Public security timeline

See risky configuration drift before it becomes an incident.

Production does not only break because code changes. It breaks because settings drift outside Git — and nobody notices until an incident is already in progress. Explore a realistic ConfigTrace security timeline across all 7 providers. No login required.

Open app → Read setup docs

Demo data only. No customer data is shown.

Example risk timeline

What ConfigTrace catches

8 realistic examples of configuration drift across all 7 providers. Each finding includes a field-level diff, a risk classification, and a clear recommended next step.

Critical AWS Network Modified
12 min ago

AWS security group may expose SSH to the internet

What changed Ingress rule changed from trusted CIDR to 0.0.0.0/0 on port 22.
Why it matters This may expose SSH to the public internet for all resources attached to this security group.
What to check Confirm resource attachments, public subnet and public IP context, and restrict SSH to VPN or trusted IP ranges.
High Firebase Database Modified
34 min ago

Firebase Firestore rules may allow public writes

What changed Ruleset changed to allow write: if true.
Why it matters Broad client-side write rules can allow unintended data modification by unauthenticated users.
What to check Require request.auth != null for sensitive paths and redeploy the previous ruleset if this was accidental.
High Supabase Database Modified
1 hr ago

Supabase RLS was disabled on public.orders

What changed Row Level Security changed from enabled to disabled on table public.orders.
Why it matters Disabling RLS may broaden data access depending on policies and API exposure through the Supabase client.
What to check Re-enable RLS, review anon and public policies, and confirm the table is not directly exposed to unauthenticated clients.
High GitHub Repository Security Modified
2 hr ago

GitHub branch protection was weakened

What changed Required approving reviews changed from 2 to 0 on branch main.
Why it matters Removing required reviewers allows unreviewed code to merge directly to the protected branch.
What to check Restore the required reviewers setting and inspect recent repository admin activity for unauthorized changes.
Medium Stripe Payments Modified
3 hr ago

Stripe webhook endpoint changed

What changed Webhook destination changed from /api/stripe/webhook to /api/webhook-test.
Why it matters Webhook drift can silently break payment fulfillment, subscription management, and billing reconciliation.
What to check Verify endpoint ownership, confirm enabled events are correct, and send a test webhook to validate delivery.
Medium Cloudflare DNS Removed
5 hr ago

Cloudflare DNS record was removed

What changed CNAME record checkout.example.com was deleted from the zone.
Why it matters DNS changes can affect availability, checkout routing, and downstream service resolution.
What to check Confirm the deletion was intentional and restore the record if the removal was accidental or unauthorized.
Medium Vercel Deployments Modified
8 hr ago

Vercel production domain changed

What changed Production domain changed from app.example.com to preview.example.com.
Why it matters Domain drift can route production users to a preview or staging deployment unintentionally.
What to check Verify the production domain assignment in Vercel project settings and audit recent deployment configuration changes.
Low AWS IAM Modified
Yesterday

IAM access key last-used metadata changed

What changed Last used service changed from apigateway to sts.
Why it matters Usually informational, but may help identify unexpected usage patterns or credential sharing across services.
What to check Review whether this access pattern is expected and whether the key is scoped to minimum required services.
How it works

How ConfigTrace turns drift into signal

Three steps from a configuration change to a clear, actionable finding.

1

Snapshot configuration metadata

ConfigTrace connects using read-only credentials and snapshots your configuration at regular intervals — security groups, DNS records, Firestore rules, webhook endpoints, branch protections, RLS policies, and more.

2

Detect field-level changes

Every sync compares current state against your last snapshot. Field-level diffs surface exactly what changed — not just that something changed, but which field, from what value, to what value.

3

Explain risk and next checks

Each change is classified as Critical, High, Medium, or Low, with a human-readable explanation of why it matters and what the owner should review next.

ConfigTrace does not just show that something changed. It explains why the change matters and what the owner should review next. The goal is a security timeline you can act on — not a data dump you have to interpret yourself.

Built for metadata, not customer data.

ConfigTrace monitors configuration metadata and security posture. It does not read Firestore documents, Supabase table rows, Storage files, Auth users, secret values, S3 object contents, or log event contents.

View full data access policy →
Coverage

7 providers, one timeline

Connect any combination of supported providers. Changes surface in a single shared risk timeline, regardless of which stack you use.

AWS
EC2, IAM, Route 53, S3 configuration
Firebase
Firestore rules, Auth, Hosting, Functions
Supabase
RLS policies, Auth config, Storage
Stripe
Webhooks, products, pricing
GitHub
Branch protection, webhooks, repo settings
Cloudflare
DNS records, proxy status, zone config
Vercel
Domains, env var names, project settings
Get started

Create your first baseline before the next incident.

Connect any of 7 supported providers, run your first sync, and get a timestamped record of every risky configuration change from that moment forward.

Start monitoring → Setup guide

7 providers live · Reads configuration metadata only · Free plan available