feat(asm): standalone code security

[gnufede]

Code Security: This introduces "Standalone Code Security", a feature that disables APM in the tracer but keeps Code Security (IAST) enabled. In order to enable it, set the environment variables DD_IAST_ENABLED=1 and DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED=1.

System-tests

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

releasenotes/notes/feat-code-security-standalone-0fc5993ded38e83e.yaml  @DataDog/apm-python
.github/workflows/system-tests.yml                                      @DataDog/python-guild @DataDog/apm-core-python
ddtrace/_trace/tracer.py                                                @DataDog/apm-sdk-api-python
ddtrace/appsec/_iast/_iast_request_context.py                           @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/_base.py                               @DataDog/asm-python
tests/appsec/appsec/test_asm_standalone.py                              @DataDog/asm-python
tests/tracer/test_propagation.py                                        @DataDog/apm-sdk-api-python
tests/tracer/test_tracer.py                                             @DataDog/apm-sdk-api-python

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 13.70%. Comparing base (79483a5) to head (7ed3387).
Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11446      +/-   ##
==========================================
- Coverage   13.89%   13.70%   -0.19%     
==========================================
  Files        1536     1536              
  Lines      133394   133426      +32     
==========================================
- Hits        18529    18289     -240     
- Misses     114865   115137     +272     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-11-21 16:27:17

Comparing candidate commit 2fe43dc in PR branch gnufede/iast-standalone-poc with baseline commit 83ded13 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 208 metrics, 2 unstable metrics.

[datadog-dd-trace-py-rkomorn]

Datadog Report

Branch report: gnufede/iast-standalone-poc
Commit report: c5d34d2
Test service: dd-trace-py

✅ 0 Failed, 5 Passed, 179 Skipped, 1.65s Total duration (1m 28.84s time saved)