Posture
critical
1
high
3
medium
3
low
4
Ownership
Findings (13)
info
JWT signed with weak HS256 secret
CodeQLSAST
triaged
6
critical
Cross-site Scripting in profile renderer
TrivyContainer
false positive
4.9
low
Path traversal in file download endpoint
CheckmarxSAST
triaged
5.1
low
Missing rate limiting on /login
TrivyContainer
open
9.6
high
Hardcoded AWS access key in source
TruffleHogSecrets
accepted
4.5
high
SSRF in webhook fetcher
OWASP ZAPDAST
open
9.3
medium
SQL Injection in user-input handler
TruffleHogSecrets
accepted
8.5
low
Race condition in payment idempotency
SnykSCA
open
7.1
info
S3 bucket publicly readable
tfsecIaC
open
7.9
low
Hardcoded AWS access key in source
TrivyContainer
triaged
10
high
Cross-site Scripting in profile renderer
GitleaksSecrets
triaged
8.6