SymbioticSec

SymbioticSec / vibe-scanner

Public

Security scanner for Supabase and Lovable projects. Audits Row Level Security (RLS) policies.

16
0
100% credibility
Found Mar 06, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Vibe-Scanner is a security auditing tool that analyzes Row Level Security configurations in Supabase and Lovable projects from local migration files or live databases to detect common vulnerabilities and misconfigurations.

How It Works

1
🔍 Discover the scanner

You find a free tool that checks your database setup for hidden security risks, perfect for Supabase or Lovable projects.

2
💻 Get it ready

Download and set up the scanner on your computer in just a few moments.

3
Pick your scan way
📁
Use local files

Feed it your project's setup files from your computer.

🌐
Check live database

Connect safely to your online database for a full real-time review.

4
🚀 Run the security check

Press go and let it automatically review everything for weak spots and mistakes.

5
📊 See your results

Get a friendly report highlighting issues by importance, with simple fix ideas.

Project protected

Follow the tips to strengthen your database, and sleep better knowing your data is safe.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vibe-scanner?

Vibe-scanner is an open source security scanner github repository that audits Row Level Security (RLS) policies in Supabase and Lovable projects. It analyzes SQL migrations locally or queries live databases remotely via Supabase Management API or Lovable proxy, flagging 62 common misconfigurations like missing policies, tautologies such as USING(true), and exposed sensitive columns. Built in Python, it outputs rich console reports, JSON, Markdown, or Mermaid diagrams for ER and security flows, with CLI commands like `uv run rls-scanner ./supabase/ -o json`.

Why is it gaining traction?

Unlike generic github security scanning tools, vibe-scanner zeroes in on Postgres RLS anti-patterns with remote scanning that catches deployed issues invisible in migrations, like BYPASSRLS roles or realtime publications without restrictions. It exits with code 1 on critical/high findings for easy security github actions integration, supports custom rules via YAML, and visualizes policy graphs—perfect for CI/CD pipelines or pre-deploy checks. Developers grab it for its Supabase-specific depth without needing full github security advisories setup.

Who should use this?

Supabase backend engineers securing user data with RLS, especially those managing Lovable apps or multi-tenant Postgres setups. Security teams auditing scanner vibe app scanner configs before production, or indie devs spotting leaks in storage.objects tables. Ideal for anyone tired of manual policy reviews in growing codebases.

Verdict

Grab it if you're deep in Supabase—it's a focused security scanner software that delivers immediate value via remote scans and CI hooks. With only 16 stars and 1.0% credibility score, it's early-stage (solid README, no tests visible), so pair with manual review; treat as a vibe check, not sole defense.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.