← Supabase + Security Reporter integrations

Update Security Finding with Security Reporter API on New Row Added from Supabase API

Pipedream makes it easy to connect APIs for Security Reporter, Supabase and 2,400+ other apps remarkably fast.

Trigger workflow on
New Row Added from the Supabase API
Next, do this
Update Security Finding with the Security Reporter API
No credit card required
Intro to Pipedream
Watch us build a workflow
Watch us build a workflow
8 min
Watch now ➜

Trusted by 1,000,000+ developers from startups to Fortune 500 companies

Adyen logo
Appcues logo
Bandwidth logo
Checkr logo
ChartMogul logo
Dataminr logo
Gopuff logo
Gorgias logo
LinkedIn logo
Logitech logo
Replicated logo
Rudderstack logo
SAS logo
Scale AI logo
Webflow logo
Warner Bros. logo
Adyen logo
Appcues logo
Bandwidth logo
Checkr logo
ChartMogul logo
Dataminr logo
Gopuff logo
Gorgias logo
LinkedIn logo
Logitech logo
Replicated logo
Rudderstack logo
SAS logo
Scale AI logo
Webflow logo
Warner Bros. logo

Developers Pipedream

Getting Started

This integration creates a workflow with a Supabase trigger and Security Reporter action. When you configure and deploy the workflow, it will run on Pipedream's servers 24x7 for free.

  1. Select this integration
  2. Configure the New Row Added trigger
    1. Connect your Supabase account
    2. Configure Table
    3. Optional- Configure Row Identifier
    4. Optional- Configure Column
    5. Optional- Select a Filter
    6. Optional- Configure Value
    7. Configure Order By
    8. Optional- Select a Sort Order
    9. Configure timer
  3. Configure the Update Security Finding action
    1. Connect your Security Reporter account
    2. Select a Finding ID
    3. Optional- Configure Title
    4. Optional- Select one or more Targets
    5. Optional- Select a Assessment Section ID
    6. Optional- Configure Is Vulnerability
    7. Optional- Select a Status
    8. Optional- Select one or more Resolved Targets
    9. Optional- Select a Review Status
    10. Optional- Configure Found At
    11. Optional- Select a Priority
    12. Optional- Select a Complexity
    13. Optional- Configure Action
    14. Optional- Configure Description
    15. Optional- Configure Risk
    16. Optional- Configure Recommendation
    17. Optional- Configure Proof
    18. Optional- Configure References
    19. Optional- Configure Draft Documents
    20. Optional- Configure Draft Documents File
    21. Optional- Select one or more Resolvers
    22. Optional- Select one or more User Groups
    23. Optional- Configure Classifications
    24. Select a Severity Metrics Scoring System
  4. Deploy the workflow
  5. Send a test event to validate your setup
  6. Turn on the trigger

Details

This integration uses pre-built, source-available components from Pipedream's GitHub repo. These components are developed by Pipedream and the community, and verified and maintained by Pipedream.

To contribute an update to an existing component or create a new component, create a PR on GitHub. If you're new to Pipedream component development, you can start with quickstarts for trigger span and action development, and then review the component API reference.

Trigger

Description:Emit new event for every new row added in a table. [See documentation here](https://supabase.com/docs/reference/javascript/select)
Version:0.0.4
Key:supabase-new-row-added

Supabase Overview

Supabase is a real-time backend-as-a-service that provides developers with a suite of tools to quickly build and scale their applications. It offers database storage, authentication, instant APIs, and real-time subscriptions. With the Supabase API, you can perform CRUD operations on your database, manage users, and listen to database changes in real time. When integrated with Pipedream, you can automate workflows that react to these database events, synchronize data across multiple services, or streamline user management processes.

