A severity level is applied to every issue to indicate the risk and impact on technical debt for that problem in an application.
We use the following severity levels:
Critical: the issue may allow attackers to access sensitive data and run code on your application. The impact on technical debt is high, and an immediate fix is recommended - blocker for pull requests.
Error: the issue may expose the application at risk and impact the technical debt. A fix should be prioritised as soon as possible - blocker for pull requests.
Warning: the issue has a minor impact on the application, and the rework is marginal - not a blocker for pull requests.
Viewing severity levels in Clayton
Clayton's severity levels are displayed in every code review report generated when a scan (pull request or revision) is completed.
It's also possible to filter issues by severity:
Severity levels are also displayed in git for every pull request scanned by Clayton: