-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add standalone ASM billing support #7040
Conversation
06f4cb8
to
4de6ebc
Compare
900bce0
to
d426b4d
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 1 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 14 unstable metrics.
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.063 s) : 0, 1062955
Total [baseline] (10.317 s) : 0, 10317148
Agent [candidate] (1.063 s) : 0, 1063489
Total [candidate] (10.368 s) : 0, 10367766
section appsec
Agent [baseline] (1.19 s) : 0, 1189623
Total [baseline] (10.541 s) : 0, 10541214
Agent [candidate] (1.183 s) : 0, 1182686
Total [candidate] (10.481 s) : 0, 10481117
section iast
Agent [baseline] (1.167 s) : 0, 1167420
Total [baseline] (10.659 s) : 0, 10658939
Agent [candidate] (1.184 s) : 0, 1184428
Total [candidate] (10.734 s) : 0, 10733767
section profiling
Agent [baseline] (1.265 s) : 0, 1264802
Total [baseline] (10.635 s) : 0, 10634804
Agent [candidate] (1.271 s) : 0, 1271228
Total [candidate] (10.672 s) : 0, 10671553
gantt
title petclinic - break down per module: candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (666.546 ms) : 0, 666546
BytebuddyAgent [candidate] (665.438 ms) : 0, 665438
GlobalTracer [baseline] (303.758 ms) : 0, 303758
GlobalTracer [candidate] (305.385 ms) : 0, 305385
AppSec [baseline] (49.978 ms) : 0, 49978
AppSec [candidate] (49.904 ms) : 0, 49904
Remote Config [baseline] (685.325 µs) : 0, 685
Remote Config [candidate] (735.118 µs) : 0, 735
Telemetry [baseline] (7.514 ms) : 0, 7514
Telemetry [candidate] (7.56 ms) : 0, 7560
section appsec
BytebuddyAgent [baseline] (681.397 ms) : 0, 681397
BytebuddyAgent [candidate] (676.037 ms) : 0, 676037
GlobalTracer [baseline] (298.809 ms) : 0, 298809
GlobalTracer [candidate] (298.431 ms) : 0, 298431
AppSec [baseline] (154.653 ms) : 0, 154653
AppSec [candidate] (153.765 ms) : 0, 153765
IAST [baseline] (21.216 ms) : 0, 21216
IAST [candidate] (21.089 ms) : 0, 21089
Remote Config [baseline] (648.47 µs) : 0, 648
Remote Config [candidate] (640.569 µs) : 0, 641
Telemetry [baseline] (8.809 ms) : 0, 8809
Telemetry [candidate] (8.727 ms) : 0, 8727
section iast
BytebuddyAgent [baseline] (778.76 ms) : 0, 778760
BytebuddyAgent [candidate] (786.802 ms) : 0, 786802
GlobalTracer [baseline] (293.794 ms) : 0, 293794
GlobalTracer [candidate] (300.755 ms) : 0, 300755
AppSec [baseline] (46.965 ms) : 0, 46965
AppSec [candidate] (48.011 ms) : 0, 48011
IAST [baseline] (26.343 ms) : 0, 26343
IAST [candidate] (27.747 ms) : 0, 27747
Remote Config [baseline] (589.935 µs) : 0, 590
Remote Config [candidate] (611.42 µs) : 0, 611
Telemetry [baseline] (7.691 ms) : 0, 7691
Telemetry [candidate] (7.109 ms) : 0, 7109
section profiling
BytebuddyAgent [baseline] (663.096 ms) : 0, 663096
BytebuddyAgent [candidate] (667.105 ms) : 0, 667105
GlobalTracer [baseline] (388.402 ms) : 0, 388402
GlobalTracer [candidate] (389.51 ms) : 0, 389510
AppSec [baseline] (51.518 ms) : 0, 51518
AppSec [candidate] (51.731 ms) : 0, 51731
Remote Config [baseline] (743.904 µs) : 0, 744
Remote Config [candidate] (678.961 µs) : 0, 679
Telemetry [baseline] (7.429 ms) : 0, 7429
Telemetry [candidate] (7.486 ms) : 0, 7486
ProfilingAgent [baseline] (96.549 ms) : 0, 96549
ProfilingAgent [candidate] (97.174 ms) : 0, 97174
Profiling [baseline] (96.573 ms) : 0, 96573
