Findings & Scoring
Every Swarm QA scan produces a set of findings and a composite quality score. This page explains how findings are classified, enriched, and scored.
Severity Levels
Each finding is assigned one of five severity levels:
| Severity | Meaning | Example |
|---|---|---|
| Critical | Blocks users or exposes security vulnerabilities | WSOD, keyboard trap, reflected XSS |
| High | Significant quality issue requiring prompt attention | Broken internal link, missing CSP header, missing alt text |
| Medium | Notable issue that should be addressed in the current cycle | Contrast violation, slow TTFB, redirect chain |
| Low | Minor issue, fix when convenient | Missing OG tags, resource load warning |
| Info | Observation, no action required | Detected framework version, canonical URL present |
Action Categories
Beyond severity, each finding is tagged with an action category to guide workflow:
| Category | When to use |
|---|---|
| Fix-now | Blocking issue — resolve before the next release |
| Review | Needs human judgment — could be intentional or a false positive |
| Monitor | Not broken yet but trending in a concerning direction |
| Ignore | Known, accepted, or not applicable to this project |
Scope: First-Party vs. Third-Party
Findings are tagged as first-party (your domain) or third-party (external resources). This distinction helps prioritize — you can fix first-party issues directly, while third-party issues may require vendor contact or CDN configuration.
AI Enrichment
When AI enrichment is enabled, each finding is augmented with three additional fields:
| Field | Description |
|---|---|
| Root Cause | AI-generated explanation of why this issue likely occurs |
| Business Impact | How this finding affects users, revenue, or compliance |
| Suggested Action | Concrete next step to resolve the issue, often including code snippets |
TIP
Click the "Analyze with AI" button on any finding in the Findings tab to trigger a deeper analysis using the AI Assistant. This opens a chat session pre-loaded with the finding context.
Quality Score (0-100)
The composite score is calculated after each scan:
score = 100 - (critical x 15) - (high x 8) - (medium x 3) - (low x 1)The score is clamped to a minimum of 0. Only first-party findings count toward the score by default (configurable in Expert Mode).
WARNING
The score is a directional indicator, not an absolute quality metric. A score of 85 means fewer issues than a score of 60, but it does not guarantee production readiness. Always review individual findings.
Finding Deduplication
Findings are fingerprinted by combining the agent name, check type, URL, and a normalized version of the evidence. Duplicate findings within the same run are merged. Across runs, recurring findings are marked with a repeat indicator showing how many consecutive runs they have appeared in.