Internet-exposed
Handles PII
Posture
critical
2
high
5
medium
6
low
7
Ownership
Findings (21)
low
Hardcoded AWS access key in source
TruffleHogSecrets
triaged
4.9
low
Insecure deserialization in message queue consumer
Burp SuiteDAST
accepted
8.6
medium
Path traversal in file download endpoint
TruffleHogSecrets
false positive
9
medium
JWT signed with weak HS256 secret
Burp Pro PenTestPenTest
triaged
4.6
low
Log4Shell vulnerable dependency
CodeQLSAST
accepted
4.7
info
Unencrypted RDS snapshot
Contrast RASPRASP
triaged
8
low
Hardcoded AWS access key in source
OWASP ZAPDAST
open
9.1
high
Path traversal in file download endpoint
SonarQubeSAST
open
8.8
medium
Unencrypted RDS snapshot
GitleaksSecrets
open
9.6
low
Outdated lodash with prototype pollution
TrivyContainer
triaged
8.3
medium
Log4Shell vulnerable dependency
DependabotSCA
open
5.5
low
Log4Shell vulnerable dependency
TruffleHogSecrets
open
6.5
high
Unencrypted RDS snapshot
Burp Pro PenTestPenTest
open
7.1
high
Container running as root
TruffleHogSecrets
accepted
9.4
high
JWT signed with weak HS256 secret
CheckovIaC
open
8.5