Posture
critical
1
high
10
medium
8
low
6
Ownership
Findings (29)
medium
JWT signed with weak HS256 secret
Contrast RASPRASP
accepted
6.2
medium
Hardcoded AWS access key in source
Cloudflare WAFWAF
open
7.2
high
Missing rate limiting on /login
GitleaksSecrets
open
7
info
SQL Injection in user-input handler
GitleaksSecrets
triaged
6.2
high
Excessive Kubernetes RBAC privileges
Burp Pro PenTestPenTest
triaged
10
low
SQL Injection in user-input handler
Scout SuiteCSPM
accepted
4.8
info
Path traversal in file download endpoint
TruffleHogSecrets
false positive
7.7
high
JWT signed with weak HS256 secret
SonarQubeSAST
triaged
6.9
info
Log4Shell vulnerable dependency
TruffleHogSecrets
open
4.2
high
JWT signed with weak HS256 secret
GrypeContainer
accepted
8.9
low
Path traversal in file download endpoint
GrypeContainer
open
6.5
high
Missing rate limiting on /login
SemgrepSAST
false positive
7
low
JWT signed with weak HS256 secret
CheckmarxSAST
open
8.8
medium
S3 bucket publicly readable
Contrast RASPRASP
open
7.3
medium
Dependency confusion risk on internal package
CodeQLSAST
triaged
8.9
medium
Insecure deserialization in message queue consumer
TruffleHogSecrets
triaged
6.7
high
Cross-site Scripting in profile renderer
Contrast RASPRASP
accepted
8.6
info
Insecure deserialization in message queue consumer
SnykSCA
accepted
10
high
Cross-site Scripting in profile renderer
GrypeContainer
open
7.2
medium
Path traversal in file download endpoint
CodeQLSAST
triaged
4.3
medium
Dependency confusion risk on internal package
CheckovIaC
open
5.1
high
Outdated lodash with prototype pollution
SonarQubeSAST
open
7.3
low
Log4Shell vulnerable dependency
CheckovIaC
triaged
4.3
medium
Path traversal in file download endpoint
TrivyContainer
open
6.3
high
SSRF in webhook fetcher
OWASP ZAPDAST
open
6.1
high
Cross-site Scripting in profile renderer
OWASP ZAPDAST
triaged
8.9