Over the course of a project's lifecycle, code will move around. Refactoring, additions to the code base, removals, will all happen. Our current fingerprinting of findings is too coarse and results in a lot of duplicated findings over time as code moves around. SAST and Secret Detection findings currently use [location within a file](https://gitlab.com/gitlab-org/security-products/analyzers/common/-/blob/master/issue/issue.go#L244-261) in order to declare where they exist within a codebase. Over time we lose the ability to track the movement of a finding as lines are added or removed to the file above the finding in question. This reality makes discerning findings which are truly "New" to be hard, especially in the context of a merge request. Finding a way to make our ability to track findings as they move over time would go a long way towards making the outputs of our analyzers more actionable.