# How Is Fix Time Calculated

### What Is Fix Time?

Fix time is a rough estimate of how long it may take to remediate a security issue. It’s not exact—it’s meant to help you prioritize and plan based on the relative effort required.

### How It’s Calculated

Aikido uses a custom algorithm per issue type. Here’s how it works:

#### 🧬 Dependency (SCA) Issues

Fix time depends on the type of version upgrade:

* Minor upgrade (e.g. 4.5.1 → 4.5.2) → 5–15 minutes
* Major upgrade (e.g. 1.0 → 3.0, or across EOL boundaries) → at least 1 hour

#### 🔍 SAST (Code Issues)

Calculated as: Issue count × static time per issue type

Examples:

* SQL Injection ≈ 30 min/issue
* Secrets ≈ 10 min/issue

#### ☁️ Cloud Issues

Similar logic as SAST: static values per issue type, multiplied by count.

#### 🔑 Secrets

One fixed estimate per issue (e.g., rotate a key = 5–10 minutes).

{% hint style="success" %}
When there's an [Aikido AutoFix ](/autofix-and-remediation/overview-aikido-autofix.md)available, the actual fix time will be lower
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/getting-started/core-functionalities/how-is-fix-time-calculated.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.