Posture
critical
3
high
3
medium
5
low
3
Ownership
Findings (16)
medium
Outdated lodash with prototype pollution
Contrast RASPRASP
open
4.2
medium
Path traversal in file download endpoint
Contrast RASPRASP
triaged
7.4
critical
Log4Shell vulnerable dependency
DependabotSCA
open
9.6
medium
SSRF in webhook fetcher
GrypeContainer
triaged
5.7
low
Hardcoded AWS access key in source
SonarQubeSAST
open
7.1
high
Unencrypted RDS snapshot
SemgrepSAST
open
7.8
high
Open Redis without auth
OWASP ZAPDAST
open
7.1
high
SQL Injection in user-input handler
TrivyContainer
open
9.1
medium
IAM role with wildcard permissions
SemgrepSAST
triaged
8.6
low
Path traversal in file download endpoint
tfsecIaC
triaged
4.4
critical
Container running as root
OWASP ZAPDAST
false positive
5.2
low
Container running as root
ProwlerCSPM
triaged
8.8
medium
Container running as root
Burp SuiteDAST
open
9.4
info
Race condition in payment idempotency
GrypeContainer
accepted
4.7