diff --git a/pkg/security/risks/builtin/missing_cloud_hardening_rule.go b/pkg/security/risks/builtin/missing_cloud_hardening_rule.go
index f9a45c74..3d06e0db 100644
--- a/pkg/security/risks/builtin/missing_cloud_hardening_rule.go
+++ b/pkg/security/risks/builtin/missing_cloud_hardening_rule.go
@@ -352,6 +352,7 @@ func addAccordingToBaseTag(techAsset *types.TechnicalAsset, tags []string,
 
 func findMostSensitiveTechnicalAsset(input *types.Model, techAssets map[string]bool) *types.TechnicalAsset {
 	var mostRelevantAsset *types.TechnicalAsset
+	// as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
 	keys := make([]string, 0, len(techAssets))
 	for k := range techAssets {
 		keys = append(keys, k)