Background Management Tasks
The Nanitor System has a background process we like to call the maintenance task to handle a lot of the heavy-duty calculation and processing.
The maintenance task runs about four times a day and does stuff like
- handle auto-archiving of inactive assets, when this feature is enabled
- update CVSS and EPSS scores for vulnerabilities in accordance with changes to the canonical scores
- recalculate dynamic priorities and prioritization scores for all assets and issues
- prioritization scores are also updated on the fly when something changes, but this will ensure they're up-to-date and apply issue priority age scaling
- recalculate health scores for all devices and organizations
- perform data retention cleanup (see below)
- perform other general data maintenance and cleanup
All the data received from agents and collectors are processed as they come in. As the agents and collectors report their data gets entered into a queuing system and processed in the order they were received. In a large-scale system, this queue could get backed up if a lot of agents and collectors are checking in at the same time, but this queue should be cleared out in about 5-10 min at the most.
Data Retention
Starting with Nanitor 6.8.0, the maintenance task includes automated data retention cleanup to manage database growth. These cleanup tasks run automatically as part of the regular maintenance cycle, processing data in small batches to avoid impacting system performance.
Activity Log
Activity log entries older than 3 years are automatically cleaned up. This includes event records for asset changes, issue creation/resolution, and other system events.
An exception is made for creation events tied to issues that are still open — these are retained until the issue is resolved, regardless of age.
To run the cleanup manually (processes all eligible entries at once rather than in batches):
./bin/nanitor-manager cleanup activity_log
Archived Benchmark Assignments
When a benchmark profile is unassigned from an asset, the assignment is archived. Archived assignments older than 6 months are automatically cleaned up along with their associated data (benchmark results, rule check details, compliance results, and resolved issues tied to that assignment).
This only affects data for profiles that are no longer assigned to the asset. Active assignments and their data are not affected.
To run the cleanup manually:
# Full cleanup (all eligible entries)
./bin/nanitor-manager cleanup assignments
# Incremental cleanup (bounded batch, same as automatic)
./bin/nanitor-manager cleanup assignments --incremental
Summary of Retention Periods
| Data Type | Retention Period | Condition |
|---|---|---|
| Activity log events | 3 years | Except creation events for still-open issues |
| Archived benchmark assignments | 6 months | Only assignments already archived (profile unassigned) |
| Inactive assets | Configurable | See Nanitor Archival Policy |