I audited my own back ends on 5 BaaS

v1.0.0-action Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 23d Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

audit auditor cli security leak nodejs

+8 more

penetration-testing postgresql rls scanner security-audit supabase typescript vulnerability

ReleasePort's take

Light signal

editorial:auto 13d

The release adds a composite GitHub Action that runs npx supabase‑security, uploads HTML reports as artifacts, integrates with RLS Monitor webhooks, and includes a configurable fail‑on setting for critical findings.

Why it matters: If you use Supabase security scanning in CI/CD, test the new action in dev; enable fail‑on for critical findings to enforce policy immediately.

Summary

AI summary

New GitHub Action composes npx supabase-security execution and integrates with RLS Monitor webhook.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	New composite GitHub Action for Supabase security scanning New composite GitHub Action for Supabase security scanning Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Generates and uploads HTML security reports as artifacts Generates and uploads HTML security reports as artifacts Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Configurable fail-on parameter for critical security findings Configurable fail-on parameter for critical security findings Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Supports RLS Monitor webhook integration for findings Supports RLS Monitor webhook integration for findings Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Posts security findings to optional RLS Monitor webhook Posts security findings to optional RLS Monitor webhook Source: granite4.1:30b@2026-05-24-audit Confidence: low	—

Full changelog

Composite GitHub Action that runs npx supabase-security@latest with project-ref + PAT inputs. Posts findings to optional webhook (RLS Monitor integration). Uploads HTML report as workflow artifact.

Quickstart:

- uses: Perufitlife/[email protected]
  with:
    project-ref: ${{ vars.SUPABASE_PROJECT_REF }}
    pat: ${{ secrets.SUPABASE_PAT }}
    fail-on: critical

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track I audited my own back ends on 5 BaaS

Get notified when new releases ship.

About I audited my own back ends on 5 BaaS

All releases →