Audit your Supabase project for RLS misconfigurations, exposed APIs, and insecure auth settings.
Supabase powers thousands of production apps, but its permissive defaults can leave your data wide open. Our scanner checks Row Level Security policies, exposed REST and Realtime endpoints, auth configuration, storage bucket permissions, and edge function security to ensure your Supabase backend is locked down.
Connects to your Supabase project and analyzes RLS policies on all tables, checks for publicly accessible data through the REST API, verifies auth settings (email confirmation, MFA enablement), audits storage bucket policies, and tests edge function authentication requirements.
Supabase exposes a public REST API by default, and without proper RLS policies, any authenticated (or anonymous) user can read, modify, or delete data from any table. This is the #1 security mistake in Supabase projects and has led to numerous data breaches in production applications.
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Detect exposed API keys, tokens, and secrets in your frontend code and responses.
Vulnerability DetectionTest your login, signup, and password reset flows for common security weaknesses.
Configuration AuditCheck Firebase Security Rules, authentication settings, and Firestore/RTDB access controls.