iframe-proxy

dependabot · 2026-04-28T17:27:51Z

Bumps the gh-actions-packages group with 1 update: aquasecurity/trivy-action.

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

chore(ci): update bump-trivy workflow by @DmitriyLewen in aquasecurity/trivy-action#546

ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in aquasecurity/trivy-action#552

ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in aquasecurity/trivy-action#550

test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in aquasecurity/trivy-action#555

ci: add dependabot config by @nikpivkin in aquasecurity/trivy-action#556

chore: add zizmor config by @nikpivkin in aquasecurity/trivy-action#557

chore(deps): bump the actions group with 5 updates by @dependabot[bot] in aquasecurity/trivy-action#558

fix: use portable shebang in entrypoint.sh by @Hayao0819 in aquasecurity/trivy-action#545

Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in aquasecurity/trivy-action#547

Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in aquasecurity/trivy-action#548

chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in aquasecurity/trivy-action#561

chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in aquasecurity/trivy-action#559

chore: update action version to v0.36.0 in examples by @nikpivkin in aquasecurity/trivy-action#563

New Contributors

@dependabot[bot] made their first contribution in aquasecurity/trivy-action#558

@Hayao0819 made their first contribution in aquasecurity/trivy-action#545

@patrik-csak made their first contribution in aquasecurity/trivy-action#547

@Aditya09-cse made their first contribution in aquasecurity/trivy-action#548

@Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits

ed142fd chore: update action version to v0.36.0 in examples (#563)
dea62cf chore(deps): Update trivy to v0.70.0 (#559)
128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
4a2deec fix: use portable shebang in entrypoint.sh (#545)
1994662 chore(deps): bump the actions group with 5 updates (#558)
6b36659 chore: add zizmor config (#557)
316aa5a ci: add dependabot config (#556)
264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gh-actions-packages group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@57a97c7...ed142fd) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>

pr-commenter · 2026-04-28T18:16:05Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-d884b4a175
git_commit_date	1777386837	1777397269
git_commit_sha	`e6cac64`	`65ac871`
release_version	1.62.0-SNAPSHOT~e6cac64dfd	1.62.0-SNAPSHOT~65ac8712db

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1777399086	1777399086
ci_job_id	1639096105	1639096105
ci_pipeline_id	110227250	110227250
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-kcwezwwe 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-kcwezwwe 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 11 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.06 s) : 0, 1059562
Total [baseline] (8.816 s) : 0, 8816204
Agent [candidate] (1.065 s) : 0, 1064897
Total [candidate] (8.834 s) : 0, 8833725
section iast
Agent [baseline] (1.241 s) : 0, 1241361
Total [baseline] (9.497 s) : 0, 9497454
Agent [candidate] (1.243 s) : 0, 1243056
Total [candidate] (9.549 s) : 0, 9548887

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	iast	1.241 s	181.799 ms (17.2%)
Total	tracing	8.816 s	-
Total	iast	9.497 s	681.25 ms (7.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.065 s	-
Agent	iast	1.243 s	178.16 ms (16.7%)
Total	tracing	8.834 s	-
Total	iast	9.549 s	715.162 ms (8.1%)

gantt
    title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.23 ms) : 0, 1230
crashtracking [candidate] (1.221 ms) : 0, 1221
BytebuddyAgent [baseline] (633.627 ms) : 0, 633627
BytebuddyAgent [candidate] (636.906 ms) : 0, 636906
AgentMeter [baseline] (29.365 ms) : 0, 29365
AgentMeter [candidate] (29.519 ms) : 0, 29519
GlobalTracer [baseline] (248.204 ms) : 0, 248204
GlobalTracer [candidate] (249.524 ms) : 0, 249524
AppSec [baseline] (32.584 ms) : 0, 32584
AppSec [candidate] (32.731 ms) : 0, 32731
Debugger [baseline] (59.923 ms) : 0, 59923
Debugger [candidate] (59.972 ms) : 0, 59972
Remote Config [baseline] (600.407 µs) : 0, 600
Remote Config [candidate] (1.339 ms) : 0, 1339
Telemetry [baseline] (8.338 ms) : 0, 8338
Telemetry [candidate] (8.518 ms) : 0, 8518
Flare Poller [baseline] (9.78 ms) : 0, 9780
Flare Poller [candidate] (9.138 ms) : 0, 9138
section iast
crashtracking [baseline] (1.235 ms) : 0, 1235
crashtracking [candidate] (1.223 ms) : 0, 1223
BytebuddyAgent [baseline] (822.756 ms) : 0, 822756
BytebuddyAgent [candidate] (821.863 ms) : 0, 821863
AgentMeter [baseline] (11.281 ms) : 0, 11281
AgentMeter [candidate] (11.322 ms) : 0, 11322
GlobalTracer [baseline] (237.224 ms) : 0, 237224
GlobalTracer [candidate] (238.313 ms) : 0, 238313
AppSec [baseline] (28.78 ms) : 0, 28780
AppSec [candidate] (31.515 ms) : 0, 31515
Debugger [baseline] (61.739 ms) : 0, 61739
Debugger [candidate] (62.661 ms) : 0, 62661
Remote Config [baseline] (527.9 µs) : 0, 528
Remote Config [candidate] (522.045 µs) : 0, 522
Telemetry [baseline] (7.899 ms) : 0, 7899
Telemetry [candidate] (7.999 ms) : 0, 7999
Flare Poller [baseline] (3.343 ms) : 0, 3343
Flare Poller [candidate] (3.361 ms) : 0, 3361
IAST [baseline] (30.56 ms) : 0, 30560
IAST [candidate] (28.257 ms) : 0, 28257

