쿠키 기본 설정 선택

당사는 사이트와 서비스를 제공하는 데 필요한 필수 쿠키 및 유사한 도구를 사용합니다. 고객이 사이트를 어떻게 사용하는지 파악하고 개선할 수 있도록 성능 쿠키를 사용해 익명의 통계를 수집합니다. 필수 쿠키는 비활성화할 수 없지만 '사용자 지정' 또는 ‘거부’를 클릭하여 성능 쿠키를 거부할 수 있습니다.

사용자가 동의하는 경우 AWS와 승인된 제3자도 쿠키를 사용하여 유용한 사이트 기능을 제공하고, 사용자의 기본 설정을 기억하고, 관련 광고를 비롯한 관련 콘텐츠를 표시합니다. 필수가 아닌 모든 쿠키를 수락하거나 거부하려면 ‘수락’ 또는 ‘거부’를 클릭하세요. 더 자세한 내용을 선택하려면 ‘사용자 정의’를 클릭하세요.

Code issue severity in Amazon Q Developer code reviews

포커스 모드

이 페이지에서

Code issue severity in Amazon Q Developer code reviews - Amazon Q Developer
이 페이지는 귀하의 언어로 번역되지 않았습니다. 번역 요청

Amazon Q defines the severity of the code issues detected in your code so you can prioritize what issues to address and track the security posture of your application. The following sections explain what methods are used to determine the severity of code issues and what each level of severity means.

How severity is calculated

The severity of a code issue is determined by the detector that generated the issue. Detectors in the Amazon Q Detector Library are each assigned a severity using the Common Vulnerability Scoring System (CVSS). The CVSS considers how the finding can be exploited in its context (for example, can it be done over internet, or is physical access required) and what level of access can be obtained.

The following table outlines how severity is determined based on the level of access and level of effort required for a bad actor to successfully attack a system.

Level of Effort
Not exploitable Requires access to system Internet with high LoE Over internet

Level of access

Full control of system or its output N/A High Critical Critical
Access to sensitive information N/A Medium High High
Can crash or slow down the system Low Low Medium Medium
Provides additional security Info Info Low Low
Best practice Info N/A N/A N/A

Severity definitions

The severity levels are defined as follows.

Critical – The code issue should be addressed immediately to avoid it escalating.

Critical code issues suggest that an attacker can gain control of the system or modify its behavior with moderate effort. It is recommended that you treat critical findings with the utmost urgency. You also should consider the criticality of the resource.

High – The code issue must be addressed as a near-term priority.

High severity code issues suggest that an attacker can gain control of the system or modify its behavior with high effort. It is recommended that you treat a high severity finding as a near-term priority and that you take immediate remediation steps. You also should consider the criticality of the resource.

Medium – The code issue should be addressed as a midterm priority.

Medium severity findings can lead to crash, unresponsiveness, or unavailability of the system. It is recommended that you investigate the implicated code at your earliest convenience. You also should consider the criticality of the resource.

Low – The code issue does not require action on its own.

Low severity findings suggest programming errors or anti-patterns. You do not need to take immediate action on low severity findings, but they can provide context when you correlate them with other issues.

Informational – No recommended action.

Informational findings include suggestions for quality or readability improvements, or alternative API operations. No immediate action is necessary.

프라이버시사이트 이용 약관쿠키 기본 설정
© 2024, Amazon Web Services, Inc. 또는 계열사. All rights reserved.