supabase-report-compare
52
总安装量
52
周安装量
#4094
全站排名
安装命令
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-report-compare
Agent 安装分布
claude-code
46
codex
27
opencode
27
antigravity
21
cursor
20
Skill 文档
Report Comparison
This skill compares two security audit reports to track progress over time.
When to Use This Skill
- After fixing vulnerabilities, to verify remediation
- For periodic security reviews
- To track security posture over time
- To identify regression (new vulnerabilities)
Prerequisites
- Two audit reports in Markdown format
- Reports should be from the same project
Usage
Basic Comparison
Compare security reports old-report.md and new-report.md
With Specific Paths
Compare reports/audit-v1.md with reports/audit-v2.md
Output Format
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
SECURITY AUDIT COMPARISON
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Previous Audit: January 15, 2025
Current Audit: January 31, 2025
Days Between: 16 days
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Score Comparison
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Previous Score: 35/100 (Grade: D)
Current Score: 72/100 (Grade: C)
Improvement: +37 points â¬ï¸
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â Score Progress â
â â
â 100 ⤠â
â 80 ⤠ââââââââ 72 â
â 60 ⤠ââââââââ â
â 40 ⤠ââââââââ 35 ââââââââ â
â 20 ⤠ââââââââ ââââââââ â
â 0 â´âââââââââââââââââââââââââââââââââââââââââââââââ â
â Jan 15 Jan 31 â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Findings Summary
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
| Status | P0 | P1 | P2 | Total |
|-------------|-----|-----|-----|-------|
| Previous | 3 | 4 | 5 | 12 |
| Current | 0 | 2 | 4 | 6 |
| Fixed | 3 | 2 | 2 | 7 |
| New | 0 | 0 | 1 | 1 |
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Fixed Vulnerabilities â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
P0 (Critical) - ALL FIXED! ð
â
P0-001: Service Role Key Exposed
Status: FIXED
Resolution: Key rotated, removed from client code
Fixed on: January 16, 2025
â
P0-002: Database Backups Publicly Accessible
Status: FIXED
Resolution: Bucket made private, files deleted
Fixed on: January 16, 2025
â
P0-003: Admin Function Privilege Escalation
Status: FIXED
Resolution: Added admin role verification
Fixed on: January 17, 2025
P1 (High) - 2 of 4 Fixed
â
P1-001: Email Confirmation Disabled
Status: FIXED
Resolution: Email confirmation now required
Fixed on: January 20, 2025
â
P1-002: IDOR in get-user-data Function
Status: FIXED
Resolution: Added user ownership verification
Fixed on: January 18, 2025
P2 (Medium) - 2 of 5 Fixed
â
P2-001: Weak Password Policy
Status: FIXED
Resolution: Minimum length increased to 10
Fixed on: January 22, 2025
â
P2-003: Disposable Emails Accepted
Status: FIXED
Resolution: Email validation added
Fixed on: January 25, 2025
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Remaining Vulnerabilities â ï¸
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
P1 (High) - 2 Remaining
ð P1-003: User Enumeration via Timing Attack
Status: OPEN (16 days)
Priority: Address this week
Note: Was in previous report, not yet fixed
ð P1-004: Admin Channel Publicly Accessible
Status: OPEN (16 days)
Priority: Address this week
P2 (Medium) - 3 Remaining
ð¡ P2-002: Wildcard CORS Origin
Status: OPEN (16 days)
ð¡ P2-004: Verbose Error Messages
Status: OPEN (16 days)
ð¡ P2-005: Rate Limiting Not Enforced on Functions
Status: OPEN (16 days)
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
New Vulnerabilities ð
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
P2 (Medium) - 1 New Issue
ð P2-006: New Storage Bucket Without RLS
Severity: ð¡ P2
Component: Storage
Description: New bucket 'user-uploads' created without
RLS policies. Currently empty but will
need policies before production use.
