Internet-exposed
Posture
critical
1
high
7
medium
5
low
5
Ownership
Findings (20)
high
Insecure deserialization in message queue consumer
TruffleHogSecrets
triaged
5.6
low
Container running as root
Burp SuiteDAST
triaged
6.4
medium
Dependency confusion risk on internal package
tfsecIaC
open
7.7
info
Outdated lodash with prototype pollution
tfsecIaC
false positive
9.5
high
Terraform module pins old AMI with CVEs
SonarQubeSAST
accepted
8.4
medium
Hardcoded AWS access key in source
SemgrepSAST
accepted
5.2
high
IAM role with wildcard permissions
Scout SuiteCSPM
open
9.1
medium
Missing rate limiting on /login
TruffleHogSecrets
open
8.8
info
SSRF in webhook fetcher
TruffleHogSecrets
false positive
6.3
high
Open Redis without auth
OWASP ZAPDAST
false positive
7
high
Dependency confusion risk on internal package
GitleaksSecrets
triaged
8
low
Excessive Kubernetes RBAC privileges
Contrast RASPRASP
open
7.6
medium
Missing rate limiting on /login
SemgrepSAST
accepted
4
high
IAM role with wildcard permissions
TrivyContainer
open
8.8
medium
SQL Injection in user-input handler
SemgrepSAST
open
8.8
high
Missing CSP header on auth pages
DependabotSCA
open
5