Skip to content

Add validation checks for user provided arguments in git commands #9092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 7, 2025
Merged

Add validation checks for user provided arguments in git commands #9092

merged 4 commits into from
Jul 7, 2025
+233 −11

Conversation

daniel-mohedano
Copy link
Contributor

@daniel-mohedano daniel-mohedano commented Jul 3, 2025
edited by jira bot
Loading

What Does This Do

  • Adds validation checks for user provided arguments in git commands, i.e. commit shas, branches, repo root paths, etc.

Motivation

The arguments are used in git commands which renders them vulnerable to code injection.

Contributor Checklist

Jira ticket: VULN-11396

daniel-mohedano
daniel-mohedano commented Jul 3, 2025
View reviewed changes
...nt/agent-ci-visibility/src/main/java/datadog/trace/civisibility/git/tree/ShellGitClient.java Outdated
Comment on lines 281 to 283
if (!GitUtils.isValidCommitSha(commit) && !GitUtils.isValidRef(commit)) {
return Collections.emptyList();
}
Copy link
Contributor Author

@daniel-mohedano daniel-mohedano Jul 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this method and some others are always called with HEAD, but thought it would be nice to future-proof it just in case the behavior changes

@daniel-mohedano daniel-mohedano marked this pull request as ready for review July 3, 2025 13:19
@daniel-mohedano daniel-mohedano requested review from a team as code owners July 3, 2025 13:19
@daniel-mohedano daniel-mohedano requested a review from ygree July 3, 2025 13:19
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 3, 2025
edited
Loading

