The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
This Privacy Pipeline is a dissertation project focused on integrating automated security and privacy scanning into a GitHub Actions pull request workflow. The project demonstrates how DevSecOps practices can be applied early in the development lifecycle using a shift-left security approach.
The system is designed to be lightweight, explainable, and fully open-source. Instead of building a complex production deployment platform, the project focuses on CI-based scanning, structured evidence generation, and configurable policy gates that decide whether a pull request should pass or fail.
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Related posts
Excited to share some of the backend work I've been doing lately with Supabase! 🚀
Here's a look at what went into building a production-ready backend from scratch:
🗄️ Database Schema Design
Designed a relational schema with multiple interconnected tables: profiles, notes, reminders, conflicts, and a dedicated user_keys table for encryption key management. Every table has proper foreign key relationships, timestamps, and nullable/non-nullable constraints enforced at the DB level.
🔒 Row Level Security (RLS)
Every single table has RLS enabled with two policies: users can only access their own rows, and anonymous access is blocked entirely. No exceptions. Security is enforced at the database layer, not just the application layer.
🔑 Auth & Email Flows
Set up Supabase Auth with email + OAuth support, including full PKCE flow for secure token exchange. Configured deep link redirects for email confirmation and password reset flows, all tested end to end.
⚡ Edge Functions
Built and deployed multiple Supabase Edge Functions handling AI processing pipelines, including JWT validation at the top of every function before any processing begins. The OpenAI API key lives exclusively in Supabase secrets, never in the app or any config file.
🔄 Merge Pipeline
Built a follow-up note merge pipeline as an Edge Function. New facts are appended to existing profiles, duplicates are detected and skipped, conflicts are logged, and resolved reminders are handled gracefully.
📦 Migrations
All schema changes go through versioned migration files under source control. No manual dashboard changes. CI/CD triggers migrations automatically on merge to main.
🔐 Encryption Architecture
Client-side AES-GCM encryption via CryptoKit. Plaintext never sits in the database. Encryption keys are stored in a dedicated RLS-scoped table, fetched after login, and held in memory only for the session duration.
Still a lot more to share about this project. Excited to talk about it publicly when it launches! 👀
Interesting work! Nice 🔥 Have there been any bottlenecks so far in testing?
Some snippets from a recent project - Killswitch, an app that automatically delivers encrypted documents to your family if something happens to you.
Love this!
Trending
Claude
Claude has entered the design space. How are you using Claude Design?
Contra University
Learn from expert creatives how to earn more using next-gen AI tools.
creativeaiflow
Creative AI workflows are evolving. What tools do you use, and what are their strengths and weaknesses?
portfolioreview
The best portfolios tell a story, not just show a grid. Share yours for feedback.
freelancerlife
Freelancer life is wins, pivots, and everything in between. What’s yours right now?