Scanner deep-dive

Kolega Enterprise by Kolega ↗

Security-Specialized · enterprise-v1 · scored on 26/26 repositories. Strict scoring (unfinished repos counted as misses).

92.4

F3 (strict)

89.7

F2 (strict)

95.3%

Recall (strict)

72.7%

Precision

26/26

Repos scored

—

Model

Free

Total cost

—

Avg latency

Per-repository breakdown

Each bar shows true positives, false positives, and misses on one repository; bar length is proportional to that repo's labeled vulnerabilities. Ranked by F2.

True positiveFalse positiveMissed (FN)

pythonssti100 F2 · 100%

flask-xss98 F2 · 100%

insecure-web98 F2 · 100%

vulnpy97 F2 · 100%

extremely-vulnerable-flask-app97 F2 · 100%

dvblab91 F2 · 100%

vulnerable-tornado-app91 F2 · 100%

damn-vulnerable-graphql-application90 F2 · 92%

dvpwa90 F2 · 100%

python-app90 F2 · 100%

djangoat90 F2 · 96%

damn-vulnerable-flask-application90 F2 · 93%

intentionally-vulnerable-python-application90 F2 · 100%

python-insecure-app90 F2 · 88%

dsvw90 F2 · 89%

vulnerable-api89 F2 · 93%

vulpy89 F2 · 95%

lets-be-bad-guys88 F2 · 92%

vulnerable-flask-app88 F2 · 90%

vampi87 F2 · 100%

pygoat86 F2 · 96%

dsvpwa86 F2 · 88%

vfapi85 F2 · 89%

owasp-web-playground84 F2 · 96%

threatbyte84 F2 · 92%

vulnerable-python-apps78 F2 · 82%

Repository	TP	FP	FN	Recall %	F2
pythonssti	2	0	0	100.0	100.0
flask-xss	30	3	0	100.0	98.0
insecure-web	9	1	0	100.0	97.8
vulnpy	78	11	0	100.0	97.3
extremely-vulnerable-flask-app	32	5	0	100.0	97.0
dvblab	22	11	0	100.0	90.9
vulnerable-tornado-app	14	7	0	100.0	90.9
damn-vulnerable-graphql-application	33	6	3	91.7	90.2
dvpwa	22	12	0	100.0	90.2
python-app	20	11	0	100.0	90.1
djangoat	48	19	2	96.0	89.9
damn-vulnerable-flask-application	14	4	1	93.3	89.7
intentionally-vulnerable-python-application	7	4	0	100.0	89.7
python-insecure-app	7	0	1	87.5	89.7
dsvw	24	2	3	88.9	89.6
vulnerable-api	13	4	1	92.9	89.0
vulpy	54	22	3	94.7	88.8
lets-be-bad-guys	22	7	2	91.7	88.0
vulnerable-flask-app	19	5	2	90.5	88.0
vampi	15	11	0	100.0	87.2
pygoat	74	48	3	96.1	86.0
dsvpwa	28	7	4	87.5	85.9
vfapi	8	3	1	88.9	85.1
owasp-web-playground	27	22	1	96.4	83.9
threatbyte	24	15	2	92.3	83.9
vulnerable-python-apps	18	9	4	81.8	78.3

Detection by severity

Severity	TP	FP	FN	Recall %
Critical	86	0	0	100.0
High	254	2	10	96.2
Medium	261	1	18	93.5
Low	63	0	5	92.6

Detection by vulnerability class

CWE family	TP	FP	FN	Recall %
Code Injection / RFI	14	0	0	100.0
Command / OS Injection	17	0	0	100.0
Denial of Service	20	0	0	100.0
Path Traversal	26	0	0	100.0
Server-Side Request Forgery	24	0	0	100.0
Insecure Deserialization	19	0	0	100.0
Open Redirect	6	0	0	100.0
HTTP Header Injection	2	0	0	100.0
XPath Injection	4	0	0	100.0
Hardcoded Credentials	60	0	1	98.4
SQL Injection	46	2	1	97.9
Cross-Site Scripting	80	1	2	97.6
Security Misconfiguration	32	0	1	97.0
Other	197	0	9	95.6
Broken Access Control / IDOR	22	0	2	91.7
XML External Entities	7	0	1	87.5
Sensitive Data Exposure	49	0	8	86.0
Missing Authentication / Authorization	39	0	8	83.0

Cost

Free

Total cost

Python LOC scanned

Successful runs

← Back to the leaderboard