Posture
critical
3
high
5
medium
6
low
1
Ownership
Findings (17)
medium
Open Redis without auth
SnykSCA
triaged
6.3
medium
SQL Injection in user-input handler
tfsecIaC
open
9.3
medium
Terraform module pins old AMI with CVEs
Burp Pro PenTestPenTest
triaged
9.5
critical
S3 bucket publicly readable
TrivyContainer
false positive
9.5
high
Cross-site Scripting in profile renderer
OWASP ZAPDAST
open
6.5
critical
S3 bucket publicly readable
GrypeContainer
triaged
4.9
high
JWT signed with weak HS256 secret
ProwlerCSPM
open
5.8
medium
Hardcoded AWS access key in source
Burp SuiteDAST
open
7.9
high
Container running as root
DependabotSCA
open
4.3
low
Unencrypted RDS snapshot
OWASP ZAPDAST
open
8.3
critical
Log4Shell vulnerable dependency
SemgrepSAST
false positive
5.9
medium
JWT signed with weak HS256 secret
SemgrepSAST
triaged
4.8
info
Outdated lodash with prototype pollution
CodeQLSAST
open
5.1
high
SSRF in webhook fetcher
Burp SuiteDAST
triaged
7.7