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065400
Total [baseline] (11.026 s) : 0, 11026407
Agent [candidate] (1.066 s) : 0, 1065765
Total [candidate] (11.009 s) : 0, 11009020
section appsec
Agent [baseline] (1.266 s) : 0, 1265858
Total [baseline] (11.003 s) : 0, 11003388
Agent [candidate] (1.268 s) : 0, 1268228
Total [candidate] (11.061 s) : 0, 11060537
section iast
Agent [baseline] (1.254 s) : 0, 1253764
Total [baseline] (11.306 s) : 0, 11306022
Agent [candidate] (1.251 s) : 0, 1250961
Total [candidate] (11.283 s) : 0, 11282817
section profiling
Agent [baseline] (1.19 s) : 0, 1189821
Total [baseline] (10.99 s) : 0, 10989790
Agent [candidate] (1.197 s) : 0, 1196543
Total [candidate] (11.15 s) : 0, 11150033

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.065 s	-
Agent	appsec	1.266 s	200.458 ms (18.8%)
Agent	iast	1.254 s	188.364 ms (17.7%)
Agent	profiling	1.19 s	124.421 ms (11.7%)
Total	tracing	11.026 s	-
Total	appsec	11.003 s	-23.019 ms (-0.2%)
Total	iast	11.306 s	279.615 ms (2.5%)
Total	profiling	10.99 s	-36.618 ms (-0.3%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.066 s	-
Agent	appsec	1.268 s	202.463 ms (19.0%)
Agent	iast	1.251 s	185.196 ms (17.4%)
Agent	profiling	1.197 s	130.778 ms (12.3%)
Total	tracing	11.009 s	-
Total	appsec	11.061 s	51.517 ms (0.5%)
Total	iast	11.283 s	273.797 ms (2.5%)
Total	profiling	11.15 s	141.012 ms (1.3%)

