Handles PII
Posture
critical
2
high
8
medium
7
low
2
Ownership
Findings (23)
high
SSRF in webhook fetcher
WizCSPM
open
8.9
medium
Race condition in payment idempotency
Cloudflare WAFWAF
open
7.3
high
JWT signed with weak HS256 secret
Contrast RASPRASP
open
4.6
critical
S3 bucket publicly readable
Contrast RASPRASP
triaged
6.3
critical
Path traversal in file download endpoint
WizCSPM
accepted
8.1
medium
Dependency confusion risk on internal package
WizCSPM
open
6
info
Container running as root
WizCSPM
triaged
8.8
medium
Hardcoded AWS access key in source
Scout SuiteCSPM
triaged
6.1
high
SQL Injection in user-input handler
OWASP ZAPDAST
accepted
7
high
Container running as root
DependabotSCA
accepted
5.2
medium
Missing rate limiting on /login
SonarQubeSAST
open
6.3
info
Unencrypted RDS snapshot
WizCSPM
false positive
9.7
high
Missing rate limiting on /login
CheckovIaC
open
6.6
high
Log4Shell vulnerable dependency
CheckmarxSAST
open
4.4
medium
Cross-site Scripting in profile renderer
TrivyContainer
open
9.3
info
Unencrypted RDS snapshot
Cloudflare WAFWAF
open
7
medium
Log4Shell vulnerable dependency
DependabotSCA
open
8.4