Checks CI/CD setup

Prerequisites for CI/CD

To configure Checks to run in a pipeline, retrieve key configuration inputs from your Checks account and Google Cloud project.

Target Checks account and app

When you run Checks in your CI/CD platform, you will need to assign the results to a Checks account and an app that you've connected to that Checks account. To do this, you'll need the Checks Account ID and App ID.

For your Account ID, visit your Account Settings page.

For your App ID, visit your App Settings page.


A service account should be used when using Checks in an automation setup, such as CI/CD. For more information on how to create and configure a service account, see Authenticate the CLI.

It is recommended to use CI environment variables to configure your JSON key. For example:


Configure Checks to run in a CI/CD pipeline

Checks supports the following approaches:

  • Checks CI/CD plugins: Checks provides prebuilt plugins for several CI/CD platforms, including GitHub and fastlane. See the side navigation for more.
  • Checks CLI: Teams with more complex workflows, or using a build system without a Checks prebuilt plugin, can use the Checks CLI in their CI/CD pipeline. See Setting up using Checks CLI and Universal setup using Checks CLI for details.
  • Checks API: For teams with highly customized workflows, Checks offers a robust REST API. Use it to initiate scans, retrieve reports, and tailor the experience to your unique requirements. Find more information in the Checks API documentation.

To learn more about configuring your CI/CD pipeline, elect one of the following implementation options:


The Checks App Compliance fastlane plugin is an seamless way to automate your iOS Checks analysis right from fastlane. This plugin lets you upload your app to Checks by adding an action into your Fastfile. For additional information about fastlane plugins, see the fastlane documentation.

Getting started

To add Checks to your fastlane configuration, run the following command from the root of your iOS project:

fastlane add_plugin checks

Next, In a ./fastlane/Fastfile lane, add a upload_to_checks block. The basic way to use upload_to_checks with the required parameters is:

  account_id: "<your Checks account ID>",
  app_id: "<your Checks app ID>",
  binary_path: "<path to your .apk/.aab/.ipa>",
  service_account_file_path: ENV["SERVICE_ACCOUNT_JSON"],


Just as with our CLI, you can configure the fastlane plugin to meet the needs of your process.


Name Type Required Description
account_id string Yes Checks account ID from Checks settings page
app_id string Yes Checks application ID
binary_path string Yes Path to the application archive: .apk, .aab or .ipa
service_account_file_path string Yes base 64 encoded content of your service account. Refer to Authenticate Checks with a service account to generate a service account and to storing Base64 binary blobs as secrets
generate_report boolean False Default to true. If false the action won't upload the binary_path to checks. It is useful to test your authentication and other paramaters.
wait_for_report boolean true If false, the action won't wait for the report completion and the pipeline will keep going.
severity_threshold string With this option, only vulnerabilities of the specified level or higher are reported. Valid values are: PRIORITY POTENTIAL OPPORTUNITY
fail_on string If ALL, then action will fail if there are any failed checks following severity_threshold condition. It won't fail by default.
operation_id string For development and testing purposes. If an upload is already in progress, or you want to analyse an existing upload.

Example of using Checks App Compliance fastlane plugin

By configuring the inputs to the Checks fastlane plugin, you can customize if the Checks analysis should run in the background or as part of your testing suite.

Upload each new release to Checks and run the analysis in the background

platform :ios do
  desc "My example app"
  lane :distribute do
      account_id: "1234567890",
      app_id: "1234567890",
      binary_path: "./example-app.ipa",
      service_account_file_path: ENV["SERVICE_ACCOUNT_JSON"],

Run Checks as part of your Fastlane testing suite

desc "Checks App Compliance analysis"
lane :test do |options|
    account_id: "1234567890",
    app_id: "1234567890",
    binary_path: "./example-app.ipa",
    service_account_file_path: ENV["SERVICE_ACCOUNT_JSON"],
    wait_for_report: true,
    severity_threshold: "PRIORITY",
    fail_on: "ALL",


Do you have a CI/CD workflow that you'd like to see added to this guide? Let us know at