gantt
    title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.222 ms) : 0, 1222
crashtracking [candidate] (1.228 ms) : 0, 1228
BytebuddyAgent [baseline] (636.165 ms) : 0, 636165
BytebuddyAgent [candidate] (636.053 ms) : 0, 636053
AgentMeter [baseline] (29.419 ms) : 0, 29419
AgentMeter [candidate] (29.522 ms) : 0, 29522
GlobalTracer [baseline] (249.328 ms) : 0, 249328
GlobalTracer [candidate] (249.293 ms) : 0, 249293
AppSec [baseline] (32.922 ms) : 0, 32922
AppSec [candidate] (32.811 ms) : 0, 32811
Debugger [baseline] (60.767 ms) : 0, 60767
Debugger [candidate] (60.578 ms) : 0, 60578
Remote Config [baseline] (603.826 µs) : 0, 604
Remote Config [candidate] (594.74 µs) : 0, 595
Telemetry [baseline] (9.111 ms) : 0, 9111
Telemetry [candidate] (9.126 ms) : 0, 9126
Flare Poller [baseline] (9.805 ms) : 0, 9805
Flare Poller [candidate] (10.499 ms) : 0, 10499
section appsec
crashtracking [baseline] (1.221 ms) : 0, 1221
crashtracking [candidate] (1.228 ms) : 0, 1228
BytebuddyAgent [baseline] (674.149 ms) : 0, 674149
BytebuddyAgent [candidate] (679.144 ms) : 0, 679144
AgentMeter [baseline] (12.255 ms) : 0, 12255
AgentMeter [candidate] (12.266 ms) : 0, 12266
GlobalTracer [baseline] (249.317 ms) : 0, 249317
GlobalTracer [candidate] (249.554 ms) : 0, 249554
AppSec [baseline] (185.512 ms) : 0, 185512
AppSec [candidate] (184.921 ms) : 0, 184921
Debugger [baseline] (65.025 ms) : 0, 65025
Debugger [candidate] (64.682 ms) : 0, 64682
Remote Config [baseline] (579.395 µs) : 0, 579
Remote Config [candidate] (558.254 µs) : 0, 558
Telemetry [baseline] (7.912 ms) : 0, 7912
Telemetry [candidate] (7.778 ms) : 0, 7778
Flare Poller [baseline] (8.64 ms) : 0, 8640
Flare Poller [candidate] (5.59 ms) : 0, 5590
IAST [baseline] (24.653 ms) : 0, 24653
IAST [candidate] (24.628 ms) : 0, 24628
section iast
crashtracking [baseline] (1.218 ms) : 0, 1218
crashtracking [candidate] (1.247 ms) : 0, 1247
BytebuddyAgent [baseline] (830.704 ms) : 0, 830704
BytebuddyAgent [candidate] (828.392 ms) : 0, 828392
AgentMeter [baseline] (11.479 ms) : 0, 11479
AgentMeter [candidate] (11.384 ms) : 0, 11384
GlobalTracer [baseline] (240.929 ms) : 0, 240929
GlobalTracer [candidate] (238.928 ms) : 0, 238928
AppSec [baseline] (29.96 ms) : 0, 29960
AppSec [candidate] (31.577 ms) : 0, 31577
Debugger [baseline] (63.531 ms) : 0, 63531
Debugger [candidate] (63.218 ms) : 0, 63218
Remote Config [baseline] (524.736 µs) : 0, 525
Remote Config [candidate] (514.327 µs) : 0, 514
Telemetry [baseline] (7.936 ms) : 0, 7936
Telemetry [candidate] (7.945 ms) : 0, 7945
Flare Poller [baseline] (3.384 ms) : 0, 3384
Flare Poller [candidate] (3.388 ms) : 0, 3388
IAST [baseline] (28.077 ms) : 0, 28077
IAST [candidate] (27.414 ms) : 0, 27414
section profiling
ProfilingAgent [baseline] (94.424 ms) : 0, 94424
ProfilingAgent [candidate] (95.59 ms) : 0, 95590
crashtracking [baseline] (1.188 ms) : 0, 1188
crashtracking [candidate] (1.194 ms) : 0, 1194
BytebuddyAgent [baseline] (695.347 ms) : 0, 695347
BytebuddyAgent [candidate] (697.718 ms) : 0, 697718
AgentMeter [baseline] (8.896 ms) : 0, 8896
AgentMeter [candidate] (8.991 ms) : 0, 8991
GlobalTracer [baseline] (207.662 ms) : 0, 207662
GlobalTracer [candidate] (209.584 ms) : 0, 209584
AppSec [baseline] (32.534 ms) : 0, 32534
AppSec [candidate] (33.078 ms) : 0, 33078
Debugger [baseline] (65.809 ms) : 0, 65809
Debugger [candidate] (66.167 ms) : 0, 66167
Remote Config [baseline] (585.329 µs) : 0, 585
Remote Config [candidate] (593.97 µs) : 0, 594
Telemetry [baseline] (8.065 ms) : 0, 8065
Telemetry [candidate] (8.247 ms) : 0, 8247
Flare Poller [baseline] (3.571 ms) : 0, 3571
Flare Poller [candidate] (3.58 ms) : 0, 3580
Profiling [baseline] (94.995 ms) : 0, 94995
Profiling [candidate] (96.148 ms) : 0, 96148

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-d884b4a175
git_commit_date	1777386837	1777397269
git_commit_sha	`e6cac64`	`65ac871`
release_version	1.62.0-SNAPSHOT~e6cac64dfd	1.62.0-SNAPSHOT~65ac8712db