Trigger Code

import base from "../common/base.mjs";
import {
  DEFAULT_POLLING_SOURCE_TIMER_INTERVAL,
  ConfigurationError,
} from "@pipedream/platform";
import constants from "../../common/constants.mjs";

export default {
  key: "supabase-new-row-added",
  name: "New Row Added",
  description: "Emit new event for every new row added in a table. [See documentation here](https://supabase.com/docs/reference/javascript/select)",
  version: "0.0.4",
  type: "source",
  props: {
    ...base.props,
    column: {
      propDefinition: [
        base.props.supabase,
        "column",
      ],
      optional: true,
    },
    filter: {
      propDefinition: [
        base.props.supabase,
        "filter",
      ],
      optional: true,
    },
    value: {
      propDefinition: [
        base.props.supabase,
        "value",
      ],
      optional: true,
    },
    orderBy: {
      propDefinition: [
        base.props.supabase,
        "column",
      ],
      label: "Order By",
      description: "Column name to order by",
    },
    sortOrder: {
      propDefinition: [
        base.props.supabase,
        "sortOrder",
      ],
    },
    db: "$.service.db",
    timer: {
      type: "$.interface.timer",
      default: {
        intervalSeconds: DEFAULT_POLLING_SOURCE_TIMER_INTERVAL,
      },
    },
  },
  methods: {
    _getOffset() {
      return this.db.get("offset") || 0;
    },
    _setOffset(offset) {
      this.db.set("offset", offset);
    },
  },
  async run() {
    const {
      table,
      column,
      filter,
      value,
      orderBy,
      sortOrder,
      rowIdentifier,
    } = this;

    if ((column || filter || value) && !(column && filter && value)) {
      throw new ConfigurationError("If `column`, `filter`, or `value` is used, all three must be entered");
    }

    const offset = this._getOffset();
    const client = await this.supabase._client();
    const query = client
      .from(table)
      .select()
      .order(orderBy, {
        ascending: sortOrder,
      })
      .range(offset, offset + constants.MAX_OFFSET);

    if (filter) {
      const filterMethod = this.supabase[filter];
      filterMethod(query, column, value);
    }

    const { data } = await query;
    this._setOffset(offset + data.length);

    for (const row of data) {
      let summary = "New row in table";
      if (row[rowIdentifier]) {
        summary = `${summary}: ${row[rowIdentifier]}`;
      }
      this.$emit(row, {
        summary,
      });
    }
  },
};

Trigger Configuration

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI and CLI.
LabelPropTypeDescription
SupabasesupabaseappThis component uses the Supabase app.
Tabletablestring

The name of the table to watch for new rows

Row IdentifierrowIdentifierstring

The column name to use as the row identifier

Columncolumnstring

Column name to search by

FilterfilterstringSelect a value from the drop down menu:{ "label": "Equal", "value": "equalTo" }{ "label": "Not Equal", "value": "notEqualTo" }{ "label": "Greater Than", "value": "greaterThan" }{ "label": "Greater Than or Equal To", "value": "greaterThanOrEqualTo" }{ "label": "Less Than", "value": "lessThan" }{ "label": "Less Than or Equal To", "value": "lessThanOrEqualTo" }{ "label": "Contains (Case Sensitive)", "value": "patternMatch" }{ "label": "Contains (Case Insensitive)", "value": "patternMatchCaseInsensitive" }
Valuevaluestring

Value of the column specified to search for

Order ByorderBystring

Column name to order by

Sort OrdersortOrderstringSelect a value from the drop down menu:ascendingdescending
N/Adb$.service.dbThis component uses $.service.db to maintain state between executions.
timer$.interface.timer

Trigger Authentication

Supabase uses API keys for authentication. When you connect your Supabase account, Pipedream securely stores the keys so you can easily authenticate to Supabase APIs in both code and no-code steps.

Supabase provides a Service Key to get started. You can find the service_role in the API Settings page.

Finding the Supabase subdomain

About Supabase

Supabase is an open source Firebase alternative.

