Fix vulnerability location org.jose4j.lang.HashUtil

[jandro996]

What Does This Do

Exclude org.jose4j.lang.HashUtil in iAST

Motivation

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-57044

[smola]

Edited title, since this is not really a false positive.

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-57044-3
git_commit_date	1742825749	1742890741
git_commit_sha	51813bd	75dd719
release_version	1.48.0-SNAPSHOT~51813bdfcb	1.48.0-SNAPSHOT~75dd719733

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742893635	1742893635
ci_job_id	862830767	862830767
ci_pipeline_id	59860040	59860040
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-jzzy7jrd-project-304-concurrent-0-mgy00x3f 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-jzzy7jrd-project-304-concurrent-0-mgy00x3f 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 66 metrics, 5 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.06 s) : 0, 1059736
Total [baseline] (10.481 s) : 0, 10481156
Agent [candidate] (1.052 s) : 0, 1051503
Total [candidate] (10.497 s) : 0, 10496923
section appsec
Agent [baseline] (1.194 s) : 0, 1194373
Total [baseline] (10.721 s) : 0, 10721142
Agent [candidate] (1.198 s) : 0, 1198238
Total [candidate] (10.801 s) : 0, 10800926
section iast
Agent [baseline] (1.18 s) : 0, 1179602
Total [baseline] (11.025 s) : 0, 11024884
Agent [candidate] (1.181 s) : 0, 1181473
Total [candidate] (11.043 s) : 0, 11043082
section profiling
Agent [baseline] (1.281 s) : 0, 1281175
Total [baseline] (10.858 s) : 0, 10857626
Agent [candidate] (1.274 s) : 0, 1273975
Total [candidate] (10.895 s) : 0, 10894605

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	appsec	1.194 s	134.638 ms (12.7%)
Agent	iast	1.18 s	119.866 ms (11.3%)
Agent	profiling	1.281 s	221.44 ms (20.9%)
Total	tracing	10.481 s	-
Total	appsec	10.721 s	239.986 ms (2.3%)
Total	iast	11.025 s	543.728 ms (5.2%)
Total	profiling	10.858 s	376.47 ms (3.6%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.052 s	-
Agent	appsec	1.198 s	146.735 ms (14.0%)
Agent	iast	1.181 s	129.97 ms (12.4%)
Agent	profiling	1.274 s	222.472 ms (21.2%)
Total	tracing	10.497 s	-
Total	appsec	10.801 s	304.003 ms (2.9%)
Total	iast	11.043 s	546.159 ms (5.2%)
Total	profiling	10.895 s	397.683 ms (3.8%)

gantt
    title petclinic - break down per module: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (726.014 ms) : 0, 726014
BytebuddyAgent [candidate] (720.555 ms) : 0, 720555
GlobalTracer [baseline] (241.965 ms) : 0, 241965
GlobalTracer [candidate] (240.523 ms) : 0, 240523
AppSec [baseline] (55.404 ms) : 0, 55404
AppSec [candidate] (54.891 ms) : 0, 54891
Debugger [baseline] (5.182 ms) : 0, 5182
Debugger [candidate] (5.202 ms) : 0, 5202
Remote Config [baseline] (718.973 µs) : 0, 719
Remote Config [candidate] (707.64 µs) : 0, 708
Telemetry [baseline] (14.263 ms) : 0, 14263
Telemetry [candidate] (13.577 ms) : 0, 13577
section appsec
BytebuddyAgent [baseline] (740.222 ms) : 0, 740222
BytebuddyAgent [candidate] (742.957 ms) : 0, 742957
GlobalTracer [baseline] (237.341 ms) : 0, 237341
GlobalTracer [candidate] (238.174 ms) : 0, 238174
AppSec [baseline] (176.116 ms) : 0, 176116
AppSec [candidate] (176.722 ms) : 0, 176722
Debugger [baseline] (4.32 ms) : 0, 4320
Debugger [candidate] (4.333 ms) : 0, 4333
Remote Config [baseline] (652.882 µs) : 0, 653
Remote Config [candidate] (654.152 µs) : 0, 654
Telemetry [baseline] (8.911 ms) : 0, 8911
Telemetry [candidate] (8.625 ms) : 0, 8625
IAST [baseline] (21.416 ms) : 0, 21416
IAST [candidate] (21.344 ms) : 0, 21344
section iast
BytebuddyAgent [baseline] (840.353 ms) : 0, 840353
BytebuddyAgent [candidate] (841.485 ms) : 0, 841485
GlobalTracer [baseline] (231.084 ms) : 0, 231084
GlobalTracer [candidate] (231.447 ms) : 0, 231447
AppSec [baseline] (55.877 ms) : 0, 55877
AppSec [candidate] (56.182 ms) : 0, 56182
Debugger [baseline] (4.177 ms) : 0, 4177
Debugger [candidate] (4.145 ms) : 0, 4145
Remote Config [baseline] (601.123 µs) : 0, 601
Remote Config [candidate] (589.504 µs) : 0, 590
Telemetry [baseline] (8.759 ms) : 0, 8759
Telemetry [candidate] (8.757 ms) : 0, 8757
IAST [baseline] (22.812 ms) : 0, 22812
IAST [candidate] (22.901 ms) : 0, 22901
section profiling
ProfilingAgent [baseline] (102.486 ms) : 0, 102486
ProfilingAgent [candidate] (102.383 ms) : 0, 102383
BytebuddyAgent [baseline] (716.046 ms) : 0, 716046
BytebuddyAgent [candidate] (711.31 ms) : 0, 711310
GlobalTracer [baseline] (352.186 ms) : 0, 352186
GlobalTracer [candidate] (351.25 ms) : 0, 351250
AppSec [baseline] (54.51 ms) : 0, 54510
AppSec [candidate] (53.504 ms) : 0, 53504
Debugger [baseline] (4.263 ms) : 0, 4263
Debugger [candidate] (4.262 ms) : 0, 4262
Remote Config [baseline] (701.167 µs) : 0, 701
Remote Config [candidate] (714.265 µs) : 0, 714
Telemetry [baseline] (8.899 ms) : 0, 8899
Telemetry [candidate] (8.933 ms) : 0, 8933
Profiling [baseline] (102.65 ms) : 0, 102650
Profiling [candidate] (102.409 ms) : 0, 102409

