The findings available under this tab provide some useful options for teams. To set these findings, access the Workspace you wish to configure, then click on the Advanced sub-tab of the Workspace navigation.
This setting (disabled by default) will run a Salesforce specific package of PMD's Code Quality scanner. These are not security related findings and will appear in the Scan results as "Quality" under the Category field. This can be useful when your team needs to manage their workload across both a Security and Code Quality workload, unifying findings across both dimensions into a singular report.
Track Findings per Org
This setting (disabled by default) overrides an important feature that DigitSec offers customers with robust pipelines.
A security finding is considered unique based on factors such as the filename and the function stack. In environments where the same code base is used in multiple workspaces, finding records are persistent across workspaces. That way, status assignments, comments or taggings can be shared across workspaces at different points on the pipeline.
Turning this setting on effectively adds the Workspace ID as a component of the findings uniqueness hash. Even if the workspace is scanning the same code as other workspaces, the findings and findings meta-data (user assignments, tags, comments, status assignments) will be restricted to this workspace.
Enabling this feature can be useful for tracking vulnerabilities across different workspaces or when it is important to restrict access to specific workspaces and teams.