Posture
critical
0
high
6
medium
4
low
4
Ownership
Findings (18)
high
SQL Injection in user-input handler
ProwlerCSPM
open
7.7
high
IAM role with wildcard permissions
Burp Pro PenTestPenTest
open
6.1
medium
JWT signed with weak HS256 secret
tfsecIaC
triaged
9.9
medium
Log4Shell vulnerable dependency
SnykSCA
triaged
6.8
low
Hardcoded AWS access key in source
SonarQubeSAST
false positive
8.7
high
JWT signed with weak HS256 secret
OWASP ZAPDAST
open
9.9
high
Container running as root
SnykSCA
open
4.6
low
S3 bucket publicly readable
tfsecIaC
false positive
8.2
medium
Container running as root
TruffleHogSecrets
open
4.7
low
Path traversal in file download endpoint
Contrast RASPRASP
open
4.8
high
SQL Injection in user-input handler
Contrast RASPRASP
open
6.2
low
IAM role with wildcard permissions
CheckmarxSAST
triaged
6.2
info
Open Redis without auth
OWASP ZAPDAST
open
5.8
info
S3 bucket publicly readable
GitleaksSecrets
triaged
4.8