Meet Scooter

Scooter is a language for defining defining database schemas, security policies, and migrations over both. Together with the Sidecar verifier, it statically prevents common errors such as incorrect policy refactoring, and leakage due to schema migrations.

Step 1: Define a policy

  • Scooter uses a strongly-typed expression language to define who can read or write to each field.
  • These policies are compiled to your target application for automatic enforcement.

Step 2: Write a migration

  • Scooter uses migrations to update both schemas and policies.
  • All new fields and models must have a policy.

Step 3: Verify with Sidecar

  • Sidecar checks if the combination of schema and policy changes in your migrations could cause data leakage.
  • If it finds a leak, Sidecar will give you an example.
Migration unsafe!


Principal: User(1)