When a potential issue meets confidence requirements, SynapseAudit generates a finding that includes:
A reference to the specific code location
A severity level
A contextual explanation of the observed risk
Findings are generated as discrete units tied directly to code behavior, not abstract rules.
Each finding stands on its own and does not depend on external classification systems or named vulnerability catalogs.