Detection History & Comments

The history view on every finding shows when it first appeared, every scan that re-detected it, every status transition with the actor and reason, and any comments added during triage. AI verdicts are part of the same timeline.

What’s tracked

For every finding, the history records:

• First detection — the scan where the fingerprint first appeared. This pointer is immutable; later scans never overwrite the first-seen reference.
• Re-detections — each subsequent scan that contained the same fingerprint, with branch and commit SHA.
• Status transitions — every status change with actor, timestamp, and reason. Includes both human triage and system events (e.g. auto-fix).
• AI verdicts — when the finding was AI-verified, the verdict, confidence, and reasoning are part of the timeline.
• Comments — append-only triage notes (see below).

Comments

Comments are append-only. They live in the finding’s metadata and are reconstructed in the history view in chronological order. Each comment carries the author’s name, timestamp, and the comment text.

Use cases:

• “Vendor patch ETA mid-May, accepting until then” — context for why a finding is in acknowledged status.
• “WAF rule deployed, no code change needed” — explanation for marking false-positive.
• “Tracked in JIRA-1234” — link to external work.

There’s no edit/delete from the API. To remove a comment, contact a superadmin. This is intentional — append-only is what makes the history useful as a compliance artifact.

Where to find it

On any finding detail page, the History tab shows the full timeline; the Comments section sits inline with the finding metadata.

For programmatic access, GET /api/v1/findings/{id}/history returns the structured event stream.

Don't put secrets in comments

Comments are visible to everyone in your org with read access. They’re plain text — no markdown rendering, which prevents XSS, but also no link click-tracking. Don’t paste raw secrets, stack traces with credentials, or screenshots that contain sensitive data.

What history doesn’t have (yet)

• Full-text search across comments — planned.
• @mentions / notifications on new comments — planned.
• Line-level threading — comments are per-finding, not per-line.

For now, comments are best used as compact triage notes. For longer discussions, link out to a Jira/Linear/GitHub issue and reference it in the comment.