Skip to main content

CxArchive - Scans Manual Deprecation

The SQL script is for tagging all scans listed under CxArchiveHistory as successfully exported as deprecated.

Danger

This is an auxiliary script that can lead to destructive results and it must be used with extreme caution. If data retention executes after a scan is marked as deprecated, there is no way to rollback.

It also might cause performance degradation and it is advised to run the script during low performance periods, such as on a weekend.

Prerequisites

  • CxSAST 8.9 or 9.x with CxArchive installed.

  • Access to CxSAST DB - User should have SYSADMIN role, it should be mapped to CxDB should be able to create tables, select/update/delete data from it and alter tables.

Recommendations

It is recommended to run the script as follows:

  1. The script must be used manually after an archive job using CxArchive.

  2. It marks the scans archived as deprecated.

  3. Run the script in granular updates in batches, such as 1000 scans at a time. Otherwise the script will attempt to update millions of lines at one time, which can be risky.

Additional information: The script is not part of CxArchive solution but rather a complement.

The script to execute is the following:

UPDATE top (1000) TS
   SET TS.is_deprecated=1
 FROM [CxDB].[dbo].[TaskScans] TS
INNER JOIN [CxDB].[CxArchive].[ExportHistory] export
    ON TS.Id=export.ScanId
WHERE TS.is_deprecated = 0 
   AND export.Jobresult = 0