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1777399638	1777399638
ci_job_id	1639096106	1639096106
ci_pipeline_id	110227250	110227250
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-3pp9n6m5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-3pp9n6m5 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 4 performance improvements and 1 performance regressions! Performance is the same for 15 metrics, 16 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:insecure-bank:profiling:high_load	better [-204.464µs; -48.406µs] or [-10.934%; -2.589%]	unstable [-1110.896µs; -171.644µs] or [-19.678%; -3.040%]	unstable [-55.979op/s; +451.604op/s] or [-2.945%; +23.758%]	1.743ms	5.004ms	2098.688op/s	1.870ms	5.645ms	1900.875op/s
scenario:load:petclinic:code_origins:high_load	better [-1146.495µs; -369.353µs] or [-6.312%; -2.033%]	same [-1271.956µs; +91.133µs] or [-4.314%; +0.309%]	unstable [-16.214op/s; +35.276op/s] or [-6.432%; +13.993%]	17.407ms	28.893ms	261.625op/s	18.165ms	29.484ms	252.094op/s
scenario:load:petclinic:no_agent:high_load	better [-2.339ms; -0.730ms] or [-12.471%; -3.895%]	unstable [-3.569ms; -0.319ms] or [-11.487%; -1.026%]	unstable [-4.216op/s; +50.404op/s] or [-1.735%; +20.745%]	17.218ms	29.122ms	266.062op/s	18.753ms	31.066ms	242.969op/s
scenario:load:petclinic:iast:high_load	better [-1.529ms; -0.615ms] or [-8.236%; -3.314%]	unsure [-1.743ms; -0.332ms] or [-5.833%; -1.110%]	unstable [-12.691op/s; +38.378op/s] or [-5.101%; +15.426%]	17.488ms	28.844ms	261.625op/s	18.560ms	29.881ms	248.781op/s
scenario:load:petclinic:tracing:high_load	worse [+544.941µs; +1032.042µs] or [+3.181%; +6.023%]	unsure [+263.386µs; +1322.278µs] or [+0.931%; +4.676%]	unstable [-34.307op/s; +17.182op/s] or [-12.929%; +6.476%]	17.922ms	29.074ms	256.781op/s	17.134ms	28.281ms	265.344op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (19.21 ms) : 19011, 19409
.   : milestone, 19210,
appsec (18.65 ms) : 18464, 18836
.   : milestone, 18650,
code_origins (18.511 ms) : 18326, 18695
.   : milestone, 18511,
iast (18.759 ms) : 18571, 18947
.   : milestone, 18759,
profiling (18.028 ms) : 17852, 18205
.   : milestone, 18028,
tracing (17.582 ms) : 17409, 17756
.   : milestone, 17582,
section candidate
no_agent (17.536 ms) : 17359, 17712
.   : milestone, 17536,
appsec (18.955 ms) : 18762, 19149
.   : milestone, 18955,
code_origins (17.832 ms) : 17656, 18007
.   : milestone, 17832,
iast (17.834 ms) : 17656, 18013
.   : milestone, 17834,
profiling (18.247 ms) : 18065, 18429
.   : milestone, 18247,
tracing (18.169 ms) : 17987, 18352
.   : milestone, 18169,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	19.21 ms [19.011 ms, 19.409 ms]	-
appsec	18.65 ms [18.464 ms, 18.836 ms]	-559.934 µs (-2.9%)
code_origins	18.511 ms [18.326 ms, 18.695 ms]	-699.286 µs (-3.6%)
iast	18.759 ms [18.571 ms, 18.947 ms]	-451.05 µs (-2.3%)
profiling	18.028 ms [17.852 ms, 18.205 ms]	-1.182 ms (-6.2%)
tracing	17.582 ms [17.409 ms, 17.756 ms]	-1.628 ms (-8.5%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	17.536 ms [17.359 ms, 17.712 ms]	-
appsec	18.955 ms [18.762 ms, 19.149 ms]	1.42 ms (8.1%)
code_origins	17.832 ms [17.656 ms, 18.007 ms]	295.895 µs (1.7%)
iast	17.834 ms [17.656 ms, 18.013 ms]	298.694 µs (1.7%)
profiling	18.247 ms [18.065 ms, 18.429 ms]	711.76 µs (4.1%)
tracing	18.169 ms [17.987 ms, 18.352 ms]	633.822 µs (3.6%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.226 ms) : 1215, 1238
.   : milestone, 1226,
iast (3.349 ms) : 3305, 3393
.   : milestone, 3349,
iast_FULL (6.236 ms) : 6172, 6299
.   : milestone, 6236,
iast_GLOBAL (3.714 ms) : 3657, 3771
.   : milestone, 3714,
profiling (2.387 ms) : 2364, 2410
.   : milestone, 2387,
tracing (1.952 ms) : 1935, 1969
.   : milestone, 1952,
section candidate
no_agent (1.257 ms) : 1245, 1268
.   : milestone, 1257,
iast (3.434 ms) : 3382, 3486
.   : milestone, 3434,
iast_FULL (6.216 ms) : 6152, 6280
.   : milestone, 6216,
iast_GLOBAL (3.836 ms) : 3780, 3893
.   : milestone, 3836,
profiling (2.155 ms) : 2135, 2174
.   : milestone, 2155,
tracing (1.932 ms) : 1915, 1949
.   : milestone, 1932,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.226 ms [1.215 ms, 1.238 ms]	-
iast	3.349 ms [3.305 ms, 3.393 ms]	2.123 ms (173.1%)
iast_FULL	6.236 ms [6.172 ms, 6.299 ms]	5.009 ms (408.4%)
iast_GLOBAL	3.714 ms [3.657 ms, 3.771 ms]	2.488 ms (202.8%)
profiling	2.387 ms [2.364 ms, 2.41 ms]	1.161 ms (94.6%)
tracing	1.952 ms [1.935 ms, 1.969 ms]	725.467 µs (59.2%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.257 ms [1.245 ms, 1.268 ms]	-
iast	3.434 ms [3.382 ms, 3.486 ms]	2.177 ms (173.2%)
iast_FULL	6.216 ms [6.152 ms, 6.28 ms]	4.959 ms (394.6%)
iast_GLOBAL	3.836 ms [3.78 ms, 3.893 ms]	2.58 ms (205.3%)
profiling	2.155 ms [2.135 ms, 2.174 ms]	897.788 µs (71.4%)
tracing	1.932 ms [1.915 ms, 1.949 ms]	675.033 µs (53.7%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	dependabot/github_actions/gh-actions-packages-d884b4a175
git_commit_date	1777386837	1777397269
git_commit_sha	`e6cac64`	`65ac871`
release_version	1.62.0-SNAPSHOT~e6cac64dfd	1.62.0-SNAPSHOT~65ac8712db

