Securie for Netlify — function + environment checks

live

Pre-deploy gate for Netlify Functions and Netlify-hosted sites. Environment-variable audit on every build. Build-time secret detection. Function-route authorization validation. Edge Function binding review. The integration mirrors the Vercel integration but wired into Netlify's build-trigger webhook.

Updated

What it does

Validates Netlify Function authorization patterns (missing auth in /.netlify/functions/* handlers). Catches build-time secret leakage (env vars ending up in the published bundle). Enforces CORS + rate-limit configuration on function routes. Checks Edge Function bindings for correct scoping. Reviews `netlify.toml` for known misconfiguration patterns.

When to use it

Best fit: teams on Netlify Functions (serverless) or Netlify Edge Functions. Complementary to the GitHub App — source-level catches plus deploy-level verification.

Limitations

Available by request. Netlify support currently matches Vercel coverage in scope. Build-blocking requires Netlify Pro plan or higher; Starter plan accounts can run the review but cannot gate deploys.

Install

  1. Install the Securie GitHub App on your Netlify-connected repo when the integration is enabled
  2. Securie runs on every Netlify build trigger
  3. Findings appear in the Netlify Deploy log + GitHub PR comment
  4. Critical findings can be configured to block the deploy