Purpose

Security Rating shows an overall grade of security reliability of the project code base from "A" (the best) to "E" (the worst). 

How metric helps

Security Rating metric attempts to assign severity scores to vulnerabilities, allowing to appropriately prioritize responses and resources according to threat.

How metric works

Chart Overview

The chart displays security rating grade (on Axis Y) for each sub-unit and how this grade was changing over time (Axis X is for day-by-day timeline). Each sub-unit is clickable so that its series is shown/hidden on the chart.

Open

Calculation

The metric is based on counting the number of vulnerabilities found in the code base. The following grades are available:

A = no vulnerabilities,
B = at least 1 Minor Vulnerability,
C = at least 1 Major Vulnerability,
D = at least 1 Critical Vulnerability,
E = at least 1 Blocker Vulnerability

RAG thresholds: Red = E; Amber = D, C; Green = A, B.

Data Source

Data for the metric can be collected from Sonar or any other project tracking/engineering tool.