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1777399307	1777399307
ci_job_id	1639096107	1639096107
ci_pipeline_id	110227250	110227250
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-0f56qf9r 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-0f56qf9r 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.482 ms) : 1471, 1494
.   : milestone, 1482,
appsec (3.85 ms) : 3624, 4076
.   : milestone, 3850,
iast (2.279 ms) : 2209, 2349
.   : milestone, 2279,
iast_GLOBAL (2.333 ms) : 2262, 2404
.   : milestone, 2333,
profiling (2.115 ms) : 2059, 2170
.   : milestone, 2115,
tracing (2.081 ms) : 2027, 2135
.   : milestone, 2081,
section candidate
no_agent (1.486 ms) : 1475, 1498
.   : milestone, 1486,
appsec (3.837 ms) : 3614, 4060
.   : milestone, 3837,
iast (2.277 ms) : 2207, 2346
.   : milestone, 2277,
iast_GLOBAL (2.32 ms) : 2250, 2390
.   : milestone, 2320,
profiling (2.101 ms) : 2046, 2157
.   : milestone, 2101,
tracing (2.081 ms) : 2028, 2135
.   : milestone, 2081,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.482 ms [1.471 ms, 1.494 ms]	-
appsec	3.85 ms [3.624 ms, 4.076 ms]	2.367 ms (159.7%)
iast	2.279 ms [2.209 ms, 2.349 ms]	796.983 µs (53.8%)
iast_GLOBAL	2.333 ms [2.262 ms, 2.404 ms]	851.025 µs (57.4%)
profiling	2.115 ms [2.059 ms, 2.17 ms]	632.507 µs (42.7%)
tracing	2.081 ms [2.027 ms, 2.135 ms]	598.461 µs (40.4%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.486 ms [1.475 ms, 1.498 ms]	-
appsec	3.837 ms [3.614 ms, 4.06 ms]	2.351 ms (158.1%)
iast	2.277 ms [2.207 ms, 2.346 ms]	790.314 µs (53.2%)
iast_GLOBAL	2.32 ms [2.25 ms, 2.39 ms]	833.651 µs (56.1%)
profiling	2.101 ms [2.046 ms, 2.157 ms]	615.07 µs (41.4%)
tracing	2.081 ms [2.028 ms, 2.135 ms]	594.819 µs (40.0%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~65ac8712db, baseline=1.62.0-SNAPSHOT~e6cac64dfd
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.384 s) : 15384000, 15384000
.   : milestone, 15384000,
appsec (14.906 s) : 14906000, 14906000
.   : milestone, 14906000,
iast (18.368 s) : 18368000, 18368000
.   : milestone, 18368000,
iast_GLOBAL (17.963 s) : 17963000, 17963000
.   : milestone, 17963000,
profiling (15.471 s) : 15471000, 15471000
.   : milestone, 15471000,
tracing (14.687 s) : 14687000, 14687000
.   : milestone, 14687000,
section candidate
no_agent (15.503 s) : 15503000, 15503000
.   : milestone, 15503000,
appsec (15.026 s) : 15026000, 15026000
.   : milestone, 15026000,
iast (18.216 s) : 18216000, 18216000
.   : milestone, 18216000,
iast_GLOBAL (17.895 s) : 17895000, 17895000
.   : milestone, 17895000,
profiling (15.034 s) : 15034000, 15034000
.   : milestone, 15034000,
tracing (14.783 s) : 14783000, 14783000
.   : milestone, 14783000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.384 s [15.384 s, 15.384 s]	-
appsec	14.906 s [14.906 s, 14.906 s]	-478.0 ms (-3.1%)
iast	18.368 s [18.368 s, 18.368 s]	2.984 s (19.4%)
iast_GLOBAL	17.963 s [17.963 s, 17.963 s]	2.579 s (16.8%)
profiling	15.471 s [15.471 s, 15.471 s]	87.0 ms (0.6%)
tracing	14.687 s [14.687 s, 14.687 s]	-697.0 ms (-4.5%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.503 s [15.503 s, 15.503 s]	-
appsec	15.026 s [15.026 s, 15.026 s]	-477.0 ms (-3.1%)
iast	18.216 s [18.216 s, 18.216 s]	2.713 s (17.5%)
iast_GLOBAL	17.895 s [17.895 s, 17.895 s]	2.392 s (15.4%)
profiling	15.034 s [15.034 s, 15.034 s]	-469.0 ms (-3.0%)
tracing	14.783 s [14.783 s, 14.783 s]	-720.0 ms (-4.6%)

