Security Rating
Security Rating Score for AppSec Scan
Every scan performed within AquilaX generates a significant volume of data — including scanner types, identified findings, severity levels, and the validation status of each result. To reduce this information overload and improve usability, AquilaX introduces the Security Rating mechanism.
This feature provides a consolidated summary of scan results through a single, intuitive interface. The Security Rating offers a high-level overview, enabling users to quickly assess the security posture of their application before diving into individual findings.
The rating is visualized as shown in the image below, with each rating tier mapped to a specific score range, as detailed in the following sections of this document.
Each repository begins with a baseline Security Score of 100. As issues are identified during scans, score deductions are applied based on the severity and classification of each finding. These deductions are calculated using a predefined scoring model that weighs the impact of vulnerabilities and misconfigurations.
The resulting score — after all deductions — is what determines the final Security Rating, as represented in the visual scale introduced above.
Lines of Code
1 score x 1k Lines of Code
Upper limit 3 total. The reason behind score deduction on this is to cover TN not detected via automated-scan that is depended on the code size
Findings (Confirmed)
10 score per HIGH or CRITICAL 4 score per MEDIUM 1 score per LOW
Findings (Not-confirmed)
2 score per HIGH or CRITICAL 1 score per MEDIUM 0.2 score per LOW
Non Confirmed
1 score per each 10 findings not validated / confirmed yet
Penalize findings not triaged yet
License
5 scores for Free 3 scores for Premium 0 Scores for Ultimate
Penalized for reduced scanning capacity
Scanners
5 Score for each disabled scanner
Penalized for reduced scanning capacity
Last updated
Was this helpful?