Skip to main content

Configure route expiration policy

Configuring a route expiration policy can ensure that your route coverage metric in Contrast is more accurate.

The policy affects route data that Contrast displays in the following ways:

  • Routes expire only for active applications with discovered or exercised routes.

    For route expiration purposes, Contrast views an application as active if it has had at least one route observed or exercised within the configured time period. For example, if you set the route expiration policy to 30 days, the application must have had at least one instance of route activity within the past 30 days for its routes to be eligible for expiration

  • If Contrast does not see discovered or exercised routes in an active application after a specified number of days, the route is considered expired.

  • After the specified expiration date occurs, Contrast deletes the expired route.

    The route coverage calculation doesn't include the deleted routes.

  • Before Contrast deletes expired routes, it sets the status of vulnerabilities associated with the route to Remediated-Auto-Verified.

  • Routes do not expire if the application isn't active and has no discovered or exercised routes.

Before you begin

  • The policy applies to all applications.

  • Contrast applies the policy once per day.

    Depending on the number of expired routes, it is possible that Contrast might not be able to delete all of them on the same day that they expire.

Steps

  1. From the user menu, select Organization settings.

  2. Select Applications.

  3. In the Default section, under Route expiration policy, select the Remove expired routes checkbox and specify the number of days after which Contrast expires routes without activity.

    The minimum value is one day. The maximum value is 365 days. The default value is 30 days.