The Kuality Score

Every scan distills its findings into a single Kuality Score from 0 to 100 with a letter grade from A+ down to F. Severity-weighted: a single high finding moves the score more than a stack of low ones. The score lives at the top of the report and feeds the trendline on the dashboard so you can spot outliers across deploys.

Above the findings list you'll see severity counts grouped high, medium, low, info. Triage from highest down.

Anatomy of a finding

Each finding card shows enough context to act on it without leaving Kuality:

• Severity badge + title + WCAG / CVE / OWASP reference (where applicable)
• The URL + DOM selector where we found it
• A screenshot at the moment the issue was detected (cropped to the offending element)
• Plain-language description of what's wrong and why it matters
• Status, assignee, and due date — all editable inline and persisted across reports

AI assistance

Kuality auto-detects your tech stack (Next.js, Rails, WordPress, Nginx, etc.) when it scans, then layers AI on top of every finding:

• Findings interpreter — translates the raw violation into one sentence of "what this means for your app" using your stack as context.
• AI Fix — generates a code-level patch tailored to your framework. Different snippet for Next.js vs. Rails vs. WordPress vs. Nginx.
• Risk prioritizer — re-ranks the findings list by business impact (SQLi in checkout jumps above XSS in a read-only blog search).
• Anomaly narrator — if the score dropped sharply, AI explains the most likely cause from the diff against the baseline.
• Compliance mapper — maps each finding to specific framework controls (GDPR Art. 32, OWASP A05:2021, PCI DSS 6.4.3) for audit prep.

Each AI call costs credits; results are cached per report so re-opening a finding doesn't re-bill you. The cost per AI tier is in Transparent pricing.

Triage workflow

Every finding has a status dropdown: Open → Assigned → In Progress → Fixed → Verified, or jump straight to Won't Fix. Pick an assignee from your org or click me to grab it. Set a due date when there's a deadline. State persists across re-runs so re-scanning never resets your triage.

Push to Jira / Linear

With Jira or Linear connected (Organization Settings → Integrations), each finding gets a one-click button to file a ticket pre-filled with the finding's title, severity, screenshot, repro steps, and a link back to the report. The ticket ID and live status are then shown inline on the finding for the rest of its lifecycle.

False positives

If a finding doesn't apply to your app — common with axe-core when a region is intentionally ARIA-only, or with security headers when a header is set by a downstream CDN — mark it as a false positive. Future scans pre-flag the same finding-key for your org with a confidence percentage so you can keep ignoring it (or change your mind) without re-triaging.