# Grouped findings as a result of If one of the criteria (**Vulnerable URL**, **Dependency**, **File Path**) is selected in the "Group findings by" field within the [scanner settings](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings), the system checks this field's value during the import of results from the scanner. It then groups all findings with the chosen criterion into a single group. Grouping operates as follows: * If a finding lacks a value for the grouping element (***path***, ***URL***, or ***dependency***), it remains individual. * If there's only one finding with a specific grouping element value, a new separate finding is created. * If multiple findings share the same grouping element value, they are grouped into a new grouped finding. Its **name** follows the format: "Many vulnerabilities found in {*grouping\_element\_name*}: {*grouping\_element\_value*}".

* The **Description** of the grouped finding includes information about each grouped finding in the format: "\[*severity*] *title*: *line*". The description of a grouped finding is limited to 3000 characters. If the description exceeds this limit, it will be truncated.

In grouped findings display, a new field appears (above the Description field), reflecting the grouping element's name (***URL*** or ***dependency***). This field holds the corresponding element's value. If the grouping element is the ***path***, its value is shown in the "File Path" field.

Example of a finding with a grouping element **Path**

Example of a finding with a grouping element **URL**

Example of a finding with a grouping element **Dependency**

**Setting Severity:** For a grouped finding, the severity is set as the highest severity among the individual findings within it. If a severity value cannot be extracted from a finding, the default scanner severity value is assigned. {% hint style="warning" %} If a file reappears during a **reimport** and it had been processed before but ***lacks*** one of the previously found findings, the grouped finding will ***not be reopened***. This is because auto closer does not function within grouped findings. If a file contains ***new findings*** during a **reimport**, they can be added as individual findings or, if there are two or more findings, a new grouped finding can be created. {% endhint %} **Deduplication in the description field:** During vulnerability grouping, the system compiles vulnerabilities that match the selected criterion (Vulnerable URL, Dependency, File Path) into a list. When creating a description for a grouped vulnerability, deduplication occurs. Deduplication involves the system using a set for all descriptions within the group, removing duplicate lines. Therefore, if you see grouped vulnerabilities where only one vulnerability is visible inside, it means that the descriptions for those vulnerabilities were similar, and deduplication of lines occurred when creating the grouped vulnerability. This mechanism provides a clearer and more compact representation of vulnerability groups, simplifying analysis and enhancing the readability of reports.