MOJOliciousFTW
commented
2 months ago forked and used github enterprise advanced security (GHAS) with AI enabled for secret scanning, neat
nice to see it got found there
Open MOJOliciousFTW opened 2 months ago
MOJOliciousFTW
commented
2 months ago forked and used github enterprise advanced security (GHAS) with AI enabled for secret scanning, neat
nice to see it got found there
MOJOliciousFTW
commented
2 months ago I'm not a front end developer, but I don't see anyway to hide supabase secrets when deploying a static site.
Looks like supabase has a free plan, is that what's used? Could not find info on what happens when free plan limits are reached, best case there will just be a hickup, worst case billing.
swampbear
commented
2 months ago It is a free plan yes. As i have understood it there is no billing if limits are hit. Unlimited api requests and a total storage of 500 mb
When db size is reached it changes to read only mode
Credentials are in plain sight in this public repo at https://github.com/frdedynamics/find_the_duck/blob/da632e87eafb76e68beb5c8590bc838871d63842/_config.yml#L43-L44
and are also found via public github page
Expected credentials to be gh secrets and not found on page.