New Supabase RLS Drift Detection in Continuous Protection
- Focus
- Changelog
- Risk
- High
- Stack
- Supabase RLS
- Detection
- Ubserve Runtime Simulation
Ubserve changelog update: continuous scans now detect policy drift between schema evolution and RLS enforcement intent.
Continuous Protection now includes Supabase RLS Drift Detection, designed to catch policy mismatches introduced after schema updates. This helps prevent silent authorization regressions in teams shipping frequently.
[Component: DarkWireframeKey]
As shown in the Policy Gate diagram, the left lane should represent schema evolution events, and the right lane should represent policy consistency checks per table and action type.
Start free scan | See sample audit
Why this matters
RLS failures are often not missing-policy bugs. They are stale-policy bugs created by iterative releases where auth logic changes faster than policy maintenance.
What we now validate
- Missing policy updates after new table columns/relations.
- Divergence across select/insert/update/delete policy symmetry.
- Tenant/ownership predicate inconsistency across related tables.
Recommended next steps
- Run a full audit before launch milestones.
- Enable continuous scans for weekly shipping teams.
- Re-test every migration touching multi-tenant data boundaries.
Related resources
FAQs
What is RLS drift detection?+
Turn this resource into a real security check.
Review the guidance, then run Ubserve to validate whether this issue is actually exploitable in your app and get fix-ready output.