Skip to main content

Data Retention

Lifecycle scan data persists as archive files stored in the working directory. These files accumulate over time and may rapidly consume available disk space if not cleaned up at regular intervals.

Data retention rules move these files automatically to a trash directory and are enabled by default for new installations. This trash directory needs to be periodically purged as part of system maintenance to reduce utilized storage space.


Data retention configuration and inheritance

The data retention configuration is found on the Orgs and Policies page using the top-level navigation or by scrolling to the section below the list of policies. Retention configuration is inherited from the root organization or configured at each organization independently.

  • Organizations may be configured to inherit rules from the Root Organization

  • Applications inherit rules from their Organization

  • The most recent scan data is always retained

Trash Directory

The data retention action does not delete file data rather it is compressed and placed in the /trash folder inside the working directory. This compression will recover some disk space even when the data is not deleted.

  • The /trash directory folders are named after the date compressed; in YYYY-MM-DD/XX format.

  • Purged reports are named in the format app-{internalApplicationId}-report-{reportId}.zip

  • To avoid conflicts do not delete contents from a folder matching the current date

  • Restore reports by unzipping them into the report folder in the working directory.

  • Purging occurs once a day at midnight, local server time

Manage data retention configuration

Steps to edit the data retention configuration.

  1. Select the Root Organization or an Organization

  2. Navigate to the section labeled Data Retention and select Edit

  3. Data retention is set by the Lifecycle stage; choose between not purging for this stage or custom

  4. Choose a retention period or a set number of reports to retain. Reports are purged when either rule is satisfied


Cleaning up Success Metrics data

Success Metrics are generated when reviewing historical policy violation data. Violation data is retained after violations have been resolved and are no longer against components in the application. Set the retention value to at least as long as required to report these metrics.

Purging success metric data is limited to violations that have been resolved. Unresolved violations are not purged regardless of how many years ago those violations were first discovered. Violations that have been waived or labeled as legacy violations are considered unresolved.

Manually triggering the data retention task

The data retention task may be manually triggered using the Operational Menu. In general, this is not recommended nor needed as the task will run automatically during other maintenance tasks.

Instructions are included in the Operational Menu documentation