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.053 s) : 0, 1052914
Total [baseline] (8.716 s) : 0, 8715777
Agent [candidate] (1.058 s) : 0, 1058477
Total [candidate] (8.728 s) : 0, 8727993
section iast
Agent [baseline] (1.178 s) : 0, 1178077
Total [baseline] (9.224 s) : 0, 9223600
Agent [candidate] (1.181 s) : 0, 1180955
Total [candidate] (9.24 s) : 0, 9240379
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.181 s) : 0, 1180561
Total [baseline] (9.252 s) : 0, 9252194
Agent [candidate] (1.182 s) : 0, 1182261
Total [candidate] (9.233 s) : 0, 9233074
section iast_TELEMETRY_OFF
Agent [baseline] (1.174 s) : 0, 1173834
Total [baseline] (9.222 s) : 0, 9222105
Agent [candidate] (1.174 s) : 0, 1174221
Total [candidate] (9.225 s) : 0, 9224634

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	iast	1.178 s	125.164 ms (11.9%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.181 s	127.647 ms (12.1%)
Agent	iast_TELEMETRY_OFF	1.174 s	120.92 ms (11.5%)
Total	tracing	8.716 s	-
Total	iast	9.224 s	507.822 ms (5.8%)
Total	iast_HARDCODED_SECRET_DISABLED	9.252 s	536.417 ms (6.2%)
Total	iast_TELEMETRY_OFF	9.222 s	506.327 ms (5.8%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.058 s	-
Agent	iast	1.181 s	122.478 ms (11.6%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.182 s	123.784 ms (11.7%)
Agent	iast_TELEMETRY_OFF	1.174 s	115.744 ms (10.9%)
Total	tracing	8.728 s	-
Total	iast	9.24 s	512.387 ms (5.9%)
Total	iast_HARDCODED_SECRET_DISABLED	9.233 s	505.081 ms (5.8%)
Total	iast_TELEMETRY_OFF	9.225 s	496.641 ms (5.7%)

