Internet-exposed
Posture
critical
2
high
6
medium
6
low
5
Ownership
Findings (23)
high
Terraform module pins old AMI with CVEs
Cloudflare WAFWAF
open
6.7
medium
Missing rate limiting on /login
Scout SuiteCSPM
triaged
6.3
medium
Open Redis without auth
Cloudflare WAFWAF
open
5.8
high
Hardcoded AWS access key in source
Cloudflare WAFWAF
open
9.6
medium
Missing rate limiting on /login
SemgrepSAST
accepted
4.7
low
Insecure deserialization in message queue consumer
Scout SuiteCSPM
triaged
4.8
critical
Dependency confusion risk on internal package
Cloudflare WAFWAF
open
6.7
high
Hardcoded AWS access key in source
Burp SuiteDAST
open
8.5
high
Insecure deserialization in message queue consumer
ProwlerCSPM
triaged
8.8
high
Race condition in payment idempotency
Cloudflare WAFWAF
false positive
4.4
low
Insecure deserialization in message queue consumer
Contrast RASPRASP
triaged
6.8
info
Missing CSP header on auth pages
TruffleHogSecrets
open
5.6
critical
Missing CSP header on auth pages
SonarQubeSAST
open
6.9
high
SSRF in webhook fetcher
Burp SuiteDAST
open
6.1
medium
Excessive Kubernetes RBAC privileges
GrypeContainer
triaged
7.6
medium
Excessive Kubernetes RBAC privileges
Burp Pro PenTestPenTest
open
4.4
medium
S3 bucket publicly readable
GitleaksSecrets
accepted
4.6
low
JWT signed with weak HS256 secret
SonarQubeSAST
open
5