Action

Description:Updates an existing security finding. [See the documentation](https://trial3.securityreporter.app/api-documentation)
Version:0.0.1
Key:security_reporter-update-finding

Action Code

import {
  COMPLEXITY_OPTIONS,
  OWASP_OPTIONS,
  PRIORITY_OPTIONS,
  REVIEW_STATUS_OPTIONS,
  SCORING_SYSTEM_OPTIONS,
  SEVERITY_ONLY_SEVERITY_OPTIONS,
  STATUS_OPTIONS,
} from "../../common/constants.mjs";
import { parseObject } from "../../common/utils.mjs";
import securityReporter from "../../security_reporter.app.mjs";

export default {
  key: "security_reporter-update-finding",
  name: "Update Security Finding",
  description: "Updates an existing security finding. [See the documentation](https://trial3.securityreporter.app/api-documentation)",
  version: "0.0.1",
  type: "action",
  props: {
    securityReporter,
    findingId: {
      propDefinition: [
        securityReporter,
        "findingId",
      ],
    },
    title: {
      type: "string",
      label: "Title",
      description: "Title of the finding. Must not be greater than 191 characters.",
      optional: true,
    },
    targets: {
      propDefinition: [
        securityReporter,
        "targets",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    assessmentSectionId: {
      propDefinition: [
        securityReporter,
        "assessmentSectionId",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
      reloadProps: true,
    },
    isVulnerability: {
      type: "boolean",
      label: "Is Vulnerability",
      description: "Whether the finding is for a vulnerability (and has associated severity metrics).",
      optional: true,
      reloadProps: true,
    },
    status: {
      type: "string",
      label: "Status",
      description: "The current status of the finding. Can not be changed to or from Retest Pending. Must be a valid finding status.",
      options: STATUS_OPTIONS,
      optional: true,
    },
    resolvedTargets: {
      propDefinition: [
        securityReporter,
        "resolvedTargets",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    reviewStatus: {
      type: "string",
      label: "Review Status",
      description: "The current review status of the finding. Must be a valid review status.",
      options: REVIEW_STATUS_OPTIONS,
      optional: true,
    },
    foundAt: {
      type: "string",
      label: "Found At",
      description: "The date when the finding was found. Format: `YYYY-MM-DDTHH:MM:SS`.",
      optional: true,
    },
    priority: {
      type: "string",
      label: "Priority",
      description: "How urgent resolving this finding is. Must be a valid priority.",
      options: PRIORITY_OPTIONS,
      optional: true,
    },
    complexity: {
      type: "string",
      label: "Complexity",
      description: "How complex resolving this finding is. Must be a valid complexity.",
      options: COMPLEXITY_OPTIONS,
      optional: true,
    },
    action: {
      type: "string",
      label: "Action",
      description: "The recommended action (under 500 characters) to resolve this finding. **Example: Update ...**",
      optional: true,
    },
    description: {
      type: "string",
      label: "Description",
      description: "The description of the finding. **Example: There is ...**",
      optional: true,
    },
    risk: {
      type: "string",
      label: "Risk",
      description: "The risk associated with the finding. **Example: A hacker could ...**",
      optional: true,
    },
    recommendation: {
      type: "string",
      label: "Recommendation",
      description: "The recommendation for the finding. **Example: Update ...**",
      optional: true,
    },
    proof: {
      type: "string",
      label: "Proof",
      description: "The proof for the finding. **Example: See attached ...**",
      optional: true,
    },
    references: {
      type: "string",
      label: "References",
      description: "The references for the finding. **Example: - https://owasp.org/Top10/A03_2021-Injection/`\n - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/**",
      optional: true,
    },
    draftDocuments: {
      type: "string[]",
      label: "Draft Documents",
      description: "Document IDs of uploaded draft documents.",
      optional: true,
    },
    draftDocumentsFile: {
      type: "string[]",
      label: "Draft Documents File ",
      description: "The path to a file in the `/tmp` directory. [See the documentation on working with files](https://pipedream.com/docs/code/nodejs/working-with-files/#writing-a-file-to-tmp).",
      optional: true,
    },
    resolvers: {
      propDefinition: [
        securityReporter,
        "resolvers",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    userGroups: {
      propDefinition: [
        securityReporter,
        "userGroups",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    classifications: {
      type: "string[]",
      label: "Classifications",
      description: "An array with classifications by classification system. You can use any combination of CWE, CAPEC or VRT classifications. Note that classifications are ignored if their system is not set in the assessment.",
      optional: true,
    },
    SMScoringSystem: {
      type: "string",
      label: "Severity Metrics Scoring System",
      description: "The scoring system you want to use. [See the documentation](https://trial3.securityreporter.app/api-documentation#scoring-systems) for further information.",
      options: SCORING_SYSTEM_OPTIONS,
      reloadProps: true,
    },
  },
  async additionalProps() {
    const props = {};
    if (this.isVulnerability) {
      const { severity_metrics: SM } = await this.securityReporter.getFinding({
        findingId: this.findingId,
      });
      switch (this.SMScoringSystem) {
      case "owasp":
        props.severityMetricsImpact = {
          type: "string",
          label: "Severity Metrics Impact",
          description: "The impact metric.",
          options: OWASP_OPTIONS,
          default: (SM && SM.scoring_system === "owasp")
            ? `${SM.impact}`
            : "",
        };
        props.severityMetricsLikelihood = {
          type: "string",
          label: "Severity Metrics Likelihood",
          description: "The likelihood metric.",
          options: OWASP_OPTIONS,
          default: (SM && SM.scoring_system === "owasp")
            ? `${SM.likelihood}`
            : "",
        };
        break;
      case "cvss_v3_1":
        props.cvssString = {
          type: "string",
          label: "Severity Metrics CVSS String",
          description: "The Common Vulnerability Scoring System uses a combination of eight [base metrics](https://www.first.org/cvss/v3.1/specification-document#Base-Metrics) to compute the base severity score. Currently only the base metrics are supported. A calculator to transform base metrics into a severity score can be found [here](https://www.first.org/cvss/calculator/3.1). Manual calculations are not needed as the severity_score and severity of a model will be automatically computed upon save.",
          default: (SM && SM.scoring_system === "cvss_v3_1")
            ? `${SM.cvss_string}`
            : "",
        };
        break;
      case "severity_only":
        props.severityOnlySeverity = {
          type: "string",
          label: "Severity Metrics Severity",
          description: "Severity only is the simplest scoring system. It simply sets the severity directly without any underlying math.",
          options: SEVERITY_ONLY_SEVERITY_OPTIONS,
          default: (SM && SM.scoring_system === "severity_only")
            ? `${SM.severity}`
            : "",
        };
      }
    }
    return props;
  },
  async run({ $ }) {
    const fileIds = await this.securityReporter.prepareFiles({
      draftDocumentsFile: this.draftDocumentsFile,
      draftDocuments: this.draftDocuments,
    });

