Harness STO should show grace-period or soon-to-be-enforced findings in the current scan results in a disabled or non-blocking state.

These findings should be visible to developers, but clearly marked as not requiring immediate action in the current build. The UI should explain that the finding is currently allowed because it is within a configured grace period, but will block future deployments after the grace period expires.

The current scan section should display:

Finding details

Grace period expiry date/time

Reason it is currently non-blocking (Expiring Exemption/ NVD update grace period/No Fix/ Transitive/zero day/Reachability/ Exploitability)

This gives developers clear visibility without creating confusion or unnecessary urgency during the current build.