Securie for Firebase
Firebase Security Rules are the entire defense in most Firebase-backed apps. Securie validates every rule against the intent of the app, detects default-allow tables, and audits admin-SDK usage.
Why it matters for Firebase
Install on your Firebase-backed repo. Every firestore.rules, storage.rules, and functions file is reviewed.
- Validates Firestore + Realtime + Storage rules
- Detects default-allow rules at root
- Audits Cloud Functions for missing authz checks
- Flags Admin SDK usage in client bundles
Common bugs we catch in Firebase
Firestore rule: allow read, write: if true
Default-allow at any collection means every document is public. Securie flags and proposes strict tenant-scoped rules.
Cloud Function without context.auth check
Callable functions default to unauthenticated. Missing auth check = public admin function.
Admin SDK in a browser-exposed module
The Firebase Admin SDK bypasses all security rules. Client-exposed = full compromise.
Install in under a minute
- Install the Securie GitHub App on your Firebase repo
- Securie detects firebase.json + rules files
- Push any PR.
Firebase is a trademark of Google LLC. Securie is independent.