GitHub Action.

Run AppVet security, performance, accessibility, and SEO scans on every pull request. The action posts results as a PR comment with scores, grades, and report links.

Quick start

name: AppVet Scan
on: [pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: appvet/scan-action@v1
        with:
          url: ${{ env.PREVIEW_URL }}
          api-key: ${{ secrets.APPVET_API_KEY }}

Inputs

Input	Required	Default	Description
`url`	Yes	—	URL to scan.
`api-key`	Yes	—	AppVet API key. Get one at appvet.dev/account#api-keys.
`types`	No	all 4	Comma-separated scan types: `security`, `performance`, `accessibility`, `seo`.
`threshold`	No	none	Minimum score. Fails the step if any scan scores below this value.
`comment`	No	`true`	Post results as a PR comment.
`fail-on-error`	No	`true`	Fail the step if the scan errors.

Outputs

Output	Description
`scores`	JSON object of scores per type, e.g. `{"security":84,"accessibility":91}`.
`lowest-score`	The lowest score across all scan types.
`passed`	`true` if all scores are above the threshold.
`report-urls`	JSON array of report URLs.

Using outputs

- uses: appvet/scan-action@v1
  id: scan
  with:
    url: ${{ env.PREVIEW_URL }}
    api-key: ${{ secrets.APPVET_API_KEY }}

- name: Check results
  run: |
    echo "Lowest score: ${{ steps.scan.outputs.lowest-score }}"
    echo "Passed: ${{ steps.scan.outputs.passed }}"

PR comment format

The action posts a summary comment on the pull request. If an AppVet comment already exists, it updates in place (no spam).

Type	Score	Grade	Findings
Security	84	A-	5
Accessibility	91	A+	2

The comment includes the lowest score, threshold pass/fail status, and links to the full reports on appvet.dev.

Setup

Get an API key at appvet.dev/account#api-keys.
Add it as a repository secret: Settings → Secrets and variables → Actions → name it APPVET_API_KEY.
Add the workflow file to .github/workflows/appvet.yml.

Examples

Scan on every PR

on: [pull_request]
jobs:
  appvet:
    runs-on: ubuntu-latest
    steps:
      - uses: appvet/scan-action@v1
        with:
          url: https://staging.example.com
          api-key: ${{ secrets.APPVET_API_KEY }}
          threshold: 80

Scan after Vercel preview deploy

on:
  deployment_status:
jobs:
  appvet:
    if: github.event.deployment_status.state == 'success'
    runs-on: ubuntu-latest
    steps:
      - uses: appvet/scan-action@v1
        with:
          url: ${{ github.event.deployment_status.target_url }}
          api-key: ${{ secrets.APPVET_API_KEY }}
          types: security,accessibility
          threshold: 70

Security only

- uses: appvet/scan-action@v1
  with:
    url: ${{ env.STAGING_URL }}
    api-key: ${{ secrets.APPVET_API_KEY }}
    types: security
    threshold: 90

Exit codes

Code	Meaning
`0`	All scans complete, threshold passed (or no threshold set).
`1`	At least one scan below threshold, or scan failed.

Next steps

Webhooks — get notified when scans complete.
Score Badges — embed live score badges in your README.
CLI — run scans from your terminal or other CI/CD systems.