Skip to main content
Every scan produces two independent scores, each computed across multiple frameworks.

Dual scores

ScoreSourceFrameworksScale
Compliance ScoreCode analysis against regulationsEU AI Act, AIUC-1, ISO 420010–100 (A–F)
Security ScoreAttack surface analysisOWASP LLM Top 10, MITRE ATLAS0–100 (A–F)

Grade scale

GradeScore RangeMeaning
A90–100Excellent — audit-ready
B80–89Good — minor improvements needed
C70–79Acceptable — significant gaps remain
D60–69Poor — major compliance work needed
F0–59Failing — critical issues

Critical caps

Certain categories cap the maximum achievable score:
  • Prohibited practices = 0 → max overall score: 29
  • Transparency = 0 → max overall score: 49
  • No passport → max overall score: 69

Multi-framework scoring

Configure which frameworks to score against in .complior/config.toml: 
frameworks = ["eu-ai-act", "aiuc-1", "owasp-llm", "mitre-atlas"]
Each framework has its own scorer with independent weights and rules. The default is ["eu-ai-act"].

Score composition

Scores are computed in 3 layers:
LayerWhatExample
Foundation metricsScan results, passport presence, evidence, docs, adversarial testspassport-presence: +5, no-disclosure: -8
Per-framework scoresWeighted by framework-specific rulesEU AI Act weights Art.5 highest
Economic indicatorsCompliance debt, estimated cost, deadline risk45 days to deadline, €12K estimated cost