This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sfguest
Level 2
‎Aug 01, 2019 07:16 PM

Security policy requires codebase deletion (v7)

We have a team with a very stringent security policy that prevents confidential codebases from being stored on the scan server.

Can the codebase be deleted from  an FNCI 7.x project, while retaining the analysis, inventory, conclusions, etc?  

(2) Replies
jrubin1
Revenera
Revenera
‎Aug 01, 2019 07:33 PM

Great question!

There is no explicit requirement to keep the codebase around as far as CodeInsight is concerned. You will not lose any inventory, evidence, notes, reports etc. if the codebase is deleted from the scan server.

The only functionality that is affected is that which requires direct access to the files (for example, download of the file from the file-tree and viewing the file contents in Partial Matches panel will not be available). Other than that, there should be no loss of functionality! (we verified just to make sure)

vdonga
Moderator Moderator
Moderator
In response to jrubin1
‎Aug 02, 2019 01:47 AM

There is one caveat though.

If you scan the project again, any inventory that is not modified will get deleted as there is no trace of the files on which basis the inventory is written up.

The get around this, ensure that 'any' field in the inventory is 'modified'. A simple '-' character in Audit Notes also will retain the inventory even if the associated files are deleted.