Handles PII
Posture
critical
3
high
1
medium
8
low
3
Ownership
Findings (18)
critical
Cross-site Scripting in profile renderer
SonarQubeSAST
triaged
9
low
Missing rate limiting on /login
tfsecIaC
open
9.1
medium
Missing CSP header on auth pages
SonarQubeSAST
open
9.4
medium
SSRF in webhook fetcher
SonarQubeSAST
false positive
9.4
medium
Missing rate limiting on /login
Contrast RASPRASP
triaged
6.6
low
Unencrypted RDS snapshot
CheckovIaC
accepted
9.8
info
SSRF in webhook fetcher
OWASP ZAPDAST
accepted
6
info
Excessive Kubernetes RBAC privileges
SemgrepSAST
accepted
7.5
critical
Unencrypted RDS snapshot
Scout SuiteCSPM
accepted
4.4
critical
Hardcoded AWS access key in source
Burp SuiteDAST
accepted
6.8
medium
Path traversal in file download endpoint
TruffleHogSecrets
open
6