Scanner deep-dive

Kolega.Dev by Kolega ↗

Security-Specialized · v0.0.1 · scored on 26/26 repositories. Strict scoring (unfinished repos counted as misses).

73.0

F3 (strict)

66.8

F2 (strict)

80.5%

Recall (strict)

39.8%

Precision

26/26

Repos scored

—

Model

Free

Total cost

—

Avg latency

Per-repository breakdown

Each bar shows true positives, false positives, and misses on one repository; bar length is proportional to that repo's labeled vulnerabilities. Ranked by F2.

True positiveFalse positiveMissed (FN)

extremely-vulnerable-flask-app87 F2 · 100%

dsvw83 F2 · 93%

lets-be-bad-guys83 F2 · 96%

vulnerable-tornado-app79 F2 · 100%

vampi78 F2 · 80%

dvpwa75 F2 · 86%

owasp-web-playground74 F2 · 93%

dsvpwa74 F2 · 88%

vulpy72 F2 · 82%

flask-xss71 F2 · 87%

vulnerable-api71 F2 · 93%

threatbyte70 F2 · 88%

vulnerable-flask-app69 F2 · 90%

vfapi68 F2 · 100%

insecure-web66 F2 · 100%

dvblab64 F2 · 86%

vulnpy62 F2 · 63%

python-insecure-app61 F2 · 88%

vulnerable-python-apps60 F2 · 73%

intentionally-vulnerable-python-application59 F2 · 86%

pygoat59 F2 · 68%

damn-vulnerable-flask-application58 F2 · 80%

damn-vulnerable-graphql-application56 F2 · 67%

djangoat54 F2 · 72%

pythonssti50 F2 · 100%

python-app49 F2 · 65%

Repository	TP	FP	FN	Recall %	F2
extremely-vulnerable-flask-app	32	24	0	100.0	87.0
dsvw	25	17	2	92.6	83.3
lets-be-bad-guys	23	20	1	95.8	82.7
vulnerable-tornado-app	14	19	0	100.0	78.7
vampi	12	5	3	80.0	77.9
dvpwa	19	20	3	86.4	74.8
owasp-web-playground	26	37	2	92.9	74.3
dsvpwa	28	34	4	87.5	73.7
vulpy	47	53	10	82.5	71.6
flask-xss	26	38	4	86.7	70.7
vulnerable-api	13	23	1	92.9	70.7
threatbyte	23	37	3	88.5	70.1
vulnerable-flask-app	19	34	2	90.5	69.3
vfapi	9	21	0	100.0	68.2
insecure-web	9	23	0	100.0	66.2
dvblab	19	41	3	86.4	64.2
vulnpy	49	32	29	62.8	62.3
python-insecure-app	7	18	1	87.5	61.4
vulnerable-python-apps	16	29	6	72.7	60.2
intentionally-vulnerable-python-application	6	17	1	85.7	58.8
pygoat	52	84	25	67.5	58.6
damn-vulnerable-flask-application	12	32	3	80.0	57.7
damn-vulnerable-graphql-application	24	46	12	66.7	56.1
djangoat	36	94	14	72.0	54.5
pythonssti	2	10	0	100.0	50.0
python-app	13	40	7	65.0	48.9

Detection by severity

Severity	TP	FP	FN	Recall %
Critical	76	3	10	88.4
High	207	8	57	78.4
Medium	222	4	57	79.6
Low	56	1	12	82.4

Detection by vulnerability class

CWE family	TP	FP	FN	Recall %
Command / OS Injection	17	1	0	100.0
XML External Entities	8	1	0	100.0
HTTP Header Injection	2	0	0	100.0
Cross-Site Scripting	77	3	5	93.9
Hardcoded Credentials	57	1	4	93.4
Code Injection / RFI	13	0	1	92.9
Security Misconfiguration	30	0	3	90.9
SQL Injection	40	3	7	85.1
Insecure Deserialization	16	1	3	84.2
Other	166	3	40	80.6
Server-Side Request Forgery	19	0	5	79.2
Sensitive Data Exposure	44	0	13	77.2
XPath Injection	3	0	1	75.0
Path Traversal	18	3	8	69.2
Open Redirect	4	0	2	66.7
Broken Access Control / IDOR	15	0	9	62.5
Missing Authentication / Authorization	28	0	19	59.6
Denial of Service	4	0	16	20.0

Cost

Free

Total cost

Python LOC scanned

Successful runs

← Back to the leaderboard