Shield Score

The Shield Score provides a single metric to understand your project's security posture. Scores range from 0-100 and are calculated based on vulnerability findings.

Overview

The Shield Score is designed to give developers and security teams a quick understanding of their codebase's security health. Higher scores indicate fewer vulnerabilities and better security practices.

0-100

Score Range

A-F

Grade Scale

100

Perfect Score

Score Calculation

The score starts at 100 and decreases based on vulnerability findings. Each severity level has a different impact on your score.

shield-score.ts

TypeScript

1// Shield Score Calculation Algorithm
2function calculateShieldScore(findings: Finding[]): number {
3  let score = 100;  // Start with perfect score
4
5  // Severity penalties
6  const penalties = {
7    critical: -25,  // Critical issues have highest impact
8    high: -15,      // High severity issues
9    medium: -8,     // Medium severity issues
10    low: -3,        // Low severity issues
11    info: -1        // Informational findings
12  };
13
14  // Apply penalties
15  findings.forEach(finding => {
16    score += penalties[finding.severity];
17  });
18
19  // Apply bonuses
20  const criticalCount = findings.filter(f => f.severity === 'critical').length;
21  const highCount = findings.filter(f => f.severity === 'high').length;
22  const verifiedCount = findings.filter(f => f.aiVerified).length;
23
24  if (criticalCount === 0) score += 10;  // No critical bonus
25  if (criticalCount === 0 && highCount === 0) score += 5;  // No high bonus
26  score += verifiedCount * 2;  // AI verification bonus
27
28  // Clamp to 0-100 range
29  return Math.max(0, Math.min(100, Math.round(score)));
30}

Grade Thresholds

Scores are converted to letter grades for easy communication with stakeholders.

90-100 points

Excellent - No critical issues, minimal high-severity findings

80-89 points

Good - Few security issues, well-maintained codebase

70-79 points

Fair - Some security issues need attention

60-69 points

Poor - Multiple security issues require immediate action

0-59 points

Critical - Severe security vulnerabilities present

Bonuses & Penalties

Penalties

Critical finding-25

High finding-15

Medium finding-8

Low finding-3

Info finding-1

Bonuses

No critical findings+10

No critical or high+5

AI verified (each)+2

Pro Tip

Enable AI verification to get bonus points for confirmed findings. This also helps reduce false positives.

Interactive Calculator

Use this calculator to understand how different vulnerability counts affect your Shield Score.

Shield Score Calculator

100

Grade: A

Excellent

Excellent Security

Critical(-25)

High(-15)

Medium(-8)

Low(-3)

Info(-1)

AI Verified(+2)

Calculation Formula

Score = 100

+ (Critical × -25)

+ (High × -15)

+ (Medium × -8)

+ (Low × -3)

+ (Info × -1)

+ (Verified × +2)

+ (No Critical? +10)

+ (No Critical & No High? +5)

Current Breakdown

Base Score:

100

High Penalty:

-15

Medium Penalty:

-16

Low Penalty:

-9

No Critical Bonus:

+10

Programmatic Access

Access the Shield Score programmatically through the CLI or API.

Terminal

Bash

1# Get Shield Score from CLI
2bloodhound scan ./src --json | jq '.shieldScore'
3
4# Output
5{
6  "score": 85,
7  "grade": "B",
8  "breakdown": {
9    "baseScore": 100,
10    "criticalPenalty": 0,
11    "highPenalty": -15,
12    "mediumPenalty": 0,
13    "noCriticalBonus": 10
14  }
15}