Every repository scanned by AquilaX receives a live Security Rating from 0โ100. A single number that consolidates 32 scanners, hundreds of findings, and AI triage into one actionable metric โ so you know exactly where you stand.
Every repository starts at 100 points. Points are deducted based on confirmed findings, codebase size, and configuration. No black boxes.
Every repo begins at a perfect 100. The rating reflects only what the scanners find โ not assumptions or historical guesses about your codebase.
โ1 point per 1,000 lines, capped at โ3 points total. Accounts for the statistical likelihood of undetected findings in larger codebases.
Confirmed: โ5 pts each. Unconfirmed: โ2 pts each. These are your highest priority issues โ the ones Securitron AI has verified as real and exploitable.
Confirmed: โ2 pts each. Unconfirmed: โ0.5 pts each. Significant but not immediately exploitable โ important to address before they compound.
Confirmed: โ0.5 pts each. Unconfirmed: โ0.1 pts each. Low severity findings have minimal individual impact but contribute to overall noise floor.
Free plan: โ5 pts. Premium: โ3 pts. Ultimate: 0 pts. Each disabled scanner: โ5 pts. Incentivises full scanner coverage for accurate posture measurement.
Your application has minimal confirmed findings. Security processes are mature and effective. Suitable for compliance submission.
A few confirmed findings exist but are being managed. Review priority findings and schedule remediation within the current sprint.
Notable findings accumulating. Consider immediate triage of HIGH and CRITICAL items. AI-generated fix patches are available.
Significant vulnerability debt. Risk of exploitation is elevated. Engage the AquilaX team for a focused remediation session.
Immediate action required. Multiple HIGH/CRITICAL confirmed findings are present. Do not deploy until addressed.
Security tools generate thousands of findings. The Security Rating cuts through the noise โ giving managers, developers, and CISOs a single metric to track progress, report upwards, and prioritise action.
Know immediately whether a PR is safe to merge. Score shown in CI/CD pipeline output. Merge confidently when the score is green.
Track rating trends across all repositories over time. Identify which repos are regressing and prioritise security reviews accordingly.
Report security posture in a single number to the board or audit committee. Compare ratings across teams, products, and business units.
Connect your first repository in 90 seconds. Your Security Rating updates live with every scan โ automatically.