Vulnerability detail retention policy
(Effective from September 1, 2025)
To ensure long-term performance and manage database size, we are introducing a Vulnerability Detail Retention Policy. Starting September 1, 2025, HTTP request and response data for vulnerabilities older than 6 months will be automatically removed from all supported cloud environments.
This change optimizes infrastructure to improve overall system performance while maintaining visibility.
What will change?
- The content of the HTTP Request/Response tab will be removed from the Scan summary page from vulnerabilities older than 6 months.
- HTML/PDF reports such as the Detailed scan report will also be impacted.
- The vulnerability record itself will remain available.
- You will see a notice in place of the removed data:
“The HTTP request/response data for this vulnerability is no longer available because it’s older than 6 months. To view this information, check a more recent vulnerability or run a new scan for this target.”
Example behaviour
If a target is scanned weekly for a year and the same vulnerability (e.g., "Windows Server Identified") appears in every scan:
- The system will retain the latest instance of that vulnerability for the target.
- Older instances will lose HTTP request/response details, but not the overall record or scan metadata.
Which environments are affected?
This policy applies to all multi-tenant cloud environments:
- US
- US2
- EU
- CA
When will this take effect?
- Initial cleanup: On September 1, 2025, we will perform a one-time batch update to remove HTTP request and response details from vulnerabilities older than 6 months.
- Ongoing policy: A rolling 6-month window will be applied moving forward.
What should you do?
No action is required. This change will be applied automatically in applicable environments.
If you wish to preserve older vulnerability details:
- Consider exporting relevant data, such as downloading a Detail scan report, before September 1, 2025.
- Schedule a new scan to refresh vulnerability results with full details.
FAQ
Will this impact vulnerability status or reporting?
No. Vulnerability status (e.g., active, fixed, false positive) and scan metadata will remain unaffected.
Can I disable this policy in the cloud?
No. This retention policy is applied automatically to all supported cloud environments.
If you have any questions or need help exporting vulnerability data, please contact our support team.