Posture
critical
1
high
8
medium
7
low
5
Ownership
Findings (27)
info
Container running as root
SemgrepSAST
open
6.9
info
Outdated lodash with prototype pollution
Cloudflare WAFWAF
false positive
7.4
low
Dependency confusion risk on internal package
DependabotSCA
accepted
7.2
critical
Terraform module pins old AMI with CVEs
WizCSPM
false positive
8.2
medium
Container running as root
CheckovIaC
open
9.6
high
Cross-site Scripting in profile renderer
CodeQLSAST
open
6.2
medium
Excessive Kubernetes RBAC privileges
OWASP ZAPDAST
accepted
8.5
high
Dependency confusion risk on internal package
Burp Pro PenTestPenTest
triaged
7.8
high
S3 bucket publicly readable
Scout SuiteCSPM
open
6.1
medium
Hardcoded AWS access key in source
ProwlerCSPM
triaged
4.3
high
Container running as root
DependabotSCA
open
6
high
S3 bucket publicly readable
ProwlerCSPM
open
5.6
medium
Missing rate limiting on /login
Burp SuiteDAST
open
8.3
medium
S3 bucket publicly readable
GitleaksSecrets
false positive
8
high
Unencrypted RDS snapshot
ProwlerCSPM
open
4.9
info
Container running as root
WizCSPM
open
4.6
medium
Insecure deserialization in message queue consumer
SonarQubeSAST
open
8.6
low
Outdated lodash with prototype pollution
TruffleHogSecrets
open
4.3
high
IAM role with wildcard permissions
CodeQLSAST
triaged
5.6
info
Cross-site Scripting in profile renderer
SnykSCA
open
5