Security is focused on vulnerabilities, a security-related issue which represents a potential backdoor for attackers. 

The reliability rating is calculated using the worst severity found in vulnerabilities:

A = 0 Vulnerabilities
B = at least 1 Minor Vulnerability
C = at least 1 Major Vulnerability
D = at least 1 Critical Vulnerability
E = at least 1 Blocker Vulnerability

Maintainability is focused on code smells, a maintainability-related issue in the code. Leaving it as-is means that at best maintainers will have a harder time than they should making changes to the code. At worst, they'll be so confused by the state of the code that they'll introduce additional errors as they make changes. 

Rating given to your project related to the value of your Technical Debt Ratio. 

The technical debt is the effort to fix all maintainability issues. And the technical debt ratio is the ratio between the cost to develop the software and the cost to fix it. The Technical Debt Ratio formula is:

	Remediation cost / Development cost 

Which can be restated as:

	Remediation cost / (Cost to develop 1 line of code * Number of lines of code)

The value of the cost to develop a line of code is 0.06 days.

The default Maintainability Rating grid is: A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1

The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is:

• <=5% of the time that has already gone into the application, the rating is A
• between 6 to 10% the rating is a B
• between 11 to 20% the rating is a C
• between 21 to 50% the rating is a D
• anything over 50% is an E

The size rating is based on lines of code. 

Lines of code is the number of physical lines that contain at least one character which is neither a whitespace or a tabulation or part of a comment.

The rating will calculate as follows:

• XS, if lines < 1000
• S, if lines between 1000 and 10000
• M, if lines between 10000 and 100000
• L, if lines between 100000 and 500000
• XL, if lines > 500000