Developer portal

Evidence retention guide

Evidence vault workflows preserve report artifacts for audits while allowing policy-controlled retention changes.

Last updated: 2026-06-09

Retention objectives

Retention policy must balance compliance requirements, incident forensics, and storage cost. Keep signed evidence long enough to support regulator lookback periods and contractual attestation windows.

Evidence vault APIs

List retained evidence: GET /tenant/evidence
Apply per-scan retention policy: POST /tenant/evidence/{scan_id}/retain
Export auditable history: GET /tenant/audit/export

Recommended policy tiers

Hot evidence: recent 90-180 days for active remediation and customer reviews.
Warm evidence: 1-3 years for contractual and annual compliance evidence.
Cold evidence: long-term immutable storage for legal hold or critical incident cases.

Lifecycle automation

Found an issue? Report documentation feedback

Evidence retention guide

Retention objectives#

Evidence vault APIs#

Recommended policy tiers#

Lifecycle automation#

Retention objectives

Evidence vault APIs

Recommended policy tiers

Lifecycle automation