Posture
critical
3
high
2
medium
10
low
3
Ownership
Findings (21)
high
Outdated lodash with prototype pollution
TruffleHogSecrets
open
9.9
medium
Dependency confusion risk on internal package
TrivyContainer
false positive
5.2
medium
IAM role with wildcard permissions
WizCSPM
triaged
7
medium
IAM role with wildcard permissions
TruffleHogSecrets
open
4.7
critical
SSRF in webhook fetcher
ProwlerCSPM
triaged
5
low
Unencrypted RDS snapshot
CheckovIaC
open
6.9
critical
Open Redis without auth
CheckovIaC
open
6.1
medium
Missing rate limiting on /login
tfsecIaC
open
7.4
medium
Hardcoded AWS access key in source
CheckovIaC
false positive
8.1
high
Insecure deserialization in message queue consumer
DependabotSCA
open
5.1
medium
Open Redis without auth
TruffleHogSecrets
triaged
7.2
low
Path traversal in file download endpoint
TruffleHogSecrets
triaged
7.9
info
IAM role with wildcard permissions
SnykSCA
open
9.1
info
Dependency confusion risk on internal package
GrypeContainer
false positive
6.1