Posture
critical
2
high
6
medium
8
low
6
Ownership
Findings (26)
medium
Terraform module pins old AMI with CVEs
GrypeContainer
triaged
5.3
medium
IAM role with wildcard permissions
SemgrepSAST
accepted
7.8
info
Hardcoded AWS access key in source
SonarQubeSAST
triaged
7.3
low
Race condition in payment idempotency
OWASP ZAPDAST
open
9.8
low
Unencrypted RDS snapshot
Contrast RASPRASP
open
8.6
info
Outdated lodash with prototype pollution
GrypeContainer
triaged
5
high
Missing rate limiting on /login
DependabotSCA
triaged
6.3
medium
Log4Shell vulnerable dependency
CheckmarxSAST
open
5.2
critical
Open Redis without auth
GitleaksSecrets
accepted
6.1
medium
Outdated lodash with prototype pollution
DependabotSCA
triaged
4.1
low
Unencrypted RDS snapshot
ProwlerCSPM
open
7.4
info
Insecure deserialization in message queue consumer
CheckmarxSAST
open
8.1
high
SSRF in webhook fetcher
WizCSPM
accepted
4.6
high
Log4Shell vulnerable dependency
ProwlerCSPM
triaged
5
low
Missing rate limiting on /login
GitleaksSecrets
open
9.2
high
Outdated lodash with prototype pollution
WizCSPM
triaged
4.3
medium
SSRF in webhook fetcher
ProwlerCSPM
open
9.4
medium
Container running as root
DependabotSCA
triaged
8.3