Skip to main content

​
Overview

KafkaCode assigns a privacy grade from A+ to F based on the severity and number of issues found in your codebase. This grade provides an at-a-glance assessment of your code’s privacy posture.

​
Grading Scale

A+ / A / A-

ExcellentMinimal to no privacy issues. Production-ready code.

B+ / B / B-

GoodMinor issues present. Generally safe with small improvements needed.

C+ / C / C-

ModerateNotable privacy concerns. Should be addressed before production.

D

PoorMultiple high-severity issues. Not recommended for production.

F

FailingCritical vulnerabilities. Must fix before deployment.

​
How Grades Are Calculated

​
Step 1: Severity Points

Each issue type has a point value:
SeverityPointsExamples
Critical100AWS keys, private keys, database credentials
High50OAuth tokens, API keys, JWT secrets
Medium10Email addresses, phone numbers, SSNs
Low1IP addresses, URLs

​
Step 2: Total Score

Calculate the total score by summing all severity points: 
totalScore = Ξ£(severity_points Γ— issue_count)
Example: 
1 Critical issue  = 1 Γ— 100 = 100 points
2 High issues     = 2 Γ— 50  = 100 points
3 Medium issues   = 3 Γ— 10  = 30 points
5 Low issues      = 5 Γ— 1   = 5 points
                            ─────────
Total Score                 = 235 points

​
Step 3: Grade Assignment

The grade is determined by the total score: 
if (totalScore === 0)           return 'A+';
if (totalScore <= 5)            return 'A';
if (totalScore <= 10)           return 'A-';
if (totalScore <= 20)           return 'B+';
if (totalScore <= 30)           return 'B';
if (totalScore <= 50)           return 'B-';
if (totalScore <= 75)           return 'C+';
if (totalScore <= 100)          return 'C';
if (totalScore <= 150)          return 'C-';
if (totalScore <= 200)          return 'D';
return 'F';  // > 200

​
Grade Breakdown

​
🟒 A+ Grade (Perfect Score)

Score: 0 points Meaning: No privacy issues detected Example: 
// All secrets from environment variables
const apiKey = process.env.API_KEY;
const dbUrl = process.env.DATABASE_URL;

// No hardcoded credentials
const auth = await getAuthFromVault();
Recommendation: Maintain current practices. Review periodically.

​
🟒 A Grade (Excellent)

Score: 1-5 points Typical Issues:
  • 1-2 Low severity items (IP addresses, URLs)
  • 0-1 Medium severity items
Example Report: 
πŸ“Š SCAN SUMMARY
πŸ” Total Issues: 2
πŸ† Privacy Grade: 🟒 A

πŸ”΅ LOW (2)
  πŸ“„ config.js:5
     IP address found: "192.168.1.1"
Recommendation: Minimal cleanup needed. Safe for production.

​
🟒 A- Grade (Very Good)

Score: 6-10 points Typical Issues:
  • 3-5 Low severity items
  • 0-1 Medium severity items
Example Report: 
πŸ“Š SCAN SUMMARY
πŸ” Total Issues: 3
πŸ† Privacy Grade: 🟒 A-

🟑 MEDIUM (1)
  πŸ“„ utils.js:12
     Email address: "[email protected]"

πŸ”΅ LOW (2)
  πŸ“„ config.js:5
     IP address: "192.168.1.1"
Recommendation: Address medium issues when convenient.

​
πŸ”΅ B+ Grade (Good)

Score: 11-20 points Typical Issues:
  • 1-2 Medium severity items
  • Several Low severity items
Example Report: 
πŸ“Š SCAN SUMMARY
πŸ” Total Issues: 4
πŸ† Privacy Grade: πŸ”΅ B+

🟑 MEDIUM (2)
  πŸ“„ auth.js:8
     Email found: "[email protected]"
  πŸ“„ user.js:15
     Phone number: "+1-555-0123"
Recommendation: Review and fix medium severity issues.

​
πŸ”΅ B Grade (Acceptable)

Score: 21-30 points Typical Issues:
  • 2-3 Medium severity items
  • Multiple Low severity items
Recommendation: Plan fixes for medium issues in next sprint.

​
πŸ”΅ B- Grade (Fair)

Score: 31-50 points Typical Issues:
  • 3-5 Medium severity items, OR
  • 1 High severity item
Example Report: 
πŸ“Š SCAN SUMMARY
πŸ” Total Issues: 5
πŸ† Privacy Grade: πŸ”΅ B-

🟠 HIGH (1)
  πŸ“„ config.js:10
     API key detected: "api_key_abc123..."

🟑 MEDIUM (4)
  πŸ“„ Multiple email/phone number leaks
Recommendation: Fix high severity issues before next release.

​
🟑 C+ Grade (Needs Improvement)

Score: 51-75 points Typical Issues:
  • 1-2 High severity items
  • Multiple Medium severity items
Recommendation: Address before production deployment.

