rls audit friday

i found 14 critical leaks in my own supabase CRM. yours probably has some too.

same-week supabase security audit. send me a read-only PAT monday, get a fix-ready report by friday EOD. $99 flat.

one-time payment. money back if i find nothing real.

i built supabase-security (open source, ~1500 weekly npm downloads), then ran it against my own production CRM that i'd been running for 14 months. the dashboard said RLS was on. every policy was USING (true). every table anonymously readable. 14 critical findings i had missed for over a year.

if it happened on a project i wrote and ship security tooling for, it's almost certainly happening on yours. this service runs the same audit against your project, by hand, and ships you the report.

what you actually get

full supabase-security audit run against your project (read-only PAT, never leaves my machine, revoked when done)
HTML + PDF report with every leaky table, anon-readable storage bucket, missing RLS policy, SECURITY DEFINER misconfig, and any exposed service-role-key usage
curl reproducer for every finding so you can verify it's real, not inferred
SQL fixes ranked by severity, CRITICAL first
14 days of email follow-up if a fix needs clarification
money back if there's no real finding

how it works

pay + send a read-only PAT

after checkout you get an email asking for a supabase personal access token scoped to a single project, read-only. takes 2 minutes to create in your dashboard.

i audit by hand

i run the supabase-security toolchain plus a manual review of every table, storage bucket, function, and policy. i write a curl reproducer for each real finding.

report by friday EOD

monday in, friday out. PDF with severities ranked, SQL fixes copy-pasteable. then i revoke the token and delete the data.

real proof

the whole story of finding 14 leaks in my own CRM is written up here:

i built a supabase security tool, then found 14 critical leaks in my own production CRM

the underlying tool is open source:

github.com/Perufitlife/supabase-security

~1500

weekly npm downloads

leaks found in my own CRM

5 days

monday in, friday out

FAQ

can i just use the free tool?

yes. it's MIT licensed at github.com/Perufitlife/supabase-security. install it, run it, read the output, fix the SQL. but it's faster to pay me $99 and skip the install, the false-positive triage, and the "wait is this actually exploitable" debugging.

what do you need from me?

a supabase personal access token, scoped to one project, read-only. that's it. no source code, no env files, no credentials beyond the PAT. i revoke it the moment the report ships.

what if you find nothing?

full refund. i'd rather refund $99 than send a fake report with invented findings. that said, in every real-world supabase project i've audited so far, the tool has found at least one critical leak.

what about scope? is this every supabase product?

this audit covers: postgres tables (RLS policies + privileges), storage buckets (anonymous read/write), database functions (SECURITY DEFINER risk), and exposed service-role usage patterns. it doesn't cover edge function code review or auth config tuning — happy to quote that separately if you need it.

ready?

monday in, friday out. one fixed price, one PDF, real findings or your money back.

buy the audit — $99

questions first? email hello@rotatepilot.com