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@pr-commenter
Copy link

pr-commenter bot commented Jul 3, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master daniel.mohedano/git-cmd-vulns
git_commit_date 1751600742 1751617347
git_commit_sha dd59589 f8bed95
release_version 1.51.0-SNAPSHOT~dd595896c4 1.51.0-SNAPSHOT~f8bed95ddd
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751619232 1751619232
ci_job_id 1013806580 1013806580
ci_pipeline_id 69648937 69648937
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-h1u8iesx 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-h1u8iesx 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 43 metrics, 9 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:petclinic:appsec:IAST better
[-1368.743µs; -573.219µs] or [-5.880%; -2.462%]		 22.309ms 23.280ms
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (995.207 ms) : 0, 995207
Total [baseline] (10.666 s) : 0, 10666166
Agent [candidate] (1.004 s) : 0, 1004202
Total [candidate] (10.691 s) : 0, 10690628
section appsec
Agent [baseline] (1.176 s) : 0, 1176173
Total [baseline] (10.733 s) : 0, 10733265
Agent [candidate] (1.178 s) : 0, 1178108
Total [candidate] (10.938 s) : 0, 10937935
section iast
Agent [baseline] (1.136 s) : 0, 1136013
Total [baseline] (10.808 s) : 0, 10808391
Agent [candidate] (1.132 s) : 0, 1131559
Total [candidate] (10.909 s) : 0, 10909329
section profiling
Agent [baseline] (1.246 s) : 0, 1245520
Total [baseline] (10.962 s) : 0, 10962075
Agent [candidate] (1.245 s) : 0, 1245477
Total [candidate] (10.988 s) : 0, 10988086
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 995.207 ms -
Agent appsec 1.176 s 180.966 ms (18.2%)
Agent iast 1.136 s 140.806 ms (14.1%)
Agent profiling 1.246 s 250.313 ms (25.2%)
Total tracing 10.666 s -
Total appsec 10.733 s 67.099 ms (0.6%)
Total iast 10.808 s 142.225 ms (1.3%)
Total profiling 10.962 s 295.909 ms (2.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.004 s -
Agent appsec 1.178 s 173.906 ms (17.3%)
Agent iast 1.132 s 127.357 ms (12.7%)
Agent profiling 1.245 s 241.275 ms (24.0%)
Total tracing 10.691 s -
Total appsec 10.938 s 247.307 ms (2.3%)
Total iast 10.909 s 218.701 ms (2.0%)
Total profiling 10.988 s 297.458 ms (2.8%) 
gantt
    title petclinic - break down per module: candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.698 ms) : 0, 686698
BytebuddyAgent [candidate] (693.915 ms) : 0, 693915
GlobalTracer [baseline] (242.198 ms) : 0, 242198
GlobalTracer [candidate] (243.683 ms) : 0, 243683
AppSec [baseline] (30.108 ms) : 0, 30108
AppSec [candidate] (30.633 ms) : 0, 30633
Debugger [baseline] (5.994 ms) : 0, 5994
Debugger [candidate] (6.062 ms) : 0, 6062
Remote Config [baseline] (683.744 µs) : 0, 684
Remote Config [candidate] (675.097 µs) : 0, 675
Telemetry [baseline] (8.198 ms) : 0, 8198
Telemetry [candidate] (8.262 ms) : 0, 8262
section appsec
BytebuddyAgent [baseline] (710.634 ms) : 0, 710634
BytebuddyAgent [candidate] (711.961 ms) : 0, 711961
GlobalTracer [baseline] (235.404 ms) : 0, 235404
GlobalTracer [candidate] (236.89 ms) : 0, 236890
AppSec [baseline] (170.977 ms) : 0, 170977
AppSec [candidate] (171.64 ms) : 0, 171640
Debugger [baseline] (5.77 ms) : 0, 5770
Debugger [candidate] (5.825 ms) : 0, 5825
Remote Config [baseline] (604.359 µs) : 0, 604
Remote Config [candidate] (608.315 µs) : 0, 608
Telemetry [baseline] (8.082 ms) : 0, 8082
Telemetry [candidate] (8.119 ms) : 0, 8119
IAST [baseline] (23.28 ms) : 0, 23280
IAST [candidate] (22.309 ms) : 0, 22309
section iast
BytebuddyAgent [baseline] (809.504 ms) : 0, 809504
BytebuddyAgent [candidate] (808.341 ms) : 0, 808341
GlobalTracer [baseline] (233.411 ms) : 0, 233411
GlobalTracer [candidate] (232.874 ms) : 0, 232874
AppSec [baseline] (28.757 ms) : 0, 28757
AppSec [candidate] (25.702 ms) : 0, 25702
Debugger [baseline] (5.824 ms) : 0, 5824
Debugger [candidate] (5.789 ms) : 0, 5789
Remote Config [baseline] (574.272 µs) : 0, 574
Remote Config [candidate] (587.659 µs) : 0, 588
Telemetry [baseline] (7.997 ms) : 0, 7997
Telemetry [candidate] (7.934 ms) : 0, 7934
IAST [baseline] (28.565 ms) : 0, 28565
IAST [candidate] (29.522 ms) : 0, 29522
section profiling
BytebuddyAgent [baseline] (678.195 ms) : 0, 678195
BytebuddyAgent [candidate] (679.015 ms) : 0, 679015
GlobalTracer [baseline] (361.901 ms) : 0, 361901
GlobalTracer [candidate] (361.126 ms) : 0, 361126
AppSec [baseline] (32.246 ms) : 0, 32246
AppSec [candidate] (32.331 ms) : 0, 32331
Debugger [baseline] (12.146 ms) : 0, 12146
Debugger [candidate] (11.619 ms) : 0, 11619
Remote Config [baseline] (670.187 µs) : 0, 670
Remote Config [candidate] (1.427 ms) : 0, 1427
Telemetry [baseline] (8.026 ms) : 0, 8026
Telemetry [candidate] (8.016 ms) : 0, 8016
ProfilingAgent [baseline] (103.267 ms) : 0, 103267
ProfilingAgent [candidate] (103.341 ms) : 0, 103341
Profiling [baseline] (103.292 ms) : 0, 103292
Profiling [candidate] (103.365 ms) : 0, 103365
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.003 s) : 0, 1003456
