supabase-report-compare
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseReport Comparison
审计报告对比
This skill compares two security audit reports to track progress over time.
该技能可对比两份安全审计报告,跟踪一段时间内的修复进度。
When to Use This Skill
何时使用该技能
- After fixing vulnerabilities, to verify remediation
- For periodic security reviews
- To track security posture over time
- To identify regression (new vulnerabilities)
- 修复漏洞后,验证修复效果
- 定期安全审查
- 跟踪安全态势变化
- 识别回归漏洞(新出现的漏洞)
Prerequisites
前提条件
- Two audit reports in Markdown format
- Reports should be from the same project
- 两份Markdown格式的审计报告
- 报告需来自同一项目
Usage
使用方法
Basic Comparison
基础对比
Compare security reports old-report.md and new-report.mdCompare security reports old-report.md and new-report.mdWith Specific Paths
指定路径对比
Compare reports/audit-v1.md with reports/audit-v2.mdCompare reports/audit-v1.md with reports/audit-v2.mdOutput Format
输出格式
═══════════════════════════════════════════════════════════
SECURITY AUDIT COMPARISON
═══════════════════════════════════════════════════════════
Previous Audit: January 15, 2025
Current Audit: January 31, 2025
Days Between: 16 days
─────────────────────────────────────────────────────────
Score Comparison
─────────────────────────────────────────────────────────
Previous Score: 35/100 (Grade: D)
Current Score: 72/100 (Grade: C)
Improvement: +37 points ⬆️
┌────────────────────────────────────────────────────────┐
│ Score Progress │
│ │
│ 100 ┤ │
│ 80 ┤ ████████ 72 │
│ 60 ┤ ████████ │
│ 40 ┤ ████████ 35 ████████ │
│ 20 ┤ ████████ ████████ │
│ 0 ┴─────────────────────────────────────────────── │
│ Jan 15 Jan 31 │
└────────────────────────────────────────────────────────┘
─────────────────────────────────────────────────────────
Findings Summary
─────────────────────────────────────────────────────────
| Status | P0 | P1 | P2 | Total |
|-------------|-----|-----|-----|-------|
| Previous | 3 | 4 | 5 | 12 |
| Current | 0 | 2 | 4 | 6 |
| Fixed | 3 | 2 | 2 | 7 |
| New | 0 | 0 | 1 | 1 |
─────────────────────────────────────────────────────────
Fixed Vulnerabilities ✅
─────────────────────────────────────────────────────────
P0 (Critical) - ALL FIXED! 🎉
✅ P0-001: Service Role Key Exposed
Status: FIXED
Resolution: Key rotated, removed from client code
Fixed on: January 16, 2025
✅ P0-002: Database Backups Publicly Accessible
Status: FIXED
Resolution: Bucket made private, files deleted
Fixed on: January 16, 2025
✅ P0-003: Admin Function Privilege Escalation
Status: FIXED
Resolution: Added admin role verification
Fixed on: January 17, 2025
P1 (High) - 2 of 4 Fixed
✅ P1-001: Email Confirmation Disabled
Status: FIXED
Resolution: Email confirmation now required
Fixed on: January 20, 2025
✅ P1-002: IDOR in get-user-data Function
Status: FIXED
Resolution: Added user ownership verification
Fixed on: January 18, 2025
P2 (Medium) - 2 of 5 Fixed
✅ P2-001: Weak Password Policy
Status: FIXED
Resolution: Minimum length increased to 10
Fixed on: January 22, 2025
✅ P2-003: Disposable Emails Accepted
Status: FIXED
Resolution: Email validation added
Fixed on: January 25, 2025
─────────────────────────────────────────────────────────
Remaining Vulnerabilities ⚠️
─────────────────────────────────────────────────────────
P1 (High) - 2 Remaining
🟠 P1-003: User Enumeration via Timing Attack
Status: OPEN (16 days)
Priority: Address this week
Note: Was in previous report, not yet fixed
🟠 P1-004: Admin Channel Publicly Accessible
Status: OPEN (16 days)
Priority: Address this week
P2 (Medium) - 3 Remaining
🟡 P2-002: Wildcard CORS Origin
Status: OPEN (16 days)
🟡 P2-004: Verbose Error Messages
Status: OPEN (16 days)
🟡 P2-005: Rate Limiting Not Enforced on Functions
Status: OPEN (16 days)
─────────────────────────────────────────────────────────
New Vulnerabilities 🆕
─────────────────────────────────────────────────────────
P2 (Medium) - 1 New Issue
🆕 P2-006: New Storage Bucket Without RLS
Severity: 🟡 P2
Component: Storage
Description: New bucket 'user-uploads' created without
RLS policies. Currently empty but will
need policies before production use.
