Expand my Community achievements bar.

SOLVED

Passing the Security Rating as part of the Code Quality Testing in Cloud Manager

Avatar

Level 3
Level 3
4/27/25 10:09:02 AM

What is the minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager?

 

  • 1 minor vulnerability
  • 1 medium vulnerability
  • 1 major vulnerability
  • 1 critical vulnerability

 

@aanchal-sikka @EstebanBustamante 

@arunpatidar @Shashi_Mulugu 

@lukasz-m @Mahedi_Sabuj 

@kautuk_sahni @Sudheer_Sundalam

@lukasz-m @Rohan_Garg 

Views

300

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 5
Level 5
4/27/25 12:30:32 PM

Hi @S__k__Agarwal ,

 

The minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager is 1 minor vulnerability, based on how the security ratings are defined:

 

Name Definition Category Failure Threshold

Security RatingA = No vulnerabilities
B = At least 1 minor vulnerability
C = At least 1 major vulnerability
D = At least 1 critical vulnerability
E = At least 1 blocker vulnerability		Critical< B

 

Since ratings drop to C or lower for major, critical, or blocker vulnerabilities (which result in a build failure), only minor vulnerabilities (rating B) allow a build to pass.

 

You can read more about it in detail here:
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi...

 

Thanks.

View solution in original post

Views

288

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 5
Level 5
4/27/25 12:30:32 PM

Hi @S__k__Agarwal ,

 

The minimum threshold for passing the security rating as part of the code quality testing in Cloud Manager is 1 minor vulnerability, based on how the security ratings are defined:

 

Name Definition Category Failure Threshold

Security RatingA = No vulnerabilities
B = At least 1 minor vulnerability
C = At least 1 major vulnerability
D = At least 1 critical vulnerability
E = At least 1 blocker vulnerability		Critical< B

 

Since ratings drop to C or lower for major, critical, or blocker vulnerabilities (which result in a build failure), only minor vulnerabilities (rating B) allow a build to pass.

 

You can read more about it in detail here:
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi...

 

Thanks.

Views

289

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
4/27/25 4:56:18 PM

Hi @S__k__Agarwal,

As mentioned by @ShivamKumar, adding the below explanation to make the context easier to understand.

In Adobe Cloud Manager for AEM as a Cloud Service, the minimum threshold for passing the security rating (code quality testing) is:

  • Zero critical vulnerabilities
  • Zero major vulnerabilities

Minor and medium vulnerabilities are tolerated - they do not fail the pipeline by default.
Only critical or major security issues will fail the build.

So, answering your list:

Vulnerability Allowed to Pass?
1 minor Allowed
1 medium Allowed
1 major Not Allowed (fails security rating)
1 critical Not Allowed (fails security rating)


In simple words:

Even 1 major or 1 critical vulnerability will fail the security rating in Cloud Manager.  


Santosh Sai

AEM BlogsLinkedIn


Views

257

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Paragraph followed by an expandable series of plus signs.

Views

18

Likes

0

Replies

0
seeing unexpected behavior when using the Core Image Component v3 in AEM 6.5

Views

34

Likes

0

Replies

1
How to Migrate Custom SPA Component with Variations to Universal Editor Component in AEM?

Views

53

Likes

0

Replies

0
Is there a way to bind dropdown to dynamic list in universal editor other than writing an extension for it?

Views

43

Likes

0

Replies

1
I want to know how to set up the SAML certificate file in the Publish tier and Preview tier.

Views

65

Likes

0

Replies

1