Total [baseline] (8.571 s) : 0, 8570884
Agent [candidate] (1.01 s) : 0, 1009795
Total [candidate] (8.603 s) : 0, 8603083
section iast
Agent [baseline] (1.145 s) : 0, 1145198
Total [baseline] (9.373 s) : 0, 9372834
Agent [candidate] (1.133 s) : 0, 1132618
Total [candidate] (9.274 s) : 0, 9273964
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.003 s -
Agent iast 1.145 s 141.742 ms (14.1%)
Total tracing 8.571 s -
Total iast 9.373 s 801.95 ms (9.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.01 s -
Agent iast 1.133 s 122.823 ms (12.2%)
Total tracing 8.603 s -
Total iast 9.274 s 670.881 ms (7.8%) 
gantt
    title insecure-bank - break down per module: candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (693.114 ms) : 0, 693114
BytebuddyAgent [candidate] (698.016 ms) : 0, 698016
GlobalTracer [baseline] (243.19 ms) : 0, 243190
GlobalTracer [candidate] (244.827 ms) : 0, 244827
AppSec [baseline] (30.634 ms) : 0, 30634
AppSec [candidate] (30.811 ms) : 0, 30811
Debugger [baseline] (6.11 ms) : 0, 6110
Debugger [candidate] (6.116 ms) : 0, 6116
Remote Config [baseline] (686.236 µs) : 0, 686
Remote Config [candidate] (691.365 µs) : 0, 691
Telemetry [baseline] (8.303 ms) : 0, 8303
Telemetry [candidate] (8.332 ms) : 0, 8332
section iast
BytebuddyAgent [baseline] (815.431 ms) : 0, 815431
BytebuddyAgent [candidate] (808.951 ms) : 0, 808951
GlobalTracer [baseline] (235.794 ms) : 0, 235794
GlobalTracer [candidate] (233.038 ms) : 0, 233038
AppSec [baseline] (29.665 ms) : 0, 29665
AppSec [candidate] (26.779 ms) : 0, 26779
Debugger [baseline] (6.797 ms) : 0, 6797
Debugger [candidate] (5.825 ms) : 0, 5825
Remote Config [baseline] (599.723 µs) : 0, 600
Remote Config [candidate] (594.885 µs) : 0, 595
Telemetry [baseline] (8.156 ms) : 0, 8156
Telemetry [candidate] (7.91 ms) : 0, 7910
IAST [baseline] (27.291 ms) : 0, 27291
IAST [candidate] (28.786 ms) : 0, 28786
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master daniel.mohedano/git-cmd-vulns
git_commit_date 1751600742 1751617347
git_commit_sha dd59589 f8bed95
release_version 1.51.0-SNAPSHOT~dd595896c4 1.51.0-SNAPSHOT~f8bed95ddd
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1751618916 1751618916
ci_job_id 1013806581 1013806581
ci_pipeline_id 69648937 69648937
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-y44xc60x 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-y44xc60x 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 2 performance regressions! Performance is the same for 8 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load better
[-884.819µs; -500.254µs] or [-8.341%; -4.716%]		 unstable
[-18.817op/s; +79.380op/s] or [-4.294%; +18.116%]		 9.915ms 468.469op/s 10.608ms 438.188op/s
scenario:load:petclinic:no_agent:high_load better
[-2.643ms; -2.001ms] or [-6.949%; -5.260%]		 unstable
[-0.809op/s; +16.809op/s] or [-0.658%; +13.677%]		 35.716ms 130.900op/s 38.038ms 122.900op/s
scenario:load:petclinic:appsec:high_load worse
[+1.575ms; +2.496ms] or [+3.362%; +5.328%]		 unstable
[-9.651op/s; +3.749op/s] or [-9.663%; +3.754%]		 48.891ms 96.924op/s 46.856ms 99.875op/s
scenario:load:petclinic:profiling:high_load worse
[+2.118ms; +3.096ms] or [+4.574%; +6.687%]		 unstable
[-12.759op/s; +2.034op/s] or [-12.622%; +2.012%]		 48.905ms 95.725op/s 46.298ms 101.088op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.205 ms) : 4156, 4255
.   : milestone, 4205,
iast (9.016 ms) : 8871, 9160
.   : milestone, 9016,
iast_FULL (13.986 ms) : 13712, 14260
.   : milestone, 13986,
iast_GLOBAL (10.608 ms) : 10422, 10794
.   : milestone, 10608,
profiling (8.833 ms) : 8678, 8989
.   : milestone, 8833,
tracing (7.467 ms) : 7352, 7583
.   : milestone, 7467,
section candidate
no_agent (4.306 ms) : 4258, 4354
.   : milestone, 4306,
iast (9.012 ms) : 8867, 9158
.   : milestone, 9012,
iast_FULL (13.874 ms) : 13602, 14145
.   : milestone, 13874,
iast_GLOBAL (9.915 ms) : 9744, 10087
.   : milestone, 9915,
profiling (9.136 ms) : 8988, 9285
.   : milestone, 9136,
tracing (7.423 ms) : 7318, 7527
.   : milestone, 7423,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.205 ms [4.156 ms, 4.255 ms] -
iast 9.016 ms [8.871 ms, 9.16 ms] 4.81 ms (114.4%)
iast_FULL 13.986 ms [13.712 ms, 14.26 ms] 9.781 ms (232.6%)
iast_GLOBAL 10.608 ms [10.422 ms, 10.794 ms] 6.403 ms (152.3%)
profiling 8.833 ms [8.678 ms, 8.989 ms] 4.628 ms (110.1%)
tracing 7.467 ms [7.352 ms, 7.583 ms] 3.262 ms (77.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.306 ms [4.258 ms, 4.354 ms] -
iast 9.012 ms [8.867 ms, 9.158 ms] 4.707 ms (109.3%)
iast_FULL 13.874 ms [13.602 ms, 14.145 ms] 9.568 ms (222.2%)
iast_GLOBAL 9.915 ms [9.744 ms, 10.087 ms] 5.609 ms (130.3%)
profiling 9.136 ms [8.988 ms, 9.285 ms] 4.831 ms (112.2%)
tracing 7.423 ms [7.318 ms, 7.527 ms] 3.117 ms (72.4%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (38.038 ms) : 37733, 38343
.   : milestone, 38038,
appsec (46.856 ms) : 46443, 47268
.   : milestone, 46856,
code_origins (46.276 ms) : 45864, 46687