PerfectSlayer · 2026-04-29T10:59:04Z

/merge

gh-worker-devflow-routing-ef8351 · 2026-04-29T10:59:08Z

dependabot Bot added comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes labels Apr 28, 2026

dependabot Bot requested a review from a team as a code owner April 28, 2026 17:27

dependabot Bot requested review from AlexeyKuznetsov-DD and removed request for a team April 28, 2026 17:27

dependabot Bot added tag: no release notes Changes to exclude from release notes tag: dependencies Dependencies related changes comp: tooling Build & Tooling labels Apr 28, 2026

PerfectSlayer approved these changes Apr 29, 2026

View reviewed changes

gh-worker-dd-mergequeue-cf854d Bot merged commit 0fe5cd3 into master Apr 29, 2026
576 of 582 checks passed

gh-worker-dd-mergequeue-cf854d Bot deleted the dependabot/github_actions/gh-actions-packages-d884b4a175 branch April 29, 2026 12:11

github-actions Bot added this to the 1.62.0 milestone Apr 29, 2026

Sunbelt Computer Software

PL/B Language Development and Support

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(ci): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 in the gh-actions-packages group#11223

chore(ci): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 in the gh-actions-packages group#11223
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
masterfrom
dependabot/github_actions/gh-actions-packages-d884b4a175

dependabot Bot commented on behalf of github Apr 28, 2026

Uh oh!

pr-commenter Bot commented Apr 28, 2026

Uh oh!

PerfectSlayer commented Apr 29, 2026

Uh oh!

gh-worker-devflow-routing-ef8351 Bot commented Apr 29, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Sunbelt Computer Software

PL/B Language Development and Support

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 28, 2026

v0.36.0

What's Changed

New Contributors

Uh oh!

pr-commenter Bot commented Apr 28, 2026

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

PerfectSlayer commented Apr 29, 2026

Uh oh!

gh-worker-devflow-routing-ef8351 Bot commented Apr 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

gh-worker-devflow-routing-ef8351 Bot commented Apr 29, 2026 •

edited

Loading