Posture
critical
3
high
7
medium
10
low
3
Ownership
Findings (23)
critical
Cross-site Scripting in profile renderer
Contrast RASPRASP
open
4.5
medium
S3 bucket publicly readable
OWASP ZAPDAST
open
5
low
Unencrypted RDS snapshot
GrypeContainer
open
7.6
high
Cross-site Scripting in profile renderer
WizCSPM
open
8.9
medium
Outdated lodash with prototype pollution
Contrast RASPRASP
open
4.8
critical
Hardcoded AWS access key in source
TrivyContainer
false positive
6
high
Outdated lodash with prototype pollution
GrypeContainer
triaged
8.7
medium
Excessive Kubernetes RBAC privileges
CheckovIaC
open
6.3
medium
Insecure deserialization in message queue consumer
CodeQLSAST
triaged
6.6
medium
SQL Injection in user-input handler
SonarQubeSAST
open
7.4
high
Path traversal in file download endpoint
CheckovIaC
open
9.8
medium
IAM role with wildcard permissions
SnykSCA
open
6
medium
Path traversal in file download endpoint
TruffleHogSecrets
triaged
6.2
medium
SQL Injection in user-input handler
tfsecIaC
triaged
5.1
high
IAM role with wildcard permissions
DependabotSCA
open
6.4
high
Log4Shell vulnerable dependency
CodeQLSAST
accepted
8.1
critical
Dependency confusion risk on internal package
OWASP ZAPDAST
open
6
medium
Path traversal in file download endpoint
CheckovIaC
triaged
7.4
low
Missing CSP header on auth pages
CheckovIaC
open
4.5
high
Path traversal in file download endpoint
CheckmarxSAST
triaged
6.1
high
Dependency confusion risk on internal package
Scout SuiteCSPM
open
4.6