Back to skills
SkillHub ClubRun DevOpsFull StackSecurity
supabase-report-compare
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
Packaged view
This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.
Stars
31
Hot score
89
Updated
March 20, 2026
Overall rating
C2.0
Composite score
2.0
Best-practice grade
B84.0
Install command
npx @skill-hub/cli install yoanbernabeu-supabase-pentest-skills-supabase-report-compare
Repository
yoanbernabeu/supabase-pentest-skills
Skill path: skills/report/supabase-report-compare
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
Open repositoryBest for
Primary workflow: Run DevOps.
Technical facets: Full Stack, Security.
Target audience: everyone.
License: Unknown.
Original source
Catalog source: SkillHub Club.
Repository owner: yoanbernabeu.
This is still a mirrored public skill entry. Review the repository before installing into production workflows.
What it helps with
- Install supabase-report-compare into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
- Review https://github.com/yoanbernabeu/supabase-pentest-skills before adding supabase-report-compare to shared team environments
- Use supabase-report-compare for development workflows
Works across
Claude CodeCodex CLIGemini CLIOpenCode
Favorites: 0.
Sub-skills: 0.
Aggregator: No.
Original source / Raw SKILL.md
---
name: supabase-report-compare
description: Compare two security audit reports to track remediation progress and identify new vulnerabilities.
---
# Report Comparison
This skill compares two security audit reports to track progress over time.
## When to Use This Skill
- After fixing vulnerabilities, to verify remediation
- For periodic security reviews
- To track security posture over time
- To identify regression (new vulnerabilities)
## Prerequisites
- Two audit reports in Markdown format
- Reports should be from the same project
## Usage
### Basic Comparison
```
Compare security reports old-report.md and new-report.md
```
### With Specific Paths
```
Compare reports/audit-v1.md with reports/audit-v2.md
```
## Output Format
```
═══════════════════════════════════════════════════════════
SECURITY AUDIT COMPARISON
═══════════════════════════════════════════════════════════
Previous Audit: January 15, 2025
Current Audit: January 31, 2025
Days Between: 16 days
─────────────────────────────────────────────────────────
Score Comparison
─────────────────────────────────────────────────────────
Previous Score: 35/100 (Grade: D)
Current Score: 72/100 (Grade: C)
Improvement: +37 points ⬆️
┌────────────────────────────────────────────────────────┐
│ Score Progress │
│ │
│ 100 ┤ │
│ 80 ┤ ████████ 72 │
│ 60 ┤ ████████ │
│ 40 ┤ ████████ 35 ████████ │
│ 20 ┤ ████████ ████████ │
│ 0 ┴─────────────────────────────────────────────── │
│ Jan 15 Jan 31 │
└────────────────────────────────────────────────────────┘
─────────────────────────────────────────────────────────
Findings Summary
─────────────────────────────────────────────────────────
| Status | P0 | P1 | P2 | Total |
|-------------|-----|-----|-----|-------|
| Previous | 3 | 4 | 5 | 12 |
| Current | 0 | 2 | 4 | 6 |
| Fixed | 3 | 2 | 2 | 7 |
| New | 0 | 0 | 1 | 1 |
─────────────────────────────────────────────────────────
Fixed Vulnerabilities ✅
─────────────────────────────────────────────────────────
P0 (Critical) - ALL FIXED! 🎉
✅ P0-001: Service Role Key Exposed
Status: FIXED
Resolution: Key rotated, removed from client code
Fixed on: January 16, 2025
✅ P0-002: Database Backups Publicly Accessible
Status: FIXED
Resolution: Bucket made private, files deleted
Fixed on: January 16, 2025
✅ P0-003: Admin Function Privilege Escalation
Status: FIXED
Resolution: Added admin role verification
Fixed on: January 17, 2025
P1 (High) - 2 of 4 Fixed
✅ P1-001: Email Confirmation Disabled
Status: FIXED
Resolution: Email confirmation now required
Fixed on: January 20, 2025
✅ P1-002: IDOR in get-user-data Function
Status: FIXED
Resolution: Added user ownership verification
Fixed on: January 18, 2025
P2 (Medium) - 2 of 5 Fixed
✅ P2-001: Weak Password Policy
Status: FIXED
Resolution: Minimum length increased to 10
Fixed on: January 22, 2025
✅ P2-003: Disposable Emails Accepted
Status: FIXED
Resolution: Email validation added
Fixed on: January 25, 2025
─────────────────────────────────────────────────────────
Remaining Vulnerabilities ⚠️
─────────────────────────────────────────────────────────
P1 (High) - 2 Remaining
🟠 P1-003: User Enumeration via Timing Attack
Status: OPEN (16 days)
Priority: Address this week
Note: Was in previous report, not yet fixed
🟠 P1-004: Admin Channel Publicly Accessible
Status: OPEN (16 days)
Priority: Address this week
P2 (Medium) - 3 Remaining
🟡 P2-002: Wildcard CORS Origin
Status: OPEN (16 days)
🟡 P2-004: Verbose Error Messages
Status: OPEN (16 days)
🟡 P2-005: Rate Limiting Not Enforced on Functions
Status: OPEN (16 days)
─────────────────────────────────────────────────────────
New Vulnerabilities 🆕
─────────────────────────────────────────────────────────
P2 (Medium) - 1 New Issue
🆕 P2-006: New Storage Bucket Without RLS
Severity: 🟡 P2
Component: Storage
Description: New bucket 'user-uploads' created without
RLS policies. Currently empty but will
need policies before production use.
