Internet-exposed
Posture
critical
3
high
4
medium
8
low
5
Ownership
Findings (25)
info
IAM role with wildcard permissions
Burp SuiteDAST
accepted
7.3
info
Outdated lodash with prototype pollution
CodeQLSAST
accepted
9.5
medium
Race condition in payment idempotency
CheckmarxSAST
open
4.8
medium
Missing CSP header on auth pages
DependabotSCA
triaged
4.8
low
IAM role with wildcard permissions
Scout SuiteCSPM
accepted
7.8
high
Insecure deserialization in message queue consumer
CheckmarxSAST
triaged
9.6
high
IAM role with wildcard permissions
TrivyContainer
open
10
low
IAM role with wildcard permissions
TrivyContainer
open
8.7
info
Log4Shell vulnerable dependency
CheckmarxSAST
open
8
high
Missing rate limiting on /login
CodeQLSAST
accepted
9.1
info
Insecure deserialization in message queue consumer
ProwlerCSPM
open
8.8
critical
Log4Shell vulnerable dependency
DependabotSCA
accepted
9.1
critical
S3 bucket publicly readable
TrivyContainer
false positive
9.8
high
Missing rate limiting on /login
GitleaksSecrets
false positive
5.1
medium
JWT signed with weak HS256 secret
Burp Pro PenTestPenTest
accepted
6.9
low
IAM role with wildcard permissions
Scout SuiteCSPM
open
5.3
low
SSRF in webhook fetcher
tfsecIaC
triaged
7.3
medium
Insecure deserialization in message queue consumer
SnykSCA
open
7.1
medium
Missing CSP header on auth pages
OWASP ZAPDAST
open
6.2
medium
IAM role with wildcard permissions
tfsecIaC
triaged
8.8