    const response = await this.securityReporter.updateSecurityFinding({
      $,
      findingId: this.findingId,
      data: {
        title: this.title,
        targets: parseObject(this.targets),
        assessment_section_id: this.assessmentSectionId,
        is_vulnerability: this.isVulnerability,
        status: this.status && parseInt(this.status),
        resolved_targets: parseObject(this.resolved_targets),
        severity_metrics: {
          impact: this.severityMetricsImpact && parseInt(this.severityMetricsImpact),
          likelihood: this.severityMetricsLikelihood && parseInt(this.severityMetricsLikelihood),
          cvss_string: this.cvssString,
          severity: this.severityOnlySeverity && parseInt(this.severityOnlySeverity),
          scoring_system: this.SMScoringSystem,
        },
        review_status: this.reviewStatus && parseInt(this.reviewStatus),
        found_at: this.foundAt,
        priority: this.priority && parseInt(this.priority),
        complexity: this.complexity && parseInt(this.complexity),
        action: this.action,
        description: this.description,
        risk: this.risk,
        recommendation: this.recommendation,
        proof: this.proof,
        references: this.references,
        draft_documents: fileIds,
        resolvers: parseObject(this.resolvers),
        user_groups: parseObject(this.userGroups),
        classifications: parseObject(this.classifications),
      },
    });

    $.export("$summary", `Successfully updated finding with ID ${this.findingId}`);
    return response;
  },
};

Action Configuration

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI.

