IRL
Last updated
Last updated
LIRL stands for Lineaje Inherent Risk Score. The inherent risk is represented as LIRL in a scale of 0-10
ZIRL 0: Zero IRL. Zero risk with this component/project. This is the preferred IRL.
LIRL : Low IRL. Risk score falls between 0.1 to 3.9. The component/project carries a lower risk
MIRL: Medium IRL. Risk score falls between 4.0 to 6.9. The component/project carries a medium risk
HIRL: High IRL. Risk score falls between 7.0 to 8.9. The component/project carries a high risk
CIRL 4: Critical IRL. Risk score falls between 9.0 to 10.0. The component/project carries critical risk
IRL is calculated based on 4 factors - age, vulnerability score, code quality score, security posture score. IRL is calculated as a weighted average.
IRL of project = mean(components IRL in dependency tree)
IRL contributor
Weightage
Description
Vulnerability
80% weightage
3.0 score if atleast one exploitable vulnerability found
2.0 score if atleast one critical vulnerability found
1.5 score if atleast one high vulnerability found
1.0 score if atleast one medium vulnerability found
0.5 score if atleast one low vulnerability found
Unmaintained Component
10% weightage
1.0 score based on maintained/unmaintained (0.0 or 1.0)
Security Posture
5% weightage
0.5 rating based on atleast one security posture issue (0.0 or 0.5)
Code Quality
5% weightage
0.5 rating based on atleast one Code Quality issue (0.0 or 0.5)