Passing the Security Rating as part of the Code Quality Testing in Cloud Manager | Community
Skip to main content
S
S__k__Agarwal
Level 3
April 27, 2025
Solved

Passing the Security Rating as part of the Code Quality Testing in Cloud Manager

  • April 27, 2025
  • 2 replies
  • 461 views

What is the minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager?

 

  • 1 minor vulnerability
  • 1 medium vulnerability
  • 1 major vulnerability
  • 1 critical vulnerability

 

@aanchal-sikka @EstebanBustamante 

@arunpatidar @Shashi_Mulugu 

@lukasz-m @Mahedi_Sabuj 

@kautuk_sahni @Sudheer_Sundalam

@lukasz-m @Rohan_Garg 

    Best answer by ShivamKumar

    Hi @s__k__agarwal ,

     

    The minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager is 1 minor vulnerability, based on how the security ratings are defined:

     

    Name Definition Category Failure Threshold

    Security RatingA = No vulnerabilities
    B = At least 1 minor vulnerability
    C = At least 1 major vulnerability
    D = At least 1 critical vulnerability
    E = At least 1 blocker vulnerability    		Critical< B

     

    Since ratings drop to C or lower for major, critical, or blocker vulnerabilities (which result in a build failure), only minor vulnerabilities (rating B) allow a build to pass.

     

    You can read more about it in detail here:
    https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/test-results/code-quality-testing

     

    Thanks.

    2 replies

    S
    ShivamKumarAccepted solution
    Level 4
    April 27, 2025

    Hi @s__k__agarwal ,

     

    The minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager is 1 minor vulnerability, based on how the security ratings are defined:

     

    Name Definition Category Failure Threshold

    Security RatingA = No vulnerabilities
    B = At least 1 minor vulnerability
    C = At least 1 major vulnerability
    D = At least 1 critical vulnerability
    E = At least 1 blocker vulnerability    		Critical< B

     

    Since ratings drop to C or lower for major, critical, or blocker vulnerabilities (which result in a build failure), only minor vulnerabilities (rating B) allow a build to pass.

     

    You can read more about it in detail here:
    https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/test-results/code-quality-testing

     

    Thanks.

    SantoshSai
    Community Advisor
    SantoshSaiCommunity Advisor
    Community Advisor
    April 27, 2025

    Hi @s__k__agarwal,

    As mentioned by @shivamkumar, adding the below explanation to make the context easier to understand.

    In Adobe Cloud Manager for AEM as a Cloud Service, the minimum threshold for passing the security rating (code quality testing) is:

    • Zero critical vulnerabilities
    • Zero major vulnerabilities

    Minor and medium vulnerabilities are tolerated - they do not fail the pipeline by default.
    Only critical or major security issues will fail the build.

    So, answering your list:

    Vulnerability Allowed to Pass?
    1 minor Allowed
    1 medium Allowed
    1 major Not Allowed (fails security rating)
    1 critical Not Allowed (fails security rating)


    In simple words:

    Even 1 major or 1 critical vulnerability will fail the security rating in Cloud Manager.  

    Santosh Sai
      Terms & ConditionsAccessibility statement

      Loading footer...