Posture
critical
2
high
7
medium
9
low
5
Ownership
Findings (28)
info
Missing CSP header on auth pages
CodeQLSAST
accepted
9.4
high
Open Redis without auth
WizCSPM
open
4.5
medium
Missing rate limiting on /login
tfsecIaC
open
4.4
high
Race condition in payment idempotency
Burp SuiteDAST
triaged
8.9
low
Cross-site Scripting in profile renderer
GitleaksSecrets
open
6.2
medium
Insecure deserialization in message queue consumer
GrypeContainer
open
7.5
medium
S3 bucket publicly readable
GrypeContainer
false positive
6.6
high
Open Redis without auth
GrypeContainer
open
6.2
low
Unencrypted RDS snapshot
tfsecIaC
triaged
6.5
low
S3 bucket publicly readable
CheckovIaC
open
8.3
low
S3 bucket publicly readable
CodeQLSAST
accepted
6
high
SSRF in webhook fetcher
CodeQLSAST
open
9.2
medium
Missing CSP header on auth pages
Burp SuiteDAST
accepted
4.9
info
Hardcoded AWS access key in source
CodeQLSAST
accepted
4.9
critical
Cross-site Scripting in profile renderer
GrypeContainer
open
7.1
info
Unencrypted RDS snapshot
WizCSPM
open
9.2
medium
Dependency confusion risk on internal package
tfsecIaC
triaged
7.7
low
Race condition in payment idempotency
OWASP ZAPDAST
accepted
6.2
high
Path traversal in file download endpoint
TrivyContainer
accepted
7.8
medium
Path traversal in file download endpoint
Burp Pro PenTestPenTest
false positive
6.7
medium
Open Redis without auth
SonarQubeSAST
triaged
4.2
medium
IAM role with wildcard permissions
GrypeContainer
triaged
4.6
medium
Open Redis without auth
SemgrepSAST
open
9.4
info
Path traversal in file download endpoint
Cloudflare WAFWAF
open
8.2
critical
Terraform module pins old AMI with CVEs
tfsecIaC
open
7.8
high
Dependency confusion risk on internal package
tfsecIaC
accepted
4.5