gantt
    title insecure-bank - break down per module: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (721.153 ms) : 0, 721153
BytebuddyAgent [candidate] (724.813 ms) : 0, 724813
GlobalTracer [baseline] (240.459 ms) : 0, 240459
GlobalTracer [candidate] (241.948 ms) : 0, 241948
AppSec [baseline] (54.862 ms) : 0, 54862
AppSec [candidate] (54.642 ms) : 0, 54642
Debugger [baseline] (4.429 ms) : 0, 4429
Debugger [candidate] (4.45 ms) : 0, 4450
Remote Config [baseline] (781.507 µs) : 0, 782
Remote Config [candidate] (718.49 µs) : 0, 718
Telemetry [baseline] (15.173 ms) : 0, 15173
Telemetry [candidate] (15.799 ms) : 0, 15799
section iast
BytebuddyAgent [baseline] (839.596 ms) : 0, 839596
BytebuddyAgent [candidate] (841.037 ms) : 0, 841037
GlobalTracer [baseline] (230.426 ms) : 0, 230426
GlobalTracer [candidate] (231.192 ms) : 0, 231192
IAST [baseline] (22.733 ms) : 0, 22733
IAST [candidate] (22.976 ms) : 0, 22976
AppSec [baseline] (55.852 ms) : 0, 55852
AppSec [candidate] (56.181 ms) : 0, 56181
Debugger [baseline] (4.13 ms) : 0, 4130
Debugger [candidate] (4.2 ms) : 0, 4200
Remote Config [baseline] (598.837 µs) : 0, 599
Remote Config [candidate] (605.829 µs) : 0, 606
Telemetry [baseline] (8.735 ms) : 0, 8735
Telemetry [candidate] (8.727 ms) : 0, 8727
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (840.533 ms) : 0, 840533
BytebuddyAgent [candidate] (841.476 ms) : 0, 841476
GlobalTracer [baseline] (230.592 ms) : 0, 230592
GlobalTracer [candidate] (231.686 ms) : 0, 231686
IAST [baseline] (23.154 ms) : 0, 23154
IAST [candidate] (23.092 ms) : 0, 23092
AppSec [baseline] (56.562 ms) : 0, 56562
AppSec [candidate] (56.377 ms) : 0, 56377
Debugger [baseline] (4.19 ms) : 0, 4190
Debugger [candidate] (4.182 ms) : 0, 4182
Remote Config [baseline] (610.034 µs) : 0, 610
Remote Config [candidate] (609.734 µs) : 0, 610
Telemetry [baseline] (8.832 ms) : 0, 8832
Telemetry [candidate] (8.817 ms) : 0, 8817
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (835.544 ms) : 0, 835544
BytebuddyAgent [candidate] (835.98 ms) : 0, 835980
GlobalTracer [baseline] (230.079 ms) : 0, 230079
GlobalTracer [candidate] (230.336 ms) : 0, 230336
IAST [baseline] (22.37 ms) : 0, 22370
IAST [candidate] (22.536 ms) : 0, 22536
AppSec [baseline] (56.347 ms) : 0, 56347
AppSec [candidate] (55.918 ms) : 0, 55918
Debugger [baseline] (4.167 ms) : 0, 4167
Debugger [candidate] (4.166 ms) : 0, 4166
Remote Config [baseline] (605.875 µs) : 0, 606
Remote Config [candidate] (608.339 µs) : 0, 608
Telemetry [baseline] (8.706 ms) : 0, 8706
Telemetry [candidate] (8.599 ms) : 0, 8599

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-03-25T08:39:30	2025-03-25T08:47:13
git_branch	master	alejandro.gonzalez/APPSEC-57044-3
git_commit_date	1742825749	1742890741
git_commit_sha	51813bd	75dd719
release_version	1.48.0-SNAPSHOT~51813bdfcb	1.48.0-SNAPSHOT~75dd719733
start_time	2025-03-25T08:39:16	2025-03-25T08:46:59

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742892830	1742892830
ci_job_id	862830768	862830768
ci_pipeline_id	59860040	59860040
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-5gca-jya-project-304-concurrent-0-d9w5xtrn 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-5gca-jya-project-304-concurrent-0-d9w5xtrn 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 16 unstable metrics.

