Posture
critical
3
high
4
medium
6
low
8
Ownership
Findings (23)
high
Open Redis without auth
SonarQubeSAST
open
7.7
low
Missing CSP header on auth pages
tfsecIaC
accepted
7.4
info
JWT signed with weak HS256 secret
CheckmarxSAST
accepted
4.8
medium
Cross-site Scripting in profile renderer
OWASP ZAPDAST
open
9.8
info
SSRF in webhook fetcher
Burp Pro PenTestPenTest
open
4.5
low
Unencrypted RDS snapshot
OWASP ZAPDAST
open
6.7
low
Open Redis without auth
CheckmarxSAST
open
6.3
critical
SQL Injection in user-input handler
SnykSCA
false positive
6.8
medium
Terraform module pins old AMI with CVEs
SemgrepSAST
open
6.1
medium
Outdated lodash with prototype pollution
WizCSPM
triaged
7.1
low
Hardcoded AWS access key in source
GrypeContainer
triaged
5.9
medium
Terraform module pins old AMI with CVEs
CodeQLSAST
open
8.8
low
IAM role with wildcard permissions
TruffleHogSecrets
open
6.5
medium
SQL Injection in user-input handler
tfsecIaC
triaged
6.9
critical
SQL Injection in user-input handler
WizCSPM
accepted
9.9
low
Hardcoded AWS access key in source
OWASP ZAPDAST
open
5.2