Skip to content

Finding Deduplication Logic

Finding Deduplication Logic in BoostSecurity ensures that identical security findings across different tools are merged into a single entry, improving efficiency and reducing alert fatigue. This process helps teams focus on unique vulnerabilities while maintaining comprehensive security visibility.

Deduplication Criteria

Findings are deduplicated based on the following key factors:

  1. Project Scope

    • Findings must originate from the same project to be considered for deduplication.

  2. Vulnerability Location

    • The finding must affect the same file, function, or code block within the project.
    • Findings detected at different locations within the same project are treated as separate issues.

  3. Vulnerability Classification

    • The same CVE ID, rule ID, or security policy violation is required for deduplication.

    Variations in classification (e.g., different severity ratings) may prevent deduplication.

  4. Multi-Tool Detection

    • If two or more security tools detect the same finding in the same project, location, and classification, BoostSecurity deduplicates them into a single record.
    • If the tools provide conflicting information (e.g., different severities or confidence levels), BoostSecurity retains the most severe classification while linking related findings.

Benefits of Deduplication

  • Reduces Noise: Eliminates redundant alerts across multiple tools, while reducing clutter in the Findings Page
  • Improves Prioritization: Ensures teams focus on distinct, high-impact vulnerabilities.
  • Enhances Clarity: Provides a unified view of findings without losing essential details.

Exceptions to Deduplication

While deduplication optimizes findings management, some cases require independent reporting:

  • Different vulnerability locations within the same project
  • Conflicting classifications from different tools
  • Findings detected at different points in time (e.g., reintroduced vulnerabilities)
  • Configuration changes: If a repository undergoes structural changes, a finding may be re-evaluated independently.
  • Different severity levels: A reclassified issue (e.g., from Medium to High severity) is treated as a new finding.

By applying these deduplication rules, BoostSecurity enhances security workflows and streamlines vulnerability management across complex projects.