
     command.add(javaPath())
     command.addAll(defaultJavaProperties)
     command.addAll(defaultAppSecProperties)
+    command.add("-Ddd.appsec.rules=${customRulesPath}" as String)
     command.addAll((String[]) ["-jar", springBootShadowJar, "--server.port=${httpPort}"])
 
     ProcessBuilder processBuilder = new ProcessBuilder(command)
@@ -137,7 +186,7 @@ class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {
     String url = "http://localhost:${httpPort}/greeting"
     def request = new Request.Builder()
       .url(url)
-      .post(RequestBody.create(MediaType.parse('application/x-www-form-urlencoded'), 'k=ADKMFFpndcwHNnr2MW9W'))
+      .post(RequestBody.create(MediaType.parse('application/x-www-form-urlencoded'), 'd=dd-test-request-body-block'))
       .build()
     def response = client.newCall(request).execute()
     def responseBodyStr = response.body().string()
@@ -152,7 +201,7 @@ class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {
     then:
     rootSpans.size() == 1
     forEachRootSpanTrigger {
-      assert it['rule']['id'] == '__troubleshooting_rule'
+      assert it['rule']['id'] == '__test_request_body_block'
     }
     rootSpans.each {
       assert it.meta.get('appsec.blocked') != null, 'appsec.blocked is not set'
diff --git a/dd-smoke-tests/armeria-grpc/application/.gitignore b/dd-smoke-tests/armeria-grpc/application/.gitignore
new file mode 100644
index 00000000000..886895e9340
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/.gitignore
@@ -0,0 +1,9 @@
+# Ignore all project specific gradle directories/files
+.gradle
+gradle
+build
+gradlew
+gradlew.bat
+.idea
+
+
diff --git a/dd-smoke-tests/armeria-grpc/application/build.gradle b/dd-smoke-tests/armeria-grpc/application/build.gradle
new file mode 100644
index 00000000000..b517c4a2103
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/build.gradle
@@ -0,0 +1,75 @@
+buildscript {
+  dependencies {
+    classpath 'com.google.protobuf:protobuf-gradle-plugin:0.9.3'
+  }
+}
+
+plugins {
+  id 'application'
+  id 'java'
+  id "com.diffplug.spotless" version "6.11.0"
+  id "com.github.johnrengelman.shadow" version "7.1.2"
+  id 'com.google.protobuf' version '0.9.3'
+}
+
+def sharedRootDir = "$rootDir/../../../"
+def sharedConfigDirectory = "$sharedRootDir/gradle"
+rootProject.ext.sharedConfigDirectory = sharedConfigDirectory
+
+apply from: "$sharedConfigDirectory/repositories.gradle"
+apply from: "$sharedConfigDirectory/spotless.gradle"
+
+if (hasProperty('appBuildDir')) {
+  buildDir = property('appBuildDir')
+}
+
+version = ""
+
+protobuf {
+  // Configure the protoc executable.
+  protoc {
+    // Same version as the transitive protobuf-java included in armeria
+    artifact = 'com.google.protobuf:protoc:3.19.2'
+  }
+
+  // Locate the codegen plugins.
+  plugins {
+    // Locate a plugin with name 'grpc'.
+    grpc {
+      // Download from the repository.
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.56.0'
+    }
+  }
+  generateProtoTasks {
+    ofSourceSet('main')*.plugins {
+      grpc {}
+    }
+  }
+}
+
+shadowJar {
+  configurations = [project.configurations.runtimeClasspath]
+}
+
+dependencies {
+  // Adjust the list as you need.
+  ['armeria', 'armeria-grpc', 'armeria-logback'].each {
+    implementation "com.linecorp.armeria:${it}:1.16.0"
+  }
+
+  compileOnly 'javax.annotation:javax.annotation-api:1.3.2'
+
+  // Logging
+  runtimeOnly 'ch.qos.logback:logback-classic:1.4.7'
+  runtimeOnly 'org.slf4j:log4j-over-slf4j:1.7.36'
+
+  if (hasProperty('apiJar')) {
+    implementation files(property('apiJar'))
+  } else {
+    implementation "com.datadoghq:dd-trace-api:+"
+  }
+}
+
+application {
+  mainClass.set('datadog.smoketest.Main')
+}
diff --git a/dd-smoke-tests/armeria-grpc/application/settings.gradle b/dd-smoke-tests/armeria-grpc/application/settings.gradle
new file mode 100644
index 00000000000..6ec6749fcad
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/settings.gradle
@@ -0,0 +1,22 @@
+pluginManagement {
+  repositories {
+    mavenLocal()
+    mavenCentral()
+    gradlePluginPortal()
+  }
+}
+
+def isCI = System.getenv("CI") != null
+
+// Don't pollute the dependency cache with the build cache
+if (isCI) {
+  def sharedRootDir = "$rootDir/../../../"
+  buildCache {
+    local {
+      // This needs to line up with the code in the outer project settings.gradle
+      directory = "$sharedRootDir/workspace/build-cache"
+    }
+  }
+}
+
+rootProject.name='armeria-smoketest'
diff --git a/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/HelloServiceImpl.java b/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/HelloServiceImpl.java
new file mode 100644
index 00000000000..9ef1147dfb8
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/HelloServiceImpl.java
@@ -0,0 +1,24 @@
+package datadog.smoketest;
+
+import datadog.armeria.grpc.Hello.HelloReply;
+import datadog.armeria.grpc.Hello.HelloRequest;
+import datadog.armeria.grpc.HelloServiceGrpc;
+import datadog.trace.api.GlobalTracer;
+import datadog.trace.api.Tracer;
+import io.grpc.stub.StreamObserver;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class HelloServiceImpl extends HelloServiceGrpc.HelloServiceImplBase {
+  private static final Logger log = LoggerFactory.getLogger(HelloServiceImpl.class);
+
+  @Override
+  public void hello(HelloRequest request, StreamObserver<HelloReply> responseObserver) {
+    Tracer tracer = GlobalTracer.get();
+    log.info("TT|" + tracer.getTraceId() + "|TS|" + tracer.getSpanId());
+
+    String message = "Hello " + request.getName() + "!";
+    responseObserver.onNext(HelloReply.newBuilder().setMessage(message).build());
+    responseObserver.onCompleted();
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/IastServiceImpl.java b/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/IastServiceImpl.java
new file mode 100644
index 00000000000..6af91efad9a
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/IastServiceImpl.java
@@ -0,0 +1,31 @@
+package datadog.smoketest;
+
+import datadog.armeria.grpc.Iast.Request;
+import datadog.armeria.grpc.Iast.Request.Type;
+import datadog.armeria.grpc.Iast.Response;
+import datadog.armeria.grpc.IastServiceGrpc;
+import io.grpc.stub.StreamObserver;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+public class IastServiceImpl extends IastServiceGrpc.IastServiceImplBase {
+
+  @Override
+  public void serverSideRequestForgery(
+      final Request request, final StreamObserver<Response> responseObserver) {
+    if (request.getType() != Type.URL) {
+      responseObserver.onError(new IllegalArgumentException("Invalid type for request"));
+    } else {
+      try {
+        final URL target = new URL(request.getUrl().getValue());
+        final HttpURLConnection conn = (HttpURLConnection) target.openConnection();
+        conn.disconnect();
+        Response response = Response.newBuilder().setMessage("SSRF triggered").build();
+        responseObserver.onNext(response);
+        responseObserver.onCompleted();
+      } catch (final Exception e) {
+        responseObserver.onError(e);
+      }
+    }
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/Main.java b/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/Main.java
new file mode 100644
index 00000000000..b0a9b80fcfd
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/src/main/java/datadog/smoketest/Main.java
@@ -0,0 +1,31 @@
+package datadog.smoketest;
+
+import com.linecorp.armeria.common.grpc.GrpcSerializationFormats;
+import com.linecorp.armeria.server.Server;
+import com.linecorp.armeria.server.ServerBuilder;
+import com.linecorp.armeria.server.grpc.GrpcService;
+import io.grpc.protobuf.services.ProtoReflectionService;
+import java.util.concurrent.CompletableFuture;
+
+public class Main {
+  public static void main(String[] args) {
+    int port = Integer.parseInt(System.getProperty("armeria.http.port", "8080"));
+
+    ServerBuilder sb = Server.builder();
+    sb.http(port);
+
+    GrpcService grpcService =
+        GrpcService.builder()
+            .addService(new HelloServiceImpl())
+            .addService(new IastServiceImpl())
+            .addService(ProtoReflectionService.newInstance())
+            .supportedSerializationFormats(GrpcSerializationFormats.values())
+            .enableUnframedRequests(true)
+            .build();
+    sb.service(grpcService);
+
+    Server server = sb.build();
+    CompletableFuture<Void> future = server.start();
+    future.join();
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/application/src/main/proto/hello.proto b/dd-smoke-tests/armeria-grpc/application/src/main/proto/hello.proto
new file mode 100644
index 00000000000..e03a1b1475f
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/src/main/proto/hello.proto
@@ -0,0 +1,21 @@
+syntax = "proto3";
+
+package datadog.grpc.hello;
+option java_package = "datadog.armeria.grpc";
+
+service HelloService {
+  rpc Hello (HelloRequest) returns (HelloReply) {}
+  rpc LazyHello (HelloRequest) returns (HelloReply) {}
+  rpc BlockingHello (HelloRequest) returns (HelloReply) {}
+  rpc LotsOfReplies (HelloRequest) returns (stream HelloReply) {}
+  rpc LotsOfGreetings (stream HelloRequest) returns (HelloReply) {}
+  rpc BidiHello (stream HelloRequest) returns (stream HelloReply) {}
+}
+
+message HelloRequest {
+  string name = 1;
+}
+
+message HelloReply {
+  string message = 1;
+}
diff --git a/dd-smoke-tests/armeria-grpc/application/src/main/proto/iast.proto b/dd-smoke-tests/armeria-grpc/application/src/main/proto/iast.proto
new file mode 100644
index 00000000000..20ea79f769f
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/src/main/proto/iast.proto
@@ -0,0 +1,27 @@
+syntax = "proto3";
+
+package datadog.grpc.iast;
+option java_package = "datadog.armeria.grpc";
+
+service IastService {
+  rpc ServerSideRequestForgery (Request) returns (Response) { }
+}
+
+message Request {
+  enum Type{
+    URL = 0;
+  }
+
+  message Url {
+    string value = 1;
+  }
+
+  Type type = 1;
+  oneof payload {
+    Url url = 2;
+  }
+}
+
+message Response {
+  string message = 1;
+}
diff --git a/dd-smoke-tests/armeria-grpc/application/src/main/resources/logback.xml b/dd-smoke-tests/armeria-grpc/application/src/main/resources/logback.xml
new file mode 100644
index 00000000000..3bf5e3f6159
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/application/src/main/resources/logback.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - |MT|%X{dd.trace_id}|MS|%X{dd.span_id}|%m%n</pattern>
+    </encoder>
+  </appender>
+
+  <root level="INFO">
+    <appender-ref ref="CONSOLE"/>
+  </root>
+</configuration>
diff --git a/dd-smoke-tests/armeria-grpc/build.gradle b/dd-smoke-tests/armeria-grpc/build.gradle
new file mode 100644
index 00000000000..34269915845
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/build.gradle
@@ -0,0 +1,101 @@
+plugins {
+  id 'com.google.protobuf' version '0.9.3'
+}
+
+ext {
+  minJavaVersionForTests = JavaVersion.VERSION_17
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+sourceSets {
+  main {
+    proto {
+      // In addition to the default 'src/main/proto'
+      srcDir 'application/src/main/proto'
+    }
+  }
+}
+
+protobuf {
+  // Configure the protoc executable.
+  protoc {
+    // Download from the repository.
+    artifact = 'com.google.protobuf:protoc:3.22.3'
+  }
+
+  // Locate the codegen plugins.
+  plugins {
+    // Locate a plugin with name 'grpc'.
+    grpc {
+      // Download from the repository.
+      artifact = 'io.grpc:protoc-gen-grpc-java:1.56.0'
+    }
+  }
+  generateProtoTasks {
+    ofSourceSet('main')*.plugins {
+      grpc {}
+    }
+  }
+}
+
+dependencies {
+  testImplementation project(':dd-smoke-tests')
+
+  implementation 'io.grpc:grpc-protobuf:1.56.0'
+  implementation 'io.grpc:grpc-stub:1.56.0'
+  testRuntimeOnly 'io.grpc:grpc-netty-shaded:1.56.0'
+  testCompileOnly 'org.apache.tomcat:annotations-api:6.0.53' // necessary for Java 9+
+  testImplementation(testFixtures(project(":dd-smoke-tests:iast-util")))
+}
+
+def appDir = "$projectDir/application"
+def appBuildDir = "$buildDir/application"
+def isWindows = System.getProperty("os.name").toLowerCase().contains("win")
+def gradlewCommand = isWindows ? 'gradlew.bat' : 'gradlew'
+
+// define the task that builds the armeria project
+tasks.register('armeriaBuild', Exec) {
+  workingDir "$appDir"
+  def toolchain17 = getJavaLauncherFor(17).get()
+  environment += ["GRADLE_OPTS": "-Dorg.gradle.jvmargs='-Xmx512M'", "JAVA_HOME": "$toolchain17.metadata.installationPath"]
+  commandLine "${rootDir}/${gradlewCommand}", "build", "--no-daemon", "--max-workers=4", "-PappBuildDir=$appBuildDir", "-PapiJar=${project(':dd-trace-api').tasks.jar.archiveFile.get()}"
+
+  outputs.cacheIf { true }
+
+  outputs.dir(appBuildDir)
+    .withPropertyName("applicationJar")
+
+  inputs.files(fileTree(appDir) {
+    include '**/*'
+    exclude '.gradle/**'
+  })
+  .withPropertyName("application")
+  .withPathSensitivity(PathSensitivity.RELATIVE)
+}
+
+evaluationDependsOn ':dd-trace-api'
+armeriaBuild {
+  dependsOn project(':dd-trace-api').tasks.named("jar")
+}
+
+tasks.named("compileTestGroovy").configure {
+  dependsOn 'armeriaBuild'
+  outputs.upToDateWhen {
+    !armeriaBuild.didWork
+  }
+}
+
+tasks.withType(Test).configureEach {
+  jvmArgs "-Ddatadog.smoketest.armeria.uberJar.path=$appBuildDir/libs/armeria-smoketest-all.jar"
+}
+
+spotless {
+  java {
+    target "**/*.java"
+  }
+
+  groovyGradle {
+    target '*.gradle', "**/*.gradle"
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/ArmeriaGrpcClient.groovy b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/ArmeriaGrpcClient.groovy
new file mode 100644
index 00000000000..5e6212b73ea
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/ArmeriaGrpcClient.groovy
@@ -0,0 +1,34 @@
+package datadog.smoketest
+
+import datadog.armeria.grpc.Hello.HelloReply
+import datadog.armeria.grpc.Hello.HelloRequest
+import datadog.armeria.grpc.HelloServiceGrpc
+import io.grpc.ManagedChannelBuilder
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class ArmeriaGrpcClient {
+  private static final Logger LOG = LoggerFactory.getLogger(ArmeriaGrpcClient)
+
+  HelloServiceGrpc.HelloServiceBlockingStub blockingStub
+  HelloServiceGrpc.HelloServiceFutureStub futureStub
+  HelloServiceGrpc.HelloServiceStub asyncStub
+
+  ArmeriaGrpcClient(String host, int port) {
+    this(ManagedChannelBuilder.forAddress(host, port).usePlaintext())
+    LOG.error("Connecting to {}:{}", host, port)
+  }
+
+  /** Construct client for accessing RouteGuide server using the existing channel. */
+  ArmeriaGrpcClient(ManagedChannelBuilder<?> channelBuilder) {
+    def channel = channelBuilder.build()
+    blockingStub = HelloServiceGrpc.newBlockingStub(channel)
+    futureStub = HelloServiceGrpc.newFutureStub(channel)
+    asyncStub = HelloServiceGrpc.newStub(channel)
+  }
+
+  HelloReply hello(int i) {
+    HelloRequest request = HelloRequest.newBuilder().setName(i.toString()).build()
+    return blockingStub.hello(request)
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/ArmeriaSmokeTest.groovy b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/ArmeriaSmokeTest.groovy
new file mode 100644
index 00000000000..afe49bcd14e
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/ArmeriaSmokeTest.groovy
@@ -0,0 +1,94 @@
+package datadog.smoketest
+
+
+import datadog.armeria.grpc.Hello
+import datadog.trace.agent.test.utils.ThreadUtils
+import spock.lang.Shared
+
+import java.util.concurrent.ThreadLocalRandom
+import java.util.regex.Pattern
+
+class ArmeriaSmokeTest extends AbstractServerSmokeTest {
+
+  @Override
+  ProcessBuilder createProcessBuilder() {
+    String armeriaUberJar = System.getProperty("datadog.smoketest.armeria.uberJar.path")
+
+    List<String> command = new ArrayList<>()
+    command.add(javaPath())
+    command.addAll(defaultJavaProperties)
+    command.addAll((String[]) [
+      "-Ddd.writer.type=MultiWriter:TraceStructureWriter:${output.getAbsolutePath()},DDAgentWriter",
+      "-Darmeria.http.port=${httpPort}",
+      "-Dcom.linecorp.armeria.verboseResponses=true",
+      "-jar",
+      armeriaUberJar
+    ])
+    ProcessBuilder processBuilder = new ProcessBuilder(command)
+    processBuilder.directory(new File(buildDirectory))
+  }
+
+  @Override
+  File createTemporaryFile() {
+    return new File("${buildDirectory}/tmp/trace-structure-armeria.out")
+  }
+
+  @Override
+  protected Set<String> expectedTraces() {
+    return [].toSet()
+  }
+
+  @Shared
+  int totalInvocations = 100
+
+  @Shared
+  String endpointName = ""
+
+  @Shared
+  ArmeriaGrpcClient armeriaGrpcClient = new ArmeriaGrpcClient("localhost", httpPort)
+
+  def "get welcome endpoint in parallel"() {
+    expect:
+    // Do one request before to initialize the server
+    doAndValidateRequest(1)
+    ThreadUtils.runConcurrently(10, totalInvocations - 1, {
+      def id = ThreadLocalRandom.current().nextInt(1, 4711)
+      doAndValidateRequest(id)
+    })
+    waitForTraceCount(totalInvocations) >= totalInvocations
+    validateLogInjection() == totalInvocations
+    checkLogPostExit()
+    !logHasErrors
+  }
+
+  void doAndValidateRequest(int id) {
+    Hello.HelloReply response = armeriaGrpcClient.hello(id)
+    assert response.getMessage() == "Hello $id!"
+  }
+
+  int validateLogInjection() {
+    BufferedReader reader = new BufferedReader(new FileReader(new File(logFilePath)))
+    int lines = 0
+    try {
+      String line = reader.readLine()
+      while (null != line) {
+        if (line.contains("|TT|")) {
+          lines++
+          def parts = line.split(Pattern.quote("|"))
+          def mdcTraceId = parts[2]
+          def mdcSpanId = parts[4]
+          def tracerTraceId = parts[6]
+          def tracerSpanId = parts[8]
+          assert tracerTraceId != ""
+          assert mdcTraceId == tracerTraceId
+          assert tracerSpanId != ""
+          assert mdcSpanId == tracerSpanId
+        }
+        line = reader.readLine()
+      }
+    } finally {
+      reader.close()
+    }
+    return lines
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/IastArmeriaGrpcClient.groovy b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/IastArmeriaGrpcClient.groovy
new file mode 100644
index 00000000000..8e2c7d7470d
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/IastArmeriaGrpcClient.groovy
@@ -0,0 +1,33 @@
+package datadog.smoketest
+
+import datadog.armeria.grpc.Iast
+import datadog.armeria.grpc.IastServiceGrpc
+import io.grpc.ManagedChannelBuilder
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class IastArmeriaGrpcClient {
+
+  private static final Logger LOG = LoggerFactory.getLogger(IastArmeriaGrpcClient)
+
+  IastServiceGrpc.IastServiceBlockingStub blockingStub
+  IastServiceGrpc.IastServiceFutureStub futureStub
+  IastServiceGrpc.IastServiceStub asyncStub
+
+  IastArmeriaGrpcClient(String host, int port) {
+    this(ManagedChannelBuilder.forAddress(host, port).usePlaintext())
+    LOG.error("Connecting to {}:{}", host, port)
+  }
+
+  /** Construct client for accessing RouteGuide server using the existing channel. */
+  IastArmeriaGrpcClient(ManagedChannelBuilder<?> channelBuilder) {
+    def channel = channelBuilder.build()
+    blockingStub = IastServiceGrpc.newBlockingStub(channel)
+    futureStub = IastServiceGrpc.newFutureStub(channel)
+    asyncStub = IastServiceGrpc.newStub(channel)
+  }
+
+  Iast.Response ssrf(Iast.Request request) {
+    return blockingStub.serverSideRequestForgery(request)
+  }
+}
diff --git a/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/IastArmeriaSmokeTest.groovy b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/IastArmeriaSmokeTest.groovy
new file mode 100644
index 00000000000..f5a76df9cb9
--- /dev/null
+++ b/dd-smoke-tests/armeria-grpc/src/test/groovy/datadog/smoketest/IastArmeriaSmokeTest.groovy
@@ -0,0 +1,52 @@
+package datadog.smoketest
+
+import datadog.armeria.grpc.Iast
+import spock.lang.Shared
+
+import static datadog.trace.api.config.IastConfig.*
+
+class IastArmeriaSmokeTest extends AbstractIastServerSmokeTest {
+
+  @Shared
+  IastArmeriaGrpcClient armeriaGrpcClient = new IastArmeriaGrpcClient("localhost", httpPort)
+
+  @Override
+  ProcessBuilder createProcessBuilder() {
+    final jarPath = System.getProperty('datadog.smoketest.armeria.uberJar.path')
+    List<String> command = []
+    command.add(javaPath())
+    command.addAll(defaultJavaProperties)
+    command.addAll((String[]) [
+      withSystemProperty(IAST_ENABLED, true),
+      withSystemProperty(IAST_DETECTION_MODE, 'FULL'),
+      withSystemProperty(IAST_DEBUG_ENABLED, true),
+      "-Darmeria.http.port=${httpPort}",
+      "-Dcom.linecorp.armeria.verboseResponses=true",
+      '-jar',
+      jarPath
+    ])
+
+    final processBuilder = new ProcessBuilder(command)
+    processBuilder.directory(new File(buildDirectory))
+    return processBuilder
+  }
+
+  void 'test SSRF detection'() {
+    setup:
+    final url = 'https://dd.datad0g.com/'
+    final request = Iast.Request.newBuilder().setType(Iast.Request.Type.URL)
+      .setUrl(Iast.Request.Url.newBuilder().setValue(url).build()).build()
+
+    when:
+    final resp = armeriaGrpcClient.ssrf(request)
+
+    then:
+    resp != null
+    hasTainted {tainted ->
+      tainted.value == url &&
+        tainted.ranges[0].source.name == 'root.payload_.value_' &&
+        tainted.ranges[0].source.origin == 'grpc.request.body'
+    }
+    hasVulnerability { vul -> vul.type == 'SSRF' }
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/DebuggerTestApplication.java b/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/DebuggerTestApplication.java
index dd48923e1d7..b9205e16a4f 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/DebuggerTestApplication.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/DebuggerTestApplication.java
@@ -8,6 +8,7 @@
 import java.lang.management.OperatingSystemMXBean;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.function.Consumer;
 
 public class DebuggerTestApplication {
   private static final String LOG_FILENAME = System.getenv().get("DD_LOG_FILE");
@@ -20,13 +21,13 @@ public static void main(String[] args) throws Exception {
 }
 
 class Main {
-  private static final Map<String, Runnable> methodsByName = new HashMap<>();
+  private static final Map<String, Consumer<String>> methodsByName = new HashMap<>();
   private static final String LOG_FILENAME = System.getenv().get("DD_LOG_FILE");
 
   static void run(String[] args) throws Exception {
     registerMethods();
     String methodName = args[0];
-    Runnable method = methodsByName.get(methodName);
+    Consumer<String> method = methodsByName.get(methodName);
     if (method == null) {
       throw new RuntimeException("cannot find method: " + methodName);
     }
@@ -34,7 +35,7 @@ static void run(String[] args) throws Exception {
     System.out.println("Waiting for instrumentation...");
     waitForInstrumentation(LOG_FILENAME, Main.class.getName());
     System.out.println("Executing method: " + methodName);
-    method.run();
+    method.accept(args.length > 2 ? args[2] : null);
     System.out.println("Executed");
     waitForUpload(LOG_FILENAME, expectedUploads);
     System.out.println("Exiting...");
@@ -45,16 +46,17 @@ private static void registerMethods() {
     methodsByName.put("managementMethod", Main::managementMethod);
     methodsByName.put("fullMethod", Main::runFullMethod);
     methodsByName.put("multiProbesFullMethod", Main::runFullMethod);
+    methodsByName.put("loopingFullMethod", Main::runLoopingFullMethod);
   }
 
-  private static void emptyMethod() {}
+  private static void emptyMethod(String arg) {}
 
-  private static void managementMethod() {
+  private static void managementMethod(String arg) {
     OperatingSystemMXBean operatingSystemMXBean = ManagementFactory.getOperatingSystemMXBean();
     System.out.println(operatingSystemMXBean.getAvailableProcessors());
   }
 
-  private static void runFullMethod() {
+  private static void runFullMethod(String arg) {
     Map<String, String> map = new HashMap<>();
     map.put("key1", "val1");
     map.put("key2", "val2");
@@ -62,6 +64,16 @@ private static void runFullMethod() {
     fullMethod(42, "foobar", 3.42, map, "var1", "var2", "var3");
   }
 
+  private static void runLoopingFullMethod(String arg) {
+    Map<String, String> map = new HashMap<>();
+    map.put("key1", "val1");
+    map.put("key2", "val2");
+    map.put("key3", "val3");
+    for (int i = 0; i < Integer.parseInt(arg); i++) {
+      fullMethod(42, "foobar", 3.42, map, "var1", "var2", "var3");
+    }
+  }
+
   private static String fullMethod(
       int argInt, String argStr, double argDouble, Map<String, String> argMap, String... argVar) {
     try {
diff --git a/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/ServerDebuggerTestApplication.java b/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/ServerDebuggerTestApplication.java
index 797d08b554e..9e4120c810c 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/ServerDebuggerTestApplication.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/ServerDebuggerTestApplication.java
@@ -1,8 +1,10 @@
 package datadog.smoketest.debugger;
 
+import datadog.trace.api.Trace;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.function.Consumer;
 import okhttp3.HttpUrl;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
@@ -17,7 +19,7 @@
 public class ServerDebuggerTestApplication {
   private static final MockResponse EMPTY_HTTP_200 = new MockResponse().setResponseCode(200);
   private static final String LOG_FILENAME = System.getenv().get("DD_LOG_FILE");
-  private static final Map<String, Runnable> methodsByName = new HashMap<>();
+  private static final Map<String, Consumer<String>> methodsByName = new HashMap<>();
   private final MockWebServer webServer = new MockWebServer();
   private final String controlServerUrl;
   private final OkHttpClient httpClient = new OkHttpClient();
@@ -37,6 +39,9 @@ public static void main(String[] args) throws Exception {
 
   public static void registerMethods() {
     methodsByName.put("fullMethod", ServerDebuggerTestApplication::runFullMethod);
+    methodsByName.put("tracedMethod", ServerDebuggerTestApplication::runTracedMethod);
+    methodsByName.put("loopingFullMethod", ServerDebuggerTestApplication::runLoopingFullMethod);
+    methodsByName.put("loopingTracedMethod", ServerDebuggerTestApplication::runLoopingTracedMethod);
   }
 
   public ServerDebuggerTestApplication(String controlServerUrl) {
@@ -70,7 +75,7 @@ protected void stop() {
   }
 
   protected void waitForInstrumentation(String className) {
-    System.out.println("waitForInstrumentation on " + className);
+    System.out.println("waitForInstrumentation on " + className + " from: " + lastMatchedLine);
     try {
       lastMatchedLine =
           TestApplicationHelper.waitForInstrumentation(LOG_FILENAME, className, lastMatchedLine);
@@ -91,17 +96,17 @@ protected void waitForReTransformation(String className) {
     }
   }
 
-  protected void execute(String methodName) {
-    Runnable method = methodsByName.get(methodName);
+  protected void execute(String methodName, String arg) {
+    Consumer<String> method = methodsByName.get(methodName);
     if (method == null) {
       throw new RuntimeException("cannot find method: " + methodName);
     }
     System.out.println("Executing method: " + methodName);
-    method.run();
+    method.accept(arg);
     System.out.println("Executed");
   }
 
-  private static void runFullMethod() {
+  private static void runFullMethod(String arg) {
     Map<String, String> map = new HashMap<>();
     map.put("key1", "val1");
     map.put("key2", "val2");
@@ -109,6 +114,31 @@ private static void runFullMethod() {
     fullMethod(42, "foobar", 3.42, map, "var1", "var2", "var3");
   }
 
+  private static void runLoopingFullMethod(String arg) {
+    Map<String, String> map = new HashMap<>();
+    map.put("key1", "val1");
+    map.put("key2", "val2");
+    map.put("key3", "val3");
+    for (int i = 0; i < Integer.parseInt(arg); i++) {
+      fullMethod(42, "foobar", 3.42, map, "var1", "var2", "var3");
+    }
+  }
+
+  @Trace
+  private static void runTracedMethod(String arg) {
+    Map<String, String> map = new HashMap<>();
+    map.put("key1", "val1");
+    map.put("key2", "val2");
+    map.put("key3", "val3");
+    tracedMethod(42, "foobar", 3.42, map, "var1", "var2", "var3");
+  }
+
+  private static void runLoopingTracedMethod(String arg) {
+    for (int i = 0; i < Integer.parseInt(arg); i++) {
+      runTracedMethod(arg);
+    }
+  }
+
   private static String fullMethod(
       int argInt, String argStr, double argDouble, Map<String, String> argMap, String... argVar) {
     try {
@@ -127,6 +157,24 @@ private static String fullMethod(
     }
   }
 
+  private static String tracedMethod(
+      int argInt, String argStr, double argDouble, Map<String, String> argMap, String... argVar) {
+    try {
+      return argInt
+          + ", "
+          + argStr
+          + ", "
+          + argDouble
+          + ", "
+          + argMap
+          + ", "
+          + String.join(",", argVar);
+    } catch (Exception ex) {
+      ex.printStackTrace();
+      return null;
+    }
+  }
+
   private static class AppDispatcher extends Dispatcher {
     private final ServerDebuggerTestApplication app;
 
@@ -153,7 +201,8 @@ public MockResponse dispatch(RecordedRequest request) throws InterruptedExceptio
         case "/app/execute":
           {
             String methodName = request.getRequestUrl().queryParameter("methodname");
-            app.execute(methodName);
+            String arg = request.getRequestUrl().queryParameter("arg");
+            app.execute(methodName, arg);
             break;
           }
         case "/app/stop":
diff --git a/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/TestApplicationHelper.java b/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/TestApplicationHelper.java
index a45fe805509..20e130339a2 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/TestApplicationHelper.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/main/java/datadog/smoketest/debugger/TestApplicationHelper.java
@@ -86,6 +86,11 @@ public static String waitForReTransformation(
   }
 
   public static void waitForUpload(String logFileName, int expectedUploads) throws IOException {
+    if (expectedUploads == -1) {
+      System.out.println("wait for " + TIMEOUT_S + "s");
+      LockSupport.parkNanos(Duration.ofSeconds(TIMEOUT_S).toNanos());
+      return;
+    }
     System.out.println("waitForUpload #" + expectedUploads);
     AtomicInteger uploadCount = new AtomicInteger(0);
     waitForSpecificLogLine(
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/AgentDebuggerIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/AgentDebuggerIntegrationTest.java
new file mode 100644
index 00000000000..264738cb28f
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/AgentDebuggerIntegrationTest.java
@@ -0,0 +1,88 @@
+package datadog.smoketest;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import com.datadog.debugger.agent.JsonSnapshotSerializer;
+import com.datadog.debugger.probe.LogProbe;
+import com.datadog.debugger.sink.Snapshot;
+import com.squareup.moshi.JsonAdapter;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.RecordedRequest;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+public class AgentDebuggerIntegrationTest extends SimpleAppDebuggerIntegrationTest {
+  @Test
+  @DisplayName("testLatestJdk")
+  void testLatestJdk() throws Exception {
+    final String EXPECTED_UPLOADS = "3";
+    LogProbe probe = LogProbe.builder().where("App", "getGreeting").build();
+    setCurrentConfiguration(createConfig(probe));
+    String classpath = System.getProperty("datadog.smoketest.shadowJar.external.path");
+    if (classpath == null) {
+      return; // execute test only if classpath is provided for the latest jdk
+    }
+    List<String> commandParams = getDebuggerCommandParams();
+    targetProcess =
+        ProcessBuilderHelper.createProcessBuilder(
+                classpath, commandParams, logFilePath, "App", EXPECTED_UPLOADS)
+            .start();
+    RecordedRequest request = retrieveSnapshotRequest();
+    assertNotNull(request);
+    assertFalse(logHasErrors(logFilePath, it -> false));
+    String bodyStr = request.getBody().readUtf8();
+    LOG.info("got snapshot: {}", bodyStr);
+    JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> adapter = createAdapterForSnapshot();
+    Snapshot snapshot = adapter.fromJson(bodyStr).get(0).getDebugger().getSnapshot();
+    assertNotNull(snapshot);
+  }
+
+  @Test
+  @DisplayName("testShutdown")
+  void testShutdown() throws Exception {
+    final String METHOD_NAME = "emptyMethod";
+    final String EXPECTED_UPLOADS = "3";
+    LogProbe probe =
+        LogProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, METHOD_NAME).build();
+    setCurrentConfiguration(createConfig(probe));
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+
+    RecordedRequest request = retrieveSnapshotRequest();
+    assertFalse(logHasErrors(logFilePath, it -> false));
+    assertNotNull(request);
+    assertTrue(request.getBodySize() > 0);
+
+    // Wait for the app exit with some extra time.
+    // The expectation is that agent doesn't prevent app from exiting.
+    assertTrue(targetProcess.waitFor(REQUEST_WAIT_TIMEOUT + 10, TimeUnit.SECONDS));
+  }
+
+  @Test
+  @DisplayName("testDestroy")
+  void testDestroy() throws Exception {
+    final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS = "3";
+    LogProbe probe =
+        LogProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, METHOD_NAME).build();
+    setCurrentConfiguration(createConfig(probe));
+    datadogAgentServer.enqueue(
+        new MockResponse()
+            .setHeadersDelay(REQUEST_WAIT_TIMEOUT * 2, TimeUnit.SECONDS)
+            .setResponseCode(200));
+    // wait for 3 snapshots (2 status + 1 snapshot)
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+
+    RecordedRequest request = retrieveSnapshotRequest();
+    assertNotNull(request);
+    assertTrue(request.getBodySize() > 0);
+    retrieveSnapshotRequest();
+    targetProcess.destroy();
+    // Wait for the app exit with some extra time.
+    // The expectation is that agent doesn't prevent app from exiting.
+    assertTrue(targetProcess.waitFor(REQUEST_WAIT_TIMEOUT + 10, TimeUnit.SECONDS));
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/BaseIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/BaseIntegrationTest.java
index 500bbac977b..3574a285493 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/BaseIntegrationTest.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/BaseIntegrationTest.java
@@ -8,12 +8,24 @@
 import com.datadog.debugger.agent.JsonSnapshotSerializer;
 import com.datadog.debugger.agent.ProbeStatus;
 import com.datadog.debugger.probe.LogProbe;
+import com.datadog.debugger.probe.MetricProbe;
+import com.datadog.debugger.probe.SpanDecorationProbe;
+import com.datadog.debugger.probe.SpanProbe;
+import com.datadog.debugger.sink.Snapshot;
 import com.datadog.debugger.util.MoshiHelper;
 import com.datadog.debugger.util.MoshiSnapshotTestHelper;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Types;
 import datadog.trace.bootstrap.debugger.CapturedContext;
+import datadog.trace.bootstrap.debugger.ProbeRateLimiter;
+import datadog.trace.test.agent.decoder.DecodedMessage;
+import datadog.trace.test.agent.decoder.DecodedSpan;
+import datadog.trace.test.agent.decoder.DecodedTrace;
+import datadog.trace.test.agent.decoder.Decoder;
 import java.io.IOException;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.SocketException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -23,8 +35,11 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.UUID;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
+import java.util.function.Predicate;
 import okhttp3.HttpUrl;
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
@@ -39,22 +54,34 @@
 
 public abstract class BaseIntegrationTest {
   protected static final Logger LOG = LoggerFactory.getLogger(BaseIntegrationTest.class);
-  protected static final String PROBE_URL_PATH = "/v0.7/config";
+  protected static final String TRACE_URL_PATH = "/v0.4/traces";
+  protected static final String CONFIG_URL_PATH = "/v0.7/config";
   protected static final String SNAPSHOT_URL_PATH = "/debugger/v1/input";
   protected static final int REQUEST_WAIT_TIMEOUT = 10;
   private static final Path LOG_FILE_BASE =
       Paths.get(
-          buildDirectory(), "reports", "testProcess." + DebuggerIntegrationTest.class.getName());
+          buildDirectory(),
+          "reports",
+          "testProcess." + SimpleAppDebuggerIntegrationTest.class.getName());
   private static final String INFO_CONTENT =
-      "{\"endpoints\": [\"v0.4/traces\", \"debugger/v1/input\", \"v0.7/config\"]}";
+      "{\"endpoints\": [\""
+          + TRACE_URL_PATH
+          + "\", \""
+          + SNAPSHOT_URL_PATH
+          + "\", \""
+          + CONFIG_URL_PATH
+          + "\"]}";
   private static final MockResponse AGENT_INFO_RESPONSE =
       new MockResponse().setResponseCode(200).setBody(INFO_CONTENT);
   private static final MockResponse TELEMETRY_RESPONSE = new MockResponse().setResponseCode(202);
-  private static final MockResponse EMPTY_200_RESPONSE = new MockResponse().setResponseCode(200);
+  protected static final MockResponse EMPTY_200_RESPONSE = new MockResponse().setResponseCode(200);
+
+  private static final ByteString DIAGNOSTICS_STR = ByteString.encodeUtf8("diagnostics");
+  private static final String CONFIG_ID = UUID.randomUUID().toString();
 
   protected MockWebServer datadogAgentServer;
   private MockDispatcher probeMockDispatcher;
-
+  private StatsDServer statsDServer;
   private HttpUrl probeUrl;
   private HttpUrl snapshotUrl;
   protected Path logFilePath;
@@ -62,6 +89,10 @@ public abstract class BaseIntegrationTest {
   private Configuration currentConfiguration;
   private boolean configProvided;
   protected final Object configLock = new Object();
+  protected final List<Predicate<Snapshot>> snapshotListeners = new ArrayList<>();
+  protected final List<Predicate<DecodedTrace>> traceListeners = new ArrayList<>();
+  protected final List<Predicate<ProbeStatus>> probeStatusListeners = new ArrayList<>();
+  protected int batchSize = 1; // to verify each snapshot upload one by one
 
   @BeforeAll
   static void setupAll() throws Exception {
@@ -74,9 +105,12 @@ void setup(TestInfo testInfo) throws Exception {
     probeMockDispatcher = new MockDispatcher();
     probeMockDispatcher.setDispatcher(this::datadogAgentDispatch);
     datadogAgentServer.setDispatcher(probeMockDispatcher);
-    probeUrl = datadogAgentServer.url(PROBE_URL_PATH);
+    probeUrl = datadogAgentServer.url(CONFIG_URL_PATH);
     LOG.info("DatadogAgentServer on {}", datadogAgentServer.getPort());
     snapshotUrl = datadogAgentServer.url(SNAPSHOT_URL_PATH);
+    statsDServer = new StatsDServer();
+    statsDServer.start();
+    LOG.info("statsDServer on {}", statsDServer.getPort());
     logFilePath = LOG_FILE_BASE.resolve(testInfo.getDisplayName() + ".log");
   }
 
@@ -86,6 +120,8 @@ void teardown() throws Exception {
       targetProcess.destroyForcibly();
     }
     datadogAgentServer.shutdown();
+    statsDServer.close();
+    ProbeRateLimiter.resetAll();
   }
 
   protected ProcessBuilder createProcessBuilder(Path logFilePath, String... params) {
@@ -109,51 +145,222 @@ protected List<String> getDebuggerCommandParams() {
             "-Ddd.jmxfetch.start-delay=0",
             "-Ddd.jmxfetch.enabled=false",
             "-Ddd.dynamic.instrumentation.enabled=true",
-            // "-Ddd.remote_config.enabled=true", // default
             "-Ddd.remote_config.poll_interval.seconds=1",
-            /*"-Ddd.remote_config.integrity_check.enabled=false",
-            "-Ddd.dynamic.instrumentation.probe.url=http://localhost:"
-                + probeServer.getPort()
-                + PROBE_URL_PATH,
-            "-Ddd.dynamic.instrumentation.snapshot.url=http://localhost:"
-                + snapshotServer.getPort()
-                + SNAPSHOT_URL_PATH,*/
             "-Ddd.trace.agent.url=http://localhost:" + datadogAgentServer.getPort(),
-            // to verify each snapshot upload one by one
-            "-Ddd.dynamic.instrumentation.upload.batch.size=1",
+            "-Ddd.jmxfetch.statsd.port=" + statsDServer.getPort(),
+            "-Ddd.dynamic.instrumentation.classfile.dump.enabled=true",
+            "-Ddd.dynamic.instrumentation.upload.batch.size=" + batchSize,
             // flush uploads every 100ms to have quick tests
             "-Ddd.dynamic.instrumentation.upload.flush.interval=100"));
   }
 
   protected RecordedRequest retrieveSnapshotRequest() throws Exception {
-    long ts = System.nanoTime();
+    return retrieveRequest(
+        request -> {
+          try {
+            return request.getPath().startsWith(SNAPSHOT_URL_PATH)
+                && request.getBody().indexOf(ByteString.encodeUtf8("diagnostics")) == -1;
+          } catch (IOException ex) {
+            throw new RuntimeException(ex);
+          }
+        });
+  }
+
+  protected DecodedSpan retrieveSpanRequest(String name) throws Exception {
+    DecodedSpan decodedSpan = null;
+    int attempt = 3;
+    retrieveSpan:
+    do {
+      LOG.info("retrieveSpanRequest...");
+      RecordedRequest spanRequest =
+          retrieveRequest(request -> request.getPath().equals(TRACE_URL_PATH));
+      attempt--;
+      if (spanRequest == null) {
+        continue;
+      }
+      DecodedMessage decodedMessage = Decoder.decodeV04(spanRequest.getBody().readByteArray());
+      LOG.info(
+          "Traces={} Spans={}",
+          decodedMessage.getTraces().size(),
+          decodedMessage.getTraces().get(0).getSpans().size());
+      for (int traceIdx = 0; traceIdx < decodedMessage.getTraces().size(); traceIdx++) {
+        List<DecodedSpan> spans = decodedMessage.getTraces().get(traceIdx).getSpans();
+        for (int spanIdx = 0; spanIdx < spans.size(); spanIdx++) {
+          decodedSpan = spans.get(spanIdx);
+          LOG.info(
+              "Trace[{}}].Span[{}}] name={}} resource={}} Meta={}",
+              traceIdx,
+              spanIdx,
+              decodedSpan.getName(),
+              decodedSpan.getResource(),
+              decodedSpan.getMeta());
+          if (decodedSpan.getName().equals(name)) {
+            break retrieveSpan;
+          }
+        }
+      }
+    } while (attempt > 0);
+    return decodedSpan;
+  }
+
+  protected enum RequestType {
+    SNAPSHOT {
+      @Override
+      public boolean process(BaseIntegrationTest baseIntegrationTest, RecordedRequest request) {
+        if (!request.getPath().startsWith(SNAPSHOT_URL_PATH)) {
+          return false;
+        }
+        try {
+          if (request.getBody().indexOf(DIAGNOSTICS_STR) > -1) {
+            return false;
+          }
+        } catch (IOException ex) {
+          ex.printStackTrace();
+        }
+        String bodyStr = request.getBody().readUtf8();
+        LOG.info("got snapshot: {}", bodyStr);
+        JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> adapter =
+            createAdapterForSnapshot();
+        try {
+          List<JsonSnapshotSerializer.IntakeRequest> intakeRequests = adapter.fromJson(bodyStr);
+          for (JsonSnapshotSerializer.IntakeRequest intakeRequest : intakeRequests) {
+            Snapshot snapshot = intakeRequest.getDebugger().getSnapshot();
+            for (Predicate<Snapshot> listener : baseIntegrationTest.snapshotListeners) {
+              if (listener.test(snapshot)) {
+                return true;
+              }
+            }
+          }
+        } catch (IOException ex) {
+          ex.printStackTrace();
+        }
+        return false;
+      }
+    },
+    SPAN {
+      @Override
+      public boolean process(BaseIntegrationTest baseIntegrationTest, RecordedRequest request) {
+        if (!request.getPath().equals(TRACE_URL_PATH)) {
+          return false;
+        }
+        DecodedMessage decodedMessage = Decoder.decodeV04(request.getBody().readByteArray());
+        LOG.info("got traces: {}", decodedMessage.getTraces().size());
+        for (Predicate<DecodedTrace> listener : baseIntegrationTest.traceListeners) {
+          for (DecodedTrace trace : decodedMessage.getTraces()) {
+            if (listener.test(trace)) {
+              return true;
+            }
+          }
+        }
+        return false;
+      }
+    },
+    PROBE_STATUS {
+      @Override
+      public boolean process(BaseIntegrationTest baseIntegrationTest, RecordedRequest request) {
+        if (!request.getPath().startsWith(SNAPSHOT_URL_PATH)) {
+          return false;
+        }
+        try {
+          if (request.getBody().indexOf(DIAGNOSTICS_STR) == -1) {
+            return false;
+          }
+        } catch (IOException ex) {
+          ex.printStackTrace();
+        }
+        JsonAdapter<List<ProbeStatus>> adapter =
+            MoshiHelper.createMoshiProbeStatus()
+                .adapter(Types.newParameterizedType(List.class, ProbeStatus.class));
+        String bodyStr = request.getBody().readUtf8();
+        LOG.info("got probe status: {}", bodyStr);
+        try {
+          List<ProbeStatus> probeStatuses = adapter.fromJson(bodyStr);
+          for (Predicate<ProbeStatus> listener : baseIntegrationTest.probeStatusListeners) {
+            for (ProbeStatus probeStatus : probeStatuses) {
+              if (listener.test(probeStatus)) {
+                return true;
+              }
+            }
+          }
+        } catch (IOException ex) {
+          ex.printStackTrace();
+        }
+        return false;
+      }
+    };
+
+    public abstract boolean process(
+        BaseIntegrationTest baseIntegrationTest, RecordedRequest request);
+  }
+
+  protected void registerSnapshotListener(Predicate<Snapshot> listener) {
+    snapshotListeners.add(listener);
+  }
+
+  protected void registerTraceListener(Predicate<DecodedTrace> listener) {
+    traceListeners.add(listener);
+  }
+
+  protected void registerProbeStatusListener(Predicate<ProbeStatus> listener) {
+    probeStatusListeners.add(listener);
+  }
+
+  protected void clearProbeStatusListener() {
+    probeStatusListeners.clear();
+  }
+
+  protected void processRequests() throws InterruptedException {
+    long start = System.currentTimeMillis();
+    RecordedRequest request;
+    do {
+      request = datadogAgentServer.takeRequest(REQUEST_WAIT_TIMEOUT, TimeUnit.SECONDS);
+      if (request == null) {
+        throw new RuntimeException("timeout!");
+      }
+      LOG.info("processRequests path={}", request.getPath());
+      for (RequestType requestType : RequestType.values()) {
+        if (requestType.process(this, request)) {
+          return;
+        }
+      }
+    } while (request != null && (System.currentTimeMillis() - start < 30_000));
+    throw new RuntimeException("timeout!");
+  }
+
+  protected void processRemainingRequests() throws InterruptedException {
     RecordedRequest request;
+    do {
+      request = datadogAgentServer.takeRequest(1, TimeUnit.MILLISECONDS);
+      if (request == null) {
+        break;
+      }
+      LOG.info(
+          "processRemainingRequests path={} body={}",
+          request.getPath(),
+          request.getBody().readUtf8());
+    } while (request != null);
+  }
 
+  protected RecordedRequest retrieveRequest(Predicate<RecordedRequest> filterRequest)
+      throws InterruptedException {
+    long ts = System.nanoTime();
+    RecordedRequest request;
     do {
       request = datadogAgentServer.takeRequest(REQUEST_WAIT_TIMEOUT, TimeUnit.SECONDS);
-    } while (request != null
-        && (!request.getPath().startsWith(SNAPSHOT_URL_PATH)
-            || request.getBody().indexOf(ByteString.encodeUtf8("diagnostics")) > -1));
+      if (request == null) {
+        LOG.info("retreiveRequest request==null => timeout 10 sec");
+      } else {
+        LOG.info("retreiveRequest request!=null path={} testing...", request.getPath());
+      }
+    } while (request != null && !filterRequest.test(request));
     long dur = System.nanoTime() - ts;
     LOG.info(
         "request retrieved in {} seconds", TimeUnit.SECONDS.convert(dur, TimeUnit.NANOSECONDS));
     return request;
   }
 
-  protected ProbeStatus retrieveProbeStatusRequest() throws Exception {
-    RecordedRequest request;
-    do {
-      request = datadogAgentServer.takeRequest(REQUEST_WAIT_TIMEOUT, TimeUnit.SECONDS);
-    } while (request != null && !request.getPath().startsWith(SNAPSHOT_URL_PATH));
-    assertNotNull(request);
-    JsonAdapter<List<ProbeStatus>> adapter =
-        MoshiHelper.createMoshiProbeStatus()
-            .adapter(Types.newParameterizedType(List.class, ProbeStatus.class));
-    String bodyStr = request.getBody().readUtf8();
-    LOG.info("got snapshot: {}", bodyStr);
-    List<ProbeStatus> probeStatuses = adapter.fromJson(bodyStr);
-    assertEquals(1, probeStatuses.size());
-    return probeStatuses.get(0);
+  protected String retrieveStatsdMessage(String str) {
+    return statsDServer.waitForMessage(str);
   }
 
   private MockResponse datadogAgentDispatch(RecordedRequest request) {
@@ -166,32 +373,36 @@ private MockResponse datadogAgentDispatch(RecordedRequest request) {
       return TELEMETRY_RESPONSE;
     }
     if (request.getPath().startsWith(SNAPSHOT_URL_PATH)) {
-      return new MockResponse().setResponseCode(200);
+      return EMPTY_200_RESPONSE;
     }
     if (request.getPath().equals("/v0.7/config")) {
-      Configuration configuration;
-      synchronized (configLock) {
-        configuration = getCurrentConfiguration();
-        configProvided = true;
-        configLock.notifyAll();
-      }
-      if (configuration == null) {
-        configuration = createConfig(Collections.emptyList());
-      }
-      try {
-        JsonAdapter<Configuration> adapter =
-            MoshiConfigTestHelper.createMoshiConfig().adapter(Configuration.class);
-        String json = adapter.toJson(configuration);
-        System.out.println("Sending json config: " + json);
-        String remoteConfigJson = RemoteConfigHelper.encode(json, UUID.randomUUID().toString());
-        return new MockResponse().setResponseCode(200).setBody(remoteConfigJson);
-      } catch (Exception e) {
-        throw new RuntimeException(e);
-      }
+      return handleConfigRequests();
     }
     return EMPTY_200_RESPONSE;
   }
 
+  private MockResponse handleConfigRequests() {
+    Configuration configuration;
+    synchronized (configLock) {
+      configuration = getCurrentConfiguration();
+      configProvided = true;
+      configLock.notifyAll();
+    }
+    if (configuration == null) {
+      configuration = createConfig(Collections.emptyList());
+    }
+    try {
+      JsonAdapter<Configuration> adapter =
+          MoshiConfigTestHelper.createMoshiConfig().adapter(Configuration.class);
+      String json = adapter.toJson(configuration);
+      LOG.info("Sending json config: {}", json);
+      String remoteConfigJson = RemoteConfigHelper.encode(json, CONFIG_ID);
+      return new MockResponse().setResponseCode(200).setBody(remoteConfigJson);
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+  }
+
   private Configuration getCurrentConfiguration() {
     synchronized (configLock) {
       return currentConfiguration;
@@ -204,7 +415,8 @@ protected boolean isConfigProvided() {
     }
   }
 
-  protected JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> createAdapterForSnapshot() {
+  protected static JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>>
+      createAdapterForSnapshot() {
     return MoshiSnapshotTestHelper.createMoshiSnapshot()
         .adapter(
             Types.newParameterizedType(List.class, JsonSnapshotSerializer.IntakeRequest.class));
@@ -221,6 +433,27 @@ protected Configuration createConfig(LogProbe logProbe) {
     return createConfig(Arrays.asList(logProbe));
   }
 
+  protected Configuration createMetricConfig(MetricProbe metricProbe) {
+    return Configuration.builder()
+        .setService(getAppId())
+        .addMetricProbes(Collections.singletonList(metricProbe))
+        .build();
+  }
+
+  protected Configuration createSpanDecoConfig(SpanDecorationProbe spanDecorationProbe) {
+    return Configuration.builder()
+        .setService(getAppId())
+        .addSpanDecorationProbes(Collections.singletonList(spanDecorationProbe))
+        .build();
+  }
+
+  protected Configuration createSpanConfig(SpanProbe spanProbe) {
+    return Configuration.builder()
+        .setService(getAppId())
+        .addSpanProbes(Collections.singletonList(spanProbe))
+        .build();
+  }
+
   protected Configuration createConfig(Collection<LogProbe> logProbes) {
     return new Configuration(getAppId(), logProbes);
   }
@@ -283,8 +516,7 @@ protected static boolean logHasErrors(Path logFilePath, Function<String, Boolean
             .count();
     boolean hasErrors = errorLines > 0;
     if (hasErrors) {
-      System.out.println(
-          "Test application log is containing errors. See full run logs in " + logFilePath);
+      LOG.info("Test application log is containing errors. See full run logs in {}", logFilePath);
     }
     return hasErrors;
   }
@@ -301,4 +533,60 @@ public void setDispatcher(Function<RecordedRequest, MockResponse> dispatcher) {
       this.dispatcher = dispatcher;
     }
   }
+
+  private static class StatsDServer extends Thread {
+    private final DatagramSocket socket;
+    private final BlockingQueue<String> msgQueue = new ArrayBlockingQueue<>(32);
+    private volatile String lastMessage;
+    private volatile boolean running = true;
+
+    StatsDServer() throws SocketException {
+      socket = new DatagramSocket();
+    }
+
+    @Override
+    public void run() {
+      byte[] buf = new byte[1024];
+      DatagramPacket packet = new DatagramPacket(buf, buf.length);
+      while (running) {
+        try {
+          socket.receive(packet);
+        } catch (IOException e) {
+          throw new RuntimeException(e);
+        }
+        lastMessage = new String(packet.getData(), 0, packet.getLength());
+        LOG.info("received statsd: {}", lastMessage);
+        try {
+          msgQueue.offer(lastMessage, 30, TimeUnit.SECONDS);
+        } catch (InterruptedException e) {
+          throw new RuntimeException(e);
+        }
+      }
+      socket.close();
+    }
+
+    String lastMessage() {
+      return lastMessage;
+    }
+
+    String waitForMessage(String str) {
+      String msg;
+      do {
+        try {
+          msg = msgQueue.poll(30, TimeUnit.SECONDS);
+        } catch (InterruptedException e) {
+          throw new RuntimeException(e);
+        }
+      } while (msg != null && !msg.contains(str));
+      return msg;
+    }
+
+    void close() {
+      running = false;
+    }
+
+    int getPort() {
+      return socket.getLocalPort();
+    }
+  }
 }
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/DebuggerIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/LogProbesIntegrationTest.java
similarity index 63%
rename from dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/DebuggerIntegrationTest.java
rename to dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/LogProbesIntegrationTest.java
index 6b115414011..225c5a0899b 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/DebuggerIntegrationTest.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/LogProbesIntegrationTest.java
@@ -4,11 +4,11 @@
 import static com.datadog.debugger.el.DSL.ref;
 import static com.datadog.debugger.el.DSL.when;
 import static com.datadog.debugger.util.LogProbeTestHelper.parseTemplate;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import com.datadog.debugger.agent.JsonSnapshotSerializer;
 import com.datadog.debugger.el.DSL;
@@ -18,125 +18,36 @@
 import com.squareup.moshi.JsonAdapter;
 import datadog.trace.api.Platform;
 import datadog.trace.bootstrap.debugger.CapturedContext;
+import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
-import datadog.trace.util.TagsHelper;
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.RecordedRequest;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class DebuggerIntegrationTest extends BaseIntegrationTest {
-  private static final Logger LOG = LoggerFactory.getLogger(DebuggerIntegrationTest.class);
-  private static final String DEBUGGER_TEST_APP_CLASS =
-      "datadog.smoketest.debugger.DebuggerTestApplication";
-  private static final ProbeId PROBE_ID = new ProbeId("123356536", 0);
-  private static final ProbeId PROBE_ID2 = new ProbeId("1233565368", 12);
-  private static final String MAIN_CLASS_NAME = "Main";
-
-  @Override
-  protected String getAppClass() {
-    return DEBUGGER_TEST_APP_CLASS;
-  }
-
-  @Override
-  protected String getAppId() {
-    return TagsHelper.sanitize("DebuggerTestApplication");
-  }
-
-  @Test
-  @DisplayName("testLatestJdk")
-  void testLatestJdk() throws Exception {
-    LogProbe probe = LogProbe.builder().where("App", "getGreeting").build();
-    setCurrentConfiguration(createConfig(probe));
-    String classpath = System.getProperty("datadog.smoketest.shadowJar.external.path");
-    if (classpath == null) {
-      return; // execute test only if classpath is provided for the latest jdk
-    }
-    List<String> commandParams = getDebuggerCommandParams();
-    targetProcess =
-        ProcessBuilderHelper.createProcessBuilder(classpath, commandParams, logFilePath, "App", "3")
-            .start();
-    RecordedRequest request = retrieveSnapshotRequest();
-    assertNotNull(request);
-    assertFalse(logHasErrors(logFilePath, it -> false));
-    String bodyStr = request.getBody().readUtf8();
-    LOG.info("got snapshot: {}", bodyStr);
-    JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> adapter = createAdapterForSnapshot();
-    Snapshot snapshot = adapter.fromJson(bodyStr).get(0).getDebugger().getSnapshot();
-    assertNotNull(snapshot);
-  }
-
-  @Test
-  @DisplayName("testShutdown")
-  void testShutdown() throws Exception {
-    final String METHOD_NAME = "emptyMethod";
-    LogProbe probe =
-        LogProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, METHOD_NAME).build();
-    setCurrentConfiguration(createConfig(probe));
-    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, "3").start();
-
-    RecordedRequest request = retrieveSnapshotRequest();
-    assertFalse(logHasErrors(logFilePath, it -> false));
-    assertNotNull(request);
-    assertTrue(request.getBodySize() > 0);
-
-    // Wait for the app exit with some extra time.
-    // The expectation is that agent doesn't prevent app from exiting.
-    assertTrue(targetProcess.waitFor(REQUEST_WAIT_TIMEOUT + 10, TimeUnit.SECONDS));
-  }
-
-  @Test
-  @DisplayName("testDestroy")
-  void testDestroy() throws Exception {
-    final String METHOD_NAME = "fullMethod";
-    LogProbe probe =
-        LogProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, METHOD_NAME).build();
-    setCurrentConfiguration(createConfig(probe));
-    datadogAgentServer.enqueue(
-        new MockResponse()
-            .setHeadersDelay(REQUEST_WAIT_TIMEOUT * 2, TimeUnit.SECONDS)
-            .setResponseCode(200));
-    // wait for 3 snapshots (2 status + 1 snapshot)
-    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, "3").start();
-
-    RecordedRequest request = retrieveSnapshotRequest();
-    assertNotNull(request);
-    assertTrue(request.getBodySize() > 0);
-    retrieveSnapshotRequest();
-    targetProcess.destroy();
-    // Wait for the app exit with some extra time.
-    // The expectation is that agent doesn't prevent app from exiting.
-    assertTrue(targetProcess.waitFor(REQUEST_WAIT_TIMEOUT + 10, TimeUnit.SECONDS));
-  }
 
+public class LogProbesIntegrationTest extends SimpleAppDebuggerIntegrationTest {
   @Test
   @DisplayName("testInaccessibleObject")
   void testInaccessibleObject() throws Exception {
     final String METHOD_NAME = "managementMethod";
+    final String EXPECTED_UPLOADS = "3";
     LogProbe probe =
         LogProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, METHOD_NAME).build();
     setCurrentConfiguration(createConfig(probe));
-    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, "3").start();
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
     RecordedRequest request = retrieveSnapshotRequest();
     assertNotNull(request);
     assertFalse(logHasErrors(logFilePath, it -> false));
-    Thread.sleep(10000);
   }
 
   @Test
   @DisplayName("testFullMethod")
   void testFullMethod() throws Exception {
     final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS = "3";
     LogProbe probe =
         LogProbe.builder()
             .probeId(PROBE_ID)
@@ -144,7 +55,7 @@ void testFullMethod() throws Exception {
             .captureSnapshot(true)
             .build();
     setCurrentConfiguration(createConfig(probe));
-    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, "3").start();
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
     RecordedRequest request = retrieveSnapshotRequest();
     assertNotNull(request);
     assertFalse(logHasErrors(logFilePath, it -> false));
@@ -172,6 +83,7 @@ void testFullMethod() throws Exception {
   @DisplayName("testFullMethodWithCondition")
   void testFullMethodWithCondition() throws Exception {
     final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS = "3";
     LogProbe probe =
         LogProbe.builder()
             .probeId(PROBE_ID)
@@ -182,7 +94,7 @@ void testFullMethodWithCondition() throws Exception {
             .captureSnapshot(true)
             .build();
     setCurrentConfiguration(createConfig(probe));
-    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, "3").start();
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
     RecordedRequest request = retrieveSnapshotRequest();
     assertNotNull(request);
     assertFalse(logHasErrors(logFilePath, it -> false));
@@ -199,6 +111,7 @@ void testFullMethodWithCondition() throws Exception {
   void testFullMethodWithLogTemplate() throws Exception {
     final String METHOD_NAME = "fullMethod";
     final String LOG_TEMPLATE = "log line {argInt} {argStr} {argDouble} {argMap} {argVar}";
+    final String EXPECTED_UPLOADS = "3";
     LogProbe probe =
         LogProbe.builder()
             .probeId(PROBE_ID)
@@ -206,7 +119,7 @@ void testFullMethodWithLogTemplate() throws Exception {
             .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
             .build();
     setCurrentConfiguration(createConfig(probe));
-    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, "3").start();
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
     RecordedRequest request = retrieveSnapshotRequest();
     assertNotNull(request);
     assertFalse(logHasErrors(logFilePath, it -> false));
@@ -220,18 +133,6 @@ void testFullMethodWithLogTemplate() throws Exception {
         intakeRequest.getMessage());
   }
 
-  private void assertFullMethodCaptureArgs(CapturedContext context) {
-    if (Platform.isJ9()) {
-      // skip for J9/OpenJ9 as we cannot get local variable debug info.
-      return;
-    }
-    assertCaptureArgs(context, "argInt", "int", "42");
-    assertCaptureArgs(context, "argStr", "java.lang.String", "foobar");
-    assertCaptureArgs(context, "argDouble", "double", "3.42");
-    assertCaptureArgs(context, "argMap", "java.util.HashMap", "{key1=val1, key2=val2, key3=val3}");
-    assertCaptureArgs(context, "argVar", "java.lang.String[]", "[var1, var2, var3]");
-  }
-
   @Test
   @DisplayName("testMultiProbes")
   void testMultiProbes() throws Exception {
@@ -239,7 +140,11 @@ void testMultiProbes() throws Exception {
     List<LogProbe> probes = new ArrayList<>();
     for (int i = 0; i < 10; i++) {
       probes.add(
-          LogProbe.builder().probeId(getProbeId(i)).where(MAIN_CLASS_NAME, METHOD_NAME).build());
+          LogProbe.builder()
+              .probeId(getProbeId(i))
+              .where(MAIN_CLASS_NAME, METHOD_NAME)
+              .captureSnapshot(true)
+              .build());
     }
     setCurrentConfiguration(createConfig(probes));
     final int NB_SNAPSHOTS = 10;
@@ -269,21 +174,128 @@ void testMultiProbes() throws Exception {
     assertFalse(logHasErrors(logFilePath, it -> false));
   }
 
+  @Test
+  @DisplayName("testSamplingSnapshotDefault")
+  void testSamplingSnapshotDefault() throws Exception {
+    doSamplingSnapshot(null, MethodLocation.EXIT);
+  }
+
+  @Test
+  @DisplayName("testSamplingSnapshotDefaultWithConditionAtEntry")
+  void testSamplingSnapshotDefaultWithConditionAtEntry() throws Exception {
+    doSamplingSnapshot(
+        new ProbeCondition(DSL.when(DSL.eq(DSL.value(1), DSL.value(1))), "1 == 1"),
+        MethodLocation.ENTRY);
+  }
+
+  @Test
+  @DisplayName("testSamplingSnapshotDefaultWithConditionAtExit")
+  void testSamplingSnapshotDefaultWithConditionAtExit() throws Exception {
+    doSamplingSnapshot(
+        new ProbeCondition(DSL.when(DSL.eq(DSL.value(1), DSL.value(1))), "1 == 1"),
+        MethodLocation.EXIT);
+  }
+
+  private void doSamplingSnapshot(ProbeCondition probeCondition, MethodLocation evaluateAt)
+      throws Exception {
+    final int LOOP_COUNT = 1000;
+    final String EXPECTED_UPLOADS = "4";
+    LogProbe probe =
+        LogProbe.builder()
+            .probeId(PROBE_ID)
+            .where(MAIN_CLASS_NAME, "fullMethod")
+            .when(probeCondition)
+            .evaluateAt(evaluateAt)
+            .captureSnapshot(true)
+            .build();
+    setCurrentConfiguration(createConfig(probe));
+    targetProcess =
+        createProcessBuilder(
+                logFilePath, "loopingFullMethod", EXPECTED_UPLOADS, String.valueOf(LOOP_COUNT))
+            .start();
+    int count = countSnapshots();
+    assertTrue(count >= 2 && count <= 20, "snapshots=" + count);
+  }
+
+  @Test
+  @DisplayName("testSamplingLogDefault")
+  void testSamplingLogDefault() throws Exception {
+    batchSize = 100;
+    final int LOOP_COUNT = 1000;
+    final String LOG_TEMPLATE = "log line {argInt} {argStr} {argDouble} {argMap} {argVar}";
+    final String EXPECTED_UPLOADS = String.valueOf(LOOP_COUNT / batchSize + 2);
+    LogProbe probe =
+        LogProbe.builder()
+            .probeId(PROBE_ID)
+            .where(MAIN_CLASS_NAME, "fullMethod")
+            .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    setCurrentConfiguration(createConfig(probe));
+    targetProcess =
+        createProcessBuilder(
+                logFilePath, "loopingFullMethod", EXPECTED_UPLOADS, String.valueOf(LOOP_COUNT))
+            .start();
+    int count = countSnapshots();
+    assertTrue(count >= 950 && count <= 1000, "logs=" + count);
+  }
+
+  @Test
+  @DisplayName("testSamplingLogCustom")
+  void testSamplingLogCustom() throws Exception {
+    final int LOOP_COUNT = 1000;
+    final String LOG_TEMPLATE = "log line {argInt} {argStr} {argDouble} {argMap} {argVar}";
+    final String EXPECTED_UPLOADS = "120";
+    LogProbe probe =
+        LogProbe.builder()
+            .probeId(PROBE_ID)
+            .where(MAIN_CLASS_NAME, "fullMethod")
+            .template(LOG_TEMPLATE, parseTemplate(LOG_TEMPLATE))
+            .evaluateAt(MethodLocation.EXIT)
+            .sampling(10)
+            .build();
+    setCurrentConfiguration(createConfig(probe));
+    targetProcess =
+        createProcessBuilder(
+                logFilePath, "loopingFullMethod", EXPECTED_UPLOADS, String.valueOf(LOOP_COUNT))
+            .start();
+    assertTrue(countSnapshots() < 120);
+  }
+
+  private int countSnapshots() throws Exception {
+    int snapshotCount = 0;
+    RecordedRequest request;
+    do {
+      request = retrieveSnapshotRequest();
+      if (request != null) {
+        String bodyStr = request.getBody().readUtf8();
+        JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> adapter =
+            createAdapterForSnapshot();
+        List<JsonSnapshotSerializer.IntakeRequest> intakeRequests = adapter.fromJson(bodyStr);
+        long count =
+            intakeRequests.stream()
+                .map(intakeRequest -> intakeRequest.getDebugger().getSnapshot())
+                .count();
+        snapshotCount += count;
+      }
+    } while (request != null);
+    LOG.info("snapshots={}", snapshotCount);
+    return snapshotCount;
+  }
+
   private ProbeId getProbeId(int i) {
     return new ProbeId(String.valueOf(i), 0);
   }
 
-  private static void assertContainsLogLine(Path logFilePath, String containsLine)
-      throws IOException {
-    boolean[] result = new boolean[] {false};
-    Files.lines(logFilePath)
-        .forEach(
-            it -> {
-              if (it.contains(containsLine)) {
-                System.out.println(it);
-                result[0] = true;
-              }
-            });
-    assertTrue(result[0]);
+  private void assertFullMethodCaptureArgs(CapturedContext context) {
+    if (Platform.isJ9()) {
+      // skip for J9/OpenJ9 as we cannot get local variable debug info.
+      return;
+    }
+    assertCaptureArgs(context, "argInt", "int", "42");
+    assertCaptureArgs(context, "argStr", "java.lang.String", "foobar");
+    assertCaptureArgs(context, "argDouble", "double", "3.42");
+    assertCaptureArgs(context, "argMap", "java.util.HashMap", "{key1=val1, key2=val2, key3=val3}");
+    assertCaptureArgs(context, "argVar", "java.lang.String[]", "[var1, var2, var3]");
   }
 }
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MetricProbesIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MetricProbesIntegrationTest.java
new file mode 100644
index 00000000000..f4fbb0217a7
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MetricProbesIntegrationTest.java
@@ -0,0 +1,159 @@
+package datadog.smoketest;
+
+import static org.junit.Assert.assertNotNull;
+
+import com.datadog.debugger.el.DSL;
+import com.datadog.debugger.el.ValueScript;
+import com.datadog.debugger.probe.MetricProbe;
+import java.io.IOException;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+public class MetricProbesIntegrationTest extends SimpleAppDebuggerIntegrationTest {
+
+  @AfterEach
+  void teardown() throws Exception {
+    processRemainingRequests();
+  }
+
+  @Test
+  @DisplayName("testMethodMetricInc")
+  void testMethodMetricInc() throws Exception {
+    doMethodMetric(
+        "incCallCount",
+        MetricProbe.MetricKind.COUNT,
+        null,
+        "dynamic.instrumentation.metric.probe.%s:1|c|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testMethodMetricCount")
+  void testMethodMetricCount() throws Exception {
+    doMethodMetric(
+        "fullMethod_count",
+        MetricProbe.MetricKind.COUNT,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|c|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testMethodMetricGauge")
+  void testMethodMetricGauge() throws Exception {
+    doMethodMetric(
+        "fullMethod_gauge",
+        MetricProbe.MetricKind.GAUGE,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|g|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testMethodMetricHistogram")
+  void testMethodMetricHistogram() throws Exception {
+    doMethodMetric(
+        "fullMethod_histogram",
+        MetricProbe.MetricKind.HISTOGRAM,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|h|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testMethodMetricDistribution")
+  void testMethodMetricDistribution() throws Exception {
+    doMethodMetric(
+        "fullMethod_distribution",
+        MetricProbe.MetricKind.DISTRIBUTION,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|d|#debugger.probeid:%s");
+  }
+
+  private void doMethodMetric(
+      String metricName, MetricProbe.MetricKind kind, ValueScript script, String expectedMsgFormat)
+      throws IOException {
+    final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS =
+        "-1"; // wait for TIMEOUT_S for letting the metric being sent (async)
+    MetricProbe metricProbe =
+        MetricProbe.builder()
+            .probeId(PROBE_ID)
+            .where(MAIN_CLASS_NAME, METHOD_NAME)
+            .kind(kind)
+            .metricName(metricName)
+            .valueScript(script)
+            .build();
+    setCurrentConfiguration(createMetricConfig(metricProbe));
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+    String msgExpected = String.format(expectedMsgFormat, metricName, PROBE_ID.getId());
+    assertNotNull(retrieveStatsdMessage(msgExpected));
+  }
+
+  @Test
+  @DisplayName("testLineMetricInc")
+  void testLineMetricInc() throws Exception {
+    doLineMetric(
+        "fullMethod_incCallCount",
+        MetricProbe.MetricKind.COUNT,
+        null,
+        "dynamic.instrumentation.metric.probe.%s:1|c|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testLineMetricCount")
+  void testLineMetricCount() throws Exception {
+    doLineMetric(
+        "fullMethod_count",
+        MetricProbe.MetricKind.COUNT,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|c|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testLineMetricGauge")
+  void testLineMetricGauge() throws Exception {
+    doLineMetric(
+        "fullMethod_gauge",
+        MetricProbe.MetricKind.GAUGE,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|g|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testLineMetricHistogram")
+  void testLineMetricHistogram() throws Exception {
+    doLineMetric(
+        "fullMethod_histogram",
+        MetricProbe.MetricKind.HISTOGRAM,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|h|#debugger.probeid:%s");
+  }
+
+  @Test
+  @DisplayName("testLineMetricDistribution")
+  void testLineMetricDistribution() throws Exception {
+    doLineMetric(
+        "fullMethod_distribution",
+        MetricProbe.MetricKind.DISTRIBUTION,
+        new ValueScript(DSL.ref("argInt"), "argInt"),
+        "dynamic.instrumentation.metric.probe.%s:42|d|#debugger.probeid:%s");
+  }
+
+  private void doLineMetric(
+      String metricName, MetricProbe.MetricKind kind, ValueScript script, String expectedMsgFormat)
+      throws IOException {
+    final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS =
+        "-1"; // wait for TIMEOUT_S for letting the metric being sent (async)
+    MetricProbe metricProbe =
+        MetricProbe.builder()
+            .probeId(PROBE_ID)
+            .where("DebuggerTestApplication.java", 80)
+            .kind(kind)
+            .metricName(metricName)
+            .valueScript(script)
+            .build();
+    setCurrentConfiguration(createMetricConfig(metricProbe));
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+    String msgExpected = String.format(expectedMsgFormat, metricName, PROBE_ID.getId());
+    assertNotNull(retrieveStatsdMessage(msgExpected));
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MoshiConfigTestHelper.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MoshiConfigTestHelper.java
index 09357c21c6e..0729f654bd9 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MoshiConfigTestHelper.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/MoshiConfigTestHelper.java
@@ -85,7 +85,7 @@ public JsonConditionVisitor(JsonWriter jsonWriter) {
 
     @Override
     public Void visit(BinaryExpression binaryExpression) {
-      return null;
+      throw new UnsupportedOperationException("binary expression");
     }
 
     @Override
@@ -124,72 +124,80 @@ public Void visit(ComparisonOperator operator) {
 
     @Override
     public Void visit(ContainsExpression containsExpression) {
-      return null;
+      throw new UnsupportedOperationException("contains expression");
     }
 
     @Override
     public Void visit(EndsWithExpression endsWithExpression) {
-      return null;
+      throw new UnsupportedOperationException("endsWith expression");
     }
 
     @Override
     public Void visit(FilterCollectionExpression filterCollectionExpression) {
-      return null;
+      throw new UnsupportedOperationException("filter expression");
     }
 
     @Override
     public Void visit(HasAllExpression hasAllExpression) {
-      return null;
+      throw new UnsupportedOperationException("hasAll expression");
     }
 
     @Override
     public Void visit(HasAnyExpression hasAnyExpression) {
-      return null;
+      throw new UnsupportedOperationException("hasAny expression");
     }
 
     @Override
     public Void visit(IfElseExpression ifElseExpression) {
-      return null;
+      throw new UnsupportedOperationException("ifElse expression");
     }
 
     @Override
     public Void visit(IfExpression ifExpression) {
-      return null;
+      throw new UnsupportedOperationException("if expression");
     }
 
     @Override
     public Void visit(IsEmptyExpression isEmptyExpression) {
-      return null;
+      throw new UnsupportedOperationException("isEmpty expression");
     }
 
     @Override
     public Void visit(IsUndefinedExpression isUndefinedExpression) {
-      return null;
+      throw new UnsupportedOperationException("isUndefined expression");
     }
 
     @Override
     public Void visit(LenExpression lenExpression) {
-      return null;
+      throw new UnsupportedOperationException("len expression");
     }
 
     @Override
     public Void visit(MatchesExpression matchesExpression) {
-      return null;
+      throw new UnsupportedOperationException("matches expression");
     }
 
     @Override
     public Void visit(NotExpression notExpression) {
+      try {
+        jsonWriter.name("not");
+        jsonWriter.beginObject();
+        notExpression.getPredicate().accept(this);
+        jsonWriter.endObject();
+      } catch (IOException ex) {
+        LOGGER.debug("Cannot serialize: ", ex);
+      }
       return null;
     }
 
     @Override
     public Void visit(StartsWithExpression startsWithExpression) {
-      return null;
+      throw new UnsupportedOperationException("startsWith expression");
     }
 
     @Override
     public Void visit(SubStringExpression subStringExpression) {
-      return null;
+      throw new UnsupportedOperationException("subString expression");
     }
 
     @Override
@@ -207,11 +215,33 @@ public Void visit(ValueRefExpression valueRefExpression) {
 
     @Override
     public Void visit(GetMemberExpression getMemberExpression) {
+      try {
+        jsonWriter.beginObject();
+        jsonWriter.name("getmember");
+        jsonWriter.beginArray();
+        getMemberExpression.getTarget().accept(this);
+        jsonWriter.value(getMemberExpression.getMemberName());
+        jsonWriter.endArray();
+        jsonWriter.endObject();
+      } catch (IOException ex) {
+        LOGGER.debug("Cannot serialize: ", ex);
+      }
       return null;
     }
 
     @Override
     public Void visit(IndexExpression indexExpression) {
+      try {
+        jsonWriter.beginObject();
+        jsonWriter.name("index");
+        jsonWriter.beginArray();
+        indexExpression.getTarget().accept(this);
+        indexExpression.getKey().accept(this);
+        jsonWriter.endArray();
+        jsonWriter.endObject();
+      } catch (IOException ex) {
+        LOGGER.debug("Cannot serialize: ", ex);
+      }
       return null;
     }
 
@@ -229,12 +259,12 @@ public Void visit(WhenExpression whenExpression) {
 
     @Override
     public Void visit(BooleanExpression booleanExpression) {
-      return null;
+      throw new UnsupportedOperationException("boolean expression");
     }
 
     @Override
     public Void visit(ObjectValue objectValue) {
-      return null;
+      throw new UnsupportedOperationException("objectValue");
     }
 
     @Override
@@ -249,27 +279,44 @@ public Void visit(StringValue stringValue) {
 
     @Override
     public Void visit(NumericValue numericValue) {
+      try {
+        if (numericValue.getValue() instanceof Long) {
+          jsonWriter.value(numericValue.getValue().longValue());
+        } else if (numericValue.getValue() instanceof Double) {
+          jsonWriter.value(numericValue.getValue().doubleValue());
+        } else {
+          throw new UnsupportedOperationException(
+              "numeric value unsupported:" + numericValue.getValue().getClass());
+        }
+      } catch (IOException ex) {
+        LOGGER.debug("Cannot serialize: ", ex);
+      }
       return null;
     }
 
     @Override
     public Void visit(BooleanValue booleanValue) {
-      return null;
+      throw new UnsupportedOperationException("booleanValue");
     }
 
     @Override
     public Void visit(NullValue nullValue) {
+      try {
+        jsonWriter.nullValue();
+      } catch (IOException ex) {
+        LOGGER.debug("Cannot serialize: ", ex);
+      }
       return null;
     }
 
     @Override
     public Void visit(ListValue listValue) {
-      return null;
+      throw new UnsupportedOperationException("listValue");
     }
 
     @Override
     public Void visit(MapValue mapValue) {
-      return null;
+      throw new UnsupportedOperationException("mapValue");
     }
   }
 }
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ProbeStateIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ProbeStateIntegrationTest.java
new file mode 100644
index 00000000000..bc0a9c3c4dd
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ProbeStateIntegrationTest.java
@@ -0,0 +1,144 @@
+package datadog.smoketest;
+
+import static java.util.Arrays.asList;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import com.datadog.debugger.agent.Configuration;
+import com.datadog.debugger.agent.ProbeStatus;
+import com.datadog.debugger.probe.LogProbe;
+import com.datadog.debugger.sink.Snapshot;
+import java.util.Collections;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+public class ProbeStateIntegrationTest extends ServerAppDebuggerIntegrationTest {
+  @Test
+  @DisplayName("testAddRemoveProbes")
+  void testAddRemoveProbes() throws Exception {
+    LogProbe logProbe =
+        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
+    addProbe(logProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, FULL_METHOD_NAME);
+    List<Snapshot> snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+    setCurrentConfiguration(createConfig(Collections.emptyList())); // remove probes
+    waitForReTransformation(appUrl);
+    addProbe(logProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, FULL_METHOD_NAME);
+    snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+  }
+
+  @Test
+  @DisplayName("testDisableEnableProbes")
+  void testDisableEnableProbes() throws Exception {
+    LogProbe logProbe =
+        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
+    addProbe(logProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, FULL_METHOD_NAME);
+    List<Snapshot> snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+    setCurrentConfiguration(createConfig(Collections.emptyList())); // no probe
+    waitForReTransformation(appUrl);
+    addProbe(logProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, FULL_METHOD_NAME);
+    snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+  }
+
+  @Test
+  @DisplayName("testDisableEnableProbesUsingDenyList")
+  void testDisableEnableProbesUsingDenyList() throws Exception {
+    LogProbe logProbe =
+        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
+    addProbe(logProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, FULL_METHOD_NAME);
+    List<Snapshot> snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect BLOCKED status
+    Configuration.FilterList denyList =
+        new Configuration.FilterList(asList("datadog.smoketest.debugger"), Collections.emptyList());
+    setCurrentConfiguration(createConfig(asList(logProbe), null, denyList));
+    waitForReTransformation(appUrl);
+    waitForAProbeStatus(ProbeStatus.Status.BLOCKED);
+
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect INSTALLED status
+    addProbe(logProbe);
+    // waitForInstrumentation(appUrl);
+    waitForReTransformation(appUrl);
+    waitForAProbeStatus(ProbeStatus.Status.INSTALLED);
+    execute(appUrl, FULL_METHOD_NAME);
+    snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+  }
+
+  @Test
+  @DisplayName("testDisableEnableProbesUsingAllowList")
+  void testDisableEnableProbesUsingAllowList() throws Exception {
+    LogProbe logProbe =
+        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
+    addProbe(logProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, FULL_METHOD_NAME);
+    List<Snapshot> snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect BLOCKED status
+    Configuration.FilterList allowList =
+        new Configuration.FilterList(asList("datadog.not.debugger"), Collections.emptyList());
+    setCurrentConfiguration(createConfig(asList(logProbe), allowList, null));
+    waitForReTransformation(appUrl);
+    waitForAProbeStatus(ProbeStatus.Status.BLOCKED);
+
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect INSTALLED status
+    addProbe(logProbe);
+    // waitForInstrumentation(appUrl);
+    waitForReTransformation(appUrl);
+    waitForAProbeStatus(ProbeStatus.Status.INSTALLED);
+    execute(appUrl, FULL_METHOD_NAME);
+    snapshots = waitForSnapshots();
+    assertEquals(1, snapshots.size());
+    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
+  }
+
+  @Test
+  @DisplayName("testProbeStatusError")
+  public void testProbeStatusError() throws Exception {
+    LogProbe logProbe =
+        LogProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, "unknownMethodName")
+            .build();
+    addProbe(logProbe);
+    AtomicBoolean received = new AtomicBoolean(false);
+    AtomicBoolean error = new AtomicBoolean(false);
+    registerProbeStatusListener(
+        probeStatus -> {
+          if (probeStatus.getDiagnostics().getStatus() == ProbeStatus.Status.RECEIVED) {
+            received.set(true);
+          }
+          if (probeStatus.getDiagnostics().getStatus() == ProbeStatus.Status.ERROR) {
+            assertEquals(
+                "Cannot find method datadog/smoketest/debugger/ServerDebuggerTestApplication::unknownMethodName",
+                probeStatus.getDiagnostics().getException().getMessage());
+            error.set(true);
+          }
+          return received.get() && error.get();
+        });
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ServerAppDebuggerIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ServerAppDebuggerIntegrationTest.java
new file mode 100644
index 00000000000..34ee1de31fa
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ServerAppDebuggerIntegrationTest.java
@@ -0,0 +1,173 @@
+package datadog.smoketest;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import com.datadog.debugger.agent.JsonSnapshotSerializer;
+import com.datadog.debugger.agent.ProbeStatus;
+import com.datadog.debugger.probe.LogProbe;
+import com.datadog.debugger.probe.SpanDecorationProbe;
+import com.datadog.debugger.sink.Snapshot;
+import com.squareup.moshi.JsonAdapter;
+import datadog.trace.bootstrap.debugger.ProbeId;
+import datadog.trace.util.TagsHelper;
+import java.io.EOFException;
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.stream.Collectors;
+import okhttp3.HttpUrl;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.Response;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.TestInfo;
+
+public class ServerAppDebuggerIntegrationTest extends BaseIntegrationTest {
+  private static final String SERVER_DEBUGGER_TEST_APP_CLASS =
+      "datadog.smoketest.debugger.ServerDebuggerTestApplication";
+  protected static final String CONTROL_URL = "/control";
+  protected static final ProbeId PROBE_ID = new ProbeId("123356536", 0);
+  protected static final ProbeId PROBE_ID2 = new ProbeId("1233565367", 12);
+  protected static final String TEST_APP_CLASS_NAME = "ServerDebuggerTestApplication";
+  protected static final String FULL_METHOD_NAME = "fullMethod";
+  protected static final String TRACED_METHOD_NAME = "tracedMethod";
+
+  protected MockWebServer controlServer;
+  protected HttpUrl controlUrl;
+  private OkHttpClient httpClient = new OkHttpClient();
+  protected String appUrl;
+
+  @Override
+  @BeforeEach
+  void setup(TestInfo testInfo) throws Exception {
+    super.setup(testInfo);
+    controlServer = new MockWebServer();
+    // controlServer.setDispatcher(new ControlDispatcher());
+    controlServer.start();
+    controlUrl = controlServer.url(CONTROL_URL);
+    startApp();
+    appUrl = waitForAppStartedAndGetUrl();
+  }
+
+  @Override
+  @AfterEach
+  void teardown() throws Exception {
+    stopApp(appUrl);
+    controlServer.shutdown();
+    super.teardown();
+  }
+
+  @Override
+  protected String getAppClass() {
+    return SERVER_DEBUGGER_TEST_APP_CLASS;
+  }
+
+  @Override
+  protected String getAppId() {
+    return TagsHelper.sanitize("ServerDebuggerTestApplication");
+  }
+
+  protected void stopApp(String appUrl) throws IOException {
+    try {
+      sendRequest(appUrl + "/stop");
+    } catch (Exception ex) {
+      LOG.warn("Exception while stopping server app", ex);
+    }
+    LOG.info("Stop done");
+  }
+
+  protected List<Snapshot> waitForSnapshots() throws Exception {
+    RecordedRequest snapshotRequest = retrieveSnapshotRequest();
+    assertNotNull(snapshotRequest);
+    String bodyStr = snapshotRequest.getBody().readUtf8();
+    LOG.info("got snapshot: {}", bodyStr);
+    JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> adapter = createAdapterForSnapshot();
+    List<JsonSnapshotSerializer.IntakeRequest> intakeRequests = adapter.fromJson(bodyStr);
+    return intakeRequests.stream()
+        .map(intakeRequest -> intakeRequest.getDebugger().getSnapshot())
+        .collect(Collectors.toList());
+  }
+
+  protected void execute(String appUrl, String methodName) throws IOException {
+    execute(appUrl, methodName, null);
+  }
+
+  protected void execute(String appUrl, String methodName, String arg) throws IOException {
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect 1 snapshot
+    String executeFormat = arg != null ? "/execute?methodname=%s&arg=%s" : "/execute?methodname=%s";
+    String url = String.format(appUrl + executeFormat, methodName, arg);
+    sendRequest(url);
+    LOG.info("Execution done");
+  }
+
+  protected void waitForInstrumentation(String appUrl) throws Exception {
+    String url =
+        String.format(
+            appUrl + "/waitForInstrumentation?classname=%s", SERVER_DEBUGGER_TEST_APP_CLASS);
+    LOG.info("waitForInstrumentation with url={}", url);
+    sendRequest(url);
+    AtomicBoolean received = new AtomicBoolean(false);
+    AtomicBoolean installed = new AtomicBoolean(false);
+    registerProbeStatusListener(
+        probeStatus -> {
+          if (probeStatus.getDiagnostics().getStatus() == ProbeStatus.Status.RECEIVED) {
+            received.set(true);
+          }
+          if (probeStatus.getDiagnostics().getStatus() == ProbeStatus.Status.INSTALLED) {
+            installed.set(true);
+          }
+          return received.get() && installed.get();
+        });
+    processRequests();
+    clearProbeStatusListener();
+    LOG.info("instrumentation done");
+  }
+
+  protected void waitForAProbeStatus(ProbeStatus.Status status) throws Exception {
+    registerProbeStatusListener(probeStatus -> probeStatus.getDiagnostics().getStatus() == status);
+    processRequests();
+    clearProbeStatusListener();
+  }
+
+  protected void waitForReTransformation(String appUrl) throws IOException {
+    String url =
+        String.format(
+            appUrl + "/waitForReTransformation?classname=%s", SERVER_DEBUGGER_TEST_APP_CLASS);
+    sendRequest(url);
+    LOG.info("re-transformation done");
+  }
+
+  protected void startApp() throws IOException {
+    controlServer.enqueue(EMPTY_200_RESPONSE); // ack response
+    targetProcess = createProcessBuilder(logFilePath, controlUrl.toString()).start();
+  }
+
+  protected String waitForAppStartedAndGetUrl() throws InterruptedException, EOFException {
+    RecordedRequest recordedRequest = controlServer.takeRequest(10, TimeUnit.SECONDS);
+    assertNotNull(recordedRequest);
+    String appUrl = recordedRequest.getBody().readUtf8Line();
+    LOG.info("AppUrl = " + appUrl);
+    return appUrl;
+  }
+
+  protected void addProbe(LogProbe logProbe) {
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect RECEIVED status
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect INSTALLED status
+    setCurrentConfiguration(createConfig(logProbe));
+  }
+
+  protected void addProbe(SpanDecorationProbe spanDecorationProbe) {
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect RECEIVED status
+    datadogAgentServer.enqueue(EMPTY_200_RESPONSE); // expect INSTALLED status
+    setCurrentConfiguration(createSpanDecoConfig(spanDecorationProbe));
+  }
+
+  protected void sendRequest(String url) throws IOException {
+    Request request = new Request.Builder().url(url).get().build();
+    try (Response response = httpClient.newCall(request).execute()) {}
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ServerDebuggerIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ServerDebuggerIntegrationTest.java
deleted file mode 100644
index 1d09422d053..00000000000
--- a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/ServerDebuggerIntegrationTest.java
+++ /dev/null
@@ -1,294 +0,0 @@
-package datadog.smoketest;
-
-import static java.util.Arrays.asList;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
-import com.datadog.debugger.agent.Configuration;
-import com.datadog.debugger.agent.JsonSnapshotSerializer;
-import com.datadog.debugger.agent.ProbeStatus;
-import com.datadog.debugger.probe.LogProbe;
-import com.datadog.debugger.sink.Snapshot;
-import com.squareup.moshi.JsonAdapter;
-import datadog.trace.bootstrap.debugger.ProbeId;
-import datadog.trace.util.TagsHelper;
-import java.io.EOFException;
-import java.io.IOException;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
-import okhttp3.HttpUrl;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
-import okhttp3.Response;
-import okhttp3.mockwebserver.MockResponse;
-import okhttp3.mockwebserver.MockWebServer;
-import okhttp3.mockwebserver.RecordedRequest;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.DisplayName;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.TestInfo;
-
-public class ServerDebuggerIntegrationTest extends BaseIntegrationTest {
-  private static final String SERVER_DEBUGGER_TEST_APP_CLASS =
-      "datadog.smoketest.debugger.ServerDebuggerTestApplication";
-  private static final String CONTROL_URL = "/control";
-  private static final MockResponse EMPTY_HTTP_200 = new MockResponse().setResponseCode(200);
-  private static final ProbeId PROBE_ID = new ProbeId("123356536", 1);
-  private static final ProbeId PROBE_ID2 = new ProbeId("1233565367", 1);
-  private static final String TEST_APP_CLASS_NAME = "ServerDebuggerTestApplication";
-  private static final String FULL_METHOD_NAME = "fullMethod";
-
-  private MockWebServer controlServer;
-  private HttpUrl controlUrl;
-  private OkHttpClient httpClient = new OkHttpClient();
-
-  @Override
-  @BeforeEach
-  void setup(TestInfo testInfo) throws Exception {
-    super.setup(testInfo);
-    controlServer = new MockWebServer();
-    // controlServer.setDispatcher(new ControlDispatcher());
-    controlServer.start();
-    controlUrl = controlServer.url(CONTROL_URL);
-  }
-
-  @Override
-  @AfterEach
-  void teardown() throws Exception {
-    super.teardown();
-    controlServer.shutdown();
-  }
-
-  @Override
-  protected String getAppClass() {
-    return SERVER_DEBUGGER_TEST_APP_CLASS;
-  }
-
-  @Override
-  protected String getAppId() {
-    return TagsHelper.sanitize("ServerDebuggerTestApplication");
-  }
-
-  @Test
-  @DisplayName("testAddRemoveProbes")
-  void testAddRemoveProbes() throws Exception {
-    controlServer.enqueue(EMPTY_HTTP_200); // ack response
-    targetProcess = createProcessBuilder(logFilePath, controlUrl.toString()).start();
-    String appUrl = waitForAppStartedAndGetUrl();
-    LogProbe logProbe =
-        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
-    addProbe(logProbe);
-    waitForInstrumentation(appUrl);
-    execute(appUrl, FULL_METHOD_NAME);
-    List<Snapshot> snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-    setCurrentConfiguration(createConfig(Collections.emptyList())); // remove probes
-    waitForReTransformation(appUrl);
-    addProbe(logProbe);
-    waitForInstrumentation(appUrl);
-    execute(appUrl, FULL_METHOD_NAME);
-    snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-    stopApp(appUrl);
-  }
-
-  @Test
-  @DisplayName("testDisableEnableProbes")
-  void testDisableEnableProbes() throws Exception {
-    controlServer.enqueue(EMPTY_HTTP_200); // ack response
-    targetProcess = createProcessBuilder(logFilePath, controlUrl.toString()).start();
-    String appUrl = waitForAppStartedAndGetUrl();
-    LogProbe logProbe =
-        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, "fullMethod").build();
-    addProbe(logProbe);
-    waitForInstrumentation(appUrl);
-    execute(appUrl, FULL_METHOD_NAME);
-    List<Snapshot> snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-    setCurrentConfiguration(createConfig(Collections.emptyList())); // no probe
-    waitForReTransformation(appUrl);
-    addProbe(logProbe);
-    waitForInstrumentation(appUrl);
-    execute(appUrl, FULL_METHOD_NAME);
-    snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-    stopApp(appUrl);
-  }
-
-  @Test
-  @DisplayName("testDisableEnableProbesUsingDenyList")
-  void testDisableEnableProbesUsingDenyList() throws Exception {
-    controlServer.enqueue(EMPTY_HTTP_200); // ack response
-    targetProcess = createProcessBuilder(logFilePath, controlUrl.toString()).start();
-    String appUrl = waitForAppStartedAndGetUrl();
-    LogProbe logProbe =
-        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
-    addProbe(logProbe);
-    waitForInstrumentation(appUrl);
-    execute(appUrl, FULL_METHOD_NAME);
-    List<Snapshot> snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect BLOCKED status
-    Configuration.FilterList denyList =
-        new Configuration.FilterList(asList("datadog.smoketest.debugger"), Collections.emptyList());
-    setCurrentConfiguration(createConfig(asList(logProbe), null, denyList));
-    waitForReTransformation(appUrl);
-    waitForAProbeStatus(ProbeStatus.Status.BLOCKED);
-
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect INSTALLED status
-    addProbe(logProbe);
-    // waitForInstrumentation(appUrl);
-    waitForReTransformation(appUrl);
-    waitForAProbeStatus(ProbeStatus.Status.INSTALLED);
-    execute(appUrl, FULL_METHOD_NAME);
-    snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-    stopApp(appUrl);
-  }
-
-  @Test
-  @DisplayName("testDisableEnableProbesUsingAllowList")
-  void testDisableEnableProbesUsingAllowList() throws Exception {
-    controlServer.enqueue(EMPTY_HTTP_200); // ack response
-    targetProcess = createProcessBuilder(logFilePath, controlUrl.toString()).start();
-    String appUrl = waitForAppStartedAndGetUrl();
-    LogProbe logProbe =
-        LogProbe.builder().probeId(PROBE_ID).where(TEST_APP_CLASS_NAME, FULL_METHOD_NAME).build();
-    addProbe(logProbe);
-    waitForInstrumentation(appUrl);
-    execute(appUrl, FULL_METHOD_NAME);
-    List<Snapshot> snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect BLOCKED status
-    Configuration.FilterList allowList =
-        new Configuration.FilterList(asList("datadog.not.debugger"), Collections.emptyList());
-    setCurrentConfiguration(createConfig(asList(logProbe), allowList, null));
-    waitForReTransformation(appUrl);
-    waitForAProbeStatus(ProbeStatus.Status.BLOCKED);
-
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect INSTALLED status
-    addProbe(logProbe);
-    // waitForInstrumentation(appUrl);
-    waitForReTransformation(appUrl);
-    waitForAProbeStatus(ProbeStatus.Status.INSTALLED);
-    execute(appUrl, FULL_METHOD_NAME);
-    snapshots = waitForSnapshots();
-    assertEquals(1, snapshots.size());
-    assertEquals(FULL_METHOD_NAME, snapshots.get(0).getProbe().getLocation().getMethod());
-    stopApp(appUrl);
-  }
-
-  @Test
-  @DisplayName("testProbeStatusError")
-  public void testProbeStatusError() throws Exception {
-    controlServer.enqueue(EMPTY_HTTP_200); // ack response
-    targetProcess = createProcessBuilder(logFilePath, controlUrl.toString()).start();
-    String appUrl = waitForAppStartedAndGetUrl();
-    LogProbe logProbe =
-        LogProbe.builder()
-            .probeId(PROBE_ID)
-            .where(TEST_APP_CLASS_NAME, "unknownMethodName")
-            .build();
-    addProbe(logProbe);
-    // statuses could be received out of order
-    HashMap<ProbeStatus.Status, ProbeStatus.Diagnostics> statuses = new HashMap<>();
-    ProbeStatus.Diagnostics diagnostics = retrieveProbeStatusRequest().getDiagnostics();
-    statuses.put(diagnostics.getStatus(), diagnostics);
-    diagnostics = retrieveProbeStatusRequest().getDiagnostics();
-    statuses.put(diagnostics.getStatus(), diagnostics);
-    Assertions.assertTrue(statuses.containsKey(ProbeStatus.Status.RECEIVED));
-    Assertions.assertEquals(
-        "Cannot find method datadog/smoketest/debugger/ServerDebuggerTestApplication::unknownMethodName",
-        statuses.get(ProbeStatus.Status.ERROR).getException().getMessage());
-  }
-
-  private void stopApp(String appUrl) throws IOException {
-    try {
-      sendRequest(appUrl + "/stop");
-    } catch (Exception ex) {
-      LOG.warn("Exception while stopping server app", ex);
-    }
-    LOG.info("Stop done");
-  }
-
-  private List<Snapshot> waitForSnapshots() throws Exception {
-    RecordedRequest snapshotRequest = retrieveSnapshotRequest();
-    assertNotNull(snapshotRequest);
-    String bodyStr = snapshotRequest.getBody().readUtf8();
-    LOG.info("got snapshot: {}", bodyStr);
-    JsonAdapter<List<JsonSnapshotSerializer.IntakeRequest>> adapter = createAdapterForSnapshot();
-    List<JsonSnapshotSerializer.IntakeRequest> intakeRequests = adapter.fromJson(bodyStr);
-    return intakeRequests.stream()
-        .map(intakeRequest -> intakeRequest.getDebugger().getSnapshot())
-        .collect(Collectors.toList());
-  }
-
-  private void execute(String appUrl, String methodName) throws IOException {
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect 1 snapshot
-    String url = String.format(appUrl + "/execute?methodname=%s", methodName);
-    sendRequest(url);
-    LOG.info("Execution done");
-  }
-
-  private void waitForInstrumentation(String appUrl) throws Exception {
-    String url =
-        String.format(
-            appUrl + "/waitForInstrumentation?classname=%s", SERVER_DEBUGGER_TEST_APP_CLASS);
-    sendRequest(url);
-    // statuses could be received out of order
-    HashSet<ProbeStatus.Status> statuses = new HashSet<>();
-    statuses.add(retrieveProbeStatusRequest().getDiagnostics().getStatus());
-    statuses.add(retrieveProbeStatusRequest().getDiagnostics().getStatus());
-    assertTrue(statuses.contains(ProbeStatus.Status.RECEIVED));
-    assertTrue(statuses.contains(ProbeStatus.Status.INSTALLED));
-    LOG.info("instrumentation done");
-  }
-
-  private void waitForAProbeStatus(ProbeStatus.Status status) throws Exception {
-    ProbeStatus.Status receivedStatus = retrieveProbeStatusRequest().getDiagnostics().getStatus();
-    assertEquals(receivedStatus, status);
-  }
-
-  private void waitForReTransformation(String appUrl) throws IOException {
-    String url =
-        String.format(
-            appUrl + "/waitForReTransformation?classname=%s", SERVER_DEBUGGER_TEST_APP_CLASS);
-    sendRequest(url);
-    LOG.info("re-transformation done");
-  }
-
-  private String waitForAppStartedAndGetUrl() throws InterruptedException, EOFException {
-    RecordedRequest recordedRequest = controlServer.takeRequest(10, TimeUnit.SECONDS);
-    assertNotNull(recordedRequest);
-    String appUrl = recordedRequest.getBody().readUtf8Line();
-    LOG.info("AppUrl = " + appUrl);
-    return appUrl;
-  }
-
-  private void addProbe(LogProbe logProbe) {
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect RECEIVED status
-    datadogAgentServer.enqueue(EMPTY_HTTP_200); // expect INSTALLED status
-    setCurrentConfiguration(createConfig(logProbe));
-  }
-
-  private void sendRequest(String url) throws IOException {
-    Request request = new Request.Builder().url(url).get().build();
-    try (Response response = httpClient.newCall(request).execute()) {}
-  }
-}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SimpleAppDebuggerIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SimpleAppDebuggerIntegrationTest.java
new file mode 100644
index 00000000000..ab1c0c3a1fd
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SimpleAppDebuggerIntegrationTest.java
@@ -0,0 +1,26 @@
+package datadog.smoketest;
+
+import datadog.trace.bootstrap.debugger.ProbeId;
+import datadog.trace.util.TagsHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SimpleAppDebuggerIntegrationTest extends BaseIntegrationTest {
+  protected static final Logger LOG =
+      LoggerFactory.getLogger(SimpleAppDebuggerIntegrationTest.class);
+  protected static final String DEBUGGER_TEST_APP_CLASS =
+      "datadog.smoketest.debugger.DebuggerTestApplication";
+  protected static final ProbeId PROBE_ID = new ProbeId("123356536", 0);
+  protected static final ProbeId PROBE_ID2 = new ProbeId("1233565368", 12);
+  protected static final String MAIN_CLASS_NAME = "Main";
+
+  @Override
+  protected String getAppClass() {
+    return DEBUGGER_TEST_APP_CLASS;
+  }
+
+  @Override
+  protected String getAppId() {
+    return TagsHelper.sanitize("DebuggerTestApplication");
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SpanDecorationProbesIntegrationTests.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SpanDecorationProbesIntegrationTests.java
new file mode 100644
index 00000000000..634ca3e4129
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SpanDecorationProbesIntegrationTests.java
@@ -0,0 +1,292 @@
+package datadog.smoketest;
+
+import static com.datadog.debugger.el.DSL.eq;
+import static com.datadog.debugger.el.DSL.gt;
+import static com.datadog.debugger.el.DSL.index;
+import static com.datadog.debugger.el.DSL.lt;
+import static com.datadog.debugger.el.DSL.not;
+import static com.datadog.debugger.el.DSL.nullValue;
+import static com.datadog.debugger.el.DSL.ref;
+import static com.datadog.debugger.el.DSL.value;
+import static com.datadog.debugger.util.LogProbeTestHelper.parseTemplate;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import com.datadog.debugger.el.DSL;
+import com.datadog.debugger.el.ProbeCondition;
+import com.datadog.debugger.el.expressions.BooleanExpression;
+import com.datadog.debugger.probe.SpanDecorationProbe;
+import datadog.trace.api.Platform;
+import datadog.trace.bootstrap.debugger.EvaluationError;
+import datadog.trace.test.agent.decoder.DecodedSpan;
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+public class SpanDecorationProbesIntegrationTests extends ServerAppDebuggerIntegrationTest {
+
+  @Override
+  protected ProcessBuilder createProcessBuilder(Path logFilePath, String... params) {
+    List<String> commandParams = getDebuggerCommandParams();
+    commandParams.add("-Ddd.trace.enabled=true"); // explicitly enable tracer
+    return ProcessBuilderHelper.createProcessBuilder(
+        commandParams, logFilePath, getAppClass(), params);
+  }
+
+  @Test
+  @DisplayName("testMethodSimpleTagNoCondition")
+  void testMethodSimpleTagNoCondition() throws Exception {
+    if (Platform.isJ9()) {
+      // skip for J9/OpenJ9 as we cannot get local variable debug info.
+      return;
+    }
+    SpanDecorationProbe spanDecorationProbe =
+        SpanDecorationProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, TRACED_METHOD_NAME)
+            .decorate(createDecoration("tag1", "{argStr}"))
+            .targetSpan(SpanDecorationProbe.TargetSpan.ACTIVE)
+            .build();
+    addProbe(spanDecorationProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, TRACED_METHOD_NAME);
+    registerTraceListener(
+        decodedTrace -> {
+          for (DecodedSpan span : decodedTrace.getSpans()) {
+            if (isTracedFullMethodSpan(span)) {
+              assertEquals("foobar", span.getMeta().get("tag1"));
+              assertEquals(PROBE_ID.getId(), span.getMeta().get("_dd.di.tag1.probe_id"));
+              return true;
+            }
+          }
+          return false;
+        });
+    processRequests();
+  }
+
+  @Test
+  @DisplayName("testMethodMultiTagsMultiConditions")
+  void testMethodMultiTagsMultiConditions() throws Exception {
+    if (Platform.isJ9()) {
+      // skip for J9/OpenJ9 as we cannot get local variable debug info.
+      return;
+    }
+    List<SpanDecorationProbe.Decoration> decorations =
+        Arrays.asList(
+            createDecoration(
+                not(eq(ref("argStr"), nullValue())), "argStr != null", "tag1", "{argStr}"),
+            createDecoration(lt(ref("argInt"), value(0)), "argInt < 0", "tag2", "{argInt}"),
+            createDecoration(
+                gt(ref("argDouble"), value(3.14)),
+                "argDouble > 3.14",
+                "tag3",
+                "Above Pi: {argDouble}"),
+            createDecoration(
+                eq(index(ref("argMap"), value("key2")), value("val2")),
+                "argMap['key2'] == 'val2'",
+                "tag4",
+                "{argMap['key2']}"));
+    SpanDecorationProbe spanDecorationProbe =
+        SpanDecorationProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, TRACED_METHOD_NAME)
+            .decorate(decorations)
+            .targetSpan(SpanDecorationProbe.TargetSpan.ACTIVE)
+            .build();
+    addProbe(spanDecorationProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, TRACED_METHOD_NAME);
+    registerTraceListener(
+        decodedTrace -> {
+          for (DecodedSpan span : decodedTrace.getSpans()) {
+            if (isTracedFullMethodSpan(span)) {
+              assertEquals("foobar", span.getMeta().get("tag1"));
+              assertFalse(span.getMeta().containsKey("tag2"));
+              assertEquals("Above Pi: 3.42", span.getMeta().get("tag3"));
+              assertEquals("val2", span.getMeta().get("tag4"));
+              return true;
+            }
+          }
+          return false;
+        });
+    processRequests();
+  }
+
+  @Test
+  @DisplayName("testMethodSimpleTagValueError")
+  void testMethodSimpleTagValueError() throws Exception {
+    SpanDecorationProbe spanDecorationProbe =
+        SpanDecorationProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, TRACED_METHOD_NAME)
+            .decorate(createDecoration("tag1", "{invalidArg}"))
+            .targetSpan(SpanDecorationProbe.TargetSpan.ACTIVE)
+            .build();
+    addProbe(spanDecorationProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, TRACED_METHOD_NAME);
+    AtomicBoolean snapshotTest = new AtomicBoolean(false);
+    AtomicBoolean spanTest = new AtomicBoolean(false);
+    registerSnapshotListener(
+        snapshot -> {
+          assertEquals(
+              "Cannot find symbol: invalidArg", snapshot.getEvaluationErrors().get(0).getMessage());
+          snapshotTest.set(true);
+          return snapshotTest.get() && spanTest.get();
+        });
+    registerTraceListener(
+        decodedTrace -> {
+          for (DecodedSpan span : decodedTrace.getSpans()) {
+            if (isTracedFullMethodSpan(span)) {
+              assertFalse(span.getMeta().containsKey("tag1"));
+              assertEquals(
+                  "Cannot find symbol: invalidArg",
+                  span.getMeta().get("_dd.di.tag1.evaluation_error"));
+              spanTest.set(true);
+            }
+          }
+          return snapshotTest.get() && spanTest.get();
+        });
+    processRequests();
+  }
+
+  @Test
+  @DisplayName("testMethodSimpleTagConditionError")
+  void testMethodSimpleTagConditionError() throws Exception {
+    SpanDecorationProbe spanDecorationProbe =
+        SpanDecorationProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, TRACED_METHOD_NAME)
+            .decorate(
+                createDecoration(
+                    not(eq(ref("invalidArg"), nullValue())),
+                    "invalidArg != null",
+                    "tag1",
+                    "{argStr}"))
+            .targetSpan(SpanDecorationProbe.TargetSpan.ACTIVE)
+            .build();
+    addProbe(spanDecorationProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, TRACED_METHOD_NAME);
+    AtomicBoolean snapshotTest = new AtomicBoolean(false);
+    AtomicBoolean spanTest = new AtomicBoolean(false);
+    registerSnapshotListener(
+        snapshot -> {
+          assertEquals(
+              "Cannot find symbol: invalidArg", snapshot.getEvaluationErrors().get(0).getMessage());
+          snapshotTest.set(true);
+          return snapshotTest.get() && spanTest.get();
+        });
+    registerTraceListener(
+        decodedTrace -> {
+          for (DecodedSpan span : decodedTrace.getSpans()) {
+            if (isTracedFullMethodSpan(span)) {
+              assertFalse(span.getMeta().containsKey("tag1"));
+              spanTest.set(true);
+            }
+          }
+          return snapshotTest.get() && spanTest.get();
+        });
+    processRequests();
+  }
+
+  @Test
+  @DisplayName("testMethodMultiTagValueError")
+  void testMethodMultiTagValueError() throws Exception {
+    List<SpanDecorationProbe.Decoration> decorations =
+        Arrays.asList(
+            createDecoration("tag1", "{invalidArg}"), createDecoration("tag2", "{invalidArg2}"));
+    SpanDecorationProbe spanDecorationProbe =
+        SpanDecorationProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, TRACED_METHOD_NAME)
+            .decorate(decorations)
+            .targetSpan(SpanDecorationProbe.TargetSpan.ACTIVE)
+            .build();
+    addProbe(spanDecorationProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, TRACED_METHOD_NAME);
+    AtomicBoolean snapshotTest = new AtomicBoolean(false);
+    AtomicBoolean spanTest = new AtomicBoolean(false);
+    registerSnapshotListener(
+        snapshot -> {
+          List<EvaluationError> evalErrors = snapshot.getEvaluationErrors();
+          assertEquals("Cannot find symbol: invalidArg", evalErrors.get(0).getMessage());
+          assertEquals("Cannot find symbol: invalidArg2", evalErrors.get(1).getMessage());
+          snapshotTest.set(true);
+          return snapshotTest.get() && spanTest.get();
+        });
+    registerTraceListener(
+        decodedTrace -> {
+          for (DecodedSpan span : decodedTrace.getSpans()) {
+            if (isTracedFullMethodSpan(span)) {
+              assertFalse(span.getMeta().containsKey("tag1"));
+              assertFalse(span.getMeta().containsKey("tag2"));
+              assertEquals(
+                  "Cannot find symbol: invalidArg",
+                  span.getMeta().get("_dd.di.tag1.evaluation_error"));
+              assertEquals(
+                  "Cannot find symbol: invalidArg2",
+                  span.getMeta().get("_dd.di.tag2.evaluation_error"));
+              spanTest.set(true);
+            }
+          }
+          return snapshotTest.get() && spanTest.get();
+        });
+    processRequests();
+  }
+
+  @Test
+  @DisplayName("testSamplingSpanDecoration")
+  void testSamplingSpanDecoration() throws Exception {
+    SpanDecorationProbe spanDecorationProbe =
+        SpanDecorationProbe.builder()
+            .probeId(PROBE_ID)
+            .where(TEST_APP_CLASS_NAME, TRACED_METHOD_NAME)
+            .decorate(createDecoration("tag1", "staticText"))
+            .targetSpan(SpanDecorationProbe.TargetSpan.ACTIVE)
+            .build();
+    addProbe(spanDecorationProbe);
+    waitForInstrumentation(appUrl);
+    execute(appUrl, "loopingTracedMethod", "100");
+    AtomicInteger count = new AtomicInteger();
+    registerTraceListener(
+        decodedTrace -> {
+          for (DecodedSpan span : decodedTrace.getSpans()) {
+            if (isTracedFullMethodSpan(span)) {
+              if (span.getMeta().containsKey("tag1")) {
+                return count.incrementAndGet() >= 100;
+              }
+            }
+          }
+          return false;
+        });
+    processRequests();
+  }
+
+  private boolean isTracedFullMethodSpan(DecodedSpan span) {
+    return span.getName().equals("trace.annotation")
+        && span.getResource().equals("ServerDebuggerTestApplication.runTracedMethod");
+  }
+
+  private SpanDecorationProbe.Decoration createDecoration(String tagName, String valueDsl) {
+    List<SpanDecorationProbe.Tag> tags =
+        Arrays.asList(
+            new SpanDecorationProbe.Tag(
+                tagName, new SpanDecorationProbe.TagValue(valueDsl, parseTemplate(valueDsl))));
+    return new SpanDecorationProbe.Decoration(null, tags);
+  }
+
+  private SpanDecorationProbe.Decoration createDecoration(
+      BooleanExpression expression, String dsl, String tagName, String valueDsl) {
+    List<SpanDecorationProbe.Tag> tags =
+        Arrays.asList(
+            new SpanDecorationProbe.Tag(
+                tagName, new SpanDecorationProbe.TagValue(valueDsl, parseTemplate(valueDsl))));
+    return new SpanDecorationProbe.Decoration(new ProbeCondition(DSL.when(expression), dsl), tags);
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SpanProbesIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SpanProbesIntegrationTest.java
new file mode 100644
index 00000000000..a97bb73d929
--- /dev/null
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/SpanProbesIntegrationTest.java
@@ -0,0 +1,75 @@
+package datadog.smoketest;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import com.datadog.debugger.agent.DebuggerTracer;
+import com.datadog.debugger.agent.ProbeStatus;
+import com.datadog.debugger.probe.SpanProbe;
+import datadog.trace.test.agent.decoder.DecodedSpan;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+public class SpanProbesIntegrationTest extends SimpleAppDebuggerIntegrationTest {
+
+  @Override
+  protected ProcessBuilder createProcessBuilder(Path logFilePath, String... params) {
+    List<String> commandParams = getDebuggerCommandParams();
+    commandParams.add("-Ddd.trace.enabled=true"); // explicitly enable tracer
+    return ProcessBuilderHelper.createProcessBuilder(
+        commandParams, logFilePath, getAppClass(), params);
+  }
+
+  @Test
+  @DisplayName("testMethodSpan")
+  void testMethodSpan() throws Exception {
+    final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS = "3"; // 2 + 1 for letting the trace being sent (async)
+    SpanProbe spanProbe =
+        SpanProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, METHOD_NAME).build();
+    setCurrentConfiguration(createSpanConfig(spanProbe));
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+    DecodedSpan decodedSpan = retrieveSpanRequest(DebuggerTracer.OPERATION_NAME);
+    assertEquals("Main.fullMethod", decodedSpan.getResource());
+  }
+
+  @Test
+  @DisplayName("testLineRangeSpan")
+  void testLineRangeSpan() throws Exception {
+    final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS = "3"; // 2 + 1 for letting the trace being sent (async)
+    SpanProbe spanProbe =
+        SpanProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, 80, 89).build();
+    setCurrentConfiguration(createSpanConfig(spanProbe));
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+    DecodedSpan decodedSpan = retrieveSpanRequest(DebuggerTracer.OPERATION_NAME);
+    assertEquals("Main.fullMethod:L80-89", decodedSpan.getResource());
+  }
+
+  @Test
+  @DisplayName("testSingleLineSpan")
+  void testSingleLineSpan() throws Exception {
+    final String METHOD_NAME = "fullMethod";
+    final String EXPECTED_UPLOADS = "2"; // 2 probe statuses: RECEIVED + ERROR
+    SpanProbe spanProbe = SpanProbe.builder().probeId(PROBE_ID).where(MAIN_CLASS_NAME, 80).build();
+    setCurrentConfiguration(createSpanConfig(spanProbe));
+    targetProcess = createProcessBuilder(logFilePath, METHOD_NAME, EXPECTED_UPLOADS).start();
+    AtomicBoolean received = new AtomicBoolean(false);
+    AtomicBoolean error = new AtomicBoolean(false);
+    registerProbeStatusListener(
+        probeStatus -> {
+          if (probeStatus.getDiagnostics().getStatus() == ProbeStatus.Status.RECEIVED) {
+            received.set(true);
+          }
+          if (probeStatus.getDiagnostics().getStatus() == ProbeStatus.Status.ERROR) {
+            assertEquals(
+                "Single line span is not supported, you need to provide a range.",
+                probeStatus.getDiagnostics().getException().getMessage());
+            error.set(true);
+          }
+          return received.get() && error.get();
+        });
+  }
+}
diff --git a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/TracerDebuggerIntegrationTest.java b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/TracerDebuggerIntegrationTest.java
index 4c8030b6fa6..2d6f6817901 100644
--- a/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/TracerDebuggerIntegrationTest.java
+++ b/dd-smoke-tests/debugger-integration-tests/src/test/java/datadog/smoketest/TracerDebuggerIntegrationTest.java
@@ -10,6 +10,7 @@
 import com.datadog.debugger.sink.Snapshot;
 import com.squareup.moshi.JsonAdapter;
 import datadog.trace.agent.test.utils.PortUtils;
+import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
 import datadog.trace.util.TagsHelper;
 import java.io.IOException;
@@ -62,6 +63,28 @@ void testTracer() throws Exception {
         logHasErrors(logFilePath, it -> it.contains("TypePool$Resolution$NoSuchTypeException")));
   }
 
