Security Scoring
Inkog uses a consistent scoring system to help you understand the severity of findings and prioritize remediation.
Severity Levels
Each finding is assigned one of four severity levels:
| Severity | Description |
|---|---|
| Critical | Immediate exploitation possible, full system compromise |
| High | Significant risk, exploitation likely |
| Medium | Moderate risk, exploitation requires specific conditions |
| Low | Minor risk, limited impact |
Security Grades
Your findings determine your security grade:
| Grade | Status |
|---|---|
| A | Excellent - No findings |
| B | Good - Minor issues only |
| C | Moderate - Address soon |
| D | Needs Work - High priority |
| F | Critical - Immediate action required |
HTML Report Grades
The HTML output includes a visual grade badge:
┌─────────────────────────────┐
│ SECURITY GRADE │
│ │
│ ┌───┐ │
│ │ B │ │
│ └───┘ │
│ │
│ Status: PASSED │
└─────────────────────────────┘Interpreting Results
Clean Scan (Grade A)
✓ Security scan complete
Grade: A
Findings: 0Action: No immediate action needed. Consider periodic rescanning.
Minor Issues (Grade B)
⚠ Security scan complete
Grade: B
Findings: 3 lowAction: Address low-severity findings during regular maintenance.
Moderate Issues (Grade C)
⚠ Security scan complete
Grade: C
Findings: 1 high, 2 mediumAction: Prioritize high findings, schedule medium findings.
Serious Issues (Grade D/F)
✗ Security scan complete
Grade: F
Findings: 2 critical, 3 highAction: Stop deployment. Address critical findings immediately.
Severity Filtering
Control which severities you want to see:
# Only show critical
inkog -severity critical .
# Show high and above (recommended for CI/CD)
inkog -severity high .
# Show all findings
inkog -severity low .See Security Gates for CI/CD configuration.
Last updated on