Skip to content
BoringSec

Documentation

Everything you need to secure your vibe-coded projects

Getting Started

Fix Templates

Every vulnerability BoringSec finds comes with a copy-paste fix prompt optimized for your specific AI coding tool. Fix critical issues in minutes, not hours.

Why Fix Templates?

Traditional security tools tell you what's wrong but leave you to figure out how to fix it. BoringSec gives you the exact prompt to paste into your AI tool — it knows your stack, your tool, and the specific fix needed.

Platform-specific prompts for 7 AI tools
42+ built-in templates covering common vulnerabilities
Estimated fix time for each template (usually 5-20 min)
Step-by-step instructions — not just "fix this"

Supported AI Platforms

Each fix template has a version optimized for how each platform works — Cursor needs project-context instructions, Lovable needs Supabase-aware fixes, Bolt needs serverless-compatible solutions.

⌨️

Cursor

Full project context

💜

Lovable

Supabase-aware fixes

Bolt.new

Serverless patterns

🤖

Claude Code

MCP-integrated

v0.dev

Next.js App Router

🏄

Windsurf

Multi-file edits

🔄

Replit

Environment secrets

What's Covered

Supabase Service Role Key Exposed

CRITICAL~15 min

Moves the service_role key from client to server, creates API routes for privileged operations.

supabase-service-role-exposed

Enable Row Level Security

CRITICAL~20 min

Enables RLS on all tables, creates user-scoped policies, tests with anon key.

supabase-rls

API Keys in JS Bundle

CRITICAL~10 min

Finds all exposed keys, moves to server-side env vars, creates proxy API routes.

bundle-exposed-keys

Insecure Firebase Rules

HIGH~15 min

Locks down Firestore and Storage rules, adds auth-based policies.

firebase-rules

Missing Content-Security-Policy

HIGH~10 min

Generates a strict CSP header configured for your specific stack (Next.js, Vercel, etc.).

missing-csp

.env File Committed to Git

CRITICAL~5 min

Removes .env from git history, adds to .gitignore, rotates compromised credentials.

committed-env

+ 36 more templates covering headers, XSS, injection, CORS, cookies, and more

How to Use Fix Templates

1

Run a scan

Scan your URL, repo, or code files from the dashboard or API.

2

View findings

Each issue has a "Fix" button or a link to the relevant fix template.

3

Select your platform

Choose Cursor, Lovable, Bolt, Claude Code, or any other supported tool.

4

Copy and paste

One click copies the full fix prompt. Paste into your AI tool and let it apply the fix.

API Access

Access fix templates programmatically via the REST API:

GET /api/v1/fix-suggestions/supabase-rls?platform=cursor

Returns both built-in and community templates. See the API Reference for full details.

Browse all templates

42+ fix prompts for 7 AI platforms. Pro plan required.

View Templates