Posture
critical
0
high
4
medium
6
low
4
Ownership
Findings (16)
high
Unencrypted RDS snapshot
TrivyContainer
false positive
9.7
info
JWT signed with weak HS256 secret
Scout SuiteCSPM
open
9
low
Outdated lodash with prototype pollution
tfsecIaC
triaged
6.8
medium
Log4Shell vulnerable dependency
Scout SuiteCSPM
open
6.5
medium
Container running as root
OWASP ZAPDAST
false positive
6.8
low
IAM role with wildcard permissions
CodeQLSAST
false positive
9.2
medium
IAM role with wildcard permissions
CodeQLSAST
open
8.8
low
Missing CSP header on auth pages
DependabotSCA
open
5.4
medium
Insecure deserialization in message queue consumer
CodeQLSAST
false positive
4.8
high
Cross-site Scripting in profile renderer
CheckmarxSAST
open
4.3
high
Race condition in payment idempotency
TrivyContainer
triaged
7.1
info
Unencrypted RDS snapshot
TrivyContainer
open
6.9