How does XRay determine an issue’s severity


How XRay maps severities for vulnerabilities as minor, major and Critical.


Xray uses this criteria to determine severity:

  • CVSS score 1-4, it will be marked as Minor.
  • CVSS score between 4-7, it will be marked as Major
  • CVSS score above 7 it will be marked Critical.

For Redhat/Pivotal, etc, XRay relies on the corresponding vendor's definitions.