Pseudo Transactions - checkmarx-ts/CxAnalytix GitHub Wiki

When extracting scan data via the SAST API, it is subject to network errors or server outages that are unpredictable. If there is an outage during a crawl, versions of CxAnalytix would stop crawling at the time of the error. It is also possible for the machine hosting CxAnalytix to reboot or the CxAnalytix process to be interrupted. Interruptions would potentially result in missing or duplicate data depending on where the interruption was encountered.

It would be ideal to use a transactional context when writing the vulnerability data to the output destination. This would work if not for 2 factors:

Not all output methods have a transaction isolation capability.
Databases such as MongoDB have a limited transaction log size before the transaction is automatically aborted and rolled back.

Therefore the idea of a pseudo-transaction has been implemented. In a pseudo-transaction, all output intended to be written is queued to shared memory until such time that the complete set of vulnerability data is completed. If the complete vulnerability data for a scan is written, the transaction is "committed" via a fast iteration of the queued data. This limits the chances that partial or duplicate data will appear in the data store.

Using Pseudo Transactions comes at a performance cost; it is not recommended to use Pseudo Transactions while performing the initial crawl of your data.

Pseudo transactions are not foolproof; as long as the CxAnalytix process is gracefully exited, writes should complete before the process ends. Killing the CxAnalytix process so that it does not exit in response to a request to end could result in partial or duplicate data written to the data store. Graceful exit of CxAnalytix can be achieved using the following methods:

CxAnalytixCLI - CTRL-C
CxAnalytixService - Shutdown in the service control manager
CxAnalytixDaemon - systemctl stop to shut down the daemon process via systemd