Handles PII
Posture
critical
0
high
5
medium
7
low
8
Ownership
Findings (22)
low
SQL Injection in user-input handler
Contrast RASPRASP
false positive
6.3
high
Cross-site Scripting in profile renderer
OWASP ZAPDAST
accepted
8.8
low
Container running as root
TrivyContainer
false positive
4.3
high
Hardcoded AWS access key in source
DependabotSCA
open
9.9
high
S3 bucket publicly readable
GrypeContainer
false positive
6
low
Open Redis without auth
DependabotSCA
triaged
4.3
info
Log4Shell vulnerable dependency
WizCSPM
open
5.2
medium
SSRF in webhook fetcher
WizCSPM
open
5.7
info
JWT signed with weak HS256 secret
OWASP ZAPDAST
accepted
7.8
low
Hardcoded AWS access key in source
Burp SuiteDAST
triaged
6.8
medium
Missing CSP header on auth pages
tfsecIaC
false positive
8.4
low
Open Redis without auth
Contrast RASPRASP
open
5
medium
S3 bucket publicly readable
SnykSCA
open
4.8
high
Race condition in payment idempotency
SnykSCA
open
5.8
medium
Open Redis without auth
Contrast RASPRASP
triaged
7.6
medium
Log4Shell vulnerable dependency
CodeQLSAST
accepted
8.6
low
Outdated lodash with prototype pollution
Burp Pro PenTestPenTest
triaged
4.4
medium
Missing CSP header on auth pages
Contrast RASPRASP
triaged
8.8