LabelPropTypeDescription
Security ReportersecurityReporterappThis component uses the Security Reporter app.
Finding IDfindingIdstringSelect a value from the drop down menu.
Titletitlestring

Title of the finding. Must not be greater than 191 characters.

Targetstargetsstring[]Select a value from the drop down menu.
Assessment Section IDassessmentSectionIdstringSelect a value from the drop down menu.
Is VulnerabilityisVulnerabilityboolean

Whether the finding is for a vulnerability (and has associated severity metrics).

StatusstatusstringSelect a value from the drop down menu:{ "label": "Unresolved", "value": "0" }{ "label": "Resolved", "value": "1" }{ "label": "Retest Pending", "value": "2" }{ "label": "Accepted Risk", "value": "3" }
Resolved TargetsresolvedTargetsstring[]Select a value from the drop down menu.
Review StatusreviewStatusstringSelect a value from the drop down menu:{ "label": "Draft", "value": "0" }{ "label": "Under Review", "value": "1" }{ "label": "Revision Requested", "value": "2" }{ "label": "Published", "value": "3" }
Found AtfoundAtstring

The date when the finding was found. Format: YYYY-MM-DDTHH:MM:SS.

PriorityprioritystringSelect a value from the drop down menu:{ "label": "Unknown", "value": "0" }{ "label": "Low", "value": "1" }{ "label": "Medium", "value": "2" }{ "label": "High", "value": "3" }
ComplexitycomplexitystringSelect a value from the drop down menu:{ "label": "Unknown", "value": "0" }{ "label": "Trivial", "value": "1" }{ "label": "Medium", "value": "2" }{ "label": "Complex", "value": "3" }
Actionactionstring

The recommended action (under 500 characters) to resolve this finding. Example: Update ...

Descriptiondescriptionstring

The description of the finding. Example: There is ...

Riskriskstring

The risk associated with the finding. Example: A hacker could ...

Recommendationrecommendationstring

The recommendation for the finding. Example: Update ...

Proofproofstring

The proof for the finding. Example: See attached ...

Referencesreferencesstring
Draft DocumentsdraftDocumentsstring[]

Document IDs of uploaded draft documents.

Draft Documents File draftDocumentsFilestring[]

The path to a file in the /tmp directory. See the documentation on working with files.

Resolversresolversstring[]Select a value from the drop down menu.
User GroupsuserGroupsstring[]Select a value from the drop down menu.
Classificationsclassificationsstring[]

An array with classifications by classification system. You can use any combination of CWE, CAPEC or VRT classifications. Note that classifications are ignored if their system is not set in the assessment.

Severity Metrics Scoring SystemSMScoringSystemstringSelect a value from the drop down menu:{ "label": "OWASP Risk Rating Methodology", "value": "owasp" }{ "label": "CVSS v3.1", "value": "cvss_v3_1" }{ "label": "Severity Only", "value": "severity_only" }

Action Authentication

Security Reporter uses API keys for authentication. When you connect your Security Reporter account, Pipedream securely stores the keys so you can easily authenticate to Security Reporter APIs in both code and no-code steps.

About Security Reporter

Reporting made easy, Pentesting made powerful

More Ways to Connect Security Reporter + Supabase

Create Security Assessment with Security Reporter API on New Row Added from Supabase API
Supabase + Security Reporter
 
Try it
Create Security Assessment with Security Reporter API on New Webhook Event (Instant) from Supabase API
Supabase + Security Reporter
 
Try it
Create Security Finding with Security Reporter API on New Row Added from Supabase API
Supabase + Security Reporter
 
Try it
Create Security Finding with Security Reporter API on New Webhook Event (Instant) from Supabase API
Supabase + Security Reporter
 
Try it
Update Security Finding with Security Reporter API on New Webhook Event (Instant) from Supabase API
Supabase + Security Reporter
 
Try it
New Row Added from the Supabase API

Emit new event for every new row added in a table. See documentation here

 
Try it
New Webhook Event (Instant) from the Supabase API

Emit new event for every insert, update, or delete operation in a table. This source requires user configuration using the Supabase website. More information in the README. Also see documentation here

 
Try it
New Assessment Created (Instant) from the Security Reporter API

Emit new event when an assessment is created.