First Seen: January 31, 2025
─────────────────────────────────────────────────────────
Progress Analysis
─────────────────────────────────────────────────────────
Remediation Rate: 58% (7 of 12 fixed)
By Severity:
├── P0 (Critical): 100% fixed ✅
├── P1 (High): 50% fixed
└── P2 (Medium): 40% fixed
Time to Fix (Average):
├── P0: 1.3 days (excellent)
├── P1: 3.5 days (good)
└── P2: 5.5 days (acceptable)
Regression: 1 new issue introduced
(lower severity, acceptable)
─────────────────────────────────────────────────────────
Recommendations
─────────────────────────────────────────────────────────
1. CONTINUE PROGRESS
Great work fixing all P0 issues! Focus now on
remaining P1 issues:
- User enumeration timing attack
- Admin broadcast channel
2. ADDRESS NEW ISSUE
Configure RLS on 'user-uploads' bucket before
it's used in production.
3. SCHEDULE FOLLOW-UP
Recommend another audit in 14 days to verify
remaining fixes.
─────────────────────────────────────────────────────────
Trend Analysis
─────────────────────────────────────────────────────────
If you have 3+ reports, trend analysis is available:
| Date | Score | P0 | P1 | P2 | Total |
|------------|-------|----|----|----| ------|
| 2024-12-01 | 28 | 4 | 5 | 6 | 15 |
| 2025-01-15 | 35 | 3 | 4 | 5 | 12 |
| 2025-01-31 | 72 | 0 | 2 | 4 | 6 |
Trend: Improving ⬆️
══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
SECURITY AUDIT COMPARISON
═══════════════════════════════════════════════════════════
Previous Audit: January 15, 2025
Current Audit: January 31, 2025
Days Between: 16 days
─────────────────────────────────────────────────────────
Score Comparison
─────────────────────────────────────────────────────────
Previous Score: 35/100 (Grade: D)
Current Score: 72/100 (Grade: C)
Improvement: +37 points ⬆️
┌────────────────────────────────────────────────────────┐
│ Score Progress │
│ │
│ 100 ┤ │
│ 80 ┤ ████████ 72 │
│ 60 ┤ ████████ │
│ 40 ┤ ████████ 35 ████████ │
│ 20 ┤ ████████ ████████ │
│ 0 ┴─────────────────────────────────────────────── │
│ Jan 15 Jan 31 │
└────────────────────────────────────────────────────────┘
─────────────────────────────────────────────────────────
Findings Summary
─────────────────────────────────────────────────────────
| Status | P0 | P1 | P2 | Total |
|-------------|-----|-----|-----|-------|
| Previous | 3 | 4 | 5 | 12 |
| Current | 0 | 2 | 4 | 6 |
| Fixed | 3 | 2 | 2 | 7 |
| New | 0 | 0 | 1 | 1 |
─────────────────────────────────────────────────────────
Fixed Vulnerabilities ✅
─────────────────────────────────────────────────────────
P0 (Critical) - ALL FIXED! 🎉
✅ P0-001: Service Role Key Exposed
Status: FIXED
Resolution: Key rotated, removed from client code
Fixed on: January 16, 2025
✅ P0-002: Database Backups Publicly Accessible
Status: FIXED
Resolution: Bucket made private, files deleted
Fixed on: January 16, 2025
✅ P0-003: Admin Function Privilege Escalation
Status: FIXED
Resolution: Added admin role verification
Fixed on: January 17, 2025
P1 (High) - 2 of 4 Fixed
✅ P1-001: Email Confirmation Disabled
Status: FIXED
Resolution: Email confirmation now required
Fixed on: January 20, 2025
✅ P1-002: IDOR in get-user-data Function
Status: FIXED
Resolution: Added user ownership verification
Fixed on: January 18, 2025
P2 (Medium) - 2 of 5 Fixed
✅ P2-001: Weak Password Policy
Status: FIXED
Resolution: Minimum length increased to 10
Fixed on: January 22, 2025
✅ P2-003: Disposable Emails Accepted
Status: FIXED
Resolution: Email validation added
Fixed on: January 25, 2025
─────────────────────────────────────────────────────────
Remaining Vulnerabilities ⚠️
─────────────────────────────────────────────────────────
P1 (High) - 2 Remaining
🟠 P1-003: User Enumeration via Timing Attack
Status: OPEN (16 days)
Priority: Address this week
Note: Was in previous report, not yet fixed
🟠 P1-004: Admin Channel Publicly Accessible
Status: OPEN (16 days)
Priority: Address this week
P2 (Medium) - 3 Remaining
🟡 P2-002: Wildcard CORS Origin
Status: OPEN (16 days)
🟡 P2-004: Verbose Error Messages
Status: OPEN (16 days)
🟡 P2-005: Rate Limiting Not Enforced on Functions
Status: OPEN (16 days)
─────────────────────────────────────────────────────────
New Vulnerabilities 🆕
─────────────────────────────────────────────────────────
P2 (Medium) - 1 New Issue
🆕 P2-006: New Storage Bucket Without RLS
Severity: 🟡 P2
Component: Storage
Description: New bucket 'user-uploads' created without
RLS policies. Currently empty but will
need policies before production use.
