Posture
critical
1
high
8
medium
7
low
5
Ownership
Findings (24)
low
Excessive Kubernetes RBAC privileges
GitleaksSecrets
false positive
9.3
high
Open Redis without auth
Contrast RASPRASP
open
6.4
low
Hardcoded AWS access key in source
Burp Pro PenTestPenTest
open
8.7
critical
Excessive Kubernetes RBAC privileges
CheckmarxSAST
triaged
9.2
high
Hardcoded AWS access key in source
GitleaksSecrets
open
6.3
medium
Race condition in payment idempotency
ProwlerCSPM
open
5.9
medium
Dependency confusion risk on internal package
Scout SuiteCSPM
false positive
9.1
medium
SSRF in webhook fetcher
SnykSCA
triaged
7.1
medium
Dependency confusion risk on internal package
Burp Pro PenTestPenTest
triaged
8.2
high
IAM role with wildcard permissions
TruffleHogSecrets
false positive
4.6
low
Open Redis without auth
TruffleHogSecrets
open
8.6
low
Race condition in payment idempotency
CheckmarxSAST
false positive
4.9
high
Open Redis without auth
Burp SuiteDAST
accepted
7.5
medium
Container running as root
SnykSCA
false positive
4.6
low
Missing CSP header on auth pages
SnykSCA
open
9.6
medium
Insecure deserialization in message queue consumer
tfsecIaC
open
4.3
high
Terraform module pins old AMI with CVEs
GitleaksSecrets
triaged
9
high
Open Redis without auth
ProwlerCSPM
open
7.8
info
Path traversal in file download endpoint
SonarQubeSAST
triaged
4.1