Application scan cleanup

Removing old scans can help improve performance and reduce clutter.

There is a maximum number of scans allowed in any application. When the maximum is reached, AppScan on Cloud prompts you to delete existing scans before starting a new one. You can let the system automatically delete the oldest scans, or manually choose which scans to delete. The choice between manual or automatic cleanup is made by the organization administrator, but they can choose to allow other users to change the setting for individual applications.

When a scan is deleted, issues that belong to only that scan are also deleted. If issues were found in multiple scans, they are not deleted; the First found date for an issue remains unchanged, even if the scan in which it was first found is deleted.

AppScan on Cloud recommends automatic cleanup.

For an organization

Administrators choose the default cleanup setting for the organization in Organization > Settings > Automatic cleanup.

When the limit is reached:
  • Manually delete scans: Users must delete scans manually.
    Note: As of July 1, 2023, applications that exceed scan limits will not be able to run new scans until they delete existing scans manually, or enable automatic cleanup.
  • Enable automatic cleanup: The service runs in the background and delete the oldest scans as needed.


When selected, other users can change the Cleanup setting for their applications.

By default, the permission to override (when override is enabled) is assigned to application managers only, but this can be changed by administrators in Access management > Roles by selecting Allow to create/modify applications for the role.

For an application

When creating or editing an application:
  • You can view the Cleanup setting (manual or automatic) in the Cleanup tab of the dialog.
  • If override has been enabled for your role, you can change the cleanup method for that application.

Rescan limit

For any one scan, the maximum number of executions allowed is 100. If you rescan more than this, the oldest scan execution is deleted automatically. There is no option to choose which executions are deleted.

As with deleted scans, any issue found in the deleted execution also is deleted if it exists only in that execution; if found in other executions it remains with the original First found date.