Posture
critical
4
high
5
medium
9
low
1
Ownership
Findings (20)
critical
Hardcoded AWS access key in source
Burp SuiteDAST
open
9.7
medium
Excessive Kubernetes RBAC privileges
CheckmarxSAST
accepted
6
high
SSRF in webhook fetcher
tfsecIaC
open
4.5
high
S3 bucket publicly readable
GrypeContainer
open
4.1
critical
Cross-site Scripting in profile renderer
Burp Pro PenTestPenTest
triaged
5.2
critical
Race condition in payment idempotency
Burp Pro PenTestPenTest
open
9.7
medium
Outdated lodash with prototype pollution
CodeQLSAST
open
9.9
medium
IAM role with wildcard permissions
tfsecIaC
triaged
4.3
info
Excessive Kubernetes RBAC privileges
SemgrepSAST
open
7.7
high
Log4Shell vulnerable dependency
tfsecIaC
open
6.7
low
Unencrypted RDS snapshot
GitleaksSecrets
open
6
high
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
triaged
8.5
medium
Excessive Kubernetes RBAC privileges
Burp Pro PenTestPenTest
triaged
8.7
medium
Excessive Kubernetes RBAC privileges
GrypeContainer
triaged
4.5
medium
Dependency confusion risk on internal package
CheckovIaC
open
4.1
medium
Terraform module pins old AMI with CVEs
GrypeContainer
open
8.1
medium
Hardcoded AWS access key in source
CheckovIaC
triaged
9.6