Profiling [candidate] (97.199 ms) : 0, 97199
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.068 s) : 0, 1067972
Total [baseline] (8.573 s) : 0, 8572545
Agent [candidate] (1.063 s) : 0, 1063197
Total [candidate] (8.562 s) : 0, 8561883
section iast
Agent [baseline] (1.17 s) : 0, 1169906
Total [baseline] (8.98 s) : 0, 8980096
Agent [candidate] (1.178 s) : 0, 1178114
Total [candidate] (9.006 s) : 0, 9006120
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.168 s) : 0, 1168056
Total [baseline] (8.95 s) : 0, 8950426
Agent [candidate] (1.168 s) : 0, 1167885
Total [candidate] (8.971 s) : 0, 8971212
section iast_TELEMETRY_OFF
Agent [baseline] (1.174 s) : 0, 1174087
Total [baseline] (8.982 s) : 0, 8982278
Agent [candidate] (1.165 s) : 0, 1165110
Total [candidate] (8.998 s) : 0, 8998265
gantt
title insecure-bank - break down per module: candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (669.225 ms) : 0, 669225
BytebuddyAgent [candidate] (665.456 ms) : 0, 665456
GlobalTracer [baseline] (305.243 ms) : 0, 305243
GlobalTracer [candidate] (305.112 ms) : 0, 305112
AppSec [baseline] (50.464 ms) : 0, 50464
AppSec [candidate] (49.886 ms) : 0, 49886
Remote Config [baseline] (700.694 µs) : 0, 701
Remote Config [candidate] (712.047 µs) : 0, 712
Telemetry [baseline] (7.626 ms) : 0, 7626
Telemetry [candidate] (7.616 ms) : 0, 7616
section iast
BytebuddyAgent [baseline] (779.743 ms) : 0, 779743
BytebuddyAgent [candidate] (784.412 ms) : 0, 784412
GlobalTracer [baseline] (293.439 ms) : 0, 293439
GlobalTracer [candidate] (295.779 ms) : 0, 295779
AppSec [baseline] (46.928 ms) : 0, 46928
AppSec [candidate] (47.399 ms) : 0, 47399
IAST [baseline] (27.387 ms) : 0, 27387
IAST [candidate] (29.546 ms) : 0, 29546
Remote Config [baseline] (655.435 µs) : 0, 655
Remote Config [candidate] (601.532 µs) : 0, 602
Telemetry [baseline] (8.49 ms) : 0, 8490
Telemetry [candidate] (7.032 ms) : 0, 7032
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (778.201 ms) : 0, 778201
BytebuddyAgent [candidate] (778.73 ms) : 0, 778730
GlobalTracer [baseline] (293.502 ms) : 0, 293502
GlobalTracer [candidate] (294.346 ms) : 0, 294346
AppSec [baseline] (47.07 ms) : 0, 47070
AppSec [candidate] (47.234 ms) : 0, 47234
IAST [baseline] (28.453 ms) : 0, 28453
IAST [candidate] (26.635 ms) : 0, 26635
Remote Config [baseline] (653.264 µs) : 0, 653
Remote Config [candidate] (598.122 µs) : 0, 598
Telemetry [baseline] (6.881 ms) : 0, 6881
Telemetry [candidate] (6.972 ms) : 0, 6972
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (783.093 ms) : 0, 783093
BytebuddyAgent [candidate] (775.821 ms) : 0, 775821
GlobalTracer [baseline] (295.359 ms) : 0, 295359
GlobalTracer [candidate] (293.451 ms) : 0, 293451
AppSec [baseline] (47.183 ms) : 0, 47183
AppSec [candidate] (46.91 ms) : 0, 46910
IAST [baseline] (26.879 ms) : 0, 26879
IAST [candidate] (27.53 ms) : 0, 27530
Remote Config [baseline] (572.69 µs) : 0, 573
Remote Config [candidate] (593.909 µs) : 0, 594
Telemetry [baseline] (7.559 ms) : 0, 7559
Telemetry [candidate] (7.478 ms) : 0, 7478
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (363.624 µs) : 344, 383
. : milestone, 364,
iast (477.202 µs) : 456, 498
. : milestone, 477,
iast_FULL (540.687 µs) : 520, 562
. : milestone, 541,
iast_GLOBAL (504.688 µs) : 483, 527
. : milestone, 505,
iast_HARDCODED_SECRET_DISABLED (477.692 µs) : 456, 499
