GRANT ... TO PUBLIC statement
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
GRANT ... TO PUBLIC hands the privilege to every current and future role/user in the database, not just the intended one. This is occasionally intentional for a narrow read-only lookup table, but is easy to leave in place by habit.
Why it matters
GRANT ... TO PUBLIC applies the privilege to every current and future role or user in the database, not just the one you meant to grant it to. This is sometimes intentional for a narrow read-only reference table, but far more often it is a copy-paste default that quietly widens access to sensitive tables as new users and roles get created.
How to fix it
Replace PUBLIC with the specific role or user that needs the privilege. If several roles genuinely need it, grant to a dedicated group role and add each user to that role, rather than opening it to everyone.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo