After experimenting and checking the documentation on security marks, it is not clear if the assets security marks are the same security marks as the findings one.
I've added a security mark in the "Assets" tab, to only go back to the "Findings" tab and not see it there. Are they the same, but I'm experiencing a data synchronization issue? I've waited at least 2 days however. Or are they different "marks?"
On
As its mentioned in the doc , you will never see those findings in SCC where you put the security marks as true. Assets on allowlists are still scanned by detectors, but findings are suppressed and not written to Security Command Center. https://cloud.google.com/security-command-center/docs/how-to-use-security-health-analytics#security-marks
According to this documentation https://cloud.google.com/security-command-center/docs/how-to-security-marks , it appears Asset Security Marks are not the same as Finding Security Marks and must be created and handled separately.
This make sense since you use asset security marks to ignore an asset, while with finding security marks you only want to ignore one finding on the asset, not the asset as a whole.