. : milestone, 478,
iast_INACTIVE (446.807 µs) : 426, 468
. : milestone, 447,
iast_TELEMETRY_OFF (467.63 µs) : 447, 489
. : milestone, 468,
tracing (437.25 µs) : 417, 458
. : milestone, 437,
section candidate
no_agent (365.926 µs) : 345, 387
. : milestone, 366,
iast (472.91 µs) : 452, 494
. : milestone, 473,
iast_FULL (546.84 µs) : 526, 568
. : milestone, 547,
iast_GLOBAL (524.579 µs) : 501, 549
. : milestone, 525,
iast_HARDCODED_SECRET_DISABLED (479.72 µs) : 458, 501
. : milestone, 480,
iast_INACTIVE (446.779 µs) : 426, 468
. : milestone, 447,
iast_TELEMETRY_OFF (479.671 µs) : 458, 501
. : milestone, 480,
tracing (439.272 µs) : 419, 460
. : milestone, 439,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (1.33 ms) : 1311, 1349
. : milestone, 1330,
appsec (1.72 ms) : 1697, 1743
. : milestone, 1720,
appsec_no_iast (1.682 ms) : 1657, 1707
. : milestone, 1682,
iast (1.488 ms) : 1466, 1510
. : milestone, 1488,
profiling (1.513 ms) : 1487, 1539
. : milestone, 1513,
tracing (1.465 ms) : 1440, 1490
. : milestone, 1465,
section candidate
no_agent (1.351 ms) : 1331, 1370
. : milestone, 1351,
appsec (1.718 ms) : 1693, 1742
. : milestone, 1718,
appsec_no_iast (1.731 ms) : 1707, 1756
. : milestone, 1731,
iast (1.456 ms) : 1433, 1479
. : milestone, 1456,
profiling (1.523 ms) : 1497, 1549
. : milestone, 1523,
tracing (1.465 ms) : 1442, 1489
. : milestone, 1465,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (1.468 ms) : 1457, 1480
. : milestone, 1468,
appsec (2.233 ms) : 2199, 2268
. : milestone, 2233,
iast (1.957 ms) : 1916, 1998
. : milestone, 1957,
iast_GLOBAL (2.009 ms) : 1968, 2051
. : milestone, 2009,
profiling (1.852 ms) : 1818, 1885
. : milestone, 1852,
tracing (1.828 ms) : 1796, 1860
. : milestone, 1828,
section candidate
no_agent (1.463 ms) : 1451, 1474
. : milestone, 1463,
appsec (2.21 ms) : 2177, 2244
. : milestone, 2210,
iast (1.968 ms) : 1927, 2010
. : milestone, 1968,
iast_GLOBAL (2.013 ms) : 1972, 2054
. : milestone, 2013,
profiling (1.859 ms) : 1824, 1894
. : milestone, 1859,
tracing (1.836 ms) : 1804, 1868
. : milestone, 1836,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~7a8c016106, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (14.842 s) : 14842000, 14842000
. : milestone, 14842000,
appsec (15.067 s) : 15067000, 15067000
. : milestone, 15067000,
iast (18.966 s) : 18966000, 18966000
. : milestone, 18966000,
iast_GLOBAL (17.943 s) : 17943000, 17943000
. : milestone, 17943000,
profiling (15.308 s) : 15308000, 15308000
. : milestone, 15308000,
tracing (14.984 s) : 14984000, 14984000
. : milestone, 14984000,
section candidate
no_agent (15.018 s) : 15018000, 15018000
. : milestone, 15018000,
appsec (14.978 s) : 14978000, 14978000
. : milestone, 14978000,
iast (18.918 s) : 18918000, 18918000
. : milestone, 18918000,
iast_GLOBAL (17.855 s) : 17855000, 17855000
. : milestone, 17855000,
profiling (15.411 s) : 15411000, 15411000
. : milestone, 15411000,
tracing (15.28 s) : 15280000, 15280000
. : milestone, 15280000,
|
ced8bb4
to
59176d0
Compare
ce7a934
to
5ac2536
Compare
dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
Outdated
Show resolved
Hide resolved
...t/groovy/datadog/smoketest/asmstandalonebilling/AbstractAsmStandaloneBillingSmokeTest.groovy
Show resolved
Hide resolved
...groovy/datadog/smoketest/asmstandalonebilling/AsmStandaloneBillingConerCasesSmokeTest.groovy
