Data Retention Management (v8.8.0 to v8.9.0)

Owned by David P (Deactivated)
Last updated: Feb 05, 2020
3 min read

In order to properly manage data storage consumption, CxSAST allows for the manual purging of old scan data. An administrator can define the desired storage policy by date range or by defining a minimal number of scans to retain overriding the date range.

Warning - Scanned data is purged from the file system as well as the database, therefore, once deleted cannot be reversed. See Data Retention Purged Data, below.

Using our CxSAST (REST) API for Data Retention, this process can be automated.

Data retention settings apply globally to all projects within the system. This global configuration can be overridden for a specific project, either during the project creation or by editing the project's setting through the Data Retention tab (see Creating and Configuring a CxSAST Project and Viewing Project Details.

Specific scans may be marked as “Locked” to avoid automated purging of important scan data.

Locked scans cannot be deleted, and will be skipped in the data retention process. If you would like to delete all scans within the range defined for deletion, it is highly important to ensure that no locked scans are included within this range. If the range does include locked scans, unlock the scans before executing the Data Retention command (see Unlocking Scans).

Defining Data Retention Settings

To define the data retention settings:

Select Management > Maintenance > Data Retention. The Data Retention window is displayed.

The Data Retention window includes the following settings:

Scans to keep:

  • Keep last successful scans -  Set the requested number of scans to be kept. This setting leaves only the specified number of recent successful last scans and deletes all other scans. For example, if the value is set to 10, it will keep the last 10 successful scans for each project.

Scans to delete:

  • Select date range to delete scans - Enter a start and an end date. This setting deletes all scans within a predefined time range.
  • Retention duration limit (hours) - Set a limit to the amount of time the operation should take. If set to 10, then after 10 hours the operation automatically stops, regardless of whether the operation is complete.

Click Start.The following message appears:

If you are unsure whether you have backed up your database, or if the range you defined for deletion includes locked scans, click Cancel to postpone the deletion.

If you want to continue, click Yes, delete it. The following message is displayed "Data retention is now in progress" and the progress of the data retention process is represented in the Stages panel.

Once the data retention process is complete, status information about last deletion is displayed in the Last Executed Data Retention panel. 

Data Retention Purged Data

Scanned data is purged from the file system as well as the database, therefore, once deleted cannot be reversed. The following data is purged as part of the data retention:

Database Tables

Selected data from the following tables is purged as part of the data retention:

  • All Scans
  • TaskScans
  • CancelledScans
  • TaskScanEnvironment
  • ScanReports
  • FailedScans
  • PathResults
  • NodeResults

File System

  • CxSRC folder – This folder holds the extracted source files which are being scanned.
    Files and folders inside the CxSrc folder are deleted as part of data retention except for the following scenario:
    In case the exact same sources (ZIP, remote location..) are uploaded to the same existing scan, the extracted folder will be excluded from further data retention cleaning tasks.
  • CxReports folder - This folder holds the following:
    • Reports requested by the customer and created in the CxSAST reports page. These reports are deleted as part of the data retention
    • Eclipse IDE reports created after each developer scan request. These reports are not deleted as part of the data retention.