10 findings
| CRITICAL | OPEN | Object storage bucket is public | Storage | Cloud only | scw://bucket/prod-data-eu |
| CRITICAL | OPEN | RDS instance is publicly accessible | Database | DRIFT | arn:aws:rds:eu-west-1:123456789012:db:prod-orders |
| CRITICAL | OPEN | Kubernetes API server is exposed to 0.0.0.0/0 | Kubernetes | Cloud only | k8s-prod-eu |
| CRITICAL | OPEN | NSG allows RDP from internet | Network | Cloud only | azure://Microsoft.Network/networkSecurityGroups/prod-nsg |
| HIGH | OPEN | Instance has public IP with permissive security group | Compute | Cloud only | scw://instance/i-7f3b9a |
| HIGH | OPEN | Storage account allows HTTP traffic | Storage | Cloud only | azure://Microsoft.Storage/storageAccounts/prodeustorage |
| HIGH | OPEN | IAM role uses wildcard Action permissions | IAM | Cloud only | arn:aws:iam::123456789012:role/prod-deploy |
| HIGH | OPEN | SSH (port 22) open to the world | Network | DRIFT | arn:aws:ec2:eu-west-1:123456789012:security-group/sg-default-22 |
| MEDIUM | IGNORED | Function uses deprecated Node 14 runtime | Serverless | Cloud only | scw://function/eu-cleanup-cron |
| MEDIUM | IGNORED | CloudTrail log file validation is disabled | Logging | Cloud only | arn:aws:cloudtrail:eu-west-1:123456789012:trail/prod-trail |
