Understanding Severity Levels for Security Vulnerabilities
Code Insight obtains the severity level of a security vulnerability from the advisory database used to identify the vulnerability. The severity is based on the vulnerability’s CVSS (Common Vulnerability Scoring System) score, which can have two different values depending on the scoring system used to calculate it—CVSS v2.0 or v3.x. Code Insight supports both systems for displaying the scores and severities of security vulnerabilities. The Code Insight System Administrator determines which scoring system your system uses.
The following sections provide more information about the two scoring systems:
| • | CVSS v3.x Scoring System |
| • | CVSS v2.0 Scoring System |