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.359 ms) : 1339, 1378
.   : milestone, 1359,
appsec (1.717 ms) : 1694, 1739
.   : milestone, 1717,
appsec_no_iast (1.73 ms) : 1707, 1753
.   : milestone, 1730,
code_origins (1.656 ms) : 1629, 1682
.   : milestone, 1656,
iast (1.514 ms) : 1490, 1539
.   : milestone, 1514,
profiling (1.521 ms) : 1498, 1544
.   : milestone, 1521,
tracing (1.496 ms) : 1471, 1520
.   : milestone, 1496,
section candidate
no_agent (1.346 ms) : 1327, 1365
.   : milestone, 1346,
appsec (1.732 ms) : 1708, 1756
.   : milestone, 1732,
appsec_no_iast (1.731 ms) : 1708, 1755
.   : milestone, 1731,
code_origins (1.672 ms) : 1644, 1700
.   : milestone, 1672,
iast (1.526 ms) : 1502, 1550
.   : milestone, 1526,
profiling (1.502 ms) : 1478, 1525
.   : milestone, 1502,
tracing (1.508 ms) : 1484, 1532
.   : milestone, 1508,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.359 ms [1.339 ms, 1.378 ms]	-
appsec	1.717 ms [1.694 ms, 1.739 ms]	358.021 µs (26.4%)
appsec_no_iast	1.73 ms [1.707 ms, 1.753 ms]	371.278 µs (27.3%)
code_origins	1.656 ms [1.629 ms, 1.682 ms]	296.875 µs (21.9%)
iast	1.514 ms [1.49 ms, 1.539 ms]	155.497 µs (11.4%)
profiling	1.521 ms [1.498 ms, 1.544 ms]	161.959 µs (11.9%)
tracing	1.496 ms [1.471 ms, 1.52 ms]	137.098 µs (10.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.346 ms [1.327 ms, 1.365 ms]	-
appsec	1.732 ms [1.708 ms, 1.756 ms]	386.125 µs (28.7%)
appsec_no_iast	1.731 ms [1.708 ms, 1.755 ms]	385.025 µs (28.6%)
code_origins	1.672 ms [1.644 ms, 1.7 ms]	325.741 µs (24.2%)
iast	1.526 ms [1.502 ms, 1.55 ms]	180.036 µs (13.4%)
profiling	1.502 ms [1.478 ms, 1.525 ms]	155.471 µs (11.5%)
tracing	1.508 ms [1.484 ms, 1.532 ms]	162.088 µs (12.0%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb
    dateFormat X
    axisFormat %s
section baseline
no_agent (383.882 µs) : 364, 404
.   : milestone, 384,
iast (507.048 µs) : 485, 529
.   : milestone, 507,
iast_FULL (732.296 µs) : 710, 754
.   : milestone, 732,
iast_GLOBAL (557.405 µs) : 536, 579
.   : milestone, 557,
iast_HARDCODED_SECRET_DISABLED (511.48 µs) : 490, 533
.   : milestone, 511,
iast_INACTIVE (470.92 µs) : 450, 492
.   : milestone, 471,
iast_TELEMETRY_OFF (500.899 µs) : 479, 523
.   : milestone, 501,
tracing (461.048 µs) : 439, 483
.   : milestone, 461,
section candidate
no_agent (380.466 µs) : 359, 402
.   : milestone, 380,
iast (512.104 µs) : 490, 534
.   : milestone, 512,
iast_FULL (732.649 µs) : 711, 755
.   : milestone, 733,
iast_GLOBAL (556.431 µs) : 535, 578
.   : milestone, 556,
iast_HARDCODED_SECRET_DISABLED (509.447 µs) : 488, 531
.   : milestone, 509,
iast_INACTIVE (463.869 µs) : 443, 485
.   : milestone, 464,
iast_TELEMETRY_OFF (502.674 µs) : 480, 525
.   : milestone, 503,
tracing (451.943 µs) : 431, 473
.   : milestone, 452,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	383.882 µs [364.021 µs, 403.742 µs]	-
iast	507.048 µs [485.495 µs, 528.601 µs]	123.167 µs (32.1%)
iast_FULL	732.296 µs [710.307 µs, 754.285 µs]	348.414 µs (90.8%)
iast_GLOBAL	557.405 µs [535.977 µs, 578.834 µs]	173.524 µs (45.2%)
iast_HARDCODED_SECRET_DISABLED	511.48 µs [489.948 µs, 533.012 µs]	127.598 µs (33.2%)
iast_INACTIVE	470.92 µs [449.502 µs, 492.338 µs]	87.038 µs (22.7%)
iast_TELEMETRY_OFF	500.899 µs [478.998 µs, 522.8 µs]	117.018 µs (30.5%)
tracing	461.048 µs [439.474 µs, 482.622 µs]	77.166 µs (20.1%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.466 µs [358.811 µs, 402.121 µs]	-
iast	512.104 µs [490.233 µs, 533.976 µs]	131.638 µs (34.6%)
iast_FULL	732.649 µs [710.678 µs, 754.619 µs]	352.183 µs (92.6%)
iast_GLOBAL	556.431 µs [534.96 µs, 577.903 µs]	175.965 µs (46.2%)
iast_HARDCODED_SECRET_DISABLED	509.447 µs [487.689 µs, 531.205 µs]	128.981 µs (33.9%)
iast_INACTIVE	463.869 µs [442.766 µs, 484.972 µs]	83.403 µs (21.9%)
iast_TELEMETRY_OFF	502.674 µs [480.437 µs, 524.911 µs]	122.208 µs (32.1%)
tracing	451.943 µs [431.305 µs, 472.58 µs]	71.477 µs (18.8%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-57044-3
git_commit_date	1742825749	1742890741
git_commit_sha	51813bd	75dd719
release_version	1.48.0-SNAPSHOT~51813bdfcb	1.48.0-SNAPSHOT~75dd719733

