Issue fingerprints

Before comparing findings

Use this page after you have already checked severity, confidence and evidence artifacts for a report finding. A fingerprint is the product's stable issue identity for comparing one observed finding across the baseline report, a retest and scheduled monitoring. Do not rely on a fingerprint by itself. The affected URL, accepted scan scope and evidence state still need to match before you call a finding recurring, resolved or new.

Compare issue fingerprints

Follow the path `Reports → Issue evidence → Fingerprint → Retest or monitoring comparison → Next action`.

1. Open /reports/{report} and choose the finding you need to compare. Result: the issue detail shows the affected URL, evidence, status and fingerprint context for one finding.
2. Read Fingerprint before deciding whether the finding is new. Result: later scans can be compared by stable issue identity instead of title wording alone.
3. Compare the same fingerprint in the baseline report, retest report or monitoring report. Result: matching fingerprints show a recurring issue, while absent fingerprints can indicate resolved or no-longer-observed evidence.
4. Check the affected URL and accepted scan scope before calling it recurring. Result: redirects, scope changes or different pages do not create a false comparison.
5. Use Duplicate count or grouped fingerprint notes when they appear. Result: repeated evidence is treated as one issue pattern with multiple occurrences.
6. Choose the next action from the comparison state. Result: recurring findings go to remediation or monitoring, resolved findings stay closed and inconclusive comparisons go to review.

What fingerprint states mean

Use the comparison state to decide what should happen next.

• New finding means the fingerprint appears in the current report but was not seen in the compared baseline, retest or monitoring result.
• Recurring finding means the same fingerprint appears again for the same accepted scope and affected URL context.
• Resolved finding means the previous fingerprint is no longer observed in the current scan and the scan completed with enough evidence to compare.
• Duplicate occurrence means the same fingerprint appears on multiple pages or elements and should be grouped before remediation work is assigned.
• Changed finding means the title, category, severity or evidence changed enough that you should inspect artifacts before treating it as the same issue.

Inconclusive comparison states

Keep inconclusive states visible instead of forcing a new, recurring or resolved label.

• Fingerprint unavailable means the finding cannot be compared reliably; use evidence artifacts and false-positive review before assigning remediation.
• Scope changed means the accepted domain, page group or URL list changed after the earlier report, so the comparison may not cover the same surface.
• Evidence incomplete means the scan did not collect enough page, screenshot, HTML, console or network context to prove that the finding disappeared.
• False-positive review pending means reviewer context is still needed before the finding can become remediation, monitoring or publication evidence.
• Redacted evidence means safe sharing or public reporting may need a separate review before the fingerprint context leaves the private report.

Continue to false-positive review

Continue to [False-positive review](/docs/reports/false-positive-review) when the fingerprint is missing, the comparison is inconclusive or reviewer judgment is needed. Continue to [Fingerprint comparison](/docs/monitoring-retests/fingerprint-comparison) and [Issue change states](/docs/monitoring-retests/issue-change-states) when you are comparing retests or monitoring scans after evidence is complete.