Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

Passing the Security Rating as part of the Code Quality Testing in Cloud Manager

Avatar

Level 3
Level 3
4/27/25 10:09:02 AM

What is the minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager?

 

  • 1 minor vulnerability
  • 1 medium vulnerability
  • 1 major vulnerability
  • 1 critical vulnerability

 

@aanchal-sikka @EstebanBustamante 

@arunpatidar @Shashi_Mulugu 

@lukasz-m @Mahedi_Sabuj 

@kautuk_sahni @Sudheer_Sundalam

@lukasz-m @Rohan_Garg 

Views

368

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 5
Level 5
4/27/25 12:30:32 PM

Hi @S__k__Agarwal ,

 

The minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager is 1 minor vulnerability, based on how the security ratings are defined:

 

Name Definition Category Failure Threshold

Security RatingA = No vulnerabilities
B = At least 1 minor vulnerability
C = At least 1 major vulnerability
D = At least 1 critical vulnerability
E = At least 1 blocker vulnerability		Critical< B

 

Since ratings drop to C or lower for major, critical, or blocker vulnerabilities (which result in a build failure), only minor vulnerabilities (rating B) allow a build to pass.

 

You can read more about it in detail here:
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi...

 

Thanks.

View solution in original post

Views

356

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 5
Level 5
4/27/25 12:30:32 PM

Hi @S__k__Agarwal ,

 

The minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager is 1 minor vulnerability, based on how the security ratings are defined:

 

Name Definition Category Failure Threshold

Security RatingA = No vulnerabilities
B = At least 1 minor vulnerability
C = At least 1 major vulnerability
D = At least 1 critical vulnerability
E = At least 1 blocker vulnerability		Critical< B

 

Since ratings drop to C or lower for major, critical, or blocker vulnerabilities (which result in a build failure), only minor vulnerabilities (rating B) allow a build to pass.

 

You can read more about it in detail here:
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi...

 

Thanks.

Views

357

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
4/27/25 4:56:18 PM

Hi @S__k__Agarwal,

As mentioned by @ShivamKumar, adding the below explanation to make the context easier to understand.

In Adobe Cloud Manager for AEM as a Cloud Service, the minimum threshold for passing the security rating (code quality testing) is:

  • Zero critical vulnerabilities
  • Zero major vulnerabilities

Minor and medium vulnerabilities are tolerated - they do not fail the pipeline by default.
Only critical or major security issues will fail the build.

So, answering your list:

Vulnerability Allowed to Pass?
1 minor Allowed
1 medium Allowed
1 major Not Allowed (fails security rating)
1 critical Not Allowed (fails security rating)


In simple words:

Even 1 major or 1 critical vulnerability will fail the security rating in Cloud Manager.  


Santosh Sai

AEM BlogsLinkedIn


Views

325

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM GraphQL Query approach to get list of pages where XYZ component is enabled. Solved

Views

97

Likes

0

Replies

2
Dispatcher Error when include custom rewrite file in vhost and rewrite.rules Solved

Views

494

Likes

0

Replies

1
Migration dispatcher issues 6.5 to cloud Solved

Views

323

Likes

0

Replies

3
Update the permissions to edit the smart crops

Views

166

Likes

0

Replies

2
How to make experience fragment variations in page templates language-aware and site-aware (agnostic)?

Views

314

Likes

0

Replies

2