First Seen: January 31, 2025
─────────────────────────────────────────────────────────
Progress Analysis
─────────────────────────────────────────────────────────
Remediation Rate: 58% (7 of 12 fixed)
By Severity:
├── P0 (Critical): 100% fixed ✅
├── P1 (High): 50% fixed
└── P2 (Medium): 40% fixed
Time to Fix (Average):
├── P0: 1.3 days (excellent)
├── P1: 3.5 days (good)
└── P2: 5.5 days (acceptable)
Regression: 1 new issue introduced
(lower severity, acceptable)
─────────────────────────────────────────────────────────
Recommendations
─────────────────────────────────────────────────────────
1. CONTINUE PROGRESS
Great work fixing all P0 issues! Focus now on
remaining P1 issues:
- User enumeration timing attack
- Admin broadcast channel
2. ADDRESS NEW ISSUE
Configure RLS on 'user-uploads' bucket before
it's used in production.
3. SCHEDULE FOLLOW-UP
Recommend another audit in 14 days to verify
remaining fixes.
─────────────────────────────────────────────────────────
Trend Analysis
─────────────────────────────────────────────────────────
If you have 3+ reports, trend analysis is available:
| Date | Score | P0 | P1 | P2 | Total |
|------------|-------|----|----|----| ------|
| 2024-12-01 | 28 | 4 | 5 | 6 | 15 |
| 2025-01-15 | 35 | 3 | 4 | 5 | 12 |
| 2025-01-31 | 72 | 0 | 2 | 4 | 6 |
Trend: Improving ⬆️
═══════════════════════════════════════════════════════════
```
## Comparison Logic
### Finding Matching
Findings are matched between reports using:
1. **ID match** — Same P0-001, P1-002, etc.
2. **Component + Title match** — Same issue description
3. **Location match** — Same file/line/endpoint
### Status Determination
| Previous | Current | Status |
|----------|---------|--------|
| Present | Absent | Fixed ✅ |
| Present | Present | Remaining ⚠️ |
| Absent | Present | New 🆕 |
| Absent | Absent | N/A |
### Score Calculation
```
Change = Current Score - Previous Score
Positive change = Improvement ⬆️
Negative change = Regression ⬇️
No change = Stable ➡️
```
## Context Output
```json
{
"comparison": {
"previous_date": "2025-01-15",
"current_date": "2025-01-31",
"previous_score": 35,
"current_score": 72,
"score_change": 37,
"findings": {
"previous_total": 12,
"current_total": 6,
"fixed": 7,
"remaining": 5,
"new": 1
},
"by_severity": {
"P0": { "previous": 3, "current": 0, "fixed": 3, "new": 0 },
"P1": { "previous": 4, "current": 2, "fixed": 2, "new": 0 },
"P2": { "previous": 5, "current": 4, "fixed": 2, "new": 1 }
},
"remediation_rate": 0.58,
"trend": "improving"
}
}
```
## Report Output
The comparison generates `supabase-audit-comparison.md`:
```markdown
# Security Audit Comparison Report
## Summary
| Metric | Previous | Current | Change |
|--------|----------|---------|--------|
| Score | 35/100 | 72/100 | +37 ⬆️ |
| P0 Issues | 3 | 0 | -3 ✅ |
| P1 Issues | 4 | 2 | -2 ✅ |
| P2 Issues | 5 | 4 | -1 ✅ |
| Total | 12 | 6 | -6 ✅ |
## Fixed Issues (7)
[Detailed list of fixed issues...]
## Remaining Issues (5)
[Detailed list of remaining issues...]
## New Issues (1)
[Detailed list of new issues...]
## Recommendations
[Action items based on comparison...]
```
## Multiple Report Comparison
For trend analysis across 3+ reports:
```
Compare trend across reports/audit-*.md
```
Output includes:
- Score trend graph
- Issue count over time
- Average time to fix
- Recurring issues identification
## Best Practices
### Naming Convention
```
reports/
├── supabase-audit-2024-12-01.md
├── supabase-audit-2025-01-15.md
├── supabase-audit-2025-01-31.md
└── supabase-audit-comparison-2025-01-31.md
```
### Regular Audits
| Frequency | Purpose |
|-----------|---------|
| After fixes | Verify remediation |
| Monthly | Catch regressions |
| Before releases | Pre-production check |
| After incidents | Post-incident review |
### Tracking Progress
1. Keep all reports in version control
2. Link to issue tracker (GitHub, Jira)
3. Include in sprint planning
4. Report to stakeholders
## Related Skills
- `supabase-report` — Generate the reports to compare
- `supabase-pentest` — Run full audit
- `supabase-help` — Quick reference