Handles PII
Posture
critical
2
high
4
medium
7
low
5
Ownership
Findings (21)
info
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
open
7.1
medium
Container running as root
TruffleHogSecrets
false positive
8
low
Cross-site Scripting in profile renderer
TruffleHogSecrets
triaged
7.9
medium
Missing CSP header on auth pages
OWASP ZAPDAST
open
9.8
high
Log4Shell vulnerable dependency
Scout SuiteCSPM
open
9.9
low
Outdated lodash with prototype pollution
tfsecIaC
open
6.3
info
Open Redis without auth
GrypeContainer
open
9.1
high
Race condition in payment idempotency
Burp SuiteDAST
open
5.7
high
S3 bucket publicly readable
SonarQubeSAST
triaged
6.8
medium
Open Redis without auth
Scout SuiteCSPM
open
8
low
SQL Injection in user-input handler
Cloudflare WAFWAF
false positive
9.9
medium
Open Redis without auth
TrivyContainer
triaged
6.9
low
Log4Shell vulnerable dependency
CheckmarxSAST
triaged
5.4
medium
Excessive Kubernetes RBAC privileges
CheckovIaC
accepted
7
medium
Hardcoded AWS access key in source
GrypeContainer
open
5.4
high
SQL Injection in user-input handler
tfsecIaC
open
8.3
critical
Hardcoded AWS access key in source
Scout SuiteCSPM
triaged
7.6
medium
Log4Shell vulnerable dependency
OWASP ZAPDAST
open
7.6