Posture
critical
1
high
3
medium
6
low
3
Ownership
Findings (16)
medium
Cross-site Scripting in profile renderer
OWASP ZAPDAST
triaged
7.7
high
Cross-site Scripting in profile renderer
SnykSCA
triaged
6.1
low
Race condition in payment idempotency
Scout SuiteCSPM
accepted
7.6
info
SSRF in webhook fetcher
Scout SuiteCSPM
accepted
8.2
medium
Missing CSP header on auth pages
CodeQLSAST
triaged
9
high
S3 bucket publicly readable
DependabotSCA
open
9.8
medium
Unencrypted RDS snapshot
Burp Pro PenTestPenTest
open
8.4
low
Missing rate limiting on /login
GitleaksSecrets
false positive
9.4
critical
Excessive Kubernetes RBAC privileges
SemgrepSAST
open
4
medium
SSRF in webhook fetcher
CodeQLSAST
accepted
5.7
info
Excessive Kubernetes RBAC privileges
Burp SuiteDAST
open
7.7
info
Terraform module pins old AMI with CVEs
SemgrepSAST
accepted
5.1