Consider the impact of users changing their scanner configuration on different branches.

During the discussion of UX research questions for the feature, it occurred to me that different branches might have different configurations of scanners, or at the minimum different versions.

This could theoretically become a problem in which different scanner versions or configurations might detect vulnerabilities in different ways (more or less). Comparing or deduplicating across those branches then becomes incredibly complicated.

One question posed, is should GitLab notice this and avoid ingesting, or just automatically attempt to resolve it itself?