Handles PII
Posture
critical
2
high
6
medium
7
low
1
Ownership
Findings (19)
medium
JWT signed with weak HS256 secret
ProwlerCSPM
open
8.1
high
S3 bucket publicly readable
CheckovIaC
open
7.8
info
SSRF in webhook fetcher
CheckmarxSAST
accepted
9.8
medium
Open Redis without auth
DependabotSCA
open
7.3
medium
Open Redis without auth
Burp SuiteDAST
open
9.9
high
Race condition in payment idempotency
CheckmarxSAST
false positive
6.7
high
SQL Injection in user-input handler
CheckovIaC
accepted
6.1
critical
Container running as root
CodeQLSAST
open
9.8
critical
SSRF in webhook fetcher
ProwlerCSPM
triaged
8.7
medium
SSRF in webhook fetcher
CheckovIaC
triaged
5.1
high
Unencrypted RDS snapshot
SnykSCA
false positive
4.2
medium
Dependency confusion risk on internal package
SonarQubeSAST
open
6.5
medium
Missing rate limiting on /login
Burp SuiteDAST
open
4.6
info
Excessive Kubernetes RBAC privileges
TruffleHogSecrets
open
5
high
Excessive Kubernetes RBAC privileges
tfsecIaC
open
8
high
Log4Shell vulnerable dependency
Burp Pro PenTestPenTest
open
8.5
info
Path traversal in file download endpoint
Scout SuiteCSPM
open
5.8