Posture
critical
1
high
6
medium
5
low
3
Ownership
Findings (17)
medium
Log4Shell vulnerable dependency
ProwlerCSPM
triaged
7.5
high
Path traversal in file download endpoint
WizCSPM
triaged
5.9
low
JWT signed with weak HS256 secret
WizCSPM
open
6.4
medium
Dependency confusion risk on internal package
OWASP ZAPDAST
triaged
4.3
low
Hardcoded AWS access key in source
Burp Pro PenTestPenTest
triaged
9.2
medium
Outdated lodash with prototype pollution
WizCSPM
false positive
7.1
high
JWT signed with weak HS256 secret
TrivyContainer
triaged
6.7
info
Outdated lodash with prototype pollution
Cloudflare WAFWAF
triaged
7.4
high
Missing rate limiting on /login
Burp SuiteDAST
open
9.8
high
Race condition in payment idempotency
SemgrepSAST
accepted
4.2
info
Hardcoded AWS access key in source
CheckmarxSAST
open
9.5
critical
Container running as root
SonarQubeSAST
open
5.5