Security & Code Audit for Supabase Projects

CodeAudit.dev checks your Supabase codebase for the vulnerabilities, performance issues, and architecture problems most common to Supabase applications.

JOIN WAITLIST

Common Supabase Issues

Row-Level Security (RLS) disabled on public tables

Anon key exposed with elevated database permissions

Missing auth checks on Supabase Edge Functions

Overly permissive storage bucket policies

Insecure direct database connections

Lack of validation in database triggers

Exposing the service_role key to clients

Example Finding

[Critical]

Row-Level Security (RLS) Disabled on Public Table

A table in the public schema has RLS disabled. Since Supabase exposes a public REST API, anyone with the anonymous key can read, modify, or delete all records in this table.

Fix:Enable RLS on the table immediately and write appropriate policies to restrict SELECT, INSERT, UPDATE, and DELETE operations based on the auth.uid().

Why Supabase Projects Need Specialized Checks

Supabase empowers developers to build incredibly fast by exposing the database directly to the client. However, this shifts the security burden to your database schema. Forgetting to enable Row-Level Security (RLS) or writing a flawed policy can instantly expose your entire database to the world. CodeAudit analyzes your SQL migrations and client code to guarantee your data is locked down.

Frequently Asked Questions

How does CodeAudit check Supabase configurations?

We analyze your SQL migration files and client-side Supabase queries to identify missing RLS policies and insecure access patterns.

Does it check Edge Functions?

Yes. We scan your Deno Edge Functions for missing authorization checks and hardcoded secrets.

Ready to secure your Supabase app?

Join the waitlist to get early access to CodeAudit.dev and make sure your code is production-ready.

JOIN WAITLIST