.   : milestone, 46276,
iast (45.044 ms) : 44642, 45446
.   : milestone, 45044,
profiling (46.298 ms) : 45842, 46755
.   : milestone, 46298,
tracing (44.051 ms) : 43677, 44425
.   : milestone, 44051,
section candidate
no_agent (35.716 ms) : 35424, 36008
.   : milestone, 35716,
appsec (48.891 ms) : 48449, 49334
.   : milestone, 48891,
code_origins (45.32 ms) : 44929, 45711
.   : milestone, 45320,
iast (44.494 ms) : 44111, 44878
.   : milestone, 44494,
profiling (48.905 ms) : 48453, 49357
.   : milestone, 48905,
tracing (43.916 ms) : 43569, 44263
.   : milestone, 43916,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 38.038 ms [37.733 ms, 38.343 ms] -
appsec 46.856 ms [46.443 ms, 47.268 ms] 8.818 ms (23.2%)
code_origins 46.276 ms [45.864 ms, 46.687 ms] 8.238 ms (21.7%)
iast 45.044 ms [44.642 ms, 45.446 ms] 7.007 ms (18.4%)
profiling 46.298 ms [45.842 ms, 46.755 ms] 8.261 ms (21.7%)
tracing 44.051 ms [43.677 ms, 44.425 ms] 6.014 ms (15.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 35.716 ms [35.424 ms, 36.008 ms] -
appsec 48.891 ms [48.449 ms, 49.334 ms] 13.176 ms (36.9%)
code_origins 45.32 ms [44.929 ms, 45.711 ms] 9.604 ms (26.9%)
iast 44.494 ms [44.111 ms, 44.878 ms] 8.779 ms (24.6%)
profiling 48.905 ms [48.453 ms, 49.357 ms] 13.19 ms (36.9%)
tracing 43.916 ms [43.569 ms, 44.263 ms] 8.201 ms (23.0%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master daniel.mohedano/git-cmd-vulns
git_commit_date 1751600742 1751617347
git_commit_sha dd59589 f8bed95
release_version 1.51.0-SNAPSHOT~dd595896c4 1.51.0-SNAPSHOT~f8bed95ddd
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1751619415 1751619415
ci_job_id 1013806582 1013806582
ci_pipeline_id 69648937 69648937
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-t42aiimt 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-t42aiimt 6.8.0-1030-aws #32~22.04.1-Ubuntu SMP Thu Jun 5 08:38:24 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1459, 1482
.   : milestone, 1471,
appsec (2.401 ms) : 2352, 2450
.   : milestone, 2401,
iast (2.185 ms) : 2123, 2247
.   : milestone, 2185,
iast_GLOBAL (2.227 ms) : 2165, 2290
.   : milestone, 2227,
profiling (2.039 ms) : 1988, 2090
.   : milestone, 2039,
tracing (2.006 ms) : 1958, 2054
.   : milestone, 2006,
section candidate
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (2.4 ms) : 2351, 2450
.   : milestone, 2400,
iast (2.182 ms) : 2120, 2244
.   : milestone, 2182,
iast_GLOBAL (2.23 ms) : 2168, 2292
.   : milestone, 2230,
profiling (2.052 ms) : 2001, 2103
.   : milestone, 2052,
tracing (2.008 ms) : 1960, 2056
.   : milestone, 2008,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.459 ms, 1.482 ms] -
appsec 2.401 ms [2.352 ms, 2.45 ms] 930.215 µs (63.3%)
iast 2.185 ms [2.123 ms, 2.247 ms] 714.48 µs (48.6%)
iast_GLOBAL 2.227 ms [2.165 ms, 2.29 ms] 756.641 µs (51.4%)
profiling 2.039 ms [1.988 ms, 2.09 ms] 568.096 µs (38.6%)
tracing 2.006 ms [1.958 ms, 2.054 ms] 535.707 µs (36.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.46 ms, 1.483 ms] -
appsec 2.4 ms [2.351 ms, 2.45 ms] 928.932 µs (63.1%)
iast 2.182 ms [2.12 ms, 2.244 ms] 710.415 µs (48.3%)
iast_GLOBAL 2.23 ms [2.168 ms, 2.292 ms] 758.321 µs (51.5%)
profiling 2.052 ms [2.001 ms, 2.103 ms] 580.865 µs (39.5%)
tracing 2.008 ms [1.96 ms, 2.056 ms] 536.568 µs (36.5%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.51.0-SNAPSHOT~f8bed95ddd, baseline=1.51.0-SNAPSHOT~dd595896c4
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.768 s) : 14768000, 14768000
.   : milestone, 14768000,
appsec (14.885 s) : 14885000, 14885000
.   : milestone, 14885000,
iast (18.58 s) : 18580000, 18580000
.   : milestone, 18580000,
iast_GLOBAL (17.728 s) : 17728000, 17728000
.   : milestone, 17728000,
profiling (15.308 s) : 15308000, 15308000
.   : milestone, 15308000,
tracing (14.582 s) : 14582000, 14582000
.   : milestone, 14582000,
section candidate
no_agent (15.084 s) : 15084000, 15084000
.   : milestone, 15084000,
appsec (14.637 s) : 14637000, 14637000
.   : milestone, 14637000,
iast (18.977 s) : 18977000, 18977000
.   : milestone, 18977000,
iast_GLOBAL (18.348 s) : 18348000, 18348000
.   : milestone, 18348000,
profiling (15.881 s) : 15881000, 15881000
.   : milestone, 15881000,
tracing (14.998 s) : 14998000, 14998000
.   : milestone, 14998000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.768 s [14.768 s, 14.768 s] -
appsec 14.885 s [14.885 s, 14.885 s] 117.0 ms (0.8%)
iast 18.58 s [18.58 s, 18.58 s] 3.812 s (25.8%)
iast_GLOBAL 17.728 s [17.728 s, 17.728 s] 2.96 s (20.0%)
profiling 15.308 s [15.308 s, 15.308 s] 540.0 ms (3.7%)
tracing 14.582 s [14.582 s, 14.582 s] -186.0 ms (-1.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.084 s [15.084 s, 15.084 s] -
appsec 14.637 s [14.637 s, 14.637 s] -447.0 ms (-3.0%)
iast 18.977 s [18.977 s, 18.977 s] 3.893 s (25.8%)
iast_GLOBAL 18.348 s [18.348 s, 18.348 s] 3.264 s (21.6%)
profiling 15.881 s [15.881 s, 15.881 s] 797.0 ms (5.3%)
tracing 14.998 s [14.998 s, 14.998 s] -86.0 ms (-0.6%)