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1742893312	1742893312
ci_job_id	862830769	862830769
ci_pipeline_id	59860040	59860040
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-jzzy7jrd-project-304-concurrent-1-834ygnfu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-jzzy7jrd-project-304-concurrent-1-834ygnfu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (2.34 ms) : 2297, 2384
.   : milestone, 2340,
iast (2.128 ms) : 2072, 2183
.   : milestone, 2128,
iast_GLOBAL (2.173 ms) : 2117, 2229
.   : milestone, 2173,
profiling (1.982 ms) : 1938, 2027
.   : milestone, 1982,
tracing (1.956 ms) : 1913, 1998
.   : milestone, 1956,
section candidate
no_agent (1.48 ms) : 1468, 1491
.   : milestone, 1480,
appsec (2.335 ms) : 2292, 2379
.   : milestone, 2335,
iast (2.124 ms) : 2069, 2179
.   : milestone, 2124,
iast_GLOBAL (2.163 ms) : 2108, 2219
.   : milestone, 2163,
profiling (1.973 ms) : 1929, 2017
.   : milestone, 1973,
tracing (1.951 ms) : 1909, 1994
.   : milestone, 1951,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.471 ms [1.46 ms, 1.483 ms]	-
appsec	2.34 ms [2.297 ms, 2.384 ms]	868.928 µs (59.1%)
iast	2.128 ms [2.072 ms, 2.183 ms]	656.419 µs (44.6%)
iast_GLOBAL	2.173 ms [2.117 ms, 2.229 ms]	701.823 µs (47.7%)
profiling	1.982 ms [1.938 ms, 2.027 ms]	511.232 µs (34.7%)
tracing	1.956 ms [1.913 ms, 1.998 ms]	484.357 µs (32.9%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.48 ms [1.468 ms, 1.491 ms]	-
appsec	2.335 ms [2.292 ms, 2.379 ms]	855.534 µs (57.8%)
iast	2.124 ms [2.069 ms, 2.179 ms]	644.186 µs (43.5%)
iast_GLOBAL	2.163 ms [2.108 ms, 2.219 ms]	683.394 µs (46.2%)
profiling	1.973 ms [1.929 ms, 2.017 ms]	492.977 µs (33.3%)
tracing	1.951 ms [1.909 ms, 1.994 ms]	471.416 µs (31.9%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.505 s) : 15505000, 15505000
.   : milestone, 15505000,
appsec (14.967 s) : 14967000, 14967000
.   : milestone, 14967000,
iast (18.304 s) : 18304000, 18304000
.   : milestone, 18304000,
iast_GLOBAL (17.464 s) : 17464000, 17464000
.   : milestone, 17464000,
profiling (15.075 s) : 15075000, 15075000
.   : milestone, 15075000,
tracing (15.086 s) : 15086000, 15086000
.   : milestone, 15086000,
section candidate
no_agent (14.883 s) : 14883000, 14883000
.   : milestone, 14883000,
appsec (14.772 s) : 14772000, 14772000
.   : milestone, 14772000,
iast (19.248 s) : 19248000, 19248000
.   : milestone, 19248000,
iast_GLOBAL (17.669 s) : 17669000, 17669000
.   : milestone, 17669000,
profiling (15.244 s) : 15244000, 15244000
.   : milestone, 15244000,
tracing (15.295 s) : 15295000, 15295000
.   : milestone, 15295000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.505 s [15.505 s, 15.505 s]	-
appsec	14.967 s [14.967 s, 14.967 s]	-538.0 ms (-3.5%)
iast	18.304 s [18.304 s, 18.304 s]	2.799 s (18.1%)
iast_GLOBAL	17.464 s [17.464 s, 17.464 s]	1.959 s (12.6%)
profiling	15.075 s [15.075 s, 15.075 s]	-430.0 ms (-2.8%)
tracing	15.086 s [15.086 s, 15.086 s]	-419.0 ms (-2.7%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.883 s [14.883 s, 14.883 s]	-
appsec	14.772 s [14.772 s, 14.772 s]	-111.0 ms (-0.7%)
iast	19.248 s [19.248 s, 19.248 s]	4.365 s (29.3%)
iast_GLOBAL	17.669 s [17.669 s, 17.669 s]	2.786 s (18.7%)
profiling	15.244 s [15.244 s, 15.244 s]	361.0 ms (2.4%)
tracing	15.295 s [15.295 s, 15.295 s]	412.0 ms (2.8%)