+  @Test
+  @DisplayName("testTracerDynamicLog")
+  void testTracerDynamicLog() throws Exception {
+    LogProbe logProbe =
+        LogProbe.builder()
+            .probeId(PROBE_ID)
+            .where(
+                "org.springframework.web.servlet.DispatcherServlet",
+                "doService",
+                "(HttpServletRequest, HttpServletResponse)")
+            .captureSnapshot(false)
+            .evaluateAt(MethodLocation.EXIT)
+            .build();
+    JsonSnapshotSerializer.IntakeRequest request = doTestTracer(logProbe);
+    Snapshot snapshot = request.getDebugger().getSnapshot();
+    assertEquals("123356536", snapshot.getProbe().getId());
+    assertTrue(Pattern.matches("[0-9a-f]+", request.getTraceId()));
+    assertTrue(Pattern.matches("\\d+", request.getSpanId()));
+    assertFalse(
+        logHasErrors(logFilePath, it -> it.contains("TypePool$Resolution$NoSuchTypeException")));
+  }
+
   @Test
   @DisplayName("testTracerSameMethod")
   void testTracerSameMethod() throws Exception {
diff --git a/dd-smoke-tests/gradle/src/test/groovy/datadog/smoketest/GradleDaemonSmokeTest.groovy b/dd-smoke-tests/gradle/src/test/groovy/datadog/smoketest/GradleDaemonSmokeTest.groovy
index 85a892de939..76f869f6f50 100644
--- a/dd-smoke-tests/gradle/src/test/groovy/datadog/smoketest/GradleDaemonSmokeTest.groovy
+++ b/dd-smoke-tests/gradle/src/test/groovy/datadog/smoketest/GradleDaemonSmokeTest.groovy
@@ -148,6 +148,8 @@ class GradleDaemonSmokeTest extends Specification {
         resource == "gradle-instrumentation-test-project" // project name
         verifyAll(metrics) {
           process_id > 0 // only applied to root spans
+          it["test.itr.tests_skipping.count"] == 1
+          it["test.code_coverage.lines_pct"] == 57
         }
         verifyAll(meta) {
           it["span.kind"] == "test_session_end"
@@ -158,9 +160,6 @@ class GradleDaemonSmokeTest extends Specification {
           it["test.itr.tests_skipping.type"] == "test"
           it["_dd.ci.itr.tests_skipped"] == "true"
         }
-        verifyAll(metrics) {
-          it["test.itr.tests_skipping.count"] == 1
-        }
       }
     }
 
@@ -172,6 +171,10 @@ class GradleDaemonSmokeTest extends Specification {
         name == "gradle.test_module"
         resource == ":test" // task path
         test_module_id > 0
+        verifyAll(metrics) {
+          it["test.itr.tests_skipping.count"] == 1
+          it["test.code_coverage.lines_pct"] == 57
+        }
         verifyAll(meta) {
           it["span.kind"] == "test_module_end"
           it["test.module"] == ":test" // task path
@@ -180,9 +183,6 @@ class GradleDaemonSmokeTest extends Specification {
           it["test.itr.tests_skipping.type"] == "test"
           it["_dd.ci.itr.tests_skipped"] == "true"
         }
-        verifyAll(metrics) {
-          it["test.itr.tests_skipping.count"] == 1
-        }
       }
     }
 
@@ -268,6 +268,10 @@ class GradleDaemonSmokeTest extends Specification {
         [
           filename: "src/test/java/datadog/smoke/TestSucceed.java",
           segments: [[11, -1, 12, -1, -1]]
+        ],
+        [
+          filename: "src/main/java/datadog/smoke/Calculator.java",
+          segments: [[5, -1, 5, -1, -1]]
         ]
       ]
     ]
@@ -281,8 +285,8 @@ class GradleDaemonSmokeTest extends Specification {
     "7.6.1" | "success"
     "8.0.2" | "success"
     "8.1.1" | "success"
-    "8.2.1" | "success"
-    "8.2.1" | "successJunit5"
+    "8.3" | "success"
+    "8.3" | "successJunit5"
   }
 
   // this is a separate test case since older Gradle versions need to declare dependencies differently
@@ -591,7 +595,7 @@ class GradleDaemonSmokeTest extends Specification {
 
     where:
     //
-    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.2.1"]
+    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.3"]
   }
 
   def "Failed build emits session and module spans: Gradle v#gradleVersion"() {
@@ -695,7 +699,7 @@ class GradleDaemonSmokeTest extends Specification {
     }
 
     where:
-    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.2.1"]
+    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.3"]
   }
 
   def "Build without tests emits session and module spans: Gradle v#gradleVersion"() {
@@ -748,7 +752,7 @@ class GradleDaemonSmokeTest extends Specification {
     }
 
     where:
-    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.2.1"]
+    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.3"]
   }
 
   def "Corrupted build emits session span: Gradle v#gradleVersion"() {
@@ -785,7 +789,212 @@ class GradleDaemonSmokeTest extends Specification {
     }
 
     where:
-    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.2.1"]
+    gradleVersion << ["4.0", "5.0", "6.0", "7.0", "7.6.1", "8.0.2", "8.1.1", "8.3"]
+  }
+
+  def "Successful build with module that has multiple forks: Gradle v#gradleVersion"() {
+    given:
+    givenGradleVersionIsCompatibleWithCurrentJvm(gradleVersion)
+    givenGradleProjectFiles("datadog/smoketest/successMultiForks/")
+    ensureDependenciesDownloaded(gradleVersion)
+
+    when:
+    BuildResult buildResult = runGradleTests(gradleVersion)
+
+    then:
+    assertBuildSuccessful(buildResult)
+
+    def events = waitForEvents(6)
+    assert events.size() == 6
+
+    def sessionEndEvent = events.find { it.type == "test_session_end" }
+    assert sessionEndEvent != null
+    verifyCommonTags(sessionEndEvent)
+    verifyAll(sessionEndEvent) {
+      verifyAll(content) {
+        name == "gradle.test_session"
+        resource == "gradle-instrumentation-test-project" // project name
+        verifyAll(metrics) {
+          process_id > 0 // only applied to root spans
+          it["test.itr.tests_skipping.count"] == 0
+          it["test.code_coverage.lines_pct"] == 73
+        }
+        verifyAll(meta) {
+          it["span.kind"] == "test_session_end"
+          it["language"] == "jvm" // only applied to root spans
+          it["test.toolchain"] == "gradle:${gradleVersion}" // only applied to session events
+          it["test.code_coverage.enabled"] == "true"
+          it["test.itr.tests_skipping.enabled"] == "true"
+          it["test.itr.tests_skipping.type"] == "test"
+          it["_dd.ci.itr.tests_skipped"] == null
+          verifyTestFrameworks(it)
+        }
+      }
+    }
+
+    def moduleEndEvent = events.find { it.type == "test_module_end" }
+    assert moduleEndEvent != null
+    verifyCommonTags(moduleEndEvent)
+    verifyAll(moduleEndEvent) {
+      verifyAll(content) {
+        name == "gradle.test_module"
+        resource == ":test" // task path
+        test_module_id > 0
+        verifyAll(metrics) {
+          it["test.itr.tests_skipping.count"] == 0
+          it["test.code_coverage.lines_pct"] == 73
+        }
+        verifyAll(meta) {
+          it["span.kind"] == "test_module_end"
+          it["test.module"] == ":test" // task path
+          it["test.code_coverage.enabled"] == "true"
+          it["test.itr.tests_skipping.enabled"] == "true"
+          it["test.itr.tests_skipping.type"] == "test"
+          it["_dd.ci.itr.tests_skipped"] == null
+          verifyTestFrameworks(it)
+        }
+      }
+    }
+
+    def suiteAEndEvent = events.find { it.type == "test_suite_end" && it.content.resource == "datadog.smoke.TestSucceed" }
+    assert suiteAEndEvent != null
+    verifyCommonTags(suiteAEndEvent, "pass", false)
+    verifyAll(suiteAEndEvent) {
+      verifyAll(content) {
+        name == "junit.test_suite"
+        resource == "datadog.smoke.TestSucceed"
+        test_module_id > 0
+        test_suite_id > 0
+        verifyAll(metrics) {
+          process_id > 0
+        }
+        verifyAll(meta) {
+          it["span.kind"] == "test_suite_end"
+          it["test.suite"] == "datadog.smoke.TestSucceed"
+          it["test.source.file"] == "src/test/java/datadog/smoke/TestSucceed.java"
+          it["test.framework"] == "junit4"
+          it["test.framework_version"] == "4.13.2"
+        }
+      }
+    }
+
+    def testAEvent = events.find { it.type == "test" && it.content.resource == "datadog.smoke.TestSucceed.test_succeed" }
+    assert testAEvent != null
+    verifyCommonTags(testAEvent, "pass", false)
+    verifyAll(testAEvent) {
+      verifyAll(content) {
+        name == "junit.test"
+        resource == "datadog.smoke.TestSucceed.test_succeed"
+        test_module_id > 0
+        test_suite_id > 0
+        trace_id > 0
+        span_id > 0
+        parent_id == 0
+        verifyAll(metrics) {
+          process_id > 0
+        }
+        verifyAll(meta) {
+          it["span.kind"] == "test"
+          it["test.suite"] == "datadog.smoke.TestSucceed"
+          it["test.name"] == "test_succeed"
+          it["test.source.file"] == "src/test/java/datadog/smoke/TestSucceed.java"
+          it["test.framework"] == "junit4"
+          it["test.framework_version"] == "4.13.2"
+        }
+      }
+    }
+
+    def suiteBEndEvent = events.find { it.type == "test_suite_end" && it.content.resource == "datadog.smoke.TestSucceedJunit5" }
+    assert suiteBEndEvent != null
+    verifyCommonTags(suiteBEndEvent, "pass", false)
+    verifyAll(suiteBEndEvent) {
+      verifyAll(content) {
+        name == "junit.test_suite"
+        resource == "datadog.smoke.TestSucceedJunit5"
+        test_module_id > 0
+        test_suite_id > 0
+        verifyAll(metrics) {
+          process_id > 0
+        }
+        verifyAll(meta) {
+          it["span.kind"] == "test_suite_end"
+          it["test.suite"] == "datadog.smoke.TestSucceedJunit5"
+          it["test.source.file"] == "src/test/java/datadog/smoke/TestSucceedJunit5.java"
+          it["test.framework"] == "junit5"
+          it["test.framework_version"] == "5.9.3"
+        }
+      }
+    }
+
+    def testBEvent = events.find { it.type == "test" && it.content.resource == "datadog.smoke.TestSucceedJunit5.test_succeed" }
+    assert testBEvent != null
+    verifyCommonTags(testBEvent, "pass", false)
+    verifyAll(testBEvent) {
+      verifyAll(content) {
+        name == "junit.test"
+        resource == "datadog.smoke.TestSucceedJunit5.test_succeed"
+        test_module_id > 0
+        test_suite_id > 0
+        trace_id > 0
+        span_id > 0
+        parent_id == 0
+        verifyAll(metrics) {
+          process_id > 0
+        }
+        verifyAll(meta) {
+          it["span.kind"] == "test"
+          it["test.suite"] == "datadog.smoke.TestSucceedJunit5"
+          it["test.name"] == "test_succeed"
+          it["test.source.file"] == "src/test/java/datadog/smoke/TestSucceedJunit5.java"
+          it["test.framework"] == "junit5"
+          it["test.framework_version"] == "5.9.3"
+        }
+      }
+    }
+
+    def coverages = waitForCoverages(2)
+    assert coverages.size() == 2
+
+    coverages.contains([
+      test_session_id: testAEvent.content.test_session_id,
+      test_suite_id  : testAEvent.content.test_suite_id,
+      span_id        : testAEvent.content.span_id,
+      files          : [
+        [
+          filename: "src/test/java/datadog/smoke/TestSucceed.java",
+          segments: [[7, -1, 7, -1, -1], [10, -1, 11, -1, -1]]
+        ],
+        [
+          filename: "src/main/java/datadog/smoke/Calculator.java",
+          segments: [[5, -1, 5, -1, -1]]
+        ]
+      ]
+    ])
+    coverages.contains([
+      test_session_id: testBEvent.content.test_session_id,
+      test_suite_id  : testBEvent.content.test_suite_id,
+      span_id        : testBEvent.content.span_id,
+      files          : [
+        [
+          filename: "src/main/java/datadog/smoke/Calculator.java",
+          segments: [[8, -1, 8, -1, -1]]
+        ],
+        [
+          filename: "src/test/java/datadog/smoke/TestSucceedJunit5.java",
+          segments: [[10, -1, 11, -1, -1]]
+        ]
+      ]
+    ])
+
+    where:
+    gradleVersion << ["8.3"]
+  }
+
+  private static boolean verifyTestFrameworks(it) {
+    // test frameworks may be reported by the forked JVMs in any order
+    // (depending on which JVM finishes executing its tests first)
+    it["test.framework"] == "[\"junit4\",\"junit5\"]" && it["test.framework_version"] == "[\"4.13.2\",\"5.9.3\"]"
+    || it["test.framework"] == "[\"junit5\",\"junit4\"]" && it["test.framework_version"] == "[\"5.9.3\",\"4.13.2\"]"
   }
 
   private void givenGradleProperties() {
@@ -795,24 +1004,17 @@ class GradleDaemonSmokeTest extends Specification {
     def ddApiKeyPath = testKitFolder.resolve(".dd.api.key")
     Files.write(ddApiKeyPath, "dummy".getBytes())
 
-    def ddApplicationKeyPath = testKitFolder.resolve(".dd.application.key")
-    Files.write(ddApplicationKeyPath, "dummy".getBytes())
-
     def gradleProperties =
       "org.gradle.jvmargs=" +
       "-javaagent:${agentShadowJar}=" +
       "${Strings.propertyNameToSystemPropertyName(GeneralConfig.ENV)}=${TEST_ENVIRONMENT_NAME}," +
       "${Strings.propertyNameToSystemPropertyName(GeneralConfig.SERVICE_NAME)}=${TEST_SERVICE_NAME}," +
       "${Strings.propertyNameToSystemPropertyName(GeneralConfig.API_KEY_FILE)}=${ddApiKeyPath.toAbsolutePath().toString()}," +
-      "${Strings.propertyNameToSystemPropertyName(GeneralConfig.APPLICATION_KEY_FILE)}=${ddApplicationKeyPath.toAbsolutePath().toString()}," +
       "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_ENABLED)}=true," +
       "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_AGENTLESS_ENABLED)}=true," +
-      "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_CODE_COVERAGE_ENABLED)}=true," +
       "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_GIT_UPLOAD_ENABLED)}=false," +
       "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_CIPROVIDER_INTEGRATION_ENABLED)}=false," +
       "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_COVERAGE_SEGMENTS_ENABLED)}=true," +
-      "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_VERSION)}=0.8.10," +
-      "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_INCLUDES)}=datadog.smoke.*," +
       "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_AGENTLESS_URL)}=${intakeServer.address.toString()}"
 
     Files.write(testKitFolder.resolve("gradle.properties"), gradleProperties.getBytes())
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/main/java/datadog/smoke/Calculator.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/main/java/datadog/smoke/Calculator.java
new file mode 100644
index 00000000000..acff45019ee
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/main/java/datadog/smoke/Calculator.java
@@ -0,0 +1,7 @@
+package datadog.smoke;
+
+public class Calculator {
+  public static int add(int a, int b) {
+    return a + b;
+  }
+}
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/test/java/datadog/smoke/TestSucceed.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/test/java/datadog/smoke/TestSucceed.java
index 27f406fce1f..7f3074a5523 100644
--- a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/test/java/datadog/smoke/TestSucceed.java
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/success/src/test/java/datadog/smoke/TestSucceed.java
@@ -8,7 +8,7 @@ public class TestSucceed {
 
   @Test
   public void test_succeed() {
-    assertTrue(true);
+    assertTrue(Calculator.add(2, 2) == 4);
   }
 
   @Test
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/main/java/datadog/smoke/Calculator.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/main/java/datadog/smoke/Calculator.java
new file mode 100644
index 00000000000..acff45019ee
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/main/java/datadog/smoke/Calculator.java
@@ -0,0 +1,7 @@
+package datadog.smoke;
+
+public class Calculator {
+  public static int add(int a, int b) {
+    return a + b;
+  }
+}
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/test/java/datadog/smoke/TestSucceed.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/test/java/datadog/smoke/TestSucceed.java
index fc39e81b7f2..eaf0700b534 100644
--- a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/test/java/datadog/smoke/TestSucceed.java
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successJunit5/src/test/java/datadog/smoke/TestSucceed.java
@@ -8,7 +8,7 @@ public class TestSucceed {
 
   @Test
   public void test_succeed() {
-    assertTrue(true);
+    assertTrue(Calculator.add(2, 2) == 4);
   }
 
   @Test
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/build.gradleTest b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/build.gradleTest
new file mode 100644
index 00000000000..a7c25145d36
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/build.gradleTest
@@ -0,0 +1,21 @@
+apply plugin: 'java'
+
+repositories {
+  mavenLocal()
+  mavenCentral()
+}
+
+dependencies {
+  testImplementation 'junit:junit:4.10'
+  testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
+  testImplementation 'org.junit.jupiter:junit-jupiter-api:5.9.2'
+  testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.9.2'
+  testImplementation 'org.junit.vintage:junit-vintage-engine:5.9.2'
+}
+
+test {
+  maxParallelForks = 2
+  forkEvery = 1
+
+  useJUnitPlatform()
+}
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/settings.gradleTest b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/settings.gradleTest
new file mode 100644
index 00000000000..6040f1decb8
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/settings.gradleTest
@@ -0,0 +1 @@
+rootProject.name = 'gradle-instrumentation-test-project'
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/main/java/datadog/smoke/Calculator.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/main/java/datadog/smoke/Calculator.java
new file mode 100644
index 00000000000..b2436fa5826
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/main/java/datadog/smoke/Calculator.java
@@ -0,0 +1,10 @@
+package datadog.smoke;
+
+public class Calculator {
+  public static int add(int a, int b) {
+    return a + b;
+  }
+  public static int subtract(int a, int b) {
+    return a - b;
+  }
+}
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/test/java/datadog/smoke/TestSucceed.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/test/java/datadog/smoke/TestSucceed.java
new file mode 100644
index 00000000000..0f67bd32f19
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/test/java/datadog/smoke/TestSucceed.java
@@ -0,0 +1,12 @@
+package datadog.smoke;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class TestSucceed {
+  @Test
+  public void test_succeed() {
+    assertTrue(Calculator.add(2, 2) == 4);
+  }
+}
diff --git a/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/test/java/datadog/smoke/TestSucceedJunit5.java b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/test/java/datadog/smoke/TestSucceedJunit5.java
new file mode 100644
index 00000000000..26c65625ac8
--- /dev/null
+++ b/dd-smoke-tests/gradle/src/test/resources/datadog/smoketest/successMultiForks/src/test/java/datadog/smoke/TestSucceedJunit5.java
@@ -0,0 +1,12 @@
+package datadog.smoke;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+public class TestSucceedJunit5 {
+  @Test
+  public void test_succeed() {
+    assertTrue(Calculator.subtract(2, 2) == 0);
+  }
+}
diff --git a/dd-smoke-tests/grpc-1.5/build.gradle b/dd-smoke-tests/grpc-1.5/build.gradle
new file mode 100644
index 00000000000..0b1c81d99a8
--- /dev/null
+++ b/dd-smoke-tests/grpc-1.5/build.gradle
@@ -0,0 +1,52 @@
+import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar
+
+plugins {
+  id 'application'
+  id 'java'
+  id 'java-test-fixtures'
+  id 'com.google.protobuf' version '0.9.4'
+  id 'com.github.johnrengelman.shadow'
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+repositories {
+  // Use Maven Central for resolving dependencies.
+  mavenCentral()
+}
+
+def grpcVersion = '1.58.0'
+def protobufVersion = '3.24.0'
+def protocVersion = protobufVersion
+def mainClassName = 'datadog.smoketest.grpc.App'
+
+dependencies {
+  implementation "io.grpc:grpc-all:${grpcVersion}"
+
+  testImplementation project(':dd-smoke-tests')
+  testImplementation(testFixtures(project(":dd-smoke-tests:iast-util")))
+}
+
+application {
+  mainClass.set(mainClassName)
+}
+
+protobuf {
+  protoc { artifact = "com.google.protobuf:protoc:${protocVersion}" }
+  plugins {
+    grpc { artifact = "io.grpc:protoc-gen-grpc-java:${grpcVersion}" }
+  }
+  generateProtoTasks {
+    all()*.plugins { grpc {} }
+  }
+}
+
+tasks.withType(ShadowJar).configureEach {
+  archiveClassifier.set("fat")
+  mergeServiceFiles()
+}
+
+tasks.withType(Test).configureEach {
+  dependsOn "shadowJar"
+  jvmArgs "-Ddatadog.smoketest.grpc.jar.path=${tasks.shadowJar.archiveFile.get()}"
+}
diff --git a/dd-smoke-tests/grpc-1.5/src/main/java/datadog/smoketest/grpc/App.java b/dd-smoke-tests/grpc-1.5/src/main/java/datadog/smoketest/grpc/App.java
new file mode 100644
index 00000000000..74137b6fe0c
--- /dev/null
+++ b/dd-smoke-tests/grpc-1.5/src/main/java/datadog/smoketest/grpc/App.java
@@ -0,0 +1,58 @@
+/*
+ * This Java source file was generated by the Gradle 'init' task.
+ */
+package datadog.smoketest.grpc;
+
+import io.grpc.Grpc;
+import io.grpc.InsecureServerCredentials;
+import io.grpc.Server;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Logger;
+
+public class App {
+
+  private static final Logger logger = Logger.getLogger(App.class.getName());
+
+  private Server server;
+
+  private void start() throws IOException {
+    int port = Integer.getInteger("grpc.http.port", 8080);
+    server =
+        Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
+            .addService(new IastServiceImpl())
+            .build()
+            .start();
+    logger.info("Server started, listening on " + port);
+    Runtime.getRuntime()
+        .addShutdownHook(
+            new Thread(
+                () -> {
+                  System.err.println("*** shutting down gRPC server since JVM is shutting down");
+                  try {
+                    App.this.stop();
+                  } catch (InterruptedException e) {
+                    e.printStackTrace(System.err);
+                  }
+                  System.err.println("*** server shut down");
+                }));
+  }
+
+  private void stop() throws InterruptedException {
+    if (server != null) {
+      server.shutdown().awaitTermination(30, TimeUnit.SECONDS);
+    }
+  }
+
+  private void blockUntilShutdown() throws InterruptedException {
+    if (server != null) {
+      server.awaitTermination();
+    }
+  }
+
+  public static void main(String[] args) throws IOException, InterruptedException {
+    final App app = new App();
+    app.start();
+    app.blockUntilShutdown();
+  }
+}
diff --git a/dd-smoke-tests/grpc-1.5/src/main/java/datadog/smoketest/grpc/IastServiceImpl.java b/dd-smoke-tests/grpc-1.5/src/main/java/datadog/smoketest/grpc/IastServiceImpl.java
new file mode 100644
index 00000000000..663f14abb62
--- /dev/null
+++ b/dd-smoke-tests/grpc-1.5/src/main/java/datadog/smoketest/grpc/IastServiceImpl.java
@@ -0,0 +1,31 @@
+package datadog.smoketest.grpc;
+
+import datadog.grpc.Iast.Request;
+import datadog.grpc.Iast.Request.Type;
+import datadog.grpc.Iast.Response;
+import datadog.grpc.IastServiceGrpc;
+import io.grpc.stub.StreamObserver;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+public class IastServiceImpl extends IastServiceGrpc.IastServiceImplBase {
+
+  @Override
+  public void serverSideRequestForgery(
+      final Request request, final StreamObserver<Response> responseObserver) {
+    if (request.getType() != Type.URL) {
+      responseObserver.onError(new IllegalArgumentException("Invalid type for request"));
+    } else {
+      try {
+        final URL target = new URL(request.getUrl().getValue());
+        final HttpURLConnection conn = (HttpURLConnection) target.openConnection();
+        conn.disconnect();
+        Response response = Response.newBuilder().setMessage("SSRF triggered").build();
+        responseObserver.onNext(response);
+        responseObserver.onCompleted();
+      } catch (final Exception e) {
+        responseObserver.onError(e);
+      }
+    }
+  }
+}
diff --git a/dd-smoke-tests/grpc-1.5/src/main/proto/iast.proto b/dd-smoke-tests/grpc-1.5/src/main/proto/iast.proto
new file mode 100644
index 00000000000..9452d493b0c
--- /dev/null
+++ b/dd-smoke-tests/grpc-1.5/src/main/proto/iast.proto
@@ -0,0 +1,27 @@
+syntax = "proto3";
+
+package datadog.grpc.iast;
+option java_package = "datadog.grpc";
+
+service IastService {
+  rpc ServerSideRequestForgery (Request) returns (Response) { }
+}
+
+message Request {
+  enum Type{
+    URL = 0;
+  }
+
+  message Url {
+    string value = 1;
+  }
+
+  Type type = 1;
+  oneof payload {
+    Url url = 2;
+  }
+}
+
+message Response {
+  string message = 1;
+}
diff --git a/dd-smoke-tests/grpc-1.5/src/test/groovy/datadog/smoketest/IastGrpcClient.groovy b/dd-smoke-tests/grpc-1.5/src/test/groovy/datadog/smoketest/IastGrpcClient.groovy
new file mode 100644
index 00000000000..645a82f25d5
--- /dev/null
+++ b/dd-smoke-tests/grpc-1.5/src/test/groovy/datadog/smoketest/IastGrpcClient.groovy
@@ -0,0 +1,33 @@
+package datadog.smoketest
+
+import datadog.grpc.Iast
+import datadog.grpc.IastServiceGrpc
+import io.grpc.ManagedChannelBuilder
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class IastGrpcClient {
+
+  private static final Logger LOG = LoggerFactory.getLogger(IastGrpcClient)
+
+  IastServiceGrpc.IastServiceBlockingStub blockingStub
+  IastServiceGrpc.IastServiceFutureStub futureStub
+  IastServiceGrpc.IastServiceStub asyncStub
+
+  IastGrpcClient(String host, int port) {
+    this(ManagedChannelBuilder.forAddress(host, port).usePlaintext())
+    LOG.error("Connecting to {}:{}", host, port)
+  }
+
+  /** Construct client for accessing RouteGuide server using the existing channel. */
+  IastGrpcClient(ManagedChannelBuilder<?> channelBuilder) {
+    def channel = channelBuilder.build()
+    blockingStub = IastServiceGrpc.newBlockingStub(channel)
+    futureStub = IastServiceGrpc.newFutureStub(channel)
+    asyncStub = IastServiceGrpc.newStub(channel)
+  }
+
+  Iast.Response ssrf(Iast.Request request) {
+    return blockingStub.serverSideRequestForgery(request)
+  }
+}
diff --git a/dd-smoke-tests/grpc-1.5/src/test/groovy/datadog/smoketest/IastGrpcSmokeTest.groovy b/dd-smoke-tests/grpc-1.5/src/test/groovy/datadog/smoketest/IastGrpcSmokeTest.groovy
new file mode 100644
index 00000000000..34ac068b907
--- /dev/null
+++ b/dd-smoke-tests/grpc-1.5/src/test/groovy/datadog/smoketest/IastGrpcSmokeTest.groovy
@@ -0,0 +1,50 @@
+package datadog.smoketest
+
+import datadog.grpc.Iast
+import spock.lang.Shared
+
+import static datadog.trace.api.config.IastConfig.*
+
+class IastGrpcSmokeTest extends AbstractIastServerSmokeTest {
+
+  @Shared
+  IastGrpcClient grpcClient = new IastGrpcClient("localhost", httpPort)
+
+  @Override
+  ProcessBuilder createProcessBuilder() {
+    final jarPath = System.getProperty('datadog.smoketest.grpc.jar.path')
+    List<String> command = []
+    command.add(javaPath())
+    command.addAll(defaultJavaProperties)
+    command.addAll((String[]) [
+      withSystemProperty(IAST_ENABLED, true),
+      withSystemProperty(IAST_DETECTION_MODE, 'FULL'),
+      withSystemProperty(IAST_DEBUG_ENABLED, true),
+      "-Dgrpc.http.port=${httpPort}".toString(),
+      '-jar',
+      jarPath
+    ])
+    final processBuilder = new ProcessBuilder(command)
+    processBuilder.directory(new File(buildDirectory))
+    return processBuilder
+  }
+
+  void 'test SSRF detection'() {
+    setup:
+    final url = 'https://dd.datad0g.com/'
+    final request = Iast.Request.newBuilder().setType(Iast.Request.Type.URL)
+      .setUrl(Iast.Request.Url.newBuilder().setValue(url).build()).build()
+
+    when:
+    final resp = grpcClient.ssrf(request)
+
+    then:
+    resp != null
+    hasTainted {tainted ->
+      tainted.value == url &&
+        tainted.ranges[0].source.name == 'root.payload_.value_' &&
+        tainted.ranges[0].source.origin == 'grpc.request.body'
+    }
+    hasVulnerability { vul -> vul.type == 'SSRF' }
+  }
+}
diff --git a/dd-smoke-tests/iast-util/build.gradle b/dd-smoke-tests/iast-util/build.gradle
index bb0b64ea8fe..07f4f80a5be 100644
--- a/dd-smoke-tests/iast-util/build.gradle
+++ b/dd-smoke-tests/iast-util/build.gradle
@@ -8,4 +8,6 @@ description = 'iast-smoke-tests-utils'
 
 dependencies {
   api project(':dd-smoke-tests')
+  compileOnly group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '1.5.18.RELEASE'
+  compileOnly group: 'com.google.code.gson', name: 'gson', version: '2.10'
 }
diff --git a/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java b/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java
similarity index 100%
rename from dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java
rename to dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java
diff --git a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java b/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
similarity index 83%
rename from dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
rename to dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
index 35db70370d0..4a6087f2ff5 100644
--- a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
+++ b/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
@@ -1,5 +1,6 @@
 package datadog.smoketest.springboot.controller;
 
+import com.google.gson.Gson;
 import datadog.smoketest.springboot.TestBean;
 import ddtest.client.sources.Hasher;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -12,6 +13,7 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Paths;
 import java.security.Principal;
+import java.util.Arrays;
 import java.util.Map;
 import java.util.Random;
 import java.util.concurrent.ThreadLocalRandom;
@@ -39,6 +41,7 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.view.RedirectView;
 import org.springframework.web.servlet.view.UrlBasedViewResolver;
@@ -70,6 +73,18 @@ public String weakhash() {
     return "Weak Hash page";
   }
 
+  @RequestMapping("/weak_key_generator")
+  public String weakKeyGenerator() {
+    hasher.generateKey();
+    return "Weak Key generator page";
+  }
+
+  @RequestMapping("/weak_key_generator_with_provider")
+  public String weakKeyGeneratorWithProvider() {
+    hasher.generateKeyWithProvider();
+    return "Weak Key generator page";
+  }
+
   @GetMapping("/insecure_cookie")
   public String insecureCookie(HttpServletResponse response) {
     Cookie cookie = new Cookie("user-id", "7");
@@ -291,14 +306,55 @@ public String trustBoundaryViolationForCookie(final HttpServletRequest request)
     return "Trust Boundary violation with cookie page";
   }
 
-  @GetMapping("/xss/write")
-  @SuppressFBWarnings
-  public void xssWrite(final HttpServletRequest request, final HttpServletResponse response) {
+  @GetMapping(value = "/hstsmissing", produces = "text/html")
+  public String hstsHeaderMissing(HttpServletResponse response) {
+    response.setStatus(HttpStatus.OK.value());
+    return "ok";
+  }
+
+  @GetMapping(value = "/xcontenttypeoptionsmissing", produces = "text/html")
+  public String xContentTypeOptionsMissing(HttpServletResponse response) {
+    response.addHeader("X-Content-Type-Options", "dosniff");
+    response.setStatus(HttpStatus.OK.value());
+    return "ok";
+  }
+
+  @PostMapping("/multipart")
+  public String handleFileUpload(
+      @RequestParam("theFile") MultipartFile file, @RequestParam("param1") String param1) {
+    String fileContent = "NO_FILE";
     try {
-      response.getWriter().write(request.getParameter("string"));
+      fileContent = Arrays.toString(file.getBytes());
+      file.getOriginalFilename();
     } catch (IOException e) {
-      throw new RuntimeException(e);
     }
+    return "fileName: " + file.getName();
+  }
+
+  @GetMapping(value = "/xcontenttypeoptionsecure", produces = "text/html")
+  public String xContentTypeOptionsSecure(HttpServletResponse response) {
+    response.addHeader("X-Content-Type-Options", "nosniff");
+    response.setStatus(HttpStatus.OK.value());
+    return "ok";
+  }
+
+  @GetMapping("/getrequesturi")
+  String pathInfo(HttpServletRequest request) {
+    String pathInfo = request.getRequestURI();
+    return String.format("Request.getRequestURI returns %s", pathInfo);
+  }
+
+  @GetMapping("/getrequesturl")
+  String requestURL(HttpServletRequest request) {
+    StringBuffer requestURL = request.getRequestURL();
+    return String.format("Request.getRequestURL returns %s", requestURL);
+  }
+
+  @PostMapping("/gson_deserialization")
+  String gson(@RequestParam("json") String json) {
+    Gson gson = new Gson();
+    TestBean testBean = gson.fromJson(json, TestBean.class);
+    return "Test bean -> name: " + testBean.getName() + ", value: " + testBean.getValue();
   }
 
   private void withProcess(final Operation<Process> op) {
diff --git a/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java b/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java
similarity index 100%
rename from dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java
rename to dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java
diff --git a/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/XssController.java b/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/XssController.java
new file mode 100644
index 00000000000..81f708acb55
--- /dev/null
+++ b/dd-smoke-tests/iast-util/src/main/java/datadog/smoketest/springboot/controller/XssController.java
@@ -0,0 +1,193 @@
+package datadog.smoketest.springboot.controller;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.io.IOException;
+import java.util.Locale;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/xss")
+public class XssController {
+
+  @GetMapping("/write")
+  @SuppressFBWarnings
+  public void write(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      response.getWriter().write(request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/write2")
+  @SuppressFBWarnings
+  public void write2(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      response.getWriter().write(request.getParameter("string").toCharArray());
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/write3")
+  @SuppressFBWarnings
+  public void write3(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String insecure = request.getParameter("string");
+      response.getWriter().write(insecure, 0, insecure.length());
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/write4")
+  @SuppressFBWarnings
+  public void write4(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      char[] buf = request.getParameter("string").toCharArray();
+      response.getWriter().write(buf, 0, buf.length);
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/print")
+  @SuppressFBWarnings
+  public void print(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      response.getWriter().print(request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/print2")
+  @SuppressFBWarnings
+  public void print2(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      response.getWriter().print(request.getParameter("string").toCharArray());
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/println")
+  @SuppressFBWarnings
+  public void println(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      response.getWriter().println(request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/println2")
+  @SuppressFBWarnings
+  public void println2(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      response.getWriter().println(request.getParameter("string").toCharArray());
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/printf")
+  @SuppressFBWarnings
+  public void printf(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = request.getParameter("string");
+      response.getWriter().printf(format, "A", "B");
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/printf2")
+  @SuppressFBWarnings
+  public void printf2(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = "Formatted like: %1$s and %2$s.";
+      response.getWriter().printf(format, "A", request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/printf3")
+  @SuppressFBWarnings
+  public void printf3(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = request.getParameter("string");
+      response.getWriter().printf(Locale.getDefault(), format, "A", "B");
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/printf4")
+  @SuppressFBWarnings
+  public void printf4(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = "Formatted like: %1$s and %2$s.";
+      response.getWriter().printf(Locale.getDefault(), format, "A", request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/format")
+  @SuppressFBWarnings
+  public void format(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = request.getParameter("string");
+      response.getWriter().format(format, "A", "B");
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/format2")
+  @SuppressFBWarnings
+  public void format2(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = "Formatted like: %1$s and %2$s.";
+      response.getWriter().format(format, "A", request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/format3")
+  @SuppressFBWarnings
+  public void format3(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = request.getParameter("string");
+      response.getWriter().format(Locale.getDefault(), format, "A", "B");
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping("/format4")
+  @SuppressFBWarnings
+  public void format4(final HttpServletRequest request, final HttpServletResponse response) {
+    try {
+      String format = "Formatted like: %1$s and %2$s.";
+      response.getWriter().format(Locale.getDefault(), format, "A", request.getParameter("string"));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  @GetMapping(value = "/responseBody", produces = MediaType.APPLICATION_JSON_VALUE)
+  @ResponseBody
+  public String responseBody(final HttpServletRequest request, final HttpServletResponse response) {
+    return request.getParameter("string");
+  }
+}
diff --git a/dd-smoke-tests/iast-util/src/main/java/ddtest/client/sources/Hasher.java b/dd-smoke-tests/iast-util/src/main/java/ddtest/client/sources/Hasher.java
index 3f925e0eb99..f5f73ece562 100644
--- a/dd-smoke-tests/iast-util/src/main/java/ddtest/client/sources/Hasher.java
+++ b/dd-smoke-tests/iast-util/src/main/java/ddtest/client/sources/Hasher.java
@@ -2,6 +2,9 @@
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 public class Hasher {
   public MessageDigest sha1() {
@@ -27,4 +30,20 @@ public MessageDigest md5() {
       throw new RuntimeException(e);
     }
   }
+
+  public SecretKey generateKey() {
+    try {
+      return KeyGenerator.getInstance("DES").generateKey();
+    } catch (NoSuchAlgorithmException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public SecretKey generateKeyWithProvider() {
+    try {
+      return KeyGenerator.getInstance("DES", "SUN").generateKey();
+    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+      throw new RuntimeException(e);
+    }
+  }
 }
diff --git a/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastServerSmokeTest.groovy b/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastServerSmokeTest.groovy
index cda4ba62618..8ad91dff081 100644
--- a/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastServerSmokeTest.groovy
+++ b/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastServerSmokeTest.groovy
@@ -126,6 +126,27 @@ abstract class AbstractIastServerSmokeTest extends AbstractServerSmokeTest {
     }
   }
 
+  protected void noVulnerability(@ClosureParams(value = SimpleType, options = ['datadog.smoketest.model.Vulnerability'])
+    final Closure<Boolean> matcher) {
+    final found = []
+    try {
+      waitForSpan(pollingConditions()) { span ->
+        final json = span.meta.get(TAG_NAME)
+        if (!json) {
+          return false
+        }
+        final batch = jsonSlurper.parseText(json) as Map
+        final vulnerabilities = batch.vulnerabilities as List<Vulnerability>
+        found.addAll(vulnerabilities)
+      }
+    } catch (SpockTimeoutError toe) {
+      // do nothing
+    }
+    if ( found.find(matcher) != null){
+      throw new AssertionError("A matching vulnerability was found while expecting none. Vulnerabilities found: ${new JsonBuilder(found).toPrettyString()}")
+    }
+  }
+
   protected TaintedObject parseTaintedLog(final String log) {
     final index = log.indexOf('tainted=')
     if (index >= 0) {
diff --git a/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastSpringBootTest.groovy b/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastSpringBootTest.groovy
index 83fc9de3bae..4217258e570 100644
--- a/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastSpringBootTest.groovy
+++ b/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastSpringBootTest.groovy
@@ -2,6 +2,7 @@ package datadog.smoketest
 
 import okhttp3.FormBody
 import okhttp3.MediaType
+import okhttp3.MultipartBody
 import okhttp3.Request
 import okhttp3.RequestBody
 
@@ -83,6 +84,33 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
     !logHasErrors
   }
 
+  void 'Multipart Request parameters'(){
+    given:
+    String url = "http://localhost:${httpPort}/multipart"
+
+    RequestBody requestBody = new MultipartBody.Builder().setType(MultipartBody.FORM)
+      .addFormDataPart("theFile", "theFileName",
+      RequestBody.create(MediaType.parse("text/plain"), "FILE_CONTENT"))
+      .addFormDataPart("param1", "param1Value")
+      .build()
+
+    Request request = new Request.Builder()
+      .url(url)
+      .post(requestBody)
+      .build()
+    when:
+    final retValue = client.newCall(request).execute().body().string()
+
+    then:
+    retValue == "fileName: theFile"
+    hasTainted { tainted ->
+      tainted.value == 'theFile' &&
+        tainted.ranges[0].source.name == 'Content-Disposition' &&
+        tainted.ranges[0].source.origin == 'http.request.multipart.parameter'
+    }
+
+  }
+
   void 'iast.enabled tag is present'() {
     setup:
     String url = "http://localhost:${httpPort}/greeting"
@@ -110,6 +138,37 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
     }
   }
 
+  void 'weak cipher vulnerability is present when calling key generator'() {
+    setup:
+    String url = "http://localhost:${httpPort}/weak_key_generator"
+    def request = new Request.Builder().url(url).get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasVulnerability { vul ->
+      vul.type == 'WEAK_CIPHER' &&
+        vul.evidence.value == 'DES'
+    }
+  }
+
+  void 'weak cipher vulnerability is present when calling key generator with provider'() {
+    setup:
+    String url = "http://localhost:${httpPort}/weak_key_generator_with_provider"
+    def request = new Request.Builder().url(url).get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasVulnerability { vul ->
+      vul.type == 'WEAK_CIPHER' &&
+        vul.evidence.value == 'DES'
+    }
+  }
+
+
   void 'insecure cookie vulnerability is present'() {
     setup:
     String url = "http://localhost:${httpPort}/insecure_cookie"
@@ -127,6 +186,48 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
     }
   }
 
+  void 'hsts header missing vulnerability is present'() {
+    setup:
+    String url = "http://localhost:${httpPort}/hstsmissing"
+    def request = new Request.Builder().url(url).header("X-Forwarded-Proto", "https").get().build()
+
+    when:
+    def response = client.newCall(request).execute()
+
+    then:
+    response.isSuccessful()
+    hasVulnerability { vul ->
+      vul.type == 'HSTS_HEADER_MISSING'
+    }
+  }
+
+  void 'X content type options missing header vulnerability is present'() {
+    setup:
+    String url = "http://localhost:${httpPort}/xcontenttypeoptionsmissing"
+    def request = new Request.Builder().url(url).get().build()
+    when:
+    def response = client.newCall(request).execute()
+    then:
+    response.isSuccessful()
+    hasVulnerability { vul ->
+      vul.type == 'XCONTENTTYPE_HEADER_MISSING'
+    }
+  }
+
+  void 'X content type options missing header vulnerability is absent'() {
+    setup:
+    String url = "http://localhost:${httpPort}/xcontenttypeoptionsecure"
+    def request = new Request.Builder().url(url).get().build()
+    when:
+    def response = client.newCall(request).execute()
+    then:
+    response.isSuccessful()
+    noVulnerability { vul ->
+      vul.type == 'XCONTENTTYPE_HEADER_MISSING'
+    }
+  }
+
+
   void 'no HttpOnly cookie vulnerability is present'() {
     setup:
     String url = "http://localhost:${httpPort}/insecure_cookie"
@@ -288,16 +389,36 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
     hasVulnerability { vul -> vul.type == 'TRUST_BOUNDARY_VIOLATION' }
   }
 
-  void 'xss is present when write String'() {
+  void 'xss is present'() {
     setup:
-    final url = "http://localhost:${httpPort}/xss/write?string=test"
+    final url = "http://localhost:${httpPort}/xss/${method}?string=${param}"
     final request = new Request.Builder().url(url).get().build()
 
     when:
     client.newCall(request).execute()
 
     then:
-    hasVulnerability { vul -> vul.type == 'XSS' && vul.location.method == 'xssWrite' }
+    hasVulnerability { vul -> vul.type == 'XSS' && vul.location.method == method }
+
+    where:
+    method     | param
+    'write'    | 'test'
+    'write2'   | 'test'
+    'write3'   | 'test'
+    'write4'   | 'test'
+    'print'    | 'test'
+    'print2'   | 'test'
+    'println'  | 'test'
+    'println2' | 'test'
+    'printf'   | 'Formatted%20like%3A%20%251%24s%20and%20%252%24s.'
+    'printf2'  | 'test'
+    'printf3'  | 'Formatted%20like%3A%20%251%24s%20and%20%252%24s.'
+    'printf4'  | 'test'
+    'format'   | 'Formatted%20like%3A%20%251%24s%20and%20%252%24s.'
+    'format2'  | 'test'
+    'format3'  | 'Formatted%20like%3A%20%251%24s%20and%20%252%24s.'
+    'format4'  | 'test'
+    'responseBody' | 'test'
   }
 
   void 'trust boundary violation with cookie propagation'() {
@@ -373,6 +494,21 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
     }
   }
 
+  void 'getRequestURL taints its output'() {
+    setup:
+    String url = "http://localhost:${httpPort}/getrequesturl"
+    def request = new Request.Builder().url(url).get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasTainted { tainted ->
+      tainted.value == url &&
+        tainted.ranges[0].source.origin == 'http.request.uri'
+    }
+  }
+
   void 'request header taint string'() {
     setup:
     String url = "http://localhost:${httpPort}/request_header/test"
@@ -673,4 +809,19 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
     hasVulnerabilityInLogs { vul -> vul.type == 'UNVALIDATED_REDIRECT' && vul.location.method == 'getViewfromTaintedString' }
   }
 
+  void 'getRequestURI taints its output'() {
+    setup:
+    final url = "http://localhost:${httpPort}/getrequesturi"
+    final request = new Request.Builder().url(url).get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasTainted { tainted ->
+      tainted.value == '/getrequesturi' &&
+        tainted.ranges[0].source.origin == 'http.request.path'
+    }
+  }
+
 }
diff --git a/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy b/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy
index 482e4b3dcdb..b00f810ba63 100644
--- a/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy
+++ b/dd-smoke-tests/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy
@@ -11,6 +11,8 @@ import spock.lang.IgnoreIf
 @CompileDynamic
 abstract class AbstractIastVertxSmokeTest extends AbstractIastServerSmokeTest {
 
+  private static final MediaType FORM = MediaType.get('application/x-www-form-urlencoded')
+
   void 'test header source'() {
     setup:
     final url = "http://localhost:${httpPort}/header"
@@ -43,6 +45,23 @@ abstract class AbstractIastVertxSmokeTest extends AbstractIastServerSmokeTest {
     }
   }
 
+  void 'test header names list source'() {
+    setup:
+    final url = "http://localhost:${httpPort}/headernames"
+    final request = new Request.Builder().url(url).header('header', 'headerValues').get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasTainted { tainted ->
+      tainted.value == 'header' &&
+        tainted.ranges[0].source.name == 'header' &&
+        tainted.ranges[0].source.value == 'header' &&
+        tainted.ranges[0].source.origin == 'http.request.header.name'
+    }
+  }
+
   void 'test parameter source'() {
     setup:
     final url = "http://localhost:${httpPort}/param?param=paramValue"
@@ -75,6 +94,28 @@ abstract class AbstractIastVertxSmokeTest extends AbstractIastServerSmokeTest {
     }
   }
 
+  void 'test parameter names list source'() {
+    setup:
+    final request = builder.call("http://localhost:${httpPort}/paramnames")
+    final name = params.split('=')[0]
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasTainted { tainted ->
+      tainted.value == name &&
+        tainted.ranges[0].source.name == name &&
+        tainted.ranges[0].source.value == name &&
+        tainted.ranges[0].source.origin == 'http.request.parameter.name'
+    }
+
+    where:
+    params            | builder
+    'postparam=value' | { String url -> new Request.Builder().url(url).post(RequestBody.create(FORM, params)).build() }
+    'getparam=value'  | { String url -> new Request.Builder().url("$url?$params").get().build() }
+  }
+
   void 'test form source'() {
     setup:
     final url = "http://localhost:${httpPort}/form_attribute"
diff --git a/dd-smoke-tests/log-injection/src/main/java/datadog/smoketest/loginjection/BaseApplication.java b/dd-smoke-tests/log-injection/src/main/java/datadog/smoketest/loginjection/BaseApplication.java
index 260ec281797..a2edae29ac3 100644
--- a/dd-smoke-tests/log-injection/src/main/java/datadog/smoketest/loginjection/BaseApplication.java
+++ b/dd-smoke-tests/log-injection/src/main/java/datadog/smoketest/loginjection/BaseApplication.java
@@ -3,6 +3,7 @@
 import static datadog.trace.api.config.TraceInstrumentationConfig.LOGS_INJECTION_ENABLED;
 
 import datadog.trace.api.ConfigCollector;
+import datadog.trace.api.ConfigSetting;
 import datadog.trace.api.CorrelationIdentifier;
 import datadog.trace.api.Trace;
 import java.util.concurrent.TimeUnit;
@@ -22,15 +23,13 @@ public void run() throws InterruptedException {
 
     secondTracedMethod();
 
-    if (!waitForCondition(
-        () -> Boolean.FALSE.equals(ConfigCollector.get().collect().get(LOGS_INJECTION_ENABLED)))) {
+    if (!waitForCondition(() -> Boolean.FALSE.equals(getLogInjectionEnabled()))) {
       throw new RuntimeException("Logs injection config was never updated");
     }
 
     thirdTracedMethod();
 
-    if (!waitForCondition(
-        () -> Boolean.TRUE.equals(ConfigCollector.get().collect().get(LOGS_INJECTION_ENABLED)))) {
+    if (!waitForCondition(() -> Boolean.TRUE.equals(getLogInjectionEnabled()))) {
       throw new RuntimeException("Logs injection config was never updated a second time");
     }
 
@@ -44,6 +43,14 @@ public void run() throws InterruptedException {
     Thread.sleep(400);
   }
 
+  private static Object getLogInjectionEnabled() {
+    ConfigSetting configSetting = ConfigCollector.get().collect().get(LOGS_INJECTION_ENABLED);
+    if (configSetting == null) {
+      return null;
+    }
+    return configSetting.value;
+  }
+
   @Trace
   public void firstTracedMethod() {
     doLog("INSIDE FIRST SPAN");
diff --git a/dd-smoke-tests/log-injection/src/test/groovy/datadog/smoketest/LogInjectionSmokeTest.groovy b/dd-smoke-tests/log-injection/src/test/groovy/datadog/smoketest/LogInjectionSmokeTest.groovy
index a094534cb04..17c75fa47c8 100644
--- a/dd-smoke-tests/log-injection/src/test/groovy/datadog/smoketest/LogInjectionSmokeTest.groovy
+++ b/dd-smoke-tests/log-injection/src/test/groovy/datadog/smoketest/LogInjectionSmokeTest.groovy
@@ -362,6 +362,11 @@ class JCLInterfaceLog4j1Backend128bTid extends JCLInterfaceLog4j1Backend {}
 
 class JCLInterfaceLog4j2Backend extends LogInjectionSmokeTest {
   def backend() { "Log4j2" }
+
+  // workaround https://github.com/apache/logging-log4j2/issues/1865
+  List additionalArguments() {
+    return ['-Dorg.apache.commons.logging.LogFactory=org.apache.logging.log4j.jcl.LogFactoryImpl' as String]
+  }
 }
 
 class JCLInterfaceLog4j2BackendNoTags extends JCLInterfaceLog4j2Backend {}
@@ -442,6 +447,11 @@ class Slf4jInterfaceJCLToLog4j1LatestBackend extends Slf4jInterfaceJCLToLog4j1Ba
 
 class Slf4jInterfaceJCLToLog4j2Backend extends LogInjectionSmokeTest {
   def backend() { "Log4j2" }
+
+  // workaround https://github.com/apache/logging-log4j2/issues/1865
+  List additionalArguments() {
+    return ['-Dorg.apache.commons.logging.LogFactory=org.apache.logging.log4j.jcl.LogFactoryImpl' as String]
+  }
 }
 
 class Slf4jInterfaceJCLToLog4j2BackendNoTags extends Slf4jInterfaceJCLToLog4j2Backend {}
diff --git a/dd-smoke-tests/maven/src/test/groovy/datadog/smoketest/MavenSmokeTest.groovy b/dd-smoke-tests/maven/src/test/groovy/datadog/smoketest/MavenSmokeTest.groovy
index 6e95704c549..29413d42f67 100644
--- a/dd-smoke-tests/maven/src/test/groovy/datadog/smoketest/MavenSmokeTest.groovy
+++ b/dd-smoke-tests/maven/src/test/groovy/datadog/smoketest/MavenSmokeTest.groovy
@@ -2,6 +2,7 @@ package datadog.smoketest
 
 import com.fasterxml.jackson.databind.ObjectMapper
 import datadog.trace.agent.test.server.http.TestHttpServer
+import datadog.trace.api.Config
 import datadog.trace.api.config.CiVisibilityConfig
 import datadog.trace.api.config.GeneralConfig
 import datadog.trace.test.util.MultipartRequestParser
@@ -32,8 +33,8 @@ class MavenSmokeTest extends Specification {
 
   private static final String TEST_SERVICE_NAME = "test-maven-service"
   private static final String TEST_ENVIRONMENT_NAME = "integration-test"
-  private static final String JAVAC_PLUGIN_VERSION = "0.1.6"
-  private static final String JACOCO_PLUGIN_VERSION = "0.8.10"
+  private static final String JAVAC_PLUGIN_VERSION = Config.get().ciVisibilityCompilerPluginVersion
+  private static final String JACOCO_PLUGIN_VERSION = Config.get().ciVisibilityJacocoPluginVersion
 
   private static final int PROCESS_TIMEOUT_SECS = 60
 
@@ -108,6 +109,31 @@ class MavenSmokeTest extends Specification {
     then:
     exitCode == 0
 
+    verifyEventsAndCoverages(mavenVersion)
+
+    where:
+    mavenVersion << ["3.2.1", "3.2.5", "3.3.9", "3.5.4", "3.6.3", "3.8.8", "3.9.4", "4.0.0-alpha-7"]
+  }
+
+  def "test maven run with jacoco and argLine, v#mavenVersion"() {
+    given:
+    givenWrapperPropertiesFile(mavenVersion)
+    givenMavenProjectFiles("test_successful_maven_run_with_jacoco_and_argline")
+    givenMavenDependenciesAreLoaded()
+
+    when:
+    def exitCode = whenRunningMavenBuild()
+
+    then:
+    exitCode == 0
+
+    verifyEventsAndCoverages(mavenVersion)
+
+    where:
+    mavenVersion << ["3.9.4"]
+  }
+
+  private verifyEventsAndCoverages(String mavenVersion) {
     def events = waitForEvents(5)
     assert events.size() == 5
 
@@ -119,6 +145,8 @@ class MavenSmokeTest extends Specification {
         resource == "Maven Smoke Tests Project" // project name
         verifyAll(metrics) {
           process_id > 0 // only applied to root spans
+          it["test.itr.tests_skipping.count"] == 1
+          it["test.code_coverage.lines_pct"] == 57
         }
         verifyAll(meta) {
           it["span.kind"] == "test_session_end"
@@ -130,9 +158,6 @@ class MavenSmokeTest extends Specification {
           it["test.itr.tests_skipping.type"] == "test"
           it["_dd.ci.itr.tests_skipped"] == "true"
         }
-        verifyAll(metrics) {
-          it["test.itr.tests_skipping.count"] == 1
-        }
       }
     }
 
@@ -142,21 +167,22 @@ class MavenSmokeTest extends Specification {
     verifyAll(moduleEndEvent) {
       verifyAll(content) {
         name == "maven.test_module"
-        resource == "Maven Smoke Tests Project test" // project name + execution goal
+        resource == "Maven Smoke Tests Project maven-surefire-plugin default-test" // project name + plugin name + execution ID
         test_session_id == sessionEndEvent.content.test_session_id
         test_module_id > 0
+        verifyAll(metrics) {
+          it["test.itr.tests_skipping.count"] == 1
+          it["test.code_coverage.lines_pct"] == 57
+        }
         verifyAll(meta) {
           it["span.kind"] == "test_module_end"
-          it["test.module"] == "Maven Smoke Tests Project test" // project name + execution goal
+          it["test.module"] == "Maven Smoke Tests Project maven-surefire-plugin default-test" // project name + plugin name + execution ID
           it["test.status"] == "pass"
           it["test.code_coverage.enabled"] == "true"
           it["test.itr.tests_skipping.enabled"] == "true"
           it["test.itr.tests_skipping.type"] == "test"
           it["_dd.ci.itr.tests_skipped"] == "true"
         }
-        verifyAll(metrics) {
-          it["test.itr.tests_skipping.count"] == 1
-        }
       }
     }
 
@@ -246,12 +272,13 @@ class MavenSmokeTest extends Specification {
         [
           filename: "src/test/java/datadog/smoke/TestSucceed.java",
           segments: [[7, -1, 7, -1, -1], [11, -1, 12, -1, -1]]
+        ],
+        [
+          filename: "src/main/java/datadog/smoke/Calculator.java",
+          segments: [[5, -1, 5, -1, -1]]
         ]
       ]
     ]
-
-    where:
-    mavenVersion << ["3.2.1", "3.2.5", "3.3.9", "3.5.4", "3.6.3", "3.8.8", "3.9.3", "4.0.0-alpha-7"]
   }
 
   private void givenWrapperPropertiesFile(String mavenVersion) {
@@ -323,7 +350,6 @@ class MavenSmokeTest extends Specification {
     def processBuilder = createProcessBuilder(["test"])
 
     processBuilder.environment().put("DD_API_KEY", "01234567890abcdef123456789ABCDEF")
-    processBuilder.environment().put("DD_APPLICATION_KEY", "01234567890abcdef123456789ABCDEF")
 
     return runProcess(processBuilder.start())
   }
@@ -384,8 +410,6 @@ class MavenSmokeTest extends Specification {
         "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_GIT_UPLOAD_ENABLED)}=false," +
         "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_COVERAGE_SEGMENTS_ENABLED)}=true," +
         "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_COMPILER_PLUGIN_VERSION)}=${JAVAC_PLUGIN_VERSION}," +
-        "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_VERSION)}=${JACOCO_PLUGIN_VERSION}," +
-        "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_INCLUDES)}=datadog.smoke.*," +
         "${Strings.propertyNameToSystemPropertyName(CiVisibilityConfig.CIVISIBILITY_AGENTLESS_URL)}=${intakeServer.address.toString()}"
       arguments += agentArgument.toString()
     }
diff --git a/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/main/java/datadog/smoke/Calculator.java b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/main/java/datadog/smoke/Calculator.java
new file mode 100644
index 00000000000..acff45019ee
--- /dev/null
+++ b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/main/java/datadog/smoke/Calculator.java
@@ -0,0 +1,7 @@
+package datadog.smoke;
+
+public class Calculator {
+  public static int add(int a, int b) {
+    return a + b;
+  }
+}
diff --git a/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/test/java/datadog/smoke/TestSucceed.java b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/test/java/datadog/smoke/TestSucceed.java
index 27f406fce1f..7f3074a5523 100644
--- a/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/test/java/datadog/smoke/TestSucceed.java
+++ b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run/src/test/java/datadog/smoke/TestSucceed.java
@@ -8,7 +8,7 @@ public class TestSucceed {
 
   @Test
   public void test_succeed() {
-    assertTrue(true);
+    assertTrue(Calculator.add(2, 2) == 4);
   }
 
   @Test
diff --git a/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/pom.xml b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/pom.xml
new file mode 100644
index 00000000000..e0b5c2d0fe0
--- /dev/null
+++ b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/pom.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.datadog.ci.test</groupId>
+  <artifactId>maven-smoke-test</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <name>Maven Smoke Tests Project</name>
+
+  <properties>
+    <maven.compiler.source>8</maven.compiler.source>
+    <maven.compiler.target>8</maven.compiler.target>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <!-- Older Maven versions (e.g. 3.2.1) use http protocol instead of https for repositories by default.
+    Nowadays Maven Central does not work over unencrypted http -->
+  <repositories>
+    <repository>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
+      <id>central</id>
+      <name>Central Repository</name>
+      <url>https://repo.maven.apache.org/maven2</url>
+    </repository>
+  </repositories>
+  <pluginRepositories>
+    <pluginRepository>
+      <releases>
+        <updatePolicy>never</updatePolicy>
+      </releases>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
+      <id>central</id>
+      <name>Central Repository</name>
+      <url>https://repo.maven.apache.org/maven2</url>
+    </pluginRepository>
+  </pluginRepositories>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.13.2</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>3.0.0</version>
+        <configuration>
+          <argLine>@{argLine}</argLine>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.jacoco</groupId>
+        <artifactId>jacoco-maven-plugin</artifactId>
+        <version>0.8.10</version>
+        <executions>
+          <execution>
+            <id>default-prepare-agent</id>
+            <goals>
+              <goal>prepare-agent</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>default-report</id>
+            <goals>
+              <goal>report</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/src/main/java/datadog/smoke/Calculator.java b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/src/main/java/datadog/smoke/Calculator.java
new file mode 100644
index 00000000000..acff45019ee
--- /dev/null
+++ b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/src/main/java/datadog/smoke/Calculator.java
@@ -0,0 +1,7 @@
+package datadog.smoke;
+
+public class Calculator {
+  public static int add(int a, int b) {
+    return a + b;
+  }
+}
diff --git a/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/src/test/java/datadog/smoke/TestSucceed.java b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/src/test/java/datadog/smoke/TestSucceed.java
new file mode 100644
index 00000000000..7f3074a5523
--- /dev/null
+++ b/dd-smoke-tests/maven/src/test/resources/test_successful_maven_run_with_jacoco_and_argline/src/test/java/datadog/smoke/TestSucceed.java
@@ -0,0 +1,18 @@
+package datadog.smoke;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class TestSucceed {
+
+  @Test
+  public void test_succeed() {
+    assertTrue(Calculator.add(2, 2) == 4);
+  }
+
+  @Test
+  public void test_to_skip_with_itr() {
+    assertTrue(true);
+  }
+}
diff --git a/dd-smoke-tests/osgi/build.gradle b/dd-smoke-tests/osgi/build.gradle
index ff38b6b35ee..957784df557 100644
--- a/dd-smoke-tests/osgi/build.gradle
+++ b/dd-smoke-tests/osgi/build.gradle
@@ -2,12 +2,19 @@ plugins {
   id 'biz.aQute.bnd.builder' version '6.1.0' apply false
 }
 
+repositories {
+  maven {
+    url 'https://resources.knopflerfish.org/repo/maven2/release'
+  }
+}
+
 apply from: "$rootDir/gradle/java.gradle"
 description = 'OSGi Application Smoke Tests.'
 
 configurations {
   equinox
   felix
+  knopflerfish
   bundles
 }
 
@@ -24,6 +31,7 @@ dependencies {
 
   equinox 'org.eclipse.platform:org.eclipse.osgi:3.15.300'
   felix 'org.apache.felix:org.apache.felix.framework:6.0.5'
+  knopflerfish 'org.knopflerfish.kf6:framework:8.0.11'
 
   bundles 'org.ops4j.pax.logging:pax-logging-api:1.11.0'
   bundles 'com.google.guava:guava:20.0'
@@ -91,6 +99,7 @@ tasks.withType(Test).configureEach {
   jvmArgs "-Ddatadog.smoketest.osgi.appJar.path=${tasks.jar.archiveFile.get()}"
   jvmArgs "-Ddatadog.smoketest.osgi.equinoxJar.path=${configurations.equinox.first().path}"
   jvmArgs "-Ddatadog.smoketest.osgi.felixJar.path=${configurations.felix.first().path}"
+  jvmArgs "-Ddatadog.smoketest.osgi.knopflerfishJar.path=${configurations.knopflerfish.first().path}"
 
   jvmArgs "-Ddatadog.smoketest.osgi.bundle.paths=" +
     "${tasks.commonBundle.archiveFile.get()}," +
diff --git a/dd-smoke-tests/osgi/src/main/java/datadog/smoketest/osgi/app/OSGiApplication.java b/dd-smoke-tests/osgi/src/main/java/datadog/smoketest/osgi/app/OSGiApplication.java
index cf4b000acaa..c50f1203752 100644
--- a/dd-smoke-tests/osgi/src/main/java/datadog/smoketest/osgi/app/OSGiApplication.java
+++ b/dd-smoke-tests/osgi/src/main/java/datadog/smoketest/osgi/app/OSGiApplication.java
@@ -69,5 +69,8 @@ public static void main(final String[] args) throws Exception {
     framework.stop();
 
     framework.waitForStop(1_000);
+
+    // XXX: Knopflerfish will leave some dangling non-daemon thread and prevent shutdown here.
+    System.exit(0);
   }
 }
diff --git a/dd-smoke-tests/osgi/src/test/groovy/datadog/smoketest/KnopflerfishSmokeTest.groovy b/dd-smoke-tests/osgi/src/test/groovy/datadog/smoketest/KnopflerfishSmokeTest.groovy
new file mode 100644
index 00000000000..32afc369d3d
--- /dev/null
+++ b/dd-smoke-tests/osgi/src/test/groovy/datadog/smoketest/KnopflerfishSmokeTest.groovy
@@ -0,0 +1,12 @@
+package datadog.smoketest
+
+class KnopflerfishSmokeTest extends AbstractOSGiSmokeTest {
+
+  String frameworkJar() {
+    return System.getProperty("datadog.smoketest.osgi.knopflerfishJar.path")
+  }
+
+  List<String> frameworkArguments() {
+    return ["-Dframework.factory=org.knopflerfish.framework.FrameworkFactoryImpl",]
+  }
+}
diff --git a/dd-smoke-tests/play-2.5/src/test/groovy/datadog/smoketest/PlayNettySmokeTest.groovy b/dd-smoke-tests/play-2.5/src/test/groovy/datadog/smoketest/PlayNettySmokeTest.groovy
index 261fd6fdf47..b480466d9df 100644
--- a/dd-smoke-tests/play-2.5/src/test/groovy/datadog/smoketest/PlayNettySmokeTest.groovy
+++ b/dd-smoke-tests/play-2.5/src/test/groovy/datadog/smoketest/PlayNettySmokeTest.groovy
@@ -75,6 +75,10 @@ class PlayNettySmokeTest extends AbstractServerSmokeTest {
     def allowed = /|\[netty.request\[filter1(\[filter\d])?(\[filter\d])?(\[filter\d])?
                    |\[play.request\[action1\[action2\[do-get\[netty.client.request]]]]]
                    |(\[filter\d])?(\[filter\d])?(\[filter\d])?]]/.stripMargin().replaceAll("[\n\r]", "")
+
+    // Ignore [command_execution], which can be generated by hostname calls from Config/Telemetry in some systems.
+    traceCounts = traceCounts.findAll { it.key != "[command_execution]" }
+
     traceCounts.entrySet().each {
       def matcher = (it.key =~ allowed).findAll()
       assert matcher.size() == 1 : """\
diff --git a/dd-smoke-tests/profiling-integration-tests/src/main/java/datadog/smoketest/profiling/ProfilingTestApplication.java b/dd-smoke-tests/profiling-integration-tests/src/main/java/datadog/smoketest/profiling/ProfilingTestApplication.java
index 125a09fa647..8d7a5d67c0c 100644
--- a/dd-smoke-tests/profiling-integration-tests/src/main/java/datadog/smoketest/profiling/ProfilingTestApplication.java
+++ b/dd-smoke-tests/profiling-integration-tests/src/main/java/datadog/smoketest/profiling/ProfilingTestApplication.java
@@ -1,8 +1,9 @@
 package datadog.smoketest.profiling;
 
 import datadog.trace.api.Trace;
-import datadog.trace.api.experimental.Profiling;
-import datadog.trace.api.experimental.ProfilingContextSetter;
+import datadog.trace.api.profiling.Profiling;
+import datadog.trace.api.profiling.ProfilingContextAttribute;
+import datadog.trace.api.profiling.ProfilingScope;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.lang.management.ManagementFactory;
 import java.lang.management.ThreadMXBean;
@@ -27,8 +28,9 @@ public class ProfilingTestApplication {
   private static final ExecutorService EXECUTOR_SERVICE = Executors.newSingleThreadExecutor();
   private static final ExecutorService FJP = new ForkJoinPool(4);
 
+  @SuppressWarnings("try")
   public static void main(final String[] args) throws Exception {
-    ProfilingContextSetter foo = Profiling.get().createContextSetter("foo");
+    ProfilingContextAttribute foo = Profiling.get().createContextAttribute("foo");
     long duration = -1;
     if (args.length > 0) {
       duration = TimeUnit.SECONDS.toMillis(Long.parseLong(args[0]));
@@ -39,12 +41,14 @@ public static void main(final String[] args) throws Exception {
     final long startTime = System.currentTimeMillis();
     int counter = 0;
     while (true) {
-      foo.set("context" + counter % 10);
-      tracedMethod();
-      if (duration > 0 && duration + startTime < System.currentTimeMillis()) {
-        break;
+      try (ProfilingScope scope = Profiling.get().newScope()) {
+        scope.setContextValue(foo, "context" + counter % 10);
+        tracedMethod();
+        if (duration > 0 && duration + startTime < System.currentTimeMillis()) {
+          break;
+        }
+        counter++;
       }
-      counter++;
     }
     System.out.println("Exiting (" + duration + ")");
   }
diff --git a/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/JFRBasedProfilingIntegrationTest.java b/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/JFRBasedProfilingIntegrationTest.java
index 536a7e4086a..aea7e74cc2c 100644
--- a/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/JFRBasedProfilingIntegrationTest.java
+++ b/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/JFRBasedProfilingIntegrationTest.java
@@ -731,7 +731,7 @@ private static ProcessBuilder createProcessBuilder(
             "-Ddd.profiling.experimental.queueing.time.threshold.millis=0",
             "-Ddd.profiling.experimental.jmethodid_cache.enabled=" + jmethodIdCacheEnabled,
             "-Ddatadog.slf4j.simpleLogger.defaultLogLevel=debug",
-            "-Ddd.profiling.experimental.context.attributes=foo,bar",
+            "-Ddd.profiling.context.attributes=foo,bar",
             "-Dorg.slf4j.simpleLogger.defaultLogLevel=debug",
             "-XX:+IgnoreUnrecognizedVMOptions",
             "-XX:+UnlockCommercialFeatures",
diff --git a/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/SmokeTestUtils.java b/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/SmokeTestUtils.java
index 8cb722f1803..36a4748b49b 100644
--- a/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/SmokeTestUtils.java
+++ b/dd-smoke-tests/profiling-integration-tests/src/test/java/datadog/smoketest/SmokeTestUtils.java
@@ -34,10 +34,6 @@ static ProcessBuilder createProcessBuilder(
                 "-Ddd.profiling.enabled=true",
                 "-Ddd.profiling.ddprof.enabled=true",
                 "-Ddd." + ProfilingConfig.PROFILING_AUXILIARY_TYPE + "=async",
-                "-Ddd."
-                    + ProfilingConfig.PROFILING_DATADOG_PROFILER_LIBPATH
-                    + "="
-                    + System.getenv("TEST_LIBASYNC"),
                 "-Ddd."
                     + ProfilingConfig.PROFILING_DATADOG_PROFILER_CPU_INTERVAL
                     + "="
@@ -67,6 +63,13 @@ static ProcessBuilder createProcessBuilder(
                 "-cp",
                 profilingShadowJar(),
                 targetClass));
+    if (System.getenv("TEST_LIBASYNC") != null) {
+      command.add(
+          "-Ddd."
+              + ProfilingConfig.PROFILING_DATADOG_PROFILER_LIBPATH
+              + "="
+              + System.getenv("TEST_LIBASYNC"));
+    }
     command.addAll(Arrays.asList(args));
     final ProcessBuilder processBuilder = new ProcessBuilder(command);
     processBuilder.directory(new File(buildDirectory()));
diff --git a/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java b/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
index a4d6e6b42e9..07e925357fb 100644
--- a/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
+++ b/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
@@ -5,6 +5,7 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
@@ -18,6 +19,7 @@
 public class SpringbootApplication {
 
   @Configuration
+  @ComponentScan(basePackages = {"datadog.smoketest.springboot.controller"})
   public static class WebConfig extends WebMvcConfigurerAdapter {
 
     @Override
diff --git a/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java b/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
deleted file mode 100644
index eff7eeb5f56..00000000000
--- a/dd-smoke-tests/spring-boot-2.6-webmvc/src/main/java/datadog/smoketest/springboot/controller/IastWebController.java
+++ /dev/null
@@ -1,314 +0,0 @@
-package datadog.smoketest.springboot.controller;
-
-import datadog.smoketest.springboot.TestBean;
-import ddtest.client.sources.Hasher;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-import java.io.File;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.HttpCookie;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Paths;
-import java.util.Map;
-import java.util.Random;
-import java.util.concurrent.ThreadLocalRandom;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.websocket.server.PathParam;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.core.io.Resource;
-import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.MatrixVariable;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestHeader;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.view.RedirectView;
-import org.springframework.web.servlet.view.UrlBasedViewResolver;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-@RestController
-public class IastWebController {
-
-  private final Resource xml;
-  private final Hasher hasher;
-  private final Random random;
-
-  public IastWebController(@Value("classpath:xpathi.xml") final Resource resource) {
-    hasher = new Hasher();
-    hasher.sha1();
-    random = new Random();
-    xml = resource;
-  }
-
-  @RequestMapping("/greeting")
-  public String greeting() {
-    return "Sup Dawg";
-  }
-
-  @RequestMapping("/weakhash")
-  public String weakhash() {
-    hasher.md5().digest("Message body".getBytes(StandardCharsets.UTF_8));
-    return "Weak Hash page";
-  }
-
-  @GetMapping("/insecure_cookie")
-  public String insecureCookie(HttpServletResponse response) {
-    Cookie cookie = new Cookie("user-id", "7");
-    response.addCookie(cookie);
-    response.setStatus(HttpStatus.OK.value());
-    return "Insecure cookie page";
-  }
-
-  @GetMapping("/secure_cookie")
-  public String secureCookie(HttpServletResponse response) {
-    Cookie cookie = new Cookie("user-id", "7");
-    cookie.setSecure(true);
-    response.addCookie(cookie);
-    response.setStatus(HttpStatus.OK.value());
-    return "Insecure cookie page";
-  }
-
-  @GetMapping("/insecure_cookie_from_header")
-  public String insecureCookieFromHeader(HttpServletResponse response) {
-    HttpCookie cookie = new HttpCookie("user-id", "7");
-
-    response.addHeader("Set-Cookie", cookie.toString());
-    response.setStatus(HttpStatus.OK.value());
-    return "Insecure cookie page";
-  }
-
-  @GetMapping("/unvalidated_redirect_from_header")
-  public String unvalidatedRedirectFromHeader(
-      @RequestParam String param, HttpServletResponse response) {
-    response.addHeader("Location", param);
-    response.setStatus(HttpStatus.FOUND.value());
-    return "Unvalidated redirect";
-  }
-
-  @GetMapping("/unvalidated_redirect_from_send_redirect")
-  public String unvalidatedRedirectFromSendRedirect(
-      @RequestParam String param, HttpServletResponse response) throws IOException {
-    response.sendRedirect(param);
-    return "Unvalidated redirect";
-  }
-
-  @GetMapping("/unvalidated_redirect_from_forward")
-  public String unvalidatedRedirectFromForward(
-      @RequestParam String param, HttpServletRequest request, HttpServletResponse response)
-      throws IOException, ServletException {
-    request.getRequestDispatcher(param).forward(request, response);
-    return "Unvalidated redirect";
-  }
-
-  @GetMapping("/unvalidated_redirect_from_redirect_view")
-  public RedirectView unvalidatedRedirectFromRedirectView(
-      @RequestParam String param, HttpServletResponse response) {
-    return new RedirectView(param);
-  }
-
-  @GetMapping("/unvalidated_redirect_from_model_and_view")
-  public ModelAndView unvalidatedRedirectFromModelAndView(
-      @RequestParam String param, HttpServletResponse response) {
-    return new ModelAndView(UrlBasedViewResolver.REDIRECT_URL_PREFIX + param);
-  }
-
-  @GetMapping("/unvalidated_redirect_forward_from_model_and_view")
-  public ModelAndView unvalidatedRedirectForwardFromModelAndView(
-      @RequestParam String param, HttpServletResponse response) {
-    return new ModelAndView(UrlBasedViewResolver.FORWARD_URL_PREFIX + param);
-  }
-
-  @RequestMapping("/async_weakhash")
-  public String asyncWeakhash() {
-    final Thread thread = new Thread(hasher::md4);
-    thread.start();
-    return "Weak Hash page";
-  }
-
-  @RequestMapping("/getparameter")
-  public String getParameter(@RequestParam String param, HttpServletRequest request) {
-    return "Param is: " + param;
-  }
-
-  @GetMapping("/cmdi/runtime")
-  public String commandInjectionRuntime(final HttpServletRequest request) {
-    withProcess(() -> Runtime.getRuntime().exec(request.getParameter("cmd")));
-    return "Command Injection page";
-  }
-
-  @GetMapping("/cmdi/process_builder")
-  public String commandInjectionProcessBuilder(final HttpServletRequest request) {
-    withProcess(() -> new ProcessBuilder(request.getParameter("cmd")).start());
-    return "Command Injection page";
-  }
-
-  @SuppressFBWarnings("PT_ABSOLUTE_PATH_TRAVERSAL")
-  @GetMapping("/path_traversal/file")
-  public String pathTraversalFile(final HttpServletRequest request) {
-    new File(request.getParameter("path"));
-    return "Path Traversal page";
-  }
-
-  @SuppressFBWarnings("PT_ABSOLUTE_PATH_TRAVERSAL")
-  @GetMapping("/path_traversal/paths")
-  public String pathTraversalPaths(final HttpServletRequest request) {
-    Paths.get(request.getParameter("path"));
-    return "Path Traversal page";
-  }
-
-  @GetMapping("/path_traversal/path")
-  public String pathTraversalPath(final HttpServletRequest request) {
-    new File(System.getProperty("user.dir")).toPath().resolve(request.getParameter("path"));
-    return "Path Traversal page";
-  }
-
-  @GetMapping("/param_binding/test")
-  public String paramBinding(final TestBean testBean) {
-    return "Test bean -> name: " + testBean.getName() + ", value: " + testBean.getValue();
-  }
-
-  @GetMapping("/request_header/test")
-  public String requestHeader(@RequestHeader("test-header") String header) {
-    return "Header is: " + header;
-  }
-
-  @GetMapping("/path_param")
-  public String pathParam(@PathParam("param") String param) {
-    return "PathParam is: " + param;
-  }
-
-  @GetMapping("/matrix/{var1}/{var2}")
-  public String matrixAndPathVariables(
-      @PathVariable String var1,
-      @MatrixVariable(pathVar = "var1") Map<String, String> m1,
-      @PathVariable String var2,
-      @MatrixVariable(pathVar = "var2") Map<String, String> m2) {
-    return "{var1=" + var1 + ", m1=" + m1 + ", var2=" + var2 + ", m2=" + m2 + "}";
-  }
-
-  @PostMapping("/request_body/test")
-  public String jsonRequestBody(@RequestBody TestBean testBean) {
-    return "@RequestBody to Test bean -> name: "
-        + testBean.getName()
-        + ", value: "
-        + testBean.getValue();
-  }
-
-  @GetMapping("/query_string")
-  public String queryString(final HttpServletRequest request) {
-    return "QueryString is: " + request.getQueryString();
-  }
-
-  @GetMapping("/cookie")
-  public String cookie(final HttpServletRequest request) {
-    final Cookie cookie = request.getCookies()[0];
-    return "Cookie is: " + cookie.getName() + "=" + cookie.getValue();
-  }
-
-  @PostMapping("/ssrf")
-  public String ssrf(@RequestParam("url") final String url) {
-    try {
-      final URL target = new URL(url);
-      final HttpURLConnection conn = (HttpURLConnection) target.openConnection();
-      conn.disconnect();
-    } catch (final Exception e) {
-    }
-    return "Url is: " + url;
-  }
-
-  @GetMapping("/weak_randomness")
-  public String weak_randomness(@RequestParam("mode") final Class<?> mode) {
-    final double result;
-    if (mode == ThreadLocalRandom.class) {
-      result = ThreadLocalRandom.current().nextDouble();
-    } else if (mode == Math.class) {
-      result = Math.random();
-    } else {
-      result = random.nextDouble();
-    }
-    return "Random : " + result;
-  }
-
-  @GetMapping("/xpathi/compile")
-  public String xpathInjectionCompile(final HttpServletRequest request)
-      throws XPathExpressionException {
-    XPathFactory.newInstance().newXPath().compile(request.getParameter("expression"));
-    return "XPath Injection page";
-  }
-
-  @GetMapping("/xpathi/evaluate")
-  public String xpathInjectionEvaluate(final HttpServletRequest request)
-      throws XPathExpressionException, ParserConfigurationException, IOException, SAXException {
-    DocumentBuilder b = DocumentBuilderFactory.newInstance().newDocumentBuilder();
-    Document doc = b.parse(xml.getInputStream());
-    String expression = request.getParameter("expression");
-    XPath xPath = XPathFactory.newInstance().newXPath();
-    xPath.evaluate(expression, doc.getDocumentElement(), XPathConstants.NODESET);
-    return "XPath Injection page";
-  }
-
-  @GetMapping("/xss/write")
-  @SuppressFBWarnings
-  public void xssWrite(final HttpServletRequest request, final HttpServletResponse response) {
-    try {
-      response.getWriter().write(request.getParameter("string"));
-    } catch (IOException e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  @GetMapping("/trust_boundary_violation")
-  public String trustBoundaryViolation(final HttpServletRequest request) {
-    String paramValue = request.getParameter("paramValue");
-    request.getSession().setAttribute("name", paramValue);
-    return "Trust Boundary violation page";
-  }
-
-  @GetMapping("/trust_boundary_violation_for_cookie")
-  public String trustBoundaryViolationForCookie(final HttpServletRequest request)
-      throws UnsupportedEncodingException {
-
-    for (Cookie theCookie : request.getCookies()) {
-      if (theCookie.getName().equals("https%3A%2F%2Fuser-id2")) {
-        String value = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
-        request.getSession().putValue(value, "88888");
-      }
-    }
-    return "Trust Boundary violation with cookie page";
-  }
-
-  private void withProcess(final Operation<Process> op) {
-    Process process = null;
-    try {
-      process = op.run();
-    } catch (final Throwable e) {
-      // ignore it
-    } finally {
-      if (process != null && process.isAlive()) {
-        process.destroyForcibly();
-      }
-    }
-  }
-
-  private interface Operation<E> {
-    E run() throws Throwable;
-  }
-}
diff --git a/dd-smoke-tests/springboot-openliberty-20/application/pom.xml b/dd-smoke-tests/springboot-openliberty-20/application/pom.xml
new file mode 100644
index 00000000000..db4fa8d6224
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-20/application/pom.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.springframework</groupId>
+  <artifactId>demo-app</artifactId>
+  <version>0.1.0</version>
+
+  <parent>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-parent</artifactId>
+    <version>2.2.7.RELEASE</version>
+  </parent>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-actuator</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+
+    <!-- https://mvnrepository.com/artifact/org.projectlombok/lombok -->
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <version>1.18.18</version>
+      <scope>provided</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>com.datadoghq</groupId>
+      <artifactId>java-dogstatsd-client</artifactId>
+      <version>2.11.0</version>
+    </dependency>
+  </dependencies>
+
+  <properties>
+    <java.version>1.8</java.version>
+  </properties>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <artifactId>maven-failsafe-plugin</artifactId>
+        <version>2.22.2</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>integration-test</goal>
+              <goal>verify</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+
+      <!-- the open liberty libraries are actually not in the class path, but instead is provided through the open liberty 
+        plugin when running ./mvnw package -->
+      <plugin>
+        <groupId>io.openliberty.tools</groupId>
+        <artifactId>liberty-maven-plugin</artifactId>
+        <version>3.2.3</version>
+        <configuration>
+          <libertyRuntimeVersion>22.0.0.13</libertyRuntimeVersion>
+          <appsDirectory>apps</appsDirectory>
+          <installAppPackages>spring-boot-project</installAppPackages>
+          <include>minify,runnable</include>
+          <packageName>demo-open-liberty-app</packageName>
+        </configuration>
+        <executions>
+          <execution>
+            <id>package-server</id>
+            <phase>package</phase>
+            <goals>
+              <goal>create</goal>
+              <goal>install-feature</goal>
+              <goal>deploy</goal>
+              <goal>package</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/dd-smoke-tests/springboot-openliberty/application/src/main/java/com/openliberty/demo/Application.java b/dd-smoke-tests/springboot-openliberty-20/application/src/main/java/com/openliberty/demo/Application.java
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/application/src/main/java/com/openliberty/demo/Application.java
rename to dd-smoke-tests/springboot-openliberty-20/application/src/main/java/com/openliberty/demo/Application.java
diff --git a/dd-smoke-tests/springboot-openliberty/application/src/main/java/com/openliberty/demo/DemoController.java b/dd-smoke-tests/springboot-openliberty-20/application/src/main/java/com/openliberty/demo/DemoController.java
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/application/src/main/java/com/openliberty/demo/DemoController.java
rename to dd-smoke-tests/springboot-openliberty-20/application/src/main/java/com/openliberty/demo/DemoController.java
diff --git a/dd-smoke-tests/springboot-openliberty/application/src/main/liberty/config/server.xml b/dd-smoke-tests/springboot-openliberty-20/application/src/main/liberty/config/server.xml
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/application/src/main/liberty/config/server.xml
rename to dd-smoke-tests/springboot-openliberty-20/application/src/main/liberty/config/server.xml
diff --git a/dd-smoke-tests/springboot-openliberty/application/src/main/resources/application.properties b/dd-smoke-tests/springboot-openliberty-20/application/src/main/resources/application.properties
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/application/src/main/resources/application.properties
rename to dd-smoke-tests/springboot-openliberty-20/application/src/main/resources/application.properties
diff --git a/dd-smoke-tests/springboot-openliberty-20/build.gradle b/dd-smoke-tests/springboot-openliberty-20/build.gradle
new file mode 100644
index 00000000000..a165f6425bd
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-20/build.gradle
@@ -0,0 +1,43 @@
+
+apply from: "$rootDir/gradle/java.gradle"
+description = 'SpringBoot Open Liberty 20-22 Smoke Tests'
+
+dependencies {
+  testImplementation project(':dd-smoke-tests')
+}
+
+def appDir = "$projectDir/application"
+def jarName = "demo-open-liberty-app.jar"
+def isWindows = System.getProperty("os.name").toLowerCase().contains("win")
+def mvnwCommand = isWindows ? 'mvnw.cmd' : 'mvnw'
+
+// compile the Open liberty spring boot server
+tasks.register('mvnStage', Exec) {
+  workingDir "$appDir"
+  commandLine "$rootDir/${mvnwCommand}", 'package'
+}
+
+tasks.named("compileTestGroovy").configure {
+  dependsOn 'mvnStage'
+  outputs.upToDateWhen {
+    !mvnStage.didWork
+  }
+}
+
+// compiled dir of the packaged spring boot app with embedded openliberty
+tasks.withType(Test).configureEach {
+  jvmArgs "-Ddatadog.smoketest.openliberty.jar.path=${appDir}/target/${jarName}"
+}
+
+
+spotless {
+  java {
+    target fileTree("$appDir") {
+      include "**/*.java"
+    }
+  }
+
+  groovyGradle {
+    target '*.gradle', "**/*.gradle"
+  }
+}
diff --git a/dd-smoke-tests/springboot-openliberty/src/main/resources/application.properties b/dd-smoke-tests/springboot-openliberty-20/src/main/resources/application.properties
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/src/main/resources/application.properties
rename to dd-smoke-tests/springboot-openliberty-20/src/main/resources/application.properties
diff --git a/dd-smoke-tests/springboot-openliberty/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy b/dd-smoke-tests/springboot-openliberty-20/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy
rename to dd-smoke-tests/springboot-openliberty-20/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy
diff --git a/dd-smoke-tests/springboot-openliberty/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy b/dd-smoke-tests/springboot-openliberty-20/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy
rename to dd-smoke-tests/springboot-openliberty-20/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy
diff --git a/dd-smoke-tests/springboot-openliberty/application/pom.xml b/dd-smoke-tests/springboot-openliberty-23/application/pom.xml
similarity index 97%
rename from dd-smoke-tests/springboot-openliberty/application/pom.xml
rename to dd-smoke-tests/springboot-openliberty-23/application/pom.xml
index 52194bfc671..32c53091d78 100644
--- a/dd-smoke-tests/springboot-openliberty/application/pom.xml
+++ b/dd-smoke-tests/springboot-openliberty-23/application/pom.xml
@@ -73,6 +73,7 @@
         <artifactId>liberty-maven-plugin</artifactId>
         <version>3.2.3</version>
         <configuration>
+          <libertyRuntimeVersion>22.0.0.1</libertyRuntimeVersion>
           <appsDirectory>apps</appsDirectory>
           <installAppPackages>spring-boot-project</installAppPackages>
           <include>minify,runnable</include>
diff --git a/dd-smoke-tests/springboot-openliberty-23/application/src/main/java/com/openliberty/demo/Application.java b/dd-smoke-tests/springboot-openliberty-23/application/src/main/java/com/openliberty/demo/Application.java
new file mode 100644
index 00000000000..b43b6a99076
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/application/src/main/java/com/openliberty/demo/Application.java
@@ -0,0 +1,13 @@
+package com.openliberty.demo;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+@Slf4j
+public class Application {
+  public static void main(String[] args) {
+    SpringApplication.run(Application.class, args);
+  }
+}
diff --git a/dd-smoke-tests/springboot-openliberty-23/application/src/main/java/com/openliberty/demo/DemoController.java b/dd-smoke-tests/springboot-openliberty-23/application/src/main/java/com/openliberty/demo/DemoController.java
new file mode 100644
index 00000000000..c35dc1cbe04
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/application/src/main/java/com/openliberty/demo/DemoController.java
@@ -0,0 +1,54 @@
+package com.openliberty.demo;
+
+import java.security.MessageDigest;
+import java.util.Random;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.RestTemplate;
+
+@RestController
+@Slf4j
+public class DemoController {
+  private int[] users;
+  private final int MAX_REQUESTS = 100000000;
+
+  @Value("${server.port}")
+  private String httpPort;
+
+  public DemoController() {
+    this.users = new int[100];
+  }
+
+  @RequestMapping("/connect")
+  public String connect() {
+    int userId = new Random().nextInt(users.length);
+    log.info(String.format("Length:%d", this.users.length));
+    log.info(String.format("Visiting user with userid:%d", userId));
+    RestTemplate restTemplate = new RestTemplate();
+    String uri = String.format("http://localhost:%s/connect/%d", this.httpPort, userId);
+
+    log.info(String.format("uri:%s", uri));
+    String result = restTemplate.getForObject(uri, String.class);
+    return result;
+  }
+
+  @RequestMapping("/connect/{user}")
+  public String connectFinal(@PathVariable("user") final int user) {
+    int visitID = this.users[user]++ % MAX_REQUESTS;
+    log.info("User {} visited {} times", user, visitID);
+    return String.format("%d:%d", user, visitID);
+  }
+
+  @RequestMapping("/vulnerability")
+  public String vulnerability() {
+    try {
+      MessageDigest.getInstance("MD5");
+    } catch (Exception e) {
+      return e.toString();
+    }
+    return "OK";
+  }
+}
diff --git a/dd-smoke-tests/springboot-openliberty-23/application/src/main/liberty/config/server.xml b/dd-smoke-tests/springboot-openliberty-23/application/src/main/liberty/config/server.xml
new file mode 100644
index 00000000000..3fc921cf256
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/application/src/main/liberty/config/server.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server description="demo-server">
+
+  <featureManager>
+    <feature>servlet-4.0</feature>
+    <feature>springBoot-2.0</feature>
+  </featureManager>
+
+  <httpEndpoint id="defaultHttpEndpoint" httpPort="${server.port}" httpsPort="9443" />
+  <springBootApplication id="demo-app" location="thin-demo-app-0.1.0.jar" name="demo-app" />
+</server>
diff --git a/dd-smoke-tests/springboot-openliberty-23/application/src/main/resources/application.properties b/dd-smoke-tests/springboot-openliberty-23/application/src/main/resources/application.properties
new file mode 100644
index 00000000000..4f3757c0d82
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/application/src/main/resources/application.properties
@@ -0,0 +1,4 @@
+dd.agent.host=localhost
+dd.dogstatsd.port=8125
+dd.global.tags=
+dd.shutdown.after.startup=false
\ No newline at end of file
diff --git a/dd-smoke-tests/springboot-openliberty/build.gradle b/dd-smoke-tests/springboot-openliberty-23/build.gradle
similarity index 100%
rename from dd-smoke-tests/springboot-openliberty/build.gradle
rename to dd-smoke-tests/springboot-openliberty-23/build.gradle
diff --git a/dd-smoke-tests/springboot-openliberty-23/src/main/resources/application.properties b/dd-smoke-tests/springboot-openliberty-23/src/main/resources/application.properties
new file mode 100644
index 00000000000..fe863efb16a
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/src/main/resources/application.properties
@@ -0,0 +1 @@
+logging.level.root=WARN
\ No newline at end of file
diff --git a/dd-smoke-tests/springboot-openliberty-23/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy b/dd-smoke-tests/springboot-openliberty-23/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy
new file mode 100644
index 00000000000..b87ca1eea76
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeTest.groovy
@@ -0,0 +1,100 @@
+package datadog.smoketest
+
+import datadog.trace.agent.test.utils.ThreadUtils
+import datadog.trace.api.Platform
+import okhttp3.FormBody
+import okhttp3.Request
+import spock.lang.Requires
+import spock.lang.Shared
+
+import java.util.stream.Collectors
+
+// This test currently fails on IBM JVMs
+@Requires({ !Platform.isJ9() })
+class SpringBootOpenLibertySmokeTest extends AbstractServerSmokeTest {
+
+  @Shared
+  int totalInvocations = 100
+
+  @Shared
+  String openLibertyShadowJar = System.getProperty("datadog.smoketest.openliberty.jar.path")
+
+  @Override
+  ProcessBuilder createProcessBuilder() {
+    List<String> command = new ArrayList<>()
+    command.add(javaPath())
+
+    command.addAll((String[]) ["-jar", openLibertyShadowJar, "--server.port=${httpPort}"])
+
+    List<String> envParams = new ArrayList<>()
+    envParams.addAll(defaultJavaProperties)
+    envParams.addAll(
+      "-Ddd.writer.type=MultiWriter:TraceStructureWriter:${output.getAbsolutePath()},DDAgentWriter",
+      "-Ddd.jmxfetch.enabled=false",
+      "-Ddd.appsec.enabled=true",
+      "-Ddatadog.slf4j.simpleLogger.defaultLogLevel=debug",
+      "-Dorg.slf4j.simpleLogger.defaultLogLevel=debug",
+      "-Ddd.iast.enabled=true", "-Ddd.iast.request-sampling=100"
+      )
+
+
+    String javaToolOptions = envParams.stream().collect(Collectors.joining(" "))
+
+
+    ProcessBuilder processBuilder = new ProcessBuilder(command)
+    processBuilder.environment().put("JAVA_TOOL_OPTIONS", javaToolOptions)
+    processBuilder.directory(new File(buildDirectory))
+    return processBuilder
+  }
+
+  @Override
+  File createTemporaryFile() {
+    return new File("${buildDirectory}/tmp/springboot-openliberty.out")
+  }
+
+  @Override
+  protected Set<String> expectedTraces() {
+    return [
+      "[servlet.request[spring.handler[http.request]]]",
+      "[servlet.request[spring.handler]]"
+    ].toSet()
+  }
+
+  def "Test concurrent requests to Spring Boot running Open Liberty"() {
+    setup:
+    def url = "http://localhost:${httpPort}/connect"
+    def request = new Request.Builder().url(url).get().build()
+
+    expect:
+    ThreadUtils.runConcurrently(10, totalInvocations, {
+      def response = client.newCall(request).execute()
+
+      assert response.body().string() != null
+      assert response.body().contentType().toString().contains("text/plain")
+      assert response.code() == 200
+    })
+
+    waitForTraceCount(2 * totalInvocations) == 2 * totalInvocations
+  }
+
+  def "Test concurrent high load requests to Spring Boot running Open Liberty"() {
+    def url = "http://localhost:${httpPort}/connect/0"
+    def formBody = new FormBody.Builder()
+    def value = "not too big!"
+    for (int i = 0; i < 100; i++) {
+      formBody.add("test" + i, value)
+    }
+    def request = new Request.Builder().url(url).post(formBody.build()).build()
+
+    expect:
+    ThreadUtils.runConcurrently(10, totalInvocations, {
+      def response = client.newCall(request).execute()
+
+      assert response.body().string() != null
+      assert response.body().contentType().toString().contains("text/plain")
+      assert response.code() == 200
+    })
+
+    waitForTraceCount(totalInvocations) == totalInvocations
+  }
+}
diff --git a/dd-smoke-tests/springboot-openliberty-23/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy b/dd-smoke-tests/springboot-openliberty-23/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy
new file mode 100644
index 00000000000..b77111f1c74
--- /dev/null
+++ b/dd-smoke-tests/springboot-openliberty-23/src/test/groovy/datadog/smoketest/SpringBootOpenLibertySmokeVulnerabilityTest.groovy
@@ -0,0 +1,83 @@
+package datadog.smoketest
+
+
+import datadog.trace.api.Platform
+import datadog.trace.test.agent.decoder.DecodedSpan
+import okhttp3.Request
+import spock.lang.Requires
+import spock.lang.Shared
+import spock.util.concurrent.PollingConditions
+
+import java.util.function.Function
+import java.util.stream.Collectors
+
+// This test currently fails on IBM JVMs
+@Requires({ !Platform.isJ9() })
+class SpringBootOpenLibertySmokeVulnerabilityTest extends AbstractServerSmokeTest {
+
+  @Shared
+  int totalInvocations = 100
+
+  @Shared
+  String openLibertyShadowJar = System.getProperty("datadog.smoketest.openliberty.jar.path")
+
+  @Override
+  ProcessBuilder createProcessBuilder() {
+    List<String> command = new ArrayList<>()
+    command.add(javaPath())
+
+    command.addAll((String[]) ["-jar", openLibertyShadowJar, "--server.port=${httpPort}"])
+
+    List<String> envParams = new ArrayList<>()
+    envParams.addAll(defaultJavaProperties)
+    envParams.addAll(
+      "-Ddd.writer.type=MultiWriter:TraceStructureWriter:${output.getAbsolutePath()},DDAgentWriter",
+      "-Ddd.jmxfetch.enabled=false",
+      "-Ddd.appsec.enabled=true",
+      "-Ddatadog.slf4j.simpleLogger.defaultLogLevel=debug",
+      "-Dorg.slf4j.simpleLogger.defaultLogLevel=debug",
+      "-Ddd.iast.enabled=true", "-Ddd.iast.request-sampling=100"
+      )
+
+
+    String javaToolOptions = envParams.stream().collect(Collectors.joining(" "))
+
+
+    ProcessBuilder processBuilder = new ProcessBuilder(command)
+    processBuilder.environment().put("JAVA_TOOL_OPTIONS", javaToolOptions)
+    processBuilder.directory(new File(buildDirectory))
+    return processBuilder
+  }
+
+  @Override
+  File createTemporaryFile() {
+    return new File("${buildDirectory}/tmp/springboot-openliberty.out")
+  }
+
+  @Override
+  Closure decodedTracesCallback() {
+    return {} // force traces decoding
+  }
+
+  private static boolean contains(String s) {
+    System.out.println("Checking span:" + s)
+    return s.contains("MD5")
+  }
+
+  private static Function<DecodedSpan, Boolean> hasVulnerability() {
+    return { span -> contains(span.toString()) }
+  }
+
+  def "Test vulnerability"() {
+    setup:
+    def url = "http://localhost:${httpPort}/vulnerability"
+    def request = new Request.Builder().url(url).get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    waitForSpan(new PollingConditions(timeout: 5), hasVulnerability())
+  }
+
+}
diff --git a/dd-smoke-tests/springboot-thymeleaf/build.gradle b/dd-smoke-tests/springboot-thymeleaf/build.gradle
new file mode 100644
index 00000000000..61977c12bf1
--- /dev/null
+++ b/dd-smoke-tests/springboot-thymeleaf/build.gradle
@@ -0,0 +1,30 @@
+plugins {
+  id 'java'
+  id 'org.springframework.boot' version '2.7.15'
+  id 'io.spring.dependency-management' version '1.0.15.RELEASE'
+  id 'java-test-fixtures'
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+description = 'SpringBoot thymeleaf 3 Smoke Tests.'
+
+java {
+  sourceCompatibility = '1.8'
+}
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+  implementation 'org.springframework.boot:spring-boot-starter-web'
+  implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+
+  testImplementation project(':dd-smoke-tests')
+  testImplementation(testFixtures(project(":dd-smoke-tests:iast-util")))
+}
+
+tasks.withType(Test).configureEach {
+  dependsOn "bootJar"
+  jvmArgs "-Ddatadog.smoketest.springboot.shadowJar.path=${tasks.bootJar.archiveFile.get()}"
+}
diff --git a/dd-smoke-tests/springboot-thymeleaf/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java b/dd-smoke-tests/springboot-thymeleaf/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
new file mode 100644
index 00000000000..2b4e4de452a
--- /dev/null
+++ b/dd-smoke-tests/springboot-thymeleaf/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
@@ -0,0 +1,11 @@
+package datadog.smoketest.springboot;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SpringbootApplication {
+  public static void main(String[] args) {
+    SpringApplication.run(SpringbootApplication.class, args);
+  }
+}
diff --git a/dd-smoke-tests/springboot-thymeleaf/src/main/java/datadog/smoketest/springboot/XssController.java b/dd-smoke-tests/springboot-thymeleaf/src/main/java/datadog/smoketest/springboot/XssController.java
new file mode 100644
index 00000000000..bd1ab538931
--- /dev/null
+++ b/dd-smoke-tests/springboot-thymeleaf/src/main/java/datadog/smoketest/springboot/XssController.java
@@ -0,0 +1,18 @@
+package datadog.smoketest.springboot;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Controller
+@RequestMapping("/xss")
+public class XssController {
+
+  @GetMapping("/utext")
+  public String utext(@RequestParam(name = "string") String name, Model model) {
+    model.addAttribute("xss", name);
+    return "utext";
+  }
+}
diff --git a/dd-smoke-tests/springboot-thymeleaf/src/main/resources/templates/utext.html b/dd-smoke-tests/springboot-thymeleaf/src/main/resources/templates/utext.html
new file mode 100644
index 00000000000..f360c85869f
--- /dev/null
+++ b/dd-smoke-tests/springboot-thymeleaf/src/main/resources/templates/utext.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+<head>
+  <title>Good Thymes Virtual Grocery</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+
+<body>
+<p>Testing xss for utext...</p>
+<p th:utext="${xss}">Test!</p>
+
+</body>
+
+</html>
diff --git a/dd-smoke-tests/springboot-thymeleaf/src/test/groovy/datadog/smoketest/springboot/IastSpringBootThymeleafSmokeTest.groovy b/dd-smoke-tests/springboot-thymeleaf/src/test/groovy/datadog/smoketest/springboot/IastSpringBootThymeleafSmokeTest.groovy
new file mode 100644
index 00000000000..4fec5e7061a
--- /dev/null
+++ b/dd-smoke-tests/springboot-thymeleaf/src/test/groovy/datadog/smoketest/springboot/IastSpringBootThymeleafSmokeTest.groovy
@@ -0,0 +1,49 @@
+package datadog.smoketest.springboot
+
+import datadog.smoketest.AbstractIastServerSmokeTest
+import okhttp3.Request
+
+import static datadog.trace.api.config.IastConfig.IAST_DEBUG_ENABLED
+import static datadog.trace.api.config.IastConfig.IAST_DETECTION_MODE
+import static datadog.trace.api.config.IastConfig.IAST_ENABLED
+import static datadog.trace.api.config.IastConfig.IAST_REDACTION_ENABLED
+
+class IastSpringBootThymeleafSmokeTest extends AbstractIastServerSmokeTest {
+
+  @Override
+  ProcessBuilder createProcessBuilder() {
+    String springBootShadowJar = System.getProperty('datadog.smoketest.springboot.shadowJar.path')
+
+    List<String> command = []
+    command.add(javaPath())
+    command.addAll(defaultJavaProperties)
+    command.addAll([
+      withSystemProperty(IAST_ENABLED, true),
+      withSystemProperty(IAST_DETECTION_MODE, 'FULL'),
+      withSystemProperty(IAST_DEBUG_ENABLED, true),
+      withSystemProperty(IAST_REDACTION_ENABLED, false)
+    ])
+    command.addAll((String[]) ['-jar', springBootShadowJar, "--server.port=${httpPort}"])
+    ProcessBuilder processBuilder = new ProcessBuilder(command)
+    processBuilder.directory(new File(buildDirectory))
+    // Spring will print all environment variables to the log, which may pollute it and affect log assertions.
+    processBuilder.environment().clear()
+    return processBuilder
+  }
+
+  void 'xss is present'() {
+    setup:
+    final url = "http://localhost:${httpPort}/xss/${method}?string=${param}"
+    final request = new Request.Builder().url(url).get().build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasVulnerability { vul -> vul.type == 'XSS' && vul.location.path == templateName && vul.location.line == line }
+
+    where:
+    method    | param |templateName| line
+    'utext'    | 'test' | 'utext' | 12
+  }
+}
diff --git a/dd-smoke-tests/springboot/build.gradle b/dd-smoke-tests/springboot/build.gradle
index de5cc97237c..40e4a7acb68 100644
--- a/dd-smoke-tests/springboot/build.gradle
+++ b/dd-smoke-tests/springboot/build.gradle
@@ -24,6 +24,7 @@ dependencies {
   implementation group: 'com.auth0', name: 'java-jwt', version: '4.0.0-beta.0'
   implementation group: 'com.auth0', name: 'jwks-rsa', version: '0.21.1'
   implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.22'
+  implementation group: 'com.google.code.gson', name: 'gson', version: '2.10'
 
   implementation group: 'org.springframework', name: 'spring-web', version: '1.5.18.RELEASE'
 
diff --git a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java b/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
index c3d10a88389..b8f214ec4a1 100644
--- a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
+++ b/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/SpringbootApplication.java
@@ -6,6 +6,7 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
@@ -19,6 +20,7 @@
 public class SpringbootApplication {
 
