Posture
critical
4
high
5
medium
6
low
4
Ownership
Findings (23)
low
Unencrypted RDS snapshot
tfsecIaC
open
9.8
low
Unencrypted RDS snapshot
SnykSCA
open
7.2
critical
Dependency confusion risk on internal package
TruffleHogSecrets
triaged
7.9
medium
Container running as root
WizCSPM
open
9.9
medium
Cross-site Scripting in profile renderer
WizCSPM
accepted
9.4
medium
Terraform module pins old AMI with CVEs
Burp SuiteDAST
triaged
6.4
critical
S3 bucket publicly readable
SonarQubeSAST
false positive
6.1
high
Outdated lodash with prototype pollution
ProwlerCSPM
triaged
10
high
Dependency confusion risk on internal package
Burp SuiteDAST
open
8.9
info
JWT signed with weak HS256 secret
CheckovIaC
triaged
9.8
medium
Cross-site Scripting in profile renderer
CheckmarxSAST
false positive
6.1
critical
S3 bucket publicly readable
SnykSCA
false positive
6.8
high
Container running as root
Cloudflare WAFWAF
open
7.2
low
Insecure deserialization in message queue consumer
SonarQubeSAST
open
7
medium
Path traversal in file download endpoint
OWASP ZAPDAST
open
4
high
SSRF in webhook fetcher
tfsecIaC
accepted
4.4
info
Missing rate limiting on /login
DependabotSCA
false positive
5.5
info
Path traversal in file download endpoint
SemgrepSAST
false positive
6
low
Race condition in payment idempotency
GrypeContainer
open
8.1
medium
Hardcoded AWS access key in source
CheckmarxSAST
open
7.6
critical
Container running as root
TruffleHogSecrets
accepted
8.7
high
S3 bucket publicly readable
TruffleHogSecrets
open
6.6