How to trim Fortify SSC database for performance optimization.


Fortify Software Security Center currently does not have a data retention policy for artifacts or application versions, although it is on the roadmap. A future version of Fortify Software Security Center will have functionality that enables to set a data retention policy for both artifacts and application versions.

If we allow artifacts and application versions to grow over time without maintenance, you may begin to see performance issues and extended upgrade times between releases. Users typically notice the degraded performance when their Fortify Software Security Center database reaches 1TB in size. This can easily happen if you have many years of unpurged data.

The following steps explain how to optimize SSC database for better performance

Fortify Software Security Center provides the following three data retention settings (under ADMINISTRATION > Configuration > Scheduler): 

1. Events maintenance
This option enables you to specify the number of days after which Fortify Software Security Center removes past events. The default is zero (0), which results in no event removal.
Consider setting Events Maintenance > Days to preserve to 35. Anything higher could result in the addition of millions of rows to the dbo.eventlogentry table, which stores all events that you see in the Fortify Software Security Center user interface. 

We can use the EXPORT button on the Event Logs page in Fortify Software Security Center (ADMINISTRATION > Metrics & Tracking > Event Logs) to back up all existing events. After you do, you can safely truncate the dbo.eventlogentry table. Fortify recommends that you truncate the table on a regular basis.

2. Reports maintenance
We can manage the reports generated on your Fortify Software Security Center instance. Users (with required permissions) on Fortify Software Security Center versions earlier than 21.1.x can delete generated reports manually. In 22.1.0 and later versions, you can set Reports maintenance>days to preserve so reports that are no longer required are deleted automatically after the specified number of days.

If you are not yet using Fortify Software Security Center 22.1.x or later version, Customer Support can provide a PowerShell script that you can run to create a list of generated reports, which you can then use to delete reports no longer required.

3. Data exports maintenance
When users perform a data export in Fortify Software Security Center, the exported data are stored. By default, Data exports maintenance > Days to preserve is set to 2. Fortify recommends that you leave the default setting of 2 to ensure that exported data are regularly removed from the database.


How To-Best Practice
Support Tips/Knowledge Docs
Comment List