   @Configuration
+  @ComponentScan(basePackages = {"datadog.smoketest.springboot.controller"})
   public static class WebConfig extends WebMvcConfigurerAdapter {
 
     @Override
diff --git a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java b/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java
deleted file mode 100644
index 226109143e6..00000000000
--- a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/IastViewController.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package datadog.smoketest.springboot.controller;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.servlet.view.UrlBasedViewResolver;
-
-@Controller
-public class IastViewController {
-
-  @GetMapping("/unvalidated_redirect_from_string")
-  public String unvalidatedRedirectFromString(@RequestParam String param) {
-    return UrlBasedViewResolver.REDIRECT_URL_PREFIX + param;
-  }
-
-  @GetMapping("/unvalidated_redirect_forward_from_string")
-  public String unvalidatedRedirectForwardFromString(@RequestParam String param) {
-    return UrlBasedViewResolver.FORWARD_URL_PREFIX + param;
-  }
-
-  @GetMapping("/get_view_from_tainted_string")
-  public String getViewfromTaintedString(@RequestParam String param) {
-    return param;
-  }
-}
diff --git a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java b/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java
deleted file mode 100644
index fee5a93c926..00000000000
--- a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/controller/SimpleIastController.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package datadog.smoketest.springboot.controller;
-
-import java.io.PrintWriter;
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.springframework.web.servlet.HandlerMapping;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.mvc.AbstractController;
-
-public class SimpleIastController extends AbstractController {
-  @Override
-  protected ModelAndView handleRequestInternal(
-      HttpServletRequest request, HttpServletResponse response) throws Exception {
-    Map<String, String> vars =
-        (Map<String, String>) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
-    PrintWriter printWriter = response.getWriter();
-    response.setHeader("Content-type", "text/plain");
-    printWriter.write("Template variables:");
-    printWriter.write(vars.toString());
-    printWriter.write('\n');
-    return null;
-  }
-}
diff --git a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/jwt/JwtSecurityConfigurerAdapter.java b/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/jwt/JwtSecurityConfigurerAdapter.java
index 4154c41c48a..4e442b1507e 100644
--- a/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/jwt/JwtSecurityConfigurerAdapter.java
+++ b/dd-smoke-tests/springboot/src/main/java/datadog/smoketest/springboot/jwt/JwtSecurityConfigurerAdapter.java
@@ -38,7 +38,10 @@ protected void configure(HttpSecurity http) throws Exception {
         .accessDeniedHandler(
             (request, response, accessDeniedException) -> {
               response.sendError(403, "Access Denied.");
-            });
+            })
+        .and()
+        .headers()
+        .disable();
   }
 
   @Autowired
diff --git a/dd-smoke-tests/springboot/src/test/groovy/datadog/smoketest/IastSpringBootSmokeTest.groovy b/dd-smoke-tests/springboot/src/test/groovy/datadog/smoketest/IastSpringBootSmokeTest.groovy
index 628ed6901e3..949556d3139 100644
--- a/dd-smoke-tests/springboot/src/test/groovy/datadog/smoketest/IastSpringBootSmokeTest.groovy
+++ b/dd-smoke-tests/springboot/src/test/groovy/datadog/smoketest/IastSpringBootSmokeTest.groovy
@@ -1,6 +1,7 @@
 package datadog.smoketest
 
 import groovy.transform.CompileDynamic
+import okhttp3.FormBody
 import okhttp3.Request
 import okhttp3.Response
 
@@ -25,4 +26,23 @@ class IastSpringBootSmokeTest extends AbstractIastSpringBootTest {
         it.ranges[0].source.origin == 'http.request.header'
     }
   }
+
+
+  void 'gson deserialization'() {
+
+    given:
+    final url = "http://localhost:${httpPort}/gson_deserialization"
+    final body = new FormBody.Builder().add('json', '{"name": "gsonTest", "value" : "valueTest"}').build()
+    final request = new Request.Builder().url(url).post(body).build()
+
+    when:
+    client.newCall(request).execute()
+
+    then:
+    hasTainted { tainted ->
+      tainted.value == 'gsonTest' &&
+        tainted.ranges[0].source.name == 'json' &&
+        tainted.ranges[0].source.origin == 'http.request.parameter'
+    }
+  }
 }
diff --git a/dd-smoke-tests/src/main/groovy/datadog/smoketest/AbstractSmokeTest.groovy b/dd-smoke-tests/src/main/groovy/datadog/smoketest/AbstractSmokeTest.groovy
index a88dccdab73..e8d30b7ab31 100644
--- a/dd-smoke-tests/src/main/groovy/datadog/smoketest/AbstractSmokeTest.groovy
+++ b/dd-smoke-tests/src/main/groovy/datadog/smoketest/AbstractSmokeTest.groovy
@@ -102,7 +102,8 @@ abstract class AbstractSmokeTest extends ProcessManager {
     "-Ddd.profiling.ddprof.enabled=true",
     "-Ddd.profiling.ddprof.alloc.enabled=true",
     "-Ddatadog.slf4j.simpleLogger.defaultLogLevel=${logLevel()}",
-    "-Dorg.slf4j.simpleLogger.defaultLogLevel=${logLevel()}"
+    "-Dorg.slf4j.simpleLogger.defaultLogLevel=${logLevel()}",
+    "-Ddd.site="
   ]
 
   @Shared
diff --git a/dd-smoke-tests/vertx-3.4/application/src/main/java/datadog/smoketest/vertx_3_4/IastHandler.java b/dd-smoke-tests/vertx-3.4/application/src/main/java/datadog/smoketest/vertx_3_4/IastHandler.java
index a87415bf6e0..51f7696bae0 100644
--- a/dd-smoke-tests/vertx-3.4/application/src/main/java/datadog/smoketest/vertx_3_4/IastHandler.java
+++ b/dd-smoke-tests/vertx-3.4/application/src/main/java/datadog/smoketest/vertx_3_4/IastHandler.java
@@ -8,6 +8,7 @@
 import io.vertx.ext.web.Cookie;
 import io.vertx.ext.web.RoutingContext;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Optional;
 import java.util.Vector;
 
@@ -26,6 +27,13 @@ public void handle(final RoutingContext rc) {
       rc.response().end("Received " + value.get("header"));
     }
   },
+  HEADER_NAMES("/headernames") {
+    @Override
+    public void handle(final RoutingContext rc) {
+      final Collection<String> names = rc.request().headers().names();
+      rc.response().end("Received " + String.join(",", names));
+    }
+  },
   PARAM("/param") {
     @Override
     public void handle(final RoutingContext rc) {
@@ -40,6 +48,13 @@ public void handle(final RoutingContext rc) {
       rc.response().end("Received " + value.get("param"));
     }
   },
+  PARAM_NAMES("/paramnames") {
+    @Override
+    public void handle(final RoutingContext rc) {
+      final Collection<String> names = rc.request().params().names();
+      rc.response().end("Received " + String.join(",", names));
+    }
+  },
   FORM_ATTRIBUTE("/form_attribute") {
     @Override
     public void handle(final RoutingContext rc) {
diff --git a/dd-smoke-tests/vertx-3.9/application/src/main/java/datadog/smoketest/vertx_3_9/IastHandler.java b/dd-smoke-tests/vertx-3.9/application/src/main/java/datadog/smoketest/vertx_3_9/IastHandler.java
index 3c57dfe6ff6..afd0bca7075 100644
--- a/dd-smoke-tests/vertx-3.9/application/src/main/java/datadog/smoketest/vertx_3_9/IastHandler.java
+++ b/dd-smoke-tests/vertx-3.9/application/src/main/java/datadog/smoketest/vertx_3_9/IastHandler.java
@@ -8,6 +8,7 @@
 import io.vertx.core.json.JsonObject;
 import io.vertx.ext.web.RoutingContext;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Optional;
 import java.util.Vector;
 
@@ -27,6 +28,13 @@ public void handle(final RoutingContext rc) {
       rc.response().end("Received " + value.get("header"));
     }
   },
+  HEADER_NAMES("/headernames") {
+    @Override
+    public void handle(final RoutingContext rc) {
+      final Collection<String> names = rc.request().headers().names();
+      rc.response().end("Received " + String.join(",", names));
+    }
+  },
   PARAM("/param") {
     @Override
     public void handle(final RoutingContext rc) {
@@ -41,6 +49,13 @@ public void handle(final RoutingContext rc) {
       rc.response().end("Received " + value.get("param"));
     }
   },
+  PARAM_NAMES("/paramnames") {
+    @Override
+    public void handle(final RoutingContext rc) {
+      final Collection<String> names = rc.request().params().names();
+      rc.response().end("Received " + String.join(",", names));
+    }
+  },
   FORM_ATTRIBUTE("/form_attribute") {
     @Override
     public void handle(final RoutingContext rc) {
diff --git a/dd-smoke-tests/vertx-4.2/application/src/main/java/datadog/smoketest/vertx_4_2/IastHandler.java b/dd-smoke-tests/vertx-4.2/application/src/main/java/datadog/smoketest/vertx_4_2/IastHandler.java
index 1b89130275c..13ef2a064ea 100644
--- a/dd-smoke-tests/vertx-4.2/application/src/main/java/datadog/smoketest/vertx_4_2/IastHandler.java
+++ b/dd-smoke-tests/vertx-4.2/application/src/main/java/datadog/smoketest/vertx_4_2/IastHandler.java
@@ -9,6 +9,7 @@
 import io.vertx.core.json.JsonObject;
 import io.vertx.ext.web.RoutingContext;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Optional;
 import java.util.Vector;
 
@@ -28,6 +29,13 @@ public void handle(final RoutingContext rc) {
       rc.response().end("Received " + value.get("header"));
     }
   },
+  HEADER_NAMES("/headernames") {
+    @Override
+    public void handle(final RoutingContext rc) {
+      final Collection<String> names = rc.request().headers().names();
+      rc.response().end("Received " + String.join(",", names));
+    }
+  },
   PARAM("/param") {
     @Override
     public void handle(final RoutingContext rc) {
@@ -42,6 +50,13 @@ public void handle(final RoutingContext rc) {
       rc.response().end("Received " + value.get("param"));
     }
   },
+  PARAM_NAMES("/paramnames") {
+    @Override
+    public void handle(final RoutingContext rc) {
+      final Collection<String> names = rc.request().params().names();
+      rc.response().end("Received " + String.join(",", names));
+    }
+  },
   FORM_ATTRIBUTE("/form_attribute") {
     @Override
     public void handle(final RoutingContext rc) {
diff --git a/dd-trace-api/build.gradle b/dd-trace-api/build.gradle
index e1fd985559c..0341c91c2e7 100644
--- a/dd-trace-api/build.gradle
+++ b/dd-trace-api/build.gradle
@@ -18,19 +18,18 @@ excludedClassesCoverage += [
   'datadog.trace.api.internal.TraceSegment',
   'datadog.trace.api.internal.TraceSegment.NoOp',
   'datadog.trace.api.civisibility.CIVisibility',
-  'datadog.trace.api.civisibility.config.Configurations',
   'datadog.trace.api.civisibility.DDTestModule',
-  'datadog.trace.api.civisibility.config.SkippableTest',
   'datadog.trace.api.config.ProfilingConfig',
   'datadog.trace.api.interceptor.MutableSpan',
-  'datadog.trace.api.experimental.Profiling',
-  'datadog.trace.api.experimental.Profiling.NoOp',
-  'datadog.trace.api.experimental.ProfilingScope',
-  'datadog.trace.api.experimental.ProfilingContext',
-  'datadog.trace.api.experimental.ProfilingContextSetter.NoOp',
+  'datadog.trace.api.profiling.Profiling',
+  'datadog.trace.api.profiling.Profiling.NoOp',
+  'datadog.trace.api.profiling.ProfilingScope',
+  'datadog.trace.api.profiling.ProfilingContext',
+  'datadog.trace.api.profiling.ProfilingContextAttribute.NoOp',
   'datadog.trace.api.experimental.DataStreamsCheckpointer',
   'datadog.trace.api.experimental.DataStreamsCheckpointer.NoOp',
   'datadog.trace.api.experimental.DataStreamsContextCarrier',
+  'datadog.trace.api.experimental.DataStreamsContextCarrier.NoOp',
   'datadog.appsec.api.blocking.*',
 ]
 
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java b/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java
index c1dc8873d30..24cd05cacdf 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java
@@ -58,6 +58,7 @@ public final class ConfigDefaults {
   static final boolean DEFAULT_HTTP_CLIENT_SPLIT_BY_DOMAIN = false;
   static final boolean DEFAULT_DB_CLIENT_HOST_SPLIT_BY_INSTANCE = false;
   static final boolean DEFAULT_DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX = false;
+  static final boolean DEFAULT_DB_CLIENT_HOST_SPLIT_BY_HOST = false;
   static final String DEFAULT_DB_DBM_PROPAGATION_MODE_MODE = "disabled";
   static final int DEFAULT_SCOPE_DEPTH_LIMIT = 100;
   static final int DEFAULT_SCOPE_ITERATION_KEEP_ALIVE = 30; // in seconds
@@ -86,12 +87,14 @@ public final class ConfigDefaults {
   static final int DEFAULT_APPSEC_TRACE_RATE_LIMIT = 100;
   static final boolean DEFAULT_APPSEC_WAF_METRICS = true;
   static final int DEFAULT_APPSEC_WAF_TIMEOUT = 100000; // 0.1 s
+  static final boolean DEFAULT_API_SECURITY_ENABLED = false;
+  static final float DEFAULT_API_SECURITY_REQUEST_SAMPLE_RATE = 0.1f; // 10 %
 
   static final String DEFAULT_IAST_ENABLED = "false";
   static final boolean DEFAULT_IAST_DEBUG_ENABLED = false;
   public static final int DEFAULT_IAST_MAX_CONCURRENT_REQUESTS = 4;
   public static final int DEFAULT_IAST_VULNERABILITIES_PER_REQUEST = 2;
-  public static final int DEFAULT_IAST_REQUEST_SAMPLING = 30;
+  public static final int DEFAULT_IAST_REQUEST_SAMPLING = 33;
   static final Set<String> DEFAULT_IAST_WEAK_HASH_ALGORITHMS =
       new HashSet<>(Arrays.asList("SHA1", "SHA-1", "MD2", "MD5", "RIPEMD128", "MD4"));
   static final String DEFAULT_IAST_WEAK_CIPHER_ALGORITHMS =
@@ -101,7 +104,9 @@ public final class ConfigDefaults {
       "(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)";
   static final String DEFAULT_IAST_REDACTION_VALUE_PATTERN =
       "(?:bearer\\s+[a-z0-9\\._\\-]+|glpat-[\\w\\-]{20}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=\\-]+\\.ey[I-L][\\w=\\-]+(?:\\.[\\w.+/=\\-]+)?|(?:[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY[\\-]{5}|ssh-rsa\\s*[a-z0-9/\\.+]{100,}))";
+  public static final int DEFAULT_IAST_MAX_RANGE_COUNT = 10;
 
+  static final int DEFAULT_IAST_TRUNCATION_MAX_VALUE_LENGTH = 250;
   public static final boolean DEFAULT_IAST_DEDUPLICATION_ENABLED = true;
 
   static final boolean DEFAULT_USM_ENABLED = false;
@@ -113,9 +118,10 @@ public final class ConfigDefaults {
   static final boolean DEFAULT_CIVISIBILITY_BUILD_INSTRUMENTATION_ENABLED = true;
   static final boolean DEFAULT_CIVISIBILITY_AUTO_CONFIGURATION_ENABLED = true;
   static final boolean DEFAULT_CIVISIBILITY_COMPILER_PLUGIN_AUTO_CONFIGURATION_ENABLED = true;
-  static final String DEFAULT_CIVISIBILITY_COMPILER_PLUGIN_VERSION = "0.1.6";
+  static final String DEFAULT_CIVISIBILITY_COMPILER_PLUGIN_VERSION = "0.1.7";
+  static final String DEFAULT_CIVISIBILITY_JACOCO_PLUGIN_VERSION = "0.8.10";
   static final String DEFAULT_CIVISIBILITY_JACOCO_PLUGIN_EXCLUDES =
-      "datadog.trace.*:org.apache.commons.*";
+      "datadog.trace.*:org.apache.commons.*:org.mockito.*";
   static final boolean DEFAULT_CIVISIBILITY_GIT_UPLOAD_ENABLED = true;
   static final boolean DEFAULT_CIVISIBILITY_GIT_UNSHALLOW_ENABLED = true;
   static final long DEFAULT_CIVISIBILITY_GIT_COMMAND_TIMEOUT_MILLIS = 30_000;
@@ -143,12 +149,16 @@ public final class ConfigDefaults {
   static final boolean DEFAULT_DEBUGGER_METRICS_ENABLED = true;
   static final int DEFAULT_DEBUGGER_UPLOAD_BATCH_SIZE = 100;
   static final int DEFAULT_DEBUGGER_MAX_PAYLOAD_SIZE = 1024; // KiB
-  static final boolean DEFAULT_DEBUGGER_VERIFY_BYTECODE = false;
+  static final boolean DEFAULT_DEBUGGER_VERIFY_BYTECODE = true;
   static final boolean DEFAULT_DEBUGGER_INSTRUMENT_THE_WORLD = false;
   static final int DEFAULT_DEBUGGER_CAPTURE_TIMEOUT = 100; // milliseconds
+  static final boolean DEFAULT_DEBUGGER_SYMBOL_ENABLED = false;
+  static final boolean DEFAULT_DEBUGGER_SYMBOL_FORCE_UPLOAD = false;
+  static final int DEFAULT_DEBUGGER_SYMBOL_FLUSH_THRESHOLD = 100; // nb of classes
 
   static final boolean DEFAULT_TRACE_REPORT_HOSTNAME = false;
   static final String DEFAULT_TRACE_ANNOTATIONS = null;
+  static final boolean DEFAULT_TRACE_ANNOTATION_ASYNC = false;
   static final boolean DEFAULT_TRACE_EXECUTORS_ALL = false;
   static final String DEFAULT_TRACE_METHODS = null;
   static final String DEFAULT_MEASURE_METHODS = "";
@@ -167,6 +177,8 @@ public final class ConfigDefaults {
 
   static final boolean DEFAULT_TELEMETRY_ENABLED = true;
   static final int DEFAULT_TELEMETRY_HEARTBEAT_INTERVAL = 60; // in seconds
+  static final int DEFAULT_TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL =
+      24 * 60 * 60; // 24 hours in seconds
   static final int DEFAULT_TELEMETRY_METRICS_INTERVAL = 10; // in seconds
   static final boolean DEFAULT_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED = true;
 
@@ -182,9 +194,13 @@ public final class ConfigDefaults {
 
   static final float DEFAULT_TRACE_FLUSH_INTERVAL = 1;
 
-  static final boolean DEFAULT_ELASTICSEARCH_BODY_AND_PARAMS_ENABLED = true;
+  static final boolean DEFAULT_ELASTICSEARCH_BODY_ENABLED = false;
+  static final boolean DEFAULT_ELASTICSEARCH_PARAMS_ENABLED = true;
+  static final boolean DEFAULT_ELASTICSEARCH_BODY_AND_PARAMS_ENABLED = false;
 
   static final boolean DEFAULT_SPARK_TASK_HISTOGRAM_ENABLED = true;
+  static final boolean DEFAULT_JAX_RS_EXCEPTION_AS_ERROR_ENABLED = true;
+  static final boolean DEFAULT_TELEMETRY_DEBUG_REQUESTS_ENABLED = false;
 
   private ConfigDefaults() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/DDTags.java b/dd-trace-api/src/main/java/datadog/trace/api/DDTags.java
index f9a25b047a8..c2a7397b4fb 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/DDTags.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/DDTags.java
@@ -52,4 +52,5 @@ public class DDTags {
   public static final String INTERNAL_GIT_COMMIT_SHA = "_dd.git.commit.sha";
 
   public static final String PROFILING_ENABLED = "_dd.profiling.enabled";
+  public static final String BASE_SERVICE = "_dd.base_service";
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/IdGenerationStrategy.java b/dd-trace-api/src/main/java/datadog/trace/api/IdGenerationStrategy.java
index 627b11faa75..31c1b78a239 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/IdGenerationStrategy.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/IdGenerationStrategy.java
@@ -1,5 +1,7 @@
 package datadog.trace.api;
 
+import static java.lang.Long.MAX_VALUE;
+
 import java.security.SecureRandom;
 import java.util.concurrent.ThreadLocalRandom;
 import java.util.concurrent.atomic.AtomicLong;
@@ -58,7 +60,7 @@ private Random(boolean traceId128BitGenerationEnabled) {
 
     @Override
     protected long getNonZeroPositiveLong() {
-      return ThreadLocalRandom.current().nextLong(1, Long.MAX_VALUE);
+      return ThreadLocalRandom.current().nextLong(0, MAX_VALUE) + 1;
     }
   }
 
@@ -105,9 +107,9 @@ static final class SRandom extends IdGenerationStrategy {
 
     @Override
     protected long getNonZeroPositiveLong() {
-      long value = secureRandom.nextLong() & Long.MAX_VALUE;
+      long value = secureRandom.nextLong() & MAX_VALUE;
       while (value == 0) {
-        value = secureRandom.nextLong() & Long.MAX_VALUE;
+        value = secureRandom.nextLong() & MAX_VALUE;
       }
       return value;
     }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/Trace.java b/dd-trace-api/src/main/java/datadog/trace/api/Trace.java
index b6fb94a67a7..d558e459e90 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/Trace.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/Trace.java
@@ -19,4 +19,7 @@
 
   /** Set whether to measure a trace. By default traces are not measured. */
   boolean measured() default false;
+
+  /** Set whether to start a new trace. By default it continues the current trace. */
+  boolean noParent() default false;
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/civisibility/DDTestModule.java b/dd-trace-api/src/main/java/datadog/trace/api/civisibility/DDTestModule.java
index 4994e788214..1ad005bbf5c 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/civisibility/DDTestModule.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/civisibility/DDTestModule.java
@@ -1,6 +1,5 @@
 package datadog.trace.api.civisibility;
 
-import datadog.trace.api.civisibility.config.SkippableTest;
 import javax.annotation.Nullable;
 
 /**
@@ -89,12 +88,4 @@ DDTestSuite testSuiteStart(
       @Nullable Class<?> testClass,
       @Nullable Long startTime,
       boolean parallelized);
-
-  /**
-   * Checks if a given test can be skipped with Intelligent Test Runner or not
-   *
-   * @param test Test to be checked
-   * @return {@code true} if the test can be skipped, {@code false} otherwise
-   */
-  boolean skip(SkippableTest test);
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java
index 24b1610bf4c..c68380f613e 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/AppSecConfig.java
@@ -21,6 +21,8 @@ public final class AppSecConfig {
       "appsec.http.blocked.template.json";
   public static final String APPSEC_AUTOMATED_USER_EVENTS_TRACKING =
       "appsec.automated-user-events-tracking";
+  public static final String API_SECURITY_ENABLED = "experimental.api-security.enabled";
+  public static final String API_SECURITY_REQUEST_SAMPLE_RATE = "api-security.request.sample.rate";
 
   private AppSecConfig() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/CiVisibilityConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/CiVisibilityConfig.java
index 0be882eb434..1a3d861c3ac 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/CiVisibilityConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/CiVisibilityConfig.java
@@ -18,10 +18,16 @@ public final class CiVisibilityConfig {
   public static final String CIVISIBILITY_AGENT_JAR_URI = "civisibility.agent.jar.uri";
   public static final String CIVISIBILITY_AUTO_CONFIGURATION_ENABLED =
       "civisibility.auto.configuration.enabled";
+  public static final String CIVISIBILITY_ADDITIONAL_CHILD_PROCESS_JVM_ARGS =
+      "civisibility.additional.child.process.jvm.args";
   public static final String CIVISIBILITY_COMPILER_PLUGIN_AUTO_CONFIGURATION_ENABLED =
       "civisibility.compiler.plugin.auto.configuration.enabled";
   public static final String CIVISIBILITY_CODE_COVERAGE_ENABLED =
       "civisibility.code.coverage.enabled";
+  public static final String CIVISIBILITY_CODE_COVERAGE_PERCENTAGE_CALCULATION_ENABLED =
+      "civisibility.code.coverage.percentage.calculation.enabled";
+  public static final String CIVISIBILITY_CODE_COVERAGE_REPORT_DUMP_DIR =
+      "civisibility.code.coverage.report.dump.dir";
   public static final String CIVISIBILITY_COMPILER_PLUGIN_VERSION =
       "civisibility.compiler.plugin.version";
   public static final String CIVISIBILITY_JACOCO_PLUGIN_VERSION =
@@ -30,6 +36,8 @@ public final class CiVisibilityConfig {
       "civisibility.jacoco.plugin.includes";
   public static final String CIVISIBILITY_JACOCO_PLUGIN_EXCLUDES =
       "civisibility.jacoco.plugin.excludes";
+  public static final String CIVISIBILITY_JACOCO_GRADLE_SOURCE_SETS =
+      "civisibility.jacoco.gradle.sourcesets";
   public static final String CIVISIBILITY_DEBUG_PORT = "civisibility.debug.port";
   public static final String CIVISIBILITY_GIT_UPLOAD_ENABLED = "civisibility.git.upload.enabled";
   public static final String CIVISIBILITY_GIT_UNSHALLOW_ENABLED =
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/DebuggerConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/DebuggerConfig.java
index 0cbfd463913..4d81b8c5f75 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/DebuggerConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/DebuggerConfig.java
@@ -22,6 +22,13 @@ public final class DebuggerConfig {
       "dynamic.instrumentation.instrument.the.world";
   public static final String DEBUGGER_EXCLUDE_FILES = "dynamic.instrumentation.exclude.files";
   public static final String DEBUGGER_CAPTURE_TIMEOUT = "dynamic.instrumentation.capture.timeout";
+  public static final String DEBUGGER_REDACTED_IDENTIFIERS =
+      "dynamic.instrumentation.redacted.identifiers";
+  public static final String DEBUGGER_REDACTED_TYPES = "dynamic.instrumentation.redacted.types";
+  public static final String DEBUGGER_SYMBOL_ENABLED = "symbol.database.upload.enabled";
+  public static final String DEBUGGER_SYMBOL_FORCE_UPLOAD = "internal.force.symbol.database.upload";
+  public static final String DEBUGGER_SYMBOL_INCLUDES = "symbol.database.includes";
+  public static final String DEBUGGER_SYMBOL_FLUSH_THRESHOLD = "symbol.database.flush.threshold";
 
   private DebuggerConfig() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java
index abf200cba16..b7448701013 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java
@@ -39,6 +39,10 @@ public final class GeneralConfig {
   public static final String DOGSTATSD_ARGS = "dogstatsd.args";
   public static final String DOGSTATSD_NAMED_PIPE = "dogstatsd.pipe.name";
 
+  public static final String STATSD_CLIENT_QUEUE_SIZE = "statsd.client.queue.size";
+  public static final String STATSD_CLIENT_SOCKET_BUFFER = "statsd.client.socket.buffer";
+  public static final String STATSD_CLIENT_SOCKET_TIMEOUT = "statsd.client.socket.timeout";
+
   public static final String RUNTIME_METRICS_ENABLED = "runtime.metrics.enabled";
   public static final String RUNTIME_ID_ENABLED = "runtime-id.enabled";
 
@@ -62,9 +66,14 @@ public final class GeneralConfig {
 
   public static final String TELEMETRY_ENABLED = "instrumentation.telemetry.enabled";
   public static final String TELEMETRY_HEARTBEAT_INTERVAL = "telemetry.heartbeat.interval";
+  public static final String TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL =
+      "telemetry.extended.heartbeat.interval";
   public static final String TELEMETRY_METRICS_INTERVAL = "telemetry.metrics.interval";
+  public static final String TELEMETRY_METRICS_ENABLED = "telemetry.metrics.enabled";
   public static final String TELEMETRY_DEPENDENCY_COLLECTION_ENABLED =
       "telemetry.dependency-collection.enabled";
 
+  public static final String TELEMETRY_DEBUG_REQUESTS_ENABLED = "telemetry.debug.requests.enabled";
+
   private GeneralConfig() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java
index 0d4960de92e..3b6aa5c284c 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java
@@ -16,6 +16,9 @@ public final class IastConfig {
   public static final String IAST_REDACTION_ENABLED = "iast.redaction.enabled";
   public static final String IAST_REDACTION_NAME_PATTERN = "iast.redaction.name.pattern";
   public static final String IAST_REDACTION_VALUE_PATTERN = "iast.redaction.value.pattern";
+  public static final String IAST_MAX_RANGE_COUNT = "iast.max-range-count";
+
+  public static final String IAST_TRUNCATION_MAX_VALUE_LENGTH = "iast.trunctation.max.value.length";
 
   private IastConfig() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/ProfilingConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/ProfilingConfig.java
index 3fb5c2b0f74..0f166d804f1 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/ProfilingConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/ProfilingConfig.java
@@ -117,6 +117,11 @@ public final class ProfilingConfig {
   public static final int PROFILING_DATADOG_PROFILER_SAFEMODE_DEFAULT =
       12; // POP_METHOD|UNWIND_NATIVE
 
+  public static final String PROFILING_DATADOG_PROFILER_LINE_NUMBERS =
+      "profiling.ddprof.linenumbers";
+
+  public static final boolean PROFILING_DATADOG_PROFILER_LINE_NUMBERS_DEFAULT = true;
+
   @Deprecated
   public static final String PROFILING_DATADOG_PROFILER_MEMLEAK_ENABLED =
       "profiling.ddprof.memleak.enabled";
@@ -160,11 +165,13 @@ public final class ProfilingConfig {
 
   public static final String PROFILING_DEBUG_DUMP_PATH = "profiling.debug.dump_path";
 
-  public static final String PROFILING_CONTEXT_ATTRIBUTES =
-      "profiling.experimental.context.attributes";
+  public static final String PROFILING_CONTEXT_ATTRIBUTES = "profiling.context.attributes";
 
   public static final String PROFILING_CONTEXT_ATTRIBUTES_SPAN_NAME_ENABLED =
-      "profiling.experimental.context.attributes.span.name.enabled";
+      "profiling.context.attributes.span.name.enabled";
+
+  public static final String PROFILING_CONTEXT_ATTRIBUTES_RESOURCE_NAME_ENABLED =
+      "profiling.context.attributes.resource.name.enabled";
 
   public static final String PROFILING_QUEUEING_TIME_ENABLED =
       "profiling.experimental.queueing.time.enabled";
@@ -176,11 +183,10 @@ public final class ProfilingConfig {
 
   public static final long PROFILING_QUEUEING_TIME_THRESHOLD_MILLIS_DEFAULT = 50;
 
-  public static final String PROFILING_JMETHODID_CACHE_ENABLED =
-      "profiling.experimental.jmethodid_cache.enabled";
-  public static final boolean PROFILING_JMETHODID_CACHE_ENABLED_DEFAULT = false;
-
   public static final String PROFILING_ULTRA_MINIMAL = "profiling.ultra.minimal";
 
+  public static final String PROFILING_HEAP_HISTOGRAM_ENABLED = "profiling.heap.histogram.enabled";
+  public static final boolean PROFILING_HEAP_HISTOGRAM_ENABLED_DEFAULT = false;
+
   private ProfilingConfig() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/TraceInstrumentationConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/TraceInstrumentationConfig.java
index 0697353a7f6..a0b82c7dcb2 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/TraceInstrumentationConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/TraceInstrumentationConfig.java
@@ -17,6 +17,7 @@ public final class TraceInstrumentationConfig {
   public static final String INTEGRATION_SYNAPSE_LEGACY_OPERATION_NAME =
       "integration.synapse.legacy-operation-name";
   public static final String TRACE_ANNOTATIONS = "trace.annotations";
+  public static final String TRACE_ANNOTATION_ASYNC = "trace.annotation.async";
   public static final String TRACE_EXECUTORS_ALL = "trace.executors.all";
   public static final String TRACE_EXECUTORS = "trace.executors";
   public static final String TRACE_METHODS = "trace.methods";
@@ -29,6 +30,8 @@ public final class TraceInstrumentationConfig {
   public static final String TRACE_CLASSES_EXCLUDE_FILE = "trace.classes.exclude.file";
   public static final String TRACE_CLASSLOADERS_EXCLUDE = "trace.classloaders.exclude";
   public static final String TRACE_CODESOURCES_EXCLUDE = "trace.codesources.exclude";
+
+  @SuppressWarnings("unused")
   public static final String TRACE_TESTS_ENABLED = "trace.tests.enabled";
 
   public static final String TRACE_THREAD_POOL_EXECUTORS_EXCLUDE =
@@ -37,6 +40,8 @@ public final class TraceInstrumentationConfig {
   public static final String HTTP_SERVER_TAG_QUERY_STRING = "http.server.tag.query-string";
   public static final String HTTP_SERVER_RAW_QUERY_STRING = "http.server.raw.query-string";
   public static final String HTTP_SERVER_RAW_RESOURCE = "http.server.raw.resource";
+  public static final String HTTP_SERVER_DECODED_RESOURCE_PRESERVE_SPACES =
+      "http.server.decoded.resource.preserve-spaces";
   public static final String HTTP_SERVER_ROUTE_BASED_NAMING = "http.server.route-based-naming";
   public static final String HTTP_CLIENT_TAG_QUERY_STRING = "http.client.tag.query-string";
   public static final String HTTP_CLIENT_TAG_HEADERS = "http.client.tag.headers";
@@ -44,6 +49,7 @@ public final class TraceInstrumentationConfig {
   public static final String DB_CLIENT_HOST_SPLIT_BY_INSTANCE = "trace.db.client.split-by-instance";
   public static final String DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX =
       "trace.db.client.split-by-instance.type.suffix";
+  public static final String DB_CLIENT_HOST_SPLIT_BY_HOST = "trace.db.client.split-by-host";
 
   public static final String JDBC_PREPARED_STATEMENT_CLASS_NAME =
       "trace.jdbc.prepared.statement.class.name";
@@ -52,6 +58,9 @@ public final class TraceInstrumentationConfig {
 
   public static final String JDBC_CONNECTION_CLASS_NAME = "trace.jdbc.connection.class.name";
 
+  public static final String HTTP_URL_CONNECTION_CLASS_NAME =
+      "trace.http.url.connection.class.name";
+
   public static final String RUNTIME_CONTEXT_FIELD_INJECTION =
       "trace.runtime.context.field.injection";
   public static final String SERIALVERSIONUID_FIELD_INJECTION =
@@ -109,12 +118,19 @@ public final class TraceInstrumentationConfig {
   public static final String RESOLVER_CACHE_CONFIG = "resolver.cache.config";
   public static final String RESOLVER_CACHE_DIR = "resolver.cache.dir";
   public static final String RESOLVER_USE_LOADCLASS = "resolver.use.loadclass";
+  public static final String RESOLVER_USE_URL_CACHES = "resolver.use.url.caches";
   public static final String RESOLVER_RESET_INTERVAL = "resolver.reset.interval";
   public static final String RESOLVER_NAMES_ARE_UNIQUE = "resolver.names.are.unique";
+
+  public static final String ELASTICSEARCH_BODY_ENABLED = "trace.elasticsearch.body.enabled";
+  public static final String ELASTICSEARCH_PARAMS_ENABLED = "trace.elasticsearch.params.enabled";
   public static final String ELASTICSEARCH_BODY_AND_PARAMS_ENABLED =
       "trace.elasticsearch.body-and-params.enabled";
 
   public static final String SPARK_TASK_HISTOGRAM_ENABLED = "spark.task-histogram.enabled";
 
+  public static final String JAX_RS_EXCEPTION_AS_ERROR_ENABLED =
+      "trace.jax-rs.exception-as-error.enabled";
+
   private TraceInstrumentationConfig() {}
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/TracerConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/TracerConfig.java
index 11a864d56b9..3971d64eaa4 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/config/TracerConfig.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/config/TracerConfig.java
@@ -10,6 +10,8 @@
  * <p>If using dd-java-agent, these keys represent settings that should be configured via system
  * properties, environment variables, or config properties file. See online documentation for
  * details.
+ *
+ * @see TraceInstrumentationConfig for instrumentation specific configuration
  */
 public final class TracerConfig {
   public static final String ID_GENERATION_STRATEGY = "id.generation.strategy";
@@ -116,6 +118,9 @@ public final class TracerConfig {
   public static final String TRACE_PEER_SERVICE_DEFAULTS_ENABLED =
       "trace.peer.service.defaults.enabled";
 
+  public static final String TRACE_PEER_SERVICE_COMPONENT_OVERRIDES =
+      "trace.peer.service.component.overrides";
+
   public static final String TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED =
       "trace.remove.integration-service-names.enabled";
 
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsCheckpointer.java b/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsCheckpointer.java
index 1b64b1cc07b..574b9fdb2a0 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsCheckpointer.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsCheckpointer.java
@@ -18,7 +18,7 @@ static DataStreamsCheckpointer get() {
   /**
    * @param type The type of the checkpoint, usually the streaming technology being used. Examples:
    *     kafka, kinesis, sns etc.
-   * @paren source The source of data. For instance: topic, exchange or stream name.
+   * @param source The source of data. For instance: topic, exchange or stream name.
    * @param carrier An interface to the context carrier, from which the context will be extracted.
    *     I.e. wrapper around message headers.
    */
@@ -27,7 +27,7 @@ static DataStreamsCheckpointer get() {
   /**
    * @param type The type of the checkpoint, usually the streaming technology being used. Examples:
    *     kafka, kinesis, sns etc.
-   * @paren target The destination to which the data is being sent. For instance: topic, exchange or
+   * @param target The destination to which the data is being sent. For instance: topic, exchange or
    *     stream name.
    * @param carrier An interface to the context carrier, to which the context will be injected. I.e.
    *     wrapper around message headers.
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsContextCarrier.java b/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsContextCarrier.java
index dbfb969b82b..2d83b071a5e 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsContextCarrier.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/experimental/DataStreamsContextCarrier.java
@@ -1,5 +1,6 @@
 package datadog.trace.api.experimental;
 
+import java.util.Collections;
 import java.util.Map.Entry;
 import java.util.Set;
 
@@ -13,4 +14,18 @@ public interface DataStreamsContextCarrier {
    * @param value to be set
    */
   void set(String key, String value);
+
+  final class NoOp implements DataStreamsContextCarrier {
+    public static final DataStreamsContextCarrier INSTANCE = new NoOp();
+
+    private NoOp() {}
+
+    @Override
+    public Set<Entry<String, Object>> entries() {
+      return Collections.emptySet();
+    }
+
+    @Override
+    public void set(String key, String value) {}
+  }
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingContext.java b/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingContext.java
deleted file mode 100644
index 5be3e38a482..00000000000
--- a/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingContext.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package datadog.trace.api.experimental;
-
-public interface ProfilingContext {
-  /**
-   * Sets a context value to be appended to profiling data
-   *
-   * @param attribute the attribute (must have been registered at startup)
-   * @param value the value
-   */
-  default void setContextValue(String attribute, String value) {}
-
-  /**
-   * Clears a context value
-   *
-   * @param attribute the attribute (must have been registered at startup)
-   */
-  default void clearContextValue(String attribute) {}
-}
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingContextSetter.java b/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingContextSetter.java
deleted file mode 100644
index 63e29e484d5..00000000000
--- a/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingContextSetter.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package datadog.trace.api.experimental;
-
-public interface ProfilingContextSetter {
-  /**
-   * Sets the context value on the current thread
-   *
-   * @param value the value to set
-   */
-  void set(CharSequence value);
-
-  /** Clears context for the current thread */
-  void clear();
-
-  final class NoOp implements ProfilingContextSetter {
-
-    public static final NoOp INSTANCE = new NoOp();
-
-    @Override
-    public void set(CharSequence value) {}
-
-    @Override
-    public void clear() {}
-  }
-}
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/internal/InternalTracer.java b/dd-trace-api/src/main/java/datadog/trace/api/internal/InternalTracer.java
index 19e1c02092c..73a825ea329 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/internal/InternalTracer.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/internal/InternalTracer.java
@@ -1,7 +1,7 @@
 package datadog.trace.api.internal;
 
 import datadog.trace.api.experimental.DataStreamsCheckpointer;
-import datadog.trace.api.experimental.Profiling;
+import datadog.trace.api.profiling.Profiling;
 
 /**
  * Tracer internal features. Those features are not part of public API and can change or be removed
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/experimental/Profiling.java b/dd-trace-api/src/main/java/datadog/trace/api/profiling/Profiling.java
similarity index 67%
rename from dd-trace-api/src/main/java/datadog/trace/api/experimental/Profiling.java
rename to dd-trace-api/src/main/java/datadog/trace/api/profiling/Profiling.java
index 9f55dcc3416..e14d72bdcb3 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/experimental/Profiling.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/profiling/Profiling.java
@@ -1,11 +1,10 @@
-package datadog.trace.api.experimental;
+package datadog.trace.api.profiling;
 
 import datadog.trace.api.GlobalTracer;
 import datadog.trace.api.Tracer;
 import datadog.trace.api.internal.InternalTracer;
 
-/** This class is experimental and is subject to change and may be removed. */
-public interface Profiling extends ProfilingContext {
+public interface Profiling {
 
   static Profiling get() {
     Tracer tracer = GlobalTracer.get();
@@ -15,14 +14,6 @@ static Profiling get() {
     return NoOp.INSTANCE;
   }
 
-  /**
-   * Creates a setter for the attribute, slightly more efficient than calling setContextValue
-   *
-   * @param attribute the name of the attribute
-   * @return a setter which can be used to set and clear profiling context
-   */
-  ProfilingContextSetter createContextSetter(String attribute);
-
   /**
    * Stateful API which restores the previous context when closed. This requires more memory so has
    * higher overhead than the stateless API.
@@ -31,13 +22,22 @@ static Profiling get() {
    */
   ProfilingScope newScope();
 
+  /**
+   * Creates a decorator for the attribute, which can be used to set and clear contexts slightly
+   * more efficiently than with string attributes.
+   *
+   * @param attribute the name of the attribute
+   * @return a setter which can be used to set and clear profiling context
+   */
+  ProfilingContextAttribute createContextAttribute(String attribute);
+
   final class NoOp implements Profiling {
 
     public static final NoOp INSTANCE = new NoOp();
 
     @Override
-    public ProfilingContextSetter createContextSetter(String attribute) {
-      return ProfilingContextSetter.NoOp.INSTANCE;
+    public ProfilingContextAttribute createContextAttribute(String attribute) {
+      return ProfilingContextAttribute.NoOp.INSTANCE;
     }
 
     @Override
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingContext.java b/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingContext.java
new file mode 100644
index 00000000000..2d1f72b9a49
--- /dev/null
+++ b/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingContext.java
@@ -0,0 +1,38 @@
+package datadog.trace.api.profiling;
+
+public interface ProfilingContext {
+
+  /**
+   * Sets a context value to be appended to profiling data
+   *
+   * @param attribute the attribute (must have been registered at startup)
+   * @param value the value
+   */
+  default void setContextValue(String attribute, String value) {}
+
+  /**
+   * Sets a context value to be appended to profiling data. This overload requires an attribute to
+   * have been obtained by calling {@link Profiling#createContextAttribute(String)
+   * createContextAttribute} first, but is more efficient.
+   *
+   * @param attribute the attribute (must have been registered at startup)
+   * @param value the value
+   */
+  default void setContextValue(ProfilingContextAttribute attribute, String value) {}
+
+  /**
+   * Clears a context value.
+   *
+   * @param attribute the attribute (must have been registered at startup)
+   */
+  default void clearContextValue(String attribute) {}
+
+  /**
+   * Clears a context value. This overload requires an attribute to have been obtained by calling
+   * {@link Profiling#createContextAttribute(String) createContextAttribute} first, but is more
+   * efficient.
+   *
+   * @param attribute the attribute (must have been registered at startup)
+   */
+  default void clearContextValue(ProfilingContextAttribute attribute) {}
+}
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingContextAttribute.java b/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingContextAttribute.java
new file mode 100644
index 00000000000..9dcf909e48d
--- /dev/null
+++ b/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingContextAttribute.java
@@ -0,0 +1,9 @@
+package datadog.trace.api.profiling;
+
+public interface ProfilingContextAttribute {
+
+  final class NoOp implements ProfilingContextAttribute {
+
+    public static final NoOp INSTANCE = new NoOp();
+  }
+}
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingScope.java b/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingScope.java
similarity index 78%
rename from dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingScope.java
rename to dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingScope.java
index 44d59693b76..182cbe09ece 100644
--- a/dd-trace-api/src/main/java/datadog/trace/api/experimental/ProfilingScope.java
+++ b/dd-trace-api/src/main/java/datadog/trace/api/profiling/ProfilingScope.java
@@ -1,4 +1,4 @@
-package datadog.trace.api.experimental;
+package datadog.trace.api.profiling;
 
 public interface ProfilingScope extends AutoCloseable, ProfilingContext {
 
diff --git a/dd-trace-api/src/test/groovy/datadog/trace/api/EventTrackerTest.groovy b/dd-trace-api/src/test/groovy/datadog/trace/api/EventTrackerTest.groovy
index cbcb37835a8..eec5b70a4b1 100644
--- a/dd-trace-api/src/test/groovy/datadog/trace/api/EventTrackerTest.groovy
+++ b/dd-trace-api/src/test/groovy/datadog/trace/api/EventTrackerTest.groovy
@@ -1,10 +1,11 @@
 package datadog.trace.api
 
 import datadog.trace.api.experimental.DataStreamsCheckpointer
-import datadog.trace.api.experimental.Profiling
+
 import datadog.trace.api.interceptor.TraceInterceptor
 import datadog.trace.api.internal.InternalTracer
 import datadog.trace.api.internal.TraceSegment
+import datadog.trace.api.profiling.Profiling
 import datadog.trace.test.util.DDSpecification
 
 class EventTrackerTest extends DDSpecification {
diff --git a/dd-trace-core/build.gradle b/dd-trace-core/build.gradle
index 57b5176309d..eb468a2ddac 100644
--- a/dd-trace-core/build.gradle
+++ b/dd-trace-core/build.gradle
@@ -23,14 +23,14 @@ excludedClassesCoverage += [
   'datadog.trace.core.StatusLogger',
   'datadog.trace.core.scopemanager.ContinuableScopeManager.ScopeStackThreadLocal',
   'datadog.trace.core.scopemanager.SingleContinuation',
-  'datadog.trace.core.SpanCorrelationImpl',
-  'datadog.trace.core.Base64Encoder',
   // FIXME: more test coverage needed
   'datadog.trace.core.CoreTracer',
   'datadog.trace.core.CoreTracer.1',
   'datadog.trace.core.DDSpan.1',
   'datadog.trace.core.tagprocessor.QueryObfuscator.1',
-  'datadog.trace.common.writer.TraceProcessingWorker.NonDaemonTraceSerializingHandler'
+  'datadog.trace.common.writer.TraceProcessingWorker.NonDaemonTraceSerializingHandler',
+  // FIXME(DSM): test coverage needed
+  'datadog.trace.core.datastreams.DataStreamContextInjector'
 ]
 
 addTestSuite('traceAgentTest')
diff --git a/dd-trace-core/src/jmh/java/datadog/trace/core/DDSpanHelper.java b/dd-trace-core/src/jmh/java/datadog/trace/core/DDSpanHelper.java
index 2bb44a3ca1c..6f8d612159a 100644
--- a/dd-trace-core/src/jmh/java/datadog/trace/core/DDSpanHelper.java
+++ b/dd-trace-core/src/jmh/java/datadog/trace/core/DDSpanHelper.java
@@ -8,7 +8,7 @@ static DDSpan create(
       @Nonnull String instrumentationName,
       final long timestampMicro,
       @Nonnull DDSpanContext context) {
-    return DDSpan.create(instrumentationName, timestampMicro, context);
+    return DDSpan.create(instrumentationName, timestampMicro, context, null);
   }
 
   static void setAllTags(@Nonnull DDSpanContext context, Map<String, ?> map) {
diff --git a/dd-trace-core/src/jmh/java/datadog/trace/core/PendingTraceWrite.java b/dd-trace-core/src/jmh/java/datadog/trace/core/PendingTraceWrite.java
index 6d1a3c75c47..78dd3a07d11 100644
--- a/dd-trace-core/src/jmh/java/datadog/trace/core/PendingTraceWrite.java
+++ b/dd-trace-core/src/jmh/java/datadog/trace/core/PendingTraceWrite.java
@@ -61,7 +61,8 @@ public void init(TraceCounters counters, Blackhole blackhole) {
                 null,
                 NoopPathwayContext.INSTANCE,
                 false,
-                null));
+                null),
+            null);
     span =
         DDSpan.create(
             "benchmark",
@@ -85,7 +86,8 @@ public void init(TraceCounters counters, Blackhole blackhole) {
                 null,
                 NoopPathwayContext.INSTANCE,
                 false,
-                null));
+                null),
+            null);
   }
 
   @Threads(4)
diff --git a/dd-trace-core/src/jmh/java/datadog/trace/core/TracerMapperMap.java b/dd-trace-core/src/jmh/java/datadog/trace/core/TracerMapperMap.java
index f08709b5a9b..f8c979a2da8 100644
--- a/dd-trace-core/src/jmh/java/datadog/trace/core/TracerMapperMap.java
+++ b/dd-trace-core/src/jmh/java/datadog/trace/core/TracerMapperMap.java
@@ -119,6 +119,7 @@ private DDSpan createSpanWithOrigin(int iter, final String origin) {
             null,
             NoopPathwayContext.INSTANCE,
             false,
-            null));
+            null),
+        null);
   }
 }
diff --git a/dd-trace-core/src/main/java/datadog/trace/civisibility/writer/ddintake/CiTestCycleMapperV1.java b/dd-trace-core/src/main/java/datadog/trace/civisibility/writer/ddintake/CiTestCycleMapperV1.java
index b8d0b39f6f4..dd9f4a97bda 100644
--- a/dd-trace-core/src/main/java/datadog/trace/civisibility/writer/ddintake/CiTestCycleMapperV1.java
+++ b/dd-trace-core/src/main/java/datadog/trace/civisibility/writer/ddintake/CiTestCycleMapperV1.java
@@ -14,6 +14,7 @@
 import datadog.trace.core.CoreSpan;
 import datadog.trace.core.Metadata;
 import datadog.trace.core.MetadataConsumer;
+import datadog.trace.util.Strings;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.channels.WritableByteChannel;
@@ -284,9 +285,15 @@ public void accept(Metadata metadata) {
         writable.writeUTF8(metadata.getHttpStatusCode());
       }
       for (Map.Entry<String, Object> entry : metadata.getTags().entrySet()) {
-        if (!(entry.getValue() instanceof Number)) {
+        Object value = entry.getValue();
+        if (!(value instanceof Number)) {
           writable.writeString(entry.getKey(), null);
-          writable.writeObjectString(entry.getValue(), null);
+          if (!(value instanceof Iterable)) {
+            writable.writeObjectString(value, null);
+          } else {
+            String serializedValue = Strings.toJson((Iterable<String>) value);
+            writable.writeString(serializedValue, null);
+          }
         }
       }
     }
diff --git a/dd-trace-core/src/main/java/datadog/trace/common/writer/TraceStructureWriter.java b/dd-trace-core/src/main/java/datadog/trace/common/writer/TraceStructureWriter.java
index ed317c4f238..9c2cefd23d1 100644
--- a/dd-trace-core/src/main/java/datadog/trace/common/writer/TraceStructureWriter.java
+++ b/dd-trace-core/src/main/java/datadog/trace/common/writer/TraceStructureWriter.java
@@ -64,7 +64,7 @@ public TraceStructureWriter(String outputFile, boolean debugLog) {
             argsDebugLog = true;
             break;
           default:
-            log.warn("Illegal TraceStructureWriter argument '" + args[i] + "'");
+            log.warn("Illegal TraceStructureWriter argument '{}'", args[i]);
             break;
         }
       }
diff --git a/dd-trace-core/src/main/java/datadog/trace/common/writer/ddintake/DDEvpProxyApi.java b/dd-trace-core/src/main/java/datadog/trace/common/writer/ddintake/DDEvpProxyApi.java
index 70bf79fddc1..e0c0d8f69e8 100644
--- a/dd-trace-core/src/main/java/datadog/trace/common/writer/ddintake/DDEvpProxyApi.java
+++ b/dd-trace-core/src/main/java/datadog/trace/common/writer/ddintake/DDEvpProxyApi.java
@@ -85,7 +85,7 @@ public DDEvpProxyApi build() {
 
       final HttpRetryPolicy.Factory retryPolicyFactory = new HttpRetryPolicy.Factory(5, 100, 2.0);
 
-      log.debug("proxiedApiUrl: " + proxiedApiUrl);
+      log.debug("proxiedApiUrl: {}", proxiedApiUrl);
       return new DDEvpProxyApi(client, proxiedApiUrl, subdomain, retryPolicyFactory);
     }
   }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/CoreTracer.java b/dd-trace-core/src/main/java/datadog/trace/core/CoreTracer.java
index bc7b1dc3739..9caf0eebbd1 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/CoreTracer.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/CoreTracer.java
@@ -2,14 +2,7 @@
 
 import static datadog.communication.monitor.DDAgentStatsDClientManager.statsDClientManager;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_ASYNC_PROPAGATING;
-import static datadog.trace.api.DDTags.PATHWAY_HASH;
-import static datadog.trace.api.DDTags.SPAN_LINKS;
 import static datadog.trace.common.metrics.MetricsAggregatorFactory.createMetricsAggregator;
-import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_IN;
-import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_OUT;
-import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_TAG;
-import static datadog.trace.core.datastreams.TagsProcessor.TOPIC_TAG;
-import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
 import static datadog.trace.util.AgentThreadFactory.AGENT_THREAD_GROUP;
 import static datadog.trace.util.CollectionUtils.tryMakeImmutableMap;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
@@ -35,7 +28,6 @@
 import datadog.trace.api.TracePropagationStyle;
 import datadog.trace.api.config.GeneralConfig;
 import datadog.trace.api.experimental.DataStreamsCheckpointer;
-import datadog.trace.api.experimental.DataStreamsContextCarrier;
 import datadog.trace.api.gateway.CallbackProvider;
 import datadog.trace.api.gateway.InstrumentationGateway;
 import datadog.trace.api.gateway.RequestContext;
@@ -44,6 +36,7 @@
 import datadog.trace.api.interceptor.MutableSpan;
 import datadog.trace.api.interceptor.TraceInterceptor;
 import datadog.trace.api.internal.TraceSegment;
+import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.api.profiling.Timer;
 import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.api.scopemanager.ScopeListener;
@@ -72,14 +65,14 @@
 import datadog.trace.common.writer.Writer;
 import datadog.trace.common.writer.WriterFactory;
 import datadog.trace.common.writer.ddintake.DDIntakeTraceInterceptor;
-import datadog.trace.core.datastreams.DataStreamsContextCarrierAdapter;
+import datadog.trace.core.datastreams.DataStreamContextInjector;
 import datadog.trace.core.datastreams.DataStreamsMonitoring;
 import datadog.trace.core.datastreams.DefaultDataStreamsMonitoring;
-import datadog.trace.core.datastreams.NoopDataStreamsMonitoring;
 import datadog.trace.core.histogram.Histograms;
 import datadog.trace.core.monitor.HealthMetrics;
 import datadog.trace.core.monitor.MonitoringImpl;
 import datadog.trace.core.monitor.TracerHealthMetrics;
+import datadog.trace.core.propagation.CorePropagation;
 import datadog.trace.core.propagation.ExtractedContext;
 import datadog.trace.core.propagation.HttpCodec;
 import datadog.trace.core.propagation.PropagationTags;
@@ -89,7 +82,6 @@
 import datadog.trace.lambda.LambdaHandler;
 import datadog.trace.relocate.api.RatelimitedLogger;
 import datadog.trace.util.AgentTaskScheduler;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.io.IOException;
 import java.lang.ref.WeakReference;
 import java.math.BigInteger;
@@ -139,6 +131,10 @@ public static CoreTracerBuilder builder() {
   private final long startNanoTicks;
   /** How often should traced threads check clock ticks against the wall clock */
   private final long clockSyncPeriod;
+
+  /** If the tracer can create inferred services */
+  private final boolean allowInferredServices;
+
   /** Last time (in nanosecond ticks) the clock was checked for drift */
   private volatile long lastSyncTicks;
   /** Nanosecond offset to counter clock drift */
@@ -204,11 +200,7 @@ public static CoreTracerBuilder builder() {
   private final SortedSet<TraceInterceptor> interceptors =
       new ConcurrentSkipListSet<>(Comparator.comparingInt(TraceInterceptor::priority));
 
-  private final HttpCodec.Injector injector;
-
-  private final Map<TracePropagationStyle, HttpCodec.Injector> injectors;
-  private final HttpCodec.Extractor extractor;
-
+  private final CorePropagation propagation;
   private final boolean logs128bTraceIdEnabled;
 
   private final InstrumentationGateway instrumentationGateway;
@@ -232,13 +224,6 @@ PropagationTags.Factory getPropagationTagsFactory() {
     return propagationTagsFactory;
   }
 
-  @Override
-  public AgentScope.Continuation capture() {
-    final AgentScope activeScope = activeScope();
-
-    return activeScope == null ? null : activeScope.capture();
-  }
-
   @Override
   public void onRootSpanFinished(AgentSpan root, EndpointTracker tracker) {
     endpointCheckpointer.onRootSpanFinished(root, tracker);
@@ -620,21 +605,24 @@ private CoreTracer(
 
     if (dataStreamsMonitoring == null) {
       this.dataStreamsMonitoring =
-          createDataStreamsMonitoring(config, sharedCommunicationObjects, this.timeSource);
+          new DefaultDataStreamsMonitoring(
+              config, sharedCommunicationObjects, this.timeSource, this::captureTraceConfig);
     } else {
       this.dataStreamsMonitoring = dataStreamsMonitoring;
     }
     this.dataStreamsMonitoring.start();
 
-    this.injector = injector;
-    HttpCodec.Extractor builtExtractor;
-    if (extractor != null) {
-      builtExtractor = extractor;
-    } else {
-      builtExtractor = HttpCodec.createExtractor(config, this::captureTraceConfig);
-    }
-    builtExtractor = this.dataStreamsMonitoring.decorate(builtExtractor);
-    this.extractor = builtExtractor;
+    // Create default extractor from config if not provided and decorate it with DSM extractor
+    HttpCodec.Extractor builtExtractor =
+        extractor == null ? HttpCodec.createExtractor(config, this::captureTraceConfig) : extractor;
+    builtExtractor = this.dataStreamsMonitoring.extractor(builtExtractor);
+    // Create all HTTP injectors plus the DSM one
+    Map<TracePropagationStyle, HttpCodec.Injector> injectors =
+        HttpCodec.allInjectorsFor(config, invertMap(baggageMapping));
+    DataStreamContextInjector dataStreamContextInjector = this.dataStreamsMonitoring.injector();
+    // Store all propagators to propagation
+    this.propagation =
+        new CorePropagation(builtExtractor, injector, injectors, dataStreamContextInjector);
 
     this.tagInterceptor =
         null == tagInterceptor ? new TagInterceptor(new RuleFlags(config)) : tagInterceptor;
@@ -665,8 +653,6 @@ private CoreTracer(
     callbackProviderIast = instrumentationGateway.getCallbackProvider(RequestContextSlot.IAST);
     universalCallbackProvider = instrumentationGateway.getUniversalCallbackProvider();
 
-    injectors = HttpCodec.allInjectorsFor(config, invertMap(baggageMapping));
-
     shutdownCallback = new ShutdownHook(this);
     try {
       Runtime.getRuntime().addShutdownHook(shutdownCallback);
@@ -681,6 +667,7 @@ private CoreTracer(
     propagationTagsFactory = PropagationTags.factory(config);
     this.profilingContextIntegration = profilingContextIntegration;
     this.injectBaggageAsTags = injectBaggageAsTags;
+    this.allowInferredServices = SpanNaming.instance().namingSchema().allowInferredServices();
   }
 
   /** Used by AgentTestRunner to inject configuration into the test tracer. */
@@ -700,13 +687,15 @@ public void rebuildTraceConfig(Config config) {
 
   @Override
   protected void finalize() {
-    try {
-      shutdownCallback.run();
-      Runtime.getRuntime().removeShutdownHook(shutdownCallback);
-    } catch (final IllegalStateException e) {
-      // Do nothing.  Already shutting down
-    } catch (final Exception e) {
-      log.error("Error while finalizing DDTracer.", e);
+    if (null != shutdownCallback) {
+      try {
+        shutdownCallback.run();
+        Runtime.getRuntime().removeShutdownHook(shutdownCallback);
+      } catch (final IllegalStateException e) {
+        // Do nothing.  Already shutting down
+      } catch (final Exception e) {
+        log.error("Error while finalizing DDTracer.", e);
+      }
     }
   }
 
@@ -736,7 +725,7 @@ private void registerClassLoader(final ClassLoader classLoader) {
         addTraceInterceptor(interceptor);
       }
     } catch (final ServiceConfigurationError e) {
-      log.warn("Problem loading TraceInterceptor for classLoader: " + classLoader, e);
+      log.warn("Problem loading TraceInterceptor for classLoader: {}", classLoader, e);
     }
   }
 
@@ -848,7 +837,7 @@ public AgentScope activeScope() {
 
   @Override
   public AgentPropagation propagate() {
-    return this;
+    return this.propagation;
   }
 
   @Override
@@ -856,99 +845,6 @@ public AgentSpan noopSpan() {
     return AgentTracer.NoopAgentSpan.INSTANCE;
   }
 
-  @Override
-  public <C> void inject(final AgentSpan span, final C carrier, final Setter<C> setter) {
-    inject(span.context(), carrier, setter, null);
-  }
-
-  @Override
-  public <C> void inject(final AgentSpan.Context context, final C carrier, final Setter<C> setter) {
-    inject(context, carrier, setter, null);
-  }
-
-  @Override
-  public <C> void inject(AgentSpan span, C carrier, Setter<C> setter, TracePropagationStyle style) {
-    inject(span.context(), carrier, setter, style);
-  }
-
-  @Override
-  public <C> void injectBinaryPathwayContext(
-      AgentSpan span, C carrier, BinarySetter<C> setter, LinkedHashMap<String, String> sortedTags) {
-    PathwayContext pathwayContext = span.context().getPathwayContext();
-    if (pathwayContext == null) {
-      return;
-    }
-    pathwayContext.setCheckpoint(sortedTags, dataStreamsMonitoring::add);
-    try {
-      byte[] encodedContext = pathwayContext.encode();
-
-      if (encodedContext != null) {
-        log.debug("Injecting pathway context {}", pathwayContext);
-        setter.set(carrier, PathwayContext.PROPAGATION_KEY_BASE64, encodedContext);
-        injectPathwayTags(span, pathwayContext);
-      }
-    } catch (IOException e) {
-      log.debug("Unable to set encode pathway context", e);
-    }
-  }
-
-  private static void injectPathwayTags(AgentSpan span, PathwayContext pathwayContext) {
-    long pathwayHash = pathwayContext.getHash();
-    if (pathwayHash != 0) {
-      span.setTag(PATHWAY_HASH, Long.toUnsignedString(pathwayHash));
-    }
-  }
-
-  @Override
-  public <C> void injectPathwayContext(
-      AgentSpan span, C carrier, Setter<C> setter, LinkedHashMap<String, String> sortedTags) {
-    PathwayContext pathwayContext = span.context().getPathwayContext();
-    if (pathwayContext == null) {
-      return;
-    }
-    pathwayContext.setCheckpoint(sortedTags, dataStreamsMonitoring::add);
-    try {
-      String encodedContext = pathwayContext.strEncode();
-      if (encodedContext != null) {
-        setter.set(carrier, PathwayContext.PROPAGATION_KEY_BASE64, encodedContext);
-        injectPathwayTags(span, pathwayContext);
-      }
-    } catch (IOException e) {
-      log.debug("Unable to set encode pathway context", e);
-    }
-  }
-
-  private <C> void inject(
-      AgentSpan.Context context, C carrier, Setter<C> setter, TracePropagationStyle style) {
-    if (!(context instanceof DDSpanContext)) {
-      return;
-    }
-
-    final DDSpanContext ddSpanContext = (DDSpanContext) context;
-    ddSpanContext.getTrace().setSamplingPriorityIfNecessary();
-
-    if (null == style) {
-      injector.inject(ddSpanContext, carrier, setter);
-    } else {
-      injectors.get(style).inject(ddSpanContext, carrier, setter);
-    }
-  }
-
-  @Override
-  public <C> AgentSpan.Context.Extracted extract(final C carrier, final ContextVisitor<C> getter) {
-    return extractor.extract(carrier, getter);
-  }
-
-  @Override
-  public void setDataStreamCheckpoint(
-      AgentSpan span, LinkedHashMap<String, String> sortedTags, long defaultTimestamp) {
-    PathwayContext pathwayContext = span.context().getPathwayContext();
-    if (pathwayContext != null) {
-      pathwayContext.setCheckpoint(sortedTags, dataStreamsMonitoring::add, defaultTimestamp);
-      injectPathwayTags(span, pathwayContext);
-    }
-  }
-
   @Override
   public AgentSpan.Context notifyExtensionStart(Object event) {
     return LambdaHandler.notifyStartInvocation(event, propagationTagsFactory);
@@ -1095,50 +991,7 @@ public boolean addTraceInterceptor(final TraceInterceptor interceptor) {
 
   @Override
   public DataStreamsCheckpointer getDataStreamsCheckpointer() {
-    return this;
-  }
-
-  @Override
-  public void setConsumeCheckpoint(String type, String source, DataStreamsContextCarrier carrier) {
-    if (type == null || type.isEmpty() || source == null || source.isEmpty()) {
-      log.warn("setConsumeCheckpoint should be called with non-empty type and source");
-      return;
-    }
-
-    AgentSpan span = activeSpan();
-    if (span == null) {
-      log.warn("SetConsumeCheckpoint is called with no active span");
-      return;
-    }
-    this.dataStreamsMonitoring.mergePathwayContextIntoSpan(span, carrier);
-
-    LinkedHashMap<String, String> sortedTags = new LinkedHashMap<>();
-    sortedTags.put(DIRECTION_TAG, DIRECTION_IN);
-    sortedTags.put(TOPIC_TAG, source);
-    sortedTags.put(TYPE_TAG, type);
-
-    setDataStreamCheckpoint(span, sortedTags, 0);
-  }
-
-  @Override
-  public void setProduceCheckpoint(String type, String target, DataStreamsContextCarrier carrier) {
-    if (type == null || type.isEmpty() || target == null || target.isEmpty()) {
-      log.warn("SetProduceCheckpoint should be called with non-empty type and target");
-      return;
-    }
-
-    AgentSpan span = activeSpan();
-    if (span == null) {
-      log.warn("SetProduceCheckpoint is called with no active span");
-      return;
-    }
-
-    LinkedHashMap<String, String> sortedTags = new LinkedHashMap<>();
-    sortedTags.put(DIRECTION_TAG, DIRECTION_OUT);
-    sortedTags.put(TOPIC_TAG, target);
-    sortedTags.put(TYPE_TAG, type);
-
-    injectPathwayContext(span, carrier, DataStreamsContextCarrierAdapter.INSTANCE, sortedTags);
+    return this.dataStreamsMonitoring;
   }
 
   @Override
@@ -1229,7 +1082,11 @@ public ProfilingContextIntegration getProfilingContext() {
 
   @Override
   public TraceSegment getTraceSegment() {
-    AgentSpan.Context ctx = activeSpan().context();
+    AgentSpan activeSpan = activeSpan();
+    if (activeSpan == null) {
+      return null;
+    }
+    AgentSpan.Context ctx = activeSpan.context();
     if (ctx instanceof DDSpanContext) {
       return ((DDSpanContext) ctx).getTraceSegment();
     }
@@ -1254,7 +1111,8 @@ private static StatsDClient createStatsDClient(final Config config) {
               host,
               port,
               config.getDogStatsDNamedPipe(),
-              "datadog.tracer",
+              // use replace to stop string being changed to 'ddtrot.dd.tracer' in dd-trace-ot
+              "datadog:tracer".replace(':', '.'),
               generateConstantTags(config));
     }
   }
@@ -1283,17 +1141,6 @@ private static String[] generateConstantTags(final Config config) {
     return constantTags.toArray(new String[0]);
   }
 
-  @SuppressForbidden
-  private static DataStreamsMonitoring createDataStreamsMonitoring(
-      Config config, SharedCommunicationObjects sharedCommunicationObjects, TimeSource timeSource) {
-    if (config.isDataStreamsEnabled()) {
-      return new DefaultDataStreamsMonitoring(config, sharedCommunicationObjects, timeSource);
-    } else {
-      log.debug("Data streams monitoring not enabled.");
-      return new NoopDataStreamsMonitoring();
-    }
-  }
-
   Recording writeTimer() {
     return traceWriteTimer.start();
   }
@@ -1344,7 +1191,7 @@ public CoreSpanBuilder ignoreActiveSpan() {
     }
 
     private DDSpan buildSpan() {
-      DDSpan span = DDSpan.create(instrumentationName, timestampMicro, buildSpanContext());
+      DDSpan span = DDSpan.create(instrumentationName, timestampMicro, buildSpanContext(), links);
       if (span.isLocalRootSpan()) {
         EndpointTracker tracker = tracer.onRootSpanStarted(span);
         span.setEndpointTracker(tracker);
@@ -1450,10 +1297,12 @@ public <T> AgentTracer.SpanBuilder withRequestContextData(RequestContextSlot slo
 
     @Override
     public AgentTracer.SpanBuilder withLink(AgentSpanLink link) {
-      if (this.links == null) {
-        this.links = new ArrayList<>();
+      if (link != null) {
+        if (this.links == null) {
+          this.links = new ArrayList<>();
+        }
+        this.links.add(link);
       }
-      this.links.add(link);
       return this;
     }
 
@@ -1590,6 +1439,12 @@ private DDSpanContext buildSpanContext() {
               ? parentContext.getPathwayContext()
               : dataStreamsMonitoring.newPathwayContext();
 
+      // when removing fake services the best upward service name to pick is the local root one
+      // since a split by tag (i.e. servlet context) might have happened on it.
+      if (!allowInferredServices) {
+        final DDSpan rootSpan = parentTrace.getRootSpan();
+        serviceName = rootSpan != null ? rootSpan.getServiceName() : null;
+      }
       if (serviceName == null) {
         serviceName = CoreTracer.this.serviceName;
       }
@@ -1601,8 +1456,7 @@ private DDSpanContext buildSpanContext() {
           (null == tags ? 0 : tags.size())
               + defaultSpanTags.size()
               + (null == coreTags ? 0 : coreTags.size())
-              + (null == rootSpanTags ? 0 : rootSpanTags.size())
-              + (null == links ? 0 : 1);
+              + (null == rootSpanTags ? 0 : rootSpanTags.size());
 
       if (builderRequestContextDataAppSec != null) {
         requestContextDataAppSec = builderRequestContextDataAppSec;
@@ -1647,9 +1501,6 @@ private DDSpanContext buildSpanContext() {
       context.setAllTags(tags);
       context.setAllTags(coreTags);
       context.setAllTags(rootSpanTags);
-      if (links != null) {
-        context.setTag(SPAN_LINKS, DDSpanLink.toTag(links));
-      }
       return context;
     }
   }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/DDSpan.java b/dd-trace-core/src/main/java/datadog/trace/core/DDSpan.java
index ce355c178e8..dfa76bf0975 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/DDSpan.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/DDSpan.java
@@ -23,13 +23,16 @@
 import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.api.sampling.SamplingMechanism;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpanLink;
 import datadog.trace.bootstrap.instrumentation.api.AttachableWrapper;
 import datadog.trace.bootstrap.instrumentation.api.ErrorPriorities;
 import datadog.trace.bootstrap.instrumentation.api.ResourceNamePriorities;
 import java.io.PrintWriter;
 import java.io.StringWriter;
 import java.util.Collections;
+import java.util.List;
 import java.util.Map;
+import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.atomic.AtomicLongFieldUpdater;
 import java.util.concurrent.atomic.AtomicReferenceFieldUpdater;
 import javax.annotation.Nonnull;
@@ -50,8 +53,11 @@ public class DDSpan
   public static final String CHECKPOINTED_TAG = "checkpointed";
 
   static DDSpan create(
-      final String instrumentationName, final long timestampMicro, @Nonnull DDSpanContext context) {
-    final DDSpan span = new DDSpan(instrumentationName, timestampMicro, context);
+      final String instrumentationName,
+      final long timestampMicro,
+      @Nonnull DDSpanContext context,
+      final List<AgentSpanLink> links) {
+    final DDSpan span = new DDSpan(instrumentationName, timestampMicro, context, links);
     log.debug("Started span: {}", span);
     context.getTrace().registerSpan(span);
     return span;
@@ -105,6 +111,8 @@ static DDSpan create(
    */
   private volatile int longRunningVersion = 0;
 
+  private final List<AgentSpanLink> links;
+
   /**
    * Spans should be constructed using the builder, not by calling the constructor directly.
    *
@@ -115,7 +123,8 @@ static DDSpan create(
   private DDSpan(
       @Nonnull String instrumentationName,
       final long timestampMicro,
-      @Nonnull DDSpanContext context) {
+      @Nonnull DDSpanContext context,
+      final List<AgentSpanLink> links) {
     this.context = context;
     this.metrics = SpanMetricRegistry.getInstance().get(instrumentationName);
     this.metrics.onSpanCreated();
@@ -129,6 +138,8 @@ private DDSpan(
       externalClock = true;
       context.getTrace().touch(); // external clock: explicitly update lastReferenced
     }
+
+    this.links = links == null ? new CopyOnWriteArrayList<>() : new CopyOnWriteArrayList<>(links);
   }
 
   public boolean isFinished() {
@@ -148,7 +159,7 @@ private void finishAndAddToTrace(final long durationNano) {
   }
 
   @Override
-  public final void finish() {
+  public void finish() {
     if (!externalClock) {
       // no external clock was used, so we can rely on nano time
       finishAndAddToTrace(context.getTrace().getCurrentTimeNano() - startTimeNano);
@@ -158,7 +169,7 @@ public final void finish() {
   }
 
   @Override
-  public final void finish(final long stopTimeMicros) {
+  public void finish(final long stopTimeMicros) {
     long durationNano;
     if (!externalClock) {
       // first capture wall-clock offset from 'now' to external stop time
@@ -685,7 +696,7 @@ public CharSequence getType() {
 
   @Override
   public void processTagsAndBaggage(final MetadataConsumer consumer) {
-    context.processTagsAndBaggage(consumer, longRunningVersion);
+    context.processTagsAndBaggage(consumer, longRunningVersion, links);
   }
 
   @Override
@@ -768,7 +779,13 @@ public Map<String, String> getBaggage() {
 
   @Override
   public String toString() {
-    return context.toString() + ", duration_ns=" + durationNano + ", forceKeep=" + forceKeep;
+    return context.toString()
+        + ", duration_ns="
+        + durationNano
+        + ", forceKeep="
+        + forceKeep
+        + ", links="
+        + links;
   }
 
   @Override
@@ -792,4 +809,16 @@ public void setLongRunningVersion(int longRunningVersion) {
   public TraceConfig traceConfig() {
     return context.getTrace().getTraceConfig();
   }
+
+  @Override
+  public void addLink(AgentSpanLink link) {
+    if (link != null) {
+      this.links.add(link);
+    }
+  }
+
+  // to be accessible in Spock spies, which the field wouldn't otherwise be
+  public long getStartTimeNano() {
+    return startTimeNano;
+  }
 }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/DDSpanContext.java b/dd-trace-core/src/main/java/datadog/trace/core/DDSpanContext.java
index 0bb3b916f89..92ac2a970f3 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/DDSpanContext.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/DDSpanContext.java
@@ -1,8 +1,9 @@
 package datadog.trace.core;
 
+import static datadog.trace.api.DDTags.SPAN_LINKS;
 import static datadog.trace.api.cache.RadixTreeCache.HTTP_STATUSES;
+import static datadog.trace.bootstrap.instrumentation.api.ErrorPriorities.UNSET;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.DDTags;
 import datadog.trace.api.DDTraceId;
 import datadog.trace.api.Functions;
@@ -16,7 +17,7 @@
 import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.api.sampling.SamplingMechanism;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.ErrorPriorities;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpanLink;
 import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
 import datadog.trace.bootstrap.instrumentation.api.ProfilerContext;
 import datadog.trace.bootstrap.instrumentation.api.ProfilingContextIntegration;
@@ -25,15 +26,13 @@
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
 import datadog.trace.core.propagation.PropagationTags;
 import datadog.trace.core.taginterceptor.TagInterceptor;
-import datadog.trace.core.tagprocessor.PeerServiceCalculator;
-import datadog.trace.core.tagprocessor.PostProcessorChain;
-import datadog.trace.core.tagprocessor.QueryObfuscator;
-import datadog.trace.core.tagprocessor.TagsPostProcessor;
+import datadog.trace.core.tagprocessor.TagsPostProcessorFactory;
 import datadog.trace.util.TagsHelper;
 import java.io.Closeable;
 import java.io.IOException;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
 import java.util.concurrent.ConcurrentHashMap;
@@ -84,11 +83,6 @@ public class DDSpanContext
 
   private volatile short httpStatusCode;
 
-  private static final TagsPostProcessor postProcessor =
-      new PostProcessorChain(
-          new PeerServiceCalculator(),
-          new QueryObfuscator(Config.get().getObfuscationQueryRegexp()));
-
   /**
    * Tags are associated to the current span, they will not propagate to the children span.
    *
@@ -114,7 +108,7 @@ public class DDSpanContext
   /** True indicates that the span reports an error */
   private volatile boolean errorFlag;
 
-  private volatile byte errorFlagPriority = ErrorPriorities.UNSET;
+  private volatile byte errorFlagPriority = UNSET;
 
   private volatile boolean measured;
 
@@ -143,8 +137,9 @@ public class DDSpanContext
   private volatile BlockResponseFunction blockResponseFunction;
 
   private final ProfilingContextIntegration profilingContextIntegration;
-  private boolean injectBaggageAsTags;
+  private final boolean injectBaggageAsTags;
   private volatile int encodedOperationName;
+  private volatile int encodedResourceName;
 
   public DDSpanContext(
       final DDTraceId traceId,
@@ -390,6 +385,11 @@ public int getEncodedOperationName() {
     return encodedOperationName;
   }
 
+  @Override
+  public int getEncodedResourceName() {
+    return encodedResourceName;
+  }
+
   public String getServiceName() {
     return serviceName;
   }
@@ -419,6 +419,7 @@ public void setResourceName(final CharSequence resourceName, byte priority) {
     if (priority >= this.resourceNamePriority) {
       this.resourceNamePriority = priority;
       this.resourceName = resourceName;
+      this.encodedResourceName = profilingContextIntegration.encode(resourceName);
     }
   }
 
@@ -440,7 +441,7 @@ public boolean getErrorFlag() {
   }
 
   public void setErrorFlag(final boolean errorFlag, final byte priority) {
-    if (priority >= this.errorFlagPriority) {
+    if (priority > UNSET && priority >= this.errorFlagPriority) {
       this.errorFlag = errorFlag;
       this.errorFlagPriority = priority;
     }
@@ -642,6 +643,7 @@ public PathwayContext getPathwayContext() {
     return pathwayContext;
   }
 
+  @Override
   public void mergePathwayContext(PathwayContext pathwayContext) {
     if (pathwayContext == null) {
       return;
@@ -778,8 +780,17 @@ public Map<String, Object> getTags() {
     }
   }
 
-  public void processTagsAndBaggage(final MetadataConsumer consumer, int longRunningVersion) {
+  public void processTagsAndBaggage(
+      final MetadataConsumer consumer, int longRunningVersion, List<AgentSpanLink> links) {
     synchronized (unsafeTags) {
+      // Tags
+      Map<String, Object> tags =
+          TagsPostProcessorFactory.instance().processTagsWithContext(unsafeTags, this);
+      String linksTag = DDSpanLink.toTag(links);
+      if (linksTag != null) {
+        tags.put(SPAN_LINKS, linksTag);
+      }
+      // Baggage
       Map<String, String> baggageItemsWithPropagationTags;
       if (injectBaggageAsTags) {
         baggageItemsWithPropagationTags = new HashMap<>(baggageItems);
@@ -787,11 +798,12 @@ public void processTagsAndBaggage(final MetadataConsumer consumer, int longRunni
       } else {
         baggageItemsWithPropagationTags = propagationTags.createTagMap();
       }
+
       consumer.accept(
           new Metadata(
               threadId,
               threadName,
-              postProcessor.processTags(unsafeTags),
+              tags,
               baggageItemsWithPropagationTags,
               samplingPriority != PrioritySampling.UNSET ? samplingPriority : getSamplingPriority(),
               measured,
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/DDSpanLink.java b/dd-trace-core/src/main/java/datadog/trace/core/DDSpanLink.java
index 168b5ad2486..07880172cdd 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/DDSpanLink.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/DDSpanLink.java
@@ -1,29 +1,34 @@
 package datadog.trace.core;
 
+import static datadog.trace.bootstrap.instrumentation.api.SpanLinkAttributes.EMPTY;
+
 import com.squareup.moshi.FromJson;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Moshi;
 import com.squareup.moshi.ToJson;
-import com.squareup.moshi.Types;
 import datadog.trace.api.DDSpanId;
 import datadog.trace.api.DDTraceId;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpanLink;
 import datadog.trace.bootstrap.instrumentation.api.SpanLink;
+import datadog.trace.bootstrap.instrumentation.api.SpanLinkAttributes;
 import datadog.trace.core.propagation.ExtractedContext;
 import datadog.trace.core.propagation.PropagationTags;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /** This class holds helper methods to encode span links into span context. */
 public class DDSpanLink extends SpanLink {
-  private static final Moshi MOSHI = new Moshi.Builder().add(new SpanLinkAdapter()).build();
-  private static final JsonAdapter<List<AgentSpanLink>> SPAN_LINKS_ADAPTER =
-      MOSHI.adapter(Types.newParameterizedType(List.class, AgentSpanLink.class));
+  private static final Logger LOGGER = LoggerFactory.getLogger(DDSpanLink.class);
+  /** The maximum of characters a span tag value can hold. */
+  private static final int TAG_MAX_LENGTH = 25_000;
+  /** JSON encoder (lazily initialized) */
+  private static JsonAdapter<AgentSpanLink> encoder;
 
   protected DDSpanLink(
-      DDTraceId traceId, long spanId, String traceState, Map<String, String> attributes) {
-    super(traceId, spanId, traceState, attributes);
+      DDTraceId traceId, long spanId, byte traceFlags, String traceState, Attributes attributes) {
+    super(traceId, spanId, traceFlags, traceState, attributes);
   }
 
   /**
@@ -34,7 +39,7 @@ protected DDSpanLink(
    * @return A span link to the given context.
    */
   public static SpanLink from(ExtractedContext context) {
-    return from(context, Collections.emptyMap());
+    return from(context, EMPTY);
   }
 
   /**
@@ -45,12 +50,14 @@ public static SpanLink from(ExtractedContext context) {
    * @param attributes The span link attributes.
    * @return A span link to the given context with custom attributes.
    */
-  public static SpanLink from(ExtractedContext context, Map<String, String> attributes) {
+  public static SpanLink from(ExtractedContext context, Attributes attributes) {
+    byte traceFlags = context.getSamplingPriority() > 0 ? SAMPLED_FLAG : DEFAULT_FLAGS;
     String traceState =
         context.getPropagationTags() == null
             ? ""
             : context.getPropagationTags().headerValue(PropagationTags.HeaderType.W3C);
-    return new DDSpanLink(context.getTraceId(), context.getSpanId(), traceState, attributes);
+    return new DDSpanLink(
+        context.getTraceId(), context.getSpanId(), traceFlags, traceState, attributes);
   }
 
   /**
@@ -63,7 +70,36 @@ public static String toTag(List<AgentSpanLink> links) {
     if (links == null || links.isEmpty()) {
       return null;
     }
-    return SPAN_LINKS_ADAPTER.toJson(links);
+    // Manually encode as JSON array
+    StringBuilder builder = new StringBuilder("[");
+    int index = 0;
+    while (index < links.size()) {
+      String linkAsJson = getEncoder().toJson(links.get(index));
+      int arrayCharsNeeded = index == 0 ? 1 : 2; // Closing bracket and comma separator if needed
+      if (linkAsJson.length() + builder.length() + arrayCharsNeeded >= TAG_MAX_LENGTH) {
+        // Do no more fit inside a span tag, stop adding span links
+        break;
+      }
+      if (index > 0) {
+        builder.append(',');
+      }
+      builder.append(linkAsJson);
+      index++;
+    }
+    // Notify of dropped links
+    while (index < links.size()) {
+      LOGGER.debug("Span tag full. Dropping span links {}", links.get(index));
+      index++;
+    }
+    return builder.append(']').toString();
+  }
+
+  private static JsonAdapter<AgentSpanLink> getEncoder() {
+    if (encoder == null) {
+      Moshi moshi = new Moshi.Builder().add(new SpanLinkAdapter()).build();
+      encoder = moshi.adapter(AgentSpanLink.class);
+    }
+    return encoder;
   }
 
   private static class SpanLinkAdapter {
@@ -72,9 +108,10 @@ SpanLinkJson toSpanLinkJson(AgentSpanLink link) {
       SpanLinkJson json = new SpanLinkJson();
       json.traceId = link.traceId().toHexString();
       json.spanId = DDSpanId.toHexString(link.spanId());
-      json.traceState = link.traceState();
+      json.traceFlags = link.traceFlags() == 0 ? null : link.traceFlags();
+      json.traceState = link.traceState().isEmpty() ? null : link.traceState();
       if (!link.attributes().isEmpty()) {
-        json.attributes = link.attributes();
+        json.attributes = link.attributes().asMap();
       }
       return json;
     }
@@ -84,14 +121,16 @@ AgentSpanLink fromSpanLinkJson(SpanLinkJson json) {
       return new DDSpanLink(
           DDTraceId.fromHex(json.traceId),
           DDSpanId.fromHex(json.spanId),
+          json.traceFlags,
           json.traceState,
-          json.attributes);
+          SpanLinkAttributes.fromMap(json.attributes));
     }
   }
 
   private static class SpanLinkJson {
     String traceId;
     String spanId;
+    Byte traceFlags;
     String traceState;
     Map<String, String> attributes;
   }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextExtractor.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextExtractor.java
index 8102dd7b1dc..e51ec158034 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextExtractor.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextExtractor.java
@@ -1,20 +1,27 @@
 package datadog.trace.core.datastreams;
 
+import datadog.trace.api.TraceConfig;
 import datadog.trace.api.WellKnownTags;
 import datadog.trace.api.time.TimeSource;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.TagContext;
 import datadog.trace.core.propagation.HttpCodec;
+import java.util.function.Supplier;
 
 public class DataStreamContextExtractor implements HttpCodec.Extractor {
   private final HttpCodec.Extractor delegate;
   private final TimeSource timeSource;
+  private final Supplier<TraceConfig> traceConfigSupplier;
   private final WellKnownTags wellKnownTags;
 
   public DataStreamContextExtractor(
-      HttpCodec.Extractor extractor, TimeSource timeSource, WellKnownTags wellKnownTags) {
-    this.delegate = extractor;
+      HttpCodec.Extractor delegate,
+      TimeSource timeSource,
+      Supplier<TraceConfig> traceConfigSupplier,
+      WellKnownTags wellKnownTags) {
+    this.delegate = delegate;
     this.timeSource = timeSource;
+    this.traceConfigSupplier = traceConfigSupplier;
     this.wellKnownTags = wellKnownTags;
   }
 
@@ -22,18 +29,32 @@ public DataStreamContextExtractor(
   public <C> TagContext extract(C carrier, AgentPropagation.ContextVisitor<C> getter) {
     // Delegate the default HTTP extraction
     TagContext extracted = this.delegate.extract(carrier, getter);
-    // Extract the pathway context
-    DefaultPathwayContext pathwayContext =
-        DefaultPathwayContext.extract(carrier, getter, this.timeSource, this.wellKnownTags);
+
     if (extracted != null) {
-      extracted.withPathwayContext(pathwayContext);
-      return extracted;
-    } else if (pathwayContext != null) {
-      extracted = new TagContext();
-      extracted.withPathwayContext(pathwayContext);
+      boolean shouldExtractPathwayContext =
+          extracted.getTraceConfig() == null
+              ? traceConfigSupplier.get().isDataStreamsEnabled()
+              : extracted.getTraceConfig().isDataStreamsEnabled();
+
+      if (shouldExtractPathwayContext) {
+        DefaultPathwayContext pathwayContext =
+            DefaultPathwayContext.extract(carrier, getter, this.timeSource, this.wellKnownTags);
+
+        extracted.withPathwayContext(pathwayContext);
+      }
+
       return extracted;
-    } else {
-      return null;
+    } else if (traceConfigSupplier.get().isDataStreamsEnabled()) {
+      DefaultPathwayContext pathwayContext =
+          DefaultPathwayContext.extract(carrier, getter, this.timeSource, this.wellKnownTags);
+
+      if (pathwayContext != null) {
+        extracted = new TagContext();
+        extracted.withPathwayContext(pathwayContext);
+        return extracted;
+      }
     }
+
+    return null;
   }
 }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextInjector.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextInjector.java
new file mode 100644
index 00000000000..838c50159e6
--- /dev/null
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamContextInjector.java
@@ -0,0 +1,75 @@
+package datadog.trace.core.datastreams;
+
+import static datadog.trace.api.DDTags.PATHWAY_HASH;
+import static datadog.trace.bootstrap.instrumentation.api.PathwayContext.PROPAGATION_KEY_BASE64;
+
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
+import java.io.IOException;
+import java.util.LinkedHashMap;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class DataStreamContextInjector {
+  private static final Logger LOGGER = LoggerFactory.getLogger(DataStreamContextInjector.class);
+  private final DataStreamsMonitoring dataStreamsMonitoring;
+
+  public DataStreamContextInjector(DataStreamsMonitoring dataStreamsMonitoring) {
+    this.dataStreamsMonitoring = dataStreamsMonitoring;
+  }
+
+  public <C> void injectPathwayContext(
+      AgentSpan span,
+      C carrier,
+      AgentPropagation.Setter<C> setter,
+      LinkedHashMap<String, String> sortedTags) {
+    PathwayContext pathwayContext = span.context().getPathwayContext();
+
+    if (pathwayContext == null
+        || (span.traceConfig() != null && !span.traceConfig().isDataStreamsEnabled())) {
+      return;
+    }
+    pathwayContext.setCheckpoint(sortedTags, dataStreamsMonitoring::add);
+
+    boolean injected =
+        setter instanceof AgentPropagation.BinarySetter
+            ? injectBinaryPathwayContext(
+                pathwayContext, carrier, (AgentPropagation.BinarySetter<C>) setter)
+            : injectPathwayContext(pathwayContext, carrier, setter);
+
+    if (injected && pathwayContext.getHash() != 0) {
+      span.setTag(PATHWAY_HASH, Long.toUnsignedString(pathwayContext.getHash()));
+    }
+  }
+
+  private static <C> boolean injectBinaryPathwayContext(
+      PathwayContext pathwayContext, C carrier, AgentPropagation.BinarySetter<C> setter) {
+    try {
+      byte[] encodedContext = pathwayContext.encode();
+      if (encodedContext != null) {
+        LOGGER.debug("Injecting binary pathway context {}", pathwayContext);
+        setter.set(carrier, PROPAGATION_KEY_BASE64, encodedContext);
+        return true;
+      }
+    } catch (IOException e) {
+      LOGGER.debug("Unable to set encode pathway context", e);
+    }
+    return false;
+  }
+
+  private static <C> boolean injectPathwayContext(
+      PathwayContext pathwayContext, C carrier, AgentPropagation.Setter<C> setter) {
+    try {
+      String encodedContext = pathwayContext.strEncode();
+      if (encodedContext != null) {
+        LOGGER.debug("Injecting pathway context {}", pathwayContext);
+        setter.set(carrier, PROPAGATION_KEY_BASE64, encodedContext);
+        return true;
+      }
+    } catch (IOException e) {
+      LOGGER.debug("Unable to set encode pathway context", e);
+    }
+    return false;
+  }
+}
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamsMonitoring.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamsMonitoring.java
index dc4989584ed..d6df69cc8ed 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamsMonitoring.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DataStreamsMonitoring.java
@@ -5,21 +5,25 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context;
 import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
-import datadog.trace.bootstrap.instrumentation.api.StatsPoint;
 import datadog.trace.core.propagation.HttpCodec;
 
 public interface DataStreamsMonitoring extends AgentDataStreamsMonitoring, AutoCloseable {
   void start();
 
-  PathwayContext newPathwayContext();
-
   /**
-   * Adds DSM context extractor behavior.
+   * Get a context extractor that support {@link PathwayContext} extraction.
    *
-   * @param extractor The extractor to decorate with DSM extraction.
+   * @param delegate The extractor to delegate the common trace context extraction.
    * @return An extractor with DSM context extraction.
    */
-  HttpCodec.Extractor decorate(HttpCodec.Extractor extractor);
+  HttpCodec.Extractor extractor(HttpCodec.Extractor delegate);
+
+  /**
+   * Gets a context injector to propagate {@link PathwayContext}.
+   *
+   * @return A context injector if supported, {@code null} otherwise.
+   */
+  DataStreamContextInjector injector();
 
   /**
    * Injects DSM {@link PathwayContext} into a span {@link Context}.
@@ -29,8 +33,6 @@ public interface DataStreamsMonitoring extends AgentDataStreamsMonitoring, AutoC
    */
   void mergePathwayContextIntoSpan(AgentSpan span, DataStreamsContextCarrier carrier);
 
-  void add(StatsPoint statsPoint);
-
   void clear();
 
   @Override
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultDataStreamsMonitoring.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultDataStreamsMonitoring.java
index 7b112e38eb7..c1106e52114 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultDataStreamsMonitoring.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultDataStreamsMonitoring.java
@@ -1,6 +1,13 @@
 package datadog.trace.core.datastreams;
 
 import static datadog.communication.ddagent.DDAgentFeaturesDiscovery.V01_DATASTREAMS_ENDPOINT;
+import static datadog.trace.api.DDTags.PATHWAY_HASH;
+import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_IN;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_OUT;
+import static datadog.trace.core.datastreams.TagsProcessor.DIRECTION_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TOPIC_TAG;
+import static datadog.trace.core.datastreams.TagsProcessor.TYPE_TAG;
 import static datadog.trace.util.AgentThreadFactory.AgentThread.DATA_STREAMS_MONITORING;
 import static datadog.trace.util.AgentThreadFactory.THREAD_JOIN_TIMOUT_MS;
 import static datadog.trace.util.AgentThreadFactory.newAgentThread;
@@ -8,10 +15,12 @@
 import datadog.communication.ddagent.DDAgentFeaturesDiscovery;
 import datadog.communication.ddagent.SharedCommunicationObjects;
 import datadog.trace.api.Config;
+import datadog.trace.api.TraceConfig;
 import datadog.trace.api.WellKnownTags;
 import datadog.trace.api.experimental.DataStreamsContextCarrier;
 import datadog.trace.api.time.TimeSource;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.bootstrap.instrumentation.api.Backlog;
 import datadog.trace.bootstrap.instrumentation.api.InboxItem;
 import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
@@ -32,6 +41,7 @@
 import java.util.Map;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.TimeUnit;
+import java.util.function.Supplier;
 import org.jctools.queues.MpscBlockingConsumerArrayQueue;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -42,9 +52,10 @@ public class DefaultDataStreamsMonitoring implements DataStreamsMonitoring, Even
   static final long DEFAULT_BUCKET_DURATION_NANOS = TimeUnit.SECONDS.toNanos(10);
   static final long FEATURE_CHECK_INTERVAL_NANOS = TimeUnit.MINUTES.toNanos(5);
 
-  private static final StatsPoint REPORT = new StatsPoint(Collections.emptyList(), 0, 0, 0, 0, 0);
+  private static final StatsPoint REPORT =
+      new StatsPoint(Collections.emptyList(), 0, 0, 0, 0, 0, 0);
   private static final StatsPoint POISON_PILL =
-      new StatsPoint(Collections.emptyList(), 0, 0, 0, 0, 0);
+      new StatsPoint(Collections.emptyList(), 0, 0, 0, 0, 0, 0);
 
   private final Map<Long, StatsBucket> timeToBucket = new HashMap<>();
   private final BlockingQueue<InboxItem> inbox = new MpscBlockingConsumerArrayQueue<>(1024);
@@ -52,14 +63,21 @@ public class DefaultDataStreamsMonitoring implements DataStreamsMonitoring, Even
   private final DDAgentFeaturesDiscovery features;
   private final TimeSource timeSource;
   private final WellKnownTags wellKnownTags;
+  private final Supplier<TraceConfig> traceConfigSupplier;
   private final long bucketDurationNanos;
+  private final DataStreamContextInjector injector;
   private final Thread thread;
   private AgentTaskScheduler.Scheduled<DefaultDataStreamsMonitoring> cancellation;
   private volatile long nextFeatureCheck;
   private volatile boolean supportsDataStreams = false;
+  private volatile boolean agentSupportsDataStreams = false;
+  private volatile boolean configSupportsDataStreams = false;
 
   public DefaultDataStreamsMonitoring(
-      Config config, SharedCommunicationObjects sharedCommunicationObjects, TimeSource timeSource) {
+      Config config,
+      SharedCommunicationObjects sharedCommunicationObjects,
+      TimeSource timeSource,
+      Supplier<TraceConfig> traceConfigSupplier) {
     this(
         new OkHttpSink(
             sharedCommunicationObjects.okHttpClient,
@@ -70,15 +88,21 @@ public DefaultDataStreamsMonitoring(
             Collections.<String, String>emptyMap()),
         sharedCommunicationObjects.featuresDiscovery(config),
         timeSource,
+        traceConfigSupplier,
         config);
   }
 
   public DefaultDataStreamsMonitoring(
-      Sink sink, DDAgentFeaturesDiscovery features, TimeSource timeSource, Config config) {
+      Sink sink,
+      DDAgentFeaturesDiscovery features,
+      TimeSource timeSource,
+      Supplier<TraceConfig> traceConfigSupplier,
+      Config config) {
     this(
         sink,
         features,
         timeSource,
+        traceConfigSupplier,
         config.getWellKnownTags(),
         new MsgPackDatastreamsPayloadWriter(
             sink, config.getWellKnownTags(), DDTraceCoreInfo.VERSION, config.getPrimaryTag()),
@@ -89,14 +113,17 @@ public DefaultDataStreamsMonitoring(
       Sink sink,
       DDAgentFeaturesDiscovery features,
       TimeSource timeSource,
+      Supplier<TraceConfig> traceConfigSupplier,
       WellKnownTags wellKnownTags,
       DatastreamsPayloadWriter payloadWriter,
       long bucketDurationNanos) {
     this.features = features;
     this.timeSource = timeSource;
+    this.traceConfigSupplier = traceConfigSupplier;
     this.wellKnownTags = wellKnownTags;
     this.payloadWriter = payloadWriter;
     this.bucketDurationNanos = bucketDurationNanos;
+    this.injector = new DataStreamContextInjector(this);
 
     thread = newAgentThread(DATA_STREAMS_MONITORING, new InboxProcessor());
     sink.register(this);
@@ -108,10 +135,12 @@ public void start() {
       features.discoverIfOutdated();
     }
 
-    if (features.supportsDataStreams()) {
-      supportsDataStreams = true;
-    } else {
-      supportsDataStreams = false;
+    agentSupportsDataStreams = features.supportsDataStreams();
+    checkDynamicConfig();
+
+    if (!configSupportsDataStreams) {
+      log.debug("Data streams is disabled");
+    } else if (!agentSupportsDataStreams) {
       log.debug("Data streams is disabled or not supported by agent");
     }
 
@@ -132,12 +161,21 @@ public void add(StatsPoint statsPoint) {
 
   @Override
   public PathwayContext newPathwayContext() {
-    return new DefaultPathwayContext(timeSource, wellKnownTags);
+    if (configSupportsDataStreams) {
+      return new DefaultPathwayContext(timeSource, wellKnownTags);
+    } else {
+      return AgentTracer.NoopPathwayContext.INSTANCE;
+    }
   }
 
   @Override
-  public HttpCodec.Extractor decorate(HttpCodec.Extractor extractor) {
-    return new DataStreamContextExtractor(extractor, timeSource, wellKnownTags);
+  public HttpCodec.Extractor extractor(HttpCodec.Extractor delegate) {
+    return new DataStreamContextExtractor(delegate, timeSource, traceConfigSupplier, wellKnownTags);
+  }
+
+  @Override
+  public DataStreamContextInjector injector() {
+    return this.injector;
   }
 
   @Override
@@ -165,6 +203,65 @@ public void trackBacklog(LinkedHashMap<String, String> sortedTags, long value) {
     inbox.offer(new Backlog(tags, value, timeSource.getCurrentTimeNanos()));
   }
 
+  @Override
+  public void setCheckpoint(
+      AgentSpan span,
+      LinkedHashMap<String, String> sortedTags,
+      long defaultTimestamp,
+      long payloadSizeBytes) {
+    PathwayContext pathwayContext = span.context().getPathwayContext();
+    if (pathwayContext != null) {
+      pathwayContext.setCheckpoint(sortedTags, this::add, defaultTimestamp, payloadSizeBytes);
+      if (pathwayContext.getHash() != 0) {
+        span.setTag(PATHWAY_HASH, Long.toUnsignedString(pathwayContext.getHash()));
+      }
+    }
+  }
+
+  @Override
+  public void setConsumeCheckpoint(String type, String source, DataStreamsContextCarrier carrier) {
+    if (type == null || type.isEmpty() || source == null || source.isEmpty()) {
+      log.warn("setConsumeCheckpoint should be called with non-empty type and source");
+      return;
+    }
+
+    AgentSpan span = activeSpan();
+    if (span == null) {
+      log.warn("SetConsumeCheckpoint is called with no active span");
+      return;
+    }
+    mergePathwayContextIntoSpan(span, carrier);
+
+    LinkedHashMap<String, String> sortedTags = new LinkedHashMap<>();
+    sortedTags.put(DIRECTION_TAG, DIRECTION_IN);
+    sortedTags.put(TOPIC_TAG, source);
+    sortedTags.put(TYPE_TAG, type);
+
+    setCheckpoint(span, sortedTags, 0, 0);
+  }
+
+  @Override
+  public void setProduceCheckpoint(String type, String target, DataStreamsContextCarrier carrier) {
+    if (type == null || type.isEmpty() || target == null || target.isEmpty()) {
+      log.warn("SetProduceCheckpoint should be called with non-empty type and target");
+      return;
+    }
+
+    AgentSpan span = activeSpan();
+    if (span == null) {
+      log.warn("SetProduceCheckpoint is called with no active span");
+      return;
+    }
+
+    LinkedHashMap<String, String> sortedTags = new LinkedHashMap<>();
+    sortedTags.put(DIRECTION_TAG, DIRECTION_OUT);
+    sortedTags.put(TOPIC_TAG, target);
+    sortedTags.put(TYPE_TAG, type);
+
+    this.injector.injectPathwayContext(
+        span, carrier, DataStreamsContextCarrierAdapter.INSTANCE, sortedTags);
+  }
+
   @Override
   public void close() {
     if (null != cancellation) {
@@ -176,7 +273,6 @@ public void close() {
       thread.join(THREAD_JOIN_TIMOUT_MS);
     } catch (InterruptedException ignored) {
     }
-    inbox.clear();
   }
 
   private class InboxProcessor implements Runnable {
@@ -188,6 +284,8 @@ public void run() {
           InboxItem payload = inbox.take();
 
           if (payload == REPORT) {
+            checkDynamicConfig();
+
             if (supportsDataStreams) {
               flush(timeSource.getCurrentTimeNanos());
             } else if (timeSource.getCurrentTimeNanos() >= nextFeatureCheck) {
@@ -275,16 +373,27 @@ public void onEvent(EventType eventType, String message) {
     }
   }
 
+  private void checkDynamicConfig() {
+    configSupportsDataStreams = traceConfigSupplier.get().isDataStreamsEnabled();
+    supportsDataStreams = agentSupportsDataStreams && configSupportsDataStreams;
+  }
+
   private void checkFeatures() {
-    boolean oldValue = supportsDataStreams;
+    boolean oldValue = agentSupportsDataStreams;
 
     features.discoverIfOutdated();
-    supportsDataStreams = features.supportsDataStreams();
-    if (oldValue && !supportsDataStreams) {
+    agentSupportsDataStreams = features.supportsDataStreams();
+    if (oldValue && !agentSupportsDataStreams && configSupportsDataStreams) {
       log.info("Disabling data streams reporting because it is not supported by the agent");
-    } else if (!oldValue && supportsDataStreams) {
+    } else if (!oldValue && agentSupportsDataStreams && configSupportsDataStreams) {
       log.info("Agent upgrade detected. Enabling data streams because it is now supported");
+    } else if (!oldValue && agentSupportsDataStreams && !configSupportsDataStreams) {
+      log.info(
+          "Agent upgrade detected. Not enabling data streams because it is disabled by config");
     }
+
+    supportsDataStreams = agentSupportsDataStreams && configSupportsDataStreams;
+
     nextFeatureCheck = timeSource.getCurrentTimeNanos() + FEATURE_CHECK_INTERVAL_NANOS;
   }
 
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultPathwayContext.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultPathwayContext.java
index 656d7a15557..7e4beb835fc 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultPathwayContext.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/DefaultPathwayContext.java
@@ -95,7 +95,7 @@ public long getHash() {
   @Override
   public void setCheckpoint(
       LinkedHashMap<String, String> sortedTags, Consumer<StatsPoint> pointConsumer) {
-    setCheckpoint(sortedTags, pointConsumer, 0);
+    setCheckpoint(sortedTags, pointConsumer, 0, 0);
   }
 
   @Override
@@ -103,6 +103,15 @@ public void setCheckpoint(
       LinkedHashMap<String, String> sortedTags,
       Consumer<StatsPoint> pointConsumer,
       long defaultTimestamp) {
+    setCheckpoint(sortedTags, pointConsumer, defaultTimestamp, 0);
+  }
+
+  @Override
+  public void setCheckpoint(
+      LinkedHashMap<String, String> sortedTags,
+      Consumer<StatsPoint> pointConsumer,
+      long defaultTimestamp,
+      long payloadSizeBytes) {
     long startNanos = timeSource.getCurrentTimeNanos();
     long nanoTicks = timeSource.getNanoTicks();
     lock.lock();
@@ -167,7 +176,8 @@ public void setCheckpoint(
               hash,
               timeSource.getCurrentTimeNanos(),
               pathwayLatencyNano,
-              edgeLatencyNano);
+              edgeLatencyNano,
+              payloadSizeBytes);
       edgeStartNanoTicks = nanoTicks;
       hash = newHash;
 
@@ -248,22 +258,6 @@ private static class PathwayContextExtractor implements AgentPropagation.KeyClas
 
     @Override
     public boolean accept(String key, String value) {
-      if (PathwayContext.DATADOG_KEY.equalsIgnoreCase(key)) {
-        try {
-          int startIndex = value.indexOf("\"dd-pathway-ctx-base64\": ");
-          int startValueIndex =
-              value.indexOf("\"", startIndex + "\"dd-pathway-ctx-base64\": ".length());
-          int endValueIndex = value.indexOf("\"", startValueIndex + 1);
-          if (startIndex == -1 || startValueIndex == -1 || endValueIndex == -1) {
-            return false;
-          }
-          String ddPathwayCtxBase64Value = value.substring(startValueIndex + 1, endValueIndex);
-          ddPathwayCtxBase64Value = ddPathwayCtxBase64Value.trim();
-          extractedContext = strDecode(timeSource, wellKnownTags, ddPathwayCtxBase64Value);
-        } catch (IOException | IndexOutOfBoundsException e) {
-          return false;
-        }
-      }
       if (PathwayContext.PROPAGATION_KEY_BASE64.equalsIgnoreCase(key)) {
         try {
           extractedContext = strDecode(timeSource, wellKnownTags, value);
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/MsgPackDatastreamsPayloadWriter.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/MsgPackDatastreamsPayloadWriter.java
index 7156fdb7eac..461e5457673 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/MsgPackDatastreamsPayloadWriter.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/MsgPackDatastreamsPayloadWriter.java
@@ -14,6 +14,7 @@
 
 public class MsgPackDatastreamsPayloadWriter implements DatastreamsPayloadWriter {
   private static final byte[] ENV = "Env".getBytes(ISO_8859_1);
+  private static final byte[] VERSION = "Version".getBytes(ISO_8859_1);
   private static final byte[] PRIMARY_TAG = "PrimaryTag".getBytes(ISO_8859_1);
   private static final byte[] LANG = "Lang".getBytes(ISO_8859_1);
   private static final byte[] TRACER_VERSION = "TracerVersion".getBytes(ISO_8859_1);
@@ -22,6 +23,7 @@ public class MsgPackDatastreamsPayloadWriter implements DatastreamsPayloadWriter
   private static final byte[] DURATION = "Duration".getBytes(ISO_8859_1);
   private static final byte[] PATHWAY_LATENCY = "PathwayLatency".getBytes(ISO_8859_1);
   private static final byte[] EDGE_LATENCY = "EdgeLatency".getBytes(ISO_8859_1);
+  private static final byte[] PAYLOAD_SIZE = "PayloadSize".getBytes(ISO_8859_1);
   private static final byte[] SERVICE = "Service".getBytes(ISO_8859_1);
   private static final byte[] EDGE_TAGS = "EdgeTags".getBytes(ISO_8859_1);
   private static final byte[] BACKLOGS = "Backlogs".getBytes(ISO_8859_1);
@@ -55,7 +57,7 @@ public void reset() {
 
   @Override
   public void writePayload(Collection<StatsBucket> data) {
-    writer.startMap(6);
+    writer.startMap(7);
     /* 1 */
     writer.writeUTF8(ENV);
     writer.writeUTF8(wellKnownTags.getEnv());
@@ -77,8 +79,13 @@ public void writePayload(Collection<StatsBucket> data) {
     writer.writeUTF8(tracerVersionValue);
 
     /* 6 */
+    writer.writeUTF8(VERSION);
+    writer.writeUTF8(wellKnownTags.getVersion());
+
+    /* 7 */
     writer.writeUTF8(STATS);
     writer.startArray(data.size());
+
     for (StatsBucket bucket : data) {
       boolean hasBacklogs = !bucket.getBacklogs().isEmpty();
       writer.startMap(3 + (hasBacklogs ? 1 : 0));
@@ -112,7 +119,7 @@ private void writeBucket(StatsBucket bucket, Writable packer) {
     for (StatsGroup group : groups) {
       boolean firstNode = group.getEdgeTags().isEmpty();
 
-      packer.startMap(firstNode ? 4 : 5);
+      packer.startMap(firstNode ? 5 : 6);
 
       /* 1 */
       packer.writeUTF8(PATHWAY_LATENCY);
@@ -123,15 +130,19 @@ private void writeBucket(StatsBucket bucket, Writable packer) {
       packer.writeBinary(group.getEdgeLatency().serialize());
 
       /* 3 */
+      packer.writeUTF8(PAYLOAD_SIZE);
+      packer.writeBinary(group.getPayloadSize().serialize());
+
+      /* 4 */
       packer.writeUTF8(HASH);
       packer.writeUnsignedLong(group.getHash());
 
-      /* 4 */
+      /* 5 */
       packer.writeUTF8(PARENT_HASH);
       packer.writeUnsignedLong(group.getParentHash());
 
       if (!firstNode) {
-        /* 5 */
+        /* 6 */
         packer.writeUTF8(EDGE_TAGS);
         packer.startArray(group.getEdgeTags().size());
         for (String tag : group.getEdgeTags()) {
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/NoopDataStreamsMonitoring.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/NoopDataStreamsMonitoring.java
deleted file mode 100644
index ad30dff6035..00000000000
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/NoopDataStreamsMonitoring.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package datadog.trace.core.datastreams;
-
-import datadog.trace.api.experimental.DataStreamsContextCarrier;
-import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
-import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
-import datadog.trace.bootstrap.instrumentation.api.PathwayContext;
-import datadog.trace.bootstrap.instrumentation.api.StatsPoint;
-import datadog.trace.core.propagation.HttpCodec;
-import java.util.LinkedHashMap;
-
-public class NoopDataStreamsMonitoring implements DataStreamsMonitoring {
-  @Override
-  public void start() {}
-
-  @Override
-  public void add(StatsPoint statsPoint) {}
-
-  @Override
-  public PathwayContext newPathwayContext() {
-    return AgentTracer.NoopPathwayContext.INSTANCE;
-  }
-
-  @Override
-  public HttpCodec.Extractor decorate(HttpCodec.Extractor extractor) {
-    return extractor;
-  }
-
-  @Override
-  public void mergePathwayContextIntoSpan(AgentSpan span, DataStreamsContextCarrier carrier) {}
-
-  @Override
-  public void trackBacklog(LinkedHashMap<String, String> sortedTags, long value) {}
-
-  @Override
-  public void close() {}
-
-  @Override
-  public void clear() {}
-}
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsBucket.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsBucket.java
index 59fe6149547..de58e3cccf2 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsBucket.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsBucket.java
@@ -29,7 +29,10 @@ public void addPoint(StatsPoint statsPoint) {
       hashToGroup.put(statsPoint.getHash(), statsGroup);
     }
 
-    statsGroup.add(statsPoint.getPathwayLatencyNano(), statsPoint.getEdgeLatencyNano());
+    statsGroup.add(
+        statsPoint.getPathwayLatencyNano(),
+        statsPoint.getEdgeLatencyNano(),
+        statsPoint.getPayloadSizeBytes());
   }
 
   public void addBacklog(Backlog backlog) {
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsGroup.java b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsGroup.java
index 4034758e936..bbdb7dcc4e2 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsGroup.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/datastreams/StatsGroup.java
@@ -12,6 +12,7 @@ public class StatsGroup {
   private final long parentHash;
   private final Histogram pathwayLatency;
   private final Histogram edgeLatency;
+  private final Histogram payloadSize;
 
   public StatsGroup(List<String> edgeTags, long hash, long parentHash) {
     this.edgeTags = edgeTags;
@@ -19,11 +20,15 @@ public StatsGroup(List<String> edgeTags, long hash, long parentHash) {
     this.parentHash = parentHash;
     pathwayLatency = Histograms.newHistogram();
     edgeLatency = Histograms.newHistogram();
+    payloadSize = Histograms.newHistogram();
   }
 
-  public void add(long pathwayLatencyNano, long edgeLatencyNano) {
+  public void add(long pathwayLatencyNano, long edgeLatencyNano, long payloadSizeBytes) {
     pathwayLatency.accept(((double) pathwayLatencyNano) / NANOSECONDS_TO_SECOND);
     edgeLatency.accept(((double) edgeLatencyNano) / NANOSECONDS_TO_SECOND);
+    // payload size is set to zero when we cannot compute it
+    // in that case, it's probably better to have an empty histogram than filling it with zeros
+    if (payloadSizeBytes != 0) payloadSize.accept((double) payloadSizeBytes);
   }
 
   public List<String> getEdgeTags() {
@@ -46,6 +51,10 @@ public Histogram getEdgeLatency() {
     return edgeLatency;
   }
 
+  public Histogram getPayloadSize() {
+    return payloadSize;
+  }
+
   @Override
   public String toString() {
     return "StatsGroup{"
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/propagation/CorePropagation.java b/dd-trace-core/src/main/java/datadog/trace/core/propagation/CorePropagation.java
new file mode 100644
index 00000000000..8453e20446d
--- /dev/null
+++ b/dd-trace-core/src/main/java/datadog/trace/core/propagation/CorePropagation.java
@@ -0,0 +1,78 @@
+package datadog.trace.core.propagation;
+
+import datadog.trace.api.TracePropagationStyle;
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.core.DDSpanContext;
+import datadog.trace.core.datastreams.DataStreamContextInjector;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class CorePropagation implements AgentPropagation {
+  private final HttpCodec.Injector injector;
+  private final Map<TracePropagationStyle, HttpCodec.Injector> injectors;
+  private final DataStreamContextInjector dataStreamContextInjector;
+  private final HttpCodec.Extractor extractor;
+
+  /**
+   * Constructor
+   *
+   * @param extractor The context extractor.
+   * @param defaultInjector The default injector when no {@link TracePropagationStyle} given.
+   * @param injectors All the other injectors available for context injection.
+   * @param dataStreamContextInjector The DSM context injector, as a specific object until generic
+   *     context injection is available.
+   */
+  public CorePropagation(
+      HttpCodec.Extractor extractor,
+      HttpCodec.Injector defaultInjector,
+      Map<TracePropagationStyle, HttpCodec.Injector> injectors,
+      DataStreamContextInjector dataStreamContextInjector) {
+    this.extractor = extractor;
+    this.injector = defaultInjector;
+    this.injectors = injectors;
+    this.dataStreamContextInjector = dataStreamContextInjector;
+  }
+
+  @Override
+  public <C> void inject(final AgentSpan span, final C carrier, final Setter<C> setter) {
+    inject(span.context(), carrier, setter, null);
+  }
+
+  @Override
+  public <C> void inject(AgentSpan.Context context, C carrier, Setter<C> setter) {
+    inject(context, carrier, setter, null);
+  }
+
+  @Override
+  public <C> void inject(AgentSpan span, C carrier, Setter<C> setter, TracePropagationStyle style) {
+    inject(span.context(), carrier, setter, style);
+  }
+
+  private <C> void inject(
+      AgentSpan.Context context, C carrier, Setter<C> setter, TracePropagationStyle style) {
+    if (!(context instanceof DDSpanContext)) {
+      return;
+    }
+
+    final DDSpanContext ddSpanContext = (DDSpanContext) context;
+    ddSpanContext.getTrace().setSamplingPriorityIfNecessary();
+
+    if (null == style) {
+      injector.inject(ddSpanContext, carrier, setter);
+    } else {
+      injectors.get(style).inject(ddSpanContext, carrier, setter);
+    }
+  }
+
+  @Override
+  public <C> void injectPathwayContext(
+      AgentSpan span, C carrier, Setter<C> setter, LinkedHashMap<String, String> sortedTags) {
+    this.dataStreamContextInjector.injectPathwayContext(span, carrier, setter, sortedTags);
+  }
+
+  @Override
+  public <C> AgentSpan.Context.Extracted extract(final C carrier, final ContextVisitor<C> getter) {
+    return extractor.extract(carrier, getter);
+  }
+}
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/propagation/DatadogHttpCodec.java b/dd-trace-core/src/main/java/datadog/trace/core/propagation/DatadogHttpCodec.java
index ba9a41e10d0..a2162875fd6 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/propagation/DatadogHttpCodec.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/propagation/DatadogHttpCodec.java
@@ -71,7 +71,7 @@ public <C> void inject(
       for (final Map.Entry<String, String> entry : context.baggageItems()) {
         String header = invertedBaggageMapping.get(entry.getKey());
         header = header != null ? header : OT_BAGGAGE_PREFIX + entry.getKey();
-        setter.set(carrier, header, HttpCodec.encode(entry.getValue()));
+        setter.set(carrier, header, HttpCodec.encodeBaggage(entry.getValue()));
       }
 
       // inject x-datadog-tags
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/propagation/HaystackHttpCodec.java b/dd-trace-core/src/main/java/datadog/trace/core/propagation/HaystackHttpCodec.java
index c853051f5b1..af293ec42c3 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/propagation/HaystackHttpCodec.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/propagation/HaystackHttpCodec.java
@@ -99,7 +99,7 @@ public <C> void inject(
         for (final Map.Entry<String, String> entry : context.baggageItems()) {
           String header = invertedBaggageMapping.get(entry.getKey());
           header = header != null ? header : OT_BAGGAGE_PREFIX + entry.getKey();
-          setter.set(carrier, header, HttpCodec.encode(entry.getValue()));
+          setter.set(carrier, header, HttpCodec.encodeBaggage(entry.getValue()));
         }
         log.debug(
             "{} - Haystack parent context injected - {}", context.getTraceId(), injectedTraceId);
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/propagation/HttpCodec.java b/dd-trace-core/src/main/java/datadog/trace/core/propagation/HttpCodec.java
index 6ad75a00751..2e2172c9665 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/propagation/HttpCodec.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/propagation/HttpCodec.java
@@ -194,6 +194,19 @@ static String encode(final String value) {
     return encoded;
   }
 
+  /**
+   * Encodes baggage value according <a href="https://www.w3.org/TR/baggage/#value">W3C RFC</a>.
+   *
+   * @param value The baggage value.
+   * @return The encoded baggage value.
+   */
+  static String encodeBaggage(final String value) {
+    // Fix encoding to comply with https://www.w3.org/TR/baggage/#value and use percent-encoding
+    // (RFC3986)
+    // for space ( ) instead of plus (+) from 'application/x-www-form' MIME encoding
+    return encode(value).replace("+", "%20");
+  }
+
   /** URL decode value */
   static String decode(final String value) {
     String decoded = value;
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/propagation/W3CHttpCodec.java b/dd-trace-core/src/main/java/datadog/trace/core/propagation/W3CHttpCodec.java
index e54d78847c7..13258b270f9 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/propagation/W3CHttpCodec.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/propagation/W3CHttpCodec.java
@@ -81,7 +81,7 @@ public <C> void inject(
       for (final Map.Entry<String, String> entry : context.baggageItems()) {
         String header = invertedBaggageMapping.get(entry.getKey());
         header = header != null ? header : OT_BAGGAGE_PREFIX + entry.getKey();
-        setter.set(carrier, header, HttpCodec.encode(entry.getValue()));
+        setter.set(carrier, header, HttpCodec.encodeBaggage(entry.getValue()));
       }
     }
   }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/scopemanager/ContinuableScopeManager.java b/dd-trace-core/src/main/java/datadog/trace/core/scopemanager/ContinuableScopeManager.java
index 984eec3a6ff..cd1a1dc9d2e 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/scopemanager/ContinuableScopeManager.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/scopemanager/ContinuableScopeManager.java
@@ -149,12 +149,24 @@ private AgentScope activate(
   }
 
   /**
-   * Creates a new scope when a {@link AbstractContinuation} is activated.
+   * Activates a scope for the given {@link AbstractContinuation}.
    *
    * @param continuation {@code null} if a continuation is re-used
    */
   ContinuableScope continueSpan(
       final AbstractContinuation continuation, final AgentSpan span, final byte source) {
+    ScopeStack scopeStack = scopeStack();
+
+    // optimization: if the top scope is already keeping the same span alive
+    // then re-use that scope (avoids allocation) and cancel the continuation
+    final ContinuableScope top = scopeStack.top;
+    if (top != null && top.span.equals(span)) {
+      top.incrementReferences();
+      if (continuation != null) {
+        continuation.cancelFromContinuedScopeClose();
+      }
+      return top;
+    }
 
     final ContinuableScope scope;
     if (continuation != null) {
@@ -162,8 +174,7 @@ ContinuableScope continueSpan(
     } else {
       scope = new ContinuableScope(this, span, source, true);
     }
-
-    scopeStack().push(scope);
+    scopeStack.push(scope);
 
     return scope;
   }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/BaseServiceAdder.java b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/BaseServiceAdder.java
new file mode 100644
index 00000000000..40814606638
--- /dev/null
+++ b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/BaseServiceAdder.java
@@ -0,0 +1,30 @@
+package datadog.trace.core.tagprocessor;
+
+import datadog.trace.api.DDTags;
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString;
+import datadog.trace.core.DDSpanContext;
+import java.util.Map;
+import javax.annotation.Nullable;
+
+public class BaseServiceAdder implements TagsPostProcessor {
+  private final UTF8BytesString ddService;
+
+  public BaseServiceAdder(@Nullable final String ddService) {
+    this.ddService = ddService != null ? UTF8BytesString.create(ddService) : null;
+  }
+
+  @Override
+  public Map<String, Object> processTags(Map<String, Object> unsafeTags) {
+    // we are only able to do something if the span service name is known
+    return unsafeTags;
+  }
+
+  @Override
+  public Map<String, Object> processTagsWithContext(
+      Map<String, Object> unsafeTags, DDSpanContext spanContext) {
+    if (ddService != null && !ddService.toString().equalsIgnoreCase(spanContext.getServiceName())) {
+      unsafeTags.put(DDTags.BASE_SERVICE, ddService);
+    }
+    return unsafeTags;
+  }
+}
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/PostProcessorChain.java b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/PostProcessorChain.java
index 0bcee92062a..ffadb336710 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/PostProcessorChain.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/PostProcessorChain.java
@@ -1,5 +1,6 @@
 package datadog.trace.core.tagprocessor;
 
+import datadog.trace.core.DDSpanContext;
 import java.util.Map;
 import java.util.Objects;
 import javax.annotation.Nonnull;
@@ -13,9 +14,15 @@ public PostProcessorChain(@Nonnull final TagsPostProcessor... processors) {
 
   @Override
   public Map<String, Object> processTags(Map<String, Object> unsafeTags) {
+    return processTagsWithContext(unsafeTags, null);
+  }
+
+  @Override
+  public Map<String, Object> processTagsWithContext(
+      Map<String, Object> unsafeTags, DDSpanContext spanContext) {
     Map<String, Object> currentTags = unsafeTags;
     for (final TagsPostProcessor tagsPostProcessor : chain) {
-      currentTags = tagsPostProcessor.processTags(currentTags);
+      currentTags = tagsPostProcessor.processTagsWithContext(currentTags, spanContext);
     }
     return currentTags;
   }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/QueryObfuscator.java b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/QueryObfuscator.java
index 894b7104cfb..07e4a03db7e 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/QueryObfuscator.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/QueryObfuscator.java
@@ -15,7 +15,7 @@ public class QueryObfuscator implements TagsPostProcessor {
   private static final Logger log = LoggerFactory.getLogger(QueryObfuscator.class);
 
   private static final String DEFAULT_OBFUSCATION_PATTERN =
-      "((?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\\s|%20)*(?:=|%3D)[^&]+|(?:\"|%22)(?:\\s|%20)*(?::|%3A)(?:\\s|%20)*(?:\"|%22)(?:%2[^2]|%[^2]|[^\"%])+(?:\"|%22))|bearer(?:\\s|%20)+[a-z0-9\\._\\-]|token(?::|%3A)[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L](?:[\\w=-]|%3D)+\\.ey[I-L](?:[\\w=-]|%3D)+(?:\\.(?:[\\w.+\\/=-]|%3D|%2F|%2B)+)?|[\\-]{5}BEGIN(?:[a-z\\s]|%20)+PRIVATE(?:\\s|%20)KEY[\\-]{5}[^\\-]+[\\-]{5}END(?:[a-z\\s]|%20)+PRIVATE(?:\\s|%20)KEY|ssh-rsa(?:\\s|%20)*(?:[a-z0-9\\/\\.+]|%2F|%5C|%2B){100,})";
+      "(?i)(?:(?:\"|%22)?)(?:(?:old[-_]?|new[-_]?)?p(?:ass)?w(?:or)?d(?:1|2)?|pass(?:[-_]?phrase)?|secret|(?:api[-_]?|private[-_]?|public[-_]?|access[-_]?|secret[-_]?|app(?:lication)?[-_]?)key(?:[-_]?id)?|token|consumer[-_]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\\s|%20)*(?:=|%3D)[^&]+|(?:\"|%22)(?:\\s|%20)*(?::|%3A)(?:\\s|%20)*(?:\"|%22)(?:%2[^2]|%[^2]|[^\"%])+(?:\"|%22))|(?:bearer(?:\\s|%20)+[a-z0-9._\\-]+|token(?::|%3A)[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L](?:[\\w=-]|%3D)+\\.ey[I-L](?:[\\w=-]|%3D)+(?:\\.(?:[\\w.+/=-]|%3D|%2F|%2B)+)?|-{5}BEGIN(?:[a-z\\s]|%20)+PRIVATE(?:\\s|%20)KEY-{5}[^\\-]+-{5}END(?:[a-z\\s]|%20)+PRIVATE(?:\\s|%20)KEY(?:-{5})?(?:\\n|%0A)?|(?:ssh-(?:rsa|dss)|ecdsa-[a-z0-9]+-[a-z0-9]+)(?:\\s|%20|%09)+(?:[a-z0-9/.+]|%2F|%5C|%2B){100,}(?:=|%3D)*(?:(?:\\s|%20|%09)+[a-z0-9._-]+)?)";
 
   private final Pattern pattern;
 
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessor.java b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessor.java
index 9dae970348a..55baaa2d4ad 100644
--- a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessor.java
+++ b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessor.java
@@ -1,7 +1,13 @@
 package datadog.trace.core.tagprocessor;
 
+import datadog.trace.core.DDSpanContext;
 import java.util.Map;
 
 public interface TagsPostProcessor {
   Map<String, Object> processTags(Map<String, Object> unsafeTags);
+
+  default Map<String, Object> processTagsWithContext(
+      Map<String, Object> unsafeTags, DDSpanContext spanContext) {
+    return processTags(unsafeTags);
+  }
 }
diff --git a/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessorFactory.java b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessorFactory.java
new file mode 100644
index 00000000000..74aa7215629
--- /dev/null
+++ b/dd-trace-core/src/main/java/datadog/trace/core/tagprocessor/TagsPostProcessorFactory.java
@@ -0,0 +1,44 @@
+package datadog.trace.core.tagprocessor;
+
+import datadog.trace.api.Config;
+import java.util.ArrayList;
+import java.util.List;
+
+public final class TagsPostProcessorFactory {
+  private static boolean addBaseService = true;
+
+  private static class Lazy {
+    private static TagsPostProcessor create() {
+      final List<TagsPostProcessor> processors = new ArrayList<>(addBaseService ? 3 : 2);
+      processors.add(new PeerServiceCalculator());
+      if (addBaseService) {
+        processors.add(new BaseServiceAdder(Config.get().getServiceName()));
+      }
+      processors.add(new QueryObfuscator(Config.get().getObfuscationQueryRegexp()));
+      return new PostProcessorChain(
+          processors.toArray(processors.toArray(new TagsPostProcessor[0])));
+    }
+
+    private static TagsPostProcessor instance = create();
+  }
+
+  public static TagsPostProcessor instance() {
+    return Lazy.instance;
+  }
+
+  /**
+   * Mostly used for test purposes.
+   *
+   * @param enabled if false, {@link BaseServiceAdder} is not put in the chain.
+   */
+  public static void withAddBaseService(boolean enabled) {
+    addBaseService = enabled;
+    Lazy.instance = Lazy.create();
+  }
+
+  /** Used for testing purposes. It reset the singleton and restore default options */
+  public static void reset() {
+    withAddBaseService(true);
+    Lazy.instance = Lazy.create();
+  }
+}
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/TracerConnectionReliabilityTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/TracerConnectionReliabilityTest.groovy
index fd2c58f2298..3ebe2a6ed4e 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/TracerConnectionReliabilityTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/TracerConnectionReliabilityTest.groovy
@@ -10,6 +10,7 @@ import datadog.trace.agent.test.utils.PortUtils
 import datadog.trace.api.IdGenerationStrategy
 import datadog.trace.core.CoreTracer
 import datadog.trace.test.util.DDSpecification
+import okhttp3.HttpUrl
 import okhttp3.OkHttpClient
 import okhttp3.Request
 import org.testcontainers.containers.FixedHostPortGenericContainer
@@ -49,8 +50,11 @@ class TracerConnectionReliabilityTest extends DDSpecification {
     def properties = new Properties()
     properties.put("trace.agent.port", Integer.toString(agentContainerPort))
     def sharedCommunicationObjects = new SharedCommunicationObjects()
+    sharedCommunicationObjects.agentUrl = HttpUrl.get("http://localhost:" + agentContainerPort)
+    sharedCommunicationObjects.okHttpClient = client
     def fixedFeaturesDiscovery = new FixedTraceEndpointFeaturesDiscovery(sharedCommunicationObjects)
     sharedCommunicationObjects.setFeaturesDiscovery(fixedFeaturesDiscovery)
+
     tracer = CoreTracer.builder()
       .idGenerationStrategy(IdGenerationStrategy.fromName("SEQUENTIAL"))
       .withProperties(properties)
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterCombinedTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterCombinedTest.groovy
index e4a3561f5ff..453fa72bbcf 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterCombinedTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterCombinedTest.groovy
@@ -290,7 +290,7 @@ class DDAgentWriterCombinedTest extends DDCoreSpecification {
 
   def createMinimalTrace() {
     def context = createMinimalContext()
-    def minimalSpan = new DDSpan("test", 0, context)
+    def minimalSpan = new DDSpan("test", 0, context, null)
     context.getTrace().getRootSpan() >> minimalSpan
     def minimalTrace = [minimalSpan]
 
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterTest.groovy
index 6ff82cecb5b..bfe690a8666 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDAgentWriterTest.groovy
@@ -217,6 +217,6 @@ class DDAgentWriterTest extends DDCoreSpecification {
       NoopPathwayContext.INSTANCE,
       false,
       PropagationTags.factory().empty())
-    return new DDSpan("test", 0, context)
+    return new DDSpan("test", 0, context, null)
   }
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterCombinedTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterCombinedTest.groovy
index 10d01efe86f..e5bd12620b5 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterCombinedTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterCombinedTest.groovy
@@ -745,7 +745,7 @@ class DDIntakeWriterCombinedTest extends DDCoreSpecification {
 
   def createMinimalTrace() {
     def context = createMinimalContext()
-    def minimalSpan = new DDSpan("test", 0, context)
+    def minimalSpan = new DDSpan("test", 0, context, null)
     context.getTrace().getRootSpan() >> minimalSpan
     def minimalTrace = [minimalSpan]
 
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterTest.groovy
index f9e4034e3ba..7bf7831d548 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/DDIntakeWriterTest.groovy
@@ -210,7 +210,7 @@ class DDIntakeWriterTest extends DDCoreSpecification {
       AgentTracer.NoopPathwayContext.INSTANCE,
       false,
       PropagationTags.factory().empty())
-    return new DDSpan("test", 0, context)
+    return new DDSpan("test", 0, context, null)
   }
 
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/PayloadDispatcherImplTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/PayloadDispatcherImplTest.groovy
index e3afc55c643..2f34ead68d8 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/common/writer/PayloadDispatcherImplTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/common/writer/PayloadDispatcherImplTest.groovy
@@ -172,6 +172,6 @@ class PayloadDispatcherImplTest extends DDSpecification {
       NoopPathwayContext.INSTANCE,
       false,
       PropagationTags.factory().empty())
-    return new DDSpan("test", 0, context)
+    return new DDSpan("test", 0, context, null)
   }
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/CoreTracerTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/CoreTracerTest.groovy
index dabfda29584..60f1e0f336f 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/CoreTracerTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/CoreTracerTest.groovy
@@ -1,6 +1,8 @@
 package datadog.trace.core
 
+import datadog.communication.ddagent.DDAgentFeaturesDiscovery
 import datadog.communication.ddagent.SharedCommunicationObjects
+import datadog.communication.monitor.Monitoring
 import datadog.remoteconfig.ConfigurationPoller
 import datadog.remoteconfig.Product
 import datadog.remoteconfig.state.ParsedConfigKey
@@ -8,7 +10,6 @@ import datadog.remoteconfig.state.ProductListener
 import datadog.trace.api.Config
 import datadog.trace.api.StatsDClient
 import datadog.trace.api.sampling.PrioritySampling
-import datadog.trace.bootstrap.instrumentation.api.AgentPropagation
 import datadog.trace.common.sampling.AllSampler
 import datadog.trace.common.sampling.PrioritySampler
 import datadog.trace.common.sampling.RateByServiceTraceSampler
@@ -17,9 +18,11 @@ import datadog.trace.api.sampling.SamplingMechanism
 import datadog.trace.common.writer.DDAgentWriter
 import datadog.trace.common.writer.ListWriter
 import datadog.trace.common.writer.LoggingWriter
-import datadog.trace.core.propagation.DatadogHttpCodec
+import datadog.trace.core.datastreams.DataStreamContextExtractor
 import datadog.trace.core.propagation.HttpCodec
 import datadog.trace.core.test.DDCoreSpecification
+import okhttp3.HttpUrl
+import okhttp3.OkHttpClient
 import spock.lang.Timeout
 
 import java.nio.charset.StandardCharsets
@@ -49,8 +52,8 @@ class CoreTracerTest extends DDCoreSpecification {
     tracer.writer instanceof DDAgentWriter
     tracer.statsDClient != null && tracer.statsDClient != StatsDClient.NO_OP
 
-    tracer.injector instanceof HttpCodec.CompoundInjector
-    tracer.extractor instanceof HttpCodec.CompoundExtractor
+    tracer.propagate().injector instanceof HttpCodec.CompoundInjector
+    tracer.propagate().extractor instanceof DataStreamContextExtractor
 
     cleanup:
     tracer.close()
@@ -174,13 +177,10 @@ class CoreTracerTest extends DDCoreSpecification {
 
     when:
     def tracer = tracerBuilder().build()
-    // Datadog extractor gets placed first
-    def taggedHeaders = tracer.extractor.extractors[0].traceConfigSupplier.get().requestHeaderTags
 
     then:
     tracer.defaultSpanTags == map
     tracer.captureTraceConfig().serviceMapping == map
-    taggedHeaders == map
 
     cleanup:
     tracer.close()
@@ -197,21 +197,17 @@ class CoreTracerTest extends DDCoreSpecification {
 
     when:
     def tracer = tracerBuilder().build()
-    // Datadog extractor gets placed first
-    def baggageMapping = tracer.extractor.extractors[0].traceConfigSupplier.get().baggageMapping
-    def invertedBaggageMapping = tracer.injector.injectors[0].invertedBaggageMapping
 
     then:
-    baggageMapping == map
-    invertedBaggageMapping == invertedMap
+    tracer.captureTraceConfig().baggageMapping == map
 
     cleanup:
     tracer.close()
 
     where:
-    mapString               | map              | invertedMap
-    "a:one, a:two, a:three" | [a: "three"]     | [three: "a"]
-    "a:b,c:d,e:"            | [a: "b", c: "d"] | [b: "a", d: "c"]
+    mapString               | map
+    "a:one, a:two, a:three" | [a: "three"]
+    "a:b,c:d,e:"            | [a: "b", c: "d"]
   }
 
   def "verify overriding host"() {
@@ -326,94 +322,18 @@ class CoreTracerTest extends DDCoreSpecification {
     tracer.close()
   }
 
-  def "span priority set when injecting"() {
-    given:
-    injectSysConfig("writer.type", "LoggingWriter")
-    def tracer = tracerBuilder().build()
-    def setter = Mock(AgentPropagation.Setter)
-    def carrier = new Object()
-
-    when:
-    def root = tracer.buildSpan("operation").start()
-    def child = tracer.buildSpan('my_child').asChildOf(root).start()
-    tracer.inject(child.context(), carrier, setter)
-
-    then:
-    root.getSamplingPriority() == PrioritySampling.SAMPLER_KEEP
-    child.getSamplingPriority() == root.getSamplingPriority()
-    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(PrioritySampling.SAMPLER_KEEP))
-
-    cleanup:
-    child.finish()
-    root.finish()
-    tracer.close()
-  }
-
-  def "span priority only set after first injection"() {
-    given:
-    def sampler = new ControllableSampler()
-    def tracer = tracerBuilder().writer(new LoggingWriter()).sampler(sampler).build()
-    def setter = Mock(AgentPropagation.Setter)
-    def carrier = new Object()
-
-    when:
-    def root = tracer.buildSpan("operation").start()
-    def child = tracer.buildSpan('my_child').asChildOf(root).start()
-    tracer.inject(child.context(), carrier, setter)
-
-    then:
-    root.getSamplingPriority() == PrioritySampling.SAMPLER_KEEP
-    child.getSamplingPriority() == root.getSamplingPriority()
-    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(PrioritySampling.SAMPLER_KEEP))
-
-    when:
-    sampler.nextSamplingPriority = PrioritySampling.SAMPLER_DROP
-    def child2 = tracer.buildSpan('my_child2').asChildOf(root).start()
-    tracer.inject(child2.context(), carrier, setter)
-
-    then:
-    root.getSamplingPriority() == PrioritySampling.SAMPLER_KEEP
-    child.getSamplingPriority() == root.getSamplingPriority()
-    child2.getSamplingPriority() == root.getSamplingPriority()
-    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(PrioritySampling.SAMPLER_KEEP))
-
-    cleanup:
-    child.finish()
-    child2.finish()
-    root.finish()
-    tracer.close()
-  }
-
-  def "injection doesn't override set priority"() {
-    given:
-    def sampler = new ControllableSampler()
-    def tracer = tracerBuilder().writer(new LoggingWriter()).sampler(sampler).build()
-    def setter = Mock(AgentPropagation.Setter)
-    def carrier = new Object()
-
-    when:
-    def root = tracer.buildSpan("operation").start()
-    def child = tracer.buildSpan('my_child').asChildOf(root).start()
-    child.setSamplingPriority(PrioritySampling.USER_DROP)
-    tracer.inject(child.context(), carrier, setter)
-
-    then:
-    root.getSamplingPriority() == PrioritySampling.USER_DROP
-    child.getSamplingPriority() == root.getSamplingPriority()
-    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(PrioritySampling.USER_DROP))
-
-    cleanup:
-    child.finish()
-    root.finish()
-    tracer.close()
-  }
-
   def "verify configuration polling"() {
     setup:
     def key = ParsedConfigKey.parse("datadog/2/APM_TRACING/config_overrides/config")
-    def sco = Mock(SharedCommunicationObjects)
     def poller = Mock(ConfigurationPoller)
-    sco.configurationPoller(_ as Config) >> poller
+    def sco = new SharedCommunicationObjects(
+      okHttpClient: Mock(OkHttpClient),
+      monitoring: Mock(Monitoring),
+      agentUrl: HttpUrl.get('https://example.com'),
+      featuresDiscovery: Mock(DDAgentFeaturesDiscovery),
+      configurationPoller: poller
+      )
+
     def updater
 
     when:
@@ -499,7 +419,7 @@ class CoreTracerTest extends DDCoreSpecification {
     tracer.captureTraceConfig().traceSampleRate == null
 
     cleanup:
-    tracer.close()
+    tracer?.close()
   }
 }
 
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanContextTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanContextTest.groovy
index 35f8fc58d83..0f6c6db868b 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanContextTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanContextTest.groovy
@@ -265,7 +265,9 @@ class DDSpanContextTest extends DDCoreSpecification {
 
     then: "encoded operation name matches operation name"
     1 * profilingContextIntegration.encode("fakeOperation") >> 1
+    1 * profilingContextIntegration.encode("fakeResource") >> -1
     span.context.encodedOperationName == 1
+    span.context.encodedResourceName == -1
 
     when:
     span.setOperationName("newOperationName")
@@ -273,6 +275,13 @@ class DDSpanContextTest extends DDCoreSpecification {
     then:
     1 * profilingContextIntegration.encode("newOperationName") >> 2
     span.context.encodedOperationName == 2
+
+    when:
+    span.setResourceName("newResourceName")
+
+    then:
+    1 * profilingContextIntegration.encode("newResourceName") >> -2
+    span.context.encodedResourceName == -2
   }
 
   private static String dataTag(String tag) {
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanLinkTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanLinkTest.groovy
new file mode 100644
index 00000000000..c35bea2c02a
--- /dev/null
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanLinkTest.groovy
@@ -0,0 +1,197 @@
+package datadog.trace.core
+
+import datadog.trace.api.Config
+import datadog.trace.api.DDSpanId
+import datadog.trace.api.DDTraceId
+import datadog.trace.api.DynamicConfig
+import datadog.trace.bootstrap.instrumentation.api.ContextVisitors
+import datadog.trace.bootstrap.instrumentation.api.SpanLink
+import datadog.trace.bootstrap.instrumentation.api.SpanLinkAttributes
+import datadog.trace.common.writer.ListWriter
+import datadog.trace.core.propagation.ExtractedContext
+import datadog.trace.core.propagation.W3CHttpCodec
+import datadog.trace.core.test.DDCoreSpecification
+import groovy.json.JsonSlurper
+import spock.lang.Shared
+
+import java.util.stream.IntStream
+
+import static datadog.trace.api.DDTags.SPAN_LINKS
+import static datadog.trace.bootstrap.instrumentation.api.AgentSpanLink.DEFAULT_FLAGS
+import static datadog.trace.bootstrap.instrumentation.api.AgentSpanLink.SAMPLED_FLAG
+import static datadog.trace.bootstrap.instrumentation.api.SpanLinkAttributes.EMPTY
+import static datadog.trace.core.propagation.W3CHttpCodec.TRACE_PARENT_KEY
+import static datadog.trace.core.propagation.W3CHttpCodec.TRACE_STATE_KEY
+import static java.util.stream.Collectors.toList
+
+class DDSpanLinkTest extends DDCoreSpecification {
+  @Shared def writer = new ListWriter()
+  @Shared def tracer = tracerBuilder().writer(writer).build()
+
+  def cleanup() {
+    tracer?.close()
+  }
+
+  def "create span link from extracted context"() {
+    setup:
+    def traceId = "11223344556677889900aabbccddeeff"
+    def spanId = "123456789abcdef0"
+    def traceState = "dd=s:$sample;o:some;t.dm:-4"
+    Map<String, String> headers = [
+      (TRACE_PARENT_KEY.toUpperCase()): "00-$traceId-$spanId-$traceFlags",
+      (TRACE_STATE_KEY.toUpperCase()) : "$traceState"
+    ]
+    def extractor = W3CHttpCodec.newExtractor(Config.get(), { DynamicConfig.create().apply().captureTraceConfig() })
+
+    when:
+    ExtractedContext context = extractor.extract(headers, ContextVisitors.stringValuesMap()) as ExtractedContext
+    def link = DDSpanLink.from(context)
+
+    then:
+    link.traceId() == DDTraceId.fromHex(traceId)
+    link.spanId() == DDSpanId.fromHex(spanId)
+    link.traceFlags() == (sampled ? SAMPLED_FLAG : DEFAULT_FLAGS)
+    link.traceState() == "$traceState;t.tid:${traceId.substring(0, 16)}"
+
+    where:
+    sampled << [true, false]
+    traceFlags = sampled ? '01' : '00'
+    sample = sampled ? '1' : '-1'
+  }
+
+  def "test span link encoding - tag max size"() {
+    setup:
+    def tooManyLinkCount = 300
+    def builder = tracer.buildSpan("test", "operation")
+    def links = IntStream.range(0, tooManyLinkCount).mapToObj {createLink(it)}.collect(toList())
+    def slurper = new JsonSlurper()
+
+    when:
+    for (def link : links) {
+      builder.withLink(link)
+    }
+    def span = builder.start()
+    span.finish()
+    // Wait for flush and get the first trace / first span links from tags
+    writer.waitForTraces(1)
+    def spanLinksTag = writer[0][0].tags[SPAN_LINKS] as String
+    // Parse span links JSON data
+    def decodedSpanLinks = slurper.parseText(spanLinksTag) as List
+
+    then:
+    spanLinksTag.length() < DDSpanLink.TAG_MAX_LENGTH
+    decodedSpanLinks.size() < tooManyLinkCount
+    spanLinksTag.length() / decodedSpanLinks.size() * (decodedSpanLinks.size() + 1) > DDSpanLink.TAG_MAX_LENGTH
+    for (i in 0..<decodedSpanLinks.size()) {
+      assertLink(links[i], decodedSpanLinks[i] as DDSpanLink.SpanLinkJson)
+    }
+  }
+
+  def "test span links encoding - omitted empty keys"() {
+    setup:
+    def builder = tracer.buildSpan("test", "operation")
+    def link = new SpanLink(
+      DDTraceId.fromHex("11223344556677889900aabbccddeeff"),
+      DDSpanId.fromHex("123456789abcdef0"),
+      DEFAULT_FLAGS,
+      "",
+      EMPTY
+      )
+
+    when:
+    def span = builder.withLink(link).start()
+    span.finish()
+    // Wait for flush and get the first trace / first span links from tags
+    writer.waitForTraces(1)
+    def spanLinksTag = writer[0][0].tags[SPAN_LINKS] as String
+
+    then:
+    spanLinksTag == '[{"spanId":"123456789abcdef0","traceId":"11223344556677889900aabbccddeeff"}]'
+  }
+
+  def "add span link at any time"() {
+    setup:
+    def builder = tracer.buildSpan("test", "operation")
+    def links = []
+    def slurper = new JsonSlurper()
+
+    when:
+    if (beforeStart) {
+      def link = createLink(0)
+      builder.withLink(link)
+      links += link
+    }
+    def span = builder.start()
+    if (afterStart) {
+      def link = createLink(1)
+      span.addLink(link)
+      links += link
+    }
+    span.finish()
+    // Wait for flush and get the first trace / first span links from tags
+    writer.waitForTraces(1)
+    def spanLinksTag = writer[0][0].tags[SPAN_LINKS] as String
+    // Parse span links JSON data
+    def decodedSpanLinks = spanLinksTag == null ? [] : slurper.parseText(spanLinksTag) as List
+
+    then:
+    decodedSpanLinks.size() == (beforeStart ? 1 : 0) + (afterStart ? 1 : 0)
+    for (i in 0..<decodedSpanLinks.size()) {
+      assertLink(links[i], decodedSpanLinks[i] as DDSpanLink.SpanLinkJson)
+    }
+
+    where:
+    beforeStart | afterStart
+    false       | false
+    true        | false
+    false       | true
+    true        | true
+  }
+
+  def "filter null links"() {
+    setup:
+    def builder = tracer.buildSpan("test", "operation")
+
+    when:
+    def span = builder.withLink(null).start()
+    span.addLink(null)
+    span.finish()
+    // Wait for flush and get the first trace / first span links from tags
+    writer.waitForTraces(1)
+    def spanLinksTag = writer[0][0].tags[SPAN_LINKS] as String
+
+    then:
+    spanLinksTag == null
+  }
+
+  def createLink(int index) {
+    def attributes = ['link-index': Integer.toString(index)]
+
+    return new SpanLink(
+      DDTraceId.fromHex(String.format("11223344556677889900aabbccdd%04d", index)),
+      DDSpanId.fromHex(String.format("123456789abc%04d", index)),
+      index % 2 == 0 ? SAMPLED_FLAG : DEFAULT_FLAGS,
+      "",
+      SpanLinkAttributes.fromMap(attributes))
+  }
+
+  def assertLink(SpanLink expected, DDSpanLink.SpanLinkJson actual) {
+    assert expected.traceId().toHexString() == actual.traceId
+    assert DDSpanId.toHexString(expected.spanId()) == actual.spanId
+    if (expected.traceFlags() == DEFAULT_FLAGS) {
+      assert null == actual.traceFlags
+    } else {
+      assert expected.traceFlags() == actual.traceFlags
+    }
+    if (expected.traceState().isEmpty()) {
+      assert null == actual.traceState
+    } else {
+      assert expected.traceState() == actual.traceState
+    }
+    if (expected.attributes().isEmpty()) {
+      assert null == actual.attributes
+    } else {
+      assert expected.attributes().asMap() == actual.attributes
+    }
+  }
+}
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanSerializationTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanSerializationTest.groovy
index a40e2ab6797..94b9fb4c22b 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanSerializationTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanSerializationTest.groovy
@@ -27,7 +27,7 @@ class DDSpanSerializationTest extends DDCoreSpecification {
     def traceId = DDTraceId.from(value)
     def spanId = DDSpanId.from(value)
     def context = createContext(spanType, tracer, traceId, spanId)
-    def span = DDSpan.create("test", 0, context)
+    def span = DDSpan.create("test", 0, context, null)
     CaptureBuffer capture = new CaptureBuffer()
     def packer = new MsgPackWriter(new FlushingBuffer(1024, capture))
     packer.format(Collections.singletonList(span), new TraceMapperV0_4())
@@ -88,7 +88,7 @@ class DDSpanSerializationTest extends DDCoreSpecification {
     def traceId = DDTraceId.from(value)
     def spanId = DDSpanId.from(value)
     def context = createContext(spanType, tracer, traceId, spanId)
-    def span = DDSpan.create("test", 0, context)
+    def span = DDSpan.create("test", 0, context, null)
     CaptureBuffer capture = new CaptureBuffer()
     def packer = new MsgPackWriter(new FlushingBuffer(1024, capture))
     def traceMapper = new TraceMapperV0_5()
@@ -173,7 +173,7 @@ class DDSpanSerializationTest extends DDCoreSpecification {
       null,
       injectBaggage)
     context.setAllTags(tags)
-    def span = DDSpan.create("test", 0, context)
+    def span = DDSpan.create("test", 0, context, null)
     CaptureBuffer capture = new CaptureBuffer()
     def packer = new MsgPackWriter(new FlushingBuffer(1024, capture))
     packer.format(Collections.singletonList(span), new TraceMapperV0_4())
@@ -249,7 +249,7 @@ class DDSpanSerializationTest extends DDCoreSpecification {
       null,
       injectBaggage)
     context.setAllTags(tags)
-    def span = DDSpan.create("test", 0, context)
+    def span = DDSpan.create("test", 0, context, null)
     CaptureBuffer capture = new CaptureBuffer()
     def packer = new MsgPackWriter(new FlushingBuffer(1024, capture))
     def mapper = new TraceMapperV0_5()
@@ -327,7 +327,7 @@ class DDSpanSerializationTest extends DDCoreSpecification {
       'sub1': 'v1',
       'sub2': 'v2'
     ])
-    def span = DDSpan.create("test", 0, context)
+    def span = DDSpan.create("test", 0, context, null)
 
     CaptureBuffer capture = new CaptureBuffer()
     def packer = new MsgPackWriter(new FlushingBuffer(1024, capture))
@@ -397,7 +397,7 @@ class DDSpanSerializationTest extends DDCoreSpecification {
       'sub1': 'v1',
       'sub2': 'v2'
     ])
-    def span = DDSpan.create("test", 0, context)
+    def span = DDSpan.create("test", 0, context, null)
 
     CaptureBuffer capture = new CaptureBuffer()
     def packer = new MsgPackWriter(new FlushingBuffer(1024, capture))
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanTest.groovy
index dcc8a5a6d37..ecccd01274d 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/DDSpanTest.groovy
@@ -1,25 +1,19 @@
 package datadog.trace.core
 
-import datadog.trace.api.Config
 import datadog.trace.api.DDSpanId
 import datadog.trace.api.DDTags
 import datadog.trace.api.DDTraceId
-import datadog.trace.api.DynamicConfig
 import datadog.trace.api.gateway.RequestContextSlot
 import datadog.trace.api.sampling.PrioritySampling
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer.NoopPathwayContext
-import datadog.trace.bootstrap.instrumentation.api.ContextVisitors
 import datadog.trace.bootstrap.instrumentation.api.ErrorPriorities
-import datadog.trace.bootstrap.instrumentation.api.SpanLink
 import datadog.trace.bootstrap.instrumentation.api.TagContext
 import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString
 import datadog.trace.common.sampling.RateByServiceTraceSampler
 import datadog.trace.common.writer.ListWriter
 import datadog.trace.core.propagation.ExtractedContext
-import datadog.trace.core.propagation.W3CHttpCodec
 import datadog.trace.core.test.DDCoreSpecification
-import groovy.json.JsonSlurper
 import spock.lang.Shared
 
 import java.util.concurrent.TimeUnit
@@ -29,8 +23,6 @@ import static datadog.trace.api.sampling.SamplingMechanism.SPAN_SAMPLING_RATE
 import static datadog.trace.core.DDSpanContext.SPAN_SAMPLING_MAX_PER_SECOND_TAG
 import static datadog.trace.core.DDSpanContext.SPAN_SAMPLING_MECHANISM_TAG
 import static datadog.trace.core.DDSpanContext.SPAN_SAMPLING_RULE_RATE_TAG
-import static datadog.trace.core.propagation.W3CHttpCodec.TRACE_PARENT_KEY
-import static datadog.trace.core.propagation.W3CHttpCodec.TRACE_STATE_KEY
 
 class DDSpanTest extends DDCoreSpecification {
 
@@ -468,60 +460,4 @@ class DDSpanTest extends DDCoreSpecification {
     then:
     span.isError()
   }
-
-  def "create span link from extracted context"() {
-    setup:
-    def traceId = "11223344556677889900aabbccddeeff"
-    def spanId = "123456789abcdef0"
-    def traceState = "dd=s:-1;o:some;t.dm:-4"
-    Map<String, String> headers = [
-      (TRACE_PARENT_KEY.toUpperCase()): "00-$traceId-$spanId-00",
-      (TRACE_STATE_KEY.toUpperCase()) : "$traceState"
-    ]
-    def extractor = W3CHttpCodec.newExtractor(Config.get(), { DynamicConfig.create().apply().captureTraceConfig() })
-
-    when:
-    final ExtractedContext context = extractor.extract(headers, ContextVisitors.stringValuesMap())
-    def link = DDSpanLink.from(context)
-
-    then:
-    link.traceId() == DDTraceId.fromHex(traceId)
-    link.spanId() == DDSpanId.fromHex(spanId)
-    link.traceState() == "$traceState;t.tid:${traceId.substring(0, 16)}"
-  }
-
-  def "test span link attributes encoding"() {
-    when:
-    def span = tracer.buildSpan("test", "operation").withLink(new SpanLink(
-      DDTraceId.fromHex("11223344556677889900aabbccddeeff"),
-      DDSpanId.fromHex("1234567890abcdef"),
-      "",
-      ['key1': 'value1',
-        'key2': '',
-        'key3': '"',
-        'key4': 'value,key=value']
-      )).start()
-    def spanLinksJson = span.getTag(DDTags.SPAN_LINKS)
-
-    then:
-    spanLinksJson != null
-    spanLinksJson instanceof String
-
-    when:
-    def slurper = new JsonSlurper()
-    def spanLinks = slurper.parseText(spanLinksJson as String)
-
-    then:
-    spanLinks instanceof List
-    spanLinks.size == 1
-    spanLinks[0].attributes instanceof Map
-    spanLinks[0].attributes instanceof Map
-    spanLinks[0].attributes['key1'] == 'value1'
-    spanLinks[0].attributes['key2'] == ''
-    spanLinks[0].attributes['key3'] == '"'
-    spanLinks[0].attributes['key4'] == 'value,key=value'
-
-    cleanup:
-    span.finish()
-  }
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceBufferTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceBufferTest.groovy
index 3fddda9cca4..19f6a9c2a06 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceBufferTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceBufferTest.groovy
@@ -467,7 +467,7 @@ class PendingTraceBufferTest extends DDSpecification {
       NoopPathwayContext.INSTANCE,
       false,
       PropagationTags.factory().empty())
-    return DDSpan.create("test", 0, context)
+    return DDSpan.create("test", 0, context, null)
   }
 
   static DDSpan newSpanOf(DDSpan parent) {
@@ -492,6 +492,6 @@ class PendingTraceBufferTest extends DDSpecification {
       NoopPathwayContext.INSTANCE,
       false,
       PropagationTags.factory().empty())
-    return DDSpan.create("test", 0, context)
+    return DDSpan.create("test", 0, context, null)
   }
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceTest.groovy
index ce2e13a566c..6be4322e57c 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/PendingTraceTest.groovy
@@ -41,7 +41,8 @@ class PendingTraceTest extends PendingTraceTestBase {
       null,
       AgentTracer.NoopPathwayContext.INSTANCE,
       false,
-      PropagationTags.factory().empty()))
+      PropagationTags.factory().empty()),
+      null)
   }
 
   @Timeout(value = 60, unit = TimeUnit.SECONDS)
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DataStreamsWritingTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DataStreamsWritingTest.groovy
index f243bbf66d4..35b5a595754 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DataStreamsWritingTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DataStreamsWritingTest.groovy
@@ -4,6 +4,7 @@ import datadog.communication.ddagent.DDAgentFeaturesDiscovery
 import datadog.communication.ddagent.SharedCommunicationObjects
 import datadog.communication.http.OkHttpUtils
 import datadog.trace.api.Config
+import datadog.trace.api.TraceConfig
 import datadog.trace.api.WellKnownTags
 import datadog.trace.api.time.ControllableTimeSource
 import datadog.trace.bootstrap.instrumentation.api.StatsPoint
@@ -19,11 +20,10 @@ import spock.lang.AutoCleanup
 import spock.lang.Shared
 import spock.util.concurrent.PollingConditions
 
-import static datadog.trace.agent.test.server.http.TestHttpServer.httpServer
 import static DefaultDataStreamsMonitoring.DEFAULT_BUCKET_DURATION_NANOS
+import static datadog.trace.agent.test.server.http.TestHttpServer.httpServer
 import static java.util.concurrent.TimeUnit.SECONDS
 
-
 /**
  * This test class exists because a real integration test is not possible. see DataStreamsIntegrationTest
  */
@@ -71,18 +71,22 @@ class DataStreamsWritingTest extends DDCoreSpecification {
 
     def timeSource = new ControllableTimeSource()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(fakeConfig, sharedCommObjects, timeSource)
+    def dataStreams = new DefaultDataStreamsMonitoring(fakeConfig, sharedCommObjects, timeSource, { traceConfig })
     dataStreams.start()
-    dataStreams.add(new StatsPoint([], 9, 0, timeSource.currentTimeNanos, 0, 0))
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
-    dataStreams.trackBacklog(new LinkedHashMap<>(["partition":"1", "topic":"testTopic", "type":"kafka_produce"]), 100)
-    dataStreams.trackBacklog(new LinkedHashMap<>(["partition":"1", "topic":"testTopic", "type":"kafka_produce"]), 130)
+    dataStreams.add(new StatsPoint([], 9, 0, timeSource.currentTimeNanos, 0, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    dataStreams.trackBacklog(new LinkedHashMap<>(["partition": "1", "topic": "testTopic", "type": "kafka_produce"]), 100)
+    dataStreams.trackBacklog(new LinkedHashMap<>(["partition": "1", "topic": "testTopic", "type": "kafka_produce"]), 130)
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS - 100l)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(10), SECONDS.toNanos(10)))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(10), SECONDS.toNanos(10), 10))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(5), SECONDS.toNanos(5)))
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, SECONDS.toNanos(2), 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(5), SECONDS.toNanos(5), 5))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, SECONDS.toNanos(2), 0, 2))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -102,7 +106,7 @@ class DataStreamsWritingTest extends DDCoreSpecification {
     BufferedSource bufferedSource = Okio.buffer(gzipSource)
     MessageUnpacker unpacker = MessagePack.newDefaultUnpacker(bufferedSource.inputStream())
 
-    assert unpacker.unpackMapHeader() == 6
+    assert unpacker.unpackMapHeader() == 7
     assert unpacker.unpackString() == "Env"
     assert unpacker.unpackString() == "test"
     assert unpacker.unpackString() == "Service"
@@ -113,6 +117,8 @@ class DataStreamsWritingTest extends DDCoreSpecification {
     assert unpacker.unpackString() == "region-1"
     assert unpacker.unpackString() == "TracerVersion"
     assert unpacker.unpackString() == DDTraceCoreInfo.VERSION
+    assert unpacker.unpackString() == "Version"
+    assert unpacker.unpackString() == "version"
     assert unpacker.unpackString() == "Stats"
     assert unpacker.unpackArrayHeader() == 2  // 2 time buckets
 
@@ -125,15 +131,17 @@ class DataStreamsWritingTest extends DDCoreSpecification {
     assert unpacker.unpackString() == "Stats"
     assert unpacker.unpackArrayHeader() == 2 // 2 groups in first bucket
 
-    Set availableSizes = [4, 5] // we don't know the order the groups will be reported
+    Set availableSizes = [5, 6] // we don't know the order the groups will be reported
     2.times {
       int mapHeaderSize = unpacker.unpackMapHeader()
       assert availableSizes.remove(mapHeaderSize)
-      if (mapHeaderSize == 4) {  // empty topic group
+      if (mapHeaderSize == 5) {  // empty topic group
         assert unpacker.unpackString() == "PathwayLatency"
         unpacker.skipValue()
         assert unpacker.unpackString() == "EdgeLatency"
         unpacker.skipValue()
+        assert unpacker.unpackString() == "PayloadSize"
+        unpacker.skipValue()
         assert unpacker.unpackString() == "Hash"
         assert unpacker.unpackLong() == 9
         assert unpacker.unpackString() == "ParentHash"
@@ -143,6 +151,8 @@ class DataStreamsWritingTest extends DDCoreSpecification {
         unpacker.skipValue()
         assert unpacker.unpackString() == "EdgeLatency"
         unpacker.skipValue()
+        assert unpacker.unpackString() == "PayloadSize"
+        unpacker.skipValue()
         assert unpacker.unpackString() == "Hash"
         assert unpacker.unpackLong() == 1
         assert unpacker.unpackString() == "ParentHash"
@@ -178,11 +188,13 @@ class DataStreamsWritingTest extends DDCoreSpecification {
 
     Set<Long> availableHashes = [1L, 3L] // we don't know the order the groups will be reported
     2.times {
-      assert unpacker.unpackMapHeader() == 5
+      assert unpacker.unpackMapHeader() == 6
       assert unpacker.unpackString() == "PathwayLatency"
       unpacker.skipValue()
       assert unpacker.unpackString() == "EdgeLatency"
       unpacker.skipValue()
+      assert unpacker.unpackString() == "PayloadSize"
+      unpacker.skipValue()
       assert unpacker.unpackString() == "Hash"
       def hash = unpacker.unpackLong()
       assert availableHashes.remove(hash)
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultDataStreamsMonitoringTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultDataStreamsMonitoringTest.groovy
index ab1fee6df1b..ce99bae9041 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultDataStreamsMonitoringTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultDataStreamsMonitoringTest.groovy
@@ -1,6 +1,7 @@
 package datadog.trace.core.datastreams
 
 import datadog.communication.ddagent.DDAgentFeaturesDiscovery
+import datadog.trace.api.TraceConfig
 import datadog.trace.api.WellKnownTags
 import datadog.trace.api.experimental.DataStreamsContextCarrier
 import datadog.trace.api.time.ControllableTimeSource
@@ -20,20 +21,24 @@ import static java.util.concurrent.TimeUnit.SECONDS
 class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
   def wellKnownTags = new WellKnownTags("runtimeid", "hostname", "testing", "service", "version", "java")
 
-  def "No payloads written if data streams not supported"() {
+  def "No payloads written if data streams not supported or not enabled"() {
     given:
     def conditions = new PollingConditions(timeout: 1)
     def features = Stub(DDAgentFeaturesDiscovery) {
-      supportsDataStreams() >> false
+      supportsDataStreams() >> enabledAtAgent
     }
     def timeSource = new ControllableTimeSource()
     def payloadWriter = Mock(DatastreamsPayloadWriter)
     def sink = Mock(Sink)
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> enabledInConfig
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 0, 0, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 0, 0, timeSource.currentTimeNanos, 0, 0, 0))
     dataStreams.report()
 
     then:
@@ -45,6 +50,12 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
 
     cleanup:
     dataStreams.close()
+
+    where:
+    enabledAtAgent | enabledInConfig
+    false          | true
+    true           | false
+    false          | false
   }
 
   def "Context carrier adapter test"() {
@@ -79,10 +90,14 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -121,10 +136,14 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def payloadWriter = new CapturingPayloadWriter()
     def bucketDuration = TimeUnit.MILLISECONDS.toNanos(200)
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, bucketDuration)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, bucketDuration)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(bucketDuration)
 
     then:
@@ -160,12 +179,16 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 3, 4, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 3, 4, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS - 100l)
     dataStreams.report()
 
@@ -202,12 +225,16 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS - 100l)
     dataStreams.close()
 
@@ -254,14 +281,18 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.trackBacklog(new LinkedHashMap<>(["consumer_group":"testGroup", "partition":"2", "topic":"testTopic", "type":"kafka_commit"]), 23)
-    dataStreams.trackBacklog(new LinkedHashMap<>(["consumer_group":"testGroup", "partition":"2", "topic":"testTopic", "type":"kafka_commit"]), 24)
-    dataStreams.trackBacklog(new LinkedHashMap<>(["partition":"2", "topic":"testTopic", "type":"kafka_produce"]), 23)
-    dataStreams.trackBacklog(new LinkedHashMap<>(["partition":"2", "topic":"testTopic2", "type":"kafka_produce"]), 23)
-    dataStreams.trackBacklog(new LinkedHashMap<>(["partition":"2", "topic":"testTopic", "type":"kafka_produce"]), 45)
+    dataStreams.trackBacklog(new LinkedHashMap<>(["consumer_group": "testGroup", "partition": "2", "topic": "testTopic", "type": "kafka_commit"]), 23)
+    dataStreams.trackBacklog(new LinkedHashMap<>(["consumer_group": "testGroup", "partition": "2", "topic": "testTopic", "type": "kafka_commit"]), 24)
+    dataStreams.trackBacklog(new LinkedHashMap<>(["partition": "2", "topic": "testTopic", "type": "kafka_produce"]), 23)
+    dataStreams.trackBacklog(new LinkedHashMap<>(["partition": "2", "topic": "testTopic2", "type": "kafka_produce"]), 23)
+    dataStreams.trackBacklog(new LinkedHashMap<>(["partition": "2", "topic": "testTopic", "type": "kafka_produce"]), 45)
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -305,12 +336,16 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -358,15 +393,19 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS - 100l)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(10), SECONDS.toNanos(10)))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(10), SECONDS.toNanos(10), 10))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(5), SECONDS.toNanos(5)))
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, SECONDS.toNanos(2), 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, SECONDS.toNanos(5), SECONDS.toNanos(5), 5))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic2"], 3, 4, timeSource.currentTimeNanos, SECONDS.toNanos(2), 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -431,10 +470,14 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when: "reporting points when data streams is not supported"
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -464,7 +507,7 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     timeSource.advance(FEATURE_CHECK_INTERVAL_NANOS)
     dataStreams.report()
 
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -501,12 +544,16 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     def sink = Mock(Sink)
     def payloadWriter = new CapturingPayloadWriter()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when: "reporting points after a downgrade"
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.start()
     supportsDataStreaming = false
     dataStreams.onEvent(EventListener.EventType.DOWNGRADED, "")
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -523,7 +570,166 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     timeSource.advance(FEATURE_CHECK_INTERVAL_NANOS)
     dataStreams.report()
 
-    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0))
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "points are now reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert payloadWriter.buckets.size() == 1
+    }
+
+    with(payloadWriter.buckets.get(0)) {
+      groups.size() == 1
+
+      with(groups.iterator().next()) {
+        edgeTags.containsAll(["type:testType", "group:testGroup", "topic:testTopic"])
+        edgeTags.size() == 3
+        hash == 1
+        parentHash == 2
+      }
+    }
+
+    cleanup:
+    payloadWriter.close()
+    dataStreams.close()
+  }
+
+  def "dynamic config enable and disable"() {
+    given:
+    def conditions = new PollingConditions(timeout: 1)
+    boolean supportsDataStreaming = true
+    def features = Mock(DDAgentFeaturesDiscovery) {
+      supportsDataStreams() >> { return supportsDataStreaming }
+    }
+    def timeSource = new ControllableTimeSource()
+    def sink = Mock(Sink)
+    def payloadWriter = new CapturingPayloadWriter()
+
+    boolean dsmEnabled = false
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return dsmEnabled }
+    }
+
+    when: "reporting points when data streams is not enabled"
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.start()
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "no buckets are reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert dataStreams.thread.state != Thread.State.RUNNABLE
+    }
+
+    payloadWriter.buckets.isEmpty()
+
+    when: "submitting points after dynamically enabled"
+    dsmEnabled = true
+    dataStreams.report()
+
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "points are now reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert payloadWriter.buckets.size() == 1
+    }
+
+    with(payloadWriter.buckets.get(0)) {
+      groups.size() == 1
+
+      with(groups.iterator().next()) {
+        edgeTags.containsAll(["type:testType", "group:testGroup", "topic:testTopic"])
+        edgeTags.size() == 3
+        hash == 1
+        parentHash == 2
+      }
+    }
+
+    when: "disabling data streams dynamically"
+    dsmEnabled = false
+    dataStreams.report()
+
+    then: "inbox is processed"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+    }
+
+    when: "submitting points after being disabled"
+    payloadWriter.buckets.clear()
+
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "points are no longer reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert payloadWriter.buckets.isEmpty()
+    }
+
+    cleanup:
+    payloadWriter.close()
+    dataStreams.close()
+  }
+
+  def "feature and dynamic config upgrade interactions"() {
+    given:
+    def conditions = new PollingConditions(timeout: 1)
+    boolean supportsDataStreaming = false
+    def features = Mock(DDAgentFeaturesDiscovery) {
+      supportsDataStreams() >> { return supportsDataStreaming }
+    }
+    def timeSource = new ControllableTimeSource()
+    def sink = Mock(Sink)
+    def payloadWriter = new CapturingPayloadWriter()
+
+    boolean dsmEnabled = false
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return dsmEnabled }
+    }
+
+    when: "reporting points when data streams is not supported"
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.start()
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "no buckets are reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert dataStreams.thread.state != Thread.State.RUNNABLE
+    }
+
+    payloadWriter.buckets.isEmpty()
+
+    when: "submitting points after an upgrade with dsm disabled"
+    supportsDataStreaming = true
+    timeSource.advance(FEATURE_CHECK_INTERVAL_NANOS)
+    dataStreams.report()
+
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "points are not reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert payloadWriter.buckets.isEmpty()
+    }
+
+    when: "dsm is enabled dynamically"
+    dsmEnabled = true
+    dataStreams.report()
+
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
     dataStreams.report()
 
@@ -548,6 +754,56 @@ class DefaultDataStreamsMonitoringTest extends DDCoreSpecification {
     payloadWriter.close()
     dataStreams.close()
   }
+
+  def "more feature and dynamic config upgrade interactions"() {
+    given:
+    def conditions = new PollingConditions(timeout: 1)
+    boolean supportsDataStreaming = false
+    def features = Mock(DDAgentFeaturesDiscovery) {
+      supportsDataStreams() >> { return supportsDataStreaming }
+    }
+    def timeSource = new ControllableTimeSource()
+    def sink = Mock(Sink)
+    def payloadWriter = new CapturingPayloadWriter()
+
+    boolean dsmEnabled = false
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return dsmEnabled }
+    }
+
+    when: "reporting points when data streams is not supported"
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.start()
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "no buckets are reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert dataStreams.thread.state != Thread.State.RUNNABLE
+    }
+
+    payloadWriter.buckets.isEmpty()
+
+    when: "enabling dsm when not supported by agent"
+    dsmEnabled = true
+    dataStreams.report()
+
+    dataStreams.add(new StatsPoint(["type:testType", "group:testGroup", "topic:testTopic"], 1, 2, timeSource.currentTimeNanos, 0, 0, 0))
+    timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
+    dataStreams.report()
+
+    then: "points are not reported"
+    conditions.eventually {
+      assert dataStreams.inbox.isEmpty()
+      assert payloadWriter.buckets.isEmpty()
+    }
+
+    cleanup:
+    payloadWriter.close()
+    dataStreams.close()
+  }
 }
 
 class CapturingPayloadWriter implements DatastreamsPayloadWriter {
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultPathwayContextTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultPathwayContextTest.groovy
index 90066d63f81..5888c87a291 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultPathwayContextTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/DefaultPathwayContextTest.groovy
@@ -2,6 +2,7 @@ package datadog.trace.core.datastreams
 
 import datadog.communication.ddagent.DDAgentFeaturesDiscovery
 import datadog.trace.api.DDTraceId
+import datadog.trace.api.TraceConfig
 import datadog.trace.api.WellKnownTags
 import datadog.trace.api.time.ControllableTimeSource
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation
@@ -35,6 +36,7 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     assert point.parentHash == 0
     assert point.pathwayLatencyNano == 0
     assert point.edgeLatencyNano == 0
+    assert point.payloadSizeBytes == 0
   }
 
   def "First Set checkpoint starts the context."() {
@@ -78,6 +80,27 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     }
   }
 
+  def "Checkpoint with payload size"() {
+    given:
+    def timeSource = new ControllableTimeSource()
+    def context = new DefaultPathwayContext(timeSource, wellKnownTags)
+
+    when:
+    timeSource.advance(25)
+    context.setCheckpoint(
+      new LinkedHashMap<>(["group": "group", "topic": "topic", "type": "kafka"]), pointConsumer, 0, 72)
+
+    then:
+    context.isStarted()
+    pointConsumer.points.size() == 1
+    with(pointConsumer.points[0]) {
+      edgeTags == ["group:group", "topic:topic", "type:kafka"]
+      edgeTags.size() == 3
+      hash != 0
+      payloadSizeBytes == 72
+    }
+  }
+
   def "Multiple checkpoints generated"() {
     given:
     def timeSource = new ControllableTimeSource()
@@ -437,8 +460,7 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     context.setCheckpoint(new LinkedHashMap<>(["type": "internal"]), pointConsumer)
 
     def encoded = context.strEncode()
-    def jsonPathway = String.format("{\"%s\": \"%s\"}", PathwayContext.PROPAGATION_KEY_BASE64, encoded)
-    Map<String, String> carrier = [(PathwayContext.DATADOG_KEY): jsonPathway, "someotherkey": "someothervalue"]
+    Map<String, String> carrier = [(PathwayContext.PROPAGATION_KEY_BASE64): encoded, "someotherkey": "someothervalue"]
     timeSource.advance(MILLISECONDS.toNanos(1))
     def decodedContext = DefaultPathwayContext.extract(carrier, contextVisitor, timeSource, wellKnownTags)
     timeSource.advance(MILLISECONDS.toNanos(25))
@@ -458,8 +480,7 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
 
     when:
     def secondEncode = decodedContext.strEncode()
-    def secondJsonPathway = String.format("{\"%s\": \"%s\"}", PathwayContext.PROPAGATION_KEY_BASE64, secondEncode)
-    carrier = [(PathwayContext.DATADOG_KEY): secondJsonPathway]
+    carrier = [(PathwayContext.PROPAGATION_KEY_BASE64): secondEncode]
     timeSource.advance(MILLISECONDS.toNanos(2))
     def secondDecode = DefaultPathwayContext.extract(carrier, contextVisitor, timeSource, wellKnownTags)
     timeSource.advance(MILLISECONDS.toNanos(30))
@@ -541,7 +562,16 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     }
     def timeSource = new ControllableTimeSource()
     def payloadWriter = Mock(DatastreamsPayloadWriter)
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+
+    def globalTraceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return globalDsmEnabled }
+    }
+
+    def localTraceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return localDsmEnabled }
+    }
+
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { globalTraceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
 
     def context = new DefaultPathwayContext(timeSource, wellKnownTags)
     timeSource.advance(MILLISECONDS.toNanos(50))
@@ -549,16 +579,29 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     def encoded = context.strEncode()
     Map<String, String> carrier = [(PathwayContext.PROPAGATION_KEY_BASE64): encoded, "someotherkey": "someothervalue"]
     def contextVisitor = new Base64MapContextVisitor()
-    def extractor = new FakeExtractor()
-    def decorated = dataStreams.decorate(extractor)
 
     when:
+    def extractor = new FakeExtractor()
+    extractor.traceConfig = localTraceConfig
+    def decorated = dataStreams.extractor(extractor)
     def extracted = decorated.extract(carrier, contextVisitor)
 
     then:
     extracted != null
-    extracted.pathwayContext != null
-    extracted.pathwayContext.isStarted()
+
+    if (shouldExtractPathwayContext) {
+      assert extracted.pathwayContext != null
+      assert extracted.pathwayContext.isStarted()
+    } else {
+      assert extracted.pathwayContext == null
+    }
+
+    where:
+    localDsmEnabled | globalDsmEnabled | shouldExtractPathwayContext
+    true            | true             | true
+    true            | false            | true
+    false           | true             | false
+    false           | false            | false
   }
 
   def "Check context extractor decorator behavior when trace data is null"() {
@@ -569,7 +612,12 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     }
     def timeSource = new ControllableTimeSource()
     def payloadWriter = Mock(DatastreamsPayloadWriter)
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+
+    def globalTraceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return globalDsmEnabled }
+    }
+
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { globalTraceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
 
     def context = new DefaultPathwayContext(timeSource, wellKnownTags)
     timeSource.advance(MILLISECONDS.toNanos(50))
@@ -578,15 +626,63 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     Map<String, String> carrier = [(PathwayContext.PROPAGATION_KEY_BASE64): encoded, "someotherkey": "someothervalue"]
     def contextVisitor = new Base64MapContextVisitor()
     def extractor = new NullExtractor()
-    def decorated = dataStreams.decorate(extractor)
+    def decorated = dataStreams.extractor(extractor)
+
+    when:
+    def extracted = decorated.extract(carrier, contextVisitor)
+
+    then:
+
+    if (globalDsmEnabled) {
+      extracted != null
+      extracted.pathwayContext != null
+      extracted.pathwayContext.isStarted()
+    } else {
+      extracted == null
+    }
+
+    where:
+    globalDsmEnabled << [true, false]
+  }
+
+  def "Check context extractor decorator behavior when local trace config is null"() {
+    given:
+    def sink = Mock(Sink)
+    def features = Stub(DDAgentFeaturesDiscovery) {
+      supportsDataStreams() >> true
+    }
+    def timeSource = new ControllableTimeSource()
+    def payloadWriter = Mock(DatastreamsPayloadWriter)
+
+    def globalTraceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> { return globalDsmEnabled }
+    }
+
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { globalTraceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+
+    def context = new DefaultPathwayContext(timeSource, wellKnownTags)
+    timeSource.advance(MILLISECONDS.toNanos(50))
+    context.setCheckpoint(new LinkedHashMap<>(["type": "internal"]), pointConsumer)
+    def encoded = context.strEncode()
+    Map<String, String> carrier = [(PathwayContext.PROPAGATION_KEY_BASE64): encoded, "someotherkey": "someothervalue"]
+    def contextVisitor = new Base64MapContextVisitor()
+    def extractor = new FakeExtractor()
+    def decorated = dataStreams.extractor(extractor)
 
     when:
     def extracted = decorated.extract(carrier, contextVisitor)
 
     then:
     extracted != null
-    extracted.pathwayContext != null
-    extracted.pathwayContext.isStarted()
+    if (globalDsmEnabled) {
+      extracted.pathwayContext != null
+      extracted.pathwayContext.isStarted()
+    } else {
+      extracted.pathwayContext == null
+    }
+
+    where:
+    globalDsmEnabled << [true, false]
   }
 
   def "Check context extractor decorator behavior when trace data and dsm data are null"() {
@@ -597,12 +693,17 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
     }
     def timeSource = new ControllableTimeSource()
     def payloadWriter = Mock(DatastreamsPayloadWriter)
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
+
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, features, timeSource, { traceConfig }, wellKnownTags, payloadWriter, DEFAULT_BUCKET_DURATION_NANOS)
 
     Map<String, String> carrier = ["someotherkey": "someothervalue"]
     def contextVisitor = new Base64MapContextVisitor()
     def extractor = new NullExtractor()
-    def decorated = dataStreams.decorate(extractor)
+    def decorated = dataStreams.extractor(extractor)
 
     when:
     def extracted = decorated.extract(carrier, contextVisitor)
@@ -612,9 +713,11 @@ class DefaultPathwayContextTest extends DDCoreSpecification {
   }
 
   class FakeExtractor implements HttpCodec.Extractor {
+    TraceConfig traceConfig
+
     @Override
     <C> TagContext extract(C carrier, AgentPropagation.ContextVisitor<C> getter) {
-      return new ExtractedContext(DDTraceId.ONE, 1, 0, null, null)
+      return new ExtractedContext(DDTraceId.ONE, 1, 0, null, 0, null, null, null, null, traceConfig )
     }
   }
 
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/NoopDataStreamsMonitoringTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/NoopDataStreamsMonitoringTest.groovy
deleted file mode 100644
index 8a91aa8c92f..00000000000
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/datastreams/NoopDataStreamsMonitoringTest.groovy
+++ /dev/null
@@ -1,15 +0,0 @@
-package datadog.trace.core.datastreams
-
-import datadog.trace.core.propagation.HttpCodec
-import datadog.trace.core.test.DDCoreSpecification
-
-class NoopDataStreamsMonitoringTest extends DDCoreSpecification {
-  def "Ensure decorator do not modify extractor"() {
-    when:
-    def checkpointer = new NoopDataStreamsMonitoring()
-    def extractor = Mock(HttpCodec.Extractor)
-
-    then:
-    checkpointer.decorate(extractor) == extractor
-  }
-}
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/CorePropagationTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/CorePropagationTest.groovy
new file mode 100644
index 00000000000..32d6b3c4774
--- /dev/null
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/CorePropagationTest.groovy
@@ -0,0 +1,207 @@
+package datadog.trace.core.propagation
+
+import datadog.trace.api.TracePropagationStyle
+import datadog.trace.api.sampling.PrioritySampling
+import datadog.trace.bootstrap.instrumentation.api.AgentPropagation
+import datadog.trace.common.writer.LoggingWriter
+import datadog.trace.core.ControllableSampler
+import datadog.trace.core.datastreams.DataStreamContextInjector
+import datadog.trace.core.test.DDCoreSpecification
+
+import static datadog.trace.api.TracePropagationStyle.B3MULTI
+import static datadog.trace.api.TracePropagationStyle.DATADOG
+import static datadog.trace.api.TracePropagationStyle.TRACECONTEXT
+import static datadog.trace.api.sampling.PrioritySampling.SAMPLER_KEEP
+
+class CorePropagationTest extends DDCoreSpecification {
+  HttpCodec.Extractor extractor
+  HttpCodec.Injector datadogInjector
+  HttpCodec.Injector b3Injector
+  HttpCodec.Injector traceContextInjector
+  Map<TracePropagationStyle, HttpCodec.Injector> allInjectors
+  DataStreamContextInjector dataStreamContextInjector
+  AgentPropagation propagation
+
+  def setup() {
+    extractor = Mock(HttpCodec.Extractor)
+    datadogInjector = Mock(HttpCodec.Injector)
+    b3Injector = Mock(HttpCodec.Injector)
+    traceContextInjector = Mock(HttpCodec.Injector)
+    allInjectors = [
+      (DATADOG)     : datadogInjector,
+      (B3MULTI)     : b3Injector,
+      (TRACECONTEXT): traceContextInjector,
+    ]
+    dataStreamContextInjector = Mock(DataStreamContextInjector)
+    propagation = new CorePropagation(extractor, datadogInjector, allInjectors, dataStreamContextInjector)
+  }
+
+  def 'test default injector for span'() {
+    setup:
+    def tracer = tracerBuilder().build()
+    def span = tracer.buildSpan('test', 'operation').start()
+    def setter = Mock(AgentPropagation.Setter)
+    def carrier = new Object()
+
+    when:
+    propagation.inject(span, carrier, setter)
+
+    then:
+    1 * datadogInjector.inject(_, carrier, setter)
+    0 * b3Injector.inject(_, carrier, setter)
+    0 * traceContextInjector.inject(_, carrier, setter)
+    0 * dataStreamContextInjector.injectPathwayContext(_, carrier, setter, _)
+
+    cleanup:
+    span.finish()
+    tracer.close()
+  }
+
+  def 'test default injector for span context'() {
+    setup:
+    def tracer = tracerBuilder().build()
+    def span = tracer.buildSpan("test", "operation").start()
+    def setter = Mock(AgentPropagation.Setter)
+    def carrier = new Object()
+
+    when:
+    def spanContext = span.context()
+    propagation.inject(spanContext, carrier, setter)
+
+    then:
+    1 * datadogInjector.inject(_, carrier, setter)
+    0 * b3Injector.inject(_, carrier, setter)
+    0 * traceContextInjector.inject(_, carrier, setter)
+    0 * dataStreamContextInjector.injectPathwayContext(_, carrier, setter, _)
+
+    cleanup:
+    span.finish()
+    tracer.close()
+  }
+
+  def 'test injector style selection'() {
+    setup:
+    def injector = allInjectors.get(style, datadogInjector)
+    def tracer = tracerBuilder().build()
+    def span = tracer.buildSpan('test', 'operation').start()
+    def setter = Mock(AgentPropagation.Setter)
+    def carrier = new Object()
+
+    when:
+    propagation.inject(span, carrier, setter, style)
+
+    then:
+    1 * injector.inject(_, carrier, setter)
+    if (injector != datadogInjector) {
+      0 * datadogInjector.inject(_, carrier, setter)
+    }
+    if (injector != b3Injector) {
+      0 * b3Injector.inject(_, carrier, setter)
+    }
+    if (injector != traceContextInjector) {
+      0 * traceContextInjector.inject(_, carrier, setter)
+    }
+    0 * dataStreamContextInjector.injectPathwayContext(_, carrier, setter, _)
+
+    cleanup:
+    span.finish()
+    tracer.close()
+
+    where:
+    style << [DATADOG, B3MULTI, TRACECONTEXT, null]
+  }
+
+  def 'test context extractor'() {
+    setup:
+    def getter = Mock(AgentPropagation.ContextVisitor)
+    def carrier = new Object()
+
+    when:
+    propagation.extract(carrier, getter)
+
+    then:
+    1 * extractor.extract(carrier, getter)
+  }
+
+  def 'span priority set when injecting'() {
+    given:
+    injectSysConfig('writer.type', 'LoggingWriter')
+    def tracer = tracerBuilder().build()
+    def setter = Mock(AgentPropagation.Setter)
+    def carrier = new Object()
+
+    when:
+    def root = tracer.buildSpan('test', 'operation').start()
+    def child = tracer.buildSpan('test', 'my_child').asChildOf(root).start()
+    tracer.propagate().inject(child, carrier, setter)
+
+    then:
+    root.getSamplingPriority() == SAMPLER_KEEP as int
+    child.getSamplingPriority() == root.getSamplingPriority()
+    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(SAMPLER_KEEP))
+
+    cleanup:
+    child.finish()
+    root.finish()
+    tracer.close()
+  }
+
+  def 'span priority only set after first injection'() {
+    given:
+    def sampler = new ControllableSampler()
+    def tracer = tracerBuilder().writer(new LoggingWriter()).sampler(sampler).build()
+    def setter = Mock(AgentPropagation.Setter)
+    def carrier = new Object()
+
+    when:
+    def root = tracer.buildSpan('test', 'operation').start()
+    def child = tracer.buildSpan('test', 'my_child').asChildOf(root).start()
+    tracer.propagate().inject(child, carrier, setter)
+
+    then:
+    root.getSamplingPriority() == SAMPLER_KEEP as int
+    child.getSamplingPriority() == root.getSamplingPriority()
+    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(SAMPLER_KEEP))
+
+    when:
+    sampler.nextSamplingPriority = PrioritySampling.SAMPLER_DROP as int
+    def child2 = tracer.buildSpan('test', 'my_child2').asChildOf(root).start()
+    tracer.propagate().inject(child2, carrier, setter)
+
+    then:
+    root.getSamplingPriority() == SAMPLER_KEEP as int
+    child.getSamplingPriority() == root.getSamplingPriority()
+    child2.getSamplingPriority() == root.getSamplingPriority()
+    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(SAMPLER_KEEP))
+
+    cleanup:
+    child.finish()
+    child2.finish()
+    root.finish()
+    tracer.close()
+  }
+
+  def "injection doesn't override set priority"() {
+    given:
+    def sampler = new ControllableSampler()
+    def tracer = tracerBuilder().writer(new LoggingWriter()).sampler(sampler).build()
+    def setter = Mock(AgentPropagation.Setter)
+    def carrier = new Object()
+
+    when:
+    def root = tracer.buildSpan('test', 'operation').start()
+    def child = tracer.buildSpan('test', 'my_child').asChildOf(root).start()
+    child.setSamplingPriority(PrioritySampling.USER_DROP)
+    tracer.propagate().inject(child, carrier, setter)
+
+    then:
+    root.getSamplingPriority() == PrioritySampling.USER_DROP as int
+    child.getSamplingPriority() == root.getSamplingPriority()
+    1 * setter.set(carrier, DatadogHttpCodec.SAMPLING_PRIORITY_KEY, String.valueOf(PrioritySampling.USER_DROP))
+
+    cleanup:
+    child.finish()
+    root.finish()
+    tracer.close()
+  }
+}
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HttpInjectorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HttpInjectorTest.groovy
index 0e027d23b45..3f12ec4c5e4 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HttpInjectorTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/propagation/HttpInjectorTest.groovy
@@ -6,6 +6,8 @@ import datadog.trace.api.DDTraceId
 import datadog.trace.core.CoreTracer
 import datadog.trace.test.util.StringUtils
 
+import static datadog.trace.api.TracePropagationStyle.HAYSTACK
+import static datadog.trace.api.TracePropagationStyle.TRACECONTEXT
 import static datadog.trace.api.sampling.PrioritySampling.*
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer.NoopPathwayContext
 import datadog.trace.common.writer.ListWriter
@@ -178,6 +180,44 @@ class HttpInjectorTest extends DDCoreSpecification {
     // spotless:on
   }
 
+  def "encode baggage in http headers using #style"() {
+    setup:
+    Config config = Mock(Config) {
+      isTracePropagationStyleB3PaddingEnabled() >> tracePropagationB3Padding()
+    }
+    def baggage = [
+      'alpha': 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
+      'num': '01234567890',
+      'whitespace': 'ab \tcd',
+      'specials': 'ab.-*_cd',
+      'excluded': 'ab\',:\\cd',
+    ]
+    def mapping = baggage.keySet().collectEntries { [(it):it]} as Map<String, String>
+    def injector = HttpCodec.createInjector(config, [style].toSet(), mapping)
+    def traceId = DDTraceId.ONE
+    def spanId = 2
+    def writer = new ListWriter()
+    def tracer = tracerBuilder().writer(writer).build()
+    final DDSpanContext mockedContext = mockedContext(tracer, traceId, spanId, UNSET, null, baggage)
+    final Map<String, String> carrier = Mock()
+
+    when:
+    injector.inject(mockedContext, carrier, MapSetter.INSTANCE)
+
+    then:
+    1 * carrier.put('alpha', 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
+    1 * carrier.put('num', '01234567890')
+    1 * carrier.put('whitespace', 'ab%20%09cd')
+    1 * carrier.put('specials', 'ab.-*_cd')
+    1 * carrier.put('excluded', 'ab%27%2C%3A%5Ccd')
+
+    cleanup:
+    tracer.close()
+
+    where:
+    style << [DATADOG, TRACECONTEXT, HAYSTACK]
+  }
+
   static DDSpanContext mockedContext(CoreTracer tracer, DDTraceId traceId, long spanId, int samplingPriority, String origin, Map<String, String> baggage) {
     return new DDSpanContext(
       traceId,
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/BaseServiceAdderTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/BaseServiceAdderTest.groovy
new file mode 100644
index 00000000000..acc5550b516
--- /dev/null
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/BaseServiceAdderTest.groovy
@@ -0,0 +1,29 @@
+package datadog.trace.core.tagprocessor
+
+
+import datadog.trace.bootstrap.instrumentation.api.UTF8BytesString
+import datadog.trace.core.DDSpanContext
+import datadog.trace.test.util.DDSpecification
+
+class BaseServiceAdderTest extends DDSpecification {
+  def "should add _dd.base_service when service differs to ddService"() {
+    setup:
+    def calculator = new BaseServiceAdder("test")
+    def spanContext = Mock(DDSpanContext)
+
+    when:
+    def enrichedTags = calculator.processTagsWithContext([:], spanContext)
+
+    then:
+    1 * spanContext.getServiceName() >> serviceName
+
+    and:
+    assert enrichedTags == expectedTags
+
+    where:
+    serviceName     | expectedTags
+    "anotherOne"    | ["_dd.base_service": UTF8BytesString.create("test")]
+    "test"          | [:]
+    "TeSt"          | [:]
+  }
+}
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/PeerServiceCalculatorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/PeerServiceCalculatorTest.groovy
index 1b7d0d9baaf..bf1cec3c4f1 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/PeerServiceCalculatorTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/PeerServiceCalculatorTest.groovy
@@ -1,12 +1,12 @@
 package datadog.trace.core.tagprocessor
 
+import datadog.trace.api.Config
 import datadog.trace.api.DDTags
 import datadog.trace.api.config.TracerConfig
 import datadog.trace.api.naming.v0.NamingSchemaV0
 import datadog.trace.api.naming.v1.NamingSchemaV1
 import datadog.trace.bootstrap.instrumentation.api.Tags
 import datadog.trace.test.util.DDSpecification
-import spock.lang.Ignore
 
 class PeerServiceCalculatorTest extends DDSpecification {
   def "schema v0 : peer service is not calculated by default"() {
@@ -54,7 +54,7 @@ class PeerServiceCalculatorTest extends DDSpecification {
   def "schema v0: should calculate defaults if enabled"() {
     setup:
     injectSysConfig(TracerConfig.TRACE_PEER_SERVICE_DEFAULTS_ENABLED, "true")
-    def calculator = new PeerServiceCalculator(new NamingSchemaV1().peerService(), Collections.emptyMap())
+    def calculator = new PeerServiceCalculator(new NamingSchemaV0().peerService(), Collections.emptyMap())
     when:
     def calculated = calculator.processTags(["span.kind": "client", "peer.hostname": "test"])
     then:
@@ -79,13 +79,12 @@ class PeerServiceCalculatorTest extends DDSpecification {
     "server"   | false
   }
 
-  @Ignore("https://github.com/DataDog/dd-trace-java/pull/5213")
   def "should apply peer service mappings if configured"() {
     setup:
     injectSysConfig(TracerConfig.TRACE_PEER_SERVICE_MAPPING, "service1:best_service,userService:my_service")
     injectSysConfig(TracerConfig.TRACE_PEER_SERVICE_DEFAULTS_ENABLED, "true")
 
-    def calculator = new PeerServiceCalculator()
+    def calculator = new PeerServiceCalculator(new NamingSchemaV0().peerService(), Config.get().getPeerServiceMapping())
 
     when:
     def calculated = calculator.processTags(tags)
@@ -100,4 +99,24 @@ class PeerServiceCalculatorTest extends DDSpecification {
     ["peer.hostname": "test", "span.kind": "client"]                        | "test"              | null
     ["peer.hostname": "service1", "span.kind": "producer"]                  | "best_service"      | "service1"
   }
+
+  def "should override peer service values if configured"() {
+    setup:
+    injectSysConfig(TracerConfig.TRACE_PEER_SERVICE_COMPONENT_OVERRIDES, "java-couchbase:couchbase")
+    injectSysConfig(TracerConfig.TRACE_PEER_SERVICE_DEFAULTS_ENABLED, "true")
+
+    def calculator = new PeerServiceCalculator(new NamingSchemaV0().peerService(), Config.get().getPeerServiceComponentOverrides())
+
+    when:
+    def calculated = calculator.processTags(tags)
+
+    then:
+    assert calculated.get(Tags.PEER_SERVICE) == expected
+    assert calculated.get(DDTags.PEER_SERVICE_SOURCE) == source
+
+    where:
+    tags                                                                                   | expected       | source
+    ["component": "java-couchbase", "span.kind": "client"]                                 | "couchbase"    | "_component_override"
+    ["peer.hostname": "host1", "span.kind": "client", "component" : "my-http-client"]      | "host1"        | "peer.hostname"
+  }
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/QueryObfuscatorTest.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/QueryObfuscatorTest.groovy
index 9f57fdc7aa0..49ba0ba33d1 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/QueryObfuscatorTest.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/tagprocessor/QueryObfuscatorTest.groovy
@@ -10,14 +10,19 @@ class QueryObfuscatorTest extends DDSpecification {
     def obfuscator = new QueryObfuscator()
     def tags = [
       (Tags.HTTP_URL): 'http://site.com/index',
-      (DDTags.HTTP_QUERY): 'key1=val1&token=a0b21ce2-006f-4cc6-95d5-d7b550698482&key2=val2'
+      (DDTags.HTTP_QUERY): query
     ]
 
     when:
     def result = obfuscator.processTags(tags)
 
     then:
-    assert result.get(DDTags.HTTP_QUERY) == 'key1=val1&<redacted>&key2=val2'
-    assert result.get(Tags.HTTP_URL) == 'http://site.com/index?key1=val1&<redacted>&key2=val2'
+    assert result.get(DDTags.HTTP_QUERY) == expectedQuery
+    assert result.get(Tags.HTTP_URL) == 'http://site.com/index?' + expectedQuery
+
+    where:
+    query                                                               | expectedQuery
+    'key1=val1&token=a0b21ce2-006f-4cc6-95d5-d7b550698482&key2=val2'    | 'key1=val1&<redacted>&key2=val2'
+    'app_key=1111&application_key=2222'                                 | '<redacted>&<redacted>'
   }
 }
diff --git a/dd-trace-core/src/test/groovy/datadog/trace/core/test/DDCoreSpecification.groovy b/dd-trace-core/src/test/groovy/datadog/trace/core/test/DDCoreSpecification.groovy
index ddcc1207a73..1adbec2ab04 100644
--- a/dd-trace-core/src/test/groovy/datadog/trace/core/test/DDCoreSpecification.groovy
+++ b/dd-trace-core/src/test/groovy/datadog/trace/core/test/DDCoreSpecification.groovy
@@ -12,6 +12,7 @@ import datadog.trace.core.CoreTracer.CoreTracerBuilder
 import datadog.trace.core.DDSpan
 import datadog.trace.core.DDSpanContext
 import datadog.trace.core.propagation.PropagationTags
+import datadog.trace.core.tagprocessor.TagsPostProcessorFactory
 import datadog.trace.test.util.DDSpecification
 
 abstract class DDCoreSpecification extends DDSpecification {
@@ -24,6 +25,16 @@ abstract class DDCoreSpecification extends DDSpecification {
     return true
   }
 
+  @Override
+  void setupSpec() {
+    TagsPostProcessorFactory.withAddBaseService(false)
+  }
+
+  @Override
+  void cleanupSpec() {
+    TagsPostProcessorFactory.reset()
+  }
+
   protected CoreTracerBuilder tracerBuilder() {
     def builder = CoreTracer.builder()
     if (useNoopStatsDClient()) {
@@ -71,7 +82,7 @@ abstract class DDCoreSpecification extends DDSpecification {
       ProfilingContextIntegration.NoOp.INSTANCE,
       true)
 
-    def span = DDSpan.create("test", timestamp, context)
+    def span = DDSpan.create("test", timestamp, context, null)
     for (Map.Entry<String, Object> e : tags.entrySet()) {
       span.setTag(e.key, e.value)
     }
diff --git a/dd-trace-core/src/traceAgentTest/groovy/DataStreamsIntegrationTest.groovy b/dd-trace-core/src/traceAgentTest/groovy/DataStreamsIntegrationTest.groovy
index 995e955b9cd..2177fa4025f 100644
--- a/dd-trace-core/src/traceAgentTest/groovy/DataStreamsIntegrationTest.groovy
+++ b/dd-trace-core/src/traceAgentTest/groovy/DataStreamsIntegrationTest.groovy
@@ -2,6 +2,7 @@ import datadog.communication.ddagent.DDAgentFeaturesDiscovery
 import datadog.communication.ddagent.SharedCommunicationObjects
 import datadog.communication.http.OkHttpUtils
 import datadog.trace.api.Config
+import datadog.trace.api.TraceConfig
 import datadog.trace.api.time.ControllableTimeSource
 import datadog.trace.bootstrap.instrumentation.api.StatsPoint
 import datadog.trace.common.metrics.EventListener
@@ -44,8 +45,12 @@ class DataStreamsIntegrationTest extends DDSpecification {
 
     def timeSource = new ControllableTimeSource()
 
+    def traceConfig = Mock(TraceConfig) {
+      isDataStreamsEnabled() >> true
+    }
+
     when:
-    def dataStreams = new DefaultDataStreamsMonitoring(sink, sharedCommunicationObjects.featuresDiscovery, timeSource, Config.get().getEnv())
+    def dataStreams = new DefaultDataStreamsMonitoring(sink, sharedCommunicationObjects.featuresDiscovery, timeSource, { traceConfig }, Config.get())
     dataStreams.start()
     dataStreams.accept(new StatsPoint("testType", "testGroup", "testTopic", 1, 2, timeSource.currentTimeNanos, 0, 0))
     timeSource.advance(DEFAULT_BUCKET_DURATION_NANOS)
diff --git a/dd-trace-ot/build.gradle b/dd-trace-ot/build.gradle
index 93f4f546844..78e010d7494 100644
--- a/dd-trace-ot/build.gradle
+++ b/dd-trace-ot/build.gradle
@@ -22,13 +22,19 @@ excludedClassesCoverage += [
   "datadog.opentracing.DDTracer.DDTracerBuilder"
 ]
 
-addTestSuite('ot31CompatabilityTest')
-addTestSuite('ot33CompatabilityTest')
+addTestSuite('ot31CompatibilityTest')
+addTestSuite('ot33CompatibilityTest')
 
 dependencies {
   annotationProcessor deps.autoserviceProcessor
   compileOnly deps.autoserviceAnnotation
 
+  modules {
+    module("com.squareup.okio:okio") {
+      replacedBy("com.datadoghq.okio:okio") // embed our patched fork
+    }
+  }
+
   api project(':dd-trace-api')
   implementation (project(':dd-trace-core')) {
     // why all communication pulls in remote config is beyond me...
@@ -46,17 +52,17 @@ dependencies {
 
   testImplementation project(":dd-java-agent:testing")
 
-  ot33CompatabilityTestImplementation('io.opentracing:opentracing-api') {
+  ot33CompatibilityTestImplementation('io.opentracing:opentracing-api') {
     version {
       strictly '0.33.0'
     }
   }
-  ot33CompatabilityTestImplementation('io.opentracing:opentracing-util')  {
+  ot33CompatibilityTestImplementation('io.opentracing:opentracing-util')  {
     version {
       strictly '0.33.0'
     }
   }
-  ot33CompatabilityTestImplementation('io.opentracing:opentracing-noop')  {
+  ot33CompatibilityTestImplementation('io.opentracing:opentracing-noop')  {
     version {
       strictly '0.33.0'
     }
@@ -73,7 +79,7 @@ configurations.matching({ it.name.startsWith('ot31') }).each({
 })
 
 tasks.named("test").configure {
-  finalizedBy "ot31CompatabilityTest", "ot33CompatabilityTest"
+  finalizedBy "ot31CompatibilityTest", "ot33CompatibilityTest"
 }
 
 jar {
@@ -108,16 +114,23 @@ shadowJar {
   relocate('datadog.', 'ddtrot.dd.') {
     exclude('datadog.opentracing.*')
     exclude('datadog.opentracing.resolver.*')
-    exclude('datadog.trace.api.*')
+    exclude('%regex[datadog/trace/api/(?!Functions|Endpoint)[^/]*]')
     exclude('datadog.trace.api.config.*')
     exclude('datadog.trace.api.experimental.*')
     exclude('datadog.trace.api.interceptor.*')
     exclude('datadog.trace.api.internal.*')
     exclude('datadog.trace.api.internal.util.*')
+    exclude('datadog.trace.api.profiling.*')
     exclude('datadog.trace.api.sampling.*')
     exclude('datadog.trace.context.*')
   }
-  exclude('META-INF/maven/')
+
+  duplicatesStrategy = DuplicatesStrategy.FAIL
+
+  // Remove some cruft from the final jar.
+  // These patterns should NOT include **/META-INF/maven/**/pom.properties, which is
+  // used to report our own dependencies.
+  exclude '**/META-INF/maven/**/pom.xml'
   exclude('META-INF/proguard/')
   exclude('/META-INF/*.kotlin_module')
 }
diff --git a/dd-trace-ot/correlation-id-injection/src/main/java/datadog/trace/correlation/CorrelationIdInjectors.java b/dd-trace-ot/correlation-id-injection/src/main/java/datadog/trace/correlation/CorrelationIdInjectors.java
index c24a0063315..2e293006f64 100644
--- a/dd-trace-ot/correlation-id-injection/src/main/java/datadog/trace/correlation/CorrelationIdInjectors.java
+++ b/dd-trace-ot/correlation-id-injection/src/main/java/datadog/trace/correlation/CorrelationIdInjectors.java
@@ -38,7 +38,7 @@ private static void enableInjector(String className, InternalTracer tracer) {
       Class<?> injectorClass = Class.forName(className);
       injectorClass.getConstructor(InternalTracer.class).newInstance(tracer);
     } catch (ReflectiveOperationException e) {
-      log.warn("Failed to enable injector " + className + ".", e);
+      log.warn("Failed to enable injector {}.", className, e);
     }
   }
 
diff --git a/dd-trace-ot/src/main/java/datadog/opentracing/DDTracer.java b/dd-trace-ot/src/main/java/datadog/opentracing/DDTracer.java
index 1b8d19d5be6..b857f458df4 100644
--- a/dd-trace-ot/src/main/java/datadog/opentracing/DDTracer.java
+++ b/dd-trace-ot/src/main/java/datadog/opentracing/DDTracer.java
@@ -5,10 +5,10 @@
 import datadog.trace.api.GlobalTracer;
 import datadog.trace.api.StatsDClient;
 import datadog.trace.api.experimental.DataStreamsCheckpointer;
-import datadog.trace.api.experimental.Profiling;
 import datadog.trace.api.interceptor.TraceInterceptor;
 import datadog.trace.api.internal.InternalTracer;
 import datadog.trace.api.internal.TraceSegment;
+import datadog.trace.api.profiling.Profiling;
 import datadog.trace.bootstrap.instrumentation.api.AgentPropagation;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
@@ -468,7 +468,7 @@ public <C> void inject(final SpanContext spanContext, final Format<C> format, fi
     if (carrier instanceof TextMap) {
       final AgentSpan.Context context = converter.toContext(spanContext);
 
