You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/content/automation/api/api-v2-docs.md
+28Lines changed: 28 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -264,6 +264,34 @@ A classic way of reimporting a scan is by specifying the ID of the test instead:
264
264
}
265
265
```
266
266
267
+
## Asynchronous Deletion Behavior
268
+
269
+
Deletions in DefectDojo (via both the API and UI) are processed **asynchronously** by Celery background workers. When you delete an Engagement, Test, or other object, the API or UI returns a success response immediately, but the actual deletion runs in the background.
270
+
271
+
This means:
272
+
- Objects may still appear in queries for a period of time after deletion is confirmed.
273
+
- Cascade deletions (e.g., deleting an Engagement also deletes its Tests and Findings) are processed as a chain of background tasks. Child objects are removed in dependency order: Findings, then Tests, then Engagements.
274
+
- For large Engagements with many Findings, this process can take several minutes to complete.
275
+
276
+
There is no need to build custom scripts to delete objects in dependency order. A single `DELETE` request on an Engagement will cascade to all child objects automatically. Simply allow time for the background tasks to complete.
277
+
278
+
## API Pagination Limits
279
+
280
+
DefectDojo Pro enforces a maximum page size of **250** results per API request. Setting `limit` higher than 250 may result in HTTP 502 errors due to query timeouts.
281
+
282
+
Open Source DefectDojo instances may also experience timeouts with very large page sizes depending on dataset size and server resources.
283
+
284
+
For large result sets, use pagination with a page size of 50-250 and add short delays between paginated requests to avoid saturating the worker pool.
285
+
286
+
## Large-Scale Import Best Practices
287
+
288
+
When importing scan results at scale (e.g., SBOM pipelines with thousands of components), consider the following:
289
+
290
+
-**Use `background_import=true`** for large payloads. Synchronous imports tie up a uwsgi worker for the duration of the import, which can degrade performance for all users.
291
+
-**Target payload sizes under 1 MB per import** where possible. Split large SBOMs into smaller files per product or component group.
292
+
-**Add delays between consecutive API calls** to avoid worker pool exhaustion, which causes HTTP 502 errors.
293
+
-**Use Reimport** (`/api/v2/reimport-scan/`) for recurring scans to update existing findings rather than creating duplicates.
294
+
267
295
## Using the Scan Completion Date (API: `scan_date`) field
268
296
269
297
DefectDojo offers a plethora of supported scanner reports, but not all of them contain the
0 commit comments