First Seen: January 31, 2025
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Progress Analysis
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Remediation Rate: 58% (7 of 12 fixed)
By Severity:
âââ P0 (Critical): 100% fixed â
âââ P1 (High): 50% fixed
âââ P2 (Medium): 40% fixed
Time to Fix (Average):
âââ P0: 1.3 days (excellent)
âââ P1: 3.5 days (good)
âââ P2: 5.5 days (acceptable)
Regression: 1 new issue introduced
(lower severity, acceptable)
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Recommendations
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
1. CONTINUE PROGRESS
Great work fixing all P0 issues! Focus now on
remaining P1 issues:
- User enumeration timing attack
- Admin broadcast channel
2. ADDRESS NEW ISSUE
Configure RLS on 'user-uploads' bucket before
it's used in production.
3. SCHEDULE FOLLOW-UP
Recommend another audit in 14 days to verify
remaining fixes.
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Trend Analysis
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
If you have 3+ reports, trend analysis is available:
| Date | Score | P0 | P1 | P2 | Total |
|------------|-------|----|----|----| ------|
| 2024-12-01 | 28 | 4 | 5 | 6 | 15 |
| 2025-01-15 | 35 | 3 | 4 | 5 | 12 |
| 2025-01-31 | 72 | 0 | 2 | 4 | 6 |
Trend: Improving â¬ï¸
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Comparison Logic
Finding Matching
Findings are matched between reports using:
- ID match â Same P0-001, P1-002, etc.
- Component + Title match â Same issue description
- Location match â Same file/line/endpoint
Status Determination
| Previous | Current | Status |
|---|---|---|
| Present | Absent | Fixed â |
| Present | Present | Remaining â ï¸ |
| Absent | Present | New ð |
| Absent | Absent | N/A |
Score Calculation
Change = Current Score - Previous Score
Positive change = Improvement â¬ï¸
Negative change = Regression â¬ï¸
No change = Stable â¡ï¸
Context Output
{
"comparison": {
"previous_date": "2025-01-15",
"current_date": "2025-01-31",
"previous_score": 35,
"current_score": 72,
"score_change": 37,
"findings": {
"previous_total": 12,
"current_total": 6,
"fixed": 7,
"remaining": 5,
"new": 1
},
"by_severity": {
"P0": { "previous": 3, "current": 0, "fixed": 3, "new": 0 },
"P1": { "previous": 4, "current": 2, "fixed": 2, "new": 0 },
"P2": { "previous": 5, "current": 4, "fixed": 2, "new": 1 }
},
"remediation_rate": 0.58,
"trend": "improving"
}
}
Report Output
The comparison generates supabase-audit-comparison.md:
# Security Audit Comparison Report
## Summary
| Metric | Previous | Current | Change |
|--------|----------|---------|--------|
| Score | 35/100 | 72/100 | +37 â¬ï¸ |
| P0 Issues | 3 | 0 | -3 â
|
| P1 Issues | 4 | 2 | -2 â
|
| P2 Issues | 5 | 4 | -1 â
|
| Total | 12 | 6 | -6 â
|
## Fixed Issues (7)
[Detailed list of fixed issues...]
## Remaining Issues (5)
[Detailed list of remaining issues...]
## New Issues (1)
[Detailed list of new issues...]
## Recommendations
[Action items based on comparison...]
Multiple Report Comparison
For trend analysis across 3+ reports:
Compare trend across reports/audit-*.md
Output includes:
- Score trend graph
- Issue count over time
- Average time to fix
- Recurring issues identification
Best Practices
Naming Convention
reports/
âââ supabase-audit-2024-12-01.md
âââ supabase-audit-2025-01-15.md
âââ supabase-audit-2025-01-31.md
âââ supabase-audit-comparison-2025-01-31.md
Regular Audits
| Frequency | Purpose |
|---|---|
| After fixes | Verify remediation |
| Monthly | Catch regressions |
| Before releases | Pre-production check |
| After incidents | Post-incident review |
Tracking Progress
- Keep all reports in version control
- Link to issue tracker (GitHub, Jira)
- Include in sprint planning
- Report to stakeholders
Related Skills
supabase-reportâ Generate the reports to comparesupabase-pentestâ Run full auditsupabase-helpâ Quick reference