First Seen: January 31, 2025
─────────────────────────────────────────────────────────
Progress Analysis
─────────────────────────────────────────────────────────
Remediation Rate: 58% (7 of 12 fixed)
By Severity:
├── P0 (Critical): 100% fixed ✅
├── P1 (High): 50% fixed
└── P2 (Medium): 40% fixed
Time to Fix (Average):
├── P0: 1.3 days (excellent)
├── P1: 3.5 days (good)
└── P2: 5.5 days (acceptable)
Regression: 1 new issue introduced
(lower severity, acceptable)
─────────────────────────────────────────────────────────
Recommendations
─────────────────────────────────────────────────────────
1. CONTINUE PROGRESS
Great work fixing all P0 issues! Focus now on
remaining P1 issues:
- User enumeration timing attack
- Admin broadcast channel
2. ADDRESS NEW ISSUE
Configure RLS on 'user-uploads' bucket before
it's used in production.
3. SCHEDULE FOLLOW-UP
Recommend another audit in 14 days to verify
remaining fixes.
─────────────────────────────────────────────────────────
Trend Analysis
─────────────────────────────────────────────────────────
If you have 3+ reports, trend analysis is available:
| Date | Score | P0 | P1 | P2 | Total |
|------------|-------|----|----|----| ------|
| 2024-12-01 | 28 | 4 | 5 | 6 | 15 |
| 2025-01-15 | 35 | 3 | 4 | 5 | 12 |
| 2025-01-31 | 72 | 0 | 2 | 4 | 6 |
Trend: Improving ⬆️
═══════════════════════════════════════════════════════════Comparison Logic
对比逻辑
Finding Matching
漏洞匹配规则
Findings are matched between reports using:
- ID match — Same P0-001, P1-002, etc.
- Component + Title match — Same issue description
- Location match — Same file/line/endpoint
报告间的漏洞通过以下方式匹配:
- ID匹配 — 相同的P0-001、P1-002等编号
- 组件+标题匹配 — 相同的漏洞描述
- 位置匹配 — 相同的文件/行/端点
Status Determination
状态判定
| Previous | Current | Status |
|---|---|---|
| Present | Absent | Fixed ✅ |
| Present | Present | Remaining ⚠️ |
| Absent | Present | New 🆕 |
| Absent | Absent | N/A |
| 旧报告状态 | 新报告状态 | 最终状态 |
|---|---|---|
| 存在 | 不存在 | 已修复 ✅ |
| 存在 | 存在 | 未修复 ⚠️ |
| 不存在 | 存在 | 新漏洞 🆕 |
| 不存在 | 不存在 | 不适用 |
Score Calculation
分数计算
Change = Current Score - Previous Score
Positive change = Improvement ⬆️
Negative change = Regression ⬇️
No change = Stable ➡️变化值 = 当前分数 - 旧报告分数
正变化 = 分数提升 ⬆️
负变化 = 分数倒退 ⬇️
无变化 = 分数稳定 ➡️Context Output
上下文输出
json
{
"comparison": {
"previous_date": "2025-01-15",
"current_date": "2025-01-31",
"previous_score": 35,
"current_score": 72,
"score_change": 37,
"findings": {
"previous_total": 12,
"current_total": 6,
"fixed": 7,
"remaining": 5,
"new": 1
},
"by_severity": {
"P0": { "previous": 3, "current": 0, "fixed": 3, "new": 0 },
"P1": { "previous": 4, "current": 2, "fixed": 2, "new": 0 },
"P2": { "previous": 5, "current": 4, "fixed": 2, "new": 1 }
},
"remediation_rate": 0.58,
"trend": "improving"
}
}json
{
"comparison": {
"previous_date": "2025-01-15",
"current_date": "2025-01-31",
"previous_score": 35,
"current_score": 72,
"score_change": 37,
