Skip to main content

Configure enhanced server cleanup

The Enhanced server cleanup setting lets you remove routes from the historical routes dataset if those routes are only seen on servers that are no longer active. This feature is an alternative to route expiration policies.

Enhanced server cleanup is useful primarily if you have ephemeral servers and prefer to manage Assess results as unique, point-in-time scans of the application. For example, it could be beneficial if you use one server for one test run of a Contrast agent-instrumented application and don't expect to test run that application again for weeks or months.

If, as a user of Assess and Application Vulnerability Monitoring (AVM), you continuously instrument your applications, use a route expiration policy instead. It allows for more flexibility and control over when stale routes are cleaned up, regardless of the status of the server the route was reported on. Route expiration is also a better choice for if you have long-running servers, as they are more likely to host multiple versions of the same application.

Additional benefits

The benefits of using this setting include:

  • Remove routes that may no longer be seen in current builds of the application

  • An improvement in route coverage percentage

  • An improvement in vulnerability burn down metrics

  • Less data in the Route Coverage tab

How enhanced server cleanup works

When you set a server cleanup policy and turn on enhanced server cleanup, Contrast:

  • Removes all servers except the last active server

    Contrast keeps the most recently active server for each application, even if all servers for an application are offline.

  • Remove routes that may no longer be seen in current builds of the application

  • Removes routes that are associated with no servers when the server is removed

  • Marks vulnerabilities that are associated with no servers as Verified- Auto-remediated when the server is removed

  • Updates the total count of routes and the denominator in route coverage

  • Updates total count of vulnerabilities based on the auto-verified status

Before you begin

  • The enhanced server cleanup setting affects all server environments.

  • Use the Contrast web interface or the Contrast API to configure this setting.

Steps

  1. From the user menu, select Organization settings.

  2. Select Servers.

  3. Under Automatic server cleanup, set the server cleanup policy by entering the length of time that you would like servers to be offline before they are automatically cleaned up.

    Any Protect licenses assigned to removed servers are returned to the pool of available Protect licenses.

  4. Select Enhanced server cleanup.

  5. Select Save.

Image shows the Enhanced server cleanup option on the Servers setting page.
In this section: