Posture
critical
2
high
3
medium
10
low
2
Ownership
Findings (21)
info
S3 bucket publicly readable
SnykSCA
open
6.1
low
Excessive Kubernetes RBAC privileges
TrivyContainer
open
7.6
high
Excessive Kubernetes RBAC privileges
ProwlerCSPM
open
10
info
Log4Shell vulnerable dependency
GrypeContainer
open
9
medium
Insecure deserialization in message queue consumer
Burp SuiteDAST
accepted
7.7
high
Cross-site Scripting in profile renderer
SemgrepSAST
open
5.5
info
Unencrypted RDS snapshot
GrypeContainer
false positive
9.6
medium
Unencrypted RDS snapshot
TruffleHogSecrets
open
4.2
medium
Container running as root
ProwlerCSPM
accepted
8.2
medium
Dependency confusion risk on internal package
GitleaksSecrets
triaged
9.3
high
Missing CSP header on auth pages
TrivyContainer
false positive
8.9
critical
Unencrypted RDS snapshot
Cloudflare WAFWAF
triaged
6.3
medium
Dependency confusion risk on internal package
Burp SuiteDAST
open
4.7
medium
Container running as root
Cloudflare WAFWAF
open
9.8
medium
SSRF in webhook fetcher
CheckovIaC
open
4.6
critical
Dependency confusion risk on internal package
Burp Pro PenTestPenTest
false positive
8.2
low
Excessive Kubernetes RBAC privileges
CodeQLSAST
open
4.8