Skip to main content

New Data Retention Policy

We will be changing our customer data retention policy in order to enhance data security, improve compliance and performance, and reduce risk across our platform.

The following data retention rules will be implemented:

  • Results data (e.g., scan results, findings metadata, and analysis logs) will be retained for 3 months. For customers with Premium Support, the retention period will be extended to 12 months.

  • Source code (e.g., uploaded or ingested code/packages used during scan analysis) will be retained for a period of 30 days.

This article explains how you can export your scan results using the SCA web application (UI) or the available APIs.

Notice

This article relates to exporting data from SCA standalone platform. A similar retention policy is also being impemented for Checkmarx One, see Checkmarx One Documentation.

Exporting Reports via SCA Web Application

If you need to retain data (e.g., evidence packs, historical reports) beyond the scheduled time period, you should download reports that contain the relevant data.

Learn about generating SCA scan reports here.

Exporting Reports via SCA (REST) APIs

The following base URLs are used for all calls, depending on your environment:

  • US Environment - https://api-sca.checkmarx.net

  • EU Environment - https://eu.api-sca.checkmarx.net

  1. Use the Projects API ( {Base_URL}/risk-management/projects/ ) to obtain information about all the Projects in your account, the projectId is necessary for the next step.

  2. Use the obtained projectId to obtain information about the scans on each project using the Scans API ( {Base_URL}/risk-management/scans/ ) endpoint to obtain all the scanId from each project. By default, up to 10 results are returned. You can adjust this limit and apply pagination using the size and page parameters.

  3. The scanId obtained can be used with the Export Service API to generate a Scan Report that shows an overview of the security of your project as well as specific vulnerabilities, legal risks, and outdated versions identified by the scan. Scan Reports can be generated in JSON, XML, PDF or CSV format.

    Create a report using the (POST) /requests endpoint and specify the scanId and the fileFormat. Once the request is created you can check its status by using the (GET) /requests endpoint to check the status of a specific report. More information on the Export Endpoints can be found here.

In this section: