Files
wehub-resource-sync bb5c75ce05
Component Security Validation / Security Audit (push) Has been cancelled
Deploy to Cloudflare Pages / deploy (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:38:58 +08:00

2.3 KiB


allowed-tools: Read, Write, Edit, Bash argument-hint: [audit-scope] | --rls | --permissions | --auth | --api-keys | --comprehensive description: Conduct comprehensive Supabase security audit with RLS analysis and vulnerability assessment

Supabase Security Audit

Conduct comprehensive Supabase security audit with RLS policy analysis and vulnerability assessment: $ARGUMENTS

Current Security Context

  • Supabase access: MCP integration for security analysis and policy review
  • RLS policies: Current Row Level Security implementation and policy effectiveness
  • Auth configuration: !find . -name "*auth*" -o -name "*supabase*" | grep -E "\\.(js|ts|json)$" | head -5 authentication setup
  • API security: Current API key management and access control implementation

Task

Execute comprehensive security audit with vulnerability assessment and policy optimization:

Audit Scope: Use $ARGUMENTS to focus on RLS policies, permission analysis, authentication security, API key management, or comprehensive security review

Security Audit Framework:

  1. RLS Policy Analysis - Review Row Level Security policies, test policy effectiveness, identify policy gaps, optimize policy performance
  2. Permission Assessment - Analyze table permissions, review role-based access, validate permission hierarchies, identify over-privileged access
  3. Authentication Security - Review auth configuration, analyze JWT security, validate session management, assess multi-factor authentication
  4. API Key Management - Audit API key usage, review key rotation policies, validate key scoping, assess exposure risks
  5. Data Protection - Analyze sensitive data handling, review encryption implementation, validate data masking, assess backup security
  6. Vulnerability Scanning - Identify security vulnerabilities, assess injection risks, review CORS configuration, validate rate limiting

Advanced Features: Automated security testing, policy simulation, vulnerability scoring, compliance checking, security monitoring setup.

Compliance Integration: GDPR compliance checking, SOC2 requirements validation, security best practices enforcement, audit trail analysis.

Output: Comprehensive security audit report with vulnerability assessments, policy recommendations, security improvements, and compliance validation.