What does Securisky scan?

Securisky scans your live deployed app across 6 categories: security (API key exposure, CORS, headers, Firebase/Supabase misconfiguration), SEO, UX, performance, accessibility, and conversion rate optimization. Results arrive in under 2 minutes.

Yes. The free plan includes 3 scans per month with a full security grade (A–F), top findings, and one AI fix prompt. No credit card required.

Does Securisky work with apps built with Cursor, Lovable, or Bolt?

Yes. Securisky is specifically designed for vibe-coded apps built with AI tools like Cursor, Lovable, Bolt, v0, and Replit. These apps commonly have exposed API keys, disabled database security rules, and missing security headers — all of which Securisky detects automatically.

How does Securisky fix security issues?

For every issue found, Securisky generates an AI-ready fix prompt that you can paste directly into Cursor, Claude, or ChatGPT. It also provides ready-to-use code snippets in TypeScript, SQL, and JSON.

What is a security grade?

Securisky assigns a letter grade (A to F) and a score from 0 to 100 based on findings across security, SEO, UX, performance, accessibility and conversion. Grade A means 90+, Grade F means below 40.

Security Guides

Supabase Storage Security: Prevent Public Bucket Data Leaks in 15 Minutes

SecuriSky TeamApril 18, 202615 min read

Securing Supabase Storage Buckets

To prevent public bucket data leaks in Supabase, you need to ensure that your buckets are not publicly accessible. By default, Supabase storage buckets are private, but if you've changed the visibility settings or created a public bucket, you're at risk of data exposure.

Supabase provides a simple way to manage bucket visibility through its dashboard or API. You can check the visibility of your buckets by using the Supabase API. Here's an example of how to get the visibility of a bucket using the Supabase JavaScript client:

import { createClient } from '@supabase/supabase-js';

const supabaseUrl = 'https://your-supabase-url.supabase.co';
const supabaseKey = 'your-supabase-key';
const supabaseSecret = 'your-supabase-secret';

const supabase = createClient(supabaseUrl, supabaseKey, supabaseSecret);

async function getBucketVisibility(bucketName) {
  const { data, error } = await supabase
    .from('storage.buckets')
    .select('id, name, public')
    .eq('name', bucketName);

  if (error) {
    console.error(error);
  } else {
    console.log(data);
  }
}

getBucketVisibility('my-bucket');

This code retrieves the visibility of a bucket named "my-bucket". If the public property is true, the bucket is publicly accessible.

Updating Bucket Visibility

If you find that one of your buckets is publicly accessible, you can update its visibility using the Supabase API. Here's an example of how to update the visibility of a bucket:

import requests

supabase_url = 'https://your-supabase-url.supabase.co'
supabase_key = 'your-supabase-key'
supabase_secret = 'your-supabase-secret'
bucket_name = 'my-bucket'

headers = {
  'Authorization': f'Bearer {supabase_key}',
  'Content-Type': 'application/json'
}

data = {
  'public': False
}

response = requests.patch(
  f'{supabase_url}/storage/buckets/{bucket_name}',
  headers=headers,
  json=data
)

if response.status_code == 200:
  print('Bucket visibility updated successfully')
else:
  print('Error updating bucket visibility')

This code updates the visibility of a bucket named "my-bucket" to private.

Securing Bucket Files

In addition to securing buckets, you should also ensure that individual files within the buckets are not publicly accessible. You can use the Supabase API to update the visibility of a file:

import { createClient } from '@supabase/supabase-js';

const supabaseUrl = 'https://your-supabase-url.supabase.co';
const supabaseKey = 'your-supabase-key';
const supabaseSecret = 'your-supabase-secret';

const supabase = createClient(supabaseUrl, supabaseKey, supabaseSecret);

async function updateFileVisibility(bucketName, fileName) {
  const { data, error } = await supabase
    .from('storage.objects')
    .update({
      upsert: {
        bucket: bucketName,
        key: fileName,
        public: false
      }
    })
    .eq('bucket', bucketName)
    .eq('key', fileName);

  if (error) {
    console.error(error);
  } else {
    console.log(data);
  }
}

updateFileVisibility('my-bucket', 'my-file.txt');

This code updates the visibility of a file named "my-file.txt" in a bucket named "my-bucket" to private.

Using SecuriSky to Detect Public Bucket Data Leaks

SecuriSky is a security scanner that can help you detect public bucket data leaks in your Supabase storage. By integrating SecuriSky into your development workflow, you can automatically identify and fix security issues before they become major problems.

Quick Fix Checklist

[ ] Check the visibility of your Supabase storage buckets using the Supabase API

[ ] Update the visibility of publicly accessible buckets to private

[ ] Secure individual files within buckets using the Supabase API

[ ] Integrate a security scanner like SecuriSky to detect public bucket data leaks automatically

[ ] Regularly review and update your bucket and file visibility settings to ensure the security of your Supabase storage

Try it free

Scan your app for these issues now

Paste your URL and get a full security, performance, and SEO report in under 2 minutes — no signup required.

Run a free scan

Security

AI App Security Scanner

Compare

Securisky vs Snyk

Pricing

Plans & Pricing

Back to Blog