- table:
  - rowgroup:
    - row "Select all issues Level Issue Action":
      - cell "Select all issues":
        - checkbox "Select all issues"
      - cell "Level"
      - cell "Issue"
      - cell "Action"
  - rowgroup:
    - 'row "Select SQL Injection in User Lookup critical SQL Injection in User Lookup What: User input flows directly into database queries without validation, allowing attackers to execute arbitrary SQL commands Risk: An attac... Show more Fix Issue"':
      - cell "Select SQL Injection in User Lookup":
        - checkbox "Select SQL Injection in User Lookup"
      - cell "critical":
        - img
      - 'cell "SQL Injection in User Lookup What: User input flows directly into database queries without validation, allowing attackers to execute arbitrary SQL commands Risk: An attac... Show more"':
        - 'button "SQL Injection in User Lookup What: User input flows directly into database queries without validation, allowing attackers to execute arbitrary SQL commands Risk: An attac... Show more"':
          - paragraph:
            - strong: What
            - text: ": User input flows directly into database queries without validation, allowing attackers to execute arbitrary SQL commands"
          - paragraph:
            - strong: Risk
            - text: ": An attac..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select Hardcoded AWS Credentials in Source Code critical Hardcoded AWS Credentials in Source Code What: AWS access keys are stored directly in the codebase and committed to version control, exposing full cloud infrastructure access Risk: A... Show more Fix Issue"':
      - cell "Select Hardcoded AWS Credentials in Source Code":
        - checkbox "Select Hardcoded AWS Credentials in Source Code"
      - cell "critical":
        - img
      - 'cell "Hardcoded AWS Credentials in Source Code What: AWS access keys are stored directly in the codebase and committed to version control, exposing full cloud infrastructure access Risk: A... Show more"':
        - 'button "Hardcoded AWS Credentials in Source Code What: AWS access keys are stored directly in the codebase and committed to version control, exposing full cloud infrastructure access Risk: A... Show more"':
          - paragraph:
            - strong: What
            - text: ": AWS access keys are stored directly in the codebase and committed to version control, exposing full cloud infrastructure access"
          - paragraph:
            - strong: Risk
            - text: ": A..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select Missing Authentication on Admin Endpoints high Missing Authentication on Admin Endpoints What: Administrative API endpoints can be accessed without authentication, relying only on URL obscurity Risk: An attacker who discovers thes... Show more Fix Issue"':
      - cell "Select Missing Authentication on Admin Endpoints":
        - checkbox "Select Missing Authentication on Admin Endpoints"
      - cell "high":
        - img
      - 'cell "Missing Authentication on Admin Endpoints What: Administrative API endpoints can be accessed without authentication, relying only on URL obscurity Risk: An attacker who discovers thes... Show more"':
        - 'button "Missing Authentication on Admin Endpoints What: Administrative API endpoints can be accessed without authentication, relying only on URL obscurity Risk: An attacker who discovers thes... Show more"':
          - paragraph:
            - strong: What
            - text: ": Administrative API endpoints can be accessed without authentication, relying only on URL obscurity"
          - paragraph:
            - strong: Risk
            - text: ": An attacker who discovers thes..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select JWT Secret Using Default Value high JWT Secret Using Default Value What: The application uses a hardcoded default JWT secret (\"your-secret-key\") for signing authentication tokens Risk: Attackers can forge val... Show more Fix Issue"':
      - cell "Select JWT Secret Using Default Value":
        - checkbox "Select JWT Secret Using Default Value"
      - cell "high":
        - img
      - 'cell "JWT Secret Using Default Value What: The application uses a hardcoded default JWT secret (\"your-secret-key\") for signing authentication tokens Risk: Attackers can forge val... Show more"':
        - 'button "JWT Secret Using Default Value What: The application uses a hardcoded default JWT secret (\"your-secret-key\") for signing authentication tokens Risk: Attackers can forge val... Show more"':
          - paragraph:
            - strong: What
            - text: ": The application uses a hardcoded default JWT secret (\"your-secret-key\") for signing authentication tokens"
          - paragraph:
            - strong: Risk
