Skip to main content
Learn how to read, prioritize, and act on security scan results effectively.

Results Overview

After a scan completes, you’ll see several views of your security posture.

Dashboard Metrics

Security Score (0-100): Overall security health
  • 90-100: Excellent
  • 70-89: Good
  • 50-69: Needs improvement
  • 0-49: Critical issues
Violation Counts by Severity:
  • Critical: Immediate attention required
  • High: Significant risk
  • Medium: Moderate concern
  • Low: Minor improvements
  • Info: Informational findings

Understanding Severity Levels

Critical 🔴:
  • Actively exploitable vulnerabilities
  • High CVSS (9.0-10.0) and high EPSS (>50%)
  • Action: Fix immediately (same day)
  • Examples: SQL injection, RCE, hardcoded admin credentials
High 🟠:
  • Serious security flaws
  • CVSS 7.0-8.9, EPSS 20-50%
  • Action: Fix within 1 week
  • Examples: XSS, authentication bypass, known CVEs with high EPSS
Medium 🟡:
  • Moderate security concerns
  • CVSS 4.0-6.9, EPSS <20%
  • Action: Fix within 1 month
  • Examples: Information disclosure, weak crypto, outdated dependencies
Low 🟢:
  • Minor security improvements
  • CVSS 0.1-3.9
  • Action: Fix when convenient
  • Examples: Code quality issues, minor config issues
Info ℹ️:
  • Informational findings
  • Best practice recommendations
  • No direct security impact
  • Action: Optional improvement

CVSS and EPSS Scores

CVSS Scores

Common Vulnerability Scoring System: Technical severity rating (0-10). Components:
  • Attack Vector: Network, Adjacent, Local, Physical
  • Attack Complexity: Low or High
  • Privileges Required: None, Low, High
  • User Interaction: None or Required
  • Impact: Confidentiality, Integrity, Availability

EPSS Scores

Exploit Prediction Scoring System: Likelihood of exploitation (0-100%). Interpretation:
  • 80-100%: Very likely to be exploited
  • 50-79%: High exploitation risk
  • 20-49%: Moderate exploitation risk
  • 0-19%: Low exploitation risk

Prioritization Matrix

CVSSEPSS High (>50%)EPSS Medium (20-50%)EPSS Low (<20%)
Critical (9-10)🔥 P0 - Fix today🔴 P1 - Fix this week🟠 P2 - Fix soon
High (7-8.9)🔴 P1 - Fix this week🟠 P2 - Fix soon🟡 P3 - Schedule
Medium (4-6.9)🟠 P2 - Fix soon🟡 P3 - Schedule🟢 P4 - Backlog

Reading Violation Details

Each violation includes:
  • Code location: File path, line numbers, code context
  • Vulnerability description: Clear explanation of the risk
  • Impact: What an attacker could do
  • Remediation: Step-by-step fix guidance
  • Severity scores: CVSS, EPSS, CWE
Track security over time:
  • Violations trend (increasing/decreasing)
  • Security score trend
  • New vs fixed violations
  • Mean time to remediation
Focus on the trend, not just absolute numbers. A repository with 50 violations but declining trend is better than one with 20 violations but increasing trend.

Next Steps

Managing Violations

Triage and fix violations

Understanding Violations

Learn about violation structure