Posture
critical
2
high
2
medium
4
low
9
Ownership
Findings (19)
low
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
accepted
5.4
info
Unencrypted RDS snapshot
DependabotSCA
open
8.3
high
JWT signed with weak HS256 secret
TruffleHogSecrets
false positive
7.1
medium
Outdated lodash with prototype pollution
DependabotSCA
open
4.6
low
Missing CSP header on auth pages
SemgrepSAST
triaged
5.9
low
Excessive Kubernetes RBAC privileges
SemgrepSAST
triaged
9.6
low
SQL Injection in user-input handler
Burp SuiteDAST
open
4.4
medium
Unencrypted RDS snapshot
ProwlerCSPM
false positive
7.5
high
Unencrypted RDS snapshot
Burp Pro PenTestPenTest
false positive
6.2
medium
Log4Shell vulnerable dependency
DependabotSCA
accepted
5.8
low
Container running as root
GitleaksSecrets
open
8
low
Hardcoded AWS access key in source
Burp SuiteDAST
open
7
critical
Open Redis without auth
Contrast RASPRASP
open
7.5
critical
Unencrypted RDS snapshot
OWASP ZAPDAST
open
5.4
medium
SSRF in webhook fetcher
Burp SuiteDAST
accepted
4.4
info
Terraform module pins old AMI with CVEs
Contrast RASPRASP
open
8.5