How does JFrog Xray determine the issue severity level

JFrog Support
2019-02-28 14:11


How does JFrog Xray determine the severity level of a vulnerability (as minor, major or critical).


Xray uses the following criteria to classify the severity level:

  • CVSS score 1-4, it will be marked as Minor.
  • CVSS score between 4-7, it will be marked as Major
  • CVSS score above 7 it will be marked Critical.

For RedHat/Pivotal, Xray relies on the corresponding vendor definition.