-      tracer.inject(context, (TextMap) carrier, TextMapSetter.INSTANCE);
+      tracer.propagate().inject(context, (TextMap) carrier, TextMapSetter.INSTANCE);
     } else {
       log.debug("Unsupported format for propagation - {}", format.getClass().getName());
     }
@@ -478,7 +478,7 @@ public <C> void inject(final SpanContext spanContext, final Format<C> format, fi
   public <C> SpanContext extract(final Format<C> format, final C carrier) {
     if (carrier instanceof TextMap) {
       final AgentSpan.Context tagContext =
-          tracer.extract((TextMap) carrier, new TextMapGetter((TextMap) carrier));
+          tracer.propagate().extract((TextMap) carrier, new TextMapGetter((TextMap) carrier));
 
       return converter.toSpanContext(tagContext);
     } else {
diff --git a/dd-trace-ot/src/ot31CompatabilityTest/groovy/OT31ApiTest.groovy b/dd-trace-ot/src/ot31CompatibilityTest/groovy/OT31ApiTest.groovy
similarity index 100%
rename from dd-trace-ot/src/ot31CompatabilityTest/groovy/OT31ApiTest.groovy
rename to dd-trace-ot/src/ot31CompatibilityTest/groovy/OT31ApiTest.groovy
diff --git a/dd-trace-ot/src/ot31CompatabilityTest/java/io/opentracing/tag/Tag.java b/dd-trace-ot/src/ot31CompatibilityTest/java/io/opentracing/tag/Tag.java
similarity index 100%
rename from dd-trace-ot/src/ot31CompatabilityTest/java/io/opentracing/tag/Tag.java
rename to dd-trace-ot/src/ot31CompatibilityTest/java/io/opentracing/tag/Tag.java
diff --git a/dd-trace-ot/src/ot33CompatabilityTest/groovy/OT33ApiTest.groovy b/dd-trace-ot/src/ot33CompatibilityTest/groovy/OT33ApiTest.groovy
similarity index 100%
rename from dd-trace-ot/src/ot33CompatabilityTest/groovy/OT33ApiTest.groovy
rename to dd-trace-ot/src/ot33CompatibilityTest/groovy/OT33ApiTest.groovy
diff --git a/dd-trace-ot/src/test/groovy/datadog/opentracing/TypeConverterTest.groovy b/dd-trace-ot/src/test/groovy/datadog/opentracing/TypeConverterTest.groovy
index 6c7001136d1..1e769a88abe 100644
--- a/dd-trace-ot/src/test/groovy/datadog/opentracing/TypeConverterTest.groovy
+++ b/dd-trace-ot/src/test/groovy/datadog/opentracing/TypeConverterTest.groovy
@@ -26,8 +26,8 @@ class TypeConverterTest extends DDSpecification {
 
   def "should avoid extra allocation for a span wrapper"() {
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     expect:
     // return the same wrapper for the same span
     typeConverter.toSpan(span1) is typeConverter.toSpan(span1)
@@ -54,8 +54,8 @@ class TypeConverterTest extends DDSpecification {
   def "should avoid extra allocation for a scope wrapper"() {
     def scopeManager = new ContinuableScopeManager(0, false, true)
     def context = createTestSpanContext()
-    def span1 = new DDSpan("test", 0, context)
-    def span2 = new DDSpan("test", 0, context)
+    def span1 = new DDSpan("test", 0, context, null)
+    def span2 = new DDSpan("test", 0, context, null)
     def scope1 = scopeManager.activate(span1, ScopeSource.MANUAL)
     def scope2 = scopeManager.activate(span2, ScopeSource.MANUAL)
     expect:
diff --git a/gradle/configure_tests.gradle b/gradle/configure_tests.gradle
index 7cee7cebf3a..aaab04a66f7 100644
--- a/gradle/configure_tests.gradle
+++ b/gradle/configure_tests.gradle
@@ -2,7 +2,7 @@ import java.time.Duration
 import java.time.temporal.ChronoUnit
 
 def isTestingInstrumentation(Project project) {
-  return ["junit-4.10", "junit-5.3", "testng-6.4", "testng-7.5"].contains(project.name)
+  return ["junit-4.10", "junit-5.3", "testng-6", "testng-7", "cucumber", "munit", "spock", "karate"].contains(project.name)
 }
 
 def forkedTestLimit = gradle.sharedServices.registerIfAbsent("forkedTestLimit", BuildService) {
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 1edaf823f30..4e3a4fc4f6a 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -8,13 +8,13 @@ final class CachedData {
     guava         : "[16.0,20.0]", // Last version to support Java 7
     okhttp        : "3.12.15", // Datadog fork to support Java 7
     okhttp_legacy : "[3.0,3.12.12]", // 3.12.x is last version to support Java7)
-    okio          : "1.16.0",
+    okio          : "1.17.6", // Datadog fork
 
-    spock         : "2.1-groovy-$spockGroovyVer",
+    spock         : "2.2-groovy-$spockGroovyVer",
     groovy        : groovyVer,
     junit5        : "5.9.2",
     logback       : "1.2.3",
-    bytebuddy     : "1.14.5",
+    bytebuddy     : "1.14.8",
     scala         : "2.11.12",  // Last version to support Java 7 (2.12+ require Java 8+)
     scala210      : "2.10.7",
     scala211      : "2.11.12",
@@ -33,8 +33,9 @@ final class CachedData {
     testcontainers: '1.17.3',
     jmc           : "8.1.0",
     autoservice   : "1.0-rc7",
-    ddprof        : "0.70.0",
-    asm           : "9.5"
+    ddprof        : "0.82.0",
+    asm           : "9.6",
+    cafe_crypto   : "0.1.0"
   ]
 
   static deps = [
@@ -45,7 +46,7 @@ final class CachedData {
     jctools              : "org.jctools:jctools-core:${versions.jctools}",
     okhttp               : "com.datadoghq.okhttp3:okhttp:${versions.okhttp}",
     okhttp_legacy        : "com.squareup.okhttp3:okhttp:${versions.okhttp_legacy}",
-    okio                 : "com.squareup.okio:okio:${versions.okio}",
+    okio                 : "com.datadoghq.okio:okio:${versions.okio}",
     bytebuddy            : "net.bytebuddy:byte-buddy:${versions.bytebuddy}",
     bytebuddyagent       : "net.bytebuddy:byte-buddy-agent:${versions.bytebuddy}",
     autoserviceProcessor : "com.google.auto.service:auto-service:${versions.autoservice}",
@@ -56,6 +57,11 @@ final class CachedData {
     asmcommons           : "org.ow2.asm:asm-commons:${versions.asm}",
     dogstatsd            : "com.datadoghq:java-dogstatsd-client:${versions.dogstatsd}",
 
+    cafe_crypto          : [
+      "cafe.cryptography:ed25519-elisabeth:${versions.cafe_crypto}",
+      "cafe.cryptography:curve25519-elisabeth:${versions.cafe_crypto}"
+    ],
+
     // Testing
 
     spock                : [
@@ -95,11 +101,11 @@ final class CachedData {
 
     // Shared between appsec, agent tooling, iast, instrumentation, JMXFetch, profiling, and ci-visibility
     shared               : [
-      "com.datadoghq.okhttp3:okhttp:${versions.okhttp}",
       // Force specific version of okio required by com.squareup.moshi:moshi
       // When all of the dependencies are declared in dd-trace-core, moshi overrides the okhttp's
       // transitive dependency.  Since okhttp is declared here and moshi is not, this lead to an incompatible version
-      "com.squareup.okio:okio:${versions.okio}",
+      "com.datadoghq.okio:okio:${versions.okio}",
+      "com.datadoghq.okhttp3:okhttp:${versions.okhttp}",
       "com.datadoghq:java-dogstatsd-client:${versions.dogstatsd}",
       "com.github.jnr:jnr-unixsocket:${versions.jnr_unixsocket}",
       "com.squareup.moshi:moshi:${versions.moshi}",
@@ -123,10 +129,13 @@ final class CachedData {
       exclude(project(':utils:socket-utils'))
       exclude(project(':utils:time-utils'))
       exclude(project(':utils:version-utils'))
+      exclude(project(':dd-java-agent:agent-crashtracking'))
       exclude(dependency('org.slf4j::'))
 
-      // okhttp and its transitives
+      // okhttp and its transitives (both fork and non-fork)
       exclude(dependency('com.datadoghq.okhttp3:okhttp'))
+      exclude(dependency('com.squareup.okhttp3:okhttp'))
+      exclude(dependency('com.datadoghq.okio:okio'))
       exclude(dependency('com.squareup.okio:okio'))
 
       // dogstatsd and its transitives
@@ -139,6 +148,9 @@ final class CachedData {
 
       // jctools and its transitives
       exclude(dependency('org.jctools::'))
+
+      // cafe_crypto and its transitives
+      exclude(dependency('cafe.cryptography::'))
     }
   ]
 }
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
index 249e5832f09..033e24c4cdf 100644
Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index d21779fa6d3..499ec093515 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,9 +1,10 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 # Please note that the version specific cache directory and distribution directory in
-# .circleci/config.yml needs to match this version.
-# Since this is a patch version the cache directory in .circleci/config.yml has date time suffix
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-all.zip
-distributionSha256Sum=5022b0b25fe182b0e50867e77f484501dba44feeea88f5c1f13b6b4660463640
+# .circleci/config.continue.yml.j2 needs to match this version.
+distributionSha256Sum=bb09982fdf52718e4c7b25023d10df6d35a5fff969860bdf5a5bd27a3ab27a9e
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-all.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
index a69d9cb6c20..fcb6fca147c 100755
--- a/gradlew
+++ b/gradlew
@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +80,10 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +130,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,6 +197,10 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
 # Collect all arguments for the java command;
 #   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
 #     shell script including quotes and variable substitutions, so put them in
diff --git a/internal-api/build.gradle b/internal-api/build.gradle
index a7216c665b3..af270aeadb9 100644
--- a/internal-api/build.gradle
+++ b/internal-api/build.gradle
@@ -35,6 +35,7 @@ excludedClassesCoverage += [
   "datadog.trace.api.profiling.ProfilingSnapshot.Kind",
   "datadog.trace.api.WithGlobalTracer.1",
   "datadog.trace.api.naming.**",
+  "datadog.trace.api.gateway.RequestContext.Noop",
   // an enum
   "datadog.trace.api.sampling.AdaptiveSampler",
   "datadog.trace.api.sampling.ConstantSampler",
@@ -46,6 +47,8 @@ excludedClassesCoverage += [
   "datadog.trace.bootstrap.instrumentation.api.java.lang.ProcessImplInstrumentationHelpers",
   "datadog.trace.bootstrap.instrumentation.api.Tags",
   "datadog.trace.bootstrap.instrumentation.api.CommonTagValues",
+  // Caused by empty 'default' interface method
+  "datadog.trace.bootstrap.instrumentation.api.AgentSpan.Context",
   "datadog.trace.bootstrap.instrumentation.api.AgentTracer.NoopAgentPropagation",
   "datadog.trace.bootstrap.instrumentation.api.AgentTracer",
   "datadog.trace.bootstrap.instrumentation.api.AgentTracer.NoopContext",
@@ -61,19 +64,18 @@ excludedClassesCoverage += [
   "datadog.trace.bootstrap.instrumentation.api.AgentTracer.NoopAgentHistogram",
   "datadog.trace.bootstrap.instrumentation.api.AgentTracer.NoopTraceConfig",
   "datadog.trace.bootstrap.instrumentation.api.AgentTracer.TracerAPI",
-  "datadog.trace.bootstrap.instrumentation.api.NoopDataStreamsMonitoring",
   "datadog.trace.bootstrap.instrumentation.api.Backlog",
   "datadog.trace.bootstrap.instrumentation.api.StatsPoint",
   "datadog.trace.bootstrap.instrumentation.api.ScopeSource",
   "datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes",
-  "datadog.trace.bootstrap.instrumentation.api.SpanLink",
   "datadog.trace.bootstrap.instrumentation.api.TagContext",
   "datadog.trace.bootstrap.instrumentation.api.TagContext.HttpHeaders",
   "datadog.trace.bootstrap.instrumentation.api.ForwardedTagContext",
   "datadog.trace.bootstrap.instrumentation.api.ResourceNamePriorities",
   "datadog.trace.bootstrap.instrumentation.api.ErrorPriorities",
-  "datadog.trace.api.civisibility.config.JvmInfo",
+  'datadog.trace.api.civisibility.config.Configurations',
   "datadog.trace.api.civisibility.config.ModuleExecutionSettings",
+  'datadog.trace.api.civisibility.config.SkippableTest',
   "datadog.trace.api.civisibility.coverage.TestReport",
   "datadog.trace.api.civisibility.coverage.TestReportFileEntry",
   "datadog.trace.api.civisibility.coverage.TestReportFileEntry.Segment",
@@ -81,6 +83,7 @@ excludedClassesCoverage += [
   "datadog.trace.api.civisibility.events.BuildEventsHandler.ModuleInfo",
   // POJO
   "datadog.trace.api.git.GitInfo",
+  "datadog.trace.api.git.GitInfoProvider",
   // POJO
   "datadog.trace.api.git.PersonInfo",
   // POJO
@@ -100,6 +103,7 @@ excludedClassesCoverage += [
   "datadog.trace.util.ClassNameTrie.Builder",
   "datadog.trace.util.ClassNameTrie.JavaGenerator",
   "datadog.trace.util.CollectionUtils",
+  "datadog.trace.util.MethodHandles",
   "datadog.trace.util.PidHelper",
   "datadog.trace.util.PidHelper.Fallback",
   "datadog.trace.util.ProcessUtils",
@@ -153,8 +157,8 @@ dependencies {
   api project(":utils:time-utils")
 
   // has to be loaded by system classloader:
-  // it contains annotation that is also present in the instrumented application classes
-  api "com.datadoghq:dd-javac-plugin-client:0.1.6"
+  // it contains annotations that are also present in the instrumented application classes
+  api "com.datadoghq:dd-javac-plugin-client:0.1.7"
 
   testImplementation project(":utils:test-utils")
   testImplementation("org.assertj:assertj-core:3.20.2")
diff --git a/internal-api/src/jmh/java/datadog/trace/api/sampling/AdaptiveSamplerBenchmark.java b/internal-api/src/jmh/java/datadog/trace/api/sampling/AdaptiveSamplerBenchmark.java
index ebcd555100b..a425c813f69 100644
--- a/internal-api/src/jmh/java/datadog/trace/api/sampling/AdaptiveSamplerBenchmark.java
+++ b/internal-api/src/jmh/java/datadog/trace/api/sampling/AdaptiveSamplerBenchmark.java
@@ -44,7 +44,8 @@ public void setup() {
             Duration.of(durationWindowMillis, ChronoUnit.MILLIS),
             samplesPerWindow,
             averageLookback,
-            BUDGET_LOOKBACK);
+            BUDGET_LOOKBACK,
+            true);
   }
 
   @Threads(4)
diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java
index 2df947b1631..5f0aceaef72 100644
--- a/internal-api/src/main/java/datadog/trace/api/Config.java
+++ b/internal-api/src/main/java/datadog/trace/api/Config.java
@@ -4,6 +4,8 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_AGENT_TIMEOUT;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_AGENT_WRITER_TYPE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_ANALYTICS_SAMPLE_RATE;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_ENABLED;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_API_SECURITY_REQUEST_SAMPLE_RATE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_APPSEC_REPORTING_INBAND;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_APPSEC_TRACE_RATE_LIMIT;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_APPSEC_WAF_METRICS;
@@ -20,6 +22,7 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_GIT_UPLOAD_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_GIT_UPLOAD_TIMEOUT_MILLIS;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_JACOCO_PLUGIN_EXCLUDES;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_JACOCO_PLUGIN_VERSION;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_SIGNAL_SERVER_HOST;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_SIGNAL_SERVER_PORT;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CIVISIBILITY_SOURCE_DATA_ENABLED;
@@ -29,6 +32,7 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CWS_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_CWS_TLS_REFRESH;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DATA_STREAMS_ENABLED;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_DB_CLIENT_HOST_SPLIT_BY_HOST;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DB_CLIENT_HOST_SPLIT_BY_INSTANCE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DB_DBM_PROPAGATION_MODE_MODE;
@@ -40,12 +44,17 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_MAX_PAYLOAD_SIZE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_METRICS_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_POLL_INTERVAL;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_SYMBOL_ENABLED;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_SYMBOL_FLUSH_THRESHOLD;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_SYMBOL_FORCE_UPLOAD;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_UPLOAD_BATCH_SIZE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_UPLOAD_FLUSH_INTERVAL;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_UPLOAD_TIMEOUT;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DEBUGGER_VERIFY_BYTECODE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_DOGSTATSD_START_DELAY;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_ELASTICSEARCH_BODY_AND_PARAMS_ENABLED;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_ELASTICSEARCH_BODY_ENABLED;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_ELASTICSEARCH_PARAMS_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_GRPC_CLIENT_ERROR_STATUSES;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_GRPC_SERVER_ERROR_STATUSES;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_HEALTH_METRICS_ENABLED;
@@ -59,6 +68,7 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REDACTION_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REDACTION_NAME_PATTERN;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REDACTION_VALUE_PATTERN;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_TRUNCATION_MAX_VALUE_LENGTH;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_WEAK_CIPHER_ALGORITHMS;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_WEAK_HASH_ALGORITHMS;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_JMX_FETCH_ENABLED;
@@ -84,6 +94,7 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_SITE;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_STARTUP_LOGS_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TELEMETRY_HEARTBEAT_INTERVAL;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TELEMETRY_METRICS_INTERVAL;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_128_BIT_TRACEID_GENERATION_ENABLED;
@@ -109,6 +120,8 @@
 import static datadog.trace.api.DDTags.SERVICE;
 import static datadog.trace.api.DDTags.SERVICE_TAG;
 import static datadog.trace.api.UserEventTrackingMode.SAFE;
+import static datadog.trace.api.config.AppSecConfig.API_SECURITY_ENABLED;
+import static datadog.trace.api.config.AppSecConfig.API_SECURITY_REQUEST_SAMPLE_RATE;
 import static datadog.trace.api.config.AppSecConfig.APPSEC_AUTOMATED_USER_EVENTS_TRACKING;
 import static datadog.trace.api.config.AppSecConfig.APPSEC_HTTP_BLOCKED_TEMPLATE_HTML;
 import static datadog.trace.api.config.AppSecConfig.APPSEC_HTTP_BLOCKED_TEMPLATE_JSON;
@@ -121,6 +134,7 @@
 import static datadog.trace.api.config.AppSecConfig.APPSEC_TRACE_RATE_LIMIT;
 import static datadog.trace.api.config.AppSecConfig.APPSEC_WAF_METRICS;
 import static datadog.trace.api.config.AppSecConfig.APPSEC_WAF_TIMEOUT;
+import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_ADDITIONAL_CHILD_PROCESS_JVM_ARGS;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_AGENTLESS_ENABLED;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_AGENTLESS_URL;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_AGENT_JAR_URI;
@@ -129,6 +143,8 @@
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_BUILD_INSTRUMENTATION_ENABLED;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_CIPROVIDER_INTEGRATION_ENABLED;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_CODE_COVERAGE_ENABLED;
+import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_CODE_COVERAGE_PERCENTAGE_CALCULATION_ENABLED;
+import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_CODE_COVERAGE_REPORT_DUMP_DIR;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_COMPILER_PLUGIN_AUTO_CONFIGURATION_ENABLED;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_COMPILER_PLUGIN_VERSION;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_COVERAGE_SEGMENTS_ENABLED;
@@ -139,6 +155,7 @@
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_GIT_UPLOAD_ENABLED;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_GIT_UPLOAD_TIMEOUT_MILLIS;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_ITR_ENABLED;
+import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_JACOCO_GRADLE_SOURCE_SETS;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_EXCLUDES;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_INCLUDES;
 import static datadog.trace.api.config.CiVisibilityConfig.CIVISIBILITY_JACOCO_PLUGIN_VERSION;
@@ -166,6 +183,12 @@
 import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_METRICS_ENABLED;
 import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_POLL_INTERVAL;
 import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_PROBE_FILE_LOCATION;
+import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_REDACTED_IDENTIFIERS;
+import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_REDACTED_TYPES;
+import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_SYMBOL_ENABLED;
+import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_SYMBOL_FLUSH_THRESHOLD;
+import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_SYMBOL_FORCE_UPLOAD;
+import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_SYMBOL_INCLUDES;
 import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_UPLOAD_BATCH_SIZE;
 import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_UPLOAD_FLUSH_INTERVAL;
 import static datadog.trace.api.config.DebuggerConfig.DEBUGGER_UPLOAD_TIMEOUT;
@@ -194,8 +217,12 @@
 import static datadog.trace.api.config.GeneralConfig.SERVICE_NAME;
 import static datadog.trace.api.config.GeneralConfig.SITE;
 import static datadog.trace.api.config.GeneralConfig.STARTUP_LOGS_ENABLED;
+import static datadog.trace.api.config.GeneralConfig.STATSD_CLIENT_QUEUE_SIZE;
+import static datadog.trace.api.config.GeneralConfig.STATSD_CLIENT_SOCKET_BUFFER;
+import static datadog.trace.api.config.GeneralConfig.STATSD_CLIENT_SOCKET_TIMEOUT;
 import static datadog.trace.api.config.GeneralConfig.TAGS;
 import static datadog.trace.api.config.GeneralConfig.TELEMETRY_DEPENDENCY_COLLECTION_ENABLED;
+import static datadog.trace.api.config.GeneralConfig.TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL;
 import static datadog.trace.api.config.GeneralConfig.TELEMETRY_HEARTBEAT_INTERVAL;
 import static datadog.trace.api.config.GeneralConfig.TELEMETRY_METRICS_INTERVAL;
 import static datadog.trace.api.config.GeneralConfig.TRACER_METRICS_BUFFERING_ENABLED;
@@ -211,6 +238,7 @@
 import static datadog.trace.api.config.IastConfig.IAST_REDACTION_NAME_PATTERN;
 import static datadog.trace.api.config.IastConfig.IAST_REDACTION_VALUE_PATTERN;
 import static datadog.trace.api.config.IastConfig.IAST_TELEMETRY_VERBOSITY;
+import static datadog.trace.api.config.IastConfig.IAST_TRUNCATION_MAX_VALUE_LENGTH;
 import static datadog.trace.api.config.IastConfig.IAST_WEAK_CIPHER_ALGORITHMS;
 import static datadog.trace.api.config.IastConfig.IAST_WEAK_HASH_ALGORITHMS;
 import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CHECK_PERIOD;
@@ -271,10 +299,13 @@
 import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_TARGETS_KEY;
 import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_TARGETS_KEY_ID;
 import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_URL;
+import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_HOST;
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_INSTANCE;
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX;
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_DBM_PROPAGATION_MODE_MODE;
 import static datadog.trace.api.config.TraceInstrumentationConfig.ELASTICSEARCH_BODY_AND_PARAMS_ENABLED;
+import static datadog.trace.api.config.TraceInstrumentationConfig.ELASTICSEARCH_BODY_ENABLED;
+import static datadog.trace.api.config.TraceInstrumentationConfig.ELASTICSEARCH_PARAMS_ENABLED;
 import static datadog.trace.api.config.TraceInstrumentationConfig.GRPC_CLIENT_ERROR_STATUSES;
 import static datadog.trace.api.config.TraceInstrumentationConfig.GRPC_IGNORED_INBOUND_METHODS;
 import static datadog.trace.api.config.TraceInstrumentationConfig.GRPC_IGNORED_OUTBOUND_METHODS;
@@ -283,6 +314,7 @@
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_CLIENT_HOST_SPLIT_BY_DOMAIN;
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_CLIENT_TAG_HEADERS;
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_CLIENT_TAG_QUERY_STRING;
+import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_DECODED_RESOURCE_PRESERVE_SPACES;
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_RAW_QUERY_STRING;
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_RAW_RESOURCE;
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_SERVER_ROUTE_BASED_NAMING;
@@ -291,6 +323,7 @@
 import static datadog.trace.api.config.TraceInstrumentationConfig.HYSTRIX_TAGS_ENABLED;
 import static datadog.trace.api.config.TraceInstrumentationConfig.IGNITE_CACHE_INCLUDE_KEYS;
 import static datadog.trace.api.config.TraceInstrumentationConfig.INTEGRATION_SYNAPSE_LEGACY_OPERATION_NAME;
+import static datadog.trace.api.config.TraceInstrumentationConfig.JAX_RS_EXCEPTION_AS_ERROR_ENABLED;
 import static datadog.trace.api.config.TraceInstrumentationConfig.JMS_PROPAGATION_DISABLED_QUEUES;
 import static datadog.trace.api.config.TraceInstrumentationConfig.JMS_PROPAGATION_DISABLED_TOPICS;
 import static datadog.trace.api.config.TraceInstrumentationConfig.JMS_UNACKNOWLEDGED_MAX_AGE;
@@ -353,6 +386,7 @@
 import static datadog.trace.api.config.TracerConfig.TRACE_HTTP_CLIENT_PATH_RESOURCE_NAME_MAPPING;
 import static datadog.trace.api.config.TracerConfig.TRACE_HTTP_RESOURCE_REMOVE_TRAILING_SLASH;
 import static datadog.trace.api.config.TracerConfig.TRACE_HTTP_SERVER_PATH_RESOURCE_NAME_MAPPING;
+import static datadog.trace.api.config.TracerConfig.TRACE_PEER_SERVICE_COMPONENT_OVERRIDES;
 import static datadog.trace.api.config.TracerConfig.TRACE_PEER_SERVICE_DEFAULTS_ENABLED;
 import static datadog.trace.api.config.TracerConfig.TRACE_PEER_SERVICE_MAPPING;
 import static datadog.trace.api.config.TracerConfig.TRACE_PROPAGATION_STYLE;
@@ -424,14 +458,22 @@
 import org.slf4j.LoggerFactory;
 
 /**
- * Config reads values with the following priority: 1) system properties, 2) environment variables,
- * 3) optional configuration file, 4) platform dependant properties. It also includes default values
- * to ensure a valid config.
+ * Config reads values with the following priority:
  *
- * <p>
+ * <p>1) system properties
+ *
+ * <p>2) environment variables,
+ *
+ * <p>3) optional configuration file
+ *
+ * <p>4) platform dependant properties. It also includes default values to ensure a valid config.
  *
  * <p>System properties are {@link Config#PREFIX}'ed. Environment variables are the same as the
  * system property, but uppercased and '.' is replaced with '_'.
+ *
+ * @see ConfigProvider for details on how configs are processed
+ * @see InstrumenterConfig for pre-instrumentation configurations
+ * @see DynamicConfig for configuration that can be dynamically updated via remote-config
  */
 @Deprecated
 public class Config {
@@ -493,6 +535,7 @@ static class HostNameHolder {
   private final boolean traceResolverEnabled;
   private final int spanAttributeSchemaVersion;
   private final boolean peerServiceDefaultsEnabled;
+  private final Map<String, String> peerServiceComponentOverrides;
   private final boolean removeIntegrationServiceNamesEnabled;
   private final Map<String, String> peerServiceMapping;
   private final Map<String, String> serviceMapping;
@@ -507,6 +550,7 @@ static class HostNameHolder {
   private final boolean httpServerTagQueryString;
   private final boolean httpServerRawQueryString;
   private final boolean httpServerRawResource;
+  private final boolean httpServerDecodedResourcePreserveSpaces;
   private final boolean httpServerRouteBasedNaming;
   private final Map<String, String> httpServerPathResourceNameMapping;
   private final Map<String, String> httpClientPathResourceNameMapping;
@@ -516,6 +560,7 @@ static class HostNameHolder {
   private final boolean httpClientSplitByDomain;
   private final boolean dbClientSplitByInstance;
   private final boolean dbClientSplitByInstanceTypeSuffix;
+  private final boolean dbClientSplitByHost;
   private final Set<String> splitByTags;
   private final int scopeDepthLimit;
   private final boolean scopeStrictMode;
@@ -535,6 +580,10 @@ static class HostNameHolder {
   private final String dogStatsDNamedPipe;
   private final int dogStatsDStartDelay;
 
+  private final Integer statsDClientQueueSize;
+  private final Integer statsDClientSocketBuffer;
+  private final Integer statsDClientSocketTimeout;
+
   private final boolean runtimeMetricsEnabled;
   private final boolean jmxFetchEnabled;
   private final String jmxFetchConfigDir;
@@ -614,6 +663,8 @@ static class HostNameHolder {
   private final String appSecHttpBlockedTemplateHtml;
   private final String appSecHttpBlockedTemplateJson;
   private final UserEventTrackingMode appSecUserEventsTracking;
+  private final boolean apiSecurityEnabled;
+  private final float apiSecurityRequestSampleRate;
 
   private final IastDetectionMode iastDetectionMode;
   private final int iastMaxConcurrentRequests;
@@ -624,6 +675,8 @@ static class HostNameHolder {
   private final boolean iastRedactionEnabled;
   private final String iastRedactionNamePattern;
   private final String iastRedactionValuePattern;
+  private final int iastMaxRangeCount;
+  private final int iastTruncationMaxValueLength;
 
   private final boolean ciVisibilityTraceSanitationEnabled;
   private final boolean ciVisibilityAgentlessEnabled;
@@ -636,13 +689,17 @@ static class HostNameHolder {
   private final Long ciVisibilityModuleId;
   private final String ciVisibilityAgentJarUri;
   private final boolean ciVisibilityAutoConfigurationEnabled;
+  private final String ciVisibilityAdditionalChildProcessJvmArgs;
   private final boolean ciVisibilityCompilerPluginAutoConfigurationEnabled;
   private final boolean ciVisibilityCodeCoverageEnabled;
+  private final boolean ciVisibilityCodeCoveragePercentageCalculationEnabled;
+  private final String ciVisibilityCodeCoverageReportDumpDir;
   private final String ciVisibilityCompilerPluginVersion;
   private final String ciVisibilityJacocoPluginVersion;
   private final List<String> ciVisibilityJacocoPluginIncludes;
   private final List<String> ciVisibilityJacocoPluginExcludes;
   private final String[] ciVisibilityJacocoPluginExcludedClassnames;
+  private final List<String> ciVisibilityJacocoGradleSourceSets;
   private final Integer ciVisibilityDebugPort;
   private final boolean ciVisibilityGitUploadEnabled;
   private final boolean ciVisibilityGitUnshallowEnabled;
@@ -682,6 +739,12 @@ static class HostNameHolder {
   private final boolean debuggerInstrumentTheWorld;
   private final String debuggerExcludeFiles;
   private final int debuggerCaptureTimeout;
+  private final String debuggerRedactedIdentifiers;
+  private final String debuggerRedactedTypes;
+  private final boolean debuggerSymbolEnabled;
+  private final boolean debuggerSymbolForceUpload;
+  private final String debuggerSymbolIncludes;
+  private final int debuggerSymbolFlushThreshold;
 
   private final boolean awsPropagationEnabled;
   private final boolean sqsPropagationEnabled;
@@ -750,8 +813,10 @@ static class HostNameHolder {
   private final boolean iastDeduplicationEnabled;
 
   private final float telemetryHeartbeatInterval;
+  private final long telemetryExtendedHeartbeatInterval;
   private final float telemetryMetricsInterval;
   private final boolean isTelemetryDependencyServiceEnabled;
+  private final boolean telemetryMetricsEnabled;
 
   private final boolean azureAppServices;
   private final String traceAgentPath;
@@ -767,11 +832,16 @@ static class HostNameHolder {
 
   private final boolean longRunningTraceEnabled;
   private final long longRunningTraceFlushInterval;
+  private final boolean elasticsearchBodyEnabled;
+  private final boolean elasticsearchParamsEnabled;
   private final boolean elasticsearchBodyAndParamsEnabled;
   private final boolean sparkTaskHistogramEnabled;
+  private final boolean jaxRsExceptionAsErrorsEnabled;
 
   private final float traceFlushIntervalSeconds;
 
+  private final boolean telemetryDebugRequestsEnabled;
+
   // Read order: System Properties -> Env Variables, [-> properties file], [-> default value]
   private Config() {
     this(ConfigProvider.createDefault());
@@ -799,7 +869,8 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
         tmpApiKey =
             new String(Files.readAllBytes(Paths.get(apiKeyFile)), StandardCharsets.UTF_8).trim();
       } catch (final IOException e) {
-        log.error("Cannot read API key from file {}, skipping", apiKeyFile, e);
+        log.error(
+            "Cannot read API key from file {}, skipping. Exception {}", apiKeyFile, e.getMessage());
       }
     }
     site = configProvider.getString(SITE, DEFAULT_SITE);
@@ -846,6 +917,11 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     } else {
       secureRandom = configProvider.getBoolean(SECURE_RANDOM, DEFAULT_SECURE_RANDOM);
     }
+    elasticsearchBodyEnabled =
+        configProvider.getBoolean(ELASTICSEARCH_BODY_ENABLED, DEFAULT_ELASTICSEARCH_BODY_ENABLED);
+    elasticsearchParamsEnabled =
+        configProvider.getBoolean(
+            ELASTICSEARCH_PARAMS_ENABLED, DEFAULT_ELASTICSEARCH_PARAMS_ENABLED);
     elasticsearchBodyAndParamsEnabled =
         configProvider.getBoolean(
             ELASTICSEARCH_BODY_AND_PARAMS_ENABLED, DEFAULT_ELASTICSEARCH_BODY_AND_PARAMS_ENABLED);
@@ -993,6 +1069,8 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     // in v1+ defaults are always calculated regardless this feature flag
     peerServiceDefaultsEnabled =
         configProvider.getBoolean(TRACE_PEER_SERVICE_DEFAULTS_ENABLED, false);
+    peerServiceComponentOverrides =
+        configProvider.getMergedMap(TRACE_PEER_SERVICE_COMPONENT_OVERRIDES);
     // feature flag to remove fake services in v0
     removeIntegrationServiceNamesEnabled =
         configProvider.getBoolean(TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED, false);
@@ -1026,6 +1104,9 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
 
     httpServerRawResource = configProvider.getBoolean(HTTP_SERVER_RAW_RESOURCE, false);
 
+    httpServerDecodedResourcePreserveSpaces =
+        configProvider.getBoolean(HTTP_SERVER_DECODED_RESOURCE_PRESERVE_SPACES, true);
+
     httpServerRouteBasedNaming =
         configProvider.getBoolean(
             HTTP_SERVER_ROUTE_BASED_NAMING, DEFAULT_HTTP_SERVER_ROUTE_BASED_NAMING);
@@ -1049,6 +1130,10 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
             DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX,
             DEFAULT_DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX);
 
+    dbClientSplitByHost =
+        configProvider.getBoolean(
+            DB_CLIENT_HOST_SPLIT_BY_HOST, DEFAULT_DB_CLIENT_HOST_SPLIT_BY_HOST);
+
     DBMPropagationMode =
         configProvider.getString(
             DB_DBM_PROPAGATION_MODE_MODE, DEFAULT_DB_DBM_PROPAGATION_MODE_MODE);
@@ -1180,6 +1265,10 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
         configProvider.getInteger(
             DOGSTATSD_START_DELAY, DEFAULT_DOGSTATSD_START_DELAY, JMX_FETCH_START_DELAY);
 
+    statsDClientQueueSize = configProvider.getInteger(STATSD_CLIENT_QUEUE_SIZE);
+    statsDClientSocketBuffer = configProvider.getInteger(STATSD_CLIENT_SOCKET_BUFFER);
+    statsDClientSocketTimeout = configProvider.getInteger(STATSD_CLIENT_SOCKET_TIMEOUT);
+
     runtimeMetricsEnabled = configProvider.getBoolean(RUNTIME_METRICS_ENABLED, true);
 
     jmxFetchEnabled =
@@ -1356,6 +1445,10 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     }
     telemetryHeartbeatInterval = telemetryInterval;
 
+    telemetryExtendedHeartbeatInterval =
+        configProvider.getLong(
+            TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL, DEFAULT_TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL);
+
     telemetryInterval =
         configProvider.getFloat(TELEMETRY_METRICS_INTERVAL, DEFAULT_TELEMETRY_METRICS_INTERVAL);
     if (telemetryInterval < 0.1 || telemetryInterval > 3600) {
@@ -1366,6 +1459,9 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     }
     telemetryMetricsInterval = telemetryInterval;
 
+    telemetryMetricsEnabled =
+        configProvider.getBoolean(GeneralConfig.TELEMETRY_METRICS_ENABLED, true);
+
     isTelemetryDependencyServiceEnabled =
         configProvider.getBoolean(
             TELEMETRY_DEPENDENCY_COLLECTION_ENABLED,
@@ -1401,6 +1497,11 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
         UserEventTrackingMode.fromString(
             configProvider.getStringNotEmpty(
                 APPSEC_AUTOMATED_USER_EVENTS_TRACKING, SAFE.toString()));
+    apiSecurityEnabled =
+        configProvider.getBoolean(API_SECURITY_ENABLED, DEFAULT_API_SECURITY_ENABLED);
+    apiSecurityRequestSampleRate =
+        configProvider.getFloat(
+            API_SECURITY_REQUEST_SAMPLE_RATE, DEFAULT_API_SECURITY_REQUEST_SAMPLE_RATE);
 
     iastDebugEnabled = configProvider.getBoolean(IAST_DEBUG_ENABLED, DEFAULT_IAST_DEBUG_ENABLED);
 
@@ -1427,6 +1528,10 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     iastRedactionValuePattern =
         configProvider.getString(
             IAST_REDACTION_VALUE_PATTERN, DEFAULT_IAST_REDACTION_VALUE_PATTERN);
+    iastTruncationMaxValueLength =
+        configProvider.getInteger(
+            IAST_TRUNCATION_MAX_VALUE_LENGTH, DEFAULT_IAST_TRUNCATION_MAX_VALUE_LENGTH);
+    iastMaxRangeCount = iastDetectionMode.getIastMaxRangeCount(configProvider);
 
     ciVisibilityTraceSanitationEnabled =
         configProvider.getBoolean(CIVISIBILITY_TRACE_SANITATION_ENABLED, true);
@@ -1473,16 +1578,24 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
         configProvider.getBoolean(
             CIVISIBILITY_AUTO_CONFIGURATION_ENABLED,
             DEFAULT_CIVISIBILITY_AUTO_CONFIGURATION_ENABLED);
+    ciVisibilityAdditionalChildProcessJvmArgs =
+        configProvider.getString(CIVISIBILITY_ADDITIONAL_CHILD_PROCESS_JVM_ARGS);
     ciVisibilityCompilerPluginAutoConfigurationEnabled =
         configProvider.getBoolean(
             CIVISIBILITY_COMPILER_PLUGIN_AUTO_CONFIGURATION_ENABLED,
             DEFAULT_CIVISIBILITY_COMPILER_PLUGIN_AUTO_CONFIGURATION_ENABLED);
     ciVisibilityCodeCoverageEnabled =
         configProvider.getBoolean(CIVISIBILITY_CODE_COVERAGE_ENABLED, true);
+    ciVisibilityCodeCoveragePercentageCalculationEnabled =
+        configProvider.getBoolean(CIVISIBILITY_CODE_COVERAGE_PERCENTAGE_CALCULATION_ENABLED, true);
+    ciVisibilityCodeCoverageReportDumpDir =
+        configProvider.getString(CIVISIBILITY_CODE_COVERAGE_REPORT_DUMP_DIR);
     ciVisibilityCompilerPluginVersion =
         configProvider.getString(
             CIVISIBILITY_COMPILER_PLUGIN_VERSION, DEFAULT_CIVISIBILITY_COMPILER_PLUGIN_VERSION);
-    ciVisibilityJacocoPluginVersion = configProvider.getString(CIVISIBILITY_JACOCO_PLUGIN_VERSION);
+    ciVisibilityJacocoPluginVersion =
+        configProvider.getString(
+            CIVISIBILITY_JACOCO_PLUGIN_VERSION, DEFAULT_CIVISIBILITY_JACOCO_PLUGIN_VERSION);
     ciVisibilityJacocoPluginIncludes =
         Arrays.asList(
             COLON.split(configProvider.getString(CIVISIBILITY_JACOCO_PLUGIN_INCLUDES, ":")));
@@ -1494,6 +1607,9 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
                     DEFAULT_CIVISIBILITY_JACOCO_PLUGIN_EXCLUDES)));
     ciVisibilityJacocoPluginExcludedClassnames =
         computeCiVisibilityJacocoPluginExcludedClassnames(ciVisibilityJacocoPluginExcludes);
+    ciVisibilityJacocoGradleSourceSets =
+        configProvider.getList(
+            CIVISIBILITY_JACOCO_GRADLE_SOURCE_SETS, Collections.singletonList("main"));
     ciVisibilityDebugPort = configProvider.getInteger(CIVISIBILITY_DEBUG_PORT);
     ciVisibilityGitUploadEnabled =
         configProvider.getBoolean(
@@ -1582,6 +1698,17 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     debuggerExcludeFiles = configProvider.getString(DEBUGGER_EXCLUDE_FILES);
     debuggerCaptureTimeout =
         configProvider.getInteger(DEBUGGER_CAPTURE_TIMEOUT, DEFAULT_DEBUGGER_CAPTURE_TIMEOUT);
+    debuggerRedactedIdentifiers = configProvider.getString(DEBUGGER_REDACTED_IDENTIFIERS, null);
+    debuggerRedactedTypes = configProvider.getString(DEBUGGER_REDACTED_TYPES, null);
+    debuggerSymbolEnabled =
+        configProvider.getBoolean(DEBUGGER_SYMBOL_ENABLED, DEFAULT_DEBUGGER_SYMBOL_ENABLED);
+    debuggerSymbolForceUpload =
+        configProvider.getBoolean(
+            DEBUGGER_SYMBOL_FORCE_UPLOAD, DEFAULT_DEBUGGER_SYMBOL_FORCE_UPLOAD);
+    debuggerSymbolIncludes = configProvider.getString(DEBUGGER_SYMBOL_INCLUDES, null);
+    debuggerSymbolFlushThreshold =
+        configProvider.getInteger(
+            DEBUGGER_SYMBOL_FLUSH_THRESHOLD, DEFAULT_DEBUGGER_SYMBOL_FLUSH_THRESHOLD);
 
     awsPropagationEnabled = isPropagationEnabled(true, "aws", "aws-sdk");
     sqsPropagationEnabled = isPropagationEnabled(true, "sqs");
@@ -1702,6 +1829,11 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
         configProvider.getBoolean(
             SPARK_TASK_HISTOGRAM_ENABLED, ConfigDefaults.DEFAULT_SPARK_TASK_HISTOGRAM_ENABLED);
 
+    this.jaxRsExceptionAsErrorsEnabled =
+        configProvider.getBoolean(
+            JAX_RS_EXCEPTION_AS_ERROR_ENABLED,
+            ConfigDefaults.DEFAULT_JAX_RS_EXCEPTION_AS_ERROR_ENABLED);
+
     this.traceFlushIntervalSeconds =
         configProvider.getFloat(
             TracerConfig.TRACE_FLUSH_INTERVAL, ConfigDefaults.DEFAULT_TRACE_FLUSH_INTERVAL);
@@ -1718,6 +1850,11 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
               + "Please ensure that either an API key is configured, or the tracer is set up to work with the Agent");
     }
 
+    this.telemetryDebugRequestsEnabled =
+        configProvider.getBoolean(
+            GeneralConfig.TELEMETRY_DEBUG_REQUESTS_ENABLED,
+            ConfigDefaults.DEFAULT_TELEMETRY_DEBUG_REQUESTS_ENABLED);
+
     log.debug("New instance: {}", this);
   }
 
@@ -1868,6 +2005,10 @@ public boolean isPeerServiceDefaultsEnabled() {
     return peerServiceDefaultsEnabled;
   }
 
+  public Map<String, String> getPeerServiceComponentOverrides() {
+    return peerServiceComponentOverrides;
+  }
+
   public boolean isRemoveIntegrationServiceNamesEnabled() {
     return removeIntegrationServiceNamesEnabled;
   }
@@ -1924,6 +2065,10 @@ public boolean isHttpServerRawResource() {
     return httpServerRawResource;
   }
 
+  public boolean isHttpServerDecodedResourcePreserveSpaces() {
+    return httpServerDecodedResourcePreserveSpaces;
+  }
+
   public boolean isHttpServerRouteBasedNaming() {
     return httpServerRouteBasedNaming;
   }
@@ -1948,6 +2093,10 @@ public boolean isDbClientSplitByInstanceTypeSuffix() {
     return dbClientSplitByInstanceTypeSuffix;
   }
 
+  public boolean isDbClientSplitByHost() {
+    return dbClientSplitByHost;
+  }
+
   public Set<String> getSplitByTags() {
     return splitByTags;
   }
@@ -2014,6 +2163,18 @@ public int getDogStatsDStartDelay() {
     return dogStatsDStartDelay;
   }
 
+  public Integer getStatsDClientQueueSize() {
+    return statsDClientQueueSize;
+  }
+
+  public Integer getStatsDClientSocketBuffer() {
+    return statsDClientSocketBuffer;
+  }
+
+  public Integer getStatsDClientSocketTimeout() {
+    return statsDClientSocketTimeout;
+  }
+
   public boolean isRuntimeMetricsEnabled() {
     return runtimeMetricsEnabled;
   }
@@ -2230,7 +2391,9 @@ public boolean isDatadogProfilerEnabled() {
 
   public static boolean isDatadogProfilerEnablementOverridden() {
     // old non-LTS versions without important backports
-    return Platform.isJavaVersion(18)
+    // also, we have no windows binaries
+    return Platform.isWindows()
+        || Platform.isJavaVersion(18)
         || Platform.isJavaVersion(16)
         || Platform.isJavaVersion(15)
         || Platform.isJavaVersion(14)
@@ -2279,6 +2442,10 @@ public float getTelemetryHeartbeatInterval() {
     return telemetryHeartbeatInterval;
   }
 
+  public long getTelemetryExtendedHeartbeatInterval() {
+    return telemetryExtendedHeartbeatInterval;
+  }
+
   public float getTelemetryMetricsInterval() {
     return telemetryMetricsInterval;
   }
@@ -2287,6 +2454,10 @@ public boolean isTelemetryDependencyServiceEnabled() {
     return isTelemetryDependencyServiceEnabled;
   }
 
+  public boolean isTelemetryMetricsEnabled() {
+    return telemetryMetricsEnabled;
+  }
+
   public boolean isClientIpEnabled() {
     return clientIpEnabled;
   }
@@ -2340,6 +2511,14 @@ public UserEventTrackingMode getAppSecUserEventsTrackingMode() {
     return appSecUserEventsTracking;
   }
 
+  public boolean isApiSecurityEnabled() {
+    return apiSecurityEnabled;
+  }
+
+  public float getApiSecurityRequestSampleRate() {
+    return apiSecurityRequestSampleRate;
+  }
+
   public ProductActivation getIastActivation() {
     return instrumenterConfig.getIastActivation();
   }
@@ -2376,6 +2555,14 @@ public String getIastRedactionValuePattern() {
     return iastRedactionValuePattern;
   }
 
+  public int getIastTruncationMaxValueLength() {
+    return iastTruncationMaxValueLength;
+  }
+
+  public int getIastMaxRangeCount() {
+    return iastMaxRangeCount;
+  }
+
   public boolean isCiVisibilityEnabled() {
     return instrumenterConfig.isCiVisibilityEnabled();
   }
@@ -2437,6 +2624,10 @@ public boolean isCiVisibilityAutoConfigurationEnabled() {
     return ciVisibilityAutoConfigurationEnabled;
   }
 
+  public String getCiVisibilityAdditionalChildProcessJvmArgs() {
+    return ciVisibilityAdditionalChildProcessJvmArgs;
+  }
+
   public boolean isCiVisibilityCompilerPluginAutoConfigurationEnabled() {
     return ciVisibilityCompilerPluginAutoConfigurationEnabled;
   }
@@ -2445,6 +2636,14 @@ public boolean isCiVisibilityCodeCoverageEnabled() {
     return ciVisibilityCodeCoverageEnabled;
   }
 
+  public boolean isCiVisibilityCodeCoveragePercentageCalculationEnabled() {
+    return ciVisibilityCodeCoveragePercentageCalculationEnabled;
+  }
+
+  public String getCiVisibilityCodeCoverageReportDumpDir() {
+    return ciVisibilityCodeCoverageReportDumpDir;
+  }
+
   public String getCiVisibilityCompilerPluginVersion() {
     return ciVisibilityCompilerPluginVersion;
   }
@@ -2465,6 +2664,10 @@ public String[] getCiVisibilityJacocoPluginExcludedClassnames() {
     return ciVisibilityJacocoPluginExcludedClassnames;
   }
 
+  public List<String> getCiVisibilityJacocoGradleSourceSets() {
+    return ciVisibilityJacocoGradleSourceSets;
+  }
+
   public Integer getCiVisibilityDebugPort() {
     return ciVisibilityDebugPort;
   }
@@ -2605,6 +2808,22 @@ public int getDebuggerCaptureTimeout() {
     return debuggerCaptureTimeout;
   }
 
+  public boolean isDebuggerSymbolEnabled() {
+    return debuggerSymbolEnabled;
+  }
+
+  public boolean isDebuggerSymbolForceUpload() {
+    return debuggerSymbolEnabled;
+  }
+
+  public String getDebuggerSymbolIncludes() {
+    return debuggerSymbolIncludes;
+  }
+
+  public int getDebuggerSymbolFlushThreshold() {
+    return debuggerSymbolFlushThreshold;
+  }
+
   public String getFinalDebuggerProbeUrl() {
     // by default poll from datadog agent
     return "http://" + agentHost + ":" + agentPort;
@@ -2615,10 +2834,22 @@ public String getFinalDebuggerSnapshotUrl() {
     return agentUrl + "/debugger/v1/input";
   }
 
+  public String getFinalDebuggerSymDBUrl() {
+    return agentUrl + "/symdb/v1/input";
+  }
+
   public String getDebuggerProbeFileLocation() {
     return debuggerProbeFileLocation;
   }
 
+  public String getDebuggerRedactedIdentifiers() {
+    return debuggerRedactedIdentifiers;
+  }
+
+  public String getDebuggerRedactedTypes() {
+    return debuggerRedactedTypes;
+  }
+
   public boolean isAwsPropagationEnabled() {
     return awsPropagationEnabled;
   }
@@ -2783,6 +3014,14 @@ public BitSet getGrpcClientErrorStatuses() {
     return grpcClientErrorStatuses;
   }
 
+  public boolean isElasticsearchBodyEnabled() {
+    return elasticsearchBodyEnabled;
+  }
+
+  public boolean isElasticsearchParamsEnabled() {
+    return elasticsearchParamsEnabled;
+  }
+
   public boolean isElasticsearchBodyAndParamsEnabled() {
     return elasticsearchBodyAndParamsEnabled;
   }
@@ -2791,6 +3030,10 @@ public boolean isSparkTaskHistogramEnabled() {
     return sparkTaskHistogramEnabled;
   }
 
+  public boolean isJaxRsExceptionAsErrorEnabled() {
+    return jaxRsExceptionAsErrorsEnabled;
+  }
+
   /** @return A map of tags to be applied only to the local application root span. */
   public Map<String, Object> getLocalRootSpanTags() {
     final Map<String, String> runtimeTags = getRuntimeTags();
@@ -3140,14 +3383,14 @@ public boolean isPropagationEnabled(
 
   public boolean isLegacyTracingEnabled(
       final boolean defaultEnabled, final String... integrationNames) {
-    return SpanNaming.instance().namingSchema().allowFakeServices()
+    return SpanNaming.instance().namingSchema().allowInferredServices()
         && configProvider.isEnabled(
             Arrays.asList(integrationNames), "", ".legacy.tracing.enabled", defaultEnabled);
   }
 
   public boolean isTimeInQueueEnabled(
       final boolean defaultEnabled, final String... integrationNames) {
-    return SpanNaming.instance().namingSchema().allowFakeServices()
+    return SpanNaming.instance().namingSchema().allowInferredServices()
         && configProvider.isEnabled(
             Arrays.asList(integrationNames), "", ".time-in-queue.enabled", defaultEnabled);
   }
@@ -3230,6 +3473,10 @@ public static boolean traceAnalyticsIntegrationEnabled(
     return Config.get().isTraceAnalyticsIntegrationEnabled(integrationNames, defaultEnabled);
   }
 
+  public boolean isTelemetryDebugRequestsEnabled() {
+    return telemetryDebugRequestsEnabled;
+  }
+
   private <T> Set<T> getSettingsSetFromEnvironment(
       String name, Function<String, T> mapper, boolean splitOnWS) {
     final String value = configProvider.getString(name, "");
@@ -3402,7 +3649,7 @@ private static boolean isWindowsOS() {
   private static String getEnv(String name) {
     String value = System.getenv(name);
     if (value != null) {
-      ConfigCollector.get().put(name, value);
+      ConfigCollector.get().put(name, value, ConfigOrigin.ENV);
     }
     return value;
   }
@@ -3425,7 +3672,7 @@ private static String getProp(String name) {
   private static String getProp(String name, String def) {
     String value = System.getProperty(name, def);
     if (value != null) {
-      ConfigCollector.get().put(name, value);
+      ConfigCollector.get().put(name, value, ConfigOrigin.JVM_PROP);
     }
     return value;
   }
@@ -3433,7 +3680,11 @@ private static String getProp(String name, String def) {
   // This has to be placed after all other static fields to give them a chance to initialize
   @SuppressFBWarnings("SI_INSTANCE_BEFORE_FINALS_ASSIGNED")
   private static final Config INSTANCE =
-      new Config(ConfigProvider.getInstance(), InstrumenterConfig.get());
+      new Config(
+          Platform.isNativeImageBuilder()
+              ? ConfigProvider.withoutCollector()
+              : ConfigProvider.getInstance(),
+          InstrumenterConfig.get());
 
   public static Config get() {
     return INSTANCE;
@@ -3555,6 +3806,8 @@ public String toString() {
         + dbClientSplitByInstance
         + ", dbClientSplitByInstanceTypeSuffix="
         + dbClientSplitByInstanceTypeSuffix
+        + ", dbClientSplitByHost="
+        + dbClientSplitByHost
         + ", DBMPropagationMode="
         + DBMPropagationMode
         + ", splitByTags="
@@ -3764,7 +4017,7 @@ public String toString() {
         + '\''
         + ", idGenerationStrategy="
         + idGenerationStrategy
-        + ", trace128bitTraceIdGenerationEnabled"
+        + ", trace128bitTraceIdGenerationEnabled="
         + trace128bitTraceIdGenerationEnabled
         + ", grpcIgnoredInboundMethods="
         + grpcIgnoredInboundMethods
@@ -3787,6 +4040,10 @@ public String toString() {
         + appSecWafTimeout
         + " us, appSecHttpBlockedTemplateJson="
         + appSecHttpBlockedTemplateJson
+        + ", apiSecurityEnabled="
+        + apiSecurityEnabled
+        + ", apiSecurityRequestSampleRate="
+        + apiSecurityRequestSampleRate
         + ", cwsEnabled="
         + cwsEnabled
         + ", cwsTlsRefresh="
@@ -3795,6 +4052,10 @@ public String toString() {
         + longRunningTraceEnabled
         + ", longRunningTraceFlushInterval="
         + longRunningTraceFlushInterval
+        + ", elasticsearchBodyEnabled="
+        + elasticsearchBodyEnabled
+        + ", elasticsearchParamsEnabled="
+        + elasticsearchParamsEnabled
         + ", elasticsearchBodyAndParamsEnabled="
         + elasticsearchBodyAndParamsEnabled
         + ", traceFlushInterval="
@@ -3805,6 +4066,20 @@ public String toString() {
         + logsInjectionEnabled
         + ", sparkTaskHistogramEnabled="
         + sparkTaskHistogramEnabled
+        + ", jaxRsExceptionAsErrorsEnabled="
+        + jaxRsExceptionAsErrorsEnabled
+        + ", peerServiceDefaultsEnabled="
+        + peerServiceDefaultsEnabled
+        + ", peerServiceComponentOverrides="
+        + peerServiceComponentOverrides
+        + ", removeIntegrationServiceNamesEnabled="
+        + removeIntegrationServiceNamesEnabled
+        + ", spanAttributeSchemaVersion="
+        + spanAttributeSchemaVersion
+        + ", telemetryDebugRequestsEnabled="
+        + telemetryDebugRequestsEnabled
+        + ", telemetryMetricsEnabled="
+        + telemetryMetricsEnabled
         + '}';
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/ConfigCollector.java b/internal-api/src/main/java/datadog/trace/api/ConfigCollector.java
index 223ac2905e6..c55f1f309b0 100644
--- a/internal-api/src/main/java/datadog/trace/api/ConfigCollector.java
+++ b/internal-api/src/main/java/datadog/trace/api/ConfigCollector.java
@@ -1,10 +1,7 @@
 package datadog.trace.api;
 
-import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.Map;
-import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicReferenceFieldUpdater;
 
@@ -14,32 +11,32 @@
  * consumers. So this is based on a ConcurrentHashMap to deal with it.
  */
 public class ConfigCollector {
-
-  private static final Set<String> CONFIG_FILTER_LIST =
-      new HashSet<>(
-          Arrays.asList("DD_API_KEY", "dd.api-key", "dd.profiling.api-key", "dd.profiling.apikey"));
-
   private static final ConfigCollector INSTANCE = new ConfigCollector();
 
   private static final AtomicReferenceFieldUpdater<ConfigCollector, Map> COLLECTED_UPDATER =
       AtomicReferenceFieldUpdater.newUpdater(ConfigCollector.class, Map.class, "collected");
 
-  private volatile Map<String, Object> collected = new ConcurrentHashMap<>();
+  private volatile Map<String, ConfigSetting> collected = new ConcurrentHashMap<>();
 
   public static ConfigCollector get() {
     return INSTANCE;
   }
 
-  public void put(String key, Object value) {
-    collected.put(key, filterConfigEntry(key, value));
+  public void put(String key, Object value, ConfigOrigin origin) {
+    ConfigSetting setting = new ConfigSetting(key, value, origin);
+    collected.put(key, setting);
   }
 
-  public void putAll(Map<String, Object> keysAndValues) {
+  public void putAll(Map<String, Object> keysAndValues, ConfigOrigin origin) {
     // attempt merge+replace to avoid collector seeing partial update
-    Map<String, Object> merged = new ConcurrentHashMap<>(keysAndValues);
-    merged.replaceAll(ConfigCollector::filterConfigEntry);
+    Map<String, ConfigSetting> merged =
+        new ConcurrentHashMap<>(keysAndValues.size() + collected.size());
+    for (Map.Entry<String, Object> entry : keysAndValues.entrySet()) {
+      ConfigSetting setting = new ConfigSetting(entry.getKey(), entry.getValue(), origin);
+      merged.put(entry.getKey(), setting);
+    }
     while (true) {
-      Map<String, Object> current = collected;
+      Map<String, ConfigSetting> current = collected;
       current.forEach(merged::putIfAbsent);
       if (COLLECTED_UPDATER.compareAndSet(this, current, merged)) {
         break; // success
@@ -50,15 +47,11 @@ public void putAll(Map<String, Object> keysAndValues) {
   }
 
   @SuppressWarnings("unchecked")
-  public Map<String, Object> collect() {
+  public Map<String, ConfigSetting> collect() {
     if (!collected.isEmpty()) {
       return COLLECTED_UPDATER.getAndSet(this, new ConcurrentHashMap<>());
     } else {
       return Collections.emptyMap();
     }
   }
-
-  private static Object filterConfigEntry(String key, Object value) {
-    return CONFIG_FILTER_LIST.contains(key) ? "<hidden>" : value;
-  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/ConfigOrigin.java b/internal-api/src/main/java/datadog/trace/api/ConfigOrigin.java
new file mode 100644
index 00000000000..3f46985758a
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/ConfigOrigin.java
@@ -0,0 +1,18 @@
+package datadog.trace.api;
+
+public enum ConfigOrigin {
+  /** configurations that are set through environment variables */
+  ENV("env_var"),
+  /** values that are set using remote config */
+  REMOTE("remote_config"),
+  /** configurations that are set through JVM properties */
+  JVM_PROP("jvm_prop"),
+  /** set when the user has not set any configuration for the key (defaults to a value) */
+  DEFAULT("default");
+
+  public final String value;
+
+  ConfigOrigin(String value) {
+    this.value = value;
+  }
+}
diff --git a/internal-api/src/main/java/datadog/trace/api/ConfigSetting.java b/internal-api/src/main/java/datadog/trace/api/ConfigSetting.java
new file mode 100644
index 00000000000..ac4471fbae1
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/ConfigSetting.java
@@ -0,0 +1,52 @@
+package datadog.trace.api;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.Set;
+
+public final class ConfigSetting {
+  public final String key;
+  public final Object value;
+  public final ConfigOrigin origin;
+
+  private static final Set<String> CONFIG_FILTER_LIST =
+      new HashSet<>(
+          Arrays.asList("DD_API_KEY", "dd.api-key", "dd.profiling.api-key", "dd.profiling.apikey"));
+
+  private static Object filterConfigEntry(String key, Object value) {
+    return CONFIG_FILTER_LIST.contains(key) ? "<hidden>" : value;
+  }
+
+  public ConfigSetting(String key, Object value, ConfigOrigin origin) {
+    this.key = key;
+    this.value = filterConfigEntry(key, value);
+    this.origin = origin;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+    ConfigSetting that = (ConfigSetting) o;
+    return key.equals(that.key) && Objects.equals(value, that.value) && origin == that.origin;
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(key, value, origin);
+  }
+
+  @Override
+  public String toString() {
+    return "ConfigSetting{"
+        + "key='"
+        + key
+        + '\''
+        + ", value="
+        + value
+        + ", origin="
+        + origin
+        + '}';
+  }
+}
diff --git a/internal-api/src/main/java/datadog/trace/api/DynamicConfig.java b/internal-api/src/main/java/datadog/trace/api/DynamicConfig.java
index d93dd08eb2f..23fbe76d8f5 100644
--- a/internal-api/src/main/java/datadog/trace/api/DynamicConfig.java
+++ b/internal-api/src/main/java/datadog/trace/api/DynamicConfig.java
@@ -20,7 +20,16 @@
 import java.util.function.BiFunction;
 import java.util.function.Function;
 
-/** Manages dynamic configuration for a particular {@link Tracer} instance. */
+/**
+ * Config that can be dynamically updated via remote-config
+ *
+ * <p>Only a small subset of config is currently supported
+ *
+ * <p>Not every config should be dynamic because there are performance implications
+ *
+ * @see InstrumenterConfig for pre-instrumentation configurations
+ * @see Config for other configurations
+ */
 public final class DynamicConfig<S extends DynamicConfig.Snapshot> {
 
   static final Function<Map.Entry<String, String>, String> KEY = DynamicConfig::key;
@@ -126,6 +135,7 @@ public Builder setServiceMapping(Map<String, String> serviceMapping) {
       return setServiceMapping(serviceMapping.entrySet());
     }
 
+    @SuppressWarnings("deprecation")
     public Builder setHeaderTags(Map<String, String> headerTags) {
       if (Config.get().getRequestHeaderTags().equals(headerTags)
           && !Config.get().getResponseHeaderTags().equals(headerTags)) {
@@ -236,9 +246,10 @@ static void reportConfigChange(Snapshot newSnapshot) {
 
     maybePut(update, TRACE_SAMPLE_RATE, newSnapshot.traceSampleRate);
 
-    ConfigCollector.get().putAll(update);
+    ConfigCollector.get().putAll(update, ConfigOrigin.REMOTE);
   }
 
+  @SuppressWarnings("SameParameterValue")
   private static void maybePut(Map<String, Object> update, String key, Object value) {
     if (null != value) {
       update.put(key, value);
diff --git a/internal-api/src/main/java/datadog/trace/api/InstrumenterConfig.java b/internal-api/src/main/java/datadog/trace/api/InstrumenterConfig.java
index 3c9603763ba..56838ad3067 100644
--- a/internal-api/src/main/java/datadog/trace/api/InstrumenterConfig.java
+++ b/internal-api/src/main/java/datadog/trace/api/InstrumenterConfig.java
@@ -11,6 +11,7 @@
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TELEMETRY_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_128_BIT_TRACEID_LOGGING_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_ANNOTATIONS;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_ANNOTATION_ASYNC;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_EXECUTORS_ALL;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_TRACE_METHODS;
@@ -25,6 +26,7 @@
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_DIRECT_ALLOCATION_ENABLED_DEFAULT;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_ENABLED;
 import static datadog.trace.api.config.ProfilingConfig.PROFILING_ENABLED_DEFAULT;
+import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_URL_CONNECTION_CLASS_NAME;
 import static datadog.trace.api.config.TraceInstrumentationConfig.INTEGRATIONS_ENABLED;
 import static datadog.trace.api.config.TraceInstrumentationConfig.JDBC_CONNECTION_CLASS_NAME;
 import static datadog.trace.api.config.TraceInstrumentationConfig.JDBC_PREPARED_STATEMENT_CLASS_NAME;
@@ -35,10 +37,12 @@
 import static datadog.trace.api.config.TraceInstrumentationConfig.RESOLVER_NAMES_ARE_UNIQUE;
 import static datadog.trace.api.config.TraceInstrumentationConfig.RESOLVER_RESET_INTERVAL;
 import static datadog.trace.api.config.TraceInstrumentationConfig.RESOLVER_USE_LOADCLASS;
+import static datadog.trace.api.config.TraceInstrumentationConfig.RESOLVER_USE_URL_CACHES;
 import static datadog.trace.api.config.TraceInstrumentationConfig.RUNTIME_CONTEXT_FIELD_INJECTION;
 import static datadog.trace.api.config.TraceInstrumentationConfig.SERIALVERSIONUID_FIELD_INJECTION;
 import static datadog.trace.api.config.TraceInstrumentationConfig.TRACE_128_BIT_TRACEID_LOGGING_ENABLED;
 import static datadog.trace.api.config.TraceInstrumentationConfig.TRACE_ANNOTATIONS;
+import static datadog.trace.api.config.TraceInstrumentationConfig.TRACE_ANNOTATION_ASYNC;
 import static datadog.trace.api.config.TraceInstrumentationConfig.TRACE_CLASSES_EXCLUDE;
 import static datadog.trace.api.config.TraceInstrumentationConfig.TRACE_CLASSES_EXCLUDE_FILE;
 import static datadog.trace.api.config.TraceInstrumentationConfig.TRACE_CLASSLOADERS_EXCLUDE;
@@ -61,6 +65,21 @@
 import java.util.Map;
 import java.util.Set;
 
+/**
+ * This config is needed before instrumentation is applied
+ *
+ * <p>For example anything that changes what advice is applied, or what classes are instrumented
+ *
+ * <p>This config will be baked into native-images at build time, because instrumentation is also
+ * baked in at that point
+ *
+ * <p>Config that is accessed from inside advice, for example during application runtime after the
+ * advice has been applied, shouldn't be in {@link InstrumenterConfig} (it really should just be
+ * config that must be there ahead of instrumentation)
+ *
+ * @see DynamicConfig for configuration that can be dynamically updated via remote-config
+ * @see Config for other configurations
+ */
 public class InstrumenterConfig {
   private final ConfigProvider configProvider;
 
@@ -83,6 +102,8 @@ public class InstrumenterConfig {
   private final String jdbcPreparedStatementClassName;
   private final String jdbcConnectionClassName;
 
+  private final String httpURLConnectionClassName;
+
   private final boolean directAllocationProfilingEnabled;
 
   private final List<String> excludedClasses;
@@ -94,12 +115,14 @@ public class InstrumenterConfig {
   private final String resolverCacheDir;
   private final boolean resolverNamesAreUnique;
   private final boolean resolverUseLoadClass;
+  private final Boolean resolverUseUrlCaches;
   private final int resolverResetInterval;
 
   private final boolean runtimeContextFieldInjection;
   private final boolean serialVersionUIDFieldInjection;
 
   private final String traceAnnotations;
+  private final boolean traceAnnotationAsync;
   private final Map<String, Set<String>> traceMethods;
   private final Map<String, Set<String>> measureMethods;
 
@@ -154,6 +177,8 @@ private InstrumenterConfig() {
         configProvider.getString(JDBC_PREPARED_STATEMENT_CLASS_NAME, "");
     jdbcConnectionClassName = configProvider.getString(JDBC_CONNECTION_CLASS_NAME, "");
 
+    httpURLConnectionClassName = configProvider.getString(HTTP_URL_CONNECTION_CLASS_NAME, "");
+
     directAllocationProfilingEnabled =
         configProvider.getBoolean(
             PROFILING_DIRECT_ALLOCATION_ENABLED, PROFILING_DIRECT_ALLOCATION_ENABLED_DEFAULT);
@@ -169,6 +194,7 @@ private InstrumenterConfig() {
     resolverCacheDir = configProvider.getString(RESOLVER_CACHE_DIR);
     resolverNamesAreUnique = configProvider.getBoolean(RESOLVER_NAMES_ARE_UNIQUE, false);
     resolverUseLoadClass = configProvider.getBoolean(RESOLVER_USE_LOADCLASS, true);
+    resolverUseUrlCaches = configProvider.getBoolean(RESOLVER_USE_URL_CACHES);
     resolverResetInterval =
         Platform.isNativeImageBuilder()
             ? 0
@@ -182,6 +208,8 @@ private InstrumenterConfig() {
             SERIALVERSIONUID_FIELD_INJECTION, DEFAULT_SERIALVERSIONUID_FIELD_INJECTION);
 
     traceAnnotations = configProvider.getString(TRACE_ANNOTATIONS, DEFAULT_TRACE_ANNOTATIONS);
+    traceAnnotationAsync =
+        configProvider.getBoolean(TRACE_ANNOTATION_ASYNC, DEFAULT_TRACE_ANNOTATION_ASYNC);
     traceMethods =
         MethodFilterConfigParser.parse(
             configProvider.getString(TRACE_METHODS, DEFAULT_TRACE_METHODS));
@@ -264,6 +292,10 @@ public String getJdbcConnectionClassName() {
     return jdbcConnectionClassName;
   }
 
+  public String getHttpURLConnectionClassName() {
+    return httpURLConnectionClassName;
+  }
+
   public boolean isDirectAllocationProfilingEnabled() {
     return directAllocationProfilingEnabled;
   }
@@ -320,6 +352,10 @@ public boolean isResolverUseLoadClass() {
     return resolverUseLoadClass;
   }
 
+  public Boolean isResolverUseUrlCaches() {
+    return resolverUseUrlCaches;
+  }
+
   public int getResolverResetInterval() {
     return resolverResetInterval;
   }
@@ -336,6 +372,15 @@ public String getTraceAnnotations() {
     return traceAnnotations;
   }
 
+  /**
+   * Check whether asynchronous result types are supported with @Trace annotation.
+   *
+   * @return {@code true} if supported, {@code false} otherwise.
+   */
+  public boolean isTraceAnnotationAsync() {
+    return traceAnnotationAsync;
+  }
+
   public Map<String, Set<String>> getTraceMethods() {
     return traceMethods;
   }
@@ -408,6 +453,9 @@ public String toString() {
         + ", jdbcConnectionClassName='"
         + jdbcConnectionClassName
         + '\''
+        + ", httpURLConnectionClassName='"
+        + httpURLConnectionClassName
+        + '\''
         + ", excludedClasses="
         + excludedClasses
         + ", excludedClassesFile="
@@ -424,6 +472,8 @@ public String toString() {
         + resolverNamesAreUnique
         + ", resolverUseLoadClass="
         + resolverUseLoadClass
+        + ", resolverUseUrlCaches="
+        + resolverUseUrlCaches
         + ", resolverResetInterval="
         + resolverResetInterval
         + ", runtimeContextFieldInjection="
@@ -433,6 +483,8 @@ public String toString() {
         + ", traceAnnotations='"
         + traceAnnotations
         + '\''
+        + ", traceAnnotationAsync="
+        + traceAnnotationAsync
         + ", traceMethods='"
         + traceMethods
         + '\''
diff --git a/internal-api/src/main/java/datadog/trace/api/ResolverCacheConfig.java b/internal-api/src/main/java/datadog/trace/api/ResolverCacheConfig.java
index 7b9840a4479..476b4240f85 100644
--- a/internal-api/src/main/java/datadog/trace/api/ResolverCacheConfig.java
+++ b/internal-api/src/main/java/datadog/trace/api/ResolverCacheConfig.java
@@ -95,7 +95,7 @@ public int typePoolSize() {
     }
   },
 
-  /** The old {@code DDCachingPoolStrategy} behaviour. */
+  /** No outlining or memoizing. */
   LEGACY {
     @Override
     public int noMatchesSize() {
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/InstrumentationBridge.java b/internal-api/src/main/java/datadog/trace/api/civisibility/InstrumentationBridge.java
index e748375687a..8278c735825 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/InstrumentationBridge.java
+++ b/internal-api/src/main/java/datadog/trace/api/civisibility/InstrumentationBridge.java
@@ -2,10 +2,10 @@
 
 import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;
 
+import datadog.trace.api.civisibility.coverage.CoverageDataSupplier;
 import datadog.trace.api.civisibility.coverage.CoverageProbeStore;
 import datadog.trace.api.civisibility.events.BuildEventsHandler;
 import datadog.trace.api.civisibility.events.TestEventsHandler;
-import datadog.trace.api.civisibility.source.SourcePathResolver;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
@@ -14,10 +14,12 @@
 public abstract class InstrumentationBridge {
 
   public static final String ITR_SKIP_REASON = "Skipped by Datadog Intelligent Test Runner";
+  public static final String ITR_UNSKIPPABLE_TAG = "datadog_itr_unskippable";
 
   private static volatile TestEventsHandler.Factory TEST_EVENTS_HANDLER_FACTORY;
   private static volatile BuildEventsHandler.Factory BUILD_EVENTS_HANDLER_FACTORY;
-  private static volatile CoverageProbeStore.Factory COVERAGE_PROBE_STORE_FACTORY;
+  private static volatile CoverageProbeStore.Registry COVERAGE_PROBE_STORE_REGISTRY;
+  private static volatile CoverageDataSupplier COVERAGE_DATA_SUPPLIER;
 
   public static void registerTestEventsHandlerFactory(
       TestEventsHandler.Factory testEventsHandlerFactory) {
@@ -37,17 +39,21 @@ public static <U> BuildEventsHandler<U> createBuildEventsHandler() {
     return BUILD_EVENTS_HANDLER_FACTORY.create();
   }
 
-  public static void registerCoverageProbeStoreFactory(
-      CoverageProbeStore.Factory coverageProbeStoreFactory) {
-    COVERAGE_PROBE_STORE_FACTORY = coverageProbeStoreFactory;
+  public static void registerCoverageProbeStoreRegistry(
+      CoverageProbeStore.Registry coverageProbeStoreRegistry) {
+    COVERAGE_PROBE_STORE_REGISTRY = coverageProbeStoreRegistry;
   }
 
-  public static CoverageProbeStore.Factory getCoverageProbeStoreFactory() {
-    return COVERAGE_PROBE_STORE_FACTORY;
+  public static CoverageProbeStore.Registry getCoverageProbeStoreRegistry() {
+    return COVERAGE_PROBE_STORE_REGISTRY;
   }
 
-  public static CoverageProbeStore createCoverageProbeStore(SourcePathResolver sourcePathResolver) {
-    return COVERAGE_PROBE_STORE_FACTORY.create(sourcePathResolver);
+  public static void registerCoverageDataSupplier(CoverageDataSupplier coverageDataSupplier) {
+    COVERAGE_DATA_SUPPLIER = coverageDataSupplier;
+  }
+
+  public static byte[] getCoverageData() {
+    return COVERAGE_DATA_SUPPLIER != null ? COVERAGE_DATA_SUPPLIER.get() : null;
   }
 
   /* This method is referenced by name in bytecode added in the jacoco module */
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/civisibility/config/Configurations.java b/internal-api/src/main/java/datadog/trace/api/civisibility/config/Configurations.java
similarity index 100%
rename from dd-trace-api/src/main/java/datadog/trace/api/civisibility/config/Configurations.java
rename to internal-api/src/main/java/datadog/trace/api/civisibility/config/Configurations.java
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/config/ModuleExecutionSettings.java b/internal-api/src/main/java/datadog/trace/api/civisibility/config/ModuleExecutionSettings.java
index 682071e6e28..4a0fc01cd76 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/config/ModuleExecutionSettings.java
+++ b/internal-api/src/main/java/datadog/trace/api/civisibility/config/ModuleExecutionSettings.java
@@ -7,14 +7,31 @@
 
 public class ModuleExecutionSettings {
 
+  private final boolean codeCoverageEnabled;
+  private final boolean itrEnabled;
   private final Map<String, String> systemProperties;
   private final Map<String, List<SkippableTest>> skippableTestsByModule;
+  private final List<String> coverageEnabledPackages;
 
   public ModuleExecutionSettings(
+      boolean codeCoverageEnabled,
+      boolean itrEnabled,
       Map<String, String> systemProperties,
-      Map<String, List<SkippableTest>> skippableTestsByModule) {
+      Map<String, List<SkippableTest>> skippableTestsByModule,
+      List<String> coverageEnabledPackages) {
+    this.codeCoverageEnabled = codeCoverageEnabled;
+    this.itrEnabled = itrEnabled;
     this.systemProperties = systemProperties;
     this.skippableTestsByModule = skippableTestsByModule;
+    this.coverageEnabledPackages = coverageEnabledPackages;
+  }
+
+  public boolean isCodeCoverageEnabled() {
+    return codeCoverageEnabled;
+  }
+
+  public boolean isItrEnabled() {
+    return itrEnabled;
   }
 
   public Map<String, String> getSystemProperties() {
@@ -24,4 +41,8 @@ public Map<String, String> getSystemProperties() {
   public Collection<SkippableTest> getSkippableTests(String relativeModulePath) {
     return skippableTestsByModule.getOrDefault(relativeModulePath, Collections.emptyList());
   }
+
+  public List<String> getCoverageEnabledPackages() {
+    return coverageEnabledPackages;
+  }
 }
diff --git a/dd-trace-api/src/main/java/datadog/trace/api/civisibility/config/SkippableTest.java b/internal-api/src/main/java/datadog/trace/api/civisibility/config/SkippableTest.java
similarity index 100%
rename from dd-trace-api/src/main/java/datadog/trace/api/civisibility/config/SkippableTest.java
rename to internal-api/src/main/java/datadog/trace/api/civisibility/config/SkippableTest.java
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageDataSupplier.java b/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageDataSupplier.java
new file mode 100644
index 00000000000..a3909674eeb
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageDataSupplier.java
@@ -0,0 +1,5 @@
+package datadog.trace.api.civisibility.coverage;
+
+public interface CoverageDataSupplier {
+  byte[] get();
+}
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageProbeStore.java b/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageProbeStore.java
index ba860a442d1..89f70ab5530 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageProbeStore.java
+++ b/internal-api/src/main/java/datadog/trace/api/civisibility/coverage/CoverageProbeStore.java
@@ -1,15 +1,11 @@
 package datadog.trace.api.civisibility.coverage;
 
-import datadog.trace.api.civisibility.source.SourcePathResolver;
-
 public interface CoverageProbeStore extends TestReportHolder {
   void record(Class<?> clazz, long classId, String className, int probeId);
 
   void report(Long testSessionId, Long testSuiteId, long spanId);
 
-  interface Factory {
+  interface Registry {
     void setTotalProbeCount(String className, int totalProbeCount);
-
-    CoverageProbeStore create(SourcePathResolver sourcePathResolver);
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/events/BuildEventsHandler.java b/internal-api/src/main/java/datadog/trace/api/civisibility/events/BuildEventsHandler.java
index bebfd27a573..da566843136 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/events/BuildEventsHandler.java
+++ b/internal-api/src/main/java/datadog/trace/api/civisibility/events/BuildEventsHandler.java
@@ -1,8 +1,11 @@
 package datadog.trace.api.civisibility.events;
 
 import datadog.trace.api.civisibility.config.ModuleExecutionSettings;
+import java.io.File;
 import java.nio.file.Path;
+import java.util.Collection;
 import java.util.Map;
+import javax.annotation.Nullable;
 
 public interface BuildEventsHandler<T> {
   void onTestSessionStart(
@@ -18,7 +21,10 @@ void onTestSessionStart(
   void onTestSessionFinish(T sessionKey);
 
   ModuleInfo onTestModuleStart(
-      T sessionKey, String moduleName, String startCommand, Map<String, Object> additionalTags);
+      T sessionKey,
+      String moduleName,
+      Collection<File> outputClassesDirs,
+      @Nullable Map<String, Object> additionalTags);
 
   void onTestModuleSkip(T sessionKey, String moduleName, String reason);
 
diff --git a/internal-api/src/main/java/datadog/trace/api/civisibility/events/TestEventsHandler.java b/internal-api/src/main/java/datadog/trace/api/civisibility/events/TestEventsHandler.java
index 903f4d4e636..81eb3ef8626 100644
--- a/internal-api/src/main/java/datadog/trace/api/civisibility/events/TestEventsHandler.java
+++ b/internal-api/src/main/java/datadog/trace/api/civisibility/events/TestEventsHandler.java
@@ -5,7 +5,6 @@
 import java.lang.reflect.Method;
 import java.nio.file.Path;
 import java.util.Collection;
-import java.util.List;
 import javax.annotation.Nullable;
 
 public interface TestEventsHandler extends Closeable {
@@ -66,7 +65,7 @@ void onTestIgnore(
       @Nullable String testFramework,
       @Nullable String testFrameworkVersion,
       @Nullable String testParameters,
-      @Nullable List<String> categories,
+      @Nullable Collection<String> categories,
       @Nullable Class<?> testClass,
       @Nullable String testMethodName,
       @Nullable Method testMethod,
diff --git a/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java b/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java
index a61b892447e..5bbb2744531 100644
--- a/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java
+++ b/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java
@@ -8,7 +8,7 @@
 
 /**
  * The {@code CapturedEnvironment} instance keeps those {@code Config} values which are platform
- * dependant. Notice that this class must be consider internal. You should not depend on it
+ * dependant. Notice that this class must be considered internal. You should not depend on it
  * directly.
  */
 public class CapturedEnvironment {
diff --git a/internal-api/src/main/java/datadog/trace/api/gateway/BlockResponseFunction.java b/internal-api/src/main/java/datadog/trace/api/gateway/BlockResponseFunction.java
index 63060852b6c..f5917e8e899 100644
--- a/internal-api/src/main/java/datadog/trace/api/gateway/BlockResponseFunction.java
+++ b/internal-api/src/main/java/datadog/trace/api/gateway/BlockResponseFunction.java
@@ -1,9 +1,21 @@
 package datadog.trace.api.gateway;
 
 import datadog.appsec.api.blocking.BlockingContentType;
+import datadog.trace.api.internal.TraceSegment;
 import java.util.Map;
 
 public interface BlockResponseFunction {
+  /**
+   * Commits blocking response.
+   *
+   * <p>It's responsible for calling {@link TraceSegment#effectivelyBlocked()} before the span is
+   * finished.
+   *
+   * @return true unless blocking could not be attempted
+   */
   boolean tryCommitBlockingResponse(
-      int statusCode, BlockingContentType templateType, Map<String, String> extraHeaders);
+      TraceSegment segment,
+      int statusCode,
+      BlockingContentType templateType,
+      Map<String, String> extraHeaders);
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java b/internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java
index 524edab0935..e36be39b59d 100644
--- a/internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java
+++ b/internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java
@@ -381,18 +381,35 @@ private <C> C universalCallback(final EventType<C> eventType) {
     switch (eventType.getId()) {
       case REQUEST_ENDED_ID:
         return (C)
-            new BiFunction<RequestContext, IGSpanInfo, Flow<Void>>() {
-              @Override
-              public Flow<Void> apply(RequestContext ctx, IGSpanInfo agentSpan) {
-                Flow<Void> flowAppSec =
-                    ((BiFunction<RequestContext, IGSpanInfo, Flow<Void>>) callbackAppSec)
-                        .apply(ctx, agentSpan);
-                Flow<Void> flowIast =
-                    ((BiFunction<RequestContext, IGSpanInfo, Flow<Void>>) callbackIast)
-                        .apply(ctx, agentSpan);
-                return mergeFlows(flowAppSec, flowIast);
-              }
-            };
+            (BiFunction<RequestContext, IGSpanInfo, Flow<Void>>)
+                (ctx, agentSpan) -> {
+                  Flow<Void> flowAppSec =
+                      ((BiFunction<RequestContext, IGSpanInfo, Flow<Void>>) callbackAppSec)
+                          .apply(ctx, agentSpan);
+                  Flow<Void> flowIast =
+                      ((BiFunction<RequestContext, IGSpanInfo, Flow<Void>>) callbackIast)
+                          .apply(ctx, agentSpan);
+                  return mergeFlows(flowAppSec, flowIast);
+                };
+      case REQUEST_HEADER_ID:
+        return (C)
+            (TriConsumer<RequestContext, String, String>)
+                (requestContext, s, s2) -> {
+                  ((TriConsumer<RequestContext, String, String>) callbackAppSec)
+                      .accept(requestContext, s, s2);
+                  ((TriConsumer<RequestContext, String, String>) callbackIast)
+                      .accept(requestContext, s, s2);
+                };
+      case REQUEST_HEADER_DONE_ID:
+        return (C)
+            (Function<RequestContext, Flow<Void>>)
+                requestContext -> {
+                  Flow<Void> flowAppSec =
+                      ((Function<RequestContext, Flow<Void>>) callbackAppSec).apply(requestContext);
+                  Flow<Void> flowIast =
+                      ((Function<RequestContext, Flow<Void>>) callbackIast).apply(requestContext);
+                  return mergeFlows(flowAppSec, flowIast);
+                };
     }
     return null;
   }
diff --git a/internal-api/src/main/java/datadog/trace/api/gateway/RequestContext.java b/internal-api/src/main/java/datadog/trace/api/gateway/RequestContext.java
index 0b5dc165896..cef89020eab 100644
--- a/internal-api/src/main/java/datadog/trace/api/gateway/RequestContext.java
+++ b/internal-api/src/main/java/datadog/trace/api/gateway/RequestContext.java
@@ -2,6 +2,7 @@
 
 import datadog.trace.api.internal.TraceSegment;
 import java.io.Closeable;
+import java.io.IOException;
 
 /**
  * This is the context that will travel along with the request and be presented to the
@@ -15,4 +16,31 @@ public interface RequestContext extends Closeable {
   void setBlockResponseFunction(BlockResponseFunction blockResponseFunction);
 
   BlockResponseFunction getBlockResponseFunction();
+
+  class Noop implements RequestContext {
+    public static final RequestContext INSTANCE = new Noop();
+
+    private Noop() {}
+
+    @Override
+    public <T> T getData(RequestContextSlot slot) {
+      return null;
+    }
+
+    @Override
+    public TraceSegment getTraceSegment() {
+      return TraceSegment.NoOp.INSTANCE;
+    }
+
+    @Override
+    public void setBlockResponseFunction(BlockResponseFunction blockResponseFunction) {}
+
+    @Override
+    public BlockResponseFunction getBlockResponseFunction() {
+      return null;
+    }
+
+    @Override
+    public void close() throws IOException {}
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/git/GitInfoProvider.java b/internal-api/src/main/java/datadog/trace/api/git/GitInfoProvider.java
index 5e20f81aa5d..86e0f41381c 100644
--- a/internal-api/src/main/java/datadog/trace/api/git/GitInfoProvider.java
+++ b/internal-api/src/main/java/datadog/trace/api/git/GitInfoProvider.java
@@ -8,9 +8,11 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.function.Function;
-import java.util.stream.Collectors;
+import java.util.function.Predicate;
 import javax.annotation.Nullable;
 
 public class GitInfoProvider {
@@ -46,59 +48,107 @@ public GitInfo getGitInfo(@Nullable String repositoryPath) {
   }
 
   private GitInfo buildGitInfo(String repositoryPath) {
-    List<GitInfo> infos =
-        builders.stream()
-            .map(builder -> builder.build(repositoryPath))
-            .collect(Collectors.toList());
-
-    String commitSha = firstNonBlank(infos, gi -> gi.getCommit().getSha());
+    Evaluator evaluator = new Evaluator(repositoryPath, builders);
     return new GitInfo(
-        firstNonBlank(infos, gi -> GitUtils.filterSensitiveInfo(gi.getRepositoryURL())),
-        firstNonBlank(infos, GitInfo::getBranch),
-        firstNonBlank(infos, GitInfo::getTag),
+        evaluator.get(
+            gi -> GitUtils.filterSensitiveInfo(gi.getRepositoryURL()),
+            GitInfoProvider::validateGitRemoteUrl),
+        evaluator.get(GitInfo::getBranch, Strings::isNotBlank),
+        evaluator.get(GitInfo::getTag, Strings::isNotBlank),
         new CommitInfo(
-            commitSha,
+            evaluator.get(gi1 -> gi1.getCommit().getSha(), Strings::isNotBlank),
             new PersonInfo(
-                firstNonBlankWithMatchingCommit(
-                    infos, commitSha, gi -> gi.getCommit().getAuthor().getName()),
-                firstNonBlankWithMatchingCommit(
-                    infos, commitSha, gi -> gi.getCommit().getAuthor().getEmail()),
-                firstNonBlankWithMatchingCommit(
-                    infos, commitSha, gi -> gi.getCommit().getAuthor().getIso8601Date())),
+                evaluator.getIfCommitShaMatches(
+                    gi -> gi.getCommit().getAuthor().getName(), Strings::isNotBlank),
+                evaluator.getIfCommitShaMatches(
+                    gi -> gi.getCommit().getAuthor().getEmail(), Strings::isNotBlank),
+                evaluator.getIfCommitShaMatches(
+                    gi -> gi.getCommit().getAuthor().getIso8601Date(), Strings::isNotBlank)),
             new PersonInfo(
-                firstNonBlankWithMatchingCommit(
-                    infos, commitSha, gi -> gi.getCommit().getCommitter().getName()),
-                firstNonBlankWithMatchingCommit(
-                    infos, commitSha, gi -> gi.getCommit().getCommitter().getEmail()),
-                firstNonBlankWithMatchingCommit(
-                    infos, commitSha, gi -> gi.getCommit().getCommitter().getIso8601Date())),
-            firstNonBlankWithMatchingCommit(
-                infos, commitSha, gi -> gi.getCommit().getFullMessage())));
+                evaluator.getIfCommitShaMatches(
+                    gi -> gi.getCommit().getCommitter().getName(), Strings::isNotBlank),
+                evaluator.getIfCommitShaMatches(
+                    gi -> gi.getCommit().getCommitter().getEmail(), Strings::isNotBlank),
+                evaluator.getIfCommitShaMatches(
+                    gi -> gi.getCommit().getCommitter().getIso8601Date(), Strings::isNotBlank)),
+            evaluator.getIfCommitShaMatches(
+                gi -> gi.getCommit().getFullMessage(), Strings::isNotBlank)));
   }
 
-  private static String firstNonBlank(
-      Iterable<GitInfo> gitInfos, Function<GitInfo, String> function) {
-    for (GitInfo gitInfo : gitInfos) {
-      String result = function.apply(gitInfo);
-      if (Strings.isNotBlank(result)) {
-        return result;
-      }
-    }
-    return null;
+  private static boolean validateGitRemoteUrl(String s) {
+    // we cannot work with URL that uses "file://" protocol
+    return Strings.isNotBlank(s) && !s.startsWith("file:");
   }
 
-  private static String firstNonBlankWithMatchingCommit(
-      Iterable<GitInfo> gitInfos, String commitSha, Function<GitInfo, String> function) {
-    for (GitInfo gitInfo : gitInfos) {
-      if (commitSha != null && !commitSha.equalsIgnoreCase(gitInfo.getCommit().getSha())) {
-        continue;
+  /**
+   * Uses provided GitInfoBuilder instances to get GitInfo data.
+   *
+   * <p>Provided builders are sorted according to priority: those builders that are first in the
+   * list have higher priority.
+   *
+   * <p>GitInfo is evaluated at most once for each builder, and the evaluation is lazy: if all
+   * required info can be retrieved from a higher-priority builder, those with lower priority will
+   * not be evaluated.
+   */
+  private static final class Evaluator {
+    private final String repositoryPath;
+    private final Map<GitInfoBuilder, GitInfo> infos;
+
+    private Evaluator(String repositoryPath, Collection<GitInfoBuilder> builders) {
+      this.repositoryPath = repositoryPath;
+      this.infos = new LinkedHashMap<>();
+      for (GitInfoBuilder builder : builders) {
+        infos.put(builder, null);
       }
-      String result = function.apply(gitInfo);
-      if (Strings.isNotBlank(result)) {
-        return result;
+    }
+
+    private String get(Function<GitInfo, String> function, Predicate<String> validator) {
+      return get(function, validator, false);
+    }
+
+    /**
+     * If a builder with a higher priority has commit SHA that differs from that of a builder with
+     * lower priority, lower-priority info will be ignored.
+     */
+    private String getIfCommitShaMatches(
+        Function<GitInfo, String> function, Predicate<String> validator) {
+      return get(function, validator, true);
+    }
+
+    private String get(
+        Function<GitInfo, String> function,
+        Predicate<String> validator,
+        boolean checkShaIntegrity) {
+      String commitSha = null;
+      for (Map.Entry<GitInfoBuilder, GitInfo> e : infos.entrySet()) {
+        GitInfo info = e.getValue();
+        if (info == null) {
+          GitInfoBuilder builder = e.getKey();
+          info = builder.build(repositoryPath);
+          e.setValue(info);
+        }
+
+        if (checkShaIntegrity) {
+          CommitInfo currentCommit = info.getCommit();
+          String currentCommitSha = currentCommit != null ? currentCommit.getSha() : null;
+          if (Strings.isNotBlank(currentCommitSha)) {
+            if (commitSha == null) {
+              commitSha = currentCommitSha;
+            } else if (!commitSha.equals(currentCommitSha)) {
+              // We already have a commit SHA from source that has higher priority.
+              // Commit SHA from current source is different, so we have to skip it
+              continue;
+            }
+          }
+        }
+
+        String result = function.apply(info);
+        if (validator.test(result)) {
+          return result;
+        }
       }
+      return null;
     }
-    return null;
   }
 
   public synchronized void registerGitInfoBuilder(GitInfoBuilder builder) {
@@ -108,4 +158,8 @@ public synchronized void registerGitInfoBuilder(GitInfoBuilder builder) {
     builders = updatedBuilders;
     gitInfoCache.clear();
   }
+
+  public synchronized void invalidateCache() {
+    gitInfoCache.clear();
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/http/StoredCharBody.java b/internal-api/src/main/java/datadog/trace/api/http/StoredCharBody.java
index 36323bad529..b09d8967a0e 100644
--- a/internal-api/src/main/java/datadog/trace/api/http/StoredCharBody.java
+++ b/internal-api/src/main/java/datadog/trace/api/http/StoredCharBody.java
@@ -158,9 +158,11 @@ public synchronized void maybeNotifyAndBlock() {
       BlockResponseFunction blockResponseFunction = httpContext.getBlockResponseFunction();
       if (blockResponseFunction != null) {
         blockResponseFunction.tryCommitBlockingResponse(
-            rba.getStatusCode(), rba.getBlockingContentType(), rba.getExtraHeaders());
+            httpContext.getTraceSegment(),
+            rba.getStatusCode(),
+            rba.getBlockingContentType(),
+            rba.getExtraHeaders());
       }
-      httpContext.getTraceSegment().effectivelyBlocked();
       throw new BlockingException("Blocked request (for request body stream read)");
     }
   }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/IastContext.java b/internal-api/src/main/java/datadog/trace/api/iast/IastContext.java
new file mode 100644
index 00000000000..85fdbc91764
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/iast/IastContext.java
@@ -0,0 +1,44 @@
+package datadog.trace.api.iast;
+
+import datadog.trace.api.gateway.RequestContext;
+import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import javax.annotation.Nullable;
+
+/**
+ * Initial encapsulation of the IAST context to be able to isolate it from the request. Ideally we
+ * should move away from IastRequestContext and start using this interface as much as possible
+ */
+public interface IastContext {
+
+  /**
+   * Some scala instrumentations failed with public static methods inside an interface, that's the
+   * reason behind an inner class.
+   */
+  abstract class Provider {
+
+    private Provider() {}
+
+    @Nullable
+    public static IastContext get() {
+      return get(AgentTracer.activeSpan());
+    }
+
+    @Nullable
+    public static IastContext get(final AgentSpan span) {
+      if (span == null) {
+        return null;
+      }
+      return get(span.getRequestContext());
+    }
+
+    @Nullable
+    public static IastContext get(final RequestContext reqCtx) {
+      if (reqCtx == null) {
+        return null;
+      }
+      return reqCtx.getData(RequestContextSlot.IAST);
+    }
+  }
+}
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/IastDetectionMode.java b/internal-api/src/main/java/datadog/trace/api/iast/IastDetectionMode.java
index d44d4642dd7..5b5becc4df7 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/IastDetectionMode.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/IastDetectionMode.java
@@ -2,10 +2,12 @@
 
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_DEDUPLICATION_ENABLED;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_MAX_CONCURRENT_REQUESTS;
+import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_MAX_RANGE_COUNT;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REQUEST_SAMPLING;
 import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_VULNERABILITIES_PER_REQUEST;
 import static datadog.trace.api.config.IastConfig.IAST_DEDUPLICATION_ENABLED;
 import static datadog.trace.api.config.IastConfig.IAST_MAX_CONCURRENT_REQUESTS;
+import static datadog.trace.api.config.IastConfig.IAST_MAX_RANGE_COUNT;
 import static datadog.trace.api.config.IastConfig.IAST_REQUEST_SAMPLING;
 import static datadog.trace.api.config.IastConfig.IAST_VULNERABILITIES_PER_REQUEST;
 
@@ -33,6 +35,11 @@ public float getIastRequestSampling(@Nonnull final ConfigProvider config) {
     public boolean isIastDeduplicationEnabled(@Nonnull final ConfigProvider config) {
       return false;
     }
+
+    @Override
+    public int getIastMaxRangeCount(@Nonnull final ConfigProvider config) {
+      return Integer.MAX_VALUE;
+    }
   },
 
   DEFAULT {
@@ -56,6 +63,11 @@ public float getIastRequestSampling(@Nonnull final ConfigProvider config) {
     public boolean isIastDeduplicationEnabled(@Nonnull final ConfigProvider config) {
       return config.getBoolean(IAST_DEDUPLICATION_ENABLED, DEFAULT_IAST_DEDUPLICATION_ENABLED);
     }
+
+    @Override
+    public int getIastMaxRangeCount(@Nonnull final ConfigProvider config) {
+      return config.getInteger(IAST_MAX_RANGE_COUNT, DEFAULT_IAST_MAX_RANGE_COUNT);
+    }
   };
 
   public static final int UNLIMITED = Integer.MIN_VALUE;
@@ -67,4 +79,6 @@ public boolean isIastDeduplicationEnabled(@Nonnull final ConfigProvider config)
   public abstract float getIastRequestSampling(@Nonnull ConfigProvider config);
 
   public abstract boolean isIastDeduplicationEnabled(@Nonnull ConfigProvider config);
+
+  public abstract int getIastMaxRangeCount(@Nonnull ConfigProvider config);
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/InstrumentationBridge.java b/internal-api/src/main/java/datadog/trace/api/iast/InstrumentationBridge.java
index 73b40a06576..d00e5473f2e 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/InstrumentationBridge.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/InstrumentationBridge.java
@@ -4,6 +4,7 @@
 import datadog.trace.api.iast.propagation.PropagationModule;
 import datadog.trace.api.iast.propagation.StringModule;
 import datadog.trace.api.iast.sink.CommandInjectionModule;
+import datadog.trace.api.iast.sink.HstsMissingHeaderModule;
 import datadog.trace.api.iast.sink.HttpResponseHeaderModule;
 import datadog.trace.api.iast.sink.InsecureCookieModule;
 import datadog.trace.api.iast.sink.LdapInjectionModule;
@@ -17,16 +18,15 @@
 import datadog.trace.api.iast.sink.WeakCipherModule;
 import datadog.trace.api.iast.sink.WeakHashModule;
 import datadog.trace.api.iast.sink.WeakRandomnessModule;
+import datadog.trace.api.iast.sink.XContentTypeModule;
 import datadog.trace.api.iast.sink.XPathInjectionModule;
 import datadog.trace.api.iast.sink.XssModule;
-import datadog.trace.api.iast.source.WebModule;
 
 /** Bridge between instrumentations and {@link IastModule} instances. */
 public abstract class InstrumentationBridge {
 
   public static volatile StringModule STRING;
   public static volatile CodecModule CODEC;
-  public static volatile WebModule WEB;
   public static volatile SqlInjectionModule SQL_INJECTION;
   public static volatile PathTraversalModule PATH_TRAVERSAL;
   public static volatile CommandInjectionModule COMMAND_INJECTION;
@@ -41,6 +41,10 @@ public abstract class InstrumentationBridge {
   public static volatile UnvalidatedRedirectModule UNVALIDATED_REDIRECT;
   public static volatile WeakRandomnessModule WEAK_RANDOMNESS;
   public static volatile HttpResponseHeaderModule RESPONSE_HEADER_MODULE;
+  public static volatile HstsMissingHeaderModule HSTS_MISSING_HEADER_MODULE;
+
+  public static volatile XContentTypeModule X_CONTENT_TYPE_HEADER_MODULE;
+
   public static volatile TrustBoundaryViolationModule TRUST_BOUNDARY_VIOLATION;
 
   public static volatile XPathInjectionModule XPATH_INJECTION;
@@ -54,8 +58,6 @@ public static void registerIastModule(final IastModule module) {
       STRING = (StringModule) module;
     } else if (module instanceof CodecModule) {
       CODEC = (CodecModule) module;
-    } else if (module instanceof WebModule) {
-      WEB = (WebModule) module;
     } else if (module instanceof SqlInjectionModule) {
       SQL_INJECTION = (SqlInjectionModule) module;
     } else if (module instanceof PathTraversalModule) {
@@ -84,6 +86,10 @@ public static void registerIastModule(final IastModule module) {
       WEAK_RANDOMNESS = (WeakRandomnessModule) module;
     } else if (module instanceof HttpResponseHeaderModule) {
       RESPONSE_HEADER_MODULE = (HttpResponseHeaderModule) module;
+    } else if (module instanceof HstsMissingHeaderModule) {
+      HSTS_MISSING_HEADER_MODULE = (HstsMissingHeaderModule) module;
+    } else if (module instanceof XContentTypeModule) {
+      X_CONTENT_TYPE_HEADER_MODULE = (XContentTypeModule) module;
     } else if (module instanceof XPathInjectionModule) {
       XPATH_INJECTION = (XPathInjectionModule) module;
     } else if (module instanceof TrustBoundaryViolationModule) {
@@ -96,6 +102,7 @@ public static void registerIastModule(final IastModule module) {
   }
 
   /** Mainly used for testing modules */
+  @SuppressWarnings("unchecked")
   public static <E extends IastModule> E getIastModule(final Class<E> type) {
     if (type == StringModule.class) {
       return (E) STRING;
@@ -103,9 +110,6 @@ public static <E extends IastModule> E getIastModule(final Class<E> type) {
     if (type == CodecModule.class) {
       return (E) CODEC;
     }
-    if (type == WebModule.class) {
-      return (E) WEB;
-    }
     if (type == SqlInjectionModule.class) {
       return (E) SQL_INJECTION;
     }
@@ -151,6 +155,12 @@ public static <E extends IastModule> E getIastModule(final Class<E> type) {
     if (type == HttpResponseHeaderModule.class) {
       return (E) RESPONSE_HEADER_MODULE;
     }
+    if (type == HstsMissingHeaderModule.class) {
+      return (E) HSTS_MISSING_HEADER_MODULE;
+    }
+    if (type == XContentTypeModule.class) {
+      return (E) X_CONTENT_TYPE_HEADER_MODULE;
+    }
     if (type == TrustBoundaryViolationModule.class) {
       return (E) TRUST_BOUNDARY_VIOLATION;
     }
@@ -164,7 +174,6 @@ public static <E extends IastModule> E getIastModule(final Class<E> type) {
   public static void clearIastModules() {
     STRING = null;
     CODEC = null;
-    WEB = null;
     SQL_INJECTION = null;
     PATH_TRAVERSAL = null;
     COMMAND_INJECTION = null;
@@ -179,6 +188,8 @@ public static void clearIastModules() {
     UNVALIDATED_REDIRECT = null;
     WEAK_RANDOMNESS = null;
     RESPONSE_HEADER_MODULE = null;
+    HSTS_MISSING_HEADER_MODULE = null;
+    X_CONTENT_TYPE_HEADER_MODULE = null;
     XPATH_INJECTION = null;
     TRUST_BOUNDARY_VIOLATION = null;
     XSS = null;
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/Sink.java b/internal-api/src/main/java/datadog/trace/api/iast/Sink.java
index 40964fbce08..c7e53d20e8c 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/Sink.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/Sink.java
@@ -9,5 +9,5 @@
 @Retention(RetentionPolicy.RUNTIME)
 public @interface Sink {
   /** Vulnerability type */
-  String value();
+  byte value();
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/Source.java b/internal-api/src/main/java/datadog/trace/api/iast/Source.java
index 01e3d8df509..0cf222b59e9 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/Source.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/Source.java
@@ -9,5 +9,5 @@
 @Retention(RetentionPolicy.RUNTIME)
 public @interface Source {
   /** Source type */
-  String value();
+  byte value();
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/SourceTypes.java b/internal-api/src/main/java/datadog/trace/api/iast/SourceTypes.java
index b2473e87b59..cd6f9a0d058 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/SourceTypes.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/SourceTypes.java
@@ -4,44 +4,57 @@ public abstract class SourceTypes {
 
   private SourceTypes() {}
 
-  public static final byte NONE = 0;
+  public static final byte NONE = -1;
 
-  public static final byte REQUEST_PARAMETER_NAME = 1;
+  public static final byte REQUEST_PARAMETER_NAME = 0;
   public static final String REQUEST_PARAMETER_NAME_STRING = "http.request.parameter.name";
-  public static final byte REQUEST_PARAMETER_VALUE = 2;
+  public static final byte REQUEST_PARAMETER_VALUE = 1;
   public static final String REQUEST_PARAMETER_VALUE_STRING = "http.request.parameter";
-  public static final byte REQUEST_HEADER_NAME = 3;
+  public static final byte REQUEST_HEADER_NAME = 2;
   public static final String REQUEST_HEADER_NAME_STRING = "http.request.header.name";
-  public static final byte REQUEST_HEADER_VALUE = 4;
+  public static final byte REQUEST_HEADER_VALUE = 3;
   public static final String REQUEST_HEADER_VALUE_STRING = "http.request.header";
-  public static final byte REQUEST_COOKIE_NAME = 5;
+  public static final byte REQUEST_COOKIE_NAME = 4;
   public static final String REQUEST_COOKIE_NAME_STRING = "http.request.cookie.name";
-  public static final byte REQUEST_COOKIE_VALUE = 6;
+  public static final byte REQUEST_COOKIE_VALUE = 5;
   public static final String REQUEST_COOKIE_VALUE_STRING = "http.request.cookie.value";
-  public static final byte REQUEST_BODY = 7;
+  public static final byte REQUEST_BODY = 6;
   public static final String REQUEST_BODY_STRING = "http.request.body";
-  public static final byte REQUEST_QUERY = 8;
+  public static final byte REQUEST_QUERY = 7;
   public static final String REQUEST_QUERY_STRING = "http.request.query";
-  public static final byte REQUEST_PATH_PARAMETER = 9;
+  public static final byte REQUEST_PATH_PARAMETER = 8;
   public static final String REQUEST_PATH_PARAMETER_STRING = "http.request.path.parameter";
-  public static final byte REQUEST_MATRIX_PARAMETER = 10;
+  public static final byte REQUEST_MATRIX_PARAMETER = 9;
   public static final String REQUEST_MATRIX_PARAMETER_STRING = "http.request.matrix.parameter";
+  public static final byte REQUEST_MULTIPART_PARAMETER = 10;
+  public static final String REQUEST_MULTIPART_PARAMETER_STRING =
+      "http.request.multipart.parameter";
+  public static final byte REQUEST_URI = 11;
+  public static final String REQUEST_URI_STRING = "http.request.uri";
+  public static final byte REQUEST_PATH = 12;
+  public static final String REQUEST_PATH_STRING = "http.request.path";
+  public static final byte GRPC_BODY = 13;
+  public static final String GRPC_BODY_STRING = "grpc.request.body";
 
