When a security analysis is performed, the results report the level of technical risk identified in the asset that has been analyzed, whether it is an infrastructure service or a web application.

The calculation of the risk level is based on the international metric CVSS (Common Vulnerability Scoring System), which allows the risk associated with each vulnerability to be numerically assigned.

The scale for representing risk is from 0 to 10 in the case of infrastructure analyses, where 0 is considered a minimum or non-existent level of risk, and 10 the maximum level.