Posture
critical
0
high
4
medium
7
low
6
Ownership
Findings (19)
high
Insecure deserialization in message queue consumer
SemgrepSAST
open
9.1
high
Outdated lodash with prototype pollution
Scout SuiteCSPM
triaged
9.6
info
Missing CSP header on auth pages
TrivyContainer
open
8
high
IAM role with wildcard permissions
GrypeContainer
open
8.9
medium
SSRF in webhook fetcher
ProwlerCSPM
open
7.8
medium
Hardcoded AWS access key in source
CodeQLSAST
open
7.8
medium
Dependency confusion risk on internal package
SnykSCA
false positive
9
high
IAM role with wildcard permissions
SnykSCA
false positive
8.6
medium
Missing CSP header on auth pages
GrypeContainer
accepted
4
low
SQL Injection in user-input handler
Burp Pro PenTestPenTest
open
6
low
Container running as root
CheckovIaC
false positive
5.7
low
Terraform module pins old AMI with CVEs
CheckmarxSAST
open
4.3
low
Cross-site Scripting in profile renderer
CheckovIaC
open
7.6
medium
JWT signed with weak HS256 secret
CheckovIaC
open
9.5
medium
JWT signed with weak HS256 secret
Cloudflare WAFWAF
open
8.1