-  private static final String[] values = {
-    REQUEST_PARAMETER_NAME_STRING,
-    REQUEST_PARAMETER_VALUE_STRING,
-    REQUEST_HEADER_NAME_STRING,
-    REQUEST_HEADER_VALUE_STRING,
-    REQUEST_COOKIE_NAME_STRING,
-    REQUEST_COOKIE_VALUE_STRING,
-    REQUEST_BODY_STRING,
-    REQUEST_QUERY_STRING,
-    REQUEST_PATH_PARAMETER_STRING,
-    REQUEST_MATRIX_PARAMETER_STRING
+  private static final byte[] VALUES = {
+    REQUEST_PARAMETER_NAME,
+    REQUEST_PARAMETER_VALUE,
+    REQUEST_HEADER_NAME,
+    REQUEST_HEADER_VALUE,
+    REQUEST_COOKIE_NAME,
+    REQUEST_COOKIE_VALUE,
+    REQUEST_BODY,
+    REQUEST_QUERY,
+    REQUEST_PATH_PARAMETER,
+    REQUEST_MATRIX_PARAMETER,
+    REQUEST_MULTIPART_PARAMETER,
+    REQUEST_PATH,
+    REQUEST_URI,
+    GRPC_BODY
   };
 
-  public static String[] values() {
-    return values;
+  public static byte[] values() {
+    return VALUES;
   }
 
   public static String toString(final byte sourceType) {
@@ -66,6 +79,14 @@ public static String toString(final byte sourceType) {
         return SourceTypes.REQUEST_PATH_PARAMETER_STRING;
       case SourceTypes.REQUEST_MATRIX_PARAMETER:
         return SourceTypes.REQUEST_MATRIX_PARAMETER_STRING;
+      case SourceTypes.REQUEST_MULTIPART_PARAMETER:
+        return SourceTypes.REQUEST_MULTIPART_PARAMETER_STRING;
+      case SourceTypes.REQUEST_PATH:
+        return SourceTypes.REQUEST_PATH_STRING;
+      case SourceTypes.REQUEST_URI:
+        return SourceTypes.REQUEST_URI_STRING;
+      case SourceTypes.GRPC_BODY:
+        return SourceTypes.GRPC_BODY_STRING;
       default:
         return null;
     }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityMarks.java b/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityMarks.java
index 1b96c7e4b81..b28309b11c1 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityMarks.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityMarks.java
@@ -4,6 +4,8 @@ public class VulnerabilityMarks {
 
   private VulnerabilityMarks() {}
 
+  public static final int NOT_MARKED = 0;
+
   public static final int XPATH_INJECTION_MARK = 1;
   public static final int SQL_INJECTION_MARK = 1 << 1;
   public static final int COMMAND_INJECTION_MARK = 1 << 2;
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityTypes.java b/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityTypes.java
index 4cb381e6068..74e5a8ce22b 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityTypes.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/VulnerabilityTypes.java
@@ -4,32 +4,64 @@ public abstract class VulnerabilityTypes {
 
   private VulnerabilityTypes() {}
 
-  public static final String WEAK_CIPHER = "WEAK_CIPHER";
-  public static final String WEAK_HASH = "WEAK_HASH";
-  public static final String SQL_INJECTION = "SQL_INJECTION";
-  public static final String COMMAND_INJECTION = "COMMAND_INJECTION";
-  public static final String PATH_TRAVERSAL = "PATH_TRAVERSAL";
-  public static final String LDAP_INJECTION = "LDAP_INJECTION";
-  public static final String SSRF = "SSRF";
-  public static final String INSECURE_COOKIE = "INSECURE_COOKIE";
-  public static final String NO_HTTPONLY_COOKIE = "NO_HTTPONLY_COOKIE";
-  public static final String NO_SAMESITE_COOKIE = "NO_SAMESITE_COOKIE";
-  public static final String UNVALIDATED_REDIRECT = "UNVALIDATED_REDIRECT";
-  public static final String WEAK_RANDOMNESS = "WEAK_RANDOMNESS";
-  public static final String XPATH_INJECTION = "XPATH_INJECTION";
-
-  public static final String TRUST_BOUNDARY_VIOLATION = "TRUST_BOUNDARY_VIOLATION";
-
-  public static final String XSS = "XSS";
+  public static final byte WEAK_CIPHER = 0;
+  public static final String WEAK_CIPHER_STRING = "WEAK_CIPHER";
+  public static final byte WEAK_HASH = 1;
+  public static final String WEAK_HASH_STRING = "WEAK_HASH";
+  public static final byte SQL_INJECTION = 2;
+  public static final String SQL_INJECTION_STRING = "SQL_INJECTION";
+  public static final byte COMMAND_INJECTION = 3;
+  public static final String COMMAND_INJECTION_STRING = "COMMAND_INJECTION";
+  public static final byte PATH_TRAVERSAL = 4;
+  public static final String PATH_TRAVERSAL_STRING = "PATH_TRAVERSAL";
+  public static final byte LDAP_INJECTION = 5;
+  public static final String LDAP_INJECTION_STRING = "LDAP_INJECTION";
+  public static final byte SSRF = 6;
+  public static final String SSRF_STRING = "SSRF";
+  public static final byte INSECURE_COOKIE = 7;
+  public static final String INSECURE_COOKIE_STRING = "INSECURE_COOKIE";
+  public static final byte NO_HTTPONLY_COOKIE = 8;
+  public static final String NO_HTTPONLY_COOKIE_STRING = "NO_HTTPONLY_COOKIE";
+  public static final byte HSTS_HEADER_MISSING = 9;
+  public static final String HSTS_HEADER_MISSING_STRING = "HSTS_HEADER_MISSING";
+  public static final byte XCONTENTTYPE_HEADER_MISSING = 10;
+  public static final String XCONTENTTYPE_HEADER_MISSING_STRING = "XCONTENTTYPE_HEADER_MISSING";
+  public static final byte NO_SAMESITE_COOKIE = 11;
+  public static final String NO_SAMESITE_COOKIE_STRING = "NO_SAMESITE_COOKIE";
+  public static final byte UNVALIDATED_REDIRECT = 12;
+  public static final String UNVALIDATED_REDIRECT_STRING = "UNVALIDATED_REDIRECT";
+  public static final byte WEAK_RANDOMNESS = 13;
+  public static final String WEAK_RANDOMNESS_STRING = "WEAK_RANDOMNESS";
+  public static final byte XPATH_INJECTION = 14;
+  public static final String XPATH_INJECTION_STRING = "XPATH_INJECTION";
+  public static final byte TRUST_BOUNDARY_VIOLATION = 15;
+  public static final String TRUST_BOUNDARY_VIOLATION_STRING = "TRUST_BOUNDARY_VIOLATION";
+  public static final byte XSS = 16;
+  public static final String XSS_STRING = "XSS";
+
   /**
    * Use for telemetry only, this is a special vulnerability type that is not reported, reported
    * values will be {@link #RESPONSE_HEADER_TYPES}
    */
-  public static final String RESPONSE_HEADER = "RESPONSE_HEADER";
+  public static final byte RESPONSE_HEADER = -128;
+
+  public static final byte[] RESPONSE_HEADER_TYPES = {
+    UNVALIDATED_REDIRECT,
+    INSECURE_COOKIE,
+    NO_SAMESITE_COOKIE,
+    XCONTENTTYPE_HEADER_MISSING,
+    HSTS_HEADER_MISSING
+  };
 
-  public static final String[] RESPONSE_HEADER_TYPES = {UNVALIDATED_REDIRECT, INSECURE_COOKIE};
+  /**
+   * Use for telemetry only, this is a special vulnerability type that is not reported, reported
+   * values will be {@link #SPRING_RESPONSE_TYPES}
+   */
+  public static final byte SPRING_RESPONSE = -127;
+  /** Use for spring unvalidated redirect and xss */
+  public static final byte[] SPRING_RESPONSE_TYPES = {UNVALIDATED_REDIRECT, XSS};
 
-  private static final String[] values = {
+  private static final byte[] VALUES = {
     WEAK_CIPHER,
     WEAK_HASH,
     SQL_INJECTION,
@@ -43,10 +75,54 @@ private VulnerabilityTypes() {}
     WEAK_RANDOMNESS,
     XPATH_INJECTION,
     TRUST_BOUNDARY_VIOLATION,
+    HSTS_HEADER_MISSING,
+    XCONTENTTYPE_HEADER_MISSING,
+    NO_SAMESITE_COOKIE,
     XSS
   };
 
-  public static String[] values() {
-    return values;
+  public static byte[] values() {
+    return VALUES;
+  }
+
+  public static String toString(final byte sourceType) {
+    switch (sourceType) {
+      case VulnerabilityTypes.WEAK_CIPHER:
+        return VulnerabilityTypes.WEAK_CIPHER_STRING;
+      case VulnerabilityTypes.WEAK_HASH:
+        return VulnerabilityTypes.WEAK_HASH_STRING;
+      case VulnerabilityTypes.SQL_INJECTION:
+        return VulnerabilityTypes.SQL_INJECTION_STRING;
+      case VulnerabilityTypes.COMMAND_INJECTION:
+        return VulnerabilityTypes.COMMAND_INJECTION_STRING;
+      case VulnerabilityTypes.PATH_TRAVERSAL:
+        return VulnerabilityTypes.PATH_TRAVERSAL_STRING;
+      case VulnerabilityTypes.LDAP_INJECTION:
+        return VulnerabilityTypes.LDAP_INJECTION_STRING;
+      case VulnerabilityTypes.SSRF:
+        return VulnerabilityTypes.SSRF_STRING;
+      case VulnerabilityTypes.INSECURE_COOKIE:
+        return VulnerabilityTypes.INSECURE_COOKIE_STRING;
+      case VulnerabilityTypes.NO_HTTPONLY_COOKIE:
+        return VulnerabilityTypes.NO_HTTPONLY_COOKIE_STRING;
+      case VulnerabilityTypes.UNVALIDATED_REDIRECT:
+        return VulnerabilityTypes.UNVALIDATED_REDIRECT_STRING;
+      case VulnerabilityTypes.WEAK_RANDOMNESS:
+        return VulnerabilityTypes.WEAK_RANDOMNESS_STRING;
+      case VulnerabilityTypes.XPATH_INJECTION:
+        return VulnerabilityTypes.XPATH_INJECTION_STRING;
+      case VulnerabilityTypes.TRUST_BOUNDARY_VIOLATION:
+        return VulnerabilityTypes.TRUST_BOUNDARY_VIOLATION_STRING;
+      case VulnerabilityTypes.HSTS_HEADER_MISSING:
+        return VulnerabilityTypes.HSTS_HEADER_MISSING_STRING;
+      case VulnerabilityTypes.XCONTENTTYPE_HEADER_MISSING:
+        return VulnerabilityTypes.XCONTENTTYPE_HEADER_MISSING_STRING;
+      case VulnerabilityTypes.NO_SAMESITE_COOKIE:
+        return VulnerabilityTypes.NO_SAMESITE_COOKIE_STRING;
+      case VulnerabilityTypes.XSS:
+        return VulnerabilityTypes.XSS_STRING;
+      default:
+        return null;
+    }
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/propagation/PropagationModule.java b/internal-api/src/main/java/datadog/trace/api/iast/propagation/PropagationModule.java
index 5143d59d81a..4ac30f9456e 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/propagation/PropagationModule.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/propagation/PropagationModule.java
@@ -1,62 +1,182 @@
 package datadog.trace.api.iast.propagation;
 
+import datadog.trace.api.iast.IastContext;
 import datadog.trace.api.iast.IastModule;
-import datadog.trace.api.iast.Taintable;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
+import datadog.trace.api.iast.Taintable.Source;
+import java.util.function.Predicate;
 import javax.annotation.Nullable;
 
+/** Main API for propagation of tainted values, */
+@SuppressWarnings("unused")
 public interface PropagationModule extends IastModule {
 
-  void taintIfInputIsTainted(@Nullable Object toTaint, @Nullable Object input);
+  /** @see #taint(IastContext, Object, byte) */
+  void taint(@Nullable Object target, byte origin);
 
-  void taintIfInputIsTainted(@Nullable String toTaint, @Nullable Object input);
+  /**
+   * Taints the object with a source with the selected origin and no name, if target is a char
+   * sequence it will be used as value
+   */
+  void taint(@Nullable IastContext ctx, @Nullable Object target, byte origin);
+
+  /** @see #taint(IastContext, Object, byte, CharSequence) */
+  void taint(@Nullable Object target, byte origin, @Nullable CharSequence name);
+
+  /**
+   * Taints the object with a source with the selected origin and name, if target is a char sequence
+   * it will be used as value
+   */
+  void taint(
+      @Nullable IastContext ctx, @Nullable Object target, byte origin, @Nullable CharSequence name);
 
-  void taintIfInputIsTainted(
-      byte origin, @Nullable String name, @Nullable String toTaint, @Nullable Object input);
+  /** @see #taint(IastContext, Object, byte, CharSequence, CharSequence) */
+  void taint(
+      @Nullable Object target,
+      byte origin,
+      @Nullable CharSequence name,
+      @Nullable CharSequence value);
 
-  void taintIfInputIsTainted(
+  /** Taints the object with a source with the selected origin, name and value */
+  void taint(
+      @Nullable IastContext ctx,
+      @Nullable Object target,
       byte origin,
-      @Nullable String name,
-      @Nullable Collection<String> toTaint,
-      @Nullable Object input);
+      @Nullable CharSequence name,
+      @Nullable CharSequence value);
+
+  /** @see #taintIfTainted(IastContext, Object, Object) */
+  void taintIfTainted(@Nullable Object target, @Nullable Object input);
+
+  /**
+   * Taints the object only if the input value is tainted. If tainted, it will use the highest
+   * priority source of the input to taint the object.
+   */
+  void taintIfTainted(@Nullable IastContext ctx, @Nullable Object target, @Nullable Object input);
+
+  /** @see #taintIfTainted(IastContext, Object, Object, boolean, int) */
+  void taintIfTainted(
+      @Nullable Object target, @Nullable Object input, boolean keepRanges, int mark);
+
+  /**
+   * Taints the object only if the input value is tainted. It will try to reuse sources from the
+   * input value according to:
+   *
+   * <ul>
+   *   <li>keepRanges=true will reuse the ranges from the input tainted value and mark them
+   *   <li>keepRanges=false will use the highest priority source from the input ranges and mark it
+   * </ul>
+   */
+  void taintIfTainted(
+      @Nullable IastContext ctx,
+      @Nullable Object target,
+      @Nullable Object input,
+      boolean keepRanges,
+      int mark);
+
+  /** @see #taintIfTainted(IastContext, Object, Object, byte) */
+  void taintIfTainted(@Nullable Object target, @Nullable Object input, byte origin);
 
-  void taintIfInputIsTainted(
-      byte origin, @Nullable Collection<String> toTaint, @Nullable Object input);
+  /**
+   * Taints the object only if the input value is tainted, the resulting value will be tainted using
+   * a source with the specified origin and no name, if target is a char sequence it will be used as
+   * value
+   */
+  void taintIfTainted(
+      @Nullable IastContext ctx, @Nullable Object target, @Nullable Object input, byte origin);
 
-  void taintIfInputIsTainted(
-      byte origin, @Nullable List<Map.Entry<String, String>> toTaint, @Nullable Object input);
+  /** @see #taintIfTainted(IastContext, Object, Object, byte, CharSequence) */
+  void taintIfTainted(
+      @Nullable Object target, @Nullable Object input, byte origin, @Nullable CharSequence name);
 
-  void taintIfAnyInputIsTainted(@Nullable Object toTaint, @Nullable Object... inputs);
+  /**
+   * Taints the object only if the input value is tainted, the resulting value will be tainted using
+   * a source with the specified origin and name, if target is a char sequence it will be used as
+   * value
+   */
+  void taintIfTainted(
+      @Nullable IastContext ctx,
+      @Nullable Object target,
+      @Nullable Object input,
+      byte origin,
+      @Nullable CharSequence name);
 
-  void taint(byte source, @Nullable String name, @Nullable String value);
+  /** @see #taintIfTainted(IastContext, Object, Object, byte, CharSequence, CharSequence) */
+  void taintIfTainted(
+      @Nullable Object target,
+      @Nullable Object input,
+      byte origin,
+      @Nullable CharSequence name,
+      @Nullable CharSequence value);
 
-  void taint(@Nullable Object ctx_, byte source, @Nullable String name, @Nullable String value);
+  /**
+   * Taints the object only if the input value is tainted, the resulting value will be tainted using
+   * a source with the specified origin, name and value.
+   */
+  void taintIfTainted(
+      @Nullable IastContext ctx,
+      @Nullable Object target,
+      @Nullable Object input,
+      byte origin,
+      @Nullable CharSequence name,
+      @Nullable CharSequence value);
 
-  void taintObjectIfInputIsTaintedKeepingRanges(
-      @Nullable final Object toTaint, @Nullable Object input);
+  /** @see #taintIfAnyTainted(IastContext, Object, Object[]) */
+  void taintIfAnyTainted(@Nullable Object target, @Nullable Object[] inputs);
 
   /**
-   * Taint a non-String object. It might be {@link Taintable} or not. It is tainted with a source
-   * with no name or value.
+   * Taints the object if any of the inputs is tainted. When a tainted input is found the logic is
+   * the same as in {@link #taintIfTainted(IastContext, Object, Object)}
+   *
+   * @see #taintIfTainted(IastContext, Object, Object)
    */
-  void taintObject(byte origin, @Nullable Object toTaint);
+  void taintIfAnyTainted(
+      @Nullable IastContext ctx, @Nullable Object target, @Nullable Object[] inputs);
+
+  /** @see #taintIfAnyTainted(IastContext, Object, Object[], boolean, int) */
+  void taintIfAnyTainted(
+      @Nullable Object target, @Nullable Object[] inputs, boolean keepRanges, int mark);
 
   /**
-   * Taint one or more non-String objects. They might be {@link Taintable} or not. These are tainted
-   * with source with no name or value.
+   * Taints the object if any of the inputs is tainted. When a tainted input is found the logic is
+   * the same as in {@link #taintIfTainted(IastContext, Object, Object, boolean, int)}
+   *
+   * @see #taintIfTainted(IastContext, Object, Object, boolean, int)
    */
-  void taintObjects(byte origin, @Nullable Object[] toTaint);
+  void taintIfAnyTainted(
+      @Nullable IastContext ctx,
+      @Nullable Object target,
+      @Nullable Object[] inputs,
+      boolean keepRanges,
+      int mark);
 
-  void taintObjects(byte origin, @Nullable Collection<Object> toTaint);
+  /** @see #taintDeeply(IastContext, Object, byte, Predicate) */
+  void taintDeeply(@Nullable Object target, byte origin, Predicate<Class<?>> classFilter);
+
+  /**
+   * Visit the graph of the object and taints all the string properties found using a source with
+   * the selected origin and no name.
+   *
+   * @param classFilter filter for types that should be included in the visiting process
+   */
+  void taintDeeply(
+      @Nullable IastContext ctx,
+      @Nullable Object target,
+      byte origin,
+      Predicate<Class<?>> classFilter);
 
-  void taint(byte origin, @Nullable String name, @Nullable String value, @Nullable Taintable t);
+  /** @see #isTainted(IastContext, Object) */
+  boolean isTainted(@Nullable Object target);
 
-  void taintIfInputIsTaintedWithMarks(
-      @Nullable final String toTaint, @Nullable final Object input, int mark);
+  /** Checks if an arbitrary object is tainted */
+  boolean isTainted(@Nullable IastContext ctx, @Nullable Object target);
 
-  boolean isTainted(@Nullable Object obj);
+  /** @see #findSource(IastContext, Object) */
+  @Nullable
+  Source findSource(@Nullable Object target);
 
-  Taintable.Source firstTaintedSource(@Nullable Object input);
+  /**
+   * Returns the source with the highest priority if the object is tainted, {@code null} otherwise
+   */
+  @Nullable
+  Source findSource(@Nullable IastContext ctx, @Nullable Object target);
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java b/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java
index 1ecb4a9dc63..4805e1dd6c1 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java
@@ -46,5 +46,8 @@ void onStringFormat(
       @Nonnull Object[] params,
       @Nonnull String result);
 
+  void onStringFormat(
+      @Nonnull Iterable<String> literals, @Nonnull Object[] params, @Nonnull String result);
+
   void onSplit(final @Nonnull String self, final @Nonnull String[] result);
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/sink/HstsMissingHeaderModule.java b/internal-api/src/main/java/datadog/trace/api/iast/sink/HstsMissingHeaderModule.java
new file mode 100644
index 00000000000..bdd1e17bfb9
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/iast/sink/HstsMissingHeaderModule.java
@@ -0,0 +1,3 @@
+package datadog.trace.api.iast.sink;
+
+public interface HstsMissingHeaderModule extends HttpRequestEndModule {}
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/sink/HttpRequestEndModule.java b/internal-api/src/main/java/datadog/trace/api/iast/sink/HttpRequestEndModule.java
new file mode 100644
index 00000000000..868ccfaa059
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/iast/sink/HttpRequestEndModule.java
@@ -0,0 +1,32 @@
+package datadog.trace.api.iast.sink;
+
+import datadog.trace.api.gateway.IGSpanInfo;
+import datadog.trace.api.iast.IastModule;
+import java.net.HttpURLConnection;
+import java.util.Locale;
+
+public interface HttpRequestEndModule extends IastModule {
+
+  void onRequestEnd(Object ctx, IGSpanInfo span);
+
+  default boolean isHtmlResponse(final String value) {
+    if (value == null) {
+      return false;
+    }
+    final String contentType = value.toLowerCase(Locale.ROOT);
+    return contentType.contains("text/html") || contentType.contains("application/xhtml+xml");
+  }
+
+  default boolean isIgnorableResponseCode(final Integer httpStatus) {
+    if (httpStatus == null) {
+      return false;
+    }
+    return httpStatus == HttpURLConnection.HTTP_MOVED_PERM
+        || httpStatus == HttpURLConnection.HTTP_MOVED_TEMP
+        || httpStatus == HttpURLConnection.HTTP_NOT_MODIFIED
+        || httpStatus == HttpURLConnection.HTTP_NOT_FOUND
+        || httpStatus == HttpURLConnection.HTTP_GONE
+        || httpStatus == HttpURLConnection.HTTP_INTERNAL_ERROR
+        || httpStatus == 307;
+  }
+}
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/sink/XContentTypeModule.java b/internal-api/src/main/java/datadog/trace/api/iast/sink/XContentTypeModule.java
new file mode 100644
index 00000000000..525ab7af8b9
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/api/iast/sink/XContentTypeModule.java
@@ -0,0 +1,3 @@
+package datadog.trace.api.iast.sink;
+
+public interface XContentTypeModule extends HttpRequestEndModule {}
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/sink/XssModule.java b/internal-api/src/main/java/datadog/trace/api/iast/sink/XssModule.java
index e890c3ee9ee..fd2904b39d3 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/sink/XssModule.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/sink/XssModule.java
@@ -8,7 +8,11 @@ public interface XssModule extends IastModule {
 
   void onXss(@Nonnull String s);
 
+  void onXss(@Nonnull String s, @Nonnull String clazz, @Nonnull String method);
+
   void onXss(@Nonnull char[] array);
 
   void onXss(@Nonnull String format, @Nullable Object[] args);
+
+  void onXss(@Nonnull CharSequence s, @Nullable String file, int line);
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/source/WebModule.java b/internal-api/src/main/java/datadog/trace/api/iast/source/WebModule.java
deleted file mode 100644
index d7fd56db8f4..00000000000
--- a/internal-api/src/main/java/datadog/trace/api/iast/source/WebModule.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package datadog.trace.api.iast.source;
-
-import datadog.trace.api.iast.IastModule;
-import java.util.Collection;
-import java.util.Map;
-import javax.annotation.Nullable;
-
-public interface WebModule extends IastModule {
-
-  /**
-   * An HTTP request parameter name is used. This should be used when it cannot be determined
-   * whether the parameter comes in the query string or body (e.g. servlet's getParameter).
-   */
-  void onParameterNames(@Nullable Collection<String> paramNames);
-
-  void onParameterValues(@Nullable String paramName, @Nullable String[] paramValue);
-
-  void onParameterValues(@Nullable String paramName, @Nullable Collection<String> paramValues);
-
-  void onParameterValues(@Nullable Map<String, String[]> values);
-
-  void onHeaderNames(@Nullable Collection<String> headerNames);
-
-  void onHeaderValues(@Nullable String headerName, @Nullable Collection<String> headerValue);
-
-  void onCookieNames(@Nullable Iterable<String> cookieNames);
-}
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java b/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java
index b9245c6a009..2cafbec9ad3 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java
@@ -2,11 +2,12 @@
 
 import static datadog.trace.api.iast.VulnerabilityTypes.RESPONSE_HEADER;
 import static datadog.trace.api.iast.VulnerabilityTypes.RESPONSE_HEADER_TYPES;
+import static datadog.trace.api.iast.VulnerabilityTypes.SPRING_RESPONSE;
+import static datadog.trace.api.iast.VulnerabilityTypes.SPRING_RESPONSE_TYPES;
 
 import datadog.trace.api.iast.SourceTypes;
 import datadog.trace.api.iast.VulnerabilityTypes;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.function.Function;
 import javax.annotation.Nonnull;
 
 public enum IastMetric {
@@ -28,13 +29,11 @@ public enum IastMetric {
   static {
     int count = 0;
     for (final IastMetric metric : values()) {
+      metric.index = count;
       if (metric.tag == null) {
-        metric.index = count++;
+        count++;
       } else {
-        metric.tagIndexes = new HashMap<>(metric.tag.getValues().length);
-        for (final String tagValue : metric.tag.getValues()) {
-          metric.tagIndexes.put(tagValue, count++);
-        }
+        count += metric.tag.getValues().length;
       }
     }
     COUNT = count;
@@ -50,7 +49,6 @@ public static int count() {
   private final Tag tag;
   private final Verbosity verbosity;
   private int index;
-  private Map<String, Integer> tagIndexes;
 
   IastMetric(
       final String name, final boolean common, final Scope scope, final Verbosity verbosity) {
@@ -92,37 +90,59 @@ public Tag getTag() {
 
   /**
    * Returns the index for the particular tag to be used in the {@link
-   * java.util.concurrent.atomic.AtomicLongArray} of {@link IastMetricCollector}, returns -1 if the
-   * tag is not found
+   * java.util.concurrent.atomic.AtomicLongArray} of {@link IastMetricCollector}
    */
-  public int getIndex(final String value) {
+  public int getIndex(final byte tagValue) {
     if (tag == null) {
       return index;
     }
-    return tagIndexes.getOrDefault(value, -1);
+    if (tagValue < 0) {
+      return -1;
+    }
+    return index + tagValue;
   }
 
   public static class Tag {
 
-    private static final String[] EMPTY = new String[0];
+    private static final byte[] EMPTY = new byte[0];
 
     public static final Tag VULNERABILITY_TYPE =
-        new Tag("vulnerability_type", VulnerabilityTypes.values()) {
-          public String[] parse(final String tagValue) {
-            if (RESPONSE_HEADER.equals(tagValue)) {
-              return RESPONSE_HEADER_TYPES;
+        new Tag("vulnerability_type", VulnerabilityTypes.values(), VulnerabilityTypes::toString) {
+
+          @Override
+          public boolean isWrapped(byte tagValue) {
+            switch (tagValue) {
+              case RESPONSE_HEADER:
+              case SPRING_RESPONSE:
+                return true;
+              default:
+                return false;
+            }
+          }
+
+          public byte[] unwrap(final byte tagValue) {
+            switch (tagValue) {
+              case RESPONSE_HEADER:
+                return RESPONSE_HEADER_TYPES;
+              case SPRING_RESPONSE:
+                return SPRING_RESPONSE_TYPES;
+              default:
+                return EMPTY;
             }
-            return EMPTY;
           }
         };
 
-    public static final Tag SOURCE_TYPE = new Tag("source_type", SourceTypes.values());
+    public static final Tag SOURCE_TYPE =
+        new Tag("source_type", SourceTypes.values(), SourceTypes::toString);
 
     private final String name;
-    private final String[] values;
 
-    private Tag(final String name, final String... values) {
+    private final Function<Byte, String> toString;
+    private final byte[] values;
+
+    private Tag(final String name, final byte[] values, final Function<Byte, String> toString) {
       this.name = name;
+      this.toString = toString;
       this.values = values;
     }
 
@@ -130,13 +150,22 @@ public String getName() {
       return name;
     }
 
-    public String[] getValues() {
+    public byte[] getValues() {
       return values;
     }
 
-    public String[] parse(final String tagValue) {
+    /** Wrapped tags are aggregation of other tags that should be incremented together */
+    public boolean isWrapped(final byte tagValue) {
+      return false;
+    }
+
+    public byte[] unwrap(final byte tagValue) {
       return EMPTY;
     }
+
+    public String toString(final byte tagValue) {
+      return toString.apply(tagValue);
+    }
   }
 
   public static final class Scope {
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetricCollector.java b/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetricCollector.java
index 8244bbb6746..255c54ef9b2 100644
--- a/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetricCollector.java
+++ b/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetricCollector.java
@@ -5,10 +5,10 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
+import datadog.trace.api.iast.telemetry.IastMetric.Tag;
 import datadog.trace.api.telemetry.MetricCollector;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
-import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.LinkedList;
@@ -38,18 +38,20 @@ public static IastMetricCollector get() {
     return INSTANCE;
   }
 
-  private static IastMetricCollector get(@Nullable final RequestContext requestContext) {
+  private static IastMetricCollector get(@Nullable Object ctx) {
     if (VERBOSITY == Verbosity.OFF) {
       return INSTANCE;
     }
-    final RequestContext ctx = requestContext == null ? activeRequestContext() : requestContext;
-    if (ctx != null) {
-      final Object iastCtx = ctx.getData(RequestContextSlot.IAST);
-      if (iastCtx instanceof HasMetricCollector) {
-        final IastMetricCollector collector = ((HasMetricCollector) iastCtx).getMetricCollector();
-        if (collector != null) {
-          return collector;
-        }
+    if (ctx == null) {
+      ctx = activeRequestContext();
+    }
+    if (ctx instanceof RequestContext) {
+      ctx = ((RequestContext) ctx).getData(RequestContextSlot.IAST);
+    }
+    if (ctx instanceof HasMetricCollector) {
+      final IastMetricCollector collector = ((HasMetricCollector) ctx).getMetricCollector();
+      if (collector != null) {
+        return collector;
       }
     }
     // if no active request then forward to the global collector
@@ -70,26 +72,26 @@ protected IastMetricCollector(
     this.counters = counters;
   }
 
-  /** Prefer using {@link #add(IastMetric, int, RequestContext)} if possible */
+  /** Prefer using {@link #add(IastMetric, int, Object)} if possible */
   public static void add(@Nonnull final IastMetric metric, final int value) {
     add(metric, value, null);
   }
 
-  /** Prefer using {@link #add(IastMetric, String, int, RequestContext)} if possible */
-  public static void add(@Nonnull final IastMetric metric, final String tagValue, final int value) {
-    add(metric, tagValue, value, null);
+  public static void add(
+      @Nonnull final IastMetric metric, final int value, @Nullable final Object ctx) {
+    add(metric, (byte) -1, value, ctx);
   }
 
-  public static void add(
-      @Nonnull final IastMetric metric, final int value, @Nullable final RequestContext ctx) {
-    add(metric, null, value, ctx);
+  /** Prefer using {@link #add(IastMetric, byte, int, Object)} if possible */
+  public static void add(@Nonnull final IastMetric metric, final byte tagValue, final int value) {
+    add(metric, tagValue, value, null);
   }
 
   public static void add(
       @Nonnull final IastMetric metric,
-      @Nullable final String tagValue,
+      final byte tagValue,
       final int value,
-      @Nullable final RequestContext ctx) {
+      @Nullable final Object ctx) {
     try {
       final IastMetricCollector instance = metric.getScope() == REQUEST ? get(ctx) : INSTANCE;
       instance.addMetric(metric, tagValue, value);
@@ -98,14 +100,20 @@ public static void add(
     }
   }
 
-  public void addMetric(final IastMetric metric, final String tagValue, final int value) {
-    final int index = metric.getIndex(tagValue);
-    if (index < 0) {
+  public void addMetric(final IastMetric metric, final byte tagValue, final int value) {
+    final Tag tag = metric.getTag();
+    if (tag != null && tag.isWrapped(tagValue)) {
       // e.g.: VulnerabilityTypes.RESPONSE_HEADER
-      for (final String tag : metric.getTag().parse(tagValue)) {
-        counters.getAndAdd(metric.getIndex(tag), value);
+      for (final byte unwrapped : metric.getTag().unwrap(tagValue)) {
+        increment(metric.getIndex(unwrapped), value);
       }
     } else {
+      increment(metric.getIndex(tagValue), value);
+    }
+  }
+
+  private void increment(final int index, final int value) {
+    if (index >= 0) {
       counters.getAndAdd(index, value);
     }
   }
@@ -113,7 +121,7 @@ public void addMetric(final IastMetric metric, final String tagValue, final int
   public void merge(final Collection<IastMetricData> metrics) {
     for (final IastMetricData data : metrics) {
       final IastMetric metric = data.metric;
-      final String tagValue = data.tagValue;
+      final byte tagValue = data.tagValue;
       final long value = data.value.longValue();
       counters.getAndAdd(metric.getIndex(tagValue), value);
     }
@@ -123,16 +131,16 @@ public void merge(final Collection<IastMetricData> metrics) {
   public void prepareMetrics() {
     for (final IastMetric metric : IastMetric.values()) {
       if (metric.getTag() == null) {
-        prepareMetric(metric, null);
+        prepareMetric(metric, (byte) -1);
       } else {
-        for (final String tagValue : metric.getTag().getValues()) {
+        for (final byte tagValue : metric.getTag().getValues()) {
           prepareMetric(metric, tagValue);
         }
       }
     }
   }
 
-  private void prepareMetric(final IastMetric metric, final String tagValue) {
+  private void prepareMetric(final IastMetric metric, final byte tagValue) {
     final int index = metric.getIndex(tagValue);
     final long value = counters.getAndSet(index, 0);
     if (value > 0) {
@@ -155,9 +163,9 @@ public Collection<IastMetricData> drain() {
   public static class IastMetricData extends MetricCollector.Metric {
 
     private final IastMetric metric;
-    private final String tagValue;
+    private final byte tagValue;
 
-    public IastMetricData(final IastMetric metric, final String tagValue, final long value) {
+    public IastMetricData(final IastMetric metric, final byte tagValue, final long value) {
       super(
           NAMESPACE,
           metric.isCommon(),
@@ -173,26 +181,24 @@ public IastMetric getMetric() {
       return metric;
     }
 
-    public String getTagValue() {
+    public byte getTagValue() {
       return tagValue;
     }
 
     public String getSpanTag() {
-      return metric.getTag() == null
-          ? metric.getName()
-          : String.format("%s.%s", metric.getName(), processSpanTagValue(tagValue));
-    }
-
-    @SuppressForbidden
-    private static String processSpanTagValue(final String tagValue) {
-      return tagValue.toLowerCase(Locale.ROOT).replaceAll("\\.", "_");
+      if (metric.getTag() == null) {
+        return metric.getName();
+      }
+      final String tag = metric.getTag().toString(tagValue);
+      final String spanTag = tag.toLowerCase(Locale.ROOT).replace('.', '_');
+      return String.format("%s.%s", metric.getName(), spanTag);
     }
 
-    public static String computeTag(final IastMetric metric, final String tagValue) {
+    public static String computeTag(final IastMetric metric, final byte tagValue) {
       if (metric.getTag() == null) {
         return null;
       }
-      return String.format("%s:%s", metric.getTag().getName(), tagValue);
+      return String.format("%s:%s", metric.getTag().getName(), metric.getTag().toString(tagValue));
     }
   }
 
@@ -208,7 +214,7 @@ public NoOpInstance() {
     }
 
     @Override
-    public void addMetric(final IastMetric metric, final String tagValue, final int value) {}
+    public void addMetric(final IastMetric metric, final byte tagValue, final int value) {}
 
     @Override
     public void merge(final Collection<IastMetricData> metrics) {}
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/NamingSchema.java b/internal-api/src/main/java/datadog/trace/api/naming/NamingSchema.java
index a3c1c3c10db..ce91d05b2b1 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/NamingSchema.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/NamingSchema.java
@@ -59,7 +59,7 @@ public interface NamingSchema {
    *
    * @return
    */
-  boolean allowFakeServices();
+  boolean allowInferredServices();
 
   interface ForCache {
     /**
@@ -74,12 +74,10 @@ interface ForCache {
     /**
      * Calculate the service name for a cache span.
      *
-     * @param ddService the configured service name as set by the user.
      * @param cacheSystem the caching system (e.g. redis, memcached,..)
      * @return the service name
      */
-    @Nonnull
-    String service(@Nonnull String ddService, @Nonnull String cacheSystem);
+    String service(@Nonnull String cacheSystem);
   }
 
   interface ForClient {
@@ -124,7 +122,6 @@ String operationForRequest(
      *     return a default value
      * @return the service name for this span
      */
-    @Nonnull
     String serviceForRequest(@Nonnull String provider, @Nullable String cloudService);
 
     /**
@@ -158,12 +155,10 @@ interface ForDatabase {
     /**
      * Calculate the service name for a database span.
      *
-     * @param ddService the configured service name as set by the user.
      * @param databaseType the database type (e.g. postgres, elasticsearch,..)
      * @return the service name
      */
-    @Nonnull
-    String service(@Nonnull String ddService, @Nonnull String databaseType);
+    String service(@Nonnull String databaseType);
   }
 
   interface ForMessaging {
@@ -179,12 +174,11 @@ interface ForMessaging {
     /**
      * Calculate the service name for a messaging producer span.
      *
-     * @param ddService the configured service name as set by the user.
      * @param messagingSystem the messaging system (e.g. jms, kafka, amqp,..)
+     * @param useLegacyTracing if true legacy tracing service naming will be applied if compatible
      * @return the service name
      */
-    @Nonnull
-    String inboundService(@Nonnull String ddService, @Nonnull String messagingSystem);
+    String inboundService(@Nonnull String messagingSystem, boolean useLegacyTracing);
 
     /**
      * Calculate the operation name for a messaging producer span.
@@ -198,12 +192,11 @@ interface ForMessaging {
     /**
      * Calculate the service name for a messaging producer span.
      *
-     * @param ddService the configured service name as set by the user.
      * @param messagingSystem the messaging system (e.g. jms, kafka, amqp,..)
+     * @param useLegacyTracing if true legacy tracing service naming will be applied if compatible
      * @return the service name
      */
-    @Nonnull
-    String outboundService(@Nonnull String ddService, @Nonnull String messagingSystem);
+    String outboundService(@Nonnull String messagingSystem, boolean useLegacyTracing);
 
     /**
      * Calculate the service name for a messaging time in queue synthetic span.
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/CacheNamingV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/CacheNamingV0.java
index 2979556b1c0..8377b5886e6 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/CacheNamingV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/CacheNamingV0.java
@@ -5,10 +5,10 @@
 
 public class CacheNamingV0 implements NamingSchema.ForCache {
 
-  private final boolean allowsFakeServices;
+  private final boolean allowInferredServices;
 
-  public CacheNamingV0(boolean allowsFakeServices) {
-    this.allowsFakeServices = allowsFakeServices;
+  public CacheNamingV0(boolean allowInferredServices) {
+    this.allowInferredServices = allowInferredServices;
   }
 
   @Nonnull
@@ -29,13 +29,11 @@ public String operation(@Nonnull String cacheSystem) {
     return cacheSystem + postfix;
   }
 
-  @Nonnull
   @Override
-  public String service(@Nonnull String ddService, @Nonnull String cacheSystem) {
-    if (!allowsFakeServices) {
-      return ddService;
+  public String service(@Nonnull String cacheSystem) {
+    if (!allowInferredServices) {
+      return null;
     }
-
     if ("hazelcast".equals(cacheSystem)) {
       return "hazelcast-sdk";
     }
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/ClientNamingV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/ClientNamingV0.java
index d716e5d3797..df48b449d85 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/ClientNamingV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/ClientNamingV0.java
@@ -34,6 +34,8 @@ public String operationForComponent(@Nonnull String component) {
         return "netty.client.request";
       case "akka-http-client":
         return "akka-http.client.request";
+      case "pekko-http-client":
+        return "pekko-http.client.request";
       case "jax-rs.client":
         return "jax-rs.client.call";
       default:
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/CloudNamingV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/CloudNamingV0.java
index 12335e4f9ad..c9fe30b33dc 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/CloudNamingV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/CloudNamingV0.java
@@ -1,15 +1,14 @@
 package datadog.trace.api.naming.v0;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.NamingSchema;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 public class CloudNamingV0 implements NamingSchema.ForCloud {
-  private final boolean allowsFakeServices;
+  private final boolean allowInferredServices;
 
-  public CloudNamingV0(boolean allowsFakeServices) {
-    this.allowsFakeServices = allowsFakeServices;
+  public CloudNamingV0(boolean allowInferredServices) {
+    this.allowInferredServices = allowInferredServices;
   }
 
   @Nonnull
@@ -22,12 +21,11 @@ public String operationForRequest(
     return "aws.http";
   }
 
-  @Nonnull
   @Override
   public String serviceForRequest(
       @Nonnull final String provider, @Nullable final String cloudService) {
-    if (!allowsFakeServices) {
-      return Config.get().getServiceName();
+    if (!allowInferredServices) {
+      return null;
     }
 
     // we only manage aws. Future switch for other cloud providers will be needed in the future
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/DatabaseNamingV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/DatabaseNamingV0.java
index 68e8aad7af4..84ceb9424dd 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/DatabaseNamingV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/DatabaseNamingV0.java
@@ -5,10 +5,10 @@
 
 public class DatabaseNamingV0 implements NamingSchema.ForDatabase {
 
-  private final boolean allowsFakeServices;
+  private final boolean allowInferredServices;
 
-  public DatabaseNamingV0(boolean allowsFakeServices) {
-    this.allowsFakeServices = allowsFakeServices;
+  public DatabaseNamingV0(boolean allowInferredServices) {
+    this.allowInferredServices = allowInferredServices;
   }
 
   @Override
@@ -26,12 +26,11 @@ public String operation(@Nonnull String databaseType) {
     return databaseType + postfix;
   }
 
-  @Nonnull
   @Override
-  public String service(@Nonnull String ddService, @Nonnull String databaseType) {
-    if (allowsFakeServices) {
+  public String service(@Nonnull String databaseType) {
+    if (allowInferredServices) {
       return databaseType;
     }
-    return ddService;
+    return null;
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/MessagingNamingV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/MessagingNamingV0.java
index 53f343eac70..dc4b6320021 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/MessagingNamingV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/MessagingNamingV0.java
@@ -1,13 +1,14 @@
 package datadog.trace.api.naming.v0;
 
+import datadog.trace.api.Config;
 import datadog.trace.api.naming.NamingSchema;
 import javax.annotation.Nonnull;
 
 public class MessagingNamingV0 implements NamingSchema.ForMessaging {
-  private final boolean allowsFakeServices;
+  private final boolean allowInferredServices;
 
-  public MessagingNamingV0(boolean allowsFakeServices) {
-    this.allowsFakeServices = allowsFakeServices;
+  public MessagingNamingV0(final boolean allowInferredServices) {
+    this.allowInferredServices = allowInferredServices;
   }
 
   @Nonnull
@@ -19,14 +20,9 @@ public String outboundOperation(@Nonnull final String messagingSystem) {
     return messagingSystem + ".produce";
   }
 
-  @Nonnull
   @Override
-  public String outboundService(
-      @Nonnull final String ddService, @Nonnull final String messagingSystem) {
-    if (allowsFakeServices) {
-      return messagingSystem;
-    }
-    return ddService;
+  public String outboundService(@Nonnull final String messagingSystem, boolean useLegacyTracing) {
+    return inboundService(messagingSystem, useLegacyTracing);
   }
 
   @Nonnull
@@ -42,14 +38,13 @@ public String inboundOperation(@Nonnull final String messagingSystem) {
     }
   }
 
-  @Nonnull
   @Override
-  public String inboundService(
-      @Nonnull final String ddService, @Nonnull final String messagingSystem) {
-    if (allowsFakeServices) {
-      return messagingSystem;
+  public String inboundService(@Nonnull final String messagingSystem, boolean useLegacyTracing) {
+    if (allowInferredServices) {
+      return useLegacyTracing ? messagingSystem : Config.get().getServiceName();
+    } else {
+      return null;
     }
-    return ddService;
   }
 
   @Override
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/NamingSchemaV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/NamingSchemaV0.java
index b7f0ac292bd..c0f8d4d225c 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/NamingSchemaV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/NamingSchemaV0.java
@@ -6,16 +6,18 @@
 
 public class NamingSchemaV0 implements NamingSchema {
 
-  private final boolean allowsFakeServices = !Config.get().isRemoveIntegrationServiceNamesEnabled();
-  private final NamingSchema.ForCache cacheNaming = new CacheNamingV0(allowsFakeServices);
+  private final boolean allowInferredServices =
+      !Config.get().isRemoveIntegrationServiceNamesEnabled();
+  private final NamingSchema.ForCache cacheNaming = new CacheNamingV0(allowInferredServices);
   private final NamingSchema.ForClient clientNaming = new ClientNamingV0();
-  private final NamingSchema.ForCloud cloudNaming = new CloudNamingV0(allowsFakeServices);
-  private final NamingSchema.ForDatabase databaseNaming = new DatabaseNamingV0(allowsFakeServices);
+  private final NamingSchema.ForCloud cloudNaming = new CloudNamingV0(allowInferredServices);
+  private final NamingSchema.ForDatabase databaseNaming =
+      new DatabaseNamingV0(allowInferredServices);
   private final NamingSchema.ForMessaging messagingNaming =
-      new MessagingNamingV0(allowsFakeServices);
+      new MessagingNamingV0(allowInferredServices);
   private final NamingSchema.ForPeerService peerServiceNaming =
       Config.get().isPeerServiceDefaultsEnabled()
-          ? new PeerServiceNamingV1()
+          ? new PeerServiceNamingV1(Config.get().getPeerServiceComponentOverrides())
           : new PeerServiceNamingV0();
   private final NamingSchema.ForServer serverNaming = new ServerNamingV0();
 
@@ -55,7 +57,7 @@ public ForPeerService peerService() {
   }
 
   @Override
-  public boolean allowFakeServices() {
-    return allowsFakeServices;
+  public boolean allowInferredServices() {
+    return allowInferredServices;
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v0/ServerNamingV0.java b/internal-api/src/main/java/datadog/trace/api/naming/v0/ServerNamingV0.java
index cdbf7a77f78..60b7fd88206 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v0/ServerNamingV0.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v0/ServerNamingV0.java
@@ -24,6 +24,9 @@ public String operationForComponent(@Nonnull String component) {
       case "akka-http-server":
         prefix = "akka-http";
         break;
+      case "pekko-http-server":
+        prefix = "pekko-http";
+        break;
       case "netty":
       case "finatra":
       case "axway-http":
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v1/CacheNamingV1.java b/internal-api/src/main/java/datadog/trace/api/naming/v1/CacheNamingV1.java
index 959899e1b3f..5b63cdcbc3e 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v1/CacheNamingV1.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v1/CacheNamingV1.java
@@ -10,9 +10,8 @@ public String operation(@Nonnull String cacheSystem) {
     return cacheSystem + ".command";
   }
 
-  @Nonnull
   @Override
-  public String service(@Nonnull String ddService, @Nonnull String cacheSystem) {
-    return ddService;
+  public String service(@Nonnull String cacheSystem) {
+    return null;
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v1/CloudNamingV1.java b/internal-api/src/main/java/datadog/trace/api/naming/v1/CloudNamingV1.java
index cdf59a0205c..7ad12a9ee8e 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v1/CloudNamingV1.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v1/CloudNamingV1.java
@@ -1,6 +1,5 @@
 package datadog.trace.api.naming.v1;
 
-import datadog.trace.api.Config;
 import datadog.trace.api.naming.NamingSchema;
 import datadog.trace.api.naming.SpanNaming;
 import datadog.trace.util.Strings;
@@ -37,11 +36,10 @@ public String operationForRequest(
     }
   }
 
-  @Nonnull
   @Override
   public String serviceForRequest(
       @Nonnull final String provider, @Nullable final String cloudService) {
-    return Config.get().getServiceName(); // always use DD_SERVICE
+    return null;
   }
 
   @Nonnull
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v1/DatabaseNamingV1.java b/internal-api/src/main/java/datadog/trace/api/naming/v1/DatabaseNamingV1.java
index 386a2faae28..129944cc61a 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v1/DatabaseNamingV1.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v1/DatabaseNamingV1.java
@@ -33,9 +33,8 @@ public String operation(@Nonnull String databaseType) {
     return prefix + ".query";
   }
 
-  @Nonnull
   @Override
-  public String service(@Nonnull String ddService, @Nonnull String databaseType) {
-    return ddService;
+  public String service(@Nonnull String databaseType) {
+    return null;
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v1/MessagingNamingV1.java b/internal-api/src/main/java/datadog/trace/api/naming/v1/MessagingNamingV1.java
index 761bf68c6e8..78f980539f6 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v1/MessagingNamingV1.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v1/MessagingNamingV1.java
@@ -21,10 +21,9 @@ public String outboundOperation(@Nonnull String messagingSystem) {
     return normalizeForCloud(messagingSystem) + ".send";
   }
 
-  @Nonnull
   @Override
-  public String outboundService(@Nonnull String ddService, @Nonnull String messagingSystem) {
-    return ddService;
+  public String outboundService(@Nonnull String messagingSystem, boolean useLegacyTracing) {
+    return null;
   }
 
   @Nonnull
@@ -33,10 +32,9 @@ public String inboundOperation(@Nonnull String messagingSystem) {
     return normalizeForCloud(messagingSystem) + ".process";
   }
 
-  @Nonnull
   @Override
-  public String inboundService(@Nonnull String ddService, @Nonnull String messagingSystem) {
-    return ddService;
+  public String inboundService(@Nonnull String messagingSystem, boolean useLegacyTracing) {
+    return null;
   }
 
   @Override
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v1/NamingSchemaV1.java b/internal-api/src/main/java/datadog/trace/api/naming/v1/NamingSchemaV1.java
index 959e2d2ea4b..89739011005 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v1/NamingSchemaV1.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v1/NamingSchemaV1.java
@@ -1,5 +1,6 @@
 package datadog.trace.api.naming.v1;
 
+import datadog.trace.api.Config;
 import datadog.trace.api.naming.NamingSchema;
 
 public class NamingSchemaV1 implements NamingSchema {
@@ -8,7 +9,8 @@ public class NamingSchemaV1 implements NamingSchema {
   private final NamingSchema.ForCloud cloudNaming = new CloudNamingV1();
   private final NamingSchema.ForDatabase databaseNaming = new DatabaseNamingV1();
   private final NamingSchema.ForMessaging messagingNaming = new MessagingNamingV1();
-  private final NamingSchema.ForPeerService peerServiceNaming = new PeerServiceNamingV1();
+  private final NamingSchema.ForPeerService peerServiceNaming =
+      new PeerServiceNamingV1(Config.get().getPeerServiceComponentOverrides());
   private final NamingSchema.ForServer serverNaming = new ServerNamingV1();
 
   @Override
@@ -42,7 +44,7 @@ public ForPeerService peerService() {
   }
 
   @Override
-  public boolean allowFakeServices() {
+  public boolean allowInferredServices() {
     return false;
   }
 
diff --git a/internal-api/src/main/java/datadog/trace/api/naming/v1/PeerServiceNamingV1.java b/internal-api/src/main/java/datadog/trace/api/naming/v1/PeerServiceNamingV1.java
index c6c22744a45..47ff1ad9d29 100644
--- a/internal-api/src/main/java/datadog/trace/api/naming/v1/PeerServiceNamingV1.java
+++ b/internal-api/src/main/java/datadog/trace/api/naming/v1/PeerServiceNamingV1.java
@@ -14,6 +14,8 @@ public class PeerServiceNamingV1 implements NamingSchema.ForPeerService {
       initPrecursorsByComponent();
   private static final String[] DEFAULT_PRECURSORS = {Tags.DB_INSTANCE, Tags.PEER_HOSTNAME};
 
+  private final Map<String, String> overridesByComponent;
+
   private static Map<Object, String[]> initPrecursorsByComponent() {
     final Map<Object, String[]> ret = new HashMap<>(7);
     // messaging
@@ -32,6 +34,7 @@ private static Map<Object, String[]> initPrecursorsByComponent() {
     // rpc
     final String[] rpcPrecursors = {Tags.RPC_SERVICE, Tags.PEER_HOSTNAME};
     ret.put("grpc-client", rpcPrecursors);
+    ret.put("armeria-grpc-client", rpcPrecursors);
     ret.put("rmi-client", rpcPrecursors);
 
     // for aws sdk we calculate eagerly to avoid doing too much complex lookups
@@ -40,6 +43,10 @@ private static Map<Object, String[]> initPrecursorsByComponent() {
     return ret;
   }
 
+  public PeerServiceNamingV1(@Nonnull final Map<String, String> overridesByComponent) {
+    this.overridesByComponent = overridesByComponent;
+  }
+
   @Override
   public boolean supports() {
     return true;
@@ -48,12 +55,18 @@ public boolean supports() {
   private void resolve(@Nonnull final Map<String, Object> unsafeTags) {
     final Object component = unsafeTags.get(Tags.COMPONENT);
     // avoid issues with UTF8ByteString or others
-    if (resolveBy(
-        unsafeTags,
-        SPECIFIC_PRECURSORS_BY_COMPONENT.get(component == null ? null : component.toString()))) {
+    final String componentString = component == null ? null : component.toString();
+    final String override = overridesByComponent.get(componentString);
+    // check if value can be overridden
+    if (override != null) {
+      set(unsafeTags, override, "_component_override");
+      return;
+    }
+    // otherwise try to lookup by component specific precursor
+    if (resolveBy(unsafeTags, SPECIFIC_PRECURSORS_BY_COMPONENT.get(componentString))) {
       return;
     }
-    // fallback to default lookup
+    // finally fallback to default lookup
     resolveBy(unsafeTags, DEFAULT_PRECURSORS);
   }
 
@@ -73,11 +86,15 @@ private boolean resolveBy(
       }
     }
     // if something matched now set the value and the source
+    set(unsafeTags, value, source);
+    return true;
+  }
+
+  private void set(@Nonnull final Map<String, Object> unsafeTags, Object value, String source) {
     if (value != null) {
       unsafeTags.put(Tags.PEER_SERVICE, value);
       unsafeTags.put(DDTags.PEER_SERVICE_SOURCE, source);
     }
-    return true;
   }
 
   @Nonnull
diff --git a/internal-api/src/main/java/datadog/trace/api/normalize/SQLNormalizer.java b/internal-api/src/main/java/datadog/trace/api/normalize/SQLNormalizer.java
index 9a16365252d..8400b26cd60 100644
--- a/internal-api/src/main/java/datadog/trace/api/normalize/SQLNormalizer.java
+++ b/internal-api/src/main/java/datadog/trace/api/normalize/SQLNormalizer.java
@@ -61,7 +61,7 @@ public static UTF8BytesString normalize(String sql) {
           }
         } else if (sequenceStart < sequenceEnd) {
           if (isQuoted(utf8, sequenceStart, sequenceEnd)
-              || isNumericLiteralPrefix(utf8[sequenceStart])
+              || isNumericLiteralPrefix(utf8, sequenceStart)
               || isHexLiteralPrefix(utf8, sequenceStart, sequenceEnd)) {
             int length = sequenceEnd - sequenceStart;
             System.arraycopy(utf8, end, utf8, sequenceStart + 1, outputLength - end);
@@ -90,8 +90,10 @@ private static boolean isHexLiteralPrefix(byte[] utf8, int start, int end) {
     return (utf8[start] | ' ') == 'x' && start + 1 < end && utf8[start + 1] == '\'';
   }
 
-  private static boolean isNumericLiteralPrefix(byte symbol) {
-    return NUMERIC_LITERAL_PREFIX.get(symbol & 0xFF);
+  private static boolean isNumericLiteralPrefix(byte[] utf8, int start) {
+    return NUMERIC_LITERAL_PREFIX.get(utf8[start] & 0xFF)
+        // preserve single line comment (--) prefixes
+        && !(utf8[start + 1] == '-' && utf8[start] == '-');
   }
 
   private static boolean isSplitter(byte symbol) {
diff --git a/internal-api/src/main/java/datadog/trace/api/normalize/SimpleHttpPathNormalizer.java b/internal-api/src/main/java/datadog/trace/api/normalize/SimpleHttpPathNormalizer.java
index 7285ab1825b..d4857986ebe 100644
--- a/internal-api/src/main/java/datadog/trace/api/normalize/SimpleHttpPathNormalizer.java
+++ b/internal-api/src/main/java/datadog/trace/api/normalize/SimpleHttpPathNormalizer.java
@@ -1,5 +1,7 @@
 package datadog.trace.api.normalize;
 
+import datadog.trace.api.Config;
+
 // public because this is used in the testing module but groovy accesses it through Class.forName
 // which is banned
 public final class SimpleHttpPathNormalizer extends HttpPathNormalizer {
@@ -11,6 +13,8 @@ public String normalize(String path, boolean encoded) {
     if (null == path || path.isEmpty()) {
       return "/";
     }
+    final boolean preserveSpaces =
+        !encoded && Config.get().isHttpServerDecodedResourcePreserveSpaces();
     StringBuilder sb = null;
     int inEncoding = 0;
     for (int i = 0; i < path.length(); ) {
@@ -45,6 +49,9 @@ public String normalize(String path, boolean encoded) {
             if (!numeric) {
               if (Character.isWhitespace(c)) {
                 sb = ensureStringBuilder(sb, path, j);
+                if (preserveSpaces && sb.length() > 0) {
+                  sb.append(c);
+                }
               } else if (sb != null) {
                 sb.append(c);
               }
diff --git a/internal-api/src/main/java/datadog/trace/api/profiling/QueueTiming.java b/internal-api/src/main/java/datadog/trace/api/profiling/QueueTiming.java
index 382fe1f1af6..082f5a8be9c 100644
--- a/internal-api/src/main/java/datadog/trace/api/profiling/QueueTiming.java
+++ b/internal-api/src/main/java/datadog/trace/api/profiling/QueueTiming.java
@@ -2,7 +2,7 @@
 
 public interface QueueTiming extends Timing {
 
-  void setTask(Class<?> task);
+  void setTask(Object task);
 
   void setScheduler(Class<?> scheduler);
 }
diff --git a/internal-api/src/main/java/datadog/trace/api/profiling/Timing.java b/internal-api/src/main/java/datadog/trace/api/profiling/Timing.java
index ed6252e1bd0..99aa1913dbb 100644
--- a/internal-api/src/main/java/datadog/trace/api/profiling/Timing.java
+++ b/internal-api/src/main/java/datadog/trace/api/profiling/Timing.java
@@ -11,7 +11,7 @@ class NoOp implements Timing, QueueTiming {
     public void close() {}
 
     @Override
-    public void setTask(Class<?> task) {}
+    public void setTask(Object task) {}
 
     @Override
     public void setScheduler(Class<?> scheduler) {}
diff --git a/internal-api/src/main/java/datadog/trace/api/sampling/AdaptiveSampler.java b/internal-api/src/main/java/datadog/trace/api/sampling/AdaptiveSampler.java
index c21c874f3d0..1158500204a 100644
--- a/internal-api/src/main/java/datadog/trace/api/sampling/AdaptiveSampler.java
+++ b/internal-api/src/main/java/datadog/trace/api/sampling/AdaptiveSampler.java
@@ -106,6 +106,9 @@ void onWindowRoll(
 
   private final ConfigListener listener;
 
+  private final Duration windowDuration;
+  private final AgentTaskScheduler taskScheduler;
+
   /**
    * Create a new sampler instance
    *
@@ -122,7 +125,8 @@ protected AdaptiveSampler(
       final int averageLookback,
       final int budgetLookback,
       final @Nullable ConfigListener listener,
-      final AgentTaskScheduler taskScheduler) {
+      final AgentTaskScheduler taskScheduler,
+      boolean startSampler) {
 
     if (averageLookback < 1) {
       throw new IllegalArgumentException("'averageLookback' argument must be at least 1");
@@ -141,12 +145,12 @@ protected AdaptiveSampler(
       listener.onWindowRoll(0, 0, samplesBudget, totalCountRunningAverage, probability);
     }
 
-    taskScheduler.weakScheduleAtFixedRate(
-        RollWindowTask.INSTANCE,
-        this,
-        windowDuration.toNanos(),
-        windowDuration.toNanos(),
-        TimeUnit.NANOSECONDS);
+    this.windowDuration = windowDuration;
+    this.taskScheduler = taskScheduler;
+
+    if (startSampler) {
+      start();
+    }
   }
 
   /**
@@ -161,12 +165,21 @@ public AdaptiveSampler(
       final Duration windowDuration,
       final int samplesPerWindow,
       final int averageLookback,
-      final int budgetLookback) {
-    this(windowDuration, samplesPerWindow, averageLookback, budgetLookback, null);
+      final int budgetLookback,
+      boolean startSampler) {
+    this(
+        windowDuration,
+        samplesPerWindow,
+        averageLookback,
+        budgetLookback,
+        null,
+        AgentTaskScheduler.INSTANCE,
+        startSampler);
   }
 
   /**
-   * Create a new sampler instance with automatic window roll.
+   * Create a new sampler instance with automatic window roll. The instance is automatically
+   * started.
    *
    * @param windowDuration the sampling window duration
    * @param samplesPerWindow the maximum number of samples in the sampling window
@@ -186,7 +199,17 @@ public AdaptiveSampler(
         averageLookback,
         budgetLookback,
         listener,
-        AgentTaskScheduler.INSTANCE);
+        AgentTaskScheduler.INSTANCE,
+        true);
+  }
+
+  public void start() {
+    taskScheduler.weakScheduleAtFixedRate(
+        RollWindowTask.INSTANCE,
+        this,
+        windowDuration.toNanos(),
+        windowDuration.toNanos(),
+        TimeUnit.NANOSECONDS);
   }
 
   @Override
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/CapturedEnvironmentConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/CapturedEnvironmentConfigSource.java
index f1d9175a47d..56bfb0ad547 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/CapturedEnvironmentConfigSource.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/CapturedEnvironmentConfigSource.java
@@ -1,5 +1,6 @@
 package datadog.trace.bootstrap.config.provider;
 
+import datadog.trace.api.ConfigOrigin;
 import datadog.trace.api.env.CapturedEnvironment;
 
 public final class CapturedEnvironmentConfigSource extends ConfigProvider.Source {
@@ -17,4 +18,9 @@ public CapturedEnvironmentConfigSource(CapturedEnvironment env) {
   protected String get(String key) {
     return env.getProperties().get(key);
   }
+
+  @Override
+  public ConfigOrigin origin() {
+    return ConfigOrigin.ENV;
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigConverter.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigConverter.java
index 1bd9422087f..fe431f15313 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigConverter.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigConverter.java
@@ -363,4 +363,30 @@ protected MethodHandle computeValue(Class<?> type) {
       }
     }
   }
+
+  public static String renderIntegerRange(BitSet bitset) {
+    StringBuilder sb = new StringBuilder();
+    int start = 0;
+    while (true) {
+      start = bitset.nextSetBit(start);
+      if (start < 0) {
+        break;
+      }
+      int end = bitset.nextClearBit(start);
+      if (sb.length() > 0) {
+        sb.append(',');
+      }
+      if (start < end - 1) {
+        // interval
+        sb.append(start);
+        sb.append('-');
+        sb.append(end);
+      } else {
+        // single value
+        sb.append(start);
+      }
+      start = end;
+    }
+    return sb.toString();
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java
index 5289483200f..4d776da370c 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/ConfigProvider.java
@@ -3,6 +3,7 @@
 import static datadog.trace.api.config.GeneralConfig.CONFIGURATION_FILE;
 
 import datadog.trace.api.ConfigCollector;
+import datadog.trace.api.ConfigOrigin;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -64,6 +65,9 @@ public <T extends Enum<T>> T getEnum(String key, Class<T> enumType, T defaultVal
         log.debug("failed to parse {} for {}, defaulting to {}", value, key, defaultValue);
       }
     }
+    if (collectConfig) {
+      ConfigCollector.get().put(key, String.valueOf(defaultValue), ConfigOrigin.DEFAULT);
+    }
     return defaultValue;
   }
 
@@ -71,9 +75,15 @@ public String getString(String key, String defaultValue, String... aliases) {
     for (ConfigProvider.Source source : sources) {
       String value = source.get(key, aliases);
       if (value != null) {
+        if (collectConfig) {
+          ConfigCollector.get().put(key, value, source.origin());
+        }
         return value;
       }
     }
+    if (collectConfig && defaultValue != null) {
+      ConfigCollector.get().put(key, defaultValue, ConfigOrigin.DEFAULT);
+    }
     return defaultValue;
   }
 
@@ -85,9 +95,15 @@ public String getStringNotEmpty(String key, String defaultValue, String... alias
     for (ConfigProvider.Source source : sources) {
       String value = source.get(key, aliases);
       if (value != null && !value.trim().isEmpty()) {
+        if (collectConfig) {
+          ConfigCollector.get().put(key, value, source.origin());
+        }
         return value;
       }
     }
+    if (collectConfig && defaultValue != null) {
+      ConfigCollector.get().put(key, defaultValue, ConfigOrigin.DEFAULT);
+    }
     return defaultValue;
   }
 
@@ -103,9 +119,15 @@ public String getStringExcludingSource(
 
       String value = source.get(key, aliases);
       if (value != null) {
+        if (collectConfig) {
+          ConfigCollector.get().put(key, value, source.origin());
+        }
         return value;
       }
     }
+    if (collectConfig && defaultValue != null) {
+      ConfigCollector.get().put(key, defaultValue, ConfigOrigin.DEFAULT);
+    }
     return defaultValue;
   }
 
@@ -173,7 +195,7 @@ private <T> T get(String key, T defaultValue, Class<T> type, String... aliases)
         T value = ConfigConverter.valueOf(sourceValue, type);
         if (value != null) {
           if (collectConfig) {
-            ConfigCollector.get().put(key, sourceValue);
+            ConfigCollector.get().put(key, sourceValue, source.origin());
           }
           return value;
         }
@@ -181,6 +203,9 @@ private <T> T get(String key, T defaultValue, Class<T> type, String... aliases)
         // continue
       }
     }
+    if (collectConfig && defaultValue != null) {
+      ConfigCollector.get().put(key, defaultValue, ConfigOrigin.DEFAULT);
+    }
     return defaultValue;
   }
 
@@ -188,9 +213,25 @@ public List<String> getList(String key) {
     return ConfigConverter.parseList(getString(key));
   }
 
+  public List<String> getList(String key, List<String> defaultValue) {
+    String list = getString(key);
+    if (null == list) {
+      if (collectConfig && defaultValue != null) {
+        ConfigCollector.get().put(key, String.join(",", defaultValue), ConfigOrigin.DEFAULT);
+      }
+      return defaultValue;
+    } else {
+      return ConfigConverter.parseList(getString(key));
+    }
+  }
+
   public Set<String> getSet(String key, Set<String> defaultValue) {
     String list = getString(key);
     if (null == list) {
+      if (collectConfig && defaultValue != null) {
+        String defaultValueStr = String.join(",", defaultValue);
+        ConfigCollector.get().put(key, defaultValueStr, ConfigOrigin.DEFAULT);
+      }
       return defaultValue;
     } else {
       return new HashSet(ConfigConverter.parseList(getString(key)));
@@ -203,33 +244,46 @@ public List<String> getSpacedList(String key) {
 
   public Map<String, String> getMergedMap(String key) {
     Map<String, String> merged = new HashMap<>();
+    ConfigOrigin origin = ConfigOrigin.DEFAULT;
     // System properties take precedence over env
     // prior art:
     // https://docs.spring.io/spring-boot/docs/1.5.6.RELEASE/reference/html/boot-features-external-config.html
     // We reverse iterate to allow overrides
     for (int i = sources.length - 1; 0 <= i; i--) {
       String value = sources[i].get(key);
-      merged.putAll(ConfigConverter.parseMap(value, key));
+      Map<String, String> parsedMap = ConfigConverter.parseMap(value, key);
+      if (!parsedMap.isEmpty()) {
+        origin = sources[i].origin();
+      }
+      merged.putAll(parsedMap);
     }
+    collectMapSetting(key, merged, origin);
     return merged;
   }
 
   public Map<String, String> getOrderedMap(String key) {
-    LinkedHashMap<String, String> map = new LinkedHashMap<>();
+    LinkedHashMap<String, String> merged = new LinkedHashMap<>();
+    ConfigOrigin origin = ConfigOrigin.DEFAULT;
     // System properties take precedence over env
     // prior art:
     // https://docs.spring.io/spring-boot/docs/1.5.6.RELEASE/reference/html/boot-features-external-config.html
     // We reverse iterate to allow overrides
     for (int i = sources.length - 1; 0 <= i; i--) {
       String value = sources[i].get(key);
-      map.putAll(ConfigConverter.parseOrderedMap(value, key));
+      Map<String, String> parsedMap = ConfigConverter.parseOrderedMap(value, key);
+      if (!parsedMap.isEmpty()) {
+        origin = sources[i].origin();
+      }
+      merged.putAll(parsedMap);
     }
-    return map;
+    collectMapSetting(key, merged, origin);
+    return merged;
   }
 
   public Map<String, String> getMergedMapWithOptionalMappings(
       String defaultPrefix, boolean lowercaseKeys, String... keys) {
     Map<String, String> merged = new HashMap<>();
+    ConfigOrigin origin = ConfigOrigin.DEFAULT;
     // System properties take precedence over env
     // prior art:
     // https://docs.spring.io/spring-boot/docs/1.5.6.RELEASE/reference/html/boot-features-external-config.html
@@ -237,9 +291,14 @@ public Map<String, String> getMergedMapWithOptionalMappings(
     for (String key : keys) {
       for (int i = sources.length - 1; 0 <= i; i--) {
         String value = sources[i].get(key);
-        merged.putAll(
-            ConfigConverter.parseMapWithOptionalMappings(value, key, defaultPrefix, lowercaseKeys));
+        Map<String, String> parsedMap =
+            ConfigConverter.parseMapWithOptionalMappings(value, key, defaultPrefix, lowercaseKeys);
+        if (!parsedMap.isEmpty()) {
+          origin = sources[i].origin();
+        }
+        merged.putAll(parsedMap);
       }
+      collectMapSetting(key, merged, origin);
     }
     return merged;
   }
@@ -247,11 +306,17 @@ public Map<String, String> getMergedMapWithOptionalMappings(
   public BitSet getIntegerRange(final String key, final BitSet defaultValue) {
     final String value = getString(key);
     try {
-      return value == null ? defaultValue : ConfigConverter.parseIntegerRangeSet(value, key);
+      if (value != null) {
+        return ConfigConverter.parseIntegerRangeSet(value, key);
+      }
     } catch (final NumberFormatException e) {
-      log.warn("Invalid configuration for " + key, e);
-      return defaultValue;
+      log.warn("Invalid configuration for {}", key, e);
     }
+    if (collectConfig) {
+      String defaultValueStr = ConfigConverter.renderIntegerRange(defaultValue);
+      ConfigCollector.get().put(key, defaultValueStr, ConfigOrigin.DEFAULT);
+    }
+    return defaultValue;
   }
 
   public boolean isEnabled(
@@ -342,6 +407,22 @@ public static ConfigProvider withPropertiesOverride(Properties properties) {
     }
   }
 
+  private void collectMapSetting(String key, Map<String, String> merged, ConfigOrigin origin) {
+    if (!collectConfig || merged.isEmpty()) {
+      return;
+    }
+    StringBuilder mergedValue = new StringBuilder();
+    for (Map.Entry<String, String> entry : merged.entrySet()) {
+      if (mergedValue.length() > 0) {
+        mergedValue.append(',');
+      }
+      mergedValue.append(entry.getKey());
+      mergedValue.append(':');
+      mergedValue.append(entry.getValue());
+    }
+    ConfigCollector.get().put(key, mergedValue.toString(), origin);
+  }
+
   /**
    * Loads the optional configuration properties file into the global {@link Properties} object.
    *
@@ -400,5 +481,7 @@ public final String get(String key, String... aliases) {
     }
 
     protected abstract String get(String key);
+
+    public abstract ConfigOrigin origin();
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/EnvironmentConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/EnvironmentConfigSource.java
index c69caf719fc..6719693fd86 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/EnvironmentConfigSource.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/EnvironmentConfigSource.java
@@ -2,10 +2,17 @@
 
 import static datadog.trace.util.Strings.propertyNameToEnvironmentVariableName;
 
+import datadog.trace.api.ConfigOrigin;
+
 final class EnvironmentConfigSource extends ConfigProvider.Source {
 
   @Override
   protected String get(String key) {
     return System.getenv(propertyNameToEnvironmentVariableName(key));
   }
+
+  @Override
+  public ConfigOrigin origin() {
+    return ConfigOrigin.ENV;
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/PropertiesConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/PropertiesConfigSource.java
index 9f5e77a9cbe..a3391a54ef6 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/PropertiesConfigSource.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/PropertiesConfigSource.java
@@ -2,6 +2,7 @@
 
 import static datadog.trace.util.Strings.propertyNameToSystemPropertyName;
 
+import datadog.trace.api.ConfigOrigin;
 import java.util.Properties;
 
 final class PropertiesConfigSource extends ConfigProvider.Source {
@@ -25,4 +26,9 @@ public String getConfigFileStatus() {
   protected String get(String key) {
     return props.getProperty(useSystemPropertyFormat ? propertyNameToSystemPropertyName(key) : key);
   }
+
+  @Override
+  public ConfigOrigin origin() {
+    return ConfigOrigin.JVM_PROP;
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/SystemPropertiesConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/SystemPropertiesConfigSource.java
index fc6dba8c6f5..08aaf487027 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/SystemPropertiesConfigSource.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/SystemPropertiesConfigSource.java
@@ -2,10 +2,17 @@
 
 import static datadog.trace.util.Strings.propertyNameToSystemPropertyName;
 
+import datadog.trace.api.ConfigOrigin;
+
 public final class SystemPropertiesConfigSource extends ConfigProvider.Source {
 
   @Override
   protected String get(String key) {
     return System.getProperty(propertyNameToSystemPropertyName(key));
   }
+
+  @Override
+  public ConfigOrigin origin() {
+    return ConfigOrigin.JVM_PROP;
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentDataStreamsMonitoring.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentDataStreamsMonitoring.java
index a027b9febbc..97185d488a5 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentDataStreamsMonitoring.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentDataStreamsMonitoring.java
@@ -1,7 +1,30 @@
 package datadog.trace.bootstrap.instrumentation.api;
 
+import datadog.trace.api.experimental.DataStreamsCheckpointer;
 import java.util.LinkedHashMap;
 
-public interface AgentDataStreamsMonitoring {
+public interface AgentDataStreamsMonitoring extends DataStreamsCheckpointer {
   void trackBacklog(LinkedHashMap<String, String> sortedTags, long value);
+
+  /**
+   * Sets data streams checkpoint, used for both produce and consume operations.
+   *
+   * @param span active span
+   * @param sortedTags alphabetically sorted tags for the checkpoint (direction, queue type etc)
+   * @param defaultTimestamp unix timestamp to use as a start of the pathway if this is the first
+   *     checkpoint in the chain. Zero should be passed if we can't extract the timestamp from the
+   *     message / payload itself (for instance: produce operations; http produce / consume etc).
+   *     Value will be ignored for checkpoints happening not at the start of the pipeline.
+   * @param payloadSizeBytes size of the message (body + headers) in bytes. Zero should be passed if
+   *     the size cannot be evaluated.
+   */
+  void setCheckpoint(
+      AgentSpan span,
+      LinkedHashMap<String, String> sortedTags,
+      long defaultTimestamp,
+      long payloadSizeBytes);
+
+  PathwayContext newPathwayContext();
+
+  void add(StatsPoint statsPoint);
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentPropagation.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentPropagation.java
index 6f5b6ee2b9a..285e6ef4763 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentPropagation.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentPropagation.java
@@ -4,19 +4,12 @@
 import java.util.LinkedHashMap;
 
 public interface AgentPropagation {
-
-  AgentScope.Continuation capture();
-
   <C> void inject(AgentSpan span, C carrier, Setter<C> setter);
 
   <C> void inject(AgentSpan.Context context, C carrier, Setter<C> setter);
 
   <C> void inject(AgentSpan span, C carrier, Setter<C> setter, TracePropagationStyle style);
 
-  // The input tags should be sorted.
-  <C> void injectBinaryPathwayContext(
-      AgentSpan span, C carrier, BinarySetter<C> setter, LinkedHashMap<String, String> sortedTags);
-
   // The input tags should be sorted.
   <C> void injectPathwayContext(
       AgentSpan span, C carrier, Setter<C> setter, LinkedHashMap<String, String> sortedTags);
@@ -25,7 +18,7 @@ interface Setter<C> {
     void set(C carrier, String key, String value);
   }
 
-  interface BinarySetter<C> {
+  interface BinarySetter<C> extends Setter<C> {
     void set(C carrier, String key, byte[] value);
   }
 
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpan.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpan.java
index 51862e6b933..20a22942540 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpan.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpan.java
@@ -136,6 +136,8 @@ public interface AgentSpan extends MutableSpan, IGSpanInfo {
 
   TraceConfig traceConfig();
 
+  void addLink(AgentSpanLink link);
+
   interface Context {
     /**
      * Gets the TraceId of the span's trace.
@@ -173,6 +175,8 @@ interface Context {
 
     PathwayContext getPathwayContext();
 
+    default void mergePathwayContext(PathwayContext pathwayContext) {}
+
     interface Extracted extends Context {
       String getForwarded();
 
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpanLink.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpanLink.java
index 3be83b67473..470a0736af2 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpanLink.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentSpanLink.java
@@ -8,6 +8,11 @@
  * or not.
  */
 public interface AgentSpanLink {
+  /** The default trace flags (no flag enabled). */
+  byte DEFAULT_FLAGS = 0;
+  /** The sampled flag denotes that the caller may have recorded trace data. */
+  byte SAMPLED_FLAG = 1;
+
   /**
    * Gets the trace identifier of the linked span.
    *
@@ -22,6 +27,15 @@ public interface AgentSpanLink {
    */
   long spanId();
 
+  /**
+   * Gets the 8-bit field that controls tracing flags such as sampling, trace level, etc.
+   *
+   * @return The 8-bit field that controls tracing flags such as sampling, trace level, etc.
+   * @see <a href="https://www.w3.org/TR/trace-context/#trace-flags">Trace flag header W3C
+   *     Specification</a>
+   */
+  byte traceFlags();
+
   /**
    * Gets the vendor-specific trace information as defined per W3C standard.
    *
@@ -32,9 +46,25 @@ public interface AgentSpanLink {
   String traceState();
 
   /**
-   * Gets an immutable collection of the link attributes.
+   * Gets the link attributes.
    *
-   * @return The link attributes, wrapped into an immutable collection.
+   * @return The link attributes.
    */
-  Map<String, String> attributes();
+  Attributes attributes();
+
+  interface Attributes {
+    /**
+     * Gets the attributes as an immutable map.
+     *
+     * @return The attributes as an immutable map.
+     */
+    Map<String, String> asMap();
+
+    /**
+     * Checks whether the attributes are empty.
+     *
+     * @return {@code true} if the attributes are empty, {@code false} otherwise.
+     */
+    boolean isEmpty();
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentTracer.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentTracer.java
index a410ad2b225..3a1542987ea 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentTracer.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/AgentTracer.java
@@ -133,6 +133,11 @@ public static AgentScope activeScope() {
     return get().activeScope();
   }
 
+  public static AgentScope.Continuation capture() {
+    final AgentScope activeScope = activeScope();
+    return activeScope == null ? null : activeScope.capture();
+  }
+
   public static AgentPropagation propagate() {
     return get().propagate();
   }
@@ -167,12 +172,7 @@ public static TracerAPI get() {
   private AgentTracer() {}
 
   public interface TracerAPI
-      extends datadog.trace.api.Tracer,
-          InternalTracer,
-          AgentPropagation,
-          EndpointCheckpointer,
-          DataStreamsCheckpointer,
-          ScopeStateAware {
+      extends datadog.trace.api.Tracer, InternalTracer, EndpointCheckpointer, ScopeStateAware {
 
     /**
      * Create and start a new span.
@@ -269,19 +269,6 @@ default SpanBuilder buildSpan(CharSequence spanName) {
 
     CallbackProvider getUniversalCallbackProvider();
 
-    /**
-     * Sets data streams checkpoint, used for both produce and consume operations.
-     *
-     * @param span active span
-     * @param sortedTags alphabetically sorted tags for the checkpoint (direction, queue type etc)
-     * @param defaultTimestamp unix timestamp to use as a start of the pathway if this is the first
-     *     checkpoint in the chain. Zero should be passed if we can't extract the timestamp from the
-     *     message / payload itself (for instance: produce operations; http produce / consume etc).
-     *     Value will be ignored for checkpoints happening not at the start of the pipeline.
-     */
-    void setDataStreamCheckpoint(
-        AgentSpan span, LinkedHashMap<String, String> sortedTags, long defaultTimestamp);
-
     AgentSpan.Context notifyExtensionStart(Object event);
 
     void notifyExtensionEnd(AgentSpan span, Object result, boolean isError);
@@ -460,7 +447,7 @@ public boolean addTraceInterceptor(final TraceInterceptor traceInterceptor) {
 
     @Override
     public DataStreamsCheckpointer getDataStreamsCheckpointer() {
-      return this;
+      return getDataStreamsMonitoring();
     }
 
     @Override
@@ -487,37 +474,6 @@ public CallbackProvider getUniversalCallbackProvider() {
       return CallbackProvider.CallbackProviderNoop.INSTANCE;
     }
 
-    @Override
-    public AgentScope.Continuation capture() {
-      return null;
-    }
-
-    @Override
-    public <C> void inject(final AgentSpan span, final C carrier, final Setter<C> setter) {}
-
-    @Override
-    public <C> void inject(final Context context, final C carrier, final Setter<C> setter) {}
-
-    @Override
-    public <C> void inject(
-        AgentSpan span, C carrier, Setter<C> setter, TracePropagationStyle style) {}
-
-    @Override
-    public <C> void injectBinaryPathwayContext(
-        AgentSpan span,
-        C carrier,
-        BinarySetter<C> setter,
-        LinkedHashMap<String, String> sortedTags) {}
-
-    @Override
-    public <C> void injectPathwayContext(
-        AgentSpan span, C carrier, Setter<C> setter, LinkedHashMap<String, String> sortedTags) {}
-
-    @Override
-    public <C> Context.Extracted extract(final C carrier, final ContextVisitor<C> getter) {
-      return null;
-    }
-
     @Override
     public void onRootSpanFinished(AgentSpan root, EndpointTracker tracker) {}
 
@@ -526,10 +482,6 @@ public EndpointTracker onRootSpanStarted(AgentSpan root) {
       return EndpointTracker.NO_OP;
     }
 
-    @Override
-    public void setDataStreamCheckpoint(
-        AgentSpan span, LinkedHashMap<String, String> sortedTags, long defaultTimestamp) {}
-
     @Override
     public AgentSpan.Context notifyExtensionStart(Object event) {
       return null;
@@ -548,14 +500,6 @@ public AgentDataStreamsMonitoring getDataStreamsMonitoring() {
       return NoopAgentDataStreamsMonitoring.INSTANCE;
     }
 
-    @Override
-    public void setConsumeCheckpoint(
-        String type, String source, DataStreamsContextCarrier carrier) {}
-
-    @Override
-    public void setProduceCheckpoint(
-        String type, String target, DataStreamsContextCarrier carrier) {}
-
     @Override
     public Timer getTimer() {
       return Timer.NoOp.INSTANCE;
@@ -702,7 +646,7 @@ public boolean eligibleForDropping() {
 
     @Override
     public RequestContext getRequestContext() {
-      return null;
+      return RequestContext.Noop.INSTANCE;
     }
 
     @Override
@@ -862,6 +806,9 @@ public byte getResourceNamePriority() {
     public TraceConfig traceConfig() {
       return NoopTraceConfig.INSTANCE;
     }
+
+    @Override
+    public void addLink(AgentSpanLink link) {}
   }
 
   public static final class NoopAgentScope implements AgentScope {
@@ -904,11 +851,6 @@ public boolean isAsyncPropagating() {
   static class NoopAgentPropagation implements AgentPropagation {
     static final NoopAgentPropagation INSTANCE = new NoopAgentPropagation();
 
-    @Override
-    public AgentScope.Continuation capture() {
-      return NoopContinuation.INSTANCE;
-    }
-
     @Override
     public <C> void inject(final AgentSpan span, final C carrier, final Setter<C> setter) {}
 
@@ -919,13 +861,6 @@ public <C> void inject(final Context context, final C carrier, final Setter<C> s
     public <C> void inject(
         AgentSpan span, C carrier, Setter<C> setter, TracePropagationStyle style) {}
 
-    @Override
-    public <C> void injectBinaryPathwayContext(
-        AgentSpan span,
-        C carrier,
-        BinarySetter<C> setter,
-        LinkedHashMap<String, String> sortedTags) {}
-
     @Override
     public <C> void injectPathwayContext(
         AgentSpan span, C carrier, Setter<C> setter, LinkedHashMap<String, String> sortedTags) {}
@@ -1085,6 +1020,29 @@ public static class NoopAgentDataStreamsMonitoring implements AgentDataStreamsMo
 
     @Override
     public void trackBacklog(LinkedHashMap<String, String> sortedTags, long value) {}
+
+    @Override
+    public void setCheckpoint(
+        AgentSpan span,
+        LinkedHashMap<String, String> sortedTags,
+        long defaultTimestamp,
+        long payloadSizeBytes) {}
+
+    @Override
+    public PathwayContext newPathwayContext() {
+      return NoopPathwayContext.INSTANCE;
+    }
+
+    @Override
+    public void add(StatsPoint statsPoint) {}
+
+    @Override
+    public void setConsumeCheckpoint(
+        String type, String source, DataStreamsContextCarrier carrier) {}
+
+    @Override
+    public void setProduceCheckpoint(
+        String type, String target, DataStreamsContextCarrier carrier) {}
   }
 
   public static class NoopPathwayContext implements PathwayContext {
@@ -1100,6 +1058,13 @@ public long getHash() {
       return 0L;
     }
 
+    @Override
+    public void setCheckpoint(
+        LinkedHashMap<String, String> sortedTags,
+        Consumer<StatsPoint> pointConsumer,
+        long defaultTimestamp,
+        long payloadSizeBytes) {}
+
     @Override
     public void setCheckpoint(
         LinkedHashMap<String, String> sortedTags,
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/PathwayContext.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/PathwayContext.java
index 38ad2dc4d43..0419c6f7844 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/PathwayContext.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/PathwayContext.java
@@ -13,6 +13,12 @@ public interface PathwayContext {
 
   long getHash();
 
+  void setCheckpoint(
+      LinkedHashMap<String, String> sortedTags,
+      Consumer<StatsPoint> pointConsumer,
+      long defaultTimestamp,
+      long payloadSizeBytes);
+
   void setCheckpoint(
       LinkedHashMap<String, String> sortedTags,
       Consumer<StatsPoint> pointConsumer,
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilerContext.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilerContext.java
index bdfd2005e22..03fa04170aa 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilerContext.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilerContext.java
@@ -8,4 +8,6 @@ public interface ProfilerContext {
   long getRootSpanId();
 
   int getEncodedOperationName();
+
+  int getEncodedResourceName();
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilingContextIntegration.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilingContextIntegration.java
index a30c11c60b6..1bee6e1c48e 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilingContextIntegration.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/ProfilingContextIntegration.java
@@ -1,8 +1,8 @@
 package datadog.trace.bootstrap.instrumentation.api;
 
-import datadog.trace.api.experimental.Profiling;
-import datadog.trace.api.experimental.ProfilingContextSetter;
-import datadog.trace.api.experimental.ProfilingScope;
+import datadog.trace.api.profiling.Profiling;
+import datadog.trace.api.profiling.ProfilingContextAttribute;
+import datadog.trace.api.profiling.ProfilingScope;
 
 public interface ProfilingContextIntegration extends Profiling {
   /** Invoked when a trace first propagates to a thread */
@@ -31,8 +31,8 @@ final class NoOp implements ProfilingContextIntegration {
         new ProfilingContextIntegration.NoOp();
 
     @Override
-    public ProfilingContextSetter createContextSetter(String attribute) {
-      return ProfilingContextSetter.NoOp.INSTANCE;
+    public ProfilingContextAttribute createContextAttribute(String attribute) {
+      return ProfilingContextAttribute.NoOp.INSTANCE;
     }
 
     @Override
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLink.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLink.java
index 7ed140e1503..4a0e28b272b 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLink.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLink.java
@@ -1,22 +1,24 @@
 package datadog.trace.bootstrap.instrumentation.api;
 
+import static datadog.trace.bootstrap.instrumentation.api.SpanLinkAttributes.EMPTY;
+
 import datadog.trace.api.DDTraceId;
-import java.util.Collections;
-import java.util.Map;
 
 /** This class is a base implementation of {@link AgentSpanLink}. */
 public class SpanLink implements AgentSpanLink {
   private final DDTraceId traceId;
   private final long spanId;
+  private final byte traceFlags;
   private final String traceState;
-  private final Map<String, String> attributes;
+  private final Attributes attributes;
 
   protected SpanLink(
-      DDTraceId traceId, long spanId, String traceState, Map<String, String> attributes) {
+      DDTraceId traceId, long spanId, byte traceFlags, String traceState, Attributes attributes) {
     this.traceId = traceId;
     this.spanId = spanId;
+    this.traceFlags = traceFlags;
     this.traceState = traceState;
-    this.attributes = attributes == null ? Collections.emptyMap() : attributes;
+    this.attributes = attributes;
   }
 
   /**
@@ -27,7 +29,7 @@ protected SpanLink(
    * @return A span link to the given context.
    */
   public static SpanLink from(AgentSpan.Context context) {
-    return from(context, "", Collections.emptyMap());
+    return from(context, DEFAULT_FLAGS, "", EMPTY);
   }
 
   /**
@@ -35,13 +37,18 @@ public static SpanLink from(AgentSpan.Context context) {
    * trace and span identifiers from the given instance.
    *
    * @param context The context of the span to get the link to.
+   * @param traceFlags The W3C formatted trace flags.
    * @param traceState The W3C formatted trace state.
    * @param attributes The link attributes.
    * @return A span link to the given context.
    */
   public static SpanLink from(
-      AgentSpan.Context context, String traceState, Map<String, String> attributes) {
-    return new SpanLink(context.getTraceId(), context.getSpanId(), traceState, attributes);
+      AgentSpan.Context context, byte traceFlags, String traceState, Attributes attributes) {
+    if (context.getSamplingPriority() > 0) {
+      traceFlags = (byte) (traceFlags | SAMPLED_FLAG);
+    }
+    return new SpanLink(
+        context.getTraceId(), context.getSpanId(), traceFlags, traceState, attributes);
   }
 
   @Override
@@ -54,13 +61,35 @@ public long spanId() {
     return this.spanId;
   }
 
+  @Override
+  public byte traceFlags() {
+    return this.traceFlags;
+  }
+
   @Override
   public String traceState() {
     return this.traceState;
   }
 
   @Override
-  public Map<String, String> attributes() {
+  public Attributes attributes() {
     return this.attributes;
   }
+
+  @Override
+  public String toString() {
+    return "SpanLink{"
+        + "traceId="
+        + this.traceId
+        + ", spanId="
+        + this.spanId
+        + ", traceFlags="
+        + this.traceFlags
+        + ", traceState='"
+        + this.traceState
+        + '\''
+        + ", attributes="
+        + this.attributes
+        + '}';
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLinkAttributes.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLinkAttributes.java
new file mode 100644
index 00000000000..87a2ce05f6b
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanLinkAttributes.java
@@ -0,0 +1,122 @@
+package datadog.trace.bootstrap.instrumentation.api;
+
+import static java.util.Objects.requireNonNull;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/** This class is a base implementation of {@link AgentSpanLink.Attributes}. */
+public class SpanLinkAttributes implements AgentSpanLink.Attributes {
+  /** An empty span links attributes. */
+  public static final AgentSpanLink.Attributes EMPTY =
+      new SpanLinkAttributes(Collections.emptyMap());
+
+  private final Map<String, String> attributes;
+
+  protected SpanLinkAttributes(Map<String, String> attributes) {
+    this.attributes = attributes;
+  }
+
+  /**
+   * Gets a builder to create span link attributes.
+   *
+   * @return A builder to create span link attributes.
+   */
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  /**
+   * Create span link attributes from its map representation.
+   *
+   * @param map A map representing the span link attributes.
+   * @return The related span link attributes.
+   */
+  public static SpanLinkAttributes fromMap(Map<String, String> map) {
+    return new SpanLinkAttributes(new HashMap<>(map));
+  }
+
+  @Override
+  public Map<String, String> asMap() {
+    return this.attributes;
+  }
+
+  @Override
+  public boolean isEmpty() {
+    return this.attributes.isEmpty();
+  }
+
+  @Override
+  public String toString() {
+    return "SpanLinkAttributes{" + this.attributes + '}';
+  }
+
+  public static class Builder {
+    private final Map<String, String> attributes;
+
+    protected Builder() {
+      this.attributes = new HashMap<>();
+    }
+
+    public Builder put(String key, String value) {
+      requireNonNull(key, "key must not be null");
+      if (value != null) {
+        this.attributes.put(key, value);
+      }
+      return this;
+    }
+
+    public Builder put(String key, boolean value) {
+      requireNonNull(key, "key must not be null");
+      this.attributes.put(key, Boolean.toString(value));
+      return this;
+    }
+
+    public Builder put(String key, long value) {
+      requireNonNull(key, "key must not be null");
+      this.attributes.put(key, Long.toString(value));
+      return this;
+    }
+
+    public Builder put(String key, double value) {
+      requireNonNull(key, "key must not be null");
+      this.attributes.put(key, Double.toString(value));
+      return this;
+    }
+
+    public Builder putStringArray(String key, List<String> array) {
+      return putArray(key, array);
+    }
+
+    public Builder putBooleanArray(String key, List<Boolean> array) {
+      return putArray(key, array);
+    }
+
+    public Builder putLongArray(String key, List<Long> array) {
+      return putArray(key, array);
+    }
+
+    public Builder putDoubleArray(String key, List<Double> array) {
+      return putArray(key, array);
+    }
+
+    protected <T> Builder putArray(String key, List<T> array) {
+      requireNonNull(key, "key must not be null");
+      if (array != null) {
+        for (int index = 0; index < array.size(); index++) {
+          Object value = array.get(index);
+          if (value != null) {
+            this.attributes.put(key + "." + index, value.toString());
+          }
+        }
+      }
+      return this;
+    }
+
+    public AgentSpanLink.Attributes build() {
+      return new SpanLinkAttributes(this.attributes);
+    }
+  }
+}
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/StatsPoint.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/StatsPoint.java
index 024b315df09..caa6540699b 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/StatsPoint.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/StatsPoint.java
@@ -9,6 +9,7 @@ public class StatsPoint implements InboxItem {
   private final long timestampNanos;
   private final long pathwayLatencyNano;
   private final long edgeLatencyNano;
+  private final long payloadSizeBytes;
 
   public StatsPoint(
       List<String> edgeTags,
@@ -16,13 +17,15 @@ public StatsPoint(
       long parentHash,
       long timestampNanos,
       long pathwayLatencyNano,
-      long edgeLatencyNano) {
+      long edgeLatencyNano,
+      long payloadSizeBytes) {
     this.edgeTags = edgeTags;
     this.hash = hash;
     this.parentHash = parentHash;
     this.timestampNanos = timestampNanos;
     this.pathwayLatencyNano = pathwayLatencyNano;
     this.edgeLatencyNano = edgeLatencyNano;
+    this.payloadSizeBytes = payloadSizeBytes;
   }
 
   public List<String> getEdgeTags() {
@@ -49,6 +52,10 @@ public long getEdgeLatencyNano() {
     return edgeLatencyNano;
   }
 
+  public long getPayloadSizeBytes() {
+    return payloadSizeBytes;
+  }
+
   @Override
   public String toString() {
     return "StatsPoint{"
@@ -65,6 +72,8 @@ public String toString() {
         + pathwayLatencyNano
         + ", edgeLatencyNano="
         + edgeLatencyNano
+        + ", payloadSizeBytes="
+        + payloadSizeBytes
         + '}';
   }
 }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/Tags.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/Tags.java
index 78d7012d507..4c824529b36 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/Tags.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/Tags.java
@@ -67,9 +67,12 @@ public class Tags {
   public static final String TEST_MODULE_ID = "test_module_id";
   public static final String TEST_SUITE_ID = "test_suite_id";
   public static final String TEST_CODE_COVERAGE_ENABLED = "test.code_coverage.enabled";
+  public static final String TEST_CODE_COVERAGE_LINES_PERCENTAGE = "test.code_coverage.lines_pct";
   public static final String TEST_ITR_TESTS_SKIPPING_ENABLED = "test.itr.tests_skipping.enabled";
   public static final String TEST_ITR_TESTS_SKIPPING_TYPE = "test.itr.tests_skipping.type";
   public static final String TEST_ITR_TESTS_SKIPPING_COUNT = "test.itr.tests_skipping.count";
+  public static final String TEST_ITR_UNSKIPPABLE = "test.itr.unskippable";
+  public static final String TEST_ITR_FORCED_RUN = "test.itr.forced_run";
 
   public static final String CI_PROVIDER_NAME = "ci.provider.name";
   public static final String CI_PIPELINE_ID = "ci.pipeline.id";
diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/TaskWrapper.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/TaskWrapper.java
similarity index 87%
rename from dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/TaskWrapper.java
rename to internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/TaskWrapper.java
index 00fccdab482..3315ab3e8b2 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/TaskWrapper.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/TaskWrapper.java
@@ -1,4 +1,4 @@
-package datadog.trace.bootstrap;
+package datadog.trace.bootstrap.instrumentation.api;
 
 public interface TaskWrapper {
   static Class<?> getUnwrappedType(Object task) {
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/URIUtils.java b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/URIUtils.java
index 0b9b98ddcf7..0f3b7047dc0 100644
--- a/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/URIUtils.java
+++ b/internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/URIUtils.java
@@ -269,4 +269,33 @@ public String get() {
       return lazy;
     }
   }
+
+  /**
+   * Concatenate two URI parts to form the complete one. Mostly used for apache http client
+   * instrumentations
+   *
+   * @param schemeHostPort the first part (usually <code>http://host:port</code>)
+   * @param theRest the rest of the uri (e.g. <code>/path?query#fragment</code>
+   * @return the full URI or <code>null</code> if fails to parse
+   */
+  public static URI safeConcat(final String schemeHostPort, final String theRest) {
+    if (schemeHostPort == null && theRest == null) {
+      return null;
+    }
+    final String part1 = schemeHostPort != null ? schemeHostPort : "";
+    final String part2 = theRest != null ? theRest : "";
+    if (part2.startsWith(part1)) {
+      return safeParse(part2);
+    }
+    final boolean addSlash = !(part2.startsWith("/") || part1.endsWith("/"));
+    final StringBuilder sb =
+        new StringBuilder(part1.length() + part2.length() + (addSlash ? 1 : 0));
+    sb.append(part1);
+    if (addSlash) {
+      // it happens for http async client 4 with relative URI
+      sb.append("/");
+    }
+    sb.append(part2);
+    return safeParse(sb.toString());
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/logging/GlobalLogLevelSwitcher.java b/internal-api/src/main/java/datadog/trace/logging/GlobalLogLevelSwitcher.java
index 807068cfcdb..400772b7f2d 100644
--- a/internal-api/src/main/java/datadog/trace/logging/GlobalLogLevelSwitcher.java
+++ b/internal-api/src/main/java/datadog/trace/logging/GlobalLogLevelSwitcher.java
@@ -43,4 +43,11 @@ public void restore() {
       delegate.restore();
     }
   }
+
+  @Override
+  public void reinitialize() {
+    if (delegate != null) {
+      delegate.reinitialize();
+    }
+  }
 }
diff --git a/internal-api/src/main/java/datadog/trace/logging/LogLevelSwitcher.java b/internal-api/src/main/java/datadog/trace/logging/LogLevelSwitcher.java
index 6cf1f1dde13..3e1adfe12fe 100644
--- a/internal-api/src/main/java/datadog/trace/logging/LogLevelSwitcher.java
+++ b/internal-api/src/main/java/datadog/trace/logging/LogLevelSwitcher.java
@@ -12,4 +12,7 @@ public interface LogLevelSwitcher {
 
   /** Restore the LogLevel to the original setting. */
   void restore();
+
+  /** Re-execute logging settings initialization */
+  void reinitialize();
 }
diff --git a/internal-api/src/main/java/datadog/trace/util/AgentThreadFactory.java b/internal-api/src/main/java/datadog/trace/util/AgentThreadFactory.java
index 7eff0a89217..0973bf2f4c5 100644
--- a/internal-api/src/main/java/datadog/trace/util/AgentThreadFactory.java
+++ b/internal-api/src/main/java/datadog/trace/util/AgentThreadFactory.java
@@ -104,7 +104,7 @@ public static Thread newAgentThread(
           @Override
           public void uncaughtException(final Thread thread, final Throwable e) {
             LoggerFactory.getLogger(runnable.getClass())
-                .error("Uncaught exception in {}", agentThread.threadName, e);
+                .error("Uncaught exception {} in {}", e, agentThread.threadName, e);
           }
         });
     return thread;
diff --git a/internal-api/src/main/java/datadog/trace/util/MethodHandles.java b/internal-api/src/main/java/datadog/trace/util/MethodHandles.java
new file mode 100644
index 00000000000..ebe8b3e7e66
--- /dev/null
+++ b/internal-api/src/main/java/datadog/trace/util/MethodHandles.java
@@ -0,0 +1,70 @@
+package datadog.trace.util;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.lang.invoke.MethodHandle;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MethodHandles {
+
+  private static final Logger log = LoggerFactory.getLogger(MethodHandles.class);
+
+  private final java.lang.invoke.MethodHandles.Lookup lookup =
+      java.lang.invoke.MethodHandles.lookup();
+  private final ClassLoader classLoader;
+
+  public MethodHandles(ClassLoader classLoader) {
+    this.classLoader = classLoader;
+  }
+
+  @SuppressFBWarnings("REFLF_REFLECTION_MAY_INCREASE_ACCESSIBILITY_OF_FIELD")
+  public MethodHandle privateFieldGetter(String className, String fieldName) {
+    try {
+      Class<?> clazz = classLoader.loadClass(className);
+      Field field = clazz.getDeclaredField(fieldName);
+      field.setAccessible(true);
+      return lookup.unreflectGetter(field);
+
+    } catch (Throwable t) {
+      log.debug("Could not get private field {} getter from class {}", fieldName, className, t);
+      return null;
+    }
+  }
+
+  public MethodHandle constructor(String className, Class<?>... parameterTypes) {
+    try {
+      Class<?> clazz = classLoader.loadClass(className);
+      Constructor<?> constructor = clazz.getDeclaredConstructor(parameterTypes);
+      constructor.setAccessible(true);
+      return lookup.unreflectConstructor(constructor);
+
+    } catch (Throwable t) {
+      log.debug(
+          "Could not get constructor accepting {} from class {}",
+          Arrays.toString(parameterTypes),
+          className,
+          t);
+      return null;
+    }
+  }
+
+  @SuppressWarnings("unchecked")
+  public <T> T invoke(MethodHandle handle, Object... arguments) {
+    if (handle == null) {
+      return null;
+    }
+    try {
+      return (T) handle.invokeWithArguments(arguments);
+    } catch (Throwable t) {
+      log.error(
+          "Error while invoking method handle {} with arguments {}",
+          handle,
+          Arrays.toString(arguments),
+          t);
+      return null;
+    }
+  }
+}
diff --git a/internal-api/src/main/java/datadog/trace/util/Strings.java b/internal-api/src/main/java/datadog/trace/util/Strings.java
index 042c4495dae..7ef8b6fd15c 100644
--- a/internal-api/src/main/java/datadog/trace/util/Strings.java
+++ b/internal-api/src/main/java/datadog/trace/util/Strings.java
@@ -268,25 +268,25 @@ public static CharSequence truncate(CharSequence input, int limit) {
     return input.subSequence(0, limit);
   }
 
-  public static String toJson(final Map<String, String> map) {
+  public static String toJson(final Map<String, ?> map) {
     return toJson(map, false);
   }
 