            - text: ": Attackers can forge val..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select Unvalidated File Upload Extensions medium Unvalidated File Upload Extensions What: The file upload endpoint accepts any file type without validating extensions or content, only checking file size Risk: An attacker coul... Show more Fix Issue"':
      - cell "Select Unvalidated File Upload Extensions":
        - checkbox "Select Unvalidated File Upload Extensions"
      - cell "medium":
        - img
      - 'cell "Unvalidated File Upload Extensions What: The file upload endpoint accepts any file type without validating extensions or content, only checking file size Risk: An attacker coul... Show more"':
        - 'button "Unvalidated File Upload Extensions What: The file upload endpoint accepts any file type without validating extensions or content, only checking file size Risk: An attacker coul... Show more"':
          - paragraph:
            - strong: What
            - text: ": The file upload endpoint accepts any file type without validating extensions or content, only checking file size"
          - paragraph:
            - strong: Risk
            - text: ": An attacker coul..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select Missing CSRF Protection on State-Changing Operations medium Missing CSRF Protection on State-Changing Operations What: POST, PUT, and DELETE endpoints don''t implement CSRF tokens, making them vulnerable to cross-site request forgery attacks Risk: An atta... Show more Fix Issue"':
      - cell "Select Missing CSRF Protection on State-Changing Operations":
        - checkbox "Select Missing CSRF Protection on State-Changing Operations"
      - cell "medium":
        - img
      - 'cell "Missing CSRF Protection on State-Changing Operations What: POST, PUT, and DELETE endpoints don''t implement CSRF tokens, making them vulnerable to cross-site request forgery attacks Risk: An atta... Show more"':
        - 'button "Missing CSRF Protection on State-Changing Operations What: POST, PUT, and DELETE endpoints don''t implement CSRF tokens, making them vulnerable to cross-site request forgery attacks Risk: An atta... Show more"':
          - paragraph:
            - strong: What
            - text: ": POST, PUT, and DELETE endpoints don't implement CSRF tokens, making them vulnerable to cross-site request forgery attacks"
          - paragraph:
            - strong: Risk
            - text: ": An atta..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select Verbose Error Messages Expose Stack Traces low Verbose Error Messages Expose Stack Traces What: Production error responses include full stack traces and internal file paths that are sent to end users Risk: Attackers can use this in... Show more Fix Issue"':
      - cell "Select Verbose Error Messages Expose Stack Traces":
        - checkbox "Select Verbose Error Messages Expose Stack Traces"
      - cell "low":
        - img
      - 'cell "Verbose Error Messages Expose Stack Traces What: Production error responses include full stack traces and internal file paths that are sent to end users Risk: Attackers can use this in... Show more"':
        - 'button "Verbose Error Messages Expose Stack Traces What: Production error responses include full stack traces and internal file paths that are sent to end users Risk: Attackers can use this in... Show more"':
          - paragraph:
            - strong: What
            - text: ": Production error responses include full stack traces and internal file paths that are sent to end users"
          - paragraph:
            - strong: Risk
            - text: ": Attackers can use this in..."
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"
    - 'row "Select Missing Security Headers low Missing Security Headers What: The application doesn''t set recommended security headers like `X-Frame-Options`, `X-Content-Type-Options`, and `Strict-Transport-Security` ... Show more Fix Issue"':
      - cell "Select Missing Security Headers":
        - checkbox "Select Missing Security Headers"
      - cell "low":
        - img
      - 'cell "Missing Security Headers What: The application doesn''t set recommended security headers like `X-Frame-Options`, `X-Content-Type-Options`, and `Strict-Transport-Security` ... Show more"':
        - 'button "Missing Security Headers What: The application doesn''t set recommended security headers like `X-Frame-Options`, `X-Content-Type-Options`, and `Strict-Transport-Security` ... Show more"':
          - paragraph:
            - strong: What
            - text: ": The application doesn't set recommended security headers like"
            - code: "`X-Frame-Options`"
            - text: ","
            - code: "`X-Content-Type-Options`"
            - text: ", and"
            - code: "`Strict-Transport-Security`"
          - paragraph: ...
          - button "Show more":
            - img
      - cell "Fix Issue":
        - button "Fix Issue"