Handles PII
Posture
critical
5
high
8
medium
7
low
9
Ownership
Findings (31)
critical
JWT signed with weak HS256 secret
SemgrepSAST
false positive
9.1
high
Container running as root
ProwlerCSPM
false positive
4.7
critical
Missing rate limiting on /login
CodeQLSAST
accepted
6.7
medium
S3 bucket publicly readable
CodeQLSAST
false positive
9.2
medium
Excessive Kubernetes RBAC privileges
OWASP ZAPDAST
open
8.4
high
JWT signed with weak HS256 secret
CodeQLSAST
false positive
4.3
critical
SSRF in webhook fetcher
TrivyContainer
triaged
6.8
medium
Container running as root
SemgrepSAST
accepted
6.2
medium
Missing rate limiting on /login
CodeQLSAST
open
5.6
high
Excessive Kubernetes RBAC privileges
CodeQLSAST
open
5
low
Outdated lodash with prototype pollution
OWASP ZAPDAST
open
6.2
medium
Missing rate limiting on /login
Scout SuiteCSPM
false positive
5.1
high
Hardcoded AWS access key in source
GrypeContainer
accepted
9.9
medium
Excessive Kubernetes RBAC privileges
CheckmarxSAST
open
5.8
low
Insecure deserialization in message queue consumer
Contrast RASPRASP
triaged
7.7
high
Hardcoded AWS access key in source
SnykSCA
open
7.8
critical
SQL Injection in user-input handler
OWASP ZAPDAST
false positive
7.4
high
S3 bucket publicly readable
CheckovIaC
false positive
9.9
low
Log4Shell vulnerable dependency
TruffleHogSecrets
open
6.2
critical
Path traversal in file download endpoint
tfsecIaC
open
8.5
info
SSRF in webhook fetcher
GrypeContainer
false positive
8.8
low
SSRF in webhook fetcher
tfsecIaC
open
7.3
high
Race condition in payment idempotency
tfsecIaC
open
8.6