How Your Score Works
Your security score isn't a random number. It's a clear, severity-weighted calculation based on 260+ security checkpoints across your code, dependencies, configuration, and infrastructure.
How It's Calculated
Every repo starts at 100 points. Each open vulnerability subtracts points based on how dangerous it is. The more severe the issue, the bigger the penalty.
Severity Matters
Not all vulnerabilities are equal. Each finding is classified by severity — from Critical to Info — and the more severe the issue, the more points it subtracts from your score. A single critical finding hurts more than several low-severity ones. Informational findings don't affect your score at all.
What Your Score Means
Your code is well-secured. Keep it up.
Solid security posture with minor improvements possible.
Some risks worth addressing before they become problems.
Significant vulnerabilities that should be prioritized.
Serious issues that need immediate action.
Your Score Is Alive
Only open findings penalize your score. Fix a vulnerability, accept the risk, or dismiss it — your score updates on the next scan. It reflects the current state of your repo, not its history.
A Perfect Score Isn't Always the Goal
No codebase is 100% all the time — and that's fine. Some findings won't match your specific setup. Maybe you're not using cookies so a cookie-related flag doesn't apply. Maybe your architecture makes a certain check irrelevant.
The important part isn't chasing a perfect number. It's knowing what's there, understanding the risk, and making a conscious decision: fix it, accept it, or dismiss it. That's what separates a secure project from one that just got lucky.
With 260+ checkpoints across code patterns, dependencies, secrets, headers, database rules, and more — this score gives you the full picture. So you can ship with confidence and actually sleep at night.
See your score
Connect your repo and get your security score in under a minute.
Scan Your Repo Free