"findings": {
"previous_total": 12,
"current_total": 6,
"fixed": 7,
"remaining": 5,
"new": 1
},
"by_severity": {
"P0": { "previous": 3, "current": 0, "fixed": 3, "new": 0 },
"P1": { "previous": 4, "current": 2, "fixed": 2, "new": 0 },
"P2": { "previous": 5, "current": 4, "fixed": 2, "new": 1 }
},
"remediation_rate": 0.58,
"trend": "improving"
}
}Report Output
报告输出
The comparison generates :
supabase-audit-comparison.mdmarkdown
undefined对比后会生成文件:
supabase-audit-comparison.mdmarkdown
undefinedSecurity Audit Comparison Report
Security Audit Comparison Report
Summary
Summary
| Metric | Previous | Current | Change |
|---|---|---|---|
| Score | 35/100 | 72/100 | +37 ⬆️ |
| P0 Issues | 3 | 0 | -3 ✅ |
| P1 Issues | 4 | 2 | -2 ✅ |
| P2 Issues | 5 | 4 | -1 ✅ |
| Total | 12 | 6 | -6 ✅ |
| Metric | Previous | Current | Change |
|---|---|---|---|
| Score | 35/100 | 72/100 | +37 ⬆️ |
| P0 Issues | 3 | 0 | -3 ✅ |
| P1 Issues | 4 | 2 | -2 ✅ |
| P2 Issues | 5 | 4 | -1 ✅ |
| Total | 12 | 6 | -6 ✅ |
Fixed Issues (7)
Fixed Issues (7)
[Detailed list of fixed issues...]
[Detailed list of fixed issues...]
Remaining Issues (5)
Remaining Issues (5)
[Detailed list of remaining issues...]
[Detailed list of remaining issues...]
New Issues (1)
New Issues (1)
[Detailed list of new issues...]
[Detailed list of new issues...]
Recommendations
Recommendations
[Action items based on comparison...]
undefined[Action items based on comparison...]
undefinedMultiple Report Comparison
多报告对比
For trend analysis across 3+ reports:
Compare trend across reports/audit-*.mdOutput includes:
- Score trend graph
- Issue count over time
- Average time to fix
- Recurring issues identification
如需对3份及以上报告进行趋势分析:
Compare trend across reports/audit-*.md输出内容包括:
- 分数趋势图
- 漏洞数量变化趋势
- 平均修复时间
- 重复出现的漏洞识别
Best Practices
最佳实践
Naming Convention
命名规范
reports/
├── supabase-audit-2024-12-01.md
├── supabase-audit-2025-01-15.md
├── supabase-audit-2025-01-31.md
└── supabase-audit-comparison-2025-01-31.mdreports/
├── supabase-audit-2024-12-01.md
├── supabase-audit-2025-01-15.md
├── supabase-audit-2025-01-31.md
└── supabase-audit-comparison-2025-01-31.mdRegular Audits
定期审计
| Frequency | Purpose |
|---|---|
| After fixes | Verify remediation |
| Monthly | Catch regressions |
| Before releases | Pre-production check |
| After incidents | Post-incident review |
| 频率 | 目的 |
|---|---|
| 修复漏洞后 | 验证修复效果 |
| 每月一次 | 发现倒退漏洞 |
| 发布前 | 生产前检查 |
| 事件后 | 事后复盘 |
Tracking Progress
进度跟踪
- Keep all reports in version control
- Link to issue tracker (GitHub, Jira)
- Include in sprint planning
- Report to stakeholders
- 将所有报告纳入版本控制
- 关联到问题跟踪系统(GitHub、Jira)
- 纳入 sprint 规划
- 向利益相关者汇报
Related Skills
相关技能
- — Generate the reports to compare
supabase-report - — Run full audit
supabase-pentest - — Quick reference
supabase-help
- — 生成用于对比的审计报告
supabase-report - — 执行全面审计
supabase-pentest - — 快速参考
supabase-help