 
Try it
New Finding Created (Instant) from the Security Reporter API

Emit new event when a finding is created.

 
Try it
New Finding Updated (Instant) from the Security Reporter API

Emit new event when a finding is updated.

 
Try it
Batch Insert Rows with the Supabase API

Inserts new rows into a database. See the documentation

 
Try it
Delete Row with the Supabase API

Deletes row(s) in a database. See the docs here

 
Try it
Insert Row with the Supabase API

Inserts a new row into a database. See the docs here

 
Try it
Remote Procedure Call with the Supabase API

Call a Postgres function in a database. See the docs here

 
Try it
Select Row with the Supabase API

Selects row(s) in a database. See the docs here

 
Try it

Explore Other Apps

1
-
24
of
2,400+
apps by most popular

HTTP / Webhook
HTTP / Webhook
Get a unique URL where you can send HTTP or webhook requests
Node
Node
Anything you can do with Node.js, you can do in a Pipedream workflow. This includes using most of npm's 400,000+ packages.
Python
Python
Anything you can do in Python can be done in a Pipedream Workflow. This includes using any of the 350,000+ PyPi packages available in your Python powered workflows.
OpenAI (ChatGPT)
OpenAI (ChatGPT)
OpenAI is an AI research and deployment company with the mission to ensure that artificial general intelligence benefits all of humanity. They are the makers of popular models like ChatGPT, DALL-E, and Whisper.
Premium
Salesforce
Salesforce
Web services API for interacting with Salesforce
Premium
HubSpot
HubSpot
HubSpot's CRM platform contains the marketing, sales, service, operations, and website-building software you need to grow your business.
Premium
Zoho CRM
Zoho CRM
Zoho CRM is an online Sales CRM software that manages your sales, marketing, and support in one CRM platform.
Premium
Stripe
Stripe
Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes.
Shopify
Shopify
Shopify is a complete commerce platform that lets anyone start, manage, and grow a business. You can use Shopify to build an online store, manage sales, market to customers, and accept payments in digital and physical locations.
Premium
WooCommerce
WooCommerce
WooCommerce is the open-source ecommerce platform for WordPress.
Premium
Snowflake
Snowflake
A data warehouse built for the cloud
Premium
MongoDB
MongoDB
MongoDB is an open source NoSQL database management program.
Supabase
Supabase
Supabase is an open source Firebase alternative.
MySQL
MySQL
MySQL is an open-source relational database management system.
PostgreSQL
PostgreSQL
PostgreSQL is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
Premium
AWS
AWS
Amazon Web Services (AWS) offers reliable, scalable, and inexpensive cloud computing services.
Premium
Twilio SendGrid
Twilio SendGrid
Send marketing and transactional email through the Twilio SendGrid platform with the Email API, proprietary mail transfer agent, and infrastructure for scalable delivery.
Amazon SES
Amazon SES
Amazon SES is a cloud-based email service provider that can integrate into any application for high volume email automation
Premium
Klaviyo
Klaviyo
Email Marketing and SMS Marketing Platform
Premium
Zendesk
Zendesk
Zendesk is award-winning customer service software trusted by 200K+ customers. Make customers happy via text, mobile, phone, email, live chat, social media.
Notion
Notion
Notion is a new tool that blends your everyday work apps into one. It's the all-in-one workspace for you and your team.
Slack
Slack
Slack is a channel-based messaging platform. With Slack, people can work together more effectively, connect all their software tools and services, and find the information they need to do their best work — all within a secure, enterprise-grade environment.
Microsoft Teams
Microsoft Teams
Microsoft Teams has communities, events, chats, channels, meetings, storage, tasks, and calendars in one place.
Schedule
Schedule
Trigger workflows on an interval or cron schedule.