Posture
critical
2
high
4
medium
8
low
2
Ownership
Findings (17)
medium
Hardcoded AWS access key in source
TruffleHogSecrets
accepted
9.4
low
Unencrypted RDS snapshot
SemgrepSAST
triaged
7.3
low
Terraform module pins old AMI with CVEs
SnykSCA
open
7.3
high
Race condition in payment idempotency
Scout SuiteCSPM
triaged
5.8
info
Missing rate limiting on /login
tfsecIaC
open
5.9
high
Terraform module pins old AMI with CVEs
CheckmarxSAST
accepted
9.7
high
Terraform module pins old AMI with CVEs
Burp SuiteDAST
false positive
4.6
medium
SQL Injection in user-input handler
WizCSPM
triaged
6.5
critical
Unencrypted RDS snapshot
Cloudflare WAFWAF
triaged
6
medium
Outdated lodash with prototype pollution
Burp SuiteDAST
open
5.8
critical
Log4Shell vulnerable dependency
CheckovIaC
triaged
4.3
medium
IAM role with wildcard permissions
TrivyContainer
accepted
5.5
medium
Open Redis without auth
DependabotSCA
open
6
medium
Container running as root
TruffleHogSecrets
false positive
4.2