@daniel-mohedano daniel-mohedano added comp: ci visibility Continuous Integration Visibility tag: security Security related changes tag: no release notes Changes to exclude from release notes labels Jul 3, 2025
nikita-tkachenko-datadog
nikita-tkachenko-datadog approved these changes Jul 3, 2025
View reviewed changes
AlexeyKuznetsov-DD
AlexeyKuznetsov-DD requested changes Jul 3, 2025
View reviewed changes
@daniel-mohedano daniel-mohedano merged commit 041214b into master Jul 7, 2025
508 checks passed
@daniel-mohedano daniel-mohedano deleted the daniel.mohedano/git-cmd-vulns branch July 7, 2025 13:43
@github-actions github-actions bot added this to the 1.51.0 milestone Jul 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikita-tkachenko-datadog nikita-tkachenko-datadog nikita-tkachenko-datadog approved these changes

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD AlexeyKuznetsov-DD approved these changes

@ygree ygree Awaiting requested review from ygree ygree is a code owner automatically assigned from DataDog/apm-java

Assignees
No one assigned
Labels
comp: ci visibility Continuous Integration Visibility tag: no release notes Changes to exclude from release notes tag: security Security related changes
Projects
None yet
Milestone
1.51.0
Development

Successfully merging this pull request may close these issues.
3 participants
@daniel-mohedano @nikita-tkachenko-datadog @AlexeyKuznetsov-DD