> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withgiga.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Score

> How WithGiga grades engagement results

# Security Score

Every audit produces a **security score** — a letter grade (A+ through F) that summarizes the engagement at a glance. The score is what executives, auditors, and dashboards see first.

## How it's calculated

Each audit starts at a perfect 100. Findings deduct points based on severity:

| Severity      | Deduction  |
| ------------- | ---------- |
| Critical      | −30 points |
| High          | −15 points |
| Medium        | −8 points  |
| Low           | −3 points  |
| Informational | 0 points   |

The final numeric score maps to a letter grade:

| Score  | Grade |
| ------ | ----- |
| 97–100 | A+    |
| 93–96  | A     |
| 90–92  | A−    |
| 87–89  | B+    |
| 83–86  | B     |
| 80–82  | B−    |
| 77–79  | C+    |
| 73–76  | C     |
| 70–72  | C−    |
| 60–69  | D     |
| 0–59   | F     |

The score floor is 0 — multiple criticals don't push it negative.

## Example calculations

| Findings                | Score | Grade |
| ----------------------- | ----- | ----- |
| 0 findings              | 100   | A+    |
| 3 Medium, 2 Low         | 70    | C−    |
| 1 High, 4 Medium, 6 Low | 35    | F     |
| 2 Critical, 1 High      | 25    | F     |
| 5 Low                   | 85    | B     |

## What the score is and isn't

**The score is good for:**

* One-line summaries in dashboards, Slack notifications, and PDF covers
* Trend tracking across recurring audits
* Risk-tier classification across many workspaces (MSSP use case)

**The score is not:**

* A substitute for reading the findings
* A measure of total risk (one critical finding can be catastrophic regardless of score)
* A comparison metric between different products (an A on one app doesn't mean it's "more secure" than a B on another with a different surface)

## Score in the API

The score is returned with every audit:

```json theme={null}
{
  "audit": {
    "id": "audit_abc123",
    "status": "completed",
    "score": 65,
    "grade": "D",
    "findingCount": 14,
    "severityBreakdown": {
      "critical": 1,
      "high": 2,
      "medium": 4,
      "low": 6,
      "informational": 1
    }
  }
}
```

## Tracking over time

The workspace dashboard plots score trend across all audits run against the workspace. Use this to:

* Verify remediation progress sprint over sprint
* Detect regressions when new releases introduce findings
* Demonstrate continuous improvement to stakeholders
