Posture
critical
2
high
2
medium
7
low
3
Ownership
Findings (16)
high
S3 bucket publicly readable
Burp SuiteDAST
open
8.6
medium
SSRF in webhook fetcher
Burp SuiteDAST
open
5.5
low
Cross-site Scripting in profile renderer
DependabotSCA
triaged
9
low
Race condition in payment idempotency
Contrast RASPRASP
open
6.1
medium
Insecure deserialization in message queue consumer
SemgrepSAST
triaged
9.3
medium
Cross-site Scripting in profile renderer
TrivyContainer
open
6.9
critical
SSRF in webhook fetcher
Burp SuiteDAST
accepted
5.4
info
Cross-site Scripting in profile renderer
TruffleHogSecrets
open
8.2
critical
IAM role with wildcard permissions
DependabotSCA
open
5.8
high
Terraform module pins old AMI with CVEs
CodeQLSAST
open
5
medium
Missing CSP header on auth pages
CheckmarxSAST
open
5.7
medium
Log4Shell vulnerable dependency
SonarQubeSAST
open
7.7