Changelog

Current features in shipscan, and what’s planned. Planned items have no dates and may change.

Run a free check →

Shipped

  • Reachability graph — who (anonymous or logged-in) reaches which data, guard by guard

  • Code × live comparison — catches “guarded in code but reachable live”

  • Cross-user access test (BOLA) — can a logged-in user read another user’s data

  • Supabase deep checks — RLS, server functions (RPC), storage buckets, service_role exposure

  • Public source maps, initial-data leaks (__NEXT_DATA__), exposed files, committed secrets

  • Known vulnerabilities in dependencies (lockfile → OSV)

  • Discovery of other sites on the domain (from public certificate records)

  • Private repository support (read-only, token never stored)

  • Plain-language fixes + a copyable prompt for your AI tool + report export

  • Shareable result links + a verifiable, dated badge

Planned (no dates)

  • Continuous monitoring — alerts when something changes after launch

  • CI checks — run on every push

  • More backends beyond Supabase