Posture
critical
2
high
10
medium
9
low
6
Ownership
Findings (28)
medium
Insecure deserialization in message queue consumer
OWASP ZAPDAST
open
4.7
high
IAM role with wildcard permissions
TruffleHogSecrets
open
4.5
low
Path traversal in file download endpoint
ProwlerCSPM
open
5.9
critical
Missing rate limiting on /login
TrivyContainer
triaged
9.3
critical
JWT signed with weak HS256 secret
Contrast RASPRASP
false positive
9.8
medium
SSRF in webhook fetcher
SnykSCA
open
6.5
high
IAM role with wildcard permissions
GrypeContainer
false positive
7.6
medium
Path traversal in file download endpoint
DependabotSCA
open
9.9
low
Insecure deserialization in message queue consumer
GitleaksSecrets
triaged
6.5
high
Insecure deserialization in message queue consumer
CheckovIaC
open
4.4
medium
Container running as root
GrypeContainer
open
8.2
info
Dependency confusion risk on internal package
ProwlerCSPM
open
4.3
high
Log4Shell vulnerable dependency
SonarQubeSAST
accepted
6.2
medium
Excessive Kubernetes RBAC privileges
CodeQLSAST
triaged
6.4
medium
Container running as root
CodeQLSAST
triaged
7.8
low
Dependency confusion risk on internal package
tfsecIaC
open
7.6
high
SSRF in webhook fetcher
Burp SuiteDAST
open
6.7
high
Hardcoded AWS access key in source
OWASP ZAPDAST
accepted
9.2
high
Missing CSP header on auth pages
ProwlerCSPM
open
8.8
low
SSRF in webhook fetcher
Cloudflare WAFWAF
open
6
high
Outdated lodash with prototype pollution
Cloudflare WAFWAF
triaged
6.1