The Metrics page is misleading in that insecure, open ports are not listed as a vulnerability there so at a glance it appears there are no issues.