Contents Cached in FOSSA Object Storage
FOSSA's Data Retention Policies for S3 Object Storage
FOSSA uses object storage to store files that contain licenses or copyright headers. These files can come from first-party code or from dependencies.
First-party code can be uploaded to FOSSA in a few ways:
- FOSSA CLI:
- Vendored Dependencies:
- Archive Upload
- CLI Side License Scan with
Full-File Upload
enabled
- First Party License Scans with
Full-File Upload
enabled
- Vendored Dependencies:
- Quick Import:
- Repository Scanning
- Archive Upload via the UI
Dependency data can be cached from:
- Public registries
- Private registries/artifactory servers
- (Must be configured in your Organization settings)
Please note that both Archive Upload and Full-File Upload are opt-in features. In the case proprietary data is uploaded to FOSSA's servers by mistake, or if you would like your data deleted, please reach out to support as soon as possible.
Quick Import Data Retention
Quick Imported archives are stored in S3 in their entirety for 30 days.
No files, including source code, are stored without a license match. These files are copied to temporary directories during analysis and immediately deleted afterward.
Files with successful license matches are stored in S3. These files are retained indefinitely unless deletion of these files has been requested.
End-users are able to access these stored files by viewing the license matches of projects they have access to.
Data Retention for Vendored Dependencies and First-Party License Scans with Full-File Upload
By default, fossa-cli will only upload match snippets for Vendored Dependencies and First Party License scans. If your organization has opted in to use Full File Upload, then the following will apply:
Vendored Dependencies will be zipped, uploaded in their entirety, and stored in S3 for 30 days.
Whether from Vendored Dependencies, or First-Party License scans, files with successful license matches are stored in S3. These files are retained indefinitely unless deletion of these files has been requested.
End-users are able to access these stored files by viewing the license matches of projects they have access to.
On-Premises S3 Storage
The data retention timeline may vary for an on-prem instance, but the conditions for stored files will still apply.
Please reach out to your CSE if you have any questions regarding S3 storage for your on-prem instance.
Updated 11 months ago