Internet-exposed
Posture
critical
2
high
4
medium
10
low
4
Ownership
Findings (22)
high
Unencrypted RDS snapshot
WizCSPM
open
7.8
medium
Dependency confusion risk on internal package
CheckovIaC
false positive
6.6
low
Terraform module pins old AMI with CVEs
Scout SuiteCSPM
triaged
9.8
info
IAM role with wildcard permissions
DependabotSCA
triaged
5.6
medium
Hardcoded AWS access key in source
Burp SuiteDAST
triaged
7.7
high
SSRF in webhook fetcher
CheckovIaC
triaged
8
medium
Outdated lodash with prototype pollution
Burp Pro PenTestPenTest
false positive
5.9
medium
IAM role with wildcard permissions
tfsecIaC
open
5.6
info
Missing rate limiting on /login
CheckovIaC
open
7.3
medium
Open Redis without auth
WizCSPM
accepted
8
critical
JWT signed with weak HS256 secret
GrypeContainer
false positive
8.9
medium
Missing rate limiting on /login
TrivyContainer
accepted
9.9
medium
Missing rate limiting on /login
CheckmarxSAST
open
9
medium
Open Redis without auth
Cloudflare WAFWAF
triaged
4
medium
SQL Injection in user-input handler
WizCSPM
false positive
5.8
critical
Outdated lodash with prototype pollution
GitleaksSecrets
false positive
5.2
low
IAM role with wildcard permissions
Burp Pro PenTestPenTest
open
8.8
high
Hardcoded AWS access key in source
Burp SuiteDAST
open
6.8