Supabase
Security Snyk analysis
#22211
Replies: 1 comment
-
|
Note that when you install the test application, running 'npm i', you get advice to fix the vulnerabilities. Indeed 'npm run audit --fix' removes all critical & high issues. This is great. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
Snyk is listed by Supabase for SOC2 certification, I also need to prove a potential client that supabase is well secured.
I made a first Snyk scan on the supabase code of core services and it is very clean, no security flaw are detected, which is great.
The only critical errors is on React-native mobile client (under examples/expo-user-management), and some High errors on Next.Js applications.
Do you have a plan de fix these test applications ?
Actually I plan to use React desktop as a client so I am less affected.
More concerning, I also made a Snyk analysis of the docker images that are provided in supabase/docker.
Here is what I get:
For example, when I click on the second line 'supabase/realtime:v2.25.66'
there are 2 critical vulnerabilites:
Do you know how to fix all critical issues, or is there a roadmap for that ?
Thanks,
Thomas
Beta Was this translation helpful? Give feedback.
All reactions