​
🟑 C Grade (Poor)

Score: 76-100 points Typical Issues:
  • 1 Critical + some High/Medium items, OR
  • 2 High severity items + multiple Medium items
Example Report: 
πŸ“Š SCAN SUMMARY
πŸ” Total Issues: 8
πŸ† Privacy Grade: 🟑 C

πŸ”΄ CRITICAL (1)
  πŸ“„ db.js:5
     Database password in code

🟠 HIGH (1)
  πŸ“„ auth.js:12
     JWT secret hardcoded

🟑 MEDIUM (6)
  πŸ“„ Various PII leaks
Recommendation: Must fix critical/high issues. Not production-ready.

​
🟑 C- Grade (Concerning)

Score: 101-150 points Typical Issues:
  • 1-2 Critical items, OR
  • 2-3 High severity items
Recommendation: Immediate attention required. Block production deployment.

​
🟠 D Grade (Dangerous)

Score: 151-200 points Typical Issues:
  • Multiple Critical items
  • Many High severity items
Example Report: 
πŸ“Š SCAN SUMMARY
πŸ” Total Issues: 12
πŸ† Privacy Grade: 🟠 D

πŸ”΄ CRITICAL (2)
  πŸ“„ config.js:8
     AWS Access Key: AKIA...
  πŸ“„ stripe.js:15
     Stripe Secret Key: sk_live_...

🟠 HIGH (3)
  πŸ“„ Multiple API keys and tokens

🟑 MEDIUM (7)
  πŸ“„ Extensive PII exposure
Recommendation: Emergency fix required. Do not deploy.

​
πŸ”΄ F Grade (Critical)

Score: > 200 points Typical Issues:
  • Many Critical items
  • Extensive High severity issues
  • Widespread privacy violations
Recommendation: Complete security audit and refactoring needed.

​
Grade Impact Examples

​
Example 1: Clean Project

Issues: None
Score: 0
Grade: 🟒 A+
Perfect! No privacy issues detected.

​
Example 2: Minor Issues

Issues: 3 Low (IP addresses)
Score: 3 Γ— 1 = 3
Grade: 🟒 A
Excellent score with minimal cleanup needed.

​
Example 3: Some Concerns

Issues: 1 High + 2 Medium + 3 Low
Score: (1Γ—50) + (2Γ—10) + (3Γ—1) = 73
Grade: 🟑 C+
Needs improvement before production.

​
Example 4: Critical Problems

Issues: 2 Critical + 1 High + 5 Medium
Score: (2Γ—100) + (1Γ—50) + (5Γ—10) = 300
Grade: πŸ”΄ F
Major privacy vulnerabilities. Immediate action required.

​
Improving Your Grade

1

Fix Critical Issues First

Address all Critical severity items immediately:
  • Remove hardcoded secrets
  • Move credentials to environment variables
  • Use secure vaults (AWS Secrets Manager, etc.)
2

Address High Severity Items

Fix High severity issues before next release:
  • Externalize API keys
  • Use configuration management
  • Implement secret rotation
3

Clean Up Medium/Low Items

Improve grade by addressing remaining issues:
  • Move PII to configuration
  • Remove unnecessary hardcoded data
  • Use DNS names instead of IP addresses
4

Rescan and Verify

Run KafkaCode again to verify improvements:
kafkacode scan ./src

​
Grade Thresholds Quick Reference

GradeScore RangeAction Required
🟒 A+0None - Perfect!
🟒 A1-5Optional cleanup
🟒 A-6-10Minor improvements
πŸ”΅ B+11-20Review recommended
πŸ”΅ B21-30Plan fixes
πŸ”΅ B-31-50Fix before release
🟑 C+51-75Not production-ready
🟑 C76-100Must fix critical items
🟑 C-101-150Block deployment
🟠 D151-200Emergency fixes
πŸ”΄ F> 200Complete refactoring

​
CI/CD Integration

Use grades to gate deployments: 
# Example: GitHub Actions
- name: Privacy Scan
  run: kafkacode scan ./src

- name: Check Grade
  run: |
    GRADE=$(kafkacode scan ./src | grep "Privacy Grade" | awk '{print $NF}')
    if [[ "$GRADE" == "D" || "$GRADE" == "F" ]]; then
      echo "Privacy grade too low: $GRADE"
      exit 1
    fi

​
Best Practices

  • Development: Accept B- or better
  • Staging: Require B+ or better
  • Production: Mandate A- or better
  • Run scans regularly (daily/weekly)
  • Monitor grade trends
  • Set improvement targets
  • Celebrate progress!
  • Scan before merging
  • Require grade maintenance
  • Block PRs that lower grade
  • Document fixes in commits
  • Define acceptable grades per environment
  • Escalate Critical/High findings
  • Regular security audits
  • Team training on privacy

​
Next Steps

Interpreting Results

Learn to understand scan reports

CI/CD Integration

Automate privacy scanning

Detection Methods

See what KafkaCode detects

Examples

Real-world scanning examples