Handles PII
Posture
critical
2
high
5
medium
7
low
6
Ownership
Findings (23)
info
SSRF in webhook fetcher
ProwlerCSPM
triaged
7.2
info
Race condition in payment idempotency
SnykSCA
accepted
8.8
medium
Missing CSP header on auth pages
Burp Pro PenTestPenTest
triaged
6.1
low
Dependency confusion risk on internal package
Contrast RASPRASP
open
7.1
critical
IAM role with wildcard permissions
Cloudflare WAFWAF
open
5.3
high
Outdated lodash with prototype pollution
SonarQubeSAST
open
4.6
medium
IAM role with wildcard permissions
TrivyContainer
accepted
4.8
medium
Insecure deserialization in message queue consumer
SnykSCA
triaged
9.6
low
Hardcoded AWS access key in source
Contrast RASPRASP
false positive
5.1
info
Missing rate limiting on /login
TruffleHogSecrets
open
9.1
low
Race condition in payment idempotency
GrypeContainer
triaged
6.3
high
IAM role with wildcard permissions
CheckovIaC
open
5.2
critical
Outdated lodash with prototype pollution
SonarQubeSAST
open
9.1
low
IAM role with wildcard permissions
Scout SuiteCSPM
open
5.2
low
Path traversal in file download endpoint
Burp SuiteDAST
triaged
7.8
high
Log4Shell vulnerable dependency
Burp SuiteDAST
open
6.2
medium
Missing CSP header on auth pages
GitleaksSecrets
triaged
6
low
Path traversal in file download endpoint
TrivyContainer
accepted
8.2
medium
Log4Shell vulnerable dependency
SnykSCA
open
5.9
high
S3 bucket publicly readable
ProwlerCSPM
open
7.8