How does JFrog Xray determine the severity level of a vulnerability (as minor, major or critical).
Xray uses the following criteria to classify the severity level:
- CVSS score 1-4, it will be marked as Minor.
- CVSS score between 4-7, it will be marked as Major
- CVSS score above 7 it will be marked Critical.
For RedHat/Pivotal, Xray relies on the corresponding vendor definition.