-  public static String toJson(final Map<String, String> map, boolean valuesAreJson) {
+  public static String toJson(final Map<String, ?> map, boolean valuesAreJson) {
     if (map == null || map.isEmpty()) {
       return "{}";
     }
     final StringBuilder sb = new StringBuilder("{");
-    final Iterator<Entry<String, String>> entriesIter = map.entrySet().iterator();
+    final Iterator<? extends Entry<String, ?>> entriesIter = map.entrySet().iterator();
     while (entriesIter.hasNext()) {
-      final Entry<String, String> entry = entriesIter.next();
+      final Entry<String, ?> entry = entriesIter.next();
 
       sb.append("\"").append(escapeToJson(entry.getKey())).append("\":");
 
       if (valuesAreJson) {
         sb.append(entry.getValue());
       } else {
-        sb.append("\"").append(escapeToJson(entry.getValue())).append("\"");
+        sb.append("\"").append(escapeToJson(String.valueOf(entry.getValue()))).append("\"");
       }
 
       if (entriesIter.hasNext()) {
diff --git a/internal-api/src/test/groovy/datadog/trace/api/ConfigCollectorTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/ConfigCollectorTest.groovy
new file mode 100644
index 00000000000..e3df13c7cd6
--- /dev/null
+++ b/internal-api/src/test/groovy/datadog/trace/api/ConfigCollectorTest.groovy
@@ -0,0 +1,122 @@
+package datadog.trace.api
+
+import datadog.trace.api.config.AppSecConfig
+import datadog.trace.api.config.CiVisibilityConfig
+import datadog.trace.api.config.GeneralConfig
+import datadog.trace.api.config.IastConfig
+import datadog.trace.api.config.JmxFetchConfig
+import datadog.trace.api.config.TraceInstrumentationConfig
+import datadog.trace.api.config.TracerConfig
+import datadog.trace.api.iast.telemetry.Verbosity
+import datadog.trace.api.naming.SpanNaming
+import datadog.trace.bootstrap.config.provider.ConfigConverter
+import datadog.trace.test.util.DDSpecification
+import datadog.trace.util.Strings
+
+import static datadog.trace.api.ConfigDefaults.DEFAULT_HTTP_CLIENT_ERROR_STATUSES
+import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_WEAK_HASH_ALGORITHMS
+import static datadog.trace.api.ConfigDefaults.DEFAULT_TELEMETRY_HEARTBEAT_INTERVAL
+import static datadog.trace.api.UserEventTrackingMode.SAFE
+
+class ConfigCollectorTest extends DDSpecification {
+
+  def "non-default config settings get collected"() {
+    setup:
+    injectEnvConfig(Strings.toEnvVar(configKey), configValue)
+
+    expect:
+    def setting = ConfigCollector.get().collect().get(configKey)
+    setting.value == configValue
+    setting.origin == ConfigOrigin.ENV
+
+    where:
+    configKey                                                  | configValue
+    // ConfigProvider.getEnum
+    IastConfig.IAST_TELEMETRY_VERBOSITY                        | Verbosity.DEBUG.toString()
+    // ConfigProvider.getString
+    TracerConfig.TRACE_SPAN_ATTRIBUTE_SCHEMA                   | "v1"
+    // ConfigProvider.getStringNotEmpty
+    AppSecConfig.APPSEC_AUTOMATED_USER_EVENTS_TRACKING         | UserEventTrackingMode.EXTENDED.toString()
+    // ConfigProvider.getStringExcludingSource
+    GeneralConfig.APPLICATION_KEY                              | "app-key"
+    // ConfigProvider.getBoolean
+    TraceInstrumentationConfig.RESOLVER_USE_URL_CACHES         | "true"
+    // ConfigProvider.getInteger
+    JmxFetchConfig.JMX_FETCH_CHECK_PERIOD                      | "60"
+    // ConfigProvider.getLong
+    CiVisibilityConfig.CIVISIBILITY_MODULE_ID                  | "450273"
+    // ConfigProvider.getFloat
+    GeneralConfig.TELEMETRY_HEARTBEAT_INTERVAL                 | "1.5"
+    // ConfigProvider.getDouble
+    TracerConfig.TRACE_SAMPLE_RATE                             | "2.2"
+    // ConfigProvider.getList
+    TraceInstrumentationConfig.JMS_PROPAGATION_DISABLED_TOPICS | "someTopic,otherTopic"
+    // ConfigProvider.getSet
+    IastConfig.IAST_WEAK_HASH_ALGORITHMS                       | "SHA1,SHA-1"
+    // ConfigProvider.getSpacedList
+    TracerConfig.PROXY_NO_PROXY                                | "a b c"
+    // ConfigProvider.getMergedMap
+    TracerConfig.TRACE_PEER_SERVICE_MAPPING                    | "service1:best_service,userService:my_service"
+    // ConfigProvider.getOrderedMap
+    TracerConfig.TRACE_HTTP_SERVER_PATH_RESOURCE_NAME_MAPPING  | "/asdf/*:/test"
+    // ConfigProvider.getMergedMapWithOptionalMappings
+    TracerConfig.HEADER_TAGS                                   | "e:five"
+    // ConfigProvider.getIntegerRange
+    TracerConfig.HTTP_CLIENT_ERROR_STATUSES                    | "400-402"
+  }
+
+  def "should collect merged data from multiple sources"() {
+    setup:
+    injectEnvConfig(Strings.toEnvVar(configKey), configValue1)
+    injectSysConfig(configKey, configValue2)
+
+    expect:
+    def setting = ConfigCollector.get().collect().get(configKey)
+    setting.value == expectedValue
+    setting.origin == ConfigOrigin.JVM_PROP
+
+    where:
+    configKey                                                 | configValue1                                   | configValue2              | expectedValue
+    // ConfigProvider.getMergedMap
+    TracerConfig.TRACE_PEER_SERVICE_MAPPING                   | "service1:best_service,userService:my_service" | "service2:backup_service" | "service2:backup_service,service1:best_service,userService:my_service"
+    // ConfigProvider.getOrderedMap
+    TracerConfig.TRACE_HTTP_SERVER_PATH_RESOURCE_NAME_MAPPING | "/asdf/*:/test,/b:some"                        | "/a:prop"                 | "/asdf/*:/test,/b:some,/a:prop"
+    // ConfigProvider.getMergedMapWithOptionalMappings
+    TracerConfig.HEADER_TAGS                                  | "j:ten"                                        | "e:five,b:six"            | "e:five,j:ten,b:six"
+  }
+
+  def "default not-null config settings are collected"() {
+    expect:
+    def setting = ConfigCollector.get().collect().get(configKey)
+    setting.origin == ConfigOrigin.DEFAULT
+    setting.value == defaultValue
+
+    where:
+    configKey                                                  | defaultValue
+    IastConfig.IAST_TELEMETRY_VERBOSITY                        | Verbosity.INFORMATION.toString()
+    TracerConfig.TRACE_SPAN_ATTRIBUTE_SCHEMA                   | "v" + SpanNaming.SCHEMA_MIN_VERSION
+    AppSecConfig.APPSEC_AUTOMATED_USER_EVENTS_TRACKING         | SAFE.toString()
+    GeneralConfig.TELEMETRY_HEARTBEAT_INTERVAL                 | DEFAULT_TELEMETRY_HEARTBEAT_INTERVAL
+    CiVisibilityConfig.CIVISIBILITY_JACOCO_GRADLE_SOURCE_SETS  | "main"
+    IastConfig.IAST_WEAK_HASH_ALGORITHMS                       | DEFAULT_IAST_WEAK_HASH_ALGORITHMS.join(",")
+    TracerConfig.HTTP_CLIENT_ERROR_STATUSES                    | ConfigConverter.renderIntegerRange(DEFAULT_HTTP_CLIENT_ERROR_STATUSES)
+  }
+
+  def "default NULL config settings are NOT collected"() {
+    expect:
+    ConfigCollector.get().collect().get(configKey) == null
+
+    where:
+    configKey                                                  | _
+    GeneralConfig.APPLICATION_KEY                              | _
+    TraceInstrumentationConfig.RESOLVER_USE_URL_CACHES         | _
+    JmxFetchConfig.JMX_FETCH_CHECK_PERIOD                      | _
+    CiVisibilityConfig.CIVISIBILITY_MODULE_ID                  | _
+    TracerConfig.TRACE_SAMPLE_RATE                             | _
+    TraceInstrumentationConfig.JMS_PROPAGATION_DISABLED_TOPICS | _
+    TracerConfig.PROXY_NO_PROXY                                | _
+    TracerConfig.TRACE_PEER_SERVICE_MAPPING                    | _
+    TracerConfig.TRACE_HTTP_SERVER_PATH_RESOURCE_NAME_MAPPING  | _
+    TracerConfig.HEADER_TAGS                                   | _
+  }
+}
diff --git a/internal-api/src/test/groovy/datadog/trace/api/ConfigSettingTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/ConfigSettingTest.groovy
new file mode 100644
index 00000000000..fa2d17230b5
--- /dev/null
+++ b/internal-api/src/test/groovy/datadog/trace/api/ConfigSettingTest.groovy
@@ -0,0 +1,45 @@
+package datadog.trace.api
+
+import spock.lang.Specification
+
+class ConfigSettingTest extends Specification {
+
+  def "supports equality check"() {
+    when:
+    def cs1 = new ConfigSetting(key1, value1, origin1)
+    def cs2 = new ConfigSetting(key2, value2, origin2)
+
+    then:
+    if (key1 == key2 && value1 == value2 && origin1 == origin2) {
+      assert cs1.hashCode() == cs2.hashCode()
+      assert cs1 == cs2
+      assert cs2 == cs1
+      assert cs1.toString() == cs2.toString()
+    } else {
+      assert cs1.hashCode() != cs2.hashCode()
+      assert cs1 != cs2
+      assert cs2 != cs1
+      assert cs1.toString() != cs2.toString()
+    }
+
+    where:
+    key1  | key2   | value1   | value2  | origin1               | origin2
+    "key" | "key"  | "value"  | "value" | ConfigOrigin.DEFAULT  | ConfigOrigin.DEFAULT
+    "key" | "key2" | "value"  | "value" | ConfigOrigin.ENV      | ConfigOrigin.ENV
+    "key" | "key"  | "value2" | "value" | ConfigOrigin.JVM_PROP | ConfigOrigin.JVM_PROP
+    "key" | "key"  | "value"  | "value" | ConfigOrigin.ENV      | ConfigOrigin.DEFAULT
+  }
+
+  def "filters key values"() {
+    expect:
+    new ConfigSetting(key, value, ConfigOrigin.DEFAULT).value == filteredValue
+
+    where:
+    key                    | value       | filteredValue
+    "DD_API_KEY"           | "somevalue" | "<hidden>"
+    "dd.api-key"           | "somevalue" | "<hidden>"
+    "dd.profiling.api-key" | "somevalue" | "<hidden>"
+    "dd.profiling.apikey"  | "somevalue" | "<hidden>"
+    "some.other.key"       | "somevalue" | "somevalue"
+  }
+}
diff --git a/internal-api/src/test/groovy/datadog/trace/api/ConfigTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/ConfigTest.groovy
index 73e3734d831..78d96bcbf5b 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/ConfigTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/ConfigTest.groovy
@@ -84,6 +84,7 @@ import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_ENABLED
 import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_MAX_PAYLOAD_SIZE
 import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_POLL_INTERVAL_SECONDS
 import static datadog.trace.api.config.RemoteConfigConfig.REMOTE_CONFIG_URL
+import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_HOST
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_INSTANCE
 import static datadog.trace.api.config.TraceInstrumentationConfig.DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX
 import static datadog.trace.api.config.TraceInstrumentationConfig.HTTP_CLIENT_HOST_SPLIT_BY_DOMAIN
@@ -182,6 +183,7 @@ class ConfigTest extends DDSpecification {
     prop.setProperty(HTTP_CLIENT_HOST_SPLIT_BY_DOMAIN, "true")
     prop.setProperty(DB_CLIENT_HOST_SPLIT_BY_INSTANCE, "true")
     prop.setProperty(DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX, "true")
+    prop.setProperty(DB_CLIENT_HOST_SPLIT_BY_HOST, "true")
     prop.setProperty(SPLIT_BY_TAGS, "some.tag1,some.tag2,some.tag1")
     prop.setProperty(PARTIAL_FLUSH_MIN_SPANS, "15")
     prop.setProperty(TRACE_REPORT_HOSTNAME, "true")
@@ -268,6 +270,7 @@ class ConfigTest extends DDSpecification {
     config.httpClientSplitByDomain == true
     config.dbClientSplitByInstance == true
     config.dbClientSplitByInstanceTypeSuffix == true
+    config.dbClientSplitByHost == true
     config.splitByTags == ["some.tag1", "some.tag2"].toSet()
     config.partialFlushMinSpans == 15
     config.reportHostName == true
@@ -357,6 +360,7 @@ class ConfigTest extends DDSpecification {
     System.setProperty(PREFIX + HTTP_CLIENT_HOST_SPLIT_BY_DOMAIN, "true")
     System.setProperty(PREFIX + DB_CLIENT_HOST_SPLIT_BY_INSTANCE, "true")
     System.setProperty(PREFIX + DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX, "true")
+    System.setProperty(PREFIX + DB_CLIENT_HOST_SPLIT_BY_HOST, "true")
     System.setProperty(PREFIX + SPLIT_BY_TAGS, "some.tag3, some.tag2, some.tag1")
     System.setProperty(PREFIX + PARTIAL_FLUSH_MIN_SPANS, "25")
     System.setProperty(PREFIX + TRACE_REPORT_HOSTNAME, "true")
@@ -443,6 +447,7 @@ class ConfigTest extends DDSpecification {
     config.httpClientSplitByDomain == true
     config.dbClientSplitByInstance == true
     config.dbClientSplitByInstanceTypeSuffix == true
+    config.dbClientSplitByHost == true
     config.splitByTags == ["some.tag3", "some.tag2", "some.tag1"].toSet()
     config.partialFlushMinSpans == 25
     config.reportHostName == true
@@ -588,6 +593,7 @@ class ConfigTest extends DDSpecification {
     System.setProperty(PREFIX + HTTP_CLIENT_ERROR_STATUSES, "1:1")
     System.setProperty(PREFIX + HTTP_CLIENT_HOST_SPLIT_BY_DOMAIN, "invalid")
     System.setProperty(PREFIX + DB_CLIENT_HOST_SPLIT_BY_INSTANCE, "invalid")
+    System.setProperty(PREFIX + DB_CLIENT_HOST_SPLIT_BY_HOST, "invalid")
     System.setProperty(PREFIX + PROPAGATION_STYLE_EXTRACT, "some garbage")
     System.setProperty(PREFIX + PROPAGATION_STYLE_INJECT, " ")
     System.setProperty(PREFIX + TRACE_LONG_RUNNING_ENABLED, "invalid")
@@ -614,6 +620,7 @@ class ConfigTest extends DDSpecification {
     config.httpClientSplitByDomain == false
     config.dbClientSplitByInstance == false
     config.dbClientSplitByInstanceTypeSuffix == false
+    config.dbClientSplitByHost == false
     config.splitByTags == [].toSet()
     config.propagationStylesToExtract.toList() == [PropagationStyle.DATADOG]
     config.propagationStylesToInject.toList() == [PropagationStyle.DATADOG]
@@ -690,6 +697,7 @@ class ConfigTest extends DDSpecification {
     properties.setProperty(HTTP_CLIENT_HOST_SPLIT_BY_DOMAIN, "true")
     properties.setProperty(DB_CLIENT_HOST_SPLIT_BY_INSTANCE, "true")
     properties.setProperty(DB_CLIENT_HOST_SPLIT_BY_INSTANCE_TYPE_SUFFIX, "true")
+    properties.setProperty(DB_CLIENT_HOST_SPLIT_BY_HOST, "true")
     properties.setProperty(PARTIAL_FLUSH_MIN_SPANS, "15")
     properties.setProperty(PROPAGATION_STYLE_EXTRACT, "B3 Datadog")
     properties.setProperty(PROPAGATION_STYLE_INJECT, "Datadog B3")
@@ -722,6 +730,7 @@ class ConfigTest extends DDSpecification {
     config.httpClientSplitByDomain == true
     config.dbClientSplitByInstance == true
     config.dbClientSplitByInstanceTypeSuffix == true
+    config.dbClientSplitByHost == true
     config.splitByTags == [].toSet()
     config.partialFlushMinSpans == 15
     config.propagationStylesToExtract.toList() == [PropagationStyle.B3, PropagationStyle.DATADOG]
diff --git a/internal-api/src/test/groovy/datadog/trace/api/git/GitInfoProviderTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/git/GitInfoProviderTest.groovy
index 78f32d943ef..73219b9ba0d 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/git/GitInfoProviderTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/git/GitInfoProviderTest.groovy
@@ -238,6 +238,27 @@ class GitInfoProviderTest extends Specification {
     actualGitInfo.commit.committer.iso8601Date == null
   }
 
+  def "test ignores remote URLs starting with file protocol"() {
+    setup:
+    def gitInfoBuilderA = givenABuilderReturning(
+      new GitInfo("file://uselessUrl", null, null, new CommitInfo(null)), 1
+      )
+
+    def gitInfoBuilderB = givenABuilderReturning(
+      new GitInfo("http://usefulUrl", null, null, new CommitInfo(null)), 2
+      )
+
+    def gitInfoProvider = new GitInfoProvider()
+    gitInfoProvider.registerGitInfoBuilder(gitInfoBuilderA)
+    gitInfoProvider.registerGitInfoBuilder(gitInfoBuilderB)
+
+    when:
+    def actualGitInfo = gitInfoProvider.getGitInfo(REPO_PATH)
+
+    then:
+    actualGitInfo.repositoryURL == "http://usefulUrl"
+  }
+
   private GitInfoBuilder givenABuilderReturning(GitInfo gitInfo) {
     givenABuilderReturning(gitInfo, 1)
   }
diff --git a/internal-api/src/test/groovy/datadog/trace/api/iast/HttpRequestEndModuleTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/iast/HttpRequestEndModuleTest.groovy
new file mode 100644
index 00000000000..1c120715dc1
--- /dev/null
+++ b/internal-api/src/test/groovy/datadog/trace/api/iast/HttpRequestEndModuleTest.groovy
@@ -0,0 +1,48 @@
+package datadog.trace.api.iast
+
+
+import spock.lang.Specification
+
+class HttpRequestEndModuleTest  extends Specification{
+  def 'test isHtmlResponse'(){
+    setup:
+    final module = new HttpReqquestEndModuleTestImpl()
+
+    when:
+    final result = module.isHtmlResponse(htmlValue)
+
+    then:
+    result == expected
+
+    where:
+    htmlValue               | expected
+    "text/html"             | true
+    "application/xhtml+xml" | true
+    "somethingelse"         | false
+    null                    | false
+    ""                      | false
+  }
+
+  def 'test isIgnorableResponseCode'(){
+    setup:
+    final module = new HttpReqquestEndModuleTestImpl()
+
+    when:
+    final result = module.isIgnorableResponseCode(code)
+
+    then:
+    result == expected
+
+    where:
+    code                                        | expected
+    HttpURLConnection.HTTP_MOVED_PERM           | true
+    HttpURLConnection.HTTP_MOVED_TEMP           | true
+    HttpURLConnection.HTTP_NOT_MODIFIED         | true
+    HttpURLConnection.HTTP_NOT_FOUND            | true
+    HttpURLConnection.HTTP_GONE                 | true
+    HttpURLConnection.HTTP_INTERNAL_ERROR       | true
+    307i                                        | true
+    200i                                        | false
+    0i                                          | false
+  }
+}
diff --git a/internal-api/src/test/groovy/datadog/trace/api/iast/IastContextTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/iast/IastContextTest.groovy
new file mode 100644
index 00000000000..ce543e10376
--- /dev/null
+++ b/internal-api/src/test/groovy/datadog/trace/api/iast/IastContextTest.groovy
@@ -0,0 +1,67 @@
+package datadog.trace.api.iast
+
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+import datadog.trace.bootstrap.instrumentation.api.AgentTracer
+import datadog.trace.test.util.DDSpecification
+import spock.lang.Shared
+
+class IastContextTest extends DDSpecification {
+
+  @Shared
+  protected static final AgentTracer.TracerAPI ORIGINAL_TRACER = AgentTracer.get()
+
+  protected AgentTracer.TracerAPI tracer = Mock(AgentTracer.TracerAPI)
+
+  protected IastContext iastCtx = Mock(IastContext)
+
+  protected RequestContext reqCtx = Mock(RequestContext) {
+    getData(RequestContextSlot.IAST) >> iastCtx
+  }
+
+  protected AgentSpan span = Mock(AgentSpan) {
+    getRequestContext() >> reqCtx
+  }
+
+  void setup() {
+    AgentTracer.forceRegister(tracer)
+  }
+
+  void cleanup() {
+    AgentTracer.forceRegister(ORIGINAL_TRACER)
+  }
+
+  void 'test get context'() {
+    when:
+    final context = IastContext.Provider.get()
+
+    then:
+    1 * tracer.activeSpan() >> span
+    context == iastCtx
+
+    when:
+    final nullContext = IastContext.Provider.get()
+
+    then:
+    1 * tracer.activeSpan() >> null
+    nullContext == null
+  }
+
+
+  void 'test get context with span'() {
+    when:
+    final context = IastContext.Provider.get(span)
+
+    then:
+    context == iastCtx
+  }
+
+  void 'test get context with request context'() {
+    when:
+    final context = IastContext.Provider.get(reqCtx)
+
+    then:
+    context == iastCtx
+  }
+}
diff --git a/internal-api/src/test/groovy/datadog/trace/api/iast/InstrumentationBridgeTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/iast/InstrumentationBridgeTest.groovy
index 044c47c51d3..ab3a4ebc8ed 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/iast/InstrumentationBridgeTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/iast/InstrumentationBridgeTest.groovy
@@ -12,7 +12,6 @@ import datadog.trace.api.iast.sink.WeakCipherModule
 import datadog.trace.api.iast.sink.WeakHashModule
 import datadog.trace.api.iast.sink.WeakRandomnessModule
 import datadog.trace.api.iast.sink.XPathInjectionModule
-import datadog.trace.api.iast.source.WebModule
 import datadog.trace.test.util.DDSpecification
 
 class InstrumentationBridgeTest extends DDSpecification {
@@ -20,7 +19,6 @@ class InstrumentationBridgeTest extends DDSpecification {
   private final static BRIDGE_MODULES = [
     WeakCipherModule,
     WeakHashModule,
-    WebModule,
     StringModule,
     CodecModule,
     SqlInjectionModule,
diff --git a/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricCollectorTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricCollectorTest.groovy
index 6725faeaa79..65ef1690bcd 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricCollectorTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricCollectorTest.groovy
@@ -2,6 +2,7 @@ package datadog.trace.api.iast.telemetry
 
 import datadog.trace.api.gateway.RequestContext
 import datadog.trace.api.gateway.RequestContextSlot
+import datadog.trace.api.iast.SourceTypes
 import datadog.trace.api.iast.VulnerabilityTypes
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer
@@ -61,7 +62,7 @@ class IastMetricCollectorTest extends DDSpecification {
     result.empty
   }
 
-  void 'test collectors'() {
+  void 'test collector in heavy concurrency'() {
     given:
     final times = 1000
     final value = 5
@@ -76,9 +77,13 @@ class IastMetricCollectorTest extends DDSpecification {
     final futures = (1..times).collect { i ->
       executor.submit {
         final metric = metrics[random.nextInt(metrics.length)]
-        final tag = metric.tag == null ? null : metric.tag.values[random.nextInt(metric.tag.values.length)]
         latch.await()
-        IastMetricCollector.add(metric, tag, value)
+        if (metric.tag == null) {
+          IastMetricCollector.add(metric, value)
+        } else {
+          final tag = metric.tag.values[random.nextInt(metric.tag.values.length)]
+          IastMetricCollector.add(metric, tag, value)
+        }
       }
     }
     latch.countDown()
@@ -96,13 +101,11 @@ class IastMetricCollectorTest extends DDSpecification {
   void 'test no op collector does nothing'() {
     setup:
     final collector = new NoOpInstance()
-    final metric = IastMetric.EXECUTED_PROPAGATION
-    final tag = null
-
-    when:
+    final metric = IastMetric.EXECUTED_SINK
+    final tag = VulnerabilityTypes.SQL_INJECTION
 
     when: 'adding a metric'
-    collector.addMetric(metric, tag, 23)
+    collector.addMetric(metric, tag, 1)
     collector.prepareMetrics()
     final collectorMetrics = collector.drain()
 
@@ -110,7 +113,7 @@ class IastMetricCollectorTest extends DDSpecification {
     collectorMetrics.empty
 
     when: 'merging metrics'
-    collector.merge([new IastMetricCollector.IastMetricData(metric, tag, 23)])
+    collector.merge([new IastMetricCollector.IastMetricData(metric, tag, 100)])
     collector.prepareMetrics()
     final mergedMetrics = collector.drain()
 
@@ -153,41 +156,74 @@ class IastMetricCollectorTest extends DDSpecification {
     0 * _
   }
 
-  void 'test metric tags/span tags'() {
-    given:
-    final metric = IastMetric.INSTRUMENTED_SINK
-    final tag = VulnerabilityTypes.SQL_INJECTION
-
+  void 'test metric tags/span tags: #metric'() {
     when:
-    final withTag = new IastMetricCollector.IastMetricData(metric, tag, 1)
+    final data = new IastMetricCollector.IastMetricData(metric, tag, 1)
 
     then:
-    withTag.tags == ["${metric.tag.name}:${tag}"]
-    withTag.spanTag == "${metric.name}.${tag.toLowerCase().replaceAll('\\.', '_')}"
+    if (metric.tag) {
+      final tagString = metric.tag.toString(tag)
+      data.tags.size() == 1
+      data.tags.first() == "${metric.tag.name}:${tagString}"
+      data.spanTag == "${metric.name}.${tagString.toLowerCase().replaceAll('\\.', '_')}"
+    } else {
+      data.tags.empty
+      data.spanTag == metric.name
+    }
+
+    where:
+    metric                         | tag
+    IastMetric.INSTRUMENTED_SINK   | VulnerabilityTypes.SQL_INJECTION
+    IastMetric.INSTRUMENTED_SOURCE | SourceTypes.REQUEST_HEADER_NAME
+    IastMetric.EXECUTED_TAINTED    | (byte) -1
   }
 
-  void 'test metrics with multiple tags'() {
+  void 'test metric: #metric'() {
     given:
     final collector = new IastMetricCollector()
-    final metric = IastMetric.INSTRUMENTED_SINK
-    final tag = VulnerabilityTypes.RESPONSE_HEADER
-    final value = 1
+    final value = 125
 
     when:
-    collector.addMetric(metric, tag, value)
+    collector.addMetric(metric, metric.tag == null ? (byte) -1 : tag, value)
     collector.prepareMetrics()
     final result = collector.drain()
 
-    then: 'multiple data points are added'
-
-    result.size() == 2
-    final grouped = result.groupBy { it.tags.first() }
-    VulnerabilityTypes.RESPONSE_HEADER_TYPES.each {
-      final tagValue = "${metric.tag.name}:${it}"
-      final data = grouped[tagValue].first()
-      assert data.metric == metric
-      assert data.value.toLong() == value
-      assert data.tags == [tagValue]
+    then:
+    if (metric.tag) {
+      final assertedTags = metric.tag.isWrapped(tag) ? metric.tag.unwrap(tag) : [tag]
+      result.size() == assertedTags
+      final grouped = result.groupBy { it.tags.first() }
+      assertedTags.each {
+        final tagValue = "${metric.tag.name}:${metric.tag.toString(it as byte)}"
+        final data = grouped[tagValue].first()
+        assert data.metric == metric
+        assert data.value.toLong() == value
+        assert data.tags.size() == 1
+        assert data.tags.first() == tagValue
+      }
+    } else {
+      result.size() == 1
+      final data = result.first()
+      data.metric == metric
+      data.value.toLong() == value
+      data.tags.empty
     }
+
+    where:
+    metric                         | tag
+    IastMetric.INSTRUMENTED_SINK   | VulnerabilityTypes.SQL_INJECTION
+    IastMetric.EXECUTED_SINK       | VulnerabilityTypes.SQL_INJECTION
+
+    IastMetric.INSTRUMENTED_SINK   | VulnerabilityTypes.RESPONSE_HEADER // wrapped response headers
+    IastMetric.EXECUTED_SINK       | VulnerabilityTypes.RESPONSE_HEADER
+
+    IastMetric.INSTRUMENTED_SINK   | VulnerabilityTypes.SPRING_RESPONSE // wrapped spring response
+    IastMetric.EXECUTED_SINK       | VulnerabilityTypes.SPRING_RESPONSE
+
+    IastMetric.INSTRUMENTED_SOURCE | SourceTypes.REQUEST_HEADER_NAME
+    IastMetric.EXECUTED_SOURCE     | SourceTypes.REQUEST_HEADER_NAME
+
+    IastMetric.EXECUTED_TAINTED    | null
+    IastMetric.TAINTED_FLAT_MODE   | null
   }
 }
diff --git a/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricTest.groovy
index da2f7052694..a11a63691c6 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/iast/telemetry/IastMetricTest.groovy
@@ -30,15 +30,15 @@ class IastMetricTest extends Specification {
 
   void 'test parsing of tags'() {
     when:
-    final result = metricTag.parse(tag)
+    final result = metricTag.unwrap(tag)
 
     then:
     result == expected
 
     where:
-    metricTag                         | tag                                        | expected
-    IastMetric.Tag.VULNERABILITY_TYPE | VulnerabilityTypes.RESPONSE_HEADER         | VulnerabilityTypes.RESPONSE_HEADER_TYPES
-    IastMetric.Tag.VULNERABILITY_TYPE | VulnerabilityTypes.SQL_INJECTION           | new String[0]
-    IastMetric.Tag.SOURCE_TYPE        | SourceTypes.REQUEST_PARAMETER_VALUE_STRING | new String[0]
+    metricTag                         | tag                                 | expected
+    IastMetric.Tag.VULNERABILITY_TYPE | VulnerabilityTypes.RESPONSE_HEADER  | VulnerabilityTypes.RESPONSE_HEADER_TYPES
+    IastMetric.Tag.VULNERABILITY_TYPE | VulnerabilityTypes.SQL_INJECTION    | new byte[0]
+    IastMetric.Tag.SOURCE_TYPE        | SourceTypes.REQUEST_PARAMETER_VALUE | new byte[0]
   }
 }
diff --git a/internal-api/src/test/groovy/datadog/trace/api/naming/NamingV0ForkedTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/naming/NamingV0ForkedTest.groovy
index 55419c397fb..28111086f03 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/naming/NamingV0ForkedTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/naming/NamingV0ForkedTest.groovy
@@ -5,7 +5,7 @@ import datadog.trace.api.config.TracerConfig
 import datadog.trace.test.util.DDSpecification
 
 class NamingV0ForkedTest extends DDSpecification {
-  def "v0 should use DD_SERVICE when DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED is true"() {
+  def "v0 should not set service when DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED is true"() {
     setup:
     def ddService = "testService"
     injectSysConfig(TracerConfig.TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED, "true")
@@ -16,11 +16,11 @@ class NamingV0ForkedTest extends DDSpecification {
 
     then:
     assert SpanNaming.instance().version() == 0
-    assert !schema.allowFakeServices()
-    assert schema.messaging().inboundService(ddService, "anything") == ddService
-    assert schema.messaging().outboundService(ddService, "anything") == ddService
-    assert schema.database().service(ddService, "anything") == ddService
-    assert schema.cache().service(ddService, "anything") == ddService
-    assert schema.cloud().serviceForRequest("any", "anything") == ddService
+    assert !schema.allowInferredServices()
+    assert schema.messaging().inboundService("anything", true) == null
+    assert schema.messaging().outboundService("anything", true) == null
+    assert schema.database().service("anything") == null
+    assert schema.cache().service("anything") == null
+    assert schema.cloud().serviceForRequest("any", "anything") == null
   }
 }
diff --git a/internal-api/src/test/groovy/datadog/trace/api/normalize/SQLNormalizerTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/normalize/SQLNormalizerTest.groovy
index 60b05610735..1fd7edcdb71 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/normalize/SQLNormalizerTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/normalize/SQLNormalizerTest.groovy
@@ -105,6 +105,19 @@ ORDER BY calls DESC, country.id ASC;"""
   country_name = 'Nova1'
 WHERE id = 8;"""                                                                                          | """UPDATE v_country_all SET
   country_name = ?
+WHERE id = ?"""
+    """UPDATE v_country_all /* 1. in-line comment */ SET
+  /*
+   * 2. multi-line comment
+   */
+  country_name = 'Nova1'
+  -- 3. single-line comment
+WHERE id = 8;"""                                                                                          | """UPDATE v_country_all /* ? in-line comment */ SET
+  /*
+   * ? multi-line comment
+   */
+  country_name = ?
+  -- ? single-line comment
 WHERE id = ?"""
     """INSERT INTO country (country_name, country_name_eng, country_code) VALUES ('Deutschland', 'Germany', 'DEU');
 INSERT INTO country (country_name, country_name_eng, country_code) VALUES ('Srbija', 'Serbia', 'SRB');
diff --git a/internal-api/src/test/groovy/datadog/trace/api/normalize/SimpleHttpPathNormalizerTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/normalize/SimpleHttpPathNormalizerTest.groovy
index b7055704307..12b1e3bdf68 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/normalize/SimpleHttpPathNormalizerTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/normalize/SimpleHttpPathNormalizerTest.groovy
@@ -31,6 +31,14 @@ class SimpleHttpPathNormalizerTest extends DDSpecification {
     "\t/:userId"     | "/:userId"
   }
 
+  def 'does not suppress whitespace in non-initial position of decoded strings'() {
+    String input = ' /a b/'
+    String output = simplePathNormalizer.normalize(input, false)
+
+    expect:
+    output == '/a b/'
+  }
+
   def "should replace all digits"() {
     when:
     def norm = simplePathNormalizer.normalize(input) as String
diff --git a/internal-api/src/test/groovy/datadog/trace/api/telemetry/TelemetryCollectorsTest.groovy b/internal-api/src/test/groovy/datadog/trace/api/telemetry/TelemetryCollectorsTest.groovy
index bebe8fe1ecd..c8db7b8953c 100644
--- a/internal-api/src/test/groovy/datadog/trace/api/telemetry/TelemetryCollectorsTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/api/telemetry/TelemetryCollectorsTest.groovy
@@ -1,6 +1,8 @@
 package datadog.trace.api.telemetry
 
 import datadog.trace.api.ConfigCollector
+import datadog.trace.api.ConfigOrigin
+import datadog.trace.api.ConfigSetting
 import datadog.trace.api.IntegrationsCollector
 import datadog.trace.api.metrics.SpanMetricRegistryImpl
 import datadog.trace.test.util.DDSpecification
@@ -35,12 +37,17 @@ class TelemetryCollectorsTest extends DDSpecification {
     ConfigCollector.get().collect()
 
     when:
-    ConfigCollector.get().put('key1', 'value1')
-    ConfigCollector.get().put('key2', 'value2')
-    ConfigCollector.get().put('key1', 'replaced')
+    ConfigCollector.get().put('key1', 'value1', ConfigOrigin.DEFAULT)
+    ConfigCollector.get().put('key2', 'value2', ConfigOrigin.ENV)
+    ConfigCollector.get().put('key1', 'replaced', ConfigOrigin.REMOTE)
+    ConfigCollector.get().put('key3', 'value3', ConfigOrigin.JVM_PROP)
 
     then:
-    ConfigCollector.get().collect() == [key1: 'replaced', key2: 'value2']
+    ConfigCollector.get().collect().values().toSet() == [
+      new ConfigSetting('key1', 'replaced', ConfigOrigin.REMOTE),
+      new ConfigSetting('key2', 'value2', ConfigOrigin.ENV),
+      new ConfigSetting('key3', 'value3', ConfigOrigin.JVM_PROP)
+    ] as Set
   }
 
   def "no metrics - drain empty list"() {
@@ -183,10 +190,10 @@ class TelemetryCollectorsTest extends DDSpecification {
     ConfigCollector.get().collect()
 
     when:
-    ConfigCollector.get().put('DD_API_KEY', 'sensitive data')
+    ConfigCollector.get().put('DD_API_KEY', 'sensitive data', ConfigOrigin.ENV)
 
     then:
-    ConfigCollector.get().collect().get('DD_API_KEY') == '<hidden>'
+    ConfigCollector.get().collect().get('DD_API_KEY').value == '<hidden>'
   }
 
   def "update-drain span core metrics"() {
diff --git a/internal-api/src/test/groovy/datadog/trace/bootstrap/config/provider/ConfigConverterTest.groovy b/internal-api/src/test/groovy/datadog/trace/bootstrap/config/provider/ConfigConverterTest.groovy
index e5406ac0f55..6ef1172f385 100644
--- a/internal-api/src/test/groovy/datadog/trace/bootstrap/config/provider/ConfigConverterTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/bootstrap/config/provider/ConfigConverterTest.groovy
@@ -98,4 +98,31 @@ class ConfigConverterTest extends DDSpecification {
     "===="                                          | '='       | [:]
     // spotless:on
   }
+
+  def "render a single interval bitset"() {
+    def set = new BitSet()
+    set.set(200, 299)
+
+    expect:
+    ConfigConverter.renderIntegerRange(set) == "200-299"
+  }
+
+  def "render a single value bitset"() {
+    def set = new BitSet()
+    set.set(33)
+
+    expect:
+    ConfigConverter.renderIntegerRange(set) == "33"
+  }
+
+  def "render bitset intervals"() {
+    def set = new BitSet()
+    set.set(33)
+    set.set(200, 300)
+    set.set(303)
+    set.set(400, 500)
+
+    expect:
+    ConfigConverter.renderIntegerRange(set) == "33,200-300,303,400-500"
+  }
 }
diff --git a/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/SpanLinkTest.groovy b/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/SpanLinkTest.groovy
new file mode 100644
index 00000000000..b4626179ce4
--- /dev/null
+++ b/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/SpanLinkTest.groovy
@@ -0,0 +1,133 @@
+package datadog.trace.bootstrap.instrumentation.api
+
+
+import datadog.trace.api.DDSpanId
+import datadog.trace.api.DDTraceId
+import datadog.trace.test.util.DDSpecification
+
+import static datadog.trace.bootstrap.instrumentation.api.AgentSpanLink.DEFAULT_FLAGS
+import static datadog.trace.bootstrap.instrumentation.api.AgentSpanLink.SAMPLED_FLAG
+
+class SpanLinkTest extends DDSpecification {
+  def "test span link from context"() {
+    setup:
+    def traceId = DDTraceId.fromHex("11223344556677889900aabbccddeeff")
+    def spanId = DDSpanId.fromHex("123456789abcdef0")
+    AgentSpan.Context context = Stub {
+      getTraceId() >> traceId
+      getSpanId() >> spanId
+      getSamplingPriority() >> (sampled ? 1 : 0)
+    }
+
+    when:
+    def link = SpanLink.from(context)
+
+    then:
+    link.traceId() == traceId
+    link.spanId() == spanId
+    link.traceFlags() == (sampled ? SAMPLED_FLAG : DEFAULT_FLAGS)
+    link.traceState() == ""
+    link.attributes() == SpanLinkAttributes.EMPTY
+
+    when:
+    link.toString()
+
+    then:
+    notThrown(Exception)
+
+    where:
+    sampled << [true, false]
+  }
+
+  def "test span link attributes api"() {
+    when:
+    def attributes = SpanLinkAttributes.builder().build()
+
+    then:
+    attributes.isEmpty()
+
+    when:
+    attributes = SpanLinkAttributes.builder().put('key', 'value').build()
+
+    then:
+    !attributes.isEmpty()
+  }
+
+  def "test span link attributes encoding"() {
+    setup:
+    def builder = SpanLinkAttributes.builder()
+
+    when:
+    builder.put('string', 'value')
+    builder.put('string-empty', '')
+    builder.put('string-null', null)
+    builder.put('bool', true)
+    builder.put('bool-false', false)
+    builder.put('long', 12345L)
+    builder.put('long-negative', -12345L)
+    builder.put('double', 67.89)
+    builder.put('double-negative', -67.89)
+    builder.putStringArray('string-array', ['abc', '', null, 'def'])
+    builder.putStringArray('string-array-null', null)
+    builder.putBooleanArray('bool-array', [true, false, null, Boolean.TRUE, Boolean.FALSE])
+    builder.putStringArray('bool-array-null', null)
+    builder.putLongArray('long-array', [123L, 456L, null, Long.MIN_VALUE, Long.MAX_VALUE])
+    builder.putStringArray('long-array-null', null)
+    builder.putDoubleArray('double-array', [12.3D, 45.6D, null, Double.MIN_VALUE, Double.MAX_VALUE])
+    builder.putStringArray('double-array-null', null)
+    def map = builder.build().asMap()
+
+    then:
+    map['string'] == 'value'
+    map['string-empty'] == ''
+    !map.containsKey('string-null')
+    map['bool'] == 'true'
+    map['bool-false'] == 'false'
+    map['long'] == '12345'
+    map['long-negative'] == '-12345'
+    map['double'] == '67.89'
+    map['double-negative'] == '-67.89'
+
+    map['string-array.0'] == 'abc'
+    map['string-array.1'] == ''
+    !map.containsKey('string-array.2')
+    map['string-array.3'] == 'def'
+    !map.containsKey('string-array-null')
+
+    map['bool-array.0'] == 'true'
+    map['bool-array.1'] == 'false'
+    !map.containsKey('bool-array.2')
+    map['bool-array.3'] == 'true'
+    map['bool-array.4'] == 'false'
+    !map.containsKey('bool-array-null')
+
+    map['long-array.0'] == '123'
+    map['long-array.1'] == '456'
+    !map.containsKey('long-array.2')
+    map['long-array.3'] == '-9223372036854775808'
+    map['long-array.4'] == '9223372036854775807'
+    !map.containsKey('long-array-null')
+
+    map['double-array.0'] == '12.3'
+    map['double-array.1'] == '45.6'
+    !map.containsKey('double-array.2')
+    // Field should be encoded as String using JSON representation so the scientific notation is valid
+    map['double-array.3'] == '4.9E-324'
+    map['double-array.4'] == '1.7976931348623157E308'
+    !map.containsKey('double-array-null')
+
+    when:
+    def attributes = SpanLinkAttributes.fromMap(map)
+
+    then:
+    attributes.asMap() == map
+  }
+
+  def "test span link attributes toString"() {
+    when:
+    SpanLinkAttributes.builder().build().toString()
+
+    then:
+    notThrown(NullPointerException)
+  }
+}
diff --git a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/TaskWrapperTest.groovy b/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/TaskWrapperTest.groovy
similarity index 97%
rename from dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/TaskWrapperTest.groovy
rename to internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/TaskWrapperTest.groovy
index c4af1bf82b3..5b8edc7f080 100644
--- a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/TaskWrapperTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/TaskWrapperTest.groovy
@@ -1,4 +1,5 @@
-package datadog.trace.bootstrap
+package datadog.trace.bootstrap.instrumentation.api
+
 
 import datadog.trace.test.util.DDSpecification
 
diff --git a/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/URIUtilsTest.groovy b/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/URIUtilsTest.groovy
index 60589c6753a..73b5e5cfad3 100644
--- a/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/URIUtilsTest.groovy
+++ b/internal-api/src/test/groovy/datadog/trace/bootstrap/instrumentation/api/URIUtilsTest.groovy
@@ -116,4 +116,19 @@ class URIUtilsTest extends DDSpecification {
     invalid.subSequence(1,3) == 'ei'
     invalid.charAt(3) == 'r' as char
   }
+
+  def "test safeConcat for code coverage"() {
+    setup:
+    def concat = URIUtils.safeConcat(first, second)
+    expect:
+    (concat == null && expected == null) || concat.toString() == expected
+    where:
+    first                                    | second                                   | expected
+    "http://localhost/"                      | "test/me"                                | "http://localhost/test/me"
+    "http://localhost"                       | "/test/me"                               | "http://localhost/test/me"
+    "http://localhost/"                      | "http://localhost/test/me"               | "http://localhost/test/me"
+    null                                     | null                                     | null
+    null                                     | "/test"                                  | "/test"
+    "http://localhost"                       | null                                     | "http://localhost/"
+  }
 }
diff --git a/internal-api/src/test/java/datadog/trace/api/iast/HttpReqquestEndModuleTestImpl.java b/internal-api/src/test/java/datadog/trace/api/iast/HttpReqquestEndModuleTestImpl.java
new file mode 100644
index 00000000000..d8ab5f88625
--- /dev/null
+++ b/internal-api/src/test/java/datadog/trace/api/iast/HttpReqquestEndModuleTestImpl.java
@@ -0,0 +1,9 @@
+package datadog.trace.api.iast;
+
+import datadog.trace.api.gateway.IGSpanInfo;
+import datadog.trace.api.iast.sink.HttpRequestEndModule;
+
+public class HttpReqquestEndModuleTestImpl implements HttpRequestEndModule {
+  @Override
+  public void onRequestEnd(Object ctx, IGSpanInfo span) {}
+}
diff --git a/internal-api/src/test/java/datadog/trace/api/sampling/AdaptiveSamplerTest.java b/internal-api/src/test/java/datadog/trace/api/sampling/AdaptiveSamplerTest.java
index fe1ca1cbf46..4f09a332fe2 100644
--- a/internal-api/src/test/java/datadog/trace/api/sampling/AdaptiveSamplerTest.java
+++ b/internal-api/src/test/java/datadog/trace/api/sampling/AdaptiveSamplerTest.java
@@ -261,7 +261,7 @@ public void testRepeatingRegularStartWithLow() throws Exception {
   @Test
   public void testKeep() {
     final AdaptiveSampler sampler =
-        new AdaptiveSampler(WINDOW_DURATION, 1, 1, 1, null, taskScheduler);
+        new AdaptiveSampler(WINDOW_DURATION, 1, 1, 1, null, taskScheduler, true);
     long tests = sampler.testCount();
     long samples = sampler.sampleCount();
     assertTrue(sampler.keep());
@@ -272,7 +272,7 @@ public void testKeep() {
   @Test
   public void testDrop() {
     final AdaptiveSampler sampler =
-        new AdaptiveSampler(WINDOW_DURATION, 1, 1, 1, null, taskScheduler);
+        new AdaptiveSampler(WINDOW_DURATION, 1, 1, 1, null, taskScheduler, true);
     long tests = sampler.testCount();
     long samples = sampler.sampleCount();
     assertFalse(sampler.drop());
@@ -344,7 +344,8 @@ void testConfigListener() throws Exception {
                   }
               }
             },
-            taskScheduler);
+            taskScheduler,
+            true);
     sampler.keep();
     sampler.drop();
     rollWindow();
@@ -383,7 +384,8 @@ private void testSamplerInline(
             AVERAGE_LOOKBACK,
             BUDGET_LOOKBACK,
             null,
-            taskScheduler);
+            taskScheduler,
+            true);
 
     // simulate event generation and sampling for the given number of sampling windows
     final long expectedSamples = WINDOWS * SAMPLES_PER_WINDOW;
@@ -544,7 +546,8 @@ private void testSamplerConcurrently(
             AVERAGE_LOOKBACK,
             BUDGET_LOOKBACK,
             null,
-            taskScheduler);
+            taskScheduler,
+            true);
     final CyclicBarrier startBarrier = new CyclicBarrier(threadCount);
     final CyclicBarrier endBarrier = new CyclicBarrier(threadCount, this::rollWindow);
     final Mean[] means = new Mean[threadCount];
diff --git a/lib-injection/Dockerfile b/lib-injection/Dockerfile
index 6d5af743225..f8f001c72a3 100644
--- a/lib-injection/Dockerfile
+++ b/lib-injection/Dockerfile
@@ -1,7 +1,7 @@
 FROM scratch AS java_agent
 COPY dd-java-agent.jar /
 
-FROM busybox
+FROM alpine:3.18.3
 
 ARG UID=10000
 RUN addgroup -g 10000 -S datadog \
diff --git a/remote-config/build.gradle b/remote-config/build.gradle
index 9e3062230fe..724a9d63452 100644
--- a/remote-config/build.gradle
+++ b/remote-config/build.gradle
@@ -27,8 +27,7 @@ dependencies {
   implementation deps.slf4j
   implementation deps.okhttp
   implementation deps.moshi
-  implementation 'cafe.cryptography:ed25519-elisabeth:0.1.0'
-  implementation 'cafe.cryptography:curve25519-elisabeth:0.1.0'
+  implementation deps.cafe_crypto
 
   implementation project(':internal-api')
 
diff --git a/remote-config/src/main/java/datadog/remoteconfig/state/ProductState.java b/remote-config/src/main/java/datadog/remoteconfig/state/ProductState.java
index ae26cc31b62..a82db5fa6aa 100644
--- a/remote-config/src/main/java/datadog/remoteconfig/state/ProductState.java
+++ b/remote-config/src/main/java/datadog/remoteconfig/state/ProductState.java
@@ -80,7 +80,7 @@ public boolean apply(
       try {
         callListenerCommit(hinter);
       } catch (Exception ex) {
-        log.error("Error committing changes for product" + product, ex);
+        log.error("Error committing changes for product {}", product, ex);
       }
     }
 
diff --git a/remote-config/src/main/java/datadog/remoteconfig/tuf/RemoteConfigRequest.java b/remote-config/src/main/java/datadog/remoteconfig/tuf/RemoteConfigRequest.java
index a6cb093eaa5..c5e350c5d36 100644
--- a/remote-config/src/main/java/datadog/remoteconfig/tuf/RemoteConfigRequest.java
+++ b/remote-config/src/main/java/datadog/remoteconfig/tuf/RemoteConfigRequest.java
@@ -61,6 +61,7 @@ public static class ClientInfo {
     public static final long CAPABILITY_ASM_USER_BLOCKING = 1 << 7;
     public static final long CAPABILITY_ASM_CUSTOM_RULES = 1 << 8;
     public static final long CAPABILITY_ASM_CUSTOM_BLOCKING_RESPONSE = 1 << 9;
+    public static final long CAPABILITY_ASM_TRUSTED_IPS = 1 << 10;
 
     @Json(name = "state")
     private final ClientState clientState;
diff --git a/settings.gradle b/settings.gradle
index 7ee35f448b9..d5917b55a68 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -89,11 +89,13 @@ include ':utils:time-utils'
 include ':utils:version-utils'
 
 // smoke tests
+include ':dd-smoke-tests:armeria-grpc'
 include ':dd-smoke-tests:cli'
 include ':dd-smoke-tests:custom-systemloader'
 include ':dd-smoke-tests:dynamic-config'
 include ':dd-smoke-tests:field-injection'
 include ':dd-smoke-tests:gradle'
+include ':dd-smoke-tests:grpc-1.5'
 include ':dd-smoke-tests:java9-modules'
 include ':dd-smoke-tests:jersey'
 include ':dd-smoke-tests:jersey-2'
@@ -129,7 +131,9 @@ include ':dd-smoke-tests:spring-security'
 include ':dd-smoke-tests:springboot'
 include ':dd-smoke-tests:springboot-grpc'
 include ':dd-smoke-tests:springboot-mongo'
-include ':dd-smoke-tests:springboot-openliberty'
+include ':dd-smoke-tests:springboot-openliberty-20'
+include ':dd-smoke-tests:springboot-openliberty-23'
+include ':dd-smoke-tests:springboot-thymeleaf'
 include ':dd-smoke-tests:springboot-tomcat'
 include ':dd-smoke-tests:vertx-3.4'
 include ':dd-smoke-tests:vertx-3.9'
@@ -154,6 +158,7 @@ include ':dd-java-agent:instrumentation:akka-init'
 include ':dd-java-agent:instrumentation:apache-httpasyncclient-4'
 include ':dd-java-agent:instrumentation:apache-httpclient-4'
 include ':dd-java-agent:instrumentation:apache-httpclient-5'
+include ':dd-java-agent:instrumentation:armeria-grpc'
 include ':dd-java-agent:instrumentation:aws-java-sdk-1.11.0'
 include ':dd-java-agent:instrumentation:aws-java-sdk-2.2'
 include ':dd-java-agent:instrumentation:aws-java-sqs-1.0'
@@ -197,6 +202,7 @@ include ':dd-java-agent:instrumentation:elasticsearch:transport-6'
 include ':dd-java-agent:instrumentation:elasticsearch:transport-7.3'
 include ':dd-java-agent:instrumentation:exception-profiling'
 include ':dd-java-agent:instrumentation:finatra-2.9'
+include ':dd-java-agent:instrumentation:freemarker'
 include ':dd-java-agent:instrumentation:glassfish'
 include ':dd-java-agent:instrumentation:google-http-client'
 include ':dd-java-agent:instrumentation:graal:native-image'
@@ -206,6 +212,7 @@ include ':dd-java-agent:instrumentation:grizzly-2'
 include ':dd-java-agent:instrumentation:grizzly-client-1.9'
 include ':dd-java-agent:instrumentation:grizzly-http-2.3.20'
 include ':dd-java-agent:instrumentation:grpc-1.5'
+include ':dd-java-agent:instrumentation:gson-1.6'
 include ':dd-java-agent:instrumentation:guava-10'
 include ':dd-java-agent:instrumentation:hazelcast-3.6'
 include ':dd-java-agent:instrumentation:hazelcast-3.9'
@@ -221,6 +228,7 @@ include ':dd-java-agent:instrumentation:ignite-2.0'
 include ':dd-java-agent:instrumentation:jackson-core'
 include ':dd-java-agent:instrumentation:jackson-core:jackson-core-1'
 include ':dd-java-agent:instrumentation:jacoco'
+include ':dd-java-agent:instrumentation:jakarta-jms'
 include ':dd-java-agent:instrumentation:jakarta-rs-annotations-3'
 include ':dd-java-agent:instrumentation:java-concurrent'
 include ':dd-java-agent:instrumentation:java-concurrent:java-completablefuture'
@@ -261,6 +269,7 @@ include ':dd-java-agent:instrumentation:jetty-7.0'
 include ':dd-java-agent:instrumentation:jetty-7.6'
 include ':dd-java-agent:instrumentation:jetty-9'
 include ':dd-java-agent:instrumentation:jetty-11'
+include ':dd-java-agent:instrumentation:jetty-12'
 include ':dd-java-agent:instrumentation:jetty-appsec-7'
 include ':dd-java-agent:instrumentation:jetty-appsec-8.1.3'
 include ':dd-java-agent:instrumentation:jetty-appsec-9.2'
@@ -272,15 +281,21 @@ include ':dd-java-agent:instrumentation:jms'
 include ':dd-java-agent:instrumentation:jose-jwt'
 include ':dd-java-agent:instrumentation:jsp-2.3'
 include ':dd-java-agent:instrumentation:junit-4.10'
+include ':dd-java-agent:instrumentation:junit-4.10:cucumber'
+include ':dd-java-agent:instrumentation:junit-4.10:munit'
 include ':dd-java-agent:instrumentation:junit-5.3'
+include ':dd-java-agent:instrumentation:junit-5.3:cucumber'
+include ':dd-java-agent:instrumentation:junit-5.3:spock'
 include ':dd-java-agent:instrumentation:kafka-clients-0.11'
 include ':dd-java-agent:instrumentation:kafka-streams-0.11'
+include ':dd-java-agent:instrumentation:karate'
 include ':dd-java-agent:instrumentation:kotlin-coroutines'
 include ':dd-java-agent:instrumentation:kotlin-coroutines:coroutines-1.3'
 include ':dd-java-agent:instrumentation:kotlin-coroutines:coroutines-1.5'
 include ':dd-java-agent:instrumentation:lettuce-4'
 include ':dd-java-agent:instrumentation:lettuce-5'
 include ':dd-java-agent:instrumentation:liberty-20'
+include ':dd-java-agent:instrumentation:liberty-23'
 include ':dd-java-agent:instrumentation:log4j-2.7'
 include ':dd-java-agent:instrumentation:log4j1'
 include ':dd-java-agent:instrumentation:log4j2'
@@ -307,6 +322,7 @@ include ':dd-java-agent:instrumentation:netty-4.1'
 include ':dd-java-agent:instrumentation:netty-buffer-4'
 include ':dd-java-agent:instrumentation:netty-concurrent-4'
 include ':dd-java-agent:instrumentation:netty-promise-4'
+include ':dd-java-agent:instrumentation:netty-transport-4'
 include ':dd-java-agent:instrumentation:okhttp-2'
 include ':dd-java-agent:instrumentation:okhttp-3'
 include ':dd-java-agent:instrumentation:ognl-appsec'
@@ -315,11 +331,15 @@ include ':dd-java-agent:instrumentation:opensearch:rest'
 include ':dd-java-agent:instrumentation:opensearch:transport'
 include ':dd-java-agent:instrumentation:opentelemetry:opentelemetry-0.3'
 include ':dd-java-agent:instrumentation:opentelemetry:opentelemetry-1.4'
+include ':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.20'
+include ':dd-java-agent:instrumentation:opentelemetry:opentelemetry-annotations-1.26'
 include ':dd-java-agent:instrumentation:opentracing'
 include ':dd-java-agent:instrumentation:opentracing:api-0.31'
 include ':dd-java-agent:instrumentation:opentracing:api-0.32'
 include ':dd-java-agent:instrumentation:osgi-4.3'
 include ':dd-java-agent:instrumentation:owasp-esapi-2'
+include ':dd-java-agent:instrumentation:pekko-concurrent'
+include ':dd-java-agent:instrumentation:pekko-http-1.0'
 include ':dd-java-agent:instrumentation:play-2.3'
 include ':dd-java-agent:instrumentation:play-2.4'
 include ':dd-java-agent:instrumentation:play-2.6'
@@ -330,6 +350,7 @@ include ':dd-java-agent:instrumentation:play-ws-2.1'
 include ':dd-java-agent:instrumentation:quartz-2'
 include ':dd-java-agent:instrumentation:rabbitmq-amqp-2.7'
 include ':dd-java-agent:instrumentation:ratpack-1.5'
+include ':dd-java-agent:instrumentation:reactive-streams'
 include ':dd-java-agent:instrumentation:reactor-core-3.1'
 include ':dd-java-agent:instrumentation:reactor-netty-1'
 include ':dd-java-agent:instrumentation:rediscala-1.8.0'
@@ -339,6 +360,7 @@ include ':dd-java-agent:instrumentation:restlet-2.2'
 include ':dd-java-agent:instrumentation:rmi'
 include ':dd-java-agent:instrumentation:rxjava-1'
 include ':dd-java-agent:instrumentation:rxjava-2'
+include ':dd-java-agent:instrumentation:scala'
 include ':dd-java-agent:instrumentation:scala-concurrent'
 include ':dd-java-agent:instrumentation:scala-promise'
 include ':dd-java-agent:instrumentation:scala-promise:scala-promise-2.10'
@@ -351,6 +373,8 @@ include ':dd-java-agent:instrumentation:servlet:request-5'
 include ':dd-java-agent:instrumentation:shutdown'
 include ':dd-java-agent:instrumentation:slick'
 include ':dd-java-agent:instrumentation:spark'
+include ':dd-java-agent:instrumentation:spark:spark_2.12'
+include ':dd-java-agent:instrumentation:spark:spark_2.13'
 include ':dd-java-agent:instrumentation:sparkjava-2.3'
 include ':dd-java-agent:instrumentation:spray-1.3'
 include ':dd-java-agent:instrumentation:spring-beans'
@@ -371,8 +395,9 @@ include ':dd-java-agent:instrumentation:spymemcached-2.10'
 include ':dd-java-agent:instrumentation:sslsocket'
 include ':dd-java-agent:instrumentation:synapse-3'
 include ':dd-java-agent:instrumentation:testng'
-include ':dd-java-agent:instrumentation:testng:testng-6.4'
-include ':dd-java-agent:instrumentation:testng:testng-7.5'
+include ':dd-java-agent:instrumentation:testng:testng-6'
+include ':dd-java-agent:instrumentation:testng:testng-7'
+include ':dd-java-agent:instrumentation:thymeleaf'
 include ':dd-java-agent:instrumentation:tomcat-5.5'
 include ':dd-java-agent:instrumentation:tomcat-5.5-common'
 include ':dd-java-agent:instrumentation:tomcat-appsec-5.5'
@@ -380,10 +405,13 @@ include ':dd-java-agent:instrumentation:tomcat-appsec-6'
 include ':dd-java-agent:instrumentation:tomcat-appsec-7'
 include ':dd-java-agent:instrumentation:trace-annotation'
 include ':dd-java-agent:instrumentation:twilio'
+include ':dd-java-agent:instrumentation:unbescape'
 include ':dd-java-agent:instrumentation:undertow'
 include ':dd-java-agent:instrumentation:undertow:undertow-2.0'
 include ':dd-java-agent:instrumentation:undertow:undertow-2.2'
 include ':dd-java-agent:instrumentation:vertx-mysql-client-3.9'
+include ':dd-java-agent:instrumentation:vertx-mysql-client-4.0'
+include ':dd-java-agent:instrumentation:vertx-mysql-client-4.4.2'
 include ':dd-java-agent:instrumentation:vertx-redis-client-3.9'
 include ':dd-java-agent:instrumentation:vertx-redis-client-3.9:stubs'
 include ':dd-java-agent:instrumentation:vertx-rx-3.5'
diff --git a/telemetry/src/main/java/datadog/telemetry/BufferedEvents.java b/telemetry/src/main/java/datadog/telemetry/BufferedEvents.java
new file mode 100644
index 00000000000..3fc437b4de0
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/BufferedEvents.java
@@ -0,0 +1,137 @@
+package datadog.telemetry;
+
+import datadog.telemetry.api.DistributionSeries;
+import datadog.telemetry.api.Integration;
+import datadog.telemetry.api.LogMessage;
+import datadog.telemetry.api.Metric;
+import datadog.telemetry.dependency.Dependency;
+import datadog.trace.api.ConfigSetting;
+import java.util.ArrayList;
+
+/**
+ * Keeps track of attempted to send telemetry events that can be used as a source for the next
+ * telemetry request attempt or telemetry metric calculation.
+ */
+public final class BufferedEvents implements EventSource, EventSink {
+  private static final int INITIAL_CAPACITY = 32;
+  private ArrayList<ConfigSetting> configChangeEvents;
+  private int configChangeIndex;
+  private ArrayList<Integration> integrationEvents;
+  private int integrationIndex;
+  private ArrayList<Dependency> dependencyEvents;
+  private int dependencyIndex;
+  private ArrayList<Metric> metricEvents;
+  private int metricIndex;
+  private ArrayList<DistributionSeries> distributionSeriesEvents;
+  private int distributionSeriesIndex;
+  private ArrayList<LogMessage> logMessageEvents;
+  private int logMessageIndex;
+
+  public void addConfigChangeEvent(ConfigSetting event) {
+    if (configChangeEvents == null) {
+      configChangeEvents = new ArrayList<>(INITIAL_CAPACITY);
+    }
+    configChangeEvents.add(event);
+  }
+
+  @Override
+  public void addIntegrationEvent(Integration event) {
+    if (integrationEvents == null) {
+      integrationEvents = new ArrayList<>(INITIAL_CAPACITY);
+    }
+    integrationEvents.add(event);
+  }
+
+  @Override
+  public void addDependencyEvent(Dependency event) {
+    if (dependencyEvents == null) {
+      dependencyEvents = new ArrayList<>(INITIAL_CAPACITY);
+    }
+    dependencyEvents.add(event);
+  }
+
+  @Override
+  public void addMetricEvent(Metric event) {
+    if (metricEvents == null) {
+      metricEvents = new ArrayList<>(INITIAL_CAPACITY);
+    }
+    metricEvents.add(event);
+  }
+
+  @Override
+  public void addDistributionSeriesEvent(DistributionSeries event) {
+    if (distributionSeriesEvents == null) {
+      distributionSeriesEvents = new ArrayList<>(INITIAL_CAPACITY);
+    }
+    distributionSeriesEvents.add(event);
+  }
+
+  @Override
+  public void addLogMessageEvent(LogMessage event) {
+    if (logMessageEvents == null) {
+      logMessageEvents = new ArrayList<>(INITIAL_CAPACITY);
+    }
+    logMessageEvents.add(event);
+  }
+
+  @Override
+  public boolean hasConfigChangeEvent() {
+    return configChangeEvents != null && configChangeIndex < configChangeEvents.size();
+  }
+
+  @Override
+  public ConfigSetting nextConfigChangeEvent() {
+    return configChangeEvents.get(configChangeIndex++);
+  }
+
+  @Override
+  public boolean hasIntegrationEvent() {
+    return integrationEvents != null && integrationIndex < integrationEvents.size();
+  }
+
+  @Override
+  public Integration nextIntegrationEvent() {
+    return integrationEvents.get(integrationIndex++);
+  }
+
+  @Override
+  public boolean hasDependencyEvent() {
+    return dependencyEvents != null && dependencyIndex < dependencyEvents.size();
+  }
+
+  @Override
+  public Dependency nextDependencyEvent() {
+    return dependencyEvents.get(dependencyIndex++);
+  }
+
+  @Override
+  public boolean hasMetricEvent() {
+    return metricEvents != null && metricIndex < metricEvents.size();
+  }
+
+  @Override
+  public Metric nextMetricEvent() {
+    return metricEvents.get(metricIndex++);
+  }
+
+  @Override
+  public boolean hasDistributionSeriesEvent() {
+    return distributionSeriesEvents != null
+        && distributionSeriesIndex < distributionSeriesEvents.size();
+  }
+
+  @Override
+  public DistributionSeries nextDistributionSeriesEvent() {
+    return distributionSeriesEvents.get(distributionSeriesIndex++);
+  }
+
+  @Override
+  public boolean hasLogMessageEvent() {
+    return logMessageEvents != null && logMessageIndex < logMessageEvents.size();
+  }
+
+  @Override
+  public LogMessage nextLogMessageEvent() {
+    return logMessageEvents.get(logMessageIndex++);
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/EventSink.java b/telemetry/src/main/java/datadog/telemetry/EventSink.java
new file mode 100644
index 00000000000..767845d9f04
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/EventSink.java
@@ -0,0 +1,51 @@
+package datadog.telemetry;
+
+import datadog.telemetry.api.DistributionSeries;
+import datadog.telemetry.api.Integration;
+import datadog.telemetry.api.LogMessage;
+import datadog.telemetry.api.Metric;
+import datadog.telemetry.dependency.Dependency;
+import datadog.trace.api.ConfigSetting;
+
+/**
+ * A unified interface for telemetry event sink. It is used to buffer events polled from the queues
+ * to reattempt next sending attempt. A NOOP implementation is used to discard event on the next
+ * failing attempt.
+ */
+interface EventSink {
+  void addConfigChangeEvent(ConfigSetting event);
+
+  void addIntegrationEvent(Integration event);
+
+  void addDependencyEvent(Dependency event);
+
+  void addMetricEvent(Metric event);
+
+  void addDistributionSeriesEvent(DistributionSeries event);
+
+  void addLogMessageEvent(LogMessage event);
+
+  EventSink NOOP = new Noop();
+
+  class Noop implements EventSink {
+    private Noop() {}
+
+    @Override
+    public void addConfigChangeEvent(ConfigSetting event) {}
+
+    @Override
+    public void addIntegrationEvent(Integration event) {}
+
+    @Override
+    public void addDependencyEvent(Dependency event) {}
+
+    @Override
+    public void addMetricEvent(Metric event) {}
+
+    @Override
+    public void addDistributionSeriesEvent(DistributionSeries event) {}
+
+    @Override
+    public void addLogMessageEvent(LogMessage event) {}
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/EventSource.java b/telemetry/src/main/java/datadog/telemetry/EventSource.java
new file mode 100644
index 00000000000..3234edb391f
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/EventSource.java
@@ -0,0 +1,133 @@
+package datadog.telemetry;
+
+import datadog.telemetry.api.DistributionSeries;
+import datadog.telemetry.api.Integration;
+import datadog.telemetry.api.LogMessage;
+import datadog.telemetry.api.Metric;
+import datadog.telemetry.dependency.Dependency;
+import datadog.trace.api.ConfigSetting;
+import java.util.Queue;
+
+/**
+ * A unified interface for telemetry event source. There are two types of event sources: - Queued -
+ * a primary telemetry event source - BufferedEvents - events taken from the primary source and
+ * buffered for a retry
+ */
+interface EventSource {
+  boolean hasConfigChangeEvent();
+
+  ConfigSetting nextConfigChangeEvent();
+
+  boolean hasIntegrationEvent();
+
+  Integration nextIntegrationEvent();
+
+  boolean hasDependencyEvent();
+
+  Dependency nextDependencyEvent();
+
+  boolean hasMetricEvent();
+
+  Metric nextMetricEvent();
+
+  boolean hasDistributionSeriesEvent();
+
+  DistributionSeries nextDistributionSeriesEvent();
+
+  boolean hasLogMessageEvent();
+
+  LogMessage nextLogMessageEvent();
+
+  default boolean isEmpty() {
+    return !hasConfigChangeEvent()
+        && !hasIntegrationEvent()
+        && !hasDependencyEvent()
+        && !hasMetricEvent()
+        && !hasDistributionSeriesEvent()
+        && !hasLogMessageEvent();
+  }
+
+  final class Queued implements EventSource {
+    private final Queue<ConfigSetting> configChangeQueue;
+    private final Queue<Integration> integrationQueue;
+    private final Queue<Dependency> dependencyQueue;
+    private final Queue<Metric> metricQueue;
+    private final Queue<DistributionSeries> distributionSeriesQueue;
+    private final Queue<LogMessage> logMessageQueue;
+
+    Queued(
+        Queue<ConfigSetting> configChangeQueue,
+        Queue<Integration> integrationQueue,
+        Queue<Dependency> dependencyQueue,
+        Queue<Metric> metricQueue,
+        Queue<DistributionSeries> distributionSeriesQueue,
+        Queue<LogMessage> logMessageQueue) {
+      this.configChangeQueue = configChangeQueue;
+      this.integrationQueue = integrationQueue;
+      this.dependencyQueue = dependencyQueue;
+      this.metricQueue = metricQueue;
+      this.distributionSeriesQueue = distributionSeriesQueue;
+      this.logMessageQueue = logMessageQueue;
+    }
+
+    @Override
+    public boolean hasConfigChangeEvent() {
+      return !configChangeQueue.isEmpty();
+    }
+
+    @Override
+    public ConfigSetting nextConfigChangeEvent() {
+      return configChangeQueue.poll();
+    }
+
+    @Override
+    public boolean hasIntegrationEvent() {
+      return !integrationQueue.isEmpty();
+    }
+
+    @Override
+    public Integration nextIntegrationEvent() {
+      return integrationQueue.poll();
+    }
+
+    @Override
+    public boolean hasDependencyEvent() {
+      return !dependencyQueue.isEmpty();
+    }
+
+    @Override
+    public Dependency nextDependencyEvent() {
+      return dependencyQueue.poll();
+    }
+
+    @Override
+    public boolean hasMetricEvent() {
+      return !metricQueue.isEmpty();
+    }
+
+    @Override
+    public Metric nextMetricEvent() {
+      return metricQueue.poll();
+    }
+
+    @Override
+    public boolean hasDistributionSeriesEvent() {
+      return !distributionSeriesQueue.isEmpty();
+    }
+
+    @Override
+    public DistributionSeries nextDistributionSeriesEvent() {
+      return distributionSeriesQueue.poll();
+    }
+
+    @Override
+    public boolean hasLogMessageEvent() {
+      return !logMessageQueue.isEmpty();
+    }
+
+    @Override
+    public LogMessage nextLogMessageEvent() {
+      return logMessageQueue.poll();
+    }
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/ExtendedHeartbeatData.java b/telemetry/src/main/java/datadog/telemetry/ExtendedHeartbeatData.java
new file mode 100644
index 00000000000..6d559019cc0
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/ExtendedHeartbeatData.java
@@ -0,0 +1,114 @@
+package datadog.telemetry;
+
+import datadog.telemetry.api.DistributionSeries;
+import datadog.telemetry.api.Integration;
+import datadog.telemetry.api.LogMessage;
+import datadog.telemetry.api.Metric;
+import datadog.telemetry.dependency.Dependency;
+import datadog.trace.api.ConfigSetting;
+import java.util.ArrayList;
+
+public class ExtendedHeartbeatData {
+  private static final int DEFAULT_DEPENDENCIES_LIMIT = 2000;
+  private static final int INITIAL_CAPACITY = 32;
+
+  private final int dependenciesLimit;
+  private final ArrayList<ConfigSetting> configuration;
+  private final ArrayList<Dependency> dependencies;
+  private final ArrayList<Integration> integrations;
+
+  public ExtendedHeartbeatData() {
+    this(DEFAULT_DEPENDENCIES_LIMIT);
+  }
+
+  ExtendedHeartbeatData(int dependenciesLimit) {
+    this.dependenciesLimit = dependenciesLimit;
+    configuration = new ArrayList<>(INITIAL_CAPACITY);
+    dependencies = new ArrayList<>(INITIAL_CAPACITY);
+    integrations = new ArrayList<>(INITIAL_CAPACITY);
+  }
+
+  public void pushConfigSetting(ConfigSetting cs) {
+    configuration.add(cs);
+  }
+
+  public void pushDependency(Dependency d) {
+    if (dependencies.size() < dependenciesLimit) {
+      dependencies.add(d);
+    }
+  }
+
+  public void pushIntegration(Integration i) {
+    integrations.add(i);
+  }
+
+  public EventSource snapshot() {
+    return new Snapshot();
+  }
+
+  private final class Snapshot implements EventSource {
+    private int configIndex;
+    private int dependencyIndex;
+    private int integrationIndex;
+
+    @Override
+    public boolean hasConfigChangeEvent() {
+      return configIndex < configuration.size();
+    }
+
+    @Override
+    public ConfigSetting nextConfigChangeEvent() {
+      return configuration.get(configIndex++);
+    }
+
+    @Override
+    public boolean hasIntegrationEvent() {
+      return integrationIndex < integrations.size();
+    }
+
+    @Override
+    public Integration nextIntegrationEvent() {
+      return integrations.get(integrationIndex++);
+    }
+
+    @Override
+    public boolean hasDependencyEvent() {
+      return dependencyIndex < dependencies.size();
+    }
+
+    @Override
+    public Dependency nextDependencyEvent() {
+      return dependencies.get(dependencyIndex++);
+    }
+
+    @Override
+    public boolean hasMetricEvent() {
+      return false;
+    }
+
+    @Override
+    public Metric nextMetricEvent() {
+      return null;
+    }
+
+    @Override
+    public boolean hasDistributionSeriesEvent() {
+      return false;
+    }
+
+    @Override
+    public DistributionSeries nextDistributionSeriesEvent() {
+      return null;
+    }
+
+    @Override
+    public boolean hasLogMessageEvent() {
+      return false;
+    }
+
+    @Override
+    public LogMessage nextLogMessageEvent() {
+      return null;
+    }
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/HostInfo.java b/telemetry/src/main/java/datadog/telemetry/HostInfo.java
index 9cab25f5da0..5f4986d6e18 100644
--- a/telemetry/src/main/java/datadog/telemetry/HostInfo.java
+++ b/telemetry/src/main/java/datadog/telemetry/HostInfo.java
@@ -17,7 +17,7 @@
 
 public class HostInfo {
   private static final Path PROC_VERSION = FileSystems.getDefault().getPath("/proc/version");
-  private static final Logger log = LoggerFactory.getLogger(RequestBuilder.class);
+  private static final Logger log = LoggerFactory.getLogger(TelemetryRequestBody.class);
 
   private static String hostname;
   private static String osName;
diff --git a/telemetry/src/main/java/datadog/telemetry/HttpClient.java b/telemetry/src/main/java/datadog/telemetry/HttpClient.java
deleted file mode 100644
index 367936d7c26..00000000000
--- a/telemetry/src/main/java/datadog/telemetry/HttpClient.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package datadog.telemetry;
-
-import java.io.IOException;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
-import okhttp3.Response;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class HttpClient {
-  public static final String DD_TELEMETRY_REQUEST_TYPE = "DD-Telemetry-Request-Type";
-
-  public enum Result {
-    SUCCESS,
-    FAILURE,
-    NOT_FOUND
-  }
-
-  private static final Logger log = LoggerFactory.getLogger(HttpClient.class);
-
-  private final OkHttpClient httpClient;
-
-  public HttpClient(OkHttpClient httpClient) {
-    this.httpClient = httpClient;
-  }
-
-  public Result sendRequest(Request request) {
-    String requestType = request.header(DD_TELEMETRY_REQUEST_TYPE);
-    try (Response response = httpClient.newCall(request).execute()) {
-      if (response.code() == 404) {
-        log.debug("Telemetry endpoint is disabled, dropping {} message", requestType);
-        return Result.NOT_FOUND;
-      }
-      if (!response.isSuccessful()) {
-        log.debug(
-            "Telemetry message {} failed with: {} {} ",
-            requestType,
-            response.code(),
-            response.message());
-        return Result.FAILURE;
-      }
-    } catch (IOException e) {
-      log.debug("Telemetry message {} failed with exception: {}", requestType, e.toString());
-      return Result.FAILURE;
-    }
-
-    log.debug("Telemetry message {} sent successfully", requestType);
-    return Result.SUCCESS;
-  }
-}
diff --git a/telemetry/src/main/java/datadog/telemetry/RequestBuilder.java b/telemetry/src/main/java/datadog/telemetry/RequestBuilder.java
deleted file mode 100644
index 494353c07a7..00000000000
--- a/telemetry/src/main/java/datadog/telemetry/RequestBuilder.java
+++ /dev/null
@@ -1,271 +0,0 @@
-package datadog.telemetry;
-
-import com.squareup.moshi.JsonWriter;
-import datadog.communication.ddagent.TracerVersion;
-import datadog.telemetry.api.ConfigChange;
-import datadog.telemetry.api.DistributionSeries;
-import datadog.telemetry.api.Integration;
-import datadog.telemetry.api.LogMessage;
-import datadog.telemetry.api.Metric;
-import datadog.telemetry.api.RequestType;
-import datadog.telemetry.dependency.Dependency;
-import datadog.trace.api.Config;
-import datadog.trace.api.DDTags;
-import datadog.trace.api.Platform;
-import java.io.IOException;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicLong;
-import javax.annotation.Nullable;
-import okhttp3.HttpUrl;
-import okhttp3.MediaType;
-import okhttp3.Request;
-import okhttp3.RequestBody;
-import okio.Buffer;
-import okio.BufferedSink;
-
-public class RequestBuilder extends RequestBody {
-
-  public static class SerializationException extends RuntimeException {
-    public SerializationException(String requestPartName, Throwable cause) {
-      super("Failed serializing Telemetry request " + requestPartName + " part!", cause);
-    }
-  }
-
-  private static final MediaType JSON = MediaType.parse("application/json; charset=utf-8");
-  private static final String API_VERSION = "v1";
-  private static final AtomicLong SEQ_ID = new AtomicLong();
-  private static final String TELEMETRY_NAMESPACE_TAG_TRACER = "tracers";
-
-  private final Buffer body = new Buffer();
-  private final JsonWriter bodyWriter = JsonWriter.of(body);
-  private final RequestType requestType;
-  private final Request request;
-  private final boolean debug;
-
-  private enum CommonData {
-    INSTANCE;
-
-    Config config = Config.get();
-    String env = config.getEnv();
-    String langVersion = Platform.getLangVersion();
-    String runtimeName = Platform.getRuntimeVendor();
-    String runtimePatches = Platform.getRuntimePatches();
-    String runtimeVersion = Platform.getRuntimeVersion();
-    String serviceName = config.getServiceName();
-    String serviceVersion = config.getVersion();
-    String runtimeId = config.getRuntimeId();
-    String architecture = HostInfo.getArchitecture();
-    String hostname = HostInfo.getHostname();
-    String kernelName = HostInfo.getKernelName();
-    String kernelRelease = HostInfo.getKernelRelease();
-    String kernelVersion = HostInfo.getKernelVersion();
-    String osName = HostInfo.getOsName();
-    String osVersion = HostInfo.getOsVersion();
-  }
-
-  RequestBuilder(RequestType requestType, HttpUrl httpUrl) {
-    this(requestType, httpUrl, false);
-  }
-
-  RequestBuilder(RequestType requestType, HttpUrl httpUrl, boolean debug) {
-    this.requestType = requestType;
-    this.request =
-        new Request.Builder()
-            .url(httpUrl)
-            .addHeader("Content-Type", String.valueOf(JSON))
-            .addHeader("DD-Telemetry-API-Version", API_VERSION)
-            .addHeader("DD-Telemetry-Request-Type", String.valueOf(requestType))
-            .addHeader("DD-Client-Library-Language", "jvm")
-            .addHeader("DD-Client-Library-Version", TracerVersion.TRACER_VERSION)
-            .post(this)
-            .build();
-    this.debug = debug;
-  }
-
-  public void writeHeader() {
-    try {
-      CommonData commonData = CommonData.INSTANCE;
-      bodyWriter.beginObject();
-      bodyWriter.name("api_version").value(API_VERSION);
-
-      bodyWriter.name("application");
-      bodyWriter.beginObject();
-      bodyWriter.name("env").value(commonData.env);
-      bodyWriter.name("language_name").value(DDTags.LANGUAGE_TAG_VALUE);
-      bodyWriter.name("language_version").value(commonData.langVersion);
-      bodyWriter.name("runtime_name").value(commonData.runtimeName);
-      bodyWriter.name("runtime_patches").value(commonData.runtimePatches); // optional
-      bodyWriter.name("runtime_version").value(commonData.runtimeVersion);
-      bodyWriter.name("service_name").value(commonData.serviceName);
-      bodyWriter.name("service_version").value(commonData.serviceVersion);
-      bodyWriter.name("tracer_version").value(TracerVersion.TRACER_VERSION);
-      bodyWriter.endObject();
-
-      if (debug) {
-        bodyWriter.name("debug").value(true);
-      }
-      bodyWriter.name("host");
-      bodyWriter.beginObject();
-      bodyWriter.name("architecture").value(commonData.architecture);
-      bodyWriter.name("hostname").value(commonData.hostname);
-      // only applicable to UNIX based OS
-      bodyWriter.name("kernel_name").value(commonData.kernelName);
-      bodyWriter.name("kernel_release").value(commonData.kernelRelease);
-      bodyWriter.name("kernel_version").value(commonData.kernelVersion);
-      bodyWriter.name("os").value(commonData.osName);
-      bodyWriter.name("os_version").value(commonData.osVersion); // optional
-      bodyWriter.endObject();
-
-      bodyWriter.name("request_type").value(requestType.toString());
-      bodyWriter.name("runtime_id").value(commonData.runtimeId);
-      bodyWriter.name("seq_id").value(SEQ_ID.incrementAndGet());
-      bodyWriter.name("tracer_time").value(System.currentTimeMillis() / 1000L);
-
-      bodyWriter.name("payload");
-      bodyWriter.beginObject();
-    } catch (Exception ex) {
-      throw new SerializationException("header", ex);
-    }
-  }
-
-  public void writeMetrics(List<Metric> series) {
-    try {
-      bodyWriter.name("namespace").value(TELEMETRY_NAMESPACE_TAG_TRACER);
-      bodyWriter.name("series");
-      bodyWriter.beginArray();
-      for (Metric m : series) {
-        bodyWriter.beginObject();
-        bodyWriter.name("namespace").value(m.getNamespace());
-        bodyWriter.name("common").value(m.getCommon());
-        bodyWriter.name("metric").value(m.getMetric());
-        bodyWriter.name("points").jsonValue(m.getPoints());
-        bodyWriter.name("tags").jsonValue(m.getTags());
-        if (m.getType() != null) bodyWriter.name("type").value(m.getType().toString());
-        bodyWriter.endObject();
-      }
-      bodyWriter.endArray();
-    } catch (Exception ex) {
-      throw new SerializationException("metrics payload", ex);
-    }
-  }
-
-  public void writeDistributionsEvent(List<DistributionSeries> series) {
-    try {
-      bodyWriter.name("namespace").value(TELEMETRY_NAMESPACE_TAG_TRACER);
-      bodyWriter.name("series");
-      bodyWriter.beginArray();
-      for (DistributionSeries ds : series) {
-        bodyWriter.beginObject();
-        bodyWriter.name("metric").value(ds.getMetric());
-        bodyWriter.name("points").jsonValue(ds.getPoints());
-        bodyWriter.name("tags").jsonValue(ds.getTags());
-        bodyWriter.name("common").value(ds.getCommon());
-        bodyWriter.name("namespace").value(ds.getNamespace());
-        bodyWriter.endObject();
-      }
-      bodyWriter.endArray();
-    } catch (Exception ex) {
-      throw new SerializationException("distribution series payload", ex);
-    }
-  }
-
-  public void writeLogsEvent(List<LogMessage> messages) {
-    try {
-      bodyWriter.name("logs").beginArray();
-      for (LogMessage m : messages) {
-        bodyWriter.beginObject();
-        bodyWriter.name("message").value(m.getMessage());
-        bodyWriter.name("level").value(String.valueOf(m.getLevel()));
-        bodyWriter.name("tags").value(m.getTags());
-        bodyWriter.name("stack_trace").value(m.getStackTrace());
-        bodyWriter.name("tracer_time").value(m.getTracerTime());
-        bodyWriter.endObject();
-      }
-      bodyWriter.endArray();
-    } catch (Exception ex) {
-      throw new SerializationException("logs payload", ex);
-    }
-  }
-
-  public void writeConfigChangeEvent(List<ConfigChange> configChanges) {
-    if (configChanges != null) {
-      try {
-        bodyWriter.name("configuration").beginArray();
-        for (ConfigChange cc : configChanges) {
-          bodyWriter.beginObject();
-          bodyWriter.name("name").value(cc.name);
-          bodyWriter.name("value").jsonValue(cc.value);
-          bodyWriter.endObject();
-        }
-        bodyWriter.endArray();
-      } catch (Exception ex) {
-        throw new SerializationException("config changes payload", ex);
-      }
-    }
-  }
-
-  public void writeDependenciesLoadedEvent(List<Dependency> dependencies) {
-    try {
-      bodyWriter.name("dependencies");
-      bodyWriter.beginArray();
-      for (Dependency d : dependencies) {
-        bodyWriter.beginObject();
-        bodyWriter.name("hash").value(d.hash);
-        bodyWriter.name("name").value(d.name);
-        bodyWriter.name("type").value("PlatformStandard");
-        bodyWriter.name("version").value(d.version);
-        bodyWriter.endObject();
-      }
-      bodyWriter.endArray();
-    } catch (Exception ex) {
-      throw new SerializationException("dependencies payload", ex);
-    }
-  }
-
-  public void writeIntegrationsEvent(List<Integration> integrations) {
-    try {
-      bodyWriter.name("integrations");
-      bodyWriter.beginArray();
-      for (Integration i : integrations) {
-        bodyWriter.beginObject();
-        bodyWriter.name("enabled").value(i.enabled);
-        bodyWriter.name("name").value(i.name);
-        bodyWriter.endObject();
-      }
-      bodyWriter.endArray();
-    } catch (Exception ex) {
-      throw new SerializationException("integrations payload", ex);
-    }
-  }
-
-  public void writeFooter() {
-    try {
-      bodyWriter.endObject(); // payload
-      bodyWriter.endObject(); // request
-    } catch (Exception ex) {
-      throw new SerializationException("footer", ex);
-    }
-  }
-
-  /**
-   * @return associated request. <br>
-   *     NOTE: Its body can still be extended with write methods until it's been sent. That's
-   *     because the request body is lazily evaluated and backed with a buffer that can still be
-   *     extended until the request is sent. <br>
-   *     TODO: see if there is a better way to express this peculiarity in the code.
-   */
-  public Request request() {
-    return request;
-  }
-
-  @Nullable
-  @Override
-  public MediaType contentType() {
-    return JSON;
-  }
-
-  @Override
-  public void writeTo(BufferedSink sink) throws IOException {
-    sink.write(body, body.size());
-  }
-}
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetryClient.java b/telemetry/src/main/java/datadog/telemetry/TelemetryClient.java
new file mode 100644
index 00000000000..3e218a0f6b7
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetryClient.java
@@ -0,0 +1,100 @@
+package datadog.telemetry;
+
+import datadog.communication.http.OkHttpUtils;
+import java.io.IOException;
+import okhttp3.HttpUrl;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.Response;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TelemetryClient {
+
+  public enum Result {
+    SUCCESS,
+    FAILURE,
+    NOT_FOUND;
+  }
+
+  public static TelemetryClient buildAgentClient(OkHttpClient okHttpClient, HttpUrl agentUrl) {
+    HttpUrl agentTelemetryUrl =
+        agentUrl.newBuilder().addPathSegments(AGENT_TELEMETRY_API_ENDPOINT).build();
+    return new TelemetryClient(okHttpClient, agentTelemetryUrl, null);
+  }
+
+  public static TelemetryClient buildIntakeClient(String site, long timeoutMillis, String apiKey) {
+    if (apiKey == null) {
+      log.warn("Cannot create Telemetry Intake because API_KEY unspecified.");
+      return null;
+    }
+
+    String prefix = "";
+    if (site.endsWith("datad0g.com")) {
+      prefix = "all-http-intake.logs.";
+    } else if (site.endsWith("datadoghq.com")) {
+      prefix = "instrumentation-telemetry-intake.";
+    }
+
+    String telemetryUrl = "https://" + prefix + site + "/api/v2/apmtelemetry";
+    HttpUrl url;
+    try {
+      url = HttpUrl.get(telemetryUrl);
+    } catch (IllegalArgumentException e) {
+      log.error("Can't create Telemetry URL for {}", telemetryUrl);
+      return null;
+    }
+
+    OkHttpClient httpClient = OkHttpUtils.buildHttpClient(url, timeoutMillis);
+    return new TelemetryClient(httpClient, url, apiKey);
+  }
+
+  private static final Logger log = LoggerFactory.getLogger(TelemetryClient.class);
+
+  private static final String AGENT_TELEMETRY_API_ENDPOINT = "telemetry/proxy/api/v2/apmtelemetry";
+  private static final String DD_TELEMETRY_REQUEST_TYPE = "DD-Telemetry-Request-Type";
+
+  private final OkHttpClient okHttpClient;
+  private final HttpUrl url;
+  private final String apiKey;
+
+  public TelemetryClient(OkHttpClient okHttpClient, HttpUrl url, String apiKey) {
+    this.okHttpClient = okHttpClient;
+    this.url = url;
+    this.apiKey = apiKey;
+  }
+
+  public HttpUrl getUrl() {
+    return url;
+  }
+
+  public Result sendHttpRequest(Request.Builder httpRequestBuilder) {
+    httpRequestBuilder.url(url);
+    if (apiKey != null) {
+      httpRequestBuilder.addHeader("DD-API-KEY", apiKey);
+    }
+
+    Request httpRequest = httpRequestBuilder.build();
+    String requestType = httpRequest.header(DD_TELEMETRY_REQUEST_TYPE);
+    try (Response response = okHttpClient.newCall(httpRequest).execute()) {
+      if (response.code() == 404) {
+        log.debug("Telemetry endpoint is disabled, dropping {} message.", requestType);
+        return Result.NOT_FOUND;
+      }
+      if (!response.isSuccessful()) {
+        log.debug(
+            "Telemetry message {} failed with: {} {}.",
+            requestType,
+            response.code(),
+            response.message());
+        return Result.FAILURE;
+      }
+    } catch (IOException e) {
+      log.debug("Telemetry message {} failed with exception: {}.", requestType, e.toString());
+      return Result.FAILURE;
+    }
+
+    log.debug("Telemetry message {} sent successfully to {}.", requestType, url);
+    return Result.SUCCESS;
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetryRequest.java b/telemetry/src/main/java/datadog/telemetry/TelemetryRequest.java
new file mode 100644
index 00000000000..19f456a6fbd
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetryRequest.java
@@ -0,0 +1,191 @@
+package datadog.telemetry;
+
+import datadog.common.container.ContainerInfo;
+import datadog.communication.ddagent.TracerVersion;
+import datadog.telemetry.api.DistributionSeries;
+import datadog.telemetry.api.Integration;
+import datadog.telemetry.api.LogMessage;
+import datadog.telemetry.api.Metric;
+import datadog.telemetry.api.RequestType;
+import datadog.telemetry.dependency.Dependency;
+import datadog.trace.api.ConfigSetting;
+import datadog.trace.api.DDTags;
+import datadog.trace.api.InstrumenterConfig;
+import datadog.trace.api.ProductActivation;
+import java.io.IOException;
+import okhttp3.MediaType;
+import okhttp3.Request;
+
+public class TelemetryRequest {
+  static final String API_VERSION = "v2";
+  static final MediaType JSON = MediaType.parse("application/json; charset=utf-8");
+
+  private final EventSource eventSource;
+  private final EventSink eventSink;
+  private final long messageBytesSoftLimit;
+  private final RequestType requestType;
+  private final boolean debug;
+  private final TelemetryRequestBody requestBody;
+
+  public TelemetryRequest(
+      EventSource eventSource,
+      EventSink eventSink,
+      long messageBytesSoftLimit,
+      RequestType requestType,
+      boolean debug) {
+    this.eventSource = eventSource;
+    this.eventSink = eventSink;
+    this.messageBytesSoftLimit = messageBytesSoftLimit;
+    this.requestType = requestType;
+    this.debug = debug;
+    this.requestBody = new TelemetryRequestBody(requestType);
+    this.requestBody.beginRequest(debug);
+  }
+
+  public Request.Builder httpRequest() {
+    long bodySize = requestBody.endRequest();
+
+    Request.Builder builder =
+        new Request.Builder()
+            .addHeader("Content-Type", String.valueOf(JSON))
+            .addHeader("Content-Length", String.valueOf(bodySize))
+            .addHeader("DD-Telemetry-API-Version", API_VERSION)
+            .addHeader("DD-Telemetry-Request-Type", String.valueOf(this.requestType))
+            .addHeader("DD-Client-Library-Language", DDTags.LANGUAGE_TAG_VALUE)
+            .addHeader("DD-Client-Library-Version", TracerVersion.TRACER_VERSION)
+            .post(requestBody);
+
+    final String containerId = ContainerInfo.get().getContainerId();
+    if (containerId != null) {
+      builder.addHeader("Datadog-Container-ID", containerId);
+    }
+
+    if (debug) {
+      builder.addHeader("DD-Telemetry-Debug-Enabled", "true");
+    }
+
+    return builder;
+  }
+
+  public void writeConfigurations() {
+    if (!isWithinSizeLimits() || !eventSource.hasConfigChangeEvent()) {
+      return;
+    }
+    try {
+      requestBody.beginConfiguration();
+      while (eventSource.hasConfigChangeEvent() && isWithinSizeLimits()) {
+        ConfigSetting event = eventSource.nextConfigChangeEvent();
+        requestBody.writeConfiguration(event);
+        eventSink.addConfigChangeEvent(event);
+      }
+      requestBody.endConfiguration();
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("configuration-object", e);
+    }
+  }
+
+  public void writeProducts() {
+    InstrumenterConfig instrumenterConfig = InstrumenterConfig.get();
+    try {
+      boolean appsecEnabled =
+          instrumenterConfig.getAppSecActivation() != ProductActivation.FULLY_DISABLED;
+      boolean profilerEnabled = instrumenterConfig.isProfilingEnabled();
+      requestBody.writeProducts(appsecEnabled, profilerEnabled);
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("products", e);
+    }
+  }
+
+  public void writeIntegrations() {
+    if (!isWithinSizeLimits() || !eventSource.hasIntegrationEvent()) {
+      return;
+    }
+    try {
+      requestBody.beginIntegrations();
+      while (eventSource.hasIntegrationEvent() && isWithinSizeLimits()) {
+        Integration event = eventSource.nextIntegrationEvent();
+        requestBody.writeIntegration(event);
+        eventSink.addIntegrationEvent(event);
+      }
+      requestBody.endIntegrations();
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("integrations-message", e);
+    }
+  }
+
+  public void writeDependencies() {
+    if (!isWithinSizeLimits() || !eventSource.hasDependencyEvent()) {
+      return;
+    }
+    try {
+      requestBody.beginDependencies();
+      while (eventSource.hasDependencyEvent() && isWithinSizeLimits()) {
+        Dependency event = eventSource.nextDependencyEvent();
+        requestBody.writeDependency(event);
+        eventSink.addDependencyEvent(event);
+      }
+      requestBody.endDependencies();
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("dependencies-message", e);
+    }
+  }
+
+  public void writeMetrics() {
+    if (!isWithinSizeLimits() || !eventSource.hasMetricEvent()) {
+      return;
+    }
+    try {
+      requestBody.beginMetrics();
+      while (eventSource.hasMetricEvent() && isWithinSizeLimits()) {
+        Metric event = eventSource.nextMetricEvent();
+        requestBody.writeMetric(event);
+        eventSink.addMetricEvent(event);
+      }
+      requestBody.endMetrics();
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("metrics-message", e);
+    }
+  }
+
+  public void writeDistributions() {
+    if (!isWithinSizeLimits() || !eventSource.hasDistributionSeriesEvent()) {
+      return;
+    }
+    try {
+      requestBody.beginDistributions();
+      while (eventSource.hasDistributionSeriesEvent() && isWithinSizeLimits()) {
+        DistributionSeries event = eventSource.nextDistributionSeriesEvent();
+        requestBody.writeDistribution(event);
+        eventSink.addDistributionSeriesEvent(event);
+      }
+      requestBody.endDistributions();
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("distributions-message", e);
+    }
+  }
+
+  public void writeLogs() {
+    if (!isWithinSizeLimits() || !eventSource.hasLogMessageEvent()) {
+      return;
+    }
+    try {
+      requestBody.beginLogs();
+      while (eventSource.hasLogMessageEvent() && isWithinSizeLimits()) {
+        LogMessage event = eventSource.nextLogMessageEvent();
+        requestBody.writeLog(event);
+        eventSink.addLogMessageEvent(event);
+      }
+      requestBody.endLogs();
+    } catch (IOException e) {
+      throw new TelemetryRequestBody.SerializationException("logs-message", e);
+    }
+  }
+
+  public void writeHeartbeat() {
+    requestBody.writeHeartbeatEvent();
+  }
+
+  private boolean isWithinSizeLimits() {
+    return requestBody.size() < messageBytesSoftLimit;
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetryRequestBody.java b/telemetry/src/main/java/datadog/telemetry/TelemetryRequestBody.java
new file mode 100644
index 00000000000..074e4386783
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetryRequestBody.java
@@ -0,0 +1,327 @@
+package datadog.telemetry;
+
+import com.squareup.moshi.JsonWriter;
+import datadog.communication.ddagent.TracerVersion;
+import datadog.telemetry.api.DistributionSeries;
+import datadog.telemetry.api.Integration;
+import datadog.telemetry.api.LogMessage;
+import datadog.telemetry.api.Metric;
+import datadog.telemetry.api.RequestType;
+import datadog.telemetry.dependency.Dependency;
+import datadog.trace.api.Config;
+import datadog.trace.api.ConfigSetting;
+import datadog.trace.api.DDTags;
+import datadog.trace.api.Platform;
+import java.io.IOException;
+import java.util.concurrent.atomic.AtomicLong;
+import javax.annotation.Nullable;
+import okhttp3.MediaType;
+import okhttp3.RequestBody;
+import okio.Buffer;
+import okio.BufferedSink;
+
+public class TelemetryRequestBody extends RequestBody {
+
+  public static class SerializationException extends RuntimeException {
+    public SerializationException(String requestPartName, Throwable cause) {
+      super("Failed serializing Telemetry " + requestPartName + " part!", cause);
+    }
+  }
+
+  private static final AtomicLong SEQ_ID = new AtomicLong();
+  private static final String TELEMETRY_NAMESPACE_TAG_TRACER = "tracers";
+
+  private final RequestType requestType;
+  private final Buffer body;
+  private final JsonWriter bodyWriter;
+
+  /** Exists in a separate class to avoid startup toll */
+  private static class CommonData {
+    final Config config = Config.get();
+    final String env = config.getEnv();
+    final String langVersion = Platform.getLangVersion();
+    final String runtimeName = Platform.getRuntimeVendor();
+    final String runtimePatches = Platform.getRuntimePatches();
+    final String runtimeVersion = Platform.getRuntimeVersion();
+    final String serviceName = config.getServiceName();
+    final String serviceVersion = config.getVersion();
+    final String runtimeId = config.getRuntimeId();
+    final String architecture = HostInfo.getArchitecture();
+    final String hostname = HostInfo.getHostname();
+    final String kernelName = HostInfo.getKernelName();
+    final String kernelRelease = HostInfo.getKernelRelease();
+    final String kernelVersion = HostInfo.getKernelVersion();
+    final String osName = HostInfo.getOsName();
+    final String osVersion = HostInfo.getOsVersion();
+  }
+
+  private static final CommonData commonData = new CommonData();
+
+  TelemetryRequestBody(RequestType requestType) {
+    this.requestType = requestType;
+    this.body = new Buffer();
+    this.bodyWriter = JsonWriter.of(body);
+  }
+
+  public void beginRequest(boolean debug) {
+    try {
+      bodyWriter.beginObject();
+      bodyWriter.name("api_version").value(TelemetryRequest.API_VERSION);
+      // naming_schema_version - optional
+      bodyWriter.name("runtime_id").value(commonData.runtimeId);
+      bodyWriter.name("seq_id").value(SEQ_ID.incrementAndGet());
+      bodyWriter.name("tracer_time").value(System.currentTimeMillis() / 1000L);
+
+      bodyWriter.name("application");
+      bodyWriter.beginObject();
+      bodyWriter.name("service_name").value(commonData.serviceName);
+      bodyWriter.name("env").value(commonData.env);
+      bodyWriter.name("service_version").value(commonData.serviceVersion);
+      bodyWriter.name("tracer_version").value(TracerVersion.TRACER_VERSION);
+      bodyWriter.name("language_name").value(DDTags.LANGUAGE_TAG_VALUE);
+      bodyWriter.name("language_version").value(commonData.langVersion);
+      bodyWriter.name("runtime_name").value(commonData.runtimeName);
+      bodyWriter.name("runtime_version").value(commonData.runtimeVersion);
+      bodyWriter.name("runtime_patches").value(commonData.runtimePatches); // optional
+      bodyWriter.endObject();
+
+      if (debug) {
+        bodyWriter.name("debug").value(true);
+      }
+      bodyWriter.name("host");
+      bodyWriter.beginObject();
+      bodyWriter.name("hostname").value(commonData.hostname);
+      bodyWriter.name("os").value(commonData.osName);
+      bodyWriter.name("os_version").value(commonData.osVersion); // optional
+      bodyWriter.name("architecture").value(commonData.architecture);
+      // only applicable to UNIX based OS
+      bodyWriter.name("kernel_name").value(commonData.kernelName);
+      bodyWriter.name("kernel_release").value(commonData.kernelRelease);
+      bodyWriter.name("kernel_version").value(commonData.kernelVersion);
+      bodyWriter.endObject();
+
+      bodyWriter.name("request_type").value(this.requestType.toString());
+
+      switch (this.requestType) {
+        case APP_STARTED:
+        case APP_EXTENDED_HEARTBEAT:
+          bodyWriter.name("payload");
+          bodyWriter.beginObject();
+          break;
+        case MESSAGE_BATCH:
+          bodyWriter.name("payload");
+          bodyWriter.beginArray();
+          break;
+        default:
+      }
+    } catch (Exception ex) {
+      throw new SerializationException("begin-request", ex);
+    }
+  }
+
+  /** @return body size in bytes */
+  public long endRequest() {
+    try {
+      switch (this.requestType) {
+        case APP_STARTED:
+        case APP_EXTENDED_HEARTBEAT:
+          bodyWriter.endObject(); // payload
+          break;
+        case MESSAGE_BATCH:
+          bodyWriter.endArray(); // payloads
+          break;
+        default:
+      }
+      bodyWriter.endObject(); // request
+      return body.size();
+    } catch (Exception ex) {
+      throw new SerializationException("end-request", ex);
+    }
+  }
+
+  public void writeHeartbeatEvent() {
+    beginMessageIfBatch(RequestType.APP_HEARTBEAT);
+    endMessageIfBatch(RequestType.APP_HEARTBEAT);
+  }
+
+  public void beginMetrics() throws IOException {
+    beginMessageIfBatch(RequestType.GENERATE_METRICS);
+    bodyWriter.name("namespace").value(TELEMETRY_NAMESPACE_TAG_TRACER);
+    bodyWriter.name("series").beginArray();
+  }
+
+  public void writeMetric(Metric m) throws IOException {
+    bodyWriter.beginObject();
+    bodyWriter.name("metric").value(m.getMetric());
+    bodyWriter.name("points").jsonValue(m.getPoints());
+    // interval - optional
+    if (m.getType() != null) bodyWriter.name("type").value(m.getType().toString());
+    bodyWriter.name("tags").jsonValue(m.getTags()); // optional
+    bodyWriter.name("common").value(m.getCommon()); // optional
+    bodyWriter.name("namespace").value(m.getNamespace()); // optional
+    bodyWriter.endObject();
+  }
+
+  public void endMetrics() throws IOException {
+    bodyWriter.endArray();
+    endMessageIfBatch(RequestType.GENERATE_METRICS);
+  }
+
+  public void beginDistributions() throws IOException {
+    beginMessageIfBatch(RequestType.DISTRIBUTIONS);
+    bodyWriter.name("namespace").value(TELEMETRY_NAMESPACE_TAG_TRACER);
+    bodyWriter.name("series").beginArray();
+  }
+
+  public void writeDistribution(DistributionSeries ds) throws IOException {
+    bodyWriter.beginObject();
+    bodyWriter.name("metric").value(ds.getMetric());
+    bodyWriter.name("points").jsonValue(ds.getPoints());
+    bodyWriter.name("tags").jsonValue(ds.getTags());
+    bodyWriter.name("common").value(ds.getCommon());
+    bodyWriter.name("namespace").value(ds.getNamespace());
+    bodyWriter.endObject();
+  }
+
+  public void endDistributions() throws IOException {
+    bodyWriter.endArray();
+    endMessageIfBatch(RequestType.DISTRIBUTIONS);
+  }
+
+  public void beginLogs() throws IOException {
+    beginMessageIfBatch(RequestType.LOGS);
+    bodyWriter.name("logs").beginArray();
+  }
+
+  public void writeLog(LogMessage m) throws IOException {
+    bodyWriter.beginObject();
+    bodyWriter.name("message").value(m.getMessage());
+    bodyWriter.name("level").value(String.valueOf(m.getLevel()));
+    bodyWriter.name("tags").value(m.getTags()); // optional
+    bodyWriter.name("stack_trace").value(m.getStackTrace()); // optional
+    bodyWriter.name("tracer_time").value(m.getTracerTime()); // optional
+    bodyWriter.endObject();
+  }
+
+  public void endLogs() throws IOException {
+    bodyWriter.endArray();
+    endMessageIfBatch(RequestType.LOGS);
+  }
+
+  public void beginConfiguration() throws IOException {
+    beginMessageIfBatch(RequestType.APP_CLIENT_CONFIGURATION_CHANGE);
+    bodyWriter.name("configuration").beginArray();
+  }
+
+  public void writeConfiguration(ConfigSetting configSetting) throws IOException {
+    bodyWriter.beginObject();
+    bodyWriter.name("name").value(configSetting.key);
+    bodyWriter.setSerializeNulls(true);
+    bodyWriter.name("value").jsonValue(configSetting.value);
+    bodyWriter.setSerializeNulls(false);
+    bodyWriter.name("origin").jsonValue(configSetting.origin.value);
+    bodyWriter.endObject();
+  }
+
+  public void endConfiguration() throws IOException {
+    bodyWriter.endArray();
+    endMessageIfBatch(RequestType.APP_CLIENT_CONFIGURATION_CHANGE);
+  }
+
+  public void beginIntegrations() throws IOException {
+    beginMessageIfBatch(RequestType.APP_INTEGRATIONS_CHANGE);
+    bodyWriter.name("integrations").beginArray();
+  }
+
+  public void writeIntegration(Integration i) throws IOException {
+    bodyWriter.beginObject();
+    bodyWriter.name("enabled").value(i.enabled);
+    bodyWriter.name("name").value(i.name);
+    bodyWriter.endObject();
+  }
+
+  public void endIntegrations() throws IOException {
+    bodyWriter.endArray();
+    endMessageIfBatch(RequestType.APP_INTEGRATIONS_CHANGE);
+  }
+
+  public void beginDependencies() throws IOException {
+    beginMessageIfBatch(RequestType.APP_DEPENDENCIES_LOADED);
+    bodyWriter.name("dependencies").beginArray();
+  }
+
+  public void writeDependency(Dependency d) throws IOException {
+    bodyWriter.beginObject();
+    bodyWriter.name("hash").value(d.hash); // optional
+    bodyWriter.name("name").value(d.name);
+    bodyWriter.name("version").value(d.version); // optional
+    bodyWriter.endObject();
+  }
+
+  public void endDependencies() throws IOException {
+    bodyWriter.endArray();
+    endMessageIfBatch(RequestType.APP_DEPENDENCIES_LOADED);
+  }
+
+  public void writeProducts(boolean appsecEnabled, boolean profilerEnabled) throws IOException {
+    bodyWriter.name("products");
+    bodyWriter.beginObject();
+
+    bodyWriter.name("appsec");
+    bodyWriter.beginObject();
+    bodyWriter.name("enabled").value(appsecEnabled);
+    bodyWriter.endObject();
+
+    bodyWriter.name("profiler");
+    bodyWriter.beginObject();
+    bodyWriter.name("enabled").value(profilerEnabled);
+    bodyWriter.endObject();
+
+    bodyWriter.endObject();
+  }
+
+  @Nullable
+  @Override
+  public MediaType contentType() {
+    return TelemetryRequest.JSON;
+  }
+
+  @Override
+  public void writeTo(BufferedSink sink) throws IOException {
+    sink.write(body, body.size());
+  }
+
+  public long size() {
+    return body.size();
+  }
+
+  private void beginMessageIfBatch(RequestType messageType) {
+    if (requestType != RequestType.MESSAGE_BATCH) {
+      return;
+    }
+    try {
+      bodyWriter.beginObject();
+      bodyWriter.name("request_type").value(String.valueOf(messageType));
+      if (messageType != RequestType.APP_HEARTBEAT) {
+        bodyWriter.name("payload");
+        bodyWriter.beginObject();
+      }
+    } catch (Exception ex) {
+      throw new SerializationException("begin-message", ex);
+    }
+  }
+
+  private void endMessageIfBatch(RequestType messageType) {
+    if (requestType != RequestType.MESSAGE_BATCH) {
+      return;
+    }
+    try {
+      if (messageType != RequestType.APP_HEARTBEAT) {
+        bodyWriter.endObject(); // payload
+      }
+      bodyWriter.endObject(); // message
+    } catch (Exception ex) {
+      throw new SerializationException("end-message", ex);
+    }
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetryRouter.java b/telemetry/src/main/java/datadog/telemetry/TelemetryRouter.java
new file mode 100644
index 00000000000..076137c5852
--- /dev/null
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetryRouter.java
@@ -0,0 +1,72 @@
+package datadog.telemetry;
+
+import datadog.communication.ddagent.DDAgentFeaturesDiscovery;
+import javax.annotation.Nullable;
+import okhttp3.HttpUrl;
+import okhttp3.Request;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TelemetryRouter {
+  private static final Logger log = LoggerFactory.getLogger(TelemetryRouter.class);
+
+  private final DDAgentFeaturesDiscovery ddAgentFeaturesDiscovery;
+  private final TelemetryClient agentClient;
+
+  private final TelemetryClient intakeClient;
+
+  private TelemetryClient currentClient;
+  private boolean errorReported;
+
+  public TelemetryRouter(
+      DDAgentFeaturesDiscovery ddAgentFeaturesDiscovery,
+      TelemetryClient agentClient,
+      @Nullable TelemetryClient intakeClient) {
+    this.ddAgentFeaturesDiscovery = ddAgentFeaturesDiscovery;
+    this.agentClient = agentClient;
+    this.intakeClient = intakeClient;
+    this.currentClient = agentClient;
+  }
+
+  public TelemetryClient.Result sendRequest(TelemetryRequest request) {
+    ddAgentFeaturesDiscovery.discoverIfOutdated();
+    boolean agentSupportsTelemetryProxy = ddAgentFeaturesDiscovery.supportsTelemetryProxy();
+
+    Request.Builder httpRequestBuilder = request.httpRequest();
+    TelemetryClient.Result result = currentClient.sendHttpRequest(httpRequestBuilder);
+
+    boolean requestFailed = result != TelemetryClient.Result.SUCCESS;
+    if (currentClient == agentClient) {
+      if (requestFailed) {
+        reportErrorOnce(currentClient.getUrl(), result);
+        if (intakeClient != null) {
+          log.info("Agent Telemetry endpoint failed. Telemetry will be sent to Intake.");
+          errorReported = false;
+          currentClient = intakeClient;
+        }
+      }
+    } else {
+      if (requestFailed) {
+        reportErrorOnce(currentClient.getUrl(), result);
+      }
+      if (agentSupportsTelemetryProxy || requestFailed) {
+        errorReported = false;
+        if (agentSupportsTelemetryProxy) {
+          log.info("Agent Telemetry endpoint is now available. Telemetry will be sent to Agent.");
+        } else {
+          log.info("Intake Telemetry endpoint failed. Telemetry will be sent to Agent.");
+        }
+        currentClient = agentClient;
+      }
+    }
+
+    return result;
+  }
+
+  private void reportErrorOnce(HttpUrl requestUrl, TelemetryClient.Result result) {
+    if (!errorReported) {
+      log.warn("Got {} sending telemetry request to {}.", result, requestUrl);
+      errorReported = true;
+    }
+  }
+}
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetryRunnable.java b/telemetry/src/main/java/datadog/telemetry/TelemetryRunnable.java
index 0ba12e238f7..14fa7df1aac 100644
--- a/telemetry/src/main/java/datadog/telemetry/TelemetryRunnable.java
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetryRunnable.java
@@ -3,6 +3,7 @@
 import datadog.telemetry.metric.MetricPeriodicAction;
 import datadog.trace.api.Config;
 import datadog.trace.api.ConfigCollector;
+import datadog.trace.api.ConfigSetting;
 import datadog.trace.api.time.SystemTimeSource;
 import datadog.trace.api.time.TimeSource;
 import java.util.List;
@@ -14,11 +15,14 @@
 public class TelemetryRunnable implements Runnable {
 
   private static final Logger log = LoggerFactory.getLogger(TelemetryRunnable.class);
+  private static final int MAX_APP_STARTED_RETRIES = 3;
+  private static final int MAX_CONSECUTIVE_REQUESTS = 3;
 
   private final TelemetryService telemetryService;
   private final List<TelemetryPeriodicAction> actions;
   private final List<MetricPeriodicAction> actionsAtMetricsInterval;
   private final Scheduler scheduler;
+  private boolean startupEventSent;
 
   public TelemetryRunnable(
       final TelemetryService telemetryService, final List<TelemetryPeriodicAction> actions) {
@@ -38,7 +42,8 @@ public TelemetryRunnable(
             timeSource,
             sleeper,
             (long) (Config.get().getTelemetryHeartbeatInterval() * 1000),
-            (long) (Config.get().getTelemetryMetricsInterval() * 1000));
+            (long) (Config.get().getTelemetryMetricsInterval() * 1000),
+            Config.get().getTelemetryExtendedHeartbeatInterval() * 1000);
   }
 
   private List<MetricPeriodicAction> findMetricPeriodicActions(
@@ -54,11 +59,21 @@ public void run() {
     // Ensure that Config has been initialized, so ConfigCollector can collect all settings first.
     Config.get();
 
