Posture
critical
2
high
9
medium
3
low
3
Ownership
Findings (18)
high
IAM role with wildcard permissions
GitleaksSecrets
open
9.7
critical
Insecure deserialization in message queue consumer
Burp Pro PenTestPenTest
triaged
7.4
low
Cross-site Scripting in profile renderer
GitleaksSecrets
open
6.6
high
Dependency confusion risk on internal package
OWASP ZAPDAST
open
8
high
JWT signed with weak HS256 secret
ProwlerCSPM
triaged
9.6
high
Open Redis without auth
Contrast RASPRASP
open
4.2
low
Outdated lodash with prototype pollution
OWASP ZAPDAST
open
6
info
S3 bucket publicly readable
Scout SuiteCSPM
open
5
medium
IAM role with wildcard permissions
CodeQLSAST
open
9.6
low
Log4Shell vulnerable dependency
TruffleHogSecrets
triaged
4.4
critical
Terraform module pins old AMI with CVEs
DependabotSCA
false positive
9.6
high
Excessive Kubernetes RBAC privileges
Cloudflare WAFWAF
accepted
6.7
high
Hardcoded AWS access key in source
OWASP ZAPDAST
false positive
6.9
medium
Excessive Kubernetes RBAC privileges
GrypeContainer
triaged
9.6
high
Insecure deserialization in message queue consumer
CheckmarxSAST
open
5.8