Posture
critical
3
high
9
medium
5
low
8
Ownership
Findings (25)
high
Cross-site Scripting in profile renderer
GrypeContainer
triaged
5.8
low
Insecure deserialization in message queue consumer
SnykSCA
open
6.4
low
Dependency confusion risk on internal package
WizCSPM
accepted
5
low
Missing CSP header on auth pages
OWASP ZAPDAST
open
7.4
critical
SSRF in webhook fetcher
SemgrepSAST
open
4.3
low
Race condition in payment idempotency
GrypeContainer
open
7.6
critical
Terraform module pins old AMI with CVEs
WizCSPM
open
7.5
high
Path traversal in file download endpoint
ProwlerCSPM
triaged
6.1
medium
SSRF in webhook fetcher
DependabotSCA
false positive
5.8
high
IAM role with wildcard permissions
SonarQubeSAST
open
5.2
high
Terraform module pins old AMI with CVEs
Burp Pro PenTestPenTest
accepted
7.4
low
Missing rate limiting on /login
tfsecIaC
open
6.4
low
Path traversal in file download endpoint
Burp Pro PenTestPenTest
triaged
4.9
medium
Missing CSP header on auth pages
Scout SuiteCSPM
false positive
5.6
medium
Race condition in payment idempotency
GitleaksSecrets
accepted
9.4
low
Hardcoded AWS access key in source
SonarQubeSAST
open
7.2
high
Race condition in payment idempotency
CheckmarxSAST
open
8.4
low
Open Redis without auth
SemgrepSAST
open
9.3
high
S3 bucket publicly readable
Burp Pro PenTestPenTest
accepted
8.1
medium
Open Redis without auth
ProwlerCSPM
open
7.5
high
Race condition in payment idempotency
Scout SuiteCSPM
open
6.3
high
S3 bucket publicly readable
Burp SuiteDAST
triaged
4.5