So the Maintainability Rating is based solely on code smells (calculated as technical debt), while other issues such as bugs and security vulnerabilities are used to calculate the Reliability and Security Ratings, respectively. Is my perception correct?
To be clear, the way the Reliability and Vulnerability ratings are calculated is different than the way Maintainability is calculated, but they’re based on the issues you mentioned.