Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 2

Security policy requires codebase deletion (v7)

We have a team with a very stringent security policy that prevents confidential codebases from being stored on the scan server.

Can the codebase be deleted from  an FNCI 7.x project, while retaining the analysis, inventory, conclusions, etc?  

(2) Replies

Great question!

There is no explicit requirement to keep the codebase around as far as CodeInsight is concerned. You will not lose any inventory, evidence, notes, reports etc. if the codebase is deleted from the scan server.

The only functionality that is affected is that which requires direct access to the files (for example, download of the file from the file-tree and viewing the file contents in Partial Matches panel will not be available). Other than that, there should be no loss of functionality! (we verified just to make sure)

There is one caveat though.

If you scan the project again, any inventory that is not modified will get deleted as there is no trace of the files on which basis the inventory is written up.

The get around this, ensure that 'any' field in the inventory is 'modified'. A simple '-' character in Audit Notes also will retain the inventory even if the associated files are deleted.