Work with Scan Engine findings

  • Release version: Zurich
  • Updated April 3, 2026
  • 3 minutes to read

    • You can view and work with open findings resulting from scans.

    Before you begin

    Role required: Scan Engine Admin (sn_se.scan_engine_admin).

    Enforcement levels and risk impact

    Every finding in your instance is evaluated along two critical dimensions to help your team prioritize remediation efforts and maintain compliance standards. Findings are evaluated with a Level of findings and impact to instance ratings.

    • Level of Findings: Represents the enforcement behavior which determines how strictly the system reacts to the issue. Such as blocking an action, issuing a warning, or providing informational guidance.
    • Impact to Instance: Represents the business and technical risk indicating how harmful the issue could be if left unresolved.

    Examples

    These two metrics work together to help teams balance enforcement and risk prioritization, ensuring critical issues are addressed first while maintaining development velocity.

    • ACT level finding with impact to instance of 9: Critical and must be fixed immediately before proceeding. No exceptions.
    • SUGGEST level with impact to instance of 8: High-risk but does not block development. Should still be prioritized for remediation.
    Table 1. Scan Engine finding levels and enforcement behavior
    Level of finding Impact to instance (typical) Severity description Enforcement behavior / recommended action
    ACT 8–10 Critical issues that can break functionality, cause security vulnerabilities, or block upgrades.
    • The record can not be saved until the code is fixed to meet the requirements in the definition.
    • No exception reason option is available.
    • An override requires admin-level rights or the disabling of the definition.
    RECOMMEND 5–7 High severity issues that may degrade performance, stability, or security. Exceptions with governance are allowed.
    SUGGEST 2–4 Moderate issues, often related to optimization, maintainability, or best practices.
    • Address during future development cycle
    • Does not block progress
    • Prompts to check for a better solution, if one is available.
    REVIEW 0-1 Low impact, informational findings with minimal impact (e.g., unused fields or minor UI inconsistencies). Monitor and optionally fix during future development cycles.

    Procedure

    1. Navigate to ALL > Impact > Platform Health > Open Findings.
    2. Open the record you want to work with by selecting its Short Description.
      The finding record displays the following fields.
      FieldDescription
      Definition Displays the scan definition that detected this finding. Select the definition name to view full definition details. See Scan Engine definitions for more information.
      Level of Finding Measures the potential severity of the finding on the overall instance on a scale of 0-10.
      Applies to A reference to the specific record flagged by the scan (for example, a business rule, script include, or ACL record). Select it to open the record directly and review or fix the issue.
      Short Description Brief description of the finding
      Finding Details What was detected and why
      The following fields appear on the Resolution tab.
      FieldDescription
      Estimated Time to Resolve Issue Time it will take to resolve the finding
      Impact to Instance
      • Finding’s impact level if there is an assigned Impact to Instance for the associated definition
      • Ranges from 1 (minimal) to 10 (critical), as defined in the scan definition. This value helps prioritize findings by business impact. Higher values indicate findings that should be addressed first.
      Steps to Resolve Suggested method for resolving the finding
      Supporting documentation Link to supporting documentation that may help in resolving the finding
    3. Apply the recommended changes in the record that triggered the finding.
    4. Optional: Submit an exception for review to request to bypass a fix for the finding.
      For more information, refer to Submit exceptions for the Scan Engine findings.
      The finding will be marked as resolved once the next scan validates the changes.