GitHub Actions.

CLICLIPR gate

Run `@checkupstream/cli` in your CI to scan dependencies and fail the workflow if any service crosses a configurable risk threshold. Pair the PR run with a scheduled run to catch regressions that ship between deploys.

Add a PR + scheduled health check.

.github/workflows/upstream-health.yml

name: Upstream Health Check
on:
  pull_request:
    branches: [main]
  schedule:
    - cron: "0 8 * * 1" # Mondays 8am UTC

jobs:
  check-upstream:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Scan dependencies
        run: npx @checkupstream/cli scan
        env:
          CHECKUPSTREAM_API_TOKEN: ${{ secrets.CHECKUPSTREAM_API_TOKEN }}

      - name: Fail the build if any service is critical
        run: npx @checkupstream/cli risk --fail-on critical
        env:
          CHECKUPSTREAM_API_TOKEN: ${{ secrets.CHECKUPSTREAM_API_TOKEN }}

Tip

Use an **API Token** (`cup_api_*`), not an SDK Key, for the CLI — it needs read access to the dashboard. Generate one at **Settings → Credentials → API Tokens** and store it as a repository secret.

GitLab CI recipe Credentials & Security

Ship reliable upstream.

Drop the SDK in, point it at your project key, and start seeing live upstream telemetry inside the dashboard.

Get an SDK Key Browse all recipes