Supabase vs Rootly
Side-by-side trajectory, velocity, and editorial themes.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
Rootly is moving the incident workflow out of the dashboard and into the IDE.
Rootly is shipping steadily across three lanes: on-call ergonomics (SLA follow-ups, deferred paging, team heartbeats), AI surfaces (Claude Code and Cursor plugins), and enterprise plumbing (Google Workspace directory sync, deeper RBAC). The cadence is roughly one release per week and the changes are coherent rather than scattershot — each lane is building toward a recognizable end-state.
The on-call work is a maturation arc: features that used to be coarse (paging, heartbeats, follow-ups) are gaining ownership, scheduling, and SLA awareness. The AI work is the more interesting axis — pulling on-call context, retros, and incident state into Claude Code and Cursor signals that Rootly wants engineers to interact with the platform inside their editor, not by tabbing away to a separate UI.
Expect the IDE plugins to gain write-side actions next (acking pages, drafting retros, triggering runbooks from the editor), and on-call configuration to keep moving toward team-scoped, RBAC-aware defaults rather than global ones.
See more alternatives to Supabase →
See more alternatives to Rootly →