Posture
critical
3
high
3
medium
11
low
7
Ownership
Findings (27)
high
S3 bucket publicly readable
tfsecIaC
triaged
4.9
medium
Path traversal in file download endpoint
GrypeContainer
open
4.2
medium
Hardcoded AWS access key in source
OWASP ZAPDAST
open
6.2
high
Missing rate limiting on /login
Burp SuiteDAST
triaged
5.6
medium
IAM role with wildcard permissions
SonarQubeSAST
open
4.5
medium
Missing CSP header on auth pages
tfsecIaC
open
5.2
low
Missing rate limiting on /login
ProwlerCSPM
false positive
4.2
critical
Outdated lodash with prototype pollution
WizCSPM
triaged
6.5
low
Cross-site Scripting in profile renderer
ProwlerCSPM
false positive
6.4
medium
Log4Shell vulnerable dependency
CheckovIaC
accepted
4.5
info
SSRF in webhook fetcher
Burp Pro PenTestPenTest
triaged
8.8
medium
S3 bucket publicly readable
CodeQLSAST
accepted
7.1
medium
Terraform module pins old AMI with CVEs
Burp SuiteDAST
open
5.2
low
Race condition in payment idempotency
TrivyContainer
triaged
9.3
critical
Path traversal in file download endpoint
OWASP ZAPDAST
open
9.1
medium
Terraform module pins old AMI with CVEs
Burp Pro PenTestPenTest
open
8.5
low
Terraform module pins old AMI with CVEs
SemgrepSAST
triaged
10
low
Log4Shell vulnerable dependency
OWASP ZAPDAST
false positive
8.9
high
Outdated lodash with prototype pollution
SemgrepSAST
triaged
6.7
info
Cross-site Scripting in profile renderer
SnykSCA
open
9.8
critical
Dependency confusion risk on internal package
CodeQLSAST
open
9.5
low
Container running as root
Contrast RASPRASP
open
8.6
medium
S3 bucket publicly readable
CheckovIaC
accepted
7.8
low
S3 bucket publicly readable
DependabotSCA
triaged
7.4