Posture
critical
1
high
7
medium
4
low
9
Ownership
Findings (21)
medium
IAM role with wildcard permissions
SonarQubeSAST
open
8.9
low
SQL Injection in user-input handler
Burp Pro PenTestPenTest
open
9.7
high
SSRF in webhook fetcher
Cloudflare WAFWAF
open
7.2
low
Missing CSP header on auth pages
CodeQLSAST
false positive
7.9
low
Outdated lodash with prototype pollution
SonarQubeSAST
triaged
4.9
medium
Race condition in payment idempotency
GitleaksSecrets
open
7.7
high
Hardcoded AWS access key in source
ProwlerCSPM
open
6.2
low
Outdated lodash with prototype pollution
CheckovIaC
accepted
5.8
medium
Log4Shell vulnerable dependency
Scout SuiteCSPM
triaged
8.8
high
Dependency confusion risk on internal package
Scout SuiteCSPM
false positive
8.7
low
Log4Shell vulnerable dependency
TrivyContainer
open
8.3
high
SSRF in webhook fetcher
Contrast RASPRASP
false positive
8.3
low
Outdated lodash with prototype pollution
CheckovIaC
triaged
9.1
high
Dependency confusion risk on internal package
GrypeContainer
triaged
9.9
low
SQL Injection in user-input handler
SnykSCA
triaged
6.6
critical
Container running as root
SemgrepSAST
triaged
7.8
high
Terraform module pins old AMI with CVEs
Cloudflare WAFWAF
open
9.6
low
Container running as root
TruffleHogSecrets
accepted
6.7
low
Missing CSP header on auth pages
GitleaksSecrets
open
5.3