Comment on page

Scanning and Rating

Here, we will provide you with comprehensive understanding of how we evaluate different software assets within a software supply chain.
Our rating criteria are designed to help you make informed decisions about the security, reliability, and overall quality of the software assets you are using or considering using.
We will list the various criteria and explain their meanings, benefits, and potential risks associated with not adhering to them.
We believe transparency and open communication are key to building trust with our users. By providing detailed explanations of our rating criteria, we hope to demonstrate our commitment to helping you increase your knowledge about supply chain security and make the best decisions for your organization's software supply chain.

How do we rate?

If you scan a project and open our application you will see a graph that entails all nodes/ software assets connected to the supply chain of that targeted project. Clicking on these nodes will open a panel with more detailed information about the respective entity. We divided our security criteria into five sections:
  • Code Vulnerabilities
  • Maintenance
  • Continuous Testing
  • Source Risk Assessment
  • Build Risk Assessment
Any asset within those sections is rated based on the received Score and the Risk-Potential. The Score describes the degree to which the respective asset covers the security criteria and the Risk-Potential refers to the severity of damage that can be caused.
In the next section, you will find a detailed explanation of the criteria we use for our security analysis.