Findings

The Findings tab consolidates all security issues discovered during analysis, including policy violations, gate failures, and other actionable findings.

Overview

Findings provide a unified view of:

• Security policy violations
• Gate check failures
• Configuration issues
• Compliance gaps
• Best practice recommendations

Finding Types

Security Findings

Policy Findings

Compliance Findings

Viewing Findings

Findings Tab

1. Open project
2. Navigate to Findings tab
3. View all findings for the project

Finding Card

Each finding displays:

Filtering and Sorting

Filter Options

Sort Options

• Severity (highest first)
• Date discovered (newest first)
• Component name
• Status

Finding Details

Click a finding for full details:

Detail View

Actions

From the detail view:

• Resolve - Mark as fixed
• Mitigate - Add mitigation
• Suppress - Hide from view
• Assign - Assign to team member
• Export - Export finding data

Managing Findings

Status Workflow

Open → In Progress → Resolved
  ↓        ↓
Mitigated  Suppressed

Bulk Actions

Select multiple findings to:

• Change status
• Assign to user
• Add to sprint/ticket
• Export selected
• Bulk mitigate

Assignment

Assign findings to team members:

1. Select finding(s)
2. Click Assign
3. Select team member
4. Add optional note
5. Assignee receives notification

Gate Integration

Findings relate to policy gates:

Gate Status

Viewing Gate Results

1. Go to Policies & Gates
2. See overall gate status
3. Click gate for related findings

Notifications

Alert Configuration

Configure alerts for findings:

1. Go to Settings → Notifications
2. Set finding alert rules
3. Choose delivery method

Alert Triggers

Reports

Findings Report

Generate findings reports:

1. Click Export → Findings Report
2. Select filters and date range
3. Choose format
4. Download report

Report Contents

• Executive summary
• Findings by severity
• Findings by type
• Resolution status
• Trend analysis
• Recommendations

API Access

# List findings for a project
curl -X GET "https://api.safeguard.sh/v1/projects/{id}/findings?severity=critical,high" \
  -H "Authorization: Bearer $API_KEY"

# Get finding details
curl -X GET https://api.safeguard.sh/v1/findings/{finding_id} \
  -H "Authorization: Bearer $API_KEY"

# Update finding status
curl -X PATCH https://api.safeguard.sh/v1/findings/{finding_id} \
  -H "Authorization: Bearer $API_KEY" \
  -d '{"status": "resolved"}'

Integration with Issue Trackers

Export findings to external systems:

See JIRA Integration for details.

Best Practices

Triage

• Review critical findings daily
• Triage high findings weekly
• Have clear ownership
• Set SLAs by severity

Resolution

• Fix critical findings immediately
• Document mitigations properly
• Verify fixes with rescans
• Track resolution metrics

Prevention

• Enable security gates
• Review findings in PRs
• Train team on common issues
• Improve processes based on patterns

Next Steps

• Vulnerabilities
• Policies & Gates
• JIRA Integration