Lineaje Learning Center
  • About Lineaje
  • Lineaje Product Offering
  • Getting started
    • Create an account
      • Configure Azure AD for sso
      • Configure Okta for sso
    • Onboarding workflow
  • SBOM360, OSM
    • Generate an SBOM
      • Source Code Management (SCM) As Source
        • Public Code Repositories
        • Private Code Repositories
          • Configure GitHub credentials
          • Configure Bitbucket credentials
          • Configure Gitlab credentials
          • Configure Git credentials
          • Configure Azure Repo
        • Frequently Asked Questions
      • Container Image As Source
        • Public Container Image
        • Private Container Image
          • Configure AWS Elastic Container Registry
          • Configure Google Container Registry
          • Configure Docker Hub
          • Configure Generic OCI Registry
          • Configure Azure Container Registry
        • Frequently Asked Questions
      • Existing SBOM As Source
        • EO 14028 checks
      • Manifest file As Source
      • Android Package Kit (APK)
      • Using Lineaje CLI
    • Explore Your SBOM
      • Info
      • Attestation
      • IRL
      • Dependencies
      • Provenance
      • Vulnerabilities
      • Mitigations
      • Security Posture
      • Code Quality
      • Suppliers & Licenses
      • Findings
    • Manage Your SBOM
    • Dashboard
    • Search
    • Policies and Gates
    • Organization and User Management
      • Organization example
    • Lineaje AI
    • AI Plan and AI Remediate
      • JIRA Integration
  • SBOM360 Hub
    • My Products
    • My SBOMS
    • Find & Review SBOMs
    • Manage Your Repository
    • Request and Share SBOMS
    • Settings
    • User Roles
  • Lineaje CLI
    • System Configuration
    • Toolset Configuration
    • CLI Installation
    • CLI Usage
    • Troubleshooting CLI issues
    • Support matrix
  • Integration with CICD pipeline
    • Pre-Requisites
    • Generate Project from source code
      • Project creation using Lineaje cloud
  • Abbreviations and Descriptions
  • Release Notes
    • Unified Scanner for AWS
Powered by GitBook
On this page
  • What is LIRL?
  • How is IRL calculated?
  1. SBOM360, OSM
  2. Explore Your SBOM

IRL

What is LIRL?

LIRL stands for Lineaje Inherent Risk Score. The inherent risk is represented as LIRL in a scale of 0-10

  • ZIRL 0: Zero IRL. Zero risk with this component/project. This is the preferred IRL.

  • LIRL : Low IRL. Risk score falls between 0.1 to 3.9. The component/project carries a lower risk

  • MIRL: Medium IRL. Risk score falls between 4.0 to 6.9. The component/project carries a medium risk

  • HIRL: High IRL. Risk score falls between 7.0 to 8.9. The component/project carries a high risk

  • CIRL 4: Critical IRL. Risk score falls between 9.0 to 10.0. The component/project carries critical risk

How is IRL calculated?

IRL is calculated based on 4 factors - age, vulnerability score, code quality score, security posture score. IRL is calculated as a weighted average.

IRL of project = mean(components IRL in dependency tree)

IRL contributor

Weightage

Description

Vulnerability

80% weightage

  • 3.0 score if atleast one exploitable vulnerability found

  • 2.0 score if atleast one critical vulnerability found

  • 1.5 score if atleast one high vulnerability found

  • 1.0 score if atleast one medium vulnerability found

  • 0.5 score if atleast one low vulnerability found

Unmaintained Component

10% weightage

  • 1.0 score based on maintained/unmaintained (0.0 or 1.0)

Security Posture

5% weightage

  • 0.5 rating based on atleast one security posture issue (0.0 or 0.5)

Code Quality

5% weightage

  • 0.5 rating based on atleast one Code Quality issue (0.0 or 0.5)

PreviousAttestationNextDependencies

Last updated 1 year ago