Internet-exposed
Posture
critical
1
high
8
medium
4
low
4
Ownership
Findings (18)
high
Excessive Kubernetes RBAC privileges
DependabotSCA
triaged
7.6
high
Dependency confusion risk on internal package
TrivyContainer
open
8.9
info
SSRF in webhook fetcher
DependabotSCA
false positive
6.4
medium
Dependency confusion risk on internal package
Contrast RASPRASP
open
6.6
high
Hardcoded AWS access key in source
CodeQLSAST
false positive
9.8
high
Excessive Kubernetes RBAC privileges
DependabotSCA
triaged
6.4
low
Missing CSP header on auth pages
Cloudflare WAFWAF
open
4.3
low
Cross-site Scripting in profile renderer
tfsecIaC
open
9.6
high
Terraform module pins old AMI with CVEs
Cloudflare WAFWAF
open
5.4
low
Log4Shell vulnerable dependency
Scout SuiteCSPM
open
8.1
critical
Terraform module pins old AMI with CVEs
SnykSCA
open
5.4
high
Missing rate limiting on /login
SonarQubeSAST
open
9.5
medium
Dependency confusion risk on internal package
Contrast RASPRASP
triaged
6.9
low
Log4Shell vulnerable dependency
OWASP ZAPDAST
open
9.3
medium
IAM role with wildcard permissions
SonarQubeSAST
false positive
8.6
medium
Cross-site Scripting in profile renderer
Scout SuiteCSPM
triaged
9.7
high
Race condition in payment idempotency
TruffleHogSecrets
open
8.6
high
Dependency confusion risk on internal package
SnykSCA
accepted
8.3