Posture
critical
2
high
9
medium
10
low
4
Ownership
Findings (27)
low
Open Redis without auth
CheckovIaC
open
8.7
medium
Cross-site Scripting in profile renderer
SnykSCA
open
4.5
high
Race condition in payment idempotency
Burp Pro PenTestPenTest
accepted
4.6
critical
Container running as root
ProwlerCSPM
false positive
7.6
medium
Log4Shell vulnerable dependency
ProwlerCSPM
triaged
6
high
Missing CSP header on auth pages
Burp Pro PenTestPenTest
triaged
8.2
high
Open Redis without auth
Cloudflare WAFWAF
triaged
4.9
low
Log4Shell vulnerable dependency
SonarQubeSAST
open
7.1
medium
Container running as root
CheckovIaC
accepted
7.8
info
Open Redis without auth
SemgrepSAST
false positive
9.2
high
S3 bucket publicly readable
Burp Pro PenTestPenTest
open
9.2
high
Open Redis without auth
GrypeContainer
open
5.2
medium
Unencrypted RDS snapshot
TruffleHogSecrets
triaged
4.3
medium
Path traversal in file download endpoint
GrypeContainer
triaged
6.3
critical
Insecure deserialization in message queue consumer
Burp SuiteDAST
accepted
5
info
JWT signed with weak HS256 secret
Scout SuiteCSPM
open
5.7