Posture
critical
1
high
4
medium
6
low
4
Ownership
Findings (18)
medium
Missing rate limiting on /login
GrypeContainer
open
7.5
info
Cross-site Scripting in profile renderer
Burp Pro PenTestPenTest
accepted
5.6
info
Container running as root
Burp Pro PenTestPenTest
open
8.9
low
Terraform module pins old AMI with CVEs
tfsecIaC
open
9.4
medium
SSRF in webhook fetcher
CodeQLSAST
open
7.5
medium
Missing CSP header on auth pages
SnykSCA
open
7.1
high
Open Redis without auth
GitleaksSecrets
triaged
5.7
info
S3 bucket publicly readable
GrypeContainer
accepted
6
medium
Missing rate limiting on /login
SnykSCA
triaged
7.6
high
Insecure deserialization in message queue consumer
TruffleHogSecrets
accepted
4.9
low
Race condition in payment idempotency
Burp Pro PenTestPenTest
open
9.4
medium
JWT signed with weak HS256 secret
SemgrepSAST
open
4.9
critical
Terraform module pins old AMI with CVEs
Scout SuiteCSPM
open
8.8
high
S3 bucket publicly readable
TruffleHogSecrets
triaged
5.2
medium
Unencrypted RDS snapshot
SnykSCA
open
9.1
high
Container running as root
SonarQubeSAST
triaged
5.7