Internet-exposed
Posture
critical
2
high
5
medium
10
low
6
Ownership
Findings (29)
low
Terraform module pins old AMI with CVEs
CheckmarxSAST
triaged
8.2
medium
Container running as root
SonarQubeSAST
false positive
7.1
high
SSRF in webhook fetcher
TrivyContainer
open
7.6
low
IAM role with wildcard permissions
SnykSCA
triaged
9.9
medium
Outdated lodash with prototype pollution
tfsecIaC
triaged
9.5
high
Missing CSP header on auth pages
tfsecIaC
open
4.4
info
SQL Injection in user-input handler
Burp Pro PenTestPenTest
triaged
5.7
critical
Missing rate limiting on /login
Contrast RASPRASP
false positive
8.8
info
Missing CSP header on auth pages
Cloudflare WAFWAF
false positive
8.2
medium
SQL Injection in user-input handler
tfsecIaC
false positive
4.1
info
Terraform module pins old AMI with CVEs
Burp SuiteDAST
false positive
4.4
info
Outdated lodash with prototype pollution
SemgrepSAST
accepted
8.9
medium
Race condition in payment idempotency
CheckmarxSAST
open
8.4
medium
Race condition in payment idempotency
OWASP ZAPDAST
false positive
4.5
low
JWT signed with weak HS256 secret
tfsecIaC
open
7.1
medium
Container running as root
DependabotSCA
triaged
9.4
high
SSRF in webhook fetcher
TruffleHogSecrets
open
4.2
low
Path traversal in file download endpoint
TrivyContainer
open
7.3
low
IAM role with wildcard permissions
Contrast RASPRASP
open
8
high
Excessive Kubernetes RBAC privileges
ProwlerCSPM
false positive
4.1
medium
Insecure deserialization in message queue consumer
TrivyContainer
open
9.2
critical
Open Redis without auth
Scout SuiteCSPM
accepted
9.6