Handles PII
Posture
critical
2
high
11
medium
2
low
3
Ownership
Findings (22)
high
Outdated lodash with prototype pollution
OWASP ZAPDAST
open
9.3
low
Unencrypted RDS snapshot
tfsecIaC
open
7.3
high
Container running as root
OWASP ZAPDAST
false positive
4.6
high
SQL Injection in user-input handler
tfsecIaC
triaged
9.7
high
Missing rate limiting on /login
ProwlerCSPM
triaged
8.5
critical
Missing CSP header on auth pages
tfsecIaC
triaged
4.5
info
Cross-site Scripting in profile renderer
TrivyContainer
false positive
6.9
high
S3 bucket publicly readable
CheckmarxSAST
open
9.3
high
Container running as root
GitleaksSecrets
accepted
6.4
high
Hardcoded AWS access key in source
GitleaksSecrets
triaged
9.1
info
Missing rate limiting on /login
SemgrepSAST
open
4.5
info
SSRF in webhook fetcher
tfsecIaC
false positive
4.5
critical
IAM role with wildcard permissions
Scout SuiteCSPM
triaged
10
high
SSRF in webhook fetcher
TrivyContainer
false positive
7.5
high
S3 bucket publicly readable
SemgrepSAST
triaged
5.4