Posture
critical
3
high
9
medium
3
low
7
Ownership
Findings (22)
medium
JWT signed with weak HS256 secret
Burp SuiteDAST
open
4.4
critical
Container running as root
TrivyContainer
open
9.1
low
Open Redis without auth
Scout SuiteCSPM
false positive
6.9
low
Path traversal in file download endpoint
OWASP ZAPDAST
triaged
5.5
critical
Path traversal in file download endpoint
OWASP ZAPDAST
open
6.3
high
Log4Shell vulnerable dependency
SnykSCA
open
7.7
high
Race condition in payment idempotency
WizCSPM
triaged
9.7
low
Outdated lodash with prototype pollution
WizCSPM
open
5.3
critical
Unencrypted RDS snapshot
CheckovIaC
open
9.5
low
Outdated lodash with prototype pollution
Burp Pro PenTestPenTest
open
5.1
high
Outdated lodash with prototype pollution
CheckovIaC
open
7.5
high
Race condition in payment idempotency
Scout SuiteCSPM
false positive
7.1
high
Container running as root
Scout SuiteCSPM
triaged
9.5
low
Missing rate limiting on /login
TruffleHogSecrets
open
4.3
low
Open Redis without auth
SemgrepSAST
false positive
8.8
high
SQL Injection in user-input handler
Scout SuiteCSPM
open
5.7
medium
Dependency confusion risk on internal package
Burp SuiteDAST
open
8.1
high
Log4Shell vulnerable dependency
OWASP ZAPDAST
open
4.7
high
Hardcoded AWS access key in source
SonarQubeSAST
accepted
9.8