How to Set Up Security Scans for Your Lovable App

Security scanning shouldn't be something you bolt on after launch. With GetDeployable, you can have automated vulnerability detection running from day one.

Prerequisites

• ›A GetDeployable account with a connected Lovable project
• ›At least one staging environment configured
• ›Your Supabase project linked via the GetDeployable console

Step 1: Enable the Security Gate

Navigate to your project settings in the GetDeployable console and toggle on Security Gate. This adds a pre-deployment check that must pass before any changes reach production.

Step 2: Configure Scan Profiles

Choose which scans to run:

• ›OWASP Top 10 — Checks for common web vulnerabilities like XSS, SQL injection, and broken authentication
• ›PII Detection — Scans your database schema and code for personally identifiable information patterns
• ›Secret Leak Detection — Ensures API keys and tokens aren't exposed in client-side bundles

Step 3: Set Severity Thresholds

Decide what blocks a deployment:

• ›Critical — Always blocks (e.g., SQL injection vulnerability)
• ›High — Blocks by default, can be overridden with justification
• ›Medium — Warning only, logged in the dashboard
• ›Low — Informational, visible in detailed reports

Step 4: Review Your First Scan

Push a change to your staging branch. The security gate will run automatically and you'll see results in the console within minutes.

SCAN COMPLETE — 2025-03-05 14:22:01
Vulnerabilities: 0 critical, 0 high, 2 medium
PII Detection: CLEAN
Secret Leak: CLEAN
Status: PASSED ✓

What Happens When a Scan Fails

If a critical or high severity issue is detected, the deployment is blocked. You'll get a detailed report in the console showing exactly what was found, where it is, and how to fix it.

No more hoping for the best. Ship with confidence.