Vulnerability score

Learn about the artifact vulnerability score

Every container image built within the Application Collection is given a score based on its latest vulnerability scan:

Score example

This score is a high-level objective reference which aims to simplify the interpretation of the vulnerability reports. Use this information in your decision-making.

Decision matrix

Below you can see the decision matrix used to assign the score, the higher the better:

Vulnerability Score Matrix

According to this, the lowest value matching is used. For example:

An artifact with no vulnerabilities gets a 5
An artifact with 1 critical, 1 high, 6 medium and 1 low vulnerabilities gets a 1
An artifact with 1 high, 6 medium and 1 low vulnerabilities gets a 2
An artifact with 1 high and 1 low vulnerabilities gets a 3
An artifact with 1 low vulnerabilities gets a 4

Last modified April 11, 2025