Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Documentation
Introduction

Vulnerability detail retention policy

This document is for:
Invicti Enterprise On-Demand

(Effective from September 1, 2025)

To ensure long-term performance and manage database size, we are introducing a Vulnerability Detail Retention Policy. Starting September 1, 2025, HTTP request and response data for vulnerabilities older than 6 months will be automatically removed from all supported cloud environments.

This change optimizes infrastructure to improve overall system performance while maintaining visibility.

What will change?


 The content of the HTTP Request/Response tab will be removed from the Scan Summary page for vulnerabilities older than 6 months.

  • No vulnerabilities or scans will be deleted — only the HTTP request/response data will be removed.
  • HTML/PDF reports such as the Detailed Scan Report will also be impacted.
  • The vulnerability record itself will remain available.
  • In place of the removed data, you will see this notice:

“The HTTP request/response data for this vulnerability is no longer available because it’s older than 6 months. To view this information, check a more recent vulnerability or run a new scan for this target.”

Example behaviour

If a target is scanned weekly for a year and the same vulnerability (e.g., "Windows Server Identified") appears in every scan:

  • The system will retain the latest instance of that vulnerability for the target.
  • Older instances will lose HTTP request/response details, but not the overall record or scan metadata.

Which environments are affected?

This policy applies to all multi-tenant cloud environments:

  • US
  • US2
  • EU
  • CA

When will this take effect?

  • Initial cleanup: On September 1, 2025, we will perform a one-time batch update to remove HTTP request and response details from vulnerabilities older than 6 months.
  • Ongoing policy: A rolling 6-month window will be applied moving forward.

What should you do?

No action is required. This change will be applied automatically in applicable environments.

If you wish to preserve older vulnerability details:

  • Consider exporting relevant data, such as downloading a Detail scan report, before September 1, 2025.
  • Schedule a new scan to refresh vulnerability results with full details.

FAQ

Will this impact vulnerability status or reporting?

No. Vulnerability status (e.g., active, fixed, false positive) and scan metadata will remain unaffected.

Can I disable this policy in the cloud?

No. This retention policy is applied automatically to all supported cloud environments.

If you have any questions or need help exporting vulnerability data, please contact our support team.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports