✓ App installed

Next: add the workflow

Two quick steps and the repo will run an Upshift scan on every push to main and on every pull request.

Add the workflow file

Copy the workflow into your repo’s .github/workflows/ folder. Create the folder if it doesn’t exist.

Get the file from the Upshift repo: .github/workflows/upshift-app-scan.yml — copy its contents into your-repo/.github/workflows/upshift-app-scan.yml.

Add repository secrets

In your repo on GitHub: Settings → Secrets and variables → Actions. Add two secrets:

APP_ID — Your GitHub App’s App ID (find it in GitHub → Settings → Developer settings → GitHub Apps → your App).
APP_PRIVATE_KEY — The full contents of the .pem file you downloaded when you created the App (include the -----BEGIN ...----- and -----END ...----- lines).

You’re done

Commit and push the workflow file. The next push to main (or the next PR) will trigger an Upshift scan. On pull requests, the App will post a comment with outdated and vulnerability counts.

Need the full setup (webhook, Supabase, creating your own App)? See the ship checklist in the repo.

Copy workflow file Get started with CLI Pricing