Internet-exposed
Posture
critical
7
high
1
medium
3
low
6
Ownership
Findings (19)
low
SQL Injection in user-input handler
OWASP ZAPDAST
open
7.5
low
S3 bucket publicly readable
GitleaksSecrets
open
5.6
critical
Hardcoded AWS access key in source
CheckovIaC
open
7.3
critical
Missing CSP header on auth pages
Scout SuiteCSPM
open
8.2
critical
Unencrypted RDS snapshot
SemgrepSAST
open
8.7
info
Excessive Kubernetes RBAC privileges
ProwlerCSPM
accepted
8.5
low
Dependency confusion risk on internal package
SnykSCA
false positive
5.7
medium
Container running as root
TrivyContainer
accepted
6.9
low
Excessive Kubernetes RBAC privileges
SnykSCA
open
5.4
medium
Path traversal in file download endpoint
SemgrepSAST
open
7.3
low
Cross-site Scripting in profile renderer
ProwlerCSPM
open
8.8
info
Excessive Kubernetes RBAC privileges
Scout SuiteCSPM
open
6.8
medium
Log4Shell vulnerable dependency
ProwlerCSPM
open
8.4
high
Terraform module pins old AMI with CVEs
ProwlerCSPM
triaged
4.3
critical
Dependency confusion risk on internal package
Contrast RASPRASP
open
9.9
low
SSRF in webhook fetcher
GrypeContainer
open
5.6