Module finding

Structs§

Finding: A finding is a concrete, actionable authority issue.
FindingExtras: Optional finding metadata. Lives on every Finding via #[serde(flatten)] so consumers see the fields at the top of the finding object — same place they’d appear if declared inline on Finding. Default-constructed extras serialize to nothing (all Option::None and empty Vecs skip-serialize), so existing snapshots remain byte-stable until a rule populates a field.

FindingCategory: MVP categories (1-5) are derivable from pipeline YAML alone. Stretch categories (6-9) need heuristics or metadata enrichment.
FindingSource: Provenance of a finding — distinguishes findings emitted by built-in taudit rules from findings emitted by user-loaded custom invariant YAML (--invariants-dir). Custom rules can emit arbitrarily-worded findings at any severity, so an operator piping output into a JIRA workflow or SARIF upload needs a non-spoofable signal of which file the rule came from. Serializes as "built-in" (string) for built-in findings and {"custom": "<path>"} for custom-rule findings — see docs/finding-fingerprint.md for the contract.
FixEffort: Coarse-grained remediation effort. Surfaces in JSON time_to_fix and SARIF properties.timeToFix so triage dashboards can sort by severity * effort.
Recommendation: Routing: scope findings -> TsafeRemediation; isolation findings -> CellosRemediation.
Severity

compute_finding_group_id: Stable UUID v5 over the finding fingerprint. Two findings whose fingerprints match (same rule + file + root authority) produce the same finding_group_id — that is the whole point: SIEMs and triage dashboards collapse N hops against a single secret into one row.
compute_fingerprint: Compute a stable cross-run fingerprint for a finding.
downgrade_severity: Move severity one rank toward Info (Critical -> High -> … -> Info). Info stays Info. Used by both the suppression applicator and compensating-control detectors.
rule_id_for: Public, stable rule-id resolver for a finding.