+    collectConfigChanges();
+
     scheduler.init();
 
     while (!Thread.interrupted()) {
       try {
-        mainLoopIteration();
+        if (!startupEventSent) {
+          startupEventSent = sendAppStartedEvent();
+        }
+        if (startupEventSent) {
+          mainLoopIteration();
+        } else {
+          // wait until next heartbeat interval before reattempting startup event
+          scheduler.shouldRunHeartbeat();
+        }
         scheduler.sleepUntilNextIteration();
       } catch (InterruptedException e) {
         log.debug("Interrupted; finishing telemetry thread");
@@ -66,15 +81,32 @@ public void run() {
       }
     }
 
-    telemetryService.sendAppClosingRequest();
+    flushPendingTelemetryData();
+    telemetryService.sendAppClosingEvent();
     log.debug("Telemetry thread finished");
   }
 
-  private void mainLoopIteration() throws InterruptedException {
-    Map<String, Object> collectedConfig = ConfigCollector.get().collect();
-    if (!collectedConfig.isEmpty()) {
-      telemetryService.addConfiguration(collectedConfig);
+  /**
+   * Attempts to send an app-started event.
+   *
+   * @return `true` - if attempt was successful and `false` otherwise
+   */
+  private boolean sendAppStartedEvent() {
+    int attempt = 0;
+    while (!Thread.interrupted()
+        && attempt < MAX_APP_STARTED_RETRIES
+        && !telemetryService.sendAppStartedEvent()) {
+      attempt += 1;
+      log.debug(
+          "Couldn't send an app-started event on {} attempt out of {}.",
+          attempt,
+          MAX_APP_STARTED_RETRIES);
     }
+    return Thread.interrupted() || attempt < MAX_APP_STARTED_RETRIES;
+  }
+
+  private void mainLoopIteration() throws InterruptedException {
+    collectConfigChanges();
 
     // Collect request metrics every N seconds (default 10s)
     if (scheduler.shouldRunMetrics()) {
@@ -87,10 +119,43 @@ private void mainLoopIteration() throws InterruptedException {
       for (final TelemetryPeriodicAction action : this.actions) {
         action.doIteration(this.telemetryService);
       }
-      telemetryService.sendIntervalRequests();
+      for (int i = 0; i < MAX_CONSECUTIVE_REQUESTS; i++) {
+        if (!telemetryService.sendTelemetryEvents()) {
+          // stop if there is no more data to be sent, or it failed to send a request
+          break;
+        }
+      }
+    }
+
+    if (scheduler.shouldRunExtendedHeartbeat()) {
+      if (telemetryService.sendExtendedHeartbeat()) {
+        // advance next extended-heartbeat only if request was successful, otherwise reattempt it
+        // next heartbeat interval
+        scheduler.scheduleNextExtendedHeartbeat();
+      }
+    }
+  }
+
+  private void collectConfigChanges() {
+    Map<String, ConfigSetting> collectedConfig = ConfigCollector.get().collect();
+    if (!collectedConfig.isEmpty()) {
+      telemetryService.addConfiguration(collectedConfig);
     }
   }
 
+  private void flushPendingTelemetryData() {
+    collectConfigChanges();
+
+    for (MetricPeriodicAction action : actionsAtMetricsInterval) {
+      action.collector().prepareMetrics();
+    }
+
+    for (final TelemetryPeriodicAction action : actions) {
+      action.doIteration(telemetryService);
+    }
+    telemetryService.sendTelemetryEvents();
+  }
+
   interface ThreadSleeper {
     void sleep(long timeoutMs);
   }
@@ -114,8 +179,10 @@ static class Scheduler {
     private final TimeSource timeSource;
     private final ThreadSleeper sleeper;
     private final long heartbeatIntervalMs;
+    private final long extendedHeartbeatIntervalMs;
     private final long metricsIntervalMs;
     private long nextHeartbeatIntervalMs;
+    private long nextExtendedHeartbeatIntervalMs;
     private long nextMetricsIntervalMs;
     private long currentTime;
 
@@ -123,13 +190,16 @@ public Scheduler(
         final TimeSource timeSource,
         final ThreadSleeper sleeper,
         final long heartbeatIntervalMs,
-        final long metricsIntervalMs) {
+        final long metricsIntervalMs,
+        final long extendedHeartbeatIntervalMs) {
       this.timeSource = timeSource;
       this.sleeper = sleeper;
       this.heartbeatIntervalMs = heartbeatIntervalMs;
       this.metricsIntervalMs = metricsIntervalMs;
+      this.extendedHeartbeatIntervalMs = extendedHeartbeatIntervalMs;
       nextHeartbeatIntervalMs = 0;
       nextMetricsIntervalMs = 0;
+      nextExtendedHeartbeatIntervalMs = 0;
       currentTime = 0;
     }
 
@@ -138,6 +208,7 @@ public void init() {
       this.currentTime = currentTime;
       nextMetricsIntervalMs = currentTime;
       nextHeartbeatIntervalMs = currentTime;
+      scheduleNextExtendedHeartbeat();
     }
 
     public boolean shouldRunMetrics() {
@@ -156,6 +227,15 @@ public boolean shouldRunHeartbeat() {
       return false;
     }
 
+    public boolean shouldRunExtendedHeartbeat() {
+      return currentTime >= nextExtendedHeartbeatIntervalMs;
+    }
+
+    public void scheduleNextExtendedHeartbeat() {
+      // schedule very first extended-heartbeat only after interval elapses
+      nextExtendedHeartbeatIntervalMs = currentTime + extendedHeartbeatIntervalMs;
+    }
+
     public void sleepUntilNextIteration() {
       currentTime = timeSource.getCurrentTimeMillis();
 
@@ -173,8 +253,7 @@ public void sleepUntilNextIteration() {
       while (currentTime >= nextMetricsIntervalMs) {
         // If metric collection exceeded the interval, something went really wrong. Either there's a
         // very short interval (not default), or metric collection is taking abnormally long. We
-        // skip
-        // intervals in this case.
+        // skip intervals in this case.
         nextMetricsIntervalMs += metricsIntervalMs;
       }
 
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetryService.java b/telemetry/src/main/java/datadog/telemetry/TelemetryService.java
index 3565847a52f..2e2bffadb44 100644
--- a/telemetry/src/main/java/datadog/telemetry/TelemetryService.java
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetryService.java
@@ -1,38 +1,27 @@
 package datadog.telemetry;
 
-import datadog.telemetry.api.ConfigChange;
+import datadog.communication.ddagent.DDAgentFeaturesDiscovery;
 import datadog.telemetry.api.DistributionSeries;
 import datadog.telemetry.api.Integration;
 import datadog.telemetry.api.LogMessage;
 import datadog.telemetry.api.Metric;
 import datadog.telemetry.api.RequestType;
 import datadog.telemetry.dependency.Dependency;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
+import datadog.trace.api.ConfigSetting;
 import java.util.Map;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.LinkedBlockingQueue;
-import javax.annotation.Nullable;
-import okhttp3.HttpUrl;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class TelemetryService {
-  private static final Logger log = LoggerFactory.getLogger(TelemetryService.class);
-  private static final String API_ENDPOINT = "telemetry/proxy/api/v2/apmtelemetry";
 
-  private static final int MAX_ELEMENTS_PER_REQUEST = 100;
+  private static final Logger log = LoggerFactory.getLogger(TelemetryService.class);
 
-  // https://github.com/DataDog/instrumentation-telemetry-api-docs/blob/main/GeneratedDocumentation/ApiDocs/v2/producing-telemetry.md#when-to-use-it-1
-  private static final int MAX_DEPENDENCIES_PER_REQUEST = 2000;
+  private static final long DEFAULT_MESSAGE_BYTES_SOFT_LIMIT = Math.round(5 * 1024 * 1024 * 0.75);
 
-  private final HttpClient httpClient;
-  private final int maxElementsPerReq;
-  private final int maxDepsPerReq;
-  private final BlockingQueue<ConfigChange> configurations = new LinkedBlockingQueue<>();
+  private final TelemetryRouter telemetryRouter;
+  private final BlockingQueue<ConfigSetting> configurations = new LinkedBlockingQueue<>();
   private final BlockingQueue<Integration> integrations = new LinkedBlockingQueue<>();
   private final BlockingQueue<Dependency> dependencies = new LinkedBlockingQueue<>();
   private final BlockingQueue<Metric> metrics =
@@ -43,9 +32,13 @@ public class TelemetryService {
   private final BlockingQueue<DistributionSeries> distributionSeries =
       new LinkedBlockingQueue<>(1024);
 
-  private final HttpUrl httpUrl;
+  private final ExtendedHeartbeatData extendedHeartbeatData = new ExtendedHeartbeatData();
+  private final EventSource.Queued eventSource =
+      new EventSource.Queued(
+          configurations, integrations, dependencies, metrics, distributionSeries, logMessages);
 
-  private boolean sentAppStarted;
+  private final long messageBytesSoftLimit;
+  private final boolean debug;
 
   /*
    * Keep track of Open Tracing and Open Telemetry integrations activation as they are mutually exclusive.
@@ -53,32 +46,32 @@ public class TelemetryService {
   private boolean openTracingIntegrationEnabled;
   private boolean openTelemetryIntegrationEnabled;
 
-  public TelemetryService(final OkHttpClient okHttpClient, final HttpUrl httpUrl) {
-    this(new HttpClient(okHttpClient), httpUrl);
-  }
-
-  public TelemetryService(final HttpClient httpClient, final HttpUrl httpUrl) {
-    this(httpClient, MAX_ELEMENTS_PER_REQUEST, MAX_DEPENDENCIES_PER_REQUEST, httpUrl);
+  public static TelemetryService build(
+      DDAgentFeaturesDiscovery ddAgentFeaturesDiscovery,
+      TelemetryClient agentClient,
+      TelemetryClient intakeClient,
+      boolean debug) {
+    TelemetryRouter telemetryRouter =
+        new TelemetryRouter(ddAgentFeaturesDiscovery, agentClient, intakeClient);
+    return new TelemetryService(telemetryRouter, DEFAULT_MESSAGE_BYTES_SOFT_LIMIT, debug);
   }
 
   // For testing purposes
   TelemetryService(
-      final HttpClient httpClient,
-      final int maxElementsPerReq,
-      final int maxDepsPerReq,
-      final HttpUrl agentUrl) {
-    this.httpClient = httpClient;
-    this.sentAppStarted = false;
+      final TelemetryRouter telemetryRouter,
+      final long messageBytesSoftLimit,
+      final boolean debug) {
+    this.telemetryRouter = telemetryRouter;
     this.openTracingIntegrationEnabled = false;
     this.openTelemetryIntegrationEnabled = false;
-    this.maxElementsPerReq = maxElementsPerReq;
-    this.maxDepsPerReq = maxDepsPerReq;
-    this.httpUrl = agentUrl.newBuilder().addPathSegments(API_ENDPOINT).build();
+    this.messageBytesSoftLimit = messageBytesSoftLimit;
+    this.debug = debug;
   }
 
-  public boolean addConfiguration(Map<String, Object> configuration) {
-    for (Map.Entry<String, Object> entry : configuration.entrySet()) {
-      if (!this.configurations.offer(new ConfigChange(entry.getKey(), entry.getValue()))) {
+  public boolean addConfiguration(Map<String, ConfigSetting> configuration) {
+    for (ConfigSetting cs : configuration.values()) {
+      extendedHeartbeatData.pushConfigSetting(cs);
+      if (!this.configurations.offer(cs)) {
         return false;
       }
     }
@@ -86,17 +79,21 @@ public boolean addConfiguration(Map<String, Object> configuration) {
   }
 
   public boolean addDependency(Dependency dependency) {
+    extendedHeartbeatData.pushDependency(dependency);
     return this.dependencies.offer(dependency);
   }
 
   public boolean addIntegration(Integration integration) {
-    if ("opentelemetry-1".equals(integration.name) && integration.enabled) {
-      this.openTelemetryIntegrationEnabled = true;
-      warnAboutExclusiveIntegrations();
-    } else if ("opentracing".equals(integration.name) && integration.enabled) {
-      this.openTracingIntegrationEnabled = true;
+    if ("opentelemetry-1".equals(integration.name)) {
+      openTelemetryIntegrationEnabled = integration.enabled;
+    }
+    if ("opentracing".equals(integration.name)) {
+      openTracingIntegrationEnabled = integration.enabled;
+    }
+    if (openTelemetryIntegrationEnabled && openTracingIntegrationEnabled) {
       warnAboutExclusiveIntegrations();
     }
+    extendedHeartbeatData.pushIntegration(integration);
     return this.integrations.offer(integration);
   }
 
@@ -114,260 +111,131 @@ public boolean addDistributionSeries(DistributionSeries series) {
     return this.distributionSeries.offer(series);
   }
 
-  public void sendAppClosingRequest() {
-    RequestBuilder rb = new RequestBuilder(RequestType.APP_CLOSING, httpUrl);
-    rb.writeHeader();
-    rb.writeFooter();
-    Request request = rb.request();
-    httpClient.sendRequest(request);
-  }
-
-  public void sendIntervalRequests() {
-    final State state =
-        new State(
-            configurations, integrations, dependencies, metrics, distributionSeries, logMessages);
-    if (!sentAppStarted) {
-      RequestBuilder rb = new RequestBuilder(RequestType.APP_STARTED, httpUrl);
-      rb.writeHeader();
-      rb.writeConfigChangeEvent(state.configurations.getOrNull());
-      rb.writeIntegrationsEvent(state.integrations.get(maxElementsPerReq));
-      rb.writeDependenciesLoadedEvent(state.dependencies.get(maxElementsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-
-      if (result != HttpClient.Result.SUCCESS) {
-        // Do not send other telemetry messages unless app-started has been sent successfully.
-        state.rollback();
-        return;
-      }
-      sentAppStarted = true;
-      state.commit();
-      state.rollback();
-      // When app-started is sent, we do not send more messages until the next interval.
-      return;
-    }
-
-    {
-      RequestBuilder rb = new RequestBuilder(RequestType.APP_HEARTBEAT, httpUrl);
-      rb.writeHeader();
-      rb.writeFooter();
-      if (httpClient.sendRequest(rb.request()) == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      }
-    }
-
-    while (!state.configurations.isEmpty()) {
-      RequestBuilder rb = new RequestBuilder(RequestType.APP_CLIENT_CONFIGURATION_CHANGE, httpUrl);
-      rb.writeHeader();
-      rb.writeConfigChangeEvent(state.configurations.get(maxElementsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-      if (result == HttpClient.Result.SUCCESS) {
-        state.commit();
-      } else if (result == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      } else {
-        state.configurations.rollback();
-        break;
-      }
-    }
-
-    while (!state.integrations.isEmpty()) {
-      RequestBuilder rb = new RequestBuilder(RequestType.APP_INTEGRATIONS_CHANGE, httpUrl);
-      rb.writeHeader();
-      rb.writeIntegrationsEvent(state.integrations.get(maxElementsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-      if (result == HttpClient.Result.SUCCESS) {
-        state.commit();
-      } else if (result == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      } else {
-        state.integrations.rollback();
-        break;
-      }
-    }
-
-    while (!state.dependencies.isEmpty()) {
-      RequestBuilder rb = new RequestBuilder(RequestType.APP_DEPENDENCIES_LOADED, httpUrl);
-      rb.writeHeader();
-      rb.writeDependenciesLoadedEvent(state.dependencies.get(maxDepsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-      if (result == HttpClient.Result.SUCCESS) {
-        state.commit();
-      } else if (result == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      } else {
-        state.dependencies.rollback();
-        break;
-      }
-    }
-
-    while (!state.metrics.isEmpty()) {
-      RequestBuilder rb = new RequestBuilder(RequestType.GENERATE_METRICS, httpUrl);
-      rb.writeHeader();
-      rb.writeMetrics(state.metrics.get(maxElementsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-      if (result == HttpClient.Result.SUCCESS) {
-        state.commit();
-      } else if (result == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      } else {
-        state.metrics.rollback();
-        break;
-      }
-    }
-
-    while (!state.distributionSeries.isEmpty()) {
-      RequestBuilder rb = new RequestBuilder(RequestType.DISTRIBUTIONS, httpUrl);
-      rb.writeHeader();
-      rb.writeDistributionsEvent(state.distributionSeries.get(maxElementsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-      if (result == HttpClient.Result.SUCCESS) {
-        state.commit();
-      } else if (result == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      } else {
-        state.distributionSeries.rollback();
-        break;
-      }
-    }
-
-    while (!state.logMessages.isEmpty()) {
-
-      RequestBuilder rb = new RequestBuilder(RequestType.LOGS, httpUrl);
-      rb.writeHeader();
-      rb.writeLogsEvent(state.logMessages.get(maxElementsPerReq));
-      rb.writeFooter();
-      HttpClient.Result result = httpClient.sendRequest(rb.request());
-
-      if (result == HttpClient.Result.SUCCESS) {
-        state.commit();
-      } else if (result == HttpClient.Result.NOT_FOUND) {
-        state.rollback();
-        return;
-      } else {
-        state.logMessages.rollback();
-        break;
-      }
+  public void sendAppClosingEvent() {
+    TelemetryRequest telemetryRequest =
+        new TelemetryRequest(
+            this.eventSource,
+            EventSink.NOOP,
+            messageBytesSoftLimit,
+            RequestType.APP_CLOSING,
+            debug);
+    if (telemetryRouter.sendRequest(telemetryRequest) != TelemetryClient.Result.SUCCESS) {
+      log.warn("Couldn't send app-closing event!");
     }
   }
 
-  private void warnAboutExclusiveIntegrations() {
-    if (this.openTelemetryIntegrationEnabled && this.openTracingIntegrationEnabled) {
-      log.warn(
-          "Both Open Tracing and Open Telemetry integrations are enabled but mutually exclusive. Tracing performance can be degraded.");
-    }
+  // keeps track of unsent events from the previous attempt
+  private BufferedEvents bufferedEvents;
+
+  /** @return true - if an app-started event has been successfully sent, false - otherwise */
+  public boolean sendAppStartedEvent() {
+    EventSource eventSource;
+    EventSink eventSink;
+    if (bufferedEvents == null) {
+      eventSource = this.eventSource;
+    } else {
+      log.debug(
+          "Sending buffered telemetry events that couldn't have been sent on previous attempt");
+      eventSource = bufferedEvents;
+    }
+    // use a buffer as a sink, so we can retry on the next attempt in case of a request failure
+    bufferedEvents = new BufferedEvents();
+    eventSink = bufferedEvents;
+
+    log.debug("Preparing app-started request");
+    TelemetryRequest request =
+        new TelemetryRequest(
+            eventSource, eventSink, messageBytesSoftLimit, RequestType.APP_STARTED, debug);
+    request.writeProducts();
+    request.writeConfigurations();
+    if (telemetryRouter.sendRequest(request) == TelemetryClient.Result.SUCCESS) {
+      // discard already sent buffered event on the successful attempt
+      bufferedEvents = null;
+      return true;
+    }
+    return false;
   }
 
-  private static class StateList<T> {
-    private final BlockingQueue<T> queue;
-    private List<T> batch;
-    private int consumed;
-
-    public StateList(final BlockingQueue<T> queue) {
-      this.queue = queue;
-      final int size = queue.size();
-      this.batch = new ArrayList<>(size);
-      queue.drainTo(this.batch);
-      this.consumed = 0;
-    }
-
-    public boolean isEmpty() {
-      return consumed >= batch.size();
-    }
-
-    @Nullable
-    public List<T> getOrNull() {
-      final List<T> result = get();
-      if (result.isEmpty()) {
-        return null;
-      }
-      return result;
-    }
-
-    public List<T> get() {
-      return get(batch.size());
-    }
-
-    public List<T> get(final int maxSize) {
-      if (consumed >= batch.size()) {
-        return Collections.emptyList();
-      }
-      final int toIndex = Math.min(batch.size(), consumed + maxSize);
-      final List<T> result = batch.subList(consumed, toIndex);
-      consumed += result.size();
-      return result;
-    }
-
-    public void commit() {
-      if (consumed >= batch.size()) {
-        batch = Collections.emptyList();
-      } else {
-        batch = batch.subList(consumed, batch.size());
-      }
-      consumed = 0;
-    }
-
-    public void rollback() {
-      for (final T element : batch) {
-        // Ignore result, if the queue is full, we'll just lose data.
-        // TODO: Emit a metric when data is lost.
-        queue.offer(element);
+  /**
+   * @return true - only part of data has been sent because of the request size limit false - all
+   *     data has been sent, or it has failed sending a request
+   */
+  public boolean sendTelemetryEvents() {
+    EventSource eventSource;
+    EventSink eventSink;
+    if (bufferedEvents == null) {
+      log.debug("Sending telemetry events");
+      eventSource = this.eventSource;
+      // use a buffer as a sink, so we can retry on the next attempt in case of a request failure
+      bufferedEvents = new BufferedEvents();
+      eventSink = bufferedEvents;
+    } else {
+      log.debug(
+          "Sending buffered telemetry events that couldn't have been sent on previous attempt");
+      eventSource = bufferedEvents;
+      eventSink = EventSink.NOOP; // TODO collect metrics for unsent events
+    }
+    TelemetryRequest request;
+    boolean isMoreDataAvailable = false;
+    if (eventSource.isEmpty()) {
+      log.debug("Preparing app-heartbeat request");
+      request =
+          new TelemetryRequest(
+              eventSource, eventSink, messageBytesSoftLimit, RequestType.APP_HEARTBEAT, debug);
+    } else {
+      log.debug("Preparing message-batch request");
+      request =
+          new TelemetryRequest(
+              eventSource, eventSink, messageBytesSoftLimit, RequestType.MESSAGE_BATCH, debug);
+      request.writeHeartbeat();
+      request.writeConfigurations();
+      request.writeIntegrations();
+      request.writeDependencies();
+      request.writeMetrics();
+      request.writeDistributions();
+      request.writeLogs();
+      isMoreDataAvailable = !this.eventSource.isEmpty();
+    }
+
+    TelemetryClient.Result result = telemetryRouter.sendRequest(request);
+    if (result == TelemetryClient.Result.SUCCESS) {
+      log.debug("Telemetry request has been sent successfully.");
+      bufferedEvents = null;
+      return isMoreDataAvailable;
+    } else {
+      log.debug("Telemetry request has failed: {}", result);
+      if (eventSource == bufferedEvents) {
+        // TODO report metrics for discarded events
+        bufferedEvents = null;
       }
-      batch = Collections.emptyList();
-      consumed = 0;
     }
+    return false;
   }
 
-  private static class State {
-    private final StateList<ConfigChange> configurations;
-    private final StateList<Integration> integrations;
-    private final StateList<Dependency> dependencies;
-    private final StateList<Metric> metrics;
-    private final StateList<DistributionSeries> distributionSeries;
-    private final StateList<LogMessage> logMessages;
-
-    public State(
-        BlockingQueue<ConfigChange> configurations,
-        BlockingQueue<Integration> integrations,
-        BlockingQueue<Dependency> dependencies,
-        BlockingQueue<Metric> metrics,
-        BlockingQueue<DistributionSeries> distributionSeries,
-        BlockingQueue<LogMessage> logMessages) {
-      this.configurations = new StateList<>(configurations);
-      this.integrations = new StateList<>(integrations);
-      this.dependencies = new StateList<>(dependencies);
-      this.metrics = new StateList<>(metrics);
-      this.distributionSeries = new StateList<>(distributionSeries);
-      this.logMessages = new StateList<>(logMessages);
-    }
-
-    public void rollback() {
-      this.configurations.rollback();
-      this.integrations.rollback();
-      this.dependencies.rollback();
-      this.metrics.rollback();
-      this.distributionSeries.rollback();
-      this.logMessages.rollback();
-    }
+  /** @return true - if extended heartbeat request sent successfully, otherwise false */
+  public boolean sendExtendedHeartbeat() {
+    log.debug("Preparing message-batch request");
+    EventSource extendedHeartbeatDataSnapshot = extendedHeartbeatData.snapshot();
+    TelemetryRequest request =
+        new TelemetryRequest(
+            extendedHeartbeatDataSnapshot,
+            EventSink.NOOP,
+            messageBytesSoftLimit,
+            RequestType.APP_EXTENDED_HEARTBEAT,
+            debug);
+    request.writeConfigurations();
+    request.writeDependencies();
+    request.writeIntegrations();
+
+    TelemetryClient.Result result = telemetryRouter.sendRequest(request);
+    if (!extendedHeartbeatDataSnapshot.isEmpty()) {
+      log.warn("Telemetry Extended Heartbeat data does NOT fit in one request.");
+    }
+    return result == TelemetryClient.Result.SUCCESS;
+  }
 
-    public void commit() {
-      this.configurations.commit();
-      this.integrations.commit();
-      this.dependencies.commit();
-      this.metrics.commit();
-      this.distributionSeries.commit();
-      this.logMessages.commit();
-    }
+  void warnAboutExclusiveIntegrations() {
+    log.warn(
+        "Both OpenTracing and OpenTelemetry integrations are enabled but mutually exclusive. Tracing performance can be degraded.");
   }
 }
diff --git a/telemetry/src/main/java/datadog/telemetry/TelemetrySystem.java b/telemetry/src/main/java/datadog/telemetry/TelemetrySystem.java
index f14ba47f151..e249239f5bc 100644
--- a/telemetry/src/main/java/datadog/telemetry/TelemetrySystem.java
+++ b/telemetry/src/main/java/datadog/telemetry/TelemetrySystem.java
@@ -1,5 +1,6 @@
 package datadog.telemetry;
 
+import datadog.communication.ddagent.DDAgentFeaturesDiscovery;
 import datadog.communication.ddagent.SharedCommunicationObjects;
 import datadog.telemetry.TelemetryRunnable.TelemetryPeriodicAction;
 import datadog.telemetry.dependency.DependencyPeriodicAction;
@@ -14,6 +15,7 @@
 import java.lang.instrument.Instrumentation;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.concurrent.TimeUnit;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -22,8 +24,8 @@ public class TelemetrySystem {
   private static final long TELEMETRY_STOP_WAIT_MILLIS = 5000L;
   private static final Logger log = LoggerFactory.getLogger(TelemetrySystem.class);
 
-  private static Thread TELEMETRY_THREAD;
-  private static DependencyService DEPENDENCY_SERVICE;
+  private static volatile Thread TELEMETRY_THREAD;
+  private static volatile DependencyService DEPENDENCY_SERVICE;
 
   static DependencyService createDependencyService(Instrumentation instrumentation) {
     if (instrumentation != null && Config.get().isTelemetryDependencyServiceEnabled()) {
@@ -36,15 +38,19 @@ static DependencyService createDependencyService(Instrumentation instrumentation
   }
 
   static Thread createTelemetryRunnable(
-      TelemetryService telemetryService, DependencyService dependencyService) {
+      TelemetryService telemetryService,
+      DependencyService dependencyService,
+      boolean telemetryMetricsEnabled) {
     DEPENDENCY_SERVICE = dependencyService;
 
     List<TelemetryPeriodicAction> actions = new ArrayList<>();
-    actions.add(new CoreMetricsPeriodicAction());
-    actions.add(new IntegrationPeriodicAction());
-    actions.add(new WafMetricPeriodicAction());
-    if (Verbosity.OFF != Config.get().getIastTelemetryVerbosity()) {
-      actions.add(new IastMetricPeriodicAction());
+    if (telemetryMetricsEnabled) {
+      actions.add(new CoreMetricsPeriodicAction());
+      actions.add(new IntegrationPeriodicAction());
+      actions.add(new WafMetricPeriodicAction());
+      if (Verbosity.OFF != Config.get().getIastTelemetryVerbosity()) {
+        actions.add(new IastMetricPeriodicAction());
+      }
     }
     if (null != dependencyService) {
       actions.add(new DependencyPeriodicAction(dependencyService));
@@ -58,29 +64,45 @@ static Thread createTelemetryRunnable(
   /** Called by reflection (see Agent.startTelemetry) */
   public static void startTelemetry(
       Instrumentation instrumentation, SharedCommunicationObjects sco) {
-    sco.createRemaining(Config.get());
+    Config config = Config.get();
+    sco.createRemaining(config);
     DependencyService dependencyService = createDependencyService(instrumentation);
-    TelemetryService telemetryService = new TelemetryService(sco.okHttpClient, sco.agentUrl);
-    TELEMETRY_THREAD = createTelemetryRunnable(telemetryService, dependencyService);
+    boolean debug = config.isTelemetryDebugRequestsEnabled();
+    DDAgentFeaturesDiscovery ddAgentFeaturesDiscovery = sco.featuresDiscovery(config);
+
+    TelemetryClient agentClient = TelemetryClient.buildAgentClient(sco.okHttpClient, sco.agentUrl);
+    TelemetryClient intakeClient =
+        TelemetryClient.buildIntakeClient(
+            config.getSite(),
+            TimeUnit.SECONDS.toMillis(config.getAgentTimeout()),
+            config.getApiKey());
+    TelemetryService telemetryService =
+        TelemetryService.build(ddAgentFeaturesDiscovery, agentClient, intakeClient, debug);
+
+    boolean telemetryMetricsEnabled = config.isTelemetryMetricsEnabled();
+    TELEMETRY_THREAD =
+        createTelemetryRunnable(telemetryService, dependencyService, telemetryMetricsEnabled);
     TELEMETRY_THREAD.start();
   }
 
+  /** Called by reflection (see Agent.stopTelemetry) */
   public static void stop() {
-    // TODO This is never called in the prod code. Should be part of Agent.shutdown?
-    if (DEPENDENCY_SERVICE != null) {
-      DEPENDENCY_SERVICE.stop();
+    DependencyService dependencyService = DEPENDENCY_SERVICE;
+    if (dependencyService != null) {
+      dependencyService.stop();
     }
-    if (TELEMETRY_THREAD != null) {
-      TELEMETRY_THREAD.interrupt();
+
+    Thread telemetryThread = TELEMETRY_THREAD;
+    if (telemetryThread != null) {
+      telemetryThread.interrupt();
       try {
-        TELEMETRY_THREAD.join(TELEMETRY_STOP_WAIT_MILLIS);
+        telemetryThread.join(TELEMETRY_STOP_WAIT_MILLIS);
       } catch (InterruptedException e) {
         log.warn("Telemetry thread join was interrupted");
       }
-      if (TELEMETRY_THREAD.isAlive()) {
+      if (telemetryThread.isAlive()) {
         log.warn("Telemetry thread join was not completed");
       }
-      TELEMETRY_THREAD = null;
     }
   }
 }
diff --git a/telemetry/src/main/java/datadog/telemetry/api/ConfigChange.java b/telemetry/src/main/java/datadog/telemetry/api/ConfigChange.java
deleted file mode 100644
index 542ee0496bf..00000000000
--- a/telemetry/src/main/java/datadog/telemetry/api/ConfigChange.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package datadog.telemetry.api;
-
-public final class ConfigChange {
-  public final String name;
-  public final Object value;
-
-  public ConfigChange(String name, Object value) {
-    this.name = name;
-    this.value = value;
-  }
-}
diff --git a/telemetry/src/main/java/datadog/telemetry/api/RequestType.java b/telemetry/src/main/java/datadog/telemetry/api/RequestType.java
index e30ee0f9ee3..43d7018849a 100644
--- a/telemetry/src/main/java/datadog/telemetry/api/RequestType.java
+++ b/telemetry/src/main/java/datadog/telemetry/api/RequestType.java
@@ -2,14 +2,16 @@
 
 public enum RequestType {
   APP_STARTED("app-started"),
-  APP_CLIENT_CONFIGURATION_CHANGE("app-client-configuration-change"),
   APP_DEPENDENCIES_LOADED("app-dependencies-loaded"),
   APP_INTEGRATIONS_CHANGE("app-integrations-change"),
+  APP_CLIENT_CONFIGURATION_CHANGE("app-client-configuration-change"),
   APP_HEARTBEAT("app-heartbeat"),
+  APP_EXTENDED_HEARTBEAT("app-extended-heartbeat"),
   APP_CLOSING("app-closing"),
   GENERATE_METRICS("generate-metrics"),
   LOGS("logs"),
-  DISTRIBUTIONS("distributions");
+  DISTRIBUTIONS("distributions"),
+  MESSAGE_BATCH("message-batch");
 
   private final String value;
 
diff --git a/telemetry/src/main/java/datadog/telemetry/dependency/Dependency.java b/telemetry/src/main/java/datadog/telemetry/dependency/Dependency.java
index abac935e796..9f9cedf55e7 100644
--- a/telemetry/src/main/java/datadog/telemetry/dependency/Dependency.java
+++ b/telemetry/src/main/java/datadog/telemetry/dependency/Dependency.java
@@ -57,6 +57,24 @@ public Dependency(String name, String version, String source, @Nullable String h
     this.hash = hash;
   }
 
+  @Override
+  public String toString() {
+    return "Dependency{"
+        + "name='"
+        + name
+        + '\''
+        + ", version='"
+        + version
+        + '\''
+        + ", source='"
+        + source
+        + '\''
+        + ", hash='"
+        + hash
+        + '\''
+        + '}';
+  }
+
   public static List<Dependency> fromMavenPom(JarFile jar) {
     if (jar == null) {
       return Collections.emptyList();
diff --git a/telemetry/src/main/java/datadog/telemetry/dependency/DependencyResolver.java b/telemetry/src/main/java/datadog/telemetry/dependency/DependencyResolver.java
index c4b0842a831..3772aa775ea 100644
--- a/telemetry/src/main/java/datadog/telemetry/dependency/DependencyResolver.java
+++ b/telemetry/src/main/java/datadog/telemetry/dependency/DependencyResolver.java
@@ -117,7 +117,7 @@ static Dependency getNestedDependency(URI uri) {
       fileName = lastPart.substring(lastPart.lastIndexOf("/") + 1);
 
       return Dependency.guessFallbackNoPom(manifest, fileName, jarConnection.getInputStream());
-    } catch (IOException e) {
+    } catch (Exception e) {
       log.debug("unable to open nested jar manifest for {}", uri, e);
     }
     log.debug(
diff --git a/telemetry/src/main/java/datadog/telemetry/dependency/DependencyService.java b/telemetry/src/main/java/datadog/telemetry/dependency/DependencyService.java
index d048548c81c..ba0531d062d 100644
--- a/telemetry/src/main/java/datadog/telemetry/dependency/DependencyService.java
+++ b/telemetry/src/main/java/datadog/telemetry/dependency/DependencyService.java
@@ -81,7 +81,7 @@ private URI convertToURI(URL location) {
 
     if (uri == null) {
       try {
-        uri = location.toURI();
+        uri = new URI(location.toString().replace(" ", "%20"));
       } catch (URISyntaxException e) {
         log.warn("Error converting URL to URI", e);
         // silently ignored
diff --git a/telemetry/src/main/java/datadog/telemetry/dependency/LocationsCollectingTransformer.java b/telemetry/src/main/java/datadog/telemetry/dependency/LocationsCollectingTransformer.java
index b3633350b33..a001917dab6 100644
--- a/telemetry/src/main/java/datadog/telemetry/dependency/LocationsCollectingTransformer.java
+++ b/telemetry/src/main/java/datadog/telemetry/dependency/LocationsCollectingTransformer.java
@@ -17,9 +17,6 @@ class LocationsCollectingTransformer implements ClassFileTransformer {
   private final DDCache<ProtectionDomain, Boolean> seenDomains =
       DDCaches.newFixedSizeWeakKeyCache(MAX_CACHED_JARS);
 
-  private final ProtectionDomain tracerDomain =
-      LocationsCollectingTransformer.class.getProtectionDomain();
-
   public LocationsCollectingTransformer(DependencyService dependencyService) {
     this.dependencyService = dependencyService;
   }
@@ -31,7 +28,7 @@ public byte[] transform(
       Class<?> classBeingRedefined,
       ProtectionDomain protectionDomain,
       byte[] classfileBuffer) {
-    if (protectionDomain != null && !protectionDomain.equals(tracerDomain)) {
+    if (protectionDomain != null) {
       seenDomains.computeIfAbsent(protectionDomain, this::addDependency);
     }
     // returning 'null' is the best way to indicate that no transformation has been done.
@@ -39,13 +36,12 @@ public byte[] transform(
   }
 
   private boolean addDependency(final ProtectionDomain domain) {
-    log.debug("Saw new protection domain: {}", domain);
     final CodeSource codeSource = domain.getCodeSource();
-    if (null != codeSource) {
-      final URL location = codeSource.getLocation();
-      if (null != location) {
-        dependencyService.addURL(location);
-      }
+    final URL location = codeSource != null ? codeSource.getLocation() : null;
+    final ClassLoader classLoader = domain.getClassLoader();
+    log.debug("New protection domain with location {} and class loader {}", location, classLoader);
+    if (location != null) {
+      dependencyService.addURL(location);
     }
     return true;
   }
diff --git a/telemetry/src/test/groovy/datadog/telemetry/BufferedEventsSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/BufferedEventsSpecification.groovy
new file mode 100644
index 00000000000..1984d680635
--- /dev/null
+++ b/telemetry/src/test/groovy/datadog/telemetry/BufferedEventsSpecification.groovy
@@ -0,0 +1,108 @@
+package datadog.telemetry
+
+import datadog.telemetry.api.DistributionSeries
+import datadog.telemetry.api.Integration
+import datadog.telemetry.api.LogMessage
+import datadog.telemetry.api.Metric
+import datadog.telemetry.dependency.Dependency
+import datadog.trace.api.ConfigOrigin
+import datadog.trace.api.ConfigSetting
+import datadog.trace.test.util.DDSpecification
+
+class BufferedEventsSpecification extends DDSpecification {
+
+  def 'empty events'() {
+    def events = new BufferedEvents()
+
+    expect:
+    events.isEmpty()
+    !events.hasConfigChangeEvent()
+    !events.hasDependencyEvent()
+    !events.hasDistributionSeriesEvent()
+    !events.hasIntegrationEvent()
+    !events.hasLogMessageEvent()
+    !events.hasMetricEvent()
+  }
+
+  def 'return added events'() {
+    def events = new BufferedEvents()
+    def configSetting = new ConfigSetting("key", "value", ConfigOrigin.DEFAULT)
+    def dependency = new Dependency("name", "version", "source", "hash")
+    def series = new DistributionSeries()
+    def integration = new Integration("integration-name", true)
+    def logMessage = new LogMessage()
+    def metric = new Metric()
+
+    when:
+    events.addConfigChangeEvent(configSetting)
+
+    then:
+    !events.isEmpty()
+    events.hasConfigChangeEvent()
+    events.nextConfigChangeEvent() == configSetting
+    !events.hasConfigChangeEvent()
+    events.isEmpty()
+
+    when:
+    events.addDependencyEvent(dependency)
+
+    then:
+    !events.isEmpty()
+    events.hasDependencyEvent()
+    events.nextDependencyEvent() == dependency
+    !events.hasDependencyEvent()
+    events.isEmpty()
+
+    when:
+    events.addDistributionSeriesEvent(series)
+
+    then:
+    !events.isEmpty()
+    events.hasDistributionSeriesEvent()
+    events.nextDistributionSeriesEvent() == series
+    !events.hasDistributionSeriesEvent()
+    events.isEmpty()
+
+    when:
+    events.addIntegrationEvent(integration)
+
+    then:
+    !events.isEmpty()
+    events.hasIntegrationEvent()
+    events.nextIntegrationEvent() == integration
+    !events.hasIntegrationEvent()
+    events.isEmpty()
+
+    when:
+    events.addLogMessageEvent(logMessage)
+
+    then:
+    !events.isEmpty()
+    events.hasLogMessageEvent()
+    events.nextLogMessageEvent() == logMessage
+    !events.hasLogMessageEvent()
+    events.isEmpty()
+
+    when:
+    events.addMetricEvent(metric)
+
+    then:
+    !events.isEmpty()
+    events.hasMetricEvent()
+    events.nextMetricEvent() == metric
+    !events.hasMetricEvent()
+    events.isEmpty()
+  }
+
+  def 'noop sink'() {
+    def sink = EventSink.NOOP
+
+    expect:
+    sink.addMetricEvent(null)
+    sink.addLogMessageEvent(null)
+    sink.addIntegrationEvent(null)
+    sink.addDistributionSeriesEvent(null)
+    sink.addDependencyEvent(null)
+    sink.addConfigChangeEvent(null)
+  }
+}
diff --git a/telemetry/src/test/groovy/datadog/telemetry/ExtendedHeartbeatDataSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/ExtendedHeartbeatDataSpecification.groovy
new file mode 100644
index 00000000000..682df37c2e9
--- /dev/null
+++ b/telemetry/src/test/groovy/datadog/telemetry/ExtendedHeartbeatDataSpecification.groovy
@@ -0,0 +1,84 @@
+package datadog.telemetry
+
+import datadog.telemetry.api.Integration
+import datadog.telemetry.dependency.Dependency
+import datadog.trace.api.ConfigOrigin
+import datadog.trace.api.ConfigSetting
+import spock.lang.Specification
+
+class ExtendedHeartbeatDataSpecification extends Specification {
+
+  def dependency = new Dependency("name", "version", "source", "hash")
+  def configSetting = new ConfigSetting("key", "value", ConfigOrigin.DEFAULT)
+  def integration = new Integration("integration", true)
+
+  def 'discard dependencies after exceeding limit'() {
+    setup:
+    def extHeartbeatData = new ExtendedHeartbeatData(limit)
+
+    when:
+    (limit + 1).times {
+      extHeartbeatData.pushDependency(dependency)
+    }
+
+    then:
+    def snapshot = extHeartbeatData.snapshot()
+    int i = 0
+    while (snapshot.hasDependencyEvent()) {
+      snapshot.nextDependencyEvent()
+      i++
+    }
+    i == limit
+
+    where:
+    limit << [0, 2, 10]
+  }
+
+  def 'return all collected data'() {
+    setup:
+    def extHeartbeatData = new ExtendedHeartbeatData()
+
+    when:
+    def s0 = extHeartbeatData.snapshot()
+
+    then:
+    s0.isEmpty()
+
+    when:
+    extHeartbeatData.pushDependency(dependency)
+    extHeartbeatData.pushConfigSetting(configSetting)
+    extHeartbeatData.pushIntegration(integration)
+
+    then:
+    def s1 = extHeartbeatData.snapshot()
+
+    !s1.isEmpty()
+
+    s1.hasDependencyEvent()
+    s1.nextDependencyEvent() == dependency
+    !s1.hasDependencyEvent()
+
+    !s1.isEmpty()
+
+    s1.hasConfigChangeEvent()
+    s1.nextConfigChangeEvent() == configSetting
+    !s1.hasConfigChangeEvent()
+
+    !s1.isEmpty()
+
+    s1.hasIntegrationEvent()
+    s1.nextIntegrationEvent() == integration
+    !s1.hasIntegrationEvent()
+
+    s1.isEmpty()
+
+    when: 'another snapshot includes all data'
+    def s2 = extHeartbeatData.snapshot()
+
+    then:
+    !s2.isEmpty()
+    s2.hasDependencyEvent()
+    s2.hasConfigChangeEvent()
+    s2.hasIntegrationEvent()
+  }
+}
diff --git a/telemetry/src/test/groovy/datadog/telemetry/HttpClientSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/HttpClientSpecification.groovy
deleted file mode 100644
index 58b6d6a8fb7..00000000000
--- a/telemetry/src/test/groovy/datadog/telemetry/HttpClientSpecification.groovy
+++ /dev/null
@@ -1,59 +0,0 @@
-package datadog.telemetry
-
-import okhttp3.Call
-import okhttp3.HttpUrl
-import okhttp3.MediaType
-import okhttp3.OkHttpClient
-import okhttp3.Protocol
-import okhttp3.Request
-import okhttp3.Response
-import okhttp3.ResponseBody
-import spock.lang.Specification
-
-class HttpClientSpecification extends Specification {
-
-  def dummyRequest = new Request.Builder().url(HttpUrl.get("https://example.com")).build()
-
-  Call mockResponse(int code) {
-    Stub(Call) {
-      execute() >> {
-        new Response.Builder()
-          .request(dummyRequest)
-          .protocol(Protocol.HTTP_1_1)
-          .message("OK")
-          .body(ResponseBody.create(MediaType.get("text/plain"), "OK"))
-          .code(code)
-          .build()
-      }
-    }
-  }
-
-  OkHttpClient okHttpClient = Mock()
-
-  def httpClient = new HttpClient(okHttpClient)
-
-  def 'map an http status code to the correct send result'() {
-    when:
-    def result = httpClient.sendRequest(dummyRequest)
-
-    then:
-    result == sendResult
-    1 * okHttpClient.newCall(_) >> mockResponse(httpCode)
-
-    where:
-    httpCode | sendResult
-    100      | HttpClient.Result.FAILURE
-    202      | HttpClient.Result.SUCCESS
-    404      | HttpClient.Result.NOT_FOUND
-    500      | HttpClient.Result.FAILURE
-  }
-
-  def 'catch IOException from OkHttpClient and return FAILURE'() {
-    when:
-    def result = httpClient.sendRequest(dummyRequest)
-
-    then:
-    result == HttpClient.Result.FAILURE
-    1 * okHttpClient.newCall(_) >> { throw new IOException("exception") }
-  }
-}
diff --git a/telemetry/src/test/groovy/datadog/telemetry/RequestBuilderSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/RequestBuilderSpecification.groovy
deleted file mode 100644
index 9ddb9c35f21..00000000000
--- a/telemetry/src/test/groovy/datadog/telemetry/RequestBuilderSpecification.groovy
+++ /dev/null
@@ -1,78 +0,0 @@
-package datadog.telemetry
-
-import datadog.telemetry.api.ConfigChange
-import datadog.telemetry.api.RequestType
-import okhttp3.HttpUrl
-import okhttp3.Request
-import okio.Buffer
-import spock.lang.Specification
-
-/**
- * This test only verifies non-functional specifics that are not covered in TelemetryServiceSpecification
- */
-class RequestBuilderSpecification extends Specification {
-  final HttpUrl httpUrl = HttpUrl.get("https://example.com")
-
-  def 'throw SerializationException in case of JSON nesting problem'() {
-    setup:
-    def b = new RequestBuilder(RequestType.APP_STARTED, httpUrl)
-
-    when:
-    b.writeHeader()
-    b.writeHeader()
-
-    then:
-    RequestBuilder.SerializationException ex = thrown()
-    ex.message == "Failed serializing Telemetry request header part!"
-    ex.cause != null
-  }
-
-  def 'throw SerializationException in case of more than one top-level JSON value'() {
-    setup:
-    def b = new RequestBuilder(RequestType.APP_STARTED, httpUrl)
-
-    when:
-    b.writeHeader()
-    b.writeFooter()
-    b.writeHeader()
-
-    then:
-    RequestBuilder.SerializationException ex = thrown()
-    ex.message == "Failed serializing Telemetry request header part!"
-    ex.cause != null
-  }
-
-  def 'writeConfig must support values of Boolean, String, Integer, Double, Map<String, Object>'() {
-    setup:
-    RequestBuilder rb = new RequestBuilder(RequestType.APP_CLIENT_CONFIGURATION_CHANGE, httpUrl)
-    Map<String, Object> map = new HashMap<>()
-    map.put("key1", "value1")
-    map.put("key2", Double.parseDouble("432.32"))
-    map.put("key3", 324)
-
-    when:
-    // header needed for a proper JSON
-    rb.writeHeader()
-    // but not needed for verification
-    drainToString(rb.request())
-
-    then:
-    rb.writeConfigChangeEvent([
-      new ConfigChange("string", "bar"),
-      new ConfigChange("int", 2342),
-      new ConfigChange("double", Double.valueOf("123.456")),
-      new ConfigChange("map", map)
-    ])
-
-    then:
-    drainToString(rb.request()) == '"configuration":[{"name":"string","value":"bar"},{"name":"int","value":2342},{"name":"double","value":123.456},{"name":"map","value":{"key1":"value1","key2":432.32,"key3":324}}]'
-  }
-
-  String drainToString(Request req) {
-    Buffer buf = new Buffer()
-    req.body().writeTo(buf)
-    byte[] bytes = new byte[buf.size()]
-    buf.read(bytes)
-    return new String(bytes)
-  }
-}
diff --git a/telemetry/src/test/groovy/datadog/telemetry/TelemetryRequestBodySpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/TelemetryRequestBodySpecification.groovy
new file mode 100644
index 00000000000..18cc79c0e66
--- /dev/null
+++ b/telemetry/src/test/groovy/datadog/telemetry/TelemetryRequestBodySpecification.groovy
@@ -0,0 +1,97 @@
+package datadog.telemetry
+
+import datadog.telemetry.api.RequestType
+import datadog.trace.api.ConfigOrigin
+import datadog.trace.api.ConfigSetting
+import okio.Buffer
+import okhttp3.RequestBody
+import spock.lang.Specification
+
+/**
+ * This test only verifies non-functional specifics that are not covered in TelemetryServiceSpecification
+ */
+class TelemetryRequestBodySpecification extends Specification {
+
+  def 'throw SerializationException in case of JSON nesting problem'() {
+    setup:
+    def req = new TelemetryRequestBody(RequestType.APP_STARTED)
+
+    when:
+    req.beginRequest(false)
+    req.beginRequest(false)
+
+    then:
+    TelemetryRequestBody.SerializationException ex = thrown()
+    ex.message == "Failed serializing Telemetry begin-request part!"
+    ex.cause != null
+  }
+
+  def 'throw SerializationException in case of more than one top-level JSON value'() {
+    setup:
+    def req = new TelemetryRequestBody(RequestType.APP_STARTED)
+
+    when:
+    req.beginRequest(false)
+    req.endRequest()
+    req.beginRequest(false)
+
+    then:
+    TelemetryRequestBody.SerializationException ex = thrown()
+    ex.message == "Failed serializing Telemetry begin-request part!"
+    ex.cause != null
+  }
+
+  def 'writeConfig must support values of Boolean, String, Integer, Double, Map<String, Object>'() {
+    setup:
+    TelemetryRequestBody req = new TelemetryRequestBody(RequestType.APP_CLIENT_CONFIGURATION_CHANGE)
+    Map<String, Object> map = new HashMap<>()
+    map.put("key1", "value1")
+    map.put("key2", Double.parseDouble("432.32"))
+    map.put("key3", 324)
+
+    when:
+    req.beginRequest(false)
+    // exclude request header to simplify assertion
+    drainToString(req)
+
+    then:
+    req.beginConfiguration()
+    [
+      new ConfigSetting("string", "bar", ConfigOrigin.REMOTE),
+      new ConfigSetting("int", 2342, ConfigOrigin.DEFAULT),
+      new ConfigSetting("double", Double.valueOf("123.456"), ConfigOrigin.ENV),
+      new ConfigSetting("map", map, ConfigOrigin.JVM_PROP),
+      // make sure null values are serialized
+      new ConfigSetting("null", null, ConfigOrigin.DEFAULT)
+    ].forEach { cc -> req.writeConfiguration(cc) }
+    req.endConfiguration()
+
+    then:
+    drainToString(req) == ',"configuration":[' +
+      '{"name":"string","value":"bar","origin":"remote_config"},' +
+      '{"name":"int","value":2342,"origin":"default"},' +
+      '{"name":"double","value":123.456,"origin":"env_var"},' +
+      '{"name":"map","value":{"key1":"value1","key2":432.32,"key3":324},"origin":"jvm_prop"},' +
+      '{"name":"null","value":null,"origin":"default"}]'
+  }
+
+  def 'add debug flag'() {
+    setup:
+    TelemetryRequestBody req = new TelemetryRequestBody(RequestType.APP_STARTED)
+
+    when:
+    req.beginRequest(true)
+    req.endRequest()
+
+    then:
+    drainToString(req).contains("\"debug\":true")
+  }
+
+  String drainToString(RequestBody body) {
+    Buffer buf = new Buffer()
+    body.writeTo(buf)
+    byte[] bytes = new byte[buf.size()]
+    buf.read(bytes)
+    return new String(bytes)
+  }
+}
diff --git a/telemetry/src/test/groovy/datadog/telemetry/TelemetryRouterSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/TelemetryRouterSpecification.groovy
new file mode 100644
index 00000000000..b8cdc2a7c4c
--- /dev/null
+++ b/telemetry/src/test/groovy/datadog/telemetry/TelemetryRouterSpecification.groovy
@@ -0,0 +1,311 @@
+package datadog.telemetry
+
+import datadog.communication.ddagent.DDAgentFeaturesDiscovery
+import datadog.telemetry.api.RequestType
+import okhttp3.Call
+import okhttp3.HttpUrl
+import okhttp3.MediaType
+import okhttp3.OkHttpClient
+import okhttp3.Protocol
+import okhttp3.Request
+import okhttp3.Response
+import okhttp3.ResponseBody
+import spock.lang.Specification
+
+class TelemetryRouterSpecification extends Specification {
+
+  def dummyRequest() {
+    return new TelemetryRequest(Mock(EventSource), Mock(EventSink), 1000, RequestType.APP_STARTED, false)
+  }
+
+  Call mockResponse(int code) {
+    Stub(Call) {
+      execute() >> {
+        new Response.Builder()
+          .request(new Request.Builder().url(HttpUrl.get("https://example.com")).build())
+          .protocol(Protocol.HTTP_1_1)
+          .message("OK")
+          .body(ResponseBody.create(MediaType.get("text/plain"), "OK"))
+          .code(code)
+          .build()
+      }
+    }
+  }
+
+  static HttpUrl agentUrl = HttpUrl.get("https://agent.example.com")
+  static HttpUrl agentTelemetryUrl = agentUrl.resolve("telemetry/proxy/api/v2/apmtelemetry")
+  static HttpUrl intakeUrl = HttpUrl.get("https://intake.example.com")
+  static String apiKey = "api-key"
+  static String apiKeyHeader = "DD-API-KEY"
+
+  OkHttpClient okHttpClient = Mock()
+  DDAgentFeaturesDiscovery ddAgentFeaturesDiscovery = Mock()
+
+  def agentTelemetryClient = TelemetryClient.buildAgentClient(okHttpClient, agentUrl)
+  def intakeTelemetryClient = new TelemetryClient(okHttpClient, intakeUrl, apiKey)
+  def httpClient = new TelemetryRouter(ddAgentFeaturesDiscovery, agentTelemetryClient, intakeTelemetryClient)
+
+  def 'map an http status code to the correct send result'() {
+    when:
+    def result = httpClient.sendRequest(dummyRequest())
+
+    then:
+    result == sendResult
+    1 * okHttpClient.newCall(_) >> mockResponse(httpCode)
+
+    where:
+    httpCode | sendResult
+    100      | TelemetryClient.Result.FAILURE
+    202      | TelemetryClient.Result.SUCCESS
+    404      | TelemetryClient.Result.NOT_FOUND
+    500      | TelemetryClient.Result.FAILURE
+  }
+
+  def 'catch IOException from OkHttpClient and return FAILURE'() {
+    when:
+    def result = httpClient.sendRequest(dummyRequest())
+
+    then:
+    result == TelemetryClient.Result.FAILURE
+    1 * okHttpClient.newCall(_) >> { throw new IOException("exception") }
+  }
+
+  def 'keep trying to send telemetry to Agent despite of return code when Intake client is null'() {
+    setup:
+    def httpClient = new TelemetryRouter(ddAgentFeaturesDiscovery, agentTelemetryClient, null)
+
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >>> [true, false]
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> [false, true]
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    where:
+    returnCode | _
+    200        | _
+    404        | _
+    500        | _
+  }
+
+  def 'switch to Intake when Agent stops supporting telemetry proxy and telemetry requests start failing'() {
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> true
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == intakeUrl
+    request.header(apiKeyHeader) == apiKey
+
+    where:
+    returnCode | _
+    404        | _
+    500        | _
+  }
+
+  def 'do not switch to Intake when Agent stops supporting telemetry proxy but accepts telemetry requests'() {
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> true
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(200) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(201) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+  }
+
+  def 'switch to Intake when Agent fails to receive telemetry requests'() {
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >>> [true, false]
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >>> [false, true]
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == intakeUrl
+    request.header(apiKeyHeader) == apiKey
+
+    where:
+    returnCode | _
+    404        | _
+    500        | _
+  }
+
+  def 'use Agent when Intake is not available'() {
+    setup:
+    def httpClient = new TelemetryRouter(ddAgentFeaturesDiscovery, agentTelemetryClient, null)
+
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args ->
+      request = args[0]; mockResponse(returnCode)
+    }
+    request.url() == expectedUrl
+    request.header(apiKeyHeader) == expectedApiKey
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then:
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == expectedUrl
+    request.header(apiKeyHeader) == expectedApiKey
+
+    where:
+    returnCode | expectedApiKey | expectedUrl
+    404        | null           | agentTelemetryUrl
+    500        | null           | agentTelemetryUrl
+  }
+
+  def 'switch to Intake when Agent fails to receive telemetry requests'() {
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then: 'always send first telemetry request to Agent'
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args ->
+      request = args[0]; mockResponse(returnCode)
+    }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then: 'switch to Intake if sending a telemetry request to Agent failed or Agent supports telemetry proxy'
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == intakeUrl
+    request.header(apiKeyHeader) == apiKey
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then: 'switch back to Agent if Intake request fails'
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    where:
+    returnCode | _
+    404        | _
+    500        | _
+  }
+
+  def 'switch back to Agent if it starts supporting telemetry'() {
+    Request request
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then: 'always send first telemetry request to Agent'
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args ->
+      request = args[0]; mockResponse(returnCode)
+    }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then: 'switch to Intake if sending a telemetry request to Agent failed or Agent supports telemetry proxy'
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> true
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(201) }
+    request.url() == intakeUrl
+    request.header(apiKeyHeader) == apiKey
+
+    when:
+    httpClient.sendRequest(dummyRequest())
+
+    then: 'switch back to Agent if it starts supporting telemetry proxy'
+    1 * ddAgentFeaturesDiscovery.discoverIfOutdated()
+    1 * ddAgentFeaturesDiscovery.supportsTelemetryProxy() >> false
+    1 * okHttpClient.newCall(_) >> { args -> request = args[0]; mockResponse(returnCode) }
+    request.url() == agentTelemetryUrl
+    request.header(apiKeyHeader) == null
+
+    where:
+    returnCode | _
+    404        | _
+    500        | _
+  }
+}
diff --git a/telemetry/src/test/groovy/datadog/telemetry/TelemetryRunnableSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/TelemetryRunnableSpecification.groovy
index 0512042cb82..4ba1e110e76 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/TelemetryRunnableSpecification.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/TelemetryRunnableSpecification.groovy
@@ -1,14 +1,15 @@
 package datadog.telemetry
 
 import datadog.telemetry.metric.MetricPeriodicAction
+import datadog.trace.api.config.GeneralConfig
 import datadog.trace.api.telemetry.MetricCollector
 import datadog.trace.api.time.TimeSource
-import spock.lang.Specification
-
+import datadog.trace.test.util.DDSpecification
+import datadog.trace.util.Strings
 import java.util.concurrent.CyclicBarrier
 import java.util.concurrent.TimeUnit
 
-class TelemetryRunnableSpecification extends Specification {
+class TelemetryRunnableSpecification extends DDSpecification {
 
   static class TickSleeper implements TelemetryRunnable.ThreadSleeper {
     CyclicBarrier sleeped = new CyclicBarrier(2)
@@ -34,6 +35,7 @@ class TelemetryRunnableSpecification extends Specification {
 
   void 'happy path'() {
     setup:
+    injectEnvConfig(Strings.toEnvVar(GeneralConfig.TELEMETRY_EXTENDED_HEARTBEAT_INTERVAL), "65")
     TelemetryRunnable.ThreadSleeper sleeperMock = Mock()
     TickSleeper sleeper = new TickSleeper(delegate: sleeperMock)
     TimeSource timeSource = Mock()
@@ -50,7 +52,8 @@ class TelemetryRunnableSpecification extends Specification {
     t.start()
     sleeper.sleeped.await(10, TimeUnit.SECONDS)
 
-    then:
+    then: 'two unsuccessful attempts to send app-started with the following successful attempt'
+    3 * telemetryService.sendAppStartedEvent() >>> [false, false, true]
     1 * timeSource.getCurrentTimeMillis() >> 60 * 1000
     _ * telemetryService.addConfiguration(_)
 
@@ -61,8 +64,8 @@ class TelemetryRunnableSpecification extends Specification {
     1 * metricCollector.drain() >> []
     1 * periodicAction.doIteration(telemetryService)
 
-    then:
-    1 * telemetryService.sendIntervalRequests()
+    then: 'two partial and one final telemetry data requests'
+    3 * telemetryService.sendTelemetryEvents() >>> [true, true, false]
     1 * timeSource.getCurrentTimeMillis() >> 60 * 1000 + 1
     1 * sleeperMock.sleep(9999)
     0 * _
@@ -157,25 +160,70 @@ class TelemetryRunnableSpecification extends Specification {
     1 * periodicAction.doIteration(telemetryService)
 
     then:
-    1 * telemetryService.sendIntervalRequests()
+    1 * telemetryService.sendTelemetryEvents()
     1 * timeSource.getCurrentTimeMillis() >> 120 * 1000 + 7
     1 * sleeperMock.sleep(9993)
+
+    when: 'eights iteration (65 seconds, extended-heartbeat)'
+    sleeper.go.await(5, TimeUnit.SECONDS)
+    sleeper.sleeped.await(5, TimeUnit.SECONDS)
+
+    then:
+    1 * timeSource.getCurrentTimeMillis() >> 125 * 1000
+
+    then:
+    1 * telemetryService.sendExtendedHeartbeat()
+
+    then:
+    1 * timeSource.getCurrentTimeMillis() >> 125 * 1000 + 8
+    1 * sleeperMock.sleep(4992)
     0 * _
 
     when:
     t.interrupt()
     t.join()
 
+    // flush pending data before shutdown
+    then:
+    1 * metricCollector.prepareMetrics()
+    1 * metricCollector.drain() >> []
+    1 * periodicAction.doIteration(telemetryService)
+    1 * telemetryService.sendTelemetryEvents()
+
     then:
-    1 * telemetryService.sendAppClosingRequest()
+    1 * telemetryService.sendAppClosingEvent()
     0 * _
   }
 
+  void 'do not reattempt app-started event until next cycle'() {
+    setup:
+    TelemetryRunnable.ThreadSleeper sleeperMock = Mock()
+    TickSleeper sleeper = new TickSleeper(delegate: sleeperMock)
+    TimeSource timeSource = Mock()
+    TelemetryService telemetryService = Mock(TelemetryService)
+    MetricCollector<MetricCollector.Metric> metricCollector = Mock(MetricCollector)
+    MetricPeriodicAction metricAction = Stub(MetricPeriodicAction) {
+      collector() >> metricCollector
+    }
+    TelemetryRunnable.TelemetryPeriodicAction periodicAction = Mock(TelemetryRunnable.TelemetryPeriodicAction)
+    TelemetryRunnable runnable = new TelemetryRunnable(telemetryService, [metricAction, periodicAction], sleeper, timeSource)
+    t = new Thread(runnable)
+
+    when: 'initial iteration before the first sleep (metrics and heartbeat)'
+    t.start()
+    sleeper.sleeped.await(10, TimeUnit.SECONDS)
+
+    then: 'three unsuccessful attempts to send app-started (TelemetryRunnable.MAX_APP_STARTED_RETRIES) with following successful attempt'
+    3 * telemetryService.sendAppStartedEvent() >>> [false, false, false]
+    2 * timeSource.getCurrentTimeMillis() >> 60 * 1000
+    1 * sleeperMock.sleep(10000)
+  }
+
   void 'scheduler skips metrics intervals'() {
     setup:
     TimeSource timeSource = Mock()
     TickSleeper sleeper = Mock()
-    TelemetryRunnable.Scheduler scheduler = new TelemetryRunnable.Scheduler(timeSource, sleeper, 60 * 1000, 10 * 1000)
+    TelemetryRunnable.Scheduler scheduler = new TelemetryRunnable.Scheduler(timeSource, sleeper, 60 * 1000, 10 * 1000, 0)
 
     when: 'first iteration'
     scheduler.init()
@@ -224,7 +272,7 @@ class TelemetryRunnableSpecification extends Specification {
     setup:
     TimeSource timeSource = Mock()
     TickSleeper sleeper = Mock()
-    TelemetryRunnable.Scheduler scheduler = new TelemetryRunnable.Scheduler(timeSource, sleeper, 60 * 1000, 10 * 1000)
+    TelemetryRunnable.Scheduler scheduler = new TelemetryRunnable.Scheduler(timeSource, sleeper, 60 * 1000, 10 * 1000, 0)
 
     when: 'first iteration'
     scheduler.init()
@@ -267,12 +315,13 @@ class TelemetryRunnableSpecification extends Specification {
     !scheduler.shouldRunHeartbeat()
   }
 
-  void 'scheduler with heartbeat #heartbeatSecs and metrics #metricsSecs'() {
+  void 'scheduler with heartbeat #heartbeatSecs and metrics #metricsSecs and extended-heartbeat #extHeartbeatSecs'() {
     setup:
     TimeSourceAndSleeper timing = new TimeSourceAndSleeper()
-    TelemetryRunnable.Scheduler scheduler = new TelemetryRunnable.Scheduler(timing, timing, heartbeatSecs * 1000, metricsSecs * 1000)
+    TelemetryRunnable.Scheduler scheduler = new TelemetryRunnable.Scheduler(timing, timing, heartbeatSecs * 1000, metricsSecs * 1000, extHeartbeatSecs * 1000)
     def metricsRun = []
     def heartbeatsRun = []
+    def extHeartbeatsRun = []
 
     when:
     scheduler.init()
@@ -281,6 +330,12 @@ class TelemetryRunnableSpecification extends Specification {
     iters.times {
       metricsRun.add(scheduler.shouldRunMetrics())
       heartbeatsRun.add(scheduler.shouldRunHeartbeat())
+      def runExtHeartbeat = scheduler.shouldRunExtendedHeartbeat()
+      extHeartbeatsRun.add(runExtHeartbeat)
+      if (runExtHeartbeat) {
+        // need to manually advance to retry next iteration if extended-heartbeat request failed
+        scheduler.scheduleNextExtendedHeartbeat()
+      }
       scheduler.sleepUntilNextIteration()
     }
 
@@ -289,14 +344,16 @@ class TelemetryRunnableSpecification extends Specification {
     heartbeatsRun.size() == iters
     metricsRun.count { it } == expectedMetrics
     heartbeatsRun.count { it } == expectedHeartbeats
+    extHeartbeatsRun.count { it } == expectedExtHeartbeats
 
     where:
-    heartbeatSecs | metricsSecs | expectedHeartbeats | expectedMetrics | iters
-    1             | 1           | 10                 | 10              | 10
-    60            | 10          | 2                  | 12              | 12
-    10            | 60          | 12                 | 2               | 12
-    5             | 3           | 3                  | 4               | 6
-    3             | 5           | 4                  | 3               | 6
+    iters | metricsSecs | heartbeatSecs | extHeartbeatSecs | expectedMetrics | expectedHeartbeats | expectedExtHeartbeats
+    10    | 0           | 0             | 0                | 10              | 10                 | 10
+    10    | 1           | 1             | 1                | 10              | 10                 | 9
+    12    | 10          | 60            | 60               | 12              | 2                  | 1
+    12    | 60          | 10            | 10               | 2               | 12                 | 11
+    6     | 3           | 5             | 5                | 4               | 3                  | 2
+    6     | 5           | 3             | 3                | 3               | 4                  | 3
   }
 
   class TimeSourceAndSleeper implements TimeSource, TelemetryRunnable.ThreadSleeper {
diff --git a/telemetry/src/test/groovy/datadog/telemetry/TelemetryServiceSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/TelemetryServiceSpecification.groovy
index 5177aeae063..4c0d35c4e79 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/TelemetryServiceSpecification.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/TelemetryServiceSpecification.groovy
@@ -3,51 +3,58 @@ package datadog.telemetry
 import datadog.telemetry.dependency.Dependency
 import datadog.telemetry.api.Integration
 import datadog.telemetry.api.DistributionSeries
-
-import datadog.telemetry.api.ConfigChange
 import datadog.telemetry.api.LogMessage
 import datadog.telemetry.api.LogMessageLevel
 import datadog.telemetry.api.Metric
 import datadog.telemetry.api.RequestType
-import okhttp3.HttpUrl
+import datadog.trace.api.ConfigOrigin
+import datadog.trace.api.ConfigSetting
 import spock.lang.Specification
 
 class TelemetryServiceSpecification extends Specification {
-
-  TestHttpClient testHttpClient = new TestHttpClient()
-
-  def configuration = ["confkey": "confvalue"]
-  def confKeyValue = new ConfigChange("confkey", "confvalue")
+  def confKeyValue = new ConfigSetting("confkey", "confvalue", ConfigOrigin.DEFAULT)
+  def configuration = [confkey: confKeyValue]
   def integration = new Integration("integration", true)
   def dependency = new Dependency("dependency", "1.0.0", "src", "hash")
   def metric = new Metric().namespace("tracers").metric("metric").points([[1, 2]]).tags(["tag1", "tag2"])
   def distribution = new DistributionSeries().namespace("tracers").metric("distro").points([1, 2, 3]).tags(["tag1", "tag2"]).common(false)
   def logMessage = new LogMessage().message("log-message").tags("tag1:tag2").level(LogMessageLevel.DEBUG).stackTrace("stack-trace").tracerTime(32423)
-  TelemetryService telemetryService = new TelemetryService(testHttpClient, HttpUrl.get("https://example.com"))
 
-  void 'happy path without data'() {
+  def 'happy path without data'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+
     when: 'first iteration'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendAppStartedEvent()
 
     then: 'app-started'
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
-      .configuration(null)
-      .dependencies([])
-      .integrations([])
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products()
     testHttpClient.assertNoMoreRequests()
 
     when: 'second iteration'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
+
+    then: 'app-heartbeat only'
+    testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT)
+    testHttpClient.assertNoMoreRequests()
+
+    when: 'third iteration'
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
 
     then: 'app-heartbeat only'
     testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT)
     testHttpClient.assertNoMoreRequests()
   }
 
-  void 'happy path with data before app-started'() {
+  def 'happy path with data'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+
     when: 'add data before first iteration'
     telemetryService.addConfiguration(configuration)
     telemetryService.addIntegration(integration)
@@ -57,48 +64,64 @@ class TelemetryServiceSpecification extends Specification {
     telemetryService.addLogMessage(logMessage)
 
     and: 'send messages'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendAppStartedEvent()
 
     then:
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload()
+      .products()
       .configuration([confKeyValue])
-      .dependencies([dependency])
-      .integrations([integration])
+
+    when:
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
+
+    then:
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+      .assertBatch(6)
+      .assertFirstMessage(RequestType.APP_HEARTBEAT).hasNoPayload()
+      // no configuration here as it has already been sent with the app-started event
+      .assertNextMessage(RequestType.APP_INTEGRATIONS_CHANGE).hasPayload().integrations([integration])
+      .assertNextMessage(RequestType.APP_DEPENDENCIES_LOADED).hasPayload().dependencies([dependency])
+      .assertNextMessage(RequestType.GENERATE_METRICS).hasPayload().namespace("tracers").metrics([metric])
+      .assertNextMessage(RequestType.DISTRIBUTIONS).hasPayload().namespace("tracers").distributionSeries([distribution])
+      .assertNextMessage(RequestType.LOGS).hasPayload().logs([logMessage])
+      .assertNoMoreMessages()
     testHttpClient.assertNoMoreRequests()
 
-    when: 'second iteration'
-    testHttpClient.expectRequests(4, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    when: 'second iteration heartbeat only'
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
 
     then:
-    testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT)
-    testHttpClient.assertRequestBody(RequestType.GENERATE_METRICS)
-      .assertPayload()
-      .namespace("tracers")
-      .metrics([metric])
-    testHttpClient.assertRequestBody(RequestType.DISTRIBUTIONS)
-      .assertPayload()
-      .namespace("tracers")
-      .distributionSeries([distribution])
-    testHttpClient.assertRequestBody(RequestType.LOGS)
-      .assertPayload()
-      .logs([logMessage])
+    testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT).assertNoPayload()
+    testHttpClient.assertNoMoreRequests()
+
+    when: 'third iteration metrics data'
+    telemetryService.addMetric(metric)
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
+
+    then:
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+      .assertBatch(2)
+      .assertFirstMessage(RequestType.APP_HEARTBEAT).hasNoPayload()
+      .assertNextMessage(RequestType.GENERATE_METRICS).hasPayload().namespace("tracers").metrics([metric])
+      .assertNoMoreMessages()
     testHttpClient.assertNoMoreRequests()
   }
 
-  void 'happy path with data after app-started'() {
+  def 'happy path with data after app-started'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+
     when: 'send messages'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendAppStartedEvent()
 
     then:
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
-      .configuration(null)
-      .dependencies([])
-      .integrations([])
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products()
     testHttpClient.assertNoMoreRequests()
 
     when: 'add data after first iteration'
@@ -110,92 +133,67 @@ class TelemetryServiceSpecification extends Specification {
     telemetryService.addLogMessage(logMessage)
 
     and: 'send messages'
-    testHttpClient.expectRequests(7, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
 
     then:
-    testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT)
-    testHttpClient.assertRequestBody(RequestType.APP_CLIENT_CONFIGURATION_CHANGE)
-      .assertPayload()
-      .configuration([confKeyValue])
-    testHttpClient.assertRequestBody(RequestType.APP_INTEGRATIONS_CHANGE)
-      .assertPayload()
-      .integrations([integration])
-    testHttpClient.assertRequestBody(RequestType.APP_DEPENDENCIES_LOADED)
-      .assertPayload()
-      .dependencies([dependency])
-    testHttpClient.assertRequestBody(RequestType.GENERATE_METRICS)
-      .assertPayload()
-      .metrics([metric])
-    testHttpClient.assertRequestBody(RequestType.DISTRIBUTIONS)
-      .assertPayload()
-      .distributionSeries([distribution])
-    testHttpClient.assertRequestBody(RequestType.LOGS)
-      .assertPayload()
-      .logs([logMessage])
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+      .assertBatch(7)
+      .assertFirstMessage(RequestType.APP_HEARTBEAT).hasNoPayload()
+      .assertNextMessage(RequestType.APP_CLIENT_CONFIGURATION_CHANGE).hasPayload().configuration([confKeyValue])
+      .assertNextMessage(RequestType.APP_INTEGRATIONS_CHANGE).hasPayload().integrations([integration])
+      .assertNextMessage(RequestType.APP_DEPENDENCIES_LOADED).hasPayload().dependencies([dependency])
+      .assertNextMessage(RequestType.GENERATE_METRICS).hasPayload().namespace("tracers").metrics([metric])
+      .assertNextMessage(RequestType.DISTRIBUTIONS).hasPayload().namespace("tracers").distributionSeries([distribution])
+      .assertNextMessage(RequestType.LOGS).hasPayload().logs([logMessage])
+      .assertNoMoreMessages()
     testHttpClient.assertNoMoreRequests()
   }
 
-  void 'no message before app-started'() {
+  def 'do not discard data for app-started event until it has been successfully sent'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+    telemetryService.addConfiguration(configuration)
+
     when: 'attempt with 404 error'
-    testHttpClient.expectRequests(1, HttpClient.Result.NOT_FOUND)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.NOT_FOUND)
+    !telemetryService.sendAppStartedEvent()
 
     then: 'app-started is attempted'
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
-      .configuration(null)
-      .dependencies([])
-      .integrations([])
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products().configuration([confKeyValue])
     testHttpClient.assertNoMoreRequests()
 
     when: 'attempt with 500 error'
-    testHttpClient.expectRequests(1, HttpClient.Result.FAILURE)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.FAILURE)
+    !telemetryService.sendAppStartedEvent()
 
     then: 'app-started is attempted'
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
-      .configuration(null)
-      .dependencies([])
-      .integrations([])
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products().configuration([confKeyValue])
     testHttpClient.assertNoMoreRequests()
 
-    when: 'attempt with unexpected FAILURE (e.g. 100 http status code) (not valid)'
-    testHttpClient.expectRequests(1, HttpClient.Result.FAILURE)
-    telemetryService.sendIntervalRequests()
+    when: 'attempt with unexpected FAILURE (not valid)'
+    testHttpClient.expectRequest(TelemetryClient.Result.FAILURE)
+    !telemetryService.sendAppStartedEvent()
 
     then: 'app-started is attempted'
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
-      .configuration(null)
-      .dependencies([])
-      .integrations([])
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products().configuration([confKeyValue])
     testHttpClient.assertNoMoreRequests()
 
     when: 'attempt with success'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendAppStartedEvent()
 
-    then:
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-      .assertPayload()
-      .configuration(null)
-      .dependencies([])
-      .integrations([])
+    then: 'app-started is attempted'
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products().configuration([confKeyValue])
     testHttpClient.assertNoMoreRequests()
   }
 
-  void 'NOT_FOUND (e.g. 404 http status code) at #requestType prevents further messages'() {
-    when: 'initial iteration'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
-
-    then:
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
-    testHttpClient.assertNoMoreRequests()
+  def 'resend data on successful attempt after a failure'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
 
-    when: 'add data'
     telemetryService.addConfiguration(configuration)
     telemetryService.addIntegration(integration)
     telemetryService.addDependency(dependency)
@@ -203,39 +201,104 @@ class TelemetryServiceSpecification extends Specification {
     telemetryService.addDistributionSeries(distribution)
     telemetryService.addLogMessage(logMessage)
 
-    and: 'send messages'
-    testHttpClient.expectRequests(prevCalls, HttpClient.Result.SUCCESS)
-    testHttpClient.expectRequests(1, HttpClient.Result.NOT_FOUND)
-    telemetryService.sendIntervalRequests()
+    when: 'attempt with NOT_FOUND error'
+    testHttpClient.expectRequest(TelemetryClient.Result.NOT_FOUND)
+    !telemetryService.sendAppStartedEvent()
 
-    then:
-    testHttpClient.assertRequests(prevCalls)
-    testHttpClient.assertRequestBody(requestType)
+    then: 'app-started attempted with config'
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products().configuration([confKeyValue])
+    testHttpClient.assertNoMoreRequests()
 
-    and: 'no further requests after the first 404'
+    when: 'successful app-started attempt'
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendAppStartedEvent()
+
+    then: 'attempt app-started  with SUCCESS'
+    testHttpClient.assertRequestBody(RequestType.APP_STARTED).assertPayload().products().configuration([confKeyValue])
+
+    when: 'successful batch attempt'
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
+
+    then: 'attempt batch with SUCCESS'
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+      .assertBatch(6)
+      .assertFirstMessage(RequestType.APP_HEARTBEAT).hasNoPayload()
+      // no configuration here as it has already been sent with the app-started event
+      .assertNextMessage(RequestType.APP_INTEGRATIONS_CHANGE).hasPayload().integrations([integration])
+      .assertNextMessage(RequestType.APP_DEPENDENCIES_LOADED).hasPayload().dependencies([dependency])
+      .assertNextMessage(RequestType.GENERATE_METRICS).hasPayload().namespace("tracers").metrics([metric])
+      .assertNextMessage(RequestType.DISTRIBUTIONS).hasPayload().namespace("tracers").distributionSeries([distribution])
+      .assertNextMessage(RequestType.LOGS).hasPayload().logs([logMessage])
+      .assertNoMoreMessages()
     testHttpClient.assertNoMoreRequests()
 
-    where:
-    requestType                                 | prevCalls
-    RequestType.APP_HEARTBEAT                   | 0
-    RequestType.APP_CLIENT_CONFIGURATION_CHANGE | 1
-    RequestType.APP_INTEGRATIONS_CHANGE         | 2
-    RequestType.APP_DEPENDENCIES_LOADED         | 3
-    RequestType.GENERATE_METRICS                | 4
-    RequestType.DISTRIBUTIONS                   | 5
-    RequestType.LOGS                            | 6
+    when: 'attempt with NOT_FOUND error'
+    testHttpClient.expectRequest(TelemetryClient.Result.NOT_FOUND)
+    telemetryService.sendTelemetryEvents()
+
+    then: 'message-batch attempted with heartbeat'
+    testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT).assertNoPayload()
+    testHttpClient.assertNoMoreRequests()
   }
 
-  void 'FAILURE (e.g. 500 http status code) at #requestType does not prevents further messages'() {
-    when: 'initial iteration'
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+  def 'send closing event request'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+
+    when:
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendAppClosingEvent()
 
     then:
-    testHttpClient.assertRequestBody(RequestType.APP_STARTED)
+    testHttpClient.assertRequestBody(RequestType.APP_CLOSING)
     testHttpClient.assertNoMoreRequests()
+  }
+
+  def 'report when both OTel and OT are enabled'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = Spy(new TelemetryService(testHttpClient, 1000, false))
+    def otel = new Integration("opentelemetry-1", otelEnabled)
+    def ot = new Integration("opentracing", otEnabled)
+
+    when:
+    telemetryService.addIntegration(otel)
+
+    then:
+    0 * telemetryService.warnAboutExclusiveIntegrations()
+
+    when:
+    telemetryService.addIntegration(ot)
+
+    then:
+    warnining * telemetryService.warnAboutExclusiveIntegrations()
+
+    where:
+    otelEnabled | otEnabled | warnining
+    true        | true      | 1
+    true        | false     | 0
+    false       | true      | 0
+    false       | false     | 0
+  }
+
+  def 'split telemetry requests if the size above the limit'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 5000, false)
+
+    when: 'send a heartbeat request without telemetry data to measure body size to set stable request size limit'
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
+
+    then: 'get body size'
+    def bodySize = testHttpClient.assertRequestBody(RequestType.APP_HEARTBEAT).bodySize()
+    bodySize > 0
+
+    when: 'sending first part of data'
+    telemetryService = new TelemetryService(testHttpClient, bodySize + 500, false)
 
-    when: 'add data'
     telemetryService.addConfiguration(configuration)
     telemetryService.addIntegration(integration)
     telemetryService.addDependency(dependency)
@@ -243,37 +306,104 @@ class TelemetryServiceSpecification extends Specification {
     telemetryService.addDistributionSeries(distribution)
     telemetryService.addLogMessage(logMessage)
 
-    and: 'send messages'
-    testHttpClient.expectRequests(prevCalls, HttpClient.Result.SUCCESS)
-    testHttpClient.expectRequests(1, HttpClient.Result.FAILURE)
-    testHttpClient.expectRequests(afterCalls, HttpClient.Result.SUCCESS)
-    telemetryService.sendIntervalRequests()
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendTelemetryEvents()
+
+    then: 'attempt with SUCCESS'
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+      .assertBatch(5)
+      .assertFirstMessage(RequestType.APP_HEARTBEAT).hasNoPayload()
+      .assertNextMessage(RequestType.APP_CLIENT_CONFIGURATION_CHANGE).hasPayload().configuration([confKeyValue])
+      .assertNextMessage(RequestType.APP_INTEGRATIONS_CHANGE).hasPayload().integrations([integration])
+      .assertNextMessage(RequestType.APP_DEPENDENCIES_LOADED).hasPayload().dependencies([dependency])
+      .assertNextMessage(RequestType.GENERATE_METRICS).hasPayload().namespace("tracers").metrics([metric])
+      // no more data fit this message is sent in the next message
+      .assertNoMoreMessages()
+
+    when: 'sending second part of data'
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    !telemetryService.sendTelemetryEvents()
 
     then:
-    testHttpClient.assertRequests(prevCalls)
-    testHttpClient.assertRequestBody(requestType)
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+      .assertBatch(3)
+      .assertFirstMessage(RequestType.APP_HEARTBEAT).hasNoPayload()
+      .assertNextMessage(RequestType.DISTRIBUTIONS).hasPayload().namespace("tracers").distributionSeries([distribution])
+      .assertNextMessage(RequestType.LOGS).hasPayload().logs([logMessage])
+      .assertNoMoreMessages()
+    testHttpClient.assertNoMoreRequests()
+  }
 
-    then: 'requests continue after first 500'
-    testHttpClient.assertRequests(afterCalls)
+  def 'send all collected data with extended-heartbeat request every time'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+
+    telemetryService.addConfiguration(configuration)
+    telemetryService.addIntegration(integration)
+    telemetryService.addDependency(dependency)
+
+    when:
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendExtendedHeartbeat()
+
+    then:
+    testHttpClient.assertRequestBody(RequestType.APP_EXTENDED_HEARTBEAT)
+      .assertPayload()
+      .configuration([confKeyValue])
+      .integrations([integration])
+      .dependencies([dependency])
     testHttpClient.assertNoMoreRequests()
 
-    where:
-    requestType                                 | prevCalls | afterCalls
-    RequestType.APP_HEARTBEAT                   | 0         | 6
-    RequestType.APP_CLIENT_CONFIGURATION_CHANGE | 1         | 5
-    RequestType.APP_INTEGRATIONS_CHANGE         | 2         | 4
-    RequestType.APP_DEPENDENCIES_LOADED         | 3         | 3
-    RequestType.GENERATE_METRICS                | 4         | 2
-    RequestType.DISTRIBUTIONS                   | 5         | 1
-    RequestType.LOGS                            | 6         | 0
+    when:
+    telemetryService.addConfiguration(configuration)
+    telemetryService.addIntegration(integration)
+    telemetryService.addDependency(dependency)
+
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendExtendedHeartbeat()
+
+    then:
+    testHttpClient.assertRequestBody(RequestType.APP_EXTENDED_HEARTBEAT)
+      .assertPayload()
+      .configuration([confKeyValue, confKeyValue])
+      .integrations([integration, integration])
+      .dependencies([dependency, dependency])
+    testHttpClient.assertNoMoreRequests()
   }
 
-  void 'Send closing event request'() {
+  def 'send extended-heartbeat request, even if data already has been sent or attempted as part of another telemetry events'() {
+    setup:
+    TestTelemetryRouter testHttpClient = new TestTelemetryRouter()
+    TelemetryService telemetryService = new TelemetryService(testHttpClient, 10000, false)
+
+    telemetryService.addConfiguration(configuration)
+    telemetryService.addIntegration(integration)
+    telemetryService.addDependency(dependency)
+
     when:
-    testHttpClient.expectRequests(1, HttpClient.Result.SUCCESS)
-    telemetryService.sendAppClosingRequest()
+    testHttpClient.expectRequest(resultCode)
+    telemetryService.sendTelemetryEvents()
 
     then:
-    testHttpClient.assertRequestBody(RequestType.APP_CLOSING)
+    testHttpClient.assertRequestBody(RequestType.MESSAGE_BATCH)
+
+    when:
+    testHttpClient.expectRequest(TelemetryClient.Result.SUCCESS)
+    telemetryService.sendExtendedHeartbeat()
+
+    then:
+    testHttpClient.assertRequestBody(RequestType.APP_EXTENDED_HEARTBEAT)
+      .assertPayload()
+      .configuration([confKeyValue])
+      .integrations([integration])
+      .dependencies([dependency])
+    testHttpClient.assertNoMoreRequests()
+
+    where:
+    resultCode                           | _
+    TelemetryClient.Result.SUCCESS   | _
+    TelemetryClient.Result.FAILURE   | _
+    TelemetryClient.Result.NOT_FOUND | _
   }
 }
diff --git a/telemetry/src/test/groovy/datadog/telemetry/TelemetrySystemSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/TelemetrySystemSpecification.groovy
index 6a161b866a8..f92b4e836a3 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/TelemetrySystemSpecification.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/TelemetrySystemSpecification.groovy
@@ -5,13 +5,14 @@ import datadog.communication.ddagent.SharedCommunicationObjects
 import datadog.communication.monitor.Monitoring
 import datadog.telemetry.dependency.DependencyService
 import datadog.telemetry.dependency.LocationsCollectingTransformer
+import datadog.trace.api.config.GeneralConfig
+import datadog.trace.test.util.DDSpecification
+import datadog.trace.util.Strings
 import okhttp3.HttpUrl
 import okhttp3.OkHttpClient
-import spock.lang.Specification
-
 import java.lang.instrument.Instrumentation
 
-class TelemetrySystemSpecification extends Specification {
+class TelemetrySystemSpecification extends DDSpecification {
   Instrumentation inst = Mock()
 
   void 'installs dependencies transformer'() {
@@ -31,7 +32,7 @@ class TelemetrySystemSpecification extends Specification {
     def depService = Mock(DependencyService)
 
     when:
-    def thread = TelemetrySystem.createTelemetryRunnable(telemetryService, depService)
+    def thread = TelemetrySystem.createTelemetryRunnable(telemetryService, depService, true)
 
     then:
     thread != null
@@ -42,6 +43,8 @@ class TelemetrySystemSpecification extends Specification {
 
   void 'start-stop telemetry system'() {
     setup:
+    injectEnvConfig(Strings.toEnvVar(GeneralConfig.SITE), "datad0g.com")
+    injectEnvConfig(Strings.toEnvVar(GeneralConfig.API_KEY), "api-key")
     def instrumentation = Mock(Instrumentation)
 
     when:
@@ -55,7 +58,8 @@ class TelemetrySystemSpecification extends Specification {
 
     then:
     TelemetrySystem.TELEMETRY_THREAD == null ||
-      TelemetrySystem.TELEMETRY_THREAD.isInterrupted()
+      TelemetrySystem.TELEMETRY_THREAD.isInterrupted() ||
+      !TelemetrySystem.TELEMETRY_THREAD.isAlive()
   }
 
   private SharedCommunicationObjects sharedCommunicationObjects() {
diff --git a/telemetry/src/test/groovy/datadog/telemetry/TestHttpClient.groovy b/telemetry/src/test/groovy/datadog/telemetry/TestTelemetryRouter.groovy
similarity index 51%
rename from telemetry/src/test/groovy/datadog/telemetry/TestHttpClient.groovy
rename to telemetry/src/test/groovy/datadog/telemetry/TestTelemetryRouter.groovy
index 8f0f2cad678..77151821515 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/TestHttpClient.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/TestTelemetryRouter.groovy
@@ -4,33 +4,39 @@ import datadog.communication.ddagent.TracerVersion
 import datadog.telemetry.dependency.Dependency
 import datadog.telemetry.api.Integration
 import datadog.telemetry.api.DistributionSeries
-
-import datadog.telemetry.api.ConfigChange
 import datadog.telemetry.api.LogMessage
 import datadog.telemetry.api.Metric
 import datadog.telemetry.api.RequestType
+import datadog.trace.api.ConfigSetting
 import groovy.json.JsonSlurper
 import okhttp3.Request
 import okio.Buffer
 
-class TestHttpClient extends HttpClient {
-  private Queue<Result> mockResults = new LinkedList<>()
+class TestTelemetryRouter extends TelemetryRouter {
+  private Queue<TelemetryClient.Result> mockResults = new LinkedList<>()
   private Queue<RequestAssertions> requests = new LinkedList<>()
 
-  TestHttpClient() {
-    super(null)
+  TestTelemetryRouter() {
+    super(null, null, null)
   }
 
   @Override
-  Result sendRequest(Request request) {
+  TelemetryClient.Result sendRequest(TelemetryRequest request) {
     if (mockResults.isEmpty()) {
       throw new IllegalStateException("Unexpected request has been sent. State expectations with `expectRequests` prior sending requests.")
     }
-    requests.add(new RequestAssertions(request))
+
+    def requestBuilder = request.httpRequest()
+    requestBuilder.url("https://example.com")
+    requests.add(new RequestAssertions(requestBuilder.build()))
     return mockResults.poll()
   }
 
-  void expectRequests(int requestNumber, Result mockResult) {
+  void expectRequest(TelemetryClient.Result mockResult) {
+    expectRequests(1, mockResult)
+  }
+
+  void expectRequests(int requestNumber, TelemetryClient.Result mockResult) {
     for (int i=0; i < requestNumber; i++) {
       mockResults.add(mockResult)
     }
@@ -46,15 +52,8 @@ class TestHttpClient extends HttpClient {
     return this.requests.poll()
   }
 
-  void assertRequests(int numberOfRequests) {
-    for (int i=0; i < numberOfRequests; i++) {
-      assertRequest()
-    }
-  }
-
   BodyAssertions assertRequestBody(RequestType rt) {
-    return assertRequest().headers(rt)
-      .assertBody().commonParts(rt)
+    return assertRequest().headers(rt).assertBody().commonParts(rt)
   }
 
   void assertNoMoreRequests() {
@@ -76,40 +75,49 @@ class TestHttpClient extends HttpClient {
     }
 
     RequestAssertions headers(RequestType requestType) {
-      assert request.method() == 'POST'
-      assert request.headers().names() == [
+      assert this.request.method() == 'POST'
+      assert this.request.headers().names() == [
         'Content-Type',
+        'Content-Length',
         'DD-Client-Library-Language',
         'DD-Client-Library-Version',
         'DD-Telemetry-API-Version',
         'DD-Telemetry-Request-Type'
       ] as Set
-      assert request.header('Content-Type') == 'application/json; charset=utf-8'
-      assert request.header('DD-Client-Library-Language') == 'jvm'
-      assert request.header('DD-Client-Library-Version') == TracerVersion.TRACER_VERSION
-      assert request.header('DD-Telemetry-API-Version') == 'v1'
-      assert request.header('DD-Telemetry-Request-Type') == requestType.toString()
+      assert this.request.header('Content-Type') == 'application/json; charset=utf-8'
+      assert this.request.header('Content-Length').toInteger() > 0
+      assert this.request.header('DD-Client-Library-Language') == 'jvm'
+      assert this.request.header('DD-Client-Library-Version') == TracerVersion.TRACER_VERSION
+      assert this.request.header('DD-Telemetry-API-Version') == 'v2'
+      assert this.request.header('DD-Telemetry-Request-Type') == requestType.toString()
       return this
     }
 
     BodyAssertions assertBody() {
       Buffer buf = new Buffer()
-      request.body().writeTo(buf)
+      this.request.body().writeTo(buf)
       byte[] bytes = new byte[buf.size()]
       buf.read(bytes)
-      return new BodyAssertions(SLURPER.parse(bytes) as Map<String, Object>)
+      def parsed = SLURPER.parse(bytes) as Map<String, Object>
+      return new BodyAssertions(parsed, bytes)
     }
   }
 
   static class BodyAssertions {
-    private Map<String, Object> body
+    private final Map<String, Object> body
+    private final byte[] bodyBytes
 
-    BodyAssertions(Map<String, Object> body) {
+    BodyAssertions(Map<String, Object> body, byte[] bodyBytes) {
       this.body = body
+      this.bodyBytes = bodyBytes
+    }
+
+    int bodySize() {
+      return this.bodyBytes.length
     }
 
     BodyAssertions commonParts(RequestType requestType) {
-      assert body['api_version'] == 'v1'
+      assert body['api_version'] == 'v2'
 
       def app = body['application']
       assert app['env'] != null
@@ -136,34 +144,114 @@ class TestHttpClient extends HttpClient {
     }
 
     PayloadAssertions assertPayload() {
-      return new PayloadAssertions(body['payload'] as Map<String, Object>)
+      def payload = body['payload'] as Map<String, Object>
+      assert payload != null
+      return new PayloadAssertions(payload)
+    }
+
+    BatchAssertions assertBatch(int expectedNumberOfPayloads) {
+      List<Map<String, Object>> payloads = body['payload']
+      assert payloads != null && payloads.size() == expectedNumberOfPayloads
+      return new BatchAssertions(payloads)
+    }
+
+    void assertNoPayload() {
+      assert body['payload'] == null
+    }
+  }
+
+  static class BatchAssertions {
+    private List<Map<String, Object>> messages
+
+    BatchAssertions(List<Map<String, Object>> messages) {
+      this.messages = messages
+    }
+
+    BatchMessageAssertions assertFirstMessage(RequestType expected) {
+      return assertMessage(0, expected)
+    }
+
+    private BatchMessageAssertions assertMessage(int index, RequestType expected) {
+      if (index > messages.size()) {
+        throw new IllegalStateException("Asserted more messages than available (${messages.size()}) in the batch")
+      }
+      def message = messages[index]
+      assert message['request_type'] == String.valueOf(expected)
+      return new BatchMessageAssertions(this, index, message)
+    }
+  }
+
+  static class BatchMessageAssertions {
+    private BatchAssertions batchAssertions
+    private int messageIndex
+    private Map<String, Object> message
+
+    BatchMessageAssertions(BatchAssertions batchAssertions, int messageIndex, Map<String, Object> message) {
+      this.batchAssertions = batchAssertions
+      this.messageIndex = messageIndex
+      this.message = message
+    }
+
+    BatchMessageAssertions hasNoPayload() {
+      assert message['payload'] == null
+      return this
+    }
+
+    BatchMessageAssertions assertNextMessage(RequestType expected) {
+      messageIndex += 1
+      if (messageIndex >= batchAssertions.messages.size()) {
+        throw new IllegalStateException("No more messages available")
+      }
+      return batchAssertions.assertMessage(messageIndex, expected)
+    }
+
+    PayloadAssertions hasPayload() {
+      def payload = message['payload'] as Map<String, Object>
+      assert payload != null
+      return new PayloadAssertions(payload, this)
+    }
+
+    void assertNoMoreMessages() {
+      assert messageIndex == batchAssertions.messages.size() - 1
     }
   }
 
   static class PayloadAssertions {
     private Map<String, Object> payload
+    private BatchMessageAssertions batch
 
     PayloadAssertions(Map<String, Object> payload) {
+      this(payload, null)
+    }
+
+    PayloadAssertions(Map<String, Object> payload, BatchMessageAssertions batch) {
       this.payload = payload
+      this.batch = batch
     }
 
-    PayloadAssertions configuration(List<ConfigChange> configuration) {
+    PayloadAssertions configuration(List<ConfigSetting> configuration) {
       def expected = configuration == null ? null : []
       if (configuration != null) {
-        for (ConfigChange kv : configuration) {
-          expected.add([name: kv.name, value: kv.value])
+        for (ConfigSetting cs : configuration) {
+          expected.add([name: cs.key, value: cs.value, origin: cs.origin.value])
         }
       }
-      assert payload['configuration'] == expected
+      assert this.payload['configuration'] == expected
+      return this
+    }
+
+    PayloadAssertions products(boolean appsecEnabled = true, boolean profilerEnabled = false) {
+      def expected = [appsec: [enabled: appsecEnabled], profiler: [enabled: profilerEnabled]]
+      assert this.payload['products'] == expected
       return this
     }
 
     PayloadAssertions dependencies(List<Dependency> dependencies) {
       def expected = []
       for (Dependency d : dependencies) {
-        expected.add([hash: d.hash, name: d.name, type: "PlatformStandard", version: d.version])
+        expected.add([hash: d.hash, name: d.name, version: d.version])
       }
-      assert payload['dependencies'] == expected
+      assert this.payload['dependencies'] == expected
       return this
     }
 
@@ -175,12 +263,12 @@ class TestHttpClient extends HttpClient {
         map.put("name", i.name)
         expected.add(map)
       }
-      assert payload['integrations'] == expected
+      assert this.payload['integrations'] == expected
       return this
     }
 
     PayloadAssertions namespace(String namespace) {
-      assert payload['namespace'] == namespace
+      assert this.payload['namespace'] == namespace
       return this
     }
 
@@ -204,7 +292,7 @@ class TestHttpClient extends HttpClient {
         obj.put("tags", m.getTags())
         expected.add(obj)
       }
-      assert payload['series'] == expected
+      assert this.payload['series'] == expected
       return this
     }
 
@@ -221,7 +309,7 @@ class TestHttpClient extends HttpClient {
         obj.put("tags", d.getTags())
         expected.add(obj)
       }
-      assert payload['series'] == expected
+      assert this.payload['series'] == expected
       return this
     }
 
@@ -240,8 +328,16 @@ class TestHttpClient extends HttpClient {
         }
         expected.add(map)
       }
-      assert payload['logs'] == expected
+      assert this.payload['logs'] == expected
       return this
     }
+
+    BatchMessageAssertions assertNextMessage(RequestType requestType) {
+      return batch.assertNextMessage(requestType)
+    }
+
+    void assertNoMoreMessages() {
+      batch.assertNoMoreMessages()
+    }
   }
 }
diff --git a/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyResolverSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyResolverSpecification.groovy
index 0b1ea36a5bf..3c7e892302b 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyResolverSpecification.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyResolverSpecification.groovy
@@ -152,6 +152,33 @@ class DependencyResolverSpecification extends DepSpecification {
     temp.delete()
   }
 
+  void 'try to determine non existing lib name'() throws IOException {
+    setup:
+    File temp = File.createTempFile('temp', '.zip')
+    temp.delete()
+
+    expect:
+    DependencyResolver.extractDependenciesFromJar(temp).isEmpty()
+  }
+
+  void 'try to determine invalid jar lib'() throws IOException {
+    setup:
+    File temp = File.createTempFile('temp', '.jar')
+    temp.write("just a text file")
+
+    expect:
+    DependencyResolver.extractDependenciesFromJar(temp).isEmpty()
+  }
+
+  void 'try to determine invalid jar lib'() throws IOException {
+    setup:
+    File temp = File.createTempFile('temp', '.jar')
+    temp.write("just a text file")
+
+    expect:
+    DependencyResolver.getNestedDependency(temp.toURI()) == null
+  }
+
   void 'spring boot dependency'() throws IOException {
     setup:
     org.springframework.boot.loader.jar.JarFile.registerUrlProtocolHandler()
diff --git a/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyServiceSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyServiceSpecification.groovy
index 46457efdcf6..44144239c3f 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyServiceSpecification.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/dependency/DependencyServiceSpecification.groovy
@@ -74,6 +74,22 @@ class DependencyServiceSpecification extends DepSpecification {
     assertThat(set.first().version, is('4.12'))
   }
 
+  void 'convertToURI works with a spaced URL'() {
+    when:
+    URI uri = depService.convertToURI(new URL("file:/C:/Program Files/IBM/WebSphere/AppServer_1/plugins/com.ibm.cds_2.1.0.jar"))
+
+    then:
+    uri.path == "/C:/Program Files/IBM/WebSphere/AppServer_1/plugins/com.ibm.cds_2.1.0.jar"
+  }
+
+  void 'convertToURI works with a nested URL'() {
+    when:
+    URI uri = depService.convertToURI(new URL("jar:file:/Users/test/spring-petclinic.jar!/BOOT-INF/classes!/"))
+
+    then:
+    uri.schemeSpecificPart == "file:/Users/test/spring-petclinic.jar!/BOOT-INF/classes!/"
+  }
+
   void 'build dependency set from a fat jar'() {
     when:
     File budgetappJar = getJar('budgetapp.jar')
diff --git a/telemetry/src/test/groovy/datadog/telemetry/dependency/LocationsCollectingTransformerSpecification.groovy b/telemetry/src/test/groovy/datadog/telemetry/dependency/LocationsCollectingTransformerSpecification.groovy
index 1f526798e02..90134052a90 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/dependency/LocationsCollectingTransformerSpecification.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/dependency/LocationsCollectingTransformerSpecification.groovy
@@ -14,16 +14,6 @@ class LocationsCollectingTransformerSpecification extends DepSpecification {
 
   LocationsCollectingTransformer transformer = new LocationsCollectingTransformer(depService)
 
-  void 'no dependency for agent jar'() {
-    when:
-    transformer.transform(null, null, null, getClass().getProtectionDomain(), null)
-
-    then:
-    depService.resolveOneDependency()
-    def dependencies = depService.drainDeterminedDependencies()
-    dependencies.isEmpty()
-  }
-
   void 'no dependency if null protection domain'() {
     when:
     transformer.transform(null, null, null, null, null)
diff --git a/telemetry/src/test/groovy/datadog/telemetry/metric/IastMetricPeriodicActionTest.groovy b/telemetry/src/test/groovy/datadog/telemetry/metric/IastMetricPeriodicActionTest.groovy
index b93559ba833..e0dc5c102d5 100644
--- a/telemetry/src/test/groovy/datadog/telemetry/metric/IastMetricPeriodicActionTest.groovy
+++ b/telemetry/src/test/groovy/datadog/telemetry/metric/IastMetricPeriodicActionTest.groovy
@@ -33,7 +33,8 @@ class IastMetricPeriodicActionTest extends Specification {
     final action = new IastMetricPeriodicAction()
     final service = Mock(TelemetryService)
     final iastMetric = IastMetric.INSTRUMENTED_SOURCE
-    final tag = SourceTypes.REQUEST_PARAMETER_VALUE_STRING
+    final tag = SourceTypes.REQUEST_PARAMETER_VALUE
+    final tagString = SourceTypes.REQUEST_PARAMETER_VALUE_STRING
     final value = 23
 
     when:
@@ -42,7 +43,7 @@ class IastMetricPeriodicActionTest extends Specification {
     action.doIteration(service)
 
     then:
-    1 * service.addMetric({ matches(it, iastMetric, value, ["${iastMetric.tag.name}:${tag}"]) })
+    1 * service.addMetric({ matches(it, iastMetric, value, ["${iastMetric.tag.name}:${tagString}"]) })
     0 * _
   }
 
diff --git a/utils/test-agent-utils/decoder/src/main/java/datadog/trace/test/agent/decoder/v04/raw/SpanV04.java b/utils/test-agent-utils/decoder/src/main/java/datadog/trace/test/agent/decoder/v04/raw/SpanV04.java
index 0d1b64dd8c3..9171a8e8a30 100644
--- a/utils/test-agent-utils/decoder/src/main/java/datadog/trace/test/agent/decoder/v04/raw/SpanV04.java
+++ b/utils/test-agent-utils/decoder/src/main/java/datadog/trace/test/agent/decoder/v04/raw/SpanV04.java
@@ -98,6 +98,9 @@ private static Map<String, String> unpackMeta(MessageUnpacker unpacker, long spa
   private static String unpackString(String expectedKey, MessageUnpacker unpacker)
       throws IOException {
     unpackKey(expectedKey, unpacker);
+    if (unpacker.tryUnpackNil()) {
+      return null;
+    }
     return unpacker.unpackString();
   }
 
diff --git a/utils/test-utils/src/main/groovy/datadog/trace/test/util/Flaky.java b/utils/test-utils/src/main/groovy/datadog/trace/test/util/Flaky.java
index 1bb8bdc8e70..66ff702b03c 100644
--- a/utils/test-utils/src/main/groovy/datadog/trace/test/util/Flaky.java
+++ b/utils/test-utils/src/main/groovy/datadog/trace/test/util/Flaky.java
@@ -8,7 +8,7 @@
 
 /**
  * Use this annotation for suites or test cases that are flaky. When running in CI, these will be
- * seggregated to a separate job.
+ * segregated to a separate job.
  */
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ElementType.TYPE, ElementType.METHOD})