Handles PII
Posture
critical
7
high
6
medium
6
low
8
Ownership
Findings (32)
info
Dependency confusion risk on internal package
WizCSPM
open
5.3
medium
Dependency confusion risk on internal package
Cloudflare WAFWAF
triaged
5.9
high
Cross-site Scripting in profile renderer
DependabotSCA
open
4.7
high
SSRF in webhook fetcher
Cloudflare WAFWAF
open
5.3
medium
Terraform module pins old AMI with CVEs
WizCSPM
open
7.6
info
Unencrypted RDS snapshot
SemgrepSAST
accepted
9.1
high
Excessive Kubernetes RBAC privileges
SonarQubeSAST
triaged
6.7
critical
S3 bucket publicly readable
CheckovIaC
open
5.6
low
Open Redis without auth
DependabotSCA
triaged
8.4
info
Insecure deserialization in message queue consumer
GrypeContainer
false positive
7
low
SQL Injection in user-input handler
tfsecIaC
triaged
8.4
critical
JWT signed with weak HS256 secret
Contrast RASPRASP
open
9.2
low
Path traversal in file download endpoint
CodeQLSAST
accepted
5.1
medium
Missing CSP header on auth pages
Scout SuiteCSPM
open
5.5
low
SQL Injection in user-input handler
tfsecIaC
open
5.4
low
IAM role with wildcard permissions
GitleaksSecrets
open
4.6
critical
SQL Injection in user-input handler
GrypeContainer
accepted
4.3
low
JWT signed with weak HS256 secret
Scout SuiteCSPM
open
8.3
medium
SQL Injection in user-input handler
Cloudflare WAFWAF
open
5.9
high
Cross-site Scripting in profile renderer
ProwlerCSPM
triaged
5.3
critical
S3 bucket publicly readable
SemgrepSAST
open
8.5
info
Unencrypted RDS snapshot
SemgrepSAST
triaged
6
medium
Path traversal in file download endpoint
CheckmarxSAST
triaged
7.2
low
Path traversal in file download endpoint
ProwlerCSPM
triaged
4
low
Insecure deserialization in message queue consumer
TrivyContainer
open
7.2
critical
Race condition in payment idempotency
CodeQLSAST
triaged
7.2
medium
Terraform module pins old AMI with CVEs
WizCSPM
accepted
7.2
critical
Outdated lodash with prototype pollution
GitleaksSecrets
triaged
5.3
critical
Dependency confusion risk on internal package
WizCSPM
false positive
8.3