Outdated
Show resolved
Hide resolved
...groovy/datadog/smoketest/asmstandalonebilling/AsmStandaloneBillingConerCasesSmokeTest.groovy
Outdated
Show resolved
Hide resolved
...groovy/datadog/smoketest/asmstandalonebilling/AsmStandaloneBillingConerCasesSmokeTest.groovy
Outdated
Show resolved
Hide resolved
...groovy/datadog/smoketest/asmstandalonebilling/AsmStandaloneBillingConerCasesSmokeTest.groovy
Outdated
Show resolved
Hide resolved
dd-trace-core/src/test/groovy/datadog/trace/core/propagation/DatadogPropagationTagsTest.groovy
Outdated
Show resolved
Hide resolved
dd-trace-core/src/test/groovy/datadog/trace/core/propagation/DatadogPropagationTagsTest.groovy
Outdated
Show resolved
Hide resolved
I don't, get why for |
dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java
Outdated
Show resolved
Hide resolved
dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java
Outdated
Show resolved
Hide resolved
Is an RFC specification, you can check it here |
Can we introduce one more
so, the method |
dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java
Outdated
Show resolved
Hide resolved
dd-trace-core/src/main/java/datadog/trace/common/metrics/MetricsAggregatorFactory.java
Outdated
Show resolved
Hide resolved
dd-trace-core/src/main/java/datadog/trace/core/PendingTrace.java
Outdated
Show resolved
Hide resolved
dd-trace-core/src/main/java/datadog/trace/common/sampling/AsmStandaloneSampler.java
Outdated
Show resolved
Hide resolved
dd-trace-core/src/main/java/datadog/trace/common/sampling/AsmStandaloneSampler.java
Outdated
Show resolved
Hide resolved
f828db1
to
4b5ff15
Compare
…smoketest/asmstandalonebilling/AsmStandaloneBillingConerCasesSmokeTest.groovy Co-authored-by: Santiago M. Mola <[email protected]>
…tandaloneSampler.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
…tandaloneSampler.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
af875dc
to
7a8c016
Compare
What Does This Do
Add new boolean environment variable
DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED
, when it's enabled:_dd.apm.enabled:0
to the metrics map of the service entry spans._dd.apm.enabled
is assumed to be 1 when absent, so it is backward compatible.HTTP header Datadog-Client-Computed-Stats: yes
)_dd.p.appsec: 1
providing the knowledge to downstream services that the current distributed trace is containing at least one ASM event and must inherit from the given force-keep priority indeed._dd.p.appsec
span tagTimeSampler
to only allow 1 APM trace per minute as standalone ASM is only interested in the traces containing ASM events. But the service catalog and the billing need a continuous ingestion of at least at 1 trace per minute to consider a service as being live and billable. In the absence of ASM events, no APM traces must be sent, so we need to let some regular APM traces go through, even in the absence of ASM events.Motivation
ASM is a natural continuation of APM, leveraging concepts such as traces to build threat monitoring protection capabilities, or on telemetry to build vulnerability management.
Though, some customers (primarily infrastructure-monitoring-only customers) only want ASM. We want to make this possible, still internally leveraging APM and provide the same service to ASM customers, while allowing them to not use APM
Additional Notes
Jira ticket: APPSEC-10459