Viewing as CISO

Security Posture Overview

Real-time risk across code, cloud, and runtime. Last refreshed 2 minutes ago.

Open findings

4.2%

989

vs last week

Critical / High

8.1%

842

253 critical

Fixed (30d)

12.5%

↑ velocity

Mean age

2.3%

90d

across open

Findings trend (60 days)

Stacked by severity

Severity distribution

2,500 total

Top risk — needs attention

View all

high

IAM role with wildcard permissions

subscriptions · subscriptions-iam-role-37

TrivyContainer

CVSS 10

Exploit low

SSRF in webhook fetcher

checkout-api · checkout-api-vm-21

Burp Pro PenTestPenTest

CVSS 9.9

Exploit medium

Container running as root

vault · vault-service-3

WizCSPM

CVSS 9.9

Exploit high

Hardcoded AWS access key in source

analytics-pipeline · analytics-pipeline-load-balancer-33

DependabotSCA

CVSS 9.9

Exploit low

Missing CSP header on auth pages

wallet · wallet-s3-bucket-6

tfsecIaC

CVSS 9.9

Exploit low

Open Redis without auth

profile-svc · profile-svc-container-7

GitleaksSecrets

CVSS 9.9

Exploit

Compliance posture

Details

SOC 2 Type II85%

121/142 controls passing

ISO 27001:202284%

78/93 controls passing

PCI DSS 4.083%

218/264 controls passing

HIPAA Security82%

64/78 controls passing

NIST CSF 2.084%

91/108 controls passing

Fix velocity (30 days)

Introduced vs Fixed

Cloud accounts

View

staging

AWS · 367349883867

77 issues

prod-payments

GCP · 221563272271

112 issues

staging

GCP · 135910060117

187 issues

corp-it

AWS · 640161155164

102 issues

prod-payments

AWS · 582179549103

191 issues

Recent activity

Marcus Wei escalated

Missing CSP header on auth pages

over 56 years ago

Marcus Wei assigned

Terraform module pins old AMI with CVEs

over 56 years ago

Aisha Khan escalated

Missing CSP header on auth pages

over 56 years ago

Sarah Chen assigned

Outdated lodash with prototype pollution

over 56 years ago

Elena Rossi commented on

Container running as root

over 56 years ago

James Ortiz assigned

S3 bucket publicly readable

over 56 years ago

Marcus Wei commented on

IAM role with wildcard permissions

over 56 years ago

Marcus Wei escalated

Insecure deserialization in message queue consumer

over 56 years ago

James Ortiz assigned

IAM role with wildcard permissions

over 56 years ago

Marcus Wei marked fixed

Missing rate limiting on /login

over 56 years ago