List Render env vars when GitHub raises a code scanning alert
A new code scanning alert often hints that something sensitive is being handled carelessly. Notis reacts by listing the environment variables on your Render service, so you can immediately see whether a related value is sitting where it should not be.
Trigger
New Code Scanning Alert Created
Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.
Action
List Environment Variables for Service
Tool to list all environment variables configured directly on a Render service (with pagination). Use when you need to enumerate env vars without knowing individual keys.
Why this helps
GitHub flags a security finding, and your gut says check the env config, but pulling up every variable on the Render service is a chore you keep postponing until it becomes a real problem.
- Get an instant env var inventory when a security finding lands.
- Spot a sensitive value in the wrong place before it is exploited.
- Turn a vague alert into a concrete next step automatically.
- Reduce the friction that makes you skip security follow-up.
Setup
Build it in a few focused steps.
- 1Connect GitHub and Render to Notis once from the portal.
- 2Open your portal link and start a New Automation.
- 3Describe it plainly: when GitHub creates a new code scanning alert, list the environment variables on my Render service and report them to me.
- 4Select the New Code Scanning Alert Created trigger and choose a secure channel.
- 5Trigger a test alert to confirm the env var list arrives.
Questions about this workflow
Does this expose secret values in my channel?
Notis lists the configured variables so you can review them. Choose a private, secure channel for the report and describe how much detail you want.
Can I filter which alerts trigger it?
Yes. Mention the severity or tool you care about in the instruction and Notis will act only on matching alerts.
Do I need to know the service ID?
No. You describe the Render service in words and Notis resolves it for you.
When this happens · Trigger
Do this · Action
Supported Triggers and Actions
Notis builds workflows that link GitHub to Render. A trigger fires from one place; an action lands in another.
GitHub triggers
Render actions
New Workflow Artifact Created
Triggers when a new workflow artifact is created in a GitHub repository. Monitors for newly created GitHub Actions workflow artifacts. Optionally filters by artifact name to restrict monitoring to specific artifacts.
Add Header Rule
Tool to add a custom HTTP header rule to a Render service. Use when you need to configure headers like Cache-Control, security headers, or CORS headers for specific request paths.
Branch Changed
Triggers when a GitHub branch changes. Monitors a specific branch for: - New commits pushed (head commit SHA changes) - Protection status toggled (branch becomes protected or unprotected) - Protection settings changed, including: required status checks and their enforcement level, admin enforcement, required pull request reviews (dismiss stale reviews, code owner reviews, approving review count, last push approval), required linear history, force push allowance, deletion allowance, conversation resolution, branch locking, and fork syncing.
Add or Update Secret File
Tool to add or update a secret file for a Render service. Use when you need to create a new secret file or update the content of an existing secret file.
New Branch Created
Triggers when a new branch is created in a GitHub repository. Detects newly created branches. Deleted branches do not fire events.
Add Resources to Environment
Tool to add resources to a Render environment. Use when you need to associate services, databases, Redis instances, or environment groups with an existing environment.
Check Run Status / Conclusion Changed
Triggers when a specific GitHub check run changes its status or conclusion. Monitors a single check run for changes to: status (queued, in_progress, completed, etc.), conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required), started_at, and completed_at.
Add Route
Tool to add redirect or rewrite rules to a Render service. Use when you need to configure URL routing, redirects, or rewrites for a service. Redirect rules send HTTP redirects to clients, while rewrite rules modify the request path internally.
Check Suite Status / Conclusion Changed
Triggers when a GitHub check suite changes its status or conclusion for a given ref. Monitors all check suites associated with a git reference (branch, tag, or commit SHA) for changes to status (queued, in_progress, completed, etc.) and conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required, startup_failure, stale). Optionally filters by GitHub App ID.
Create Custom Domain
Tool to add a custom domain to a Render service. Use when you need to configure a custom domain for a service.
New Code Scanning Alert Created
Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.
Create Environment Group
Tool to create a new environment group. Use when you need to create a shared collection of environment variables and secret files that can be used across multiple services.
New Repository Collaborator Added
Triggers when a new collaborator is added to a GitHub repository. Monitors the full list of collaborators on a repository and fires an event for each newly added collaborator. The payload includes the collaborator's GitHub username, account ID, profile URL, avatar URL, permission flags (pull, triage, push, maintain, admin), and assigned role name.
Create Environment
Tool to create a new environment within a Render project. Use when you need to set up a new environment for organizing services, databases, and other resources.
Commit Event
Triggered when a new commit is pushed to a repository.
Create Postgres Instance
Tool to create a new Postgres instance on Render. Use when you need to provision a new PostgreSQL database with configurable plan, version, and region.
Connect any two apps with Notis in the middle.
Not just GitHub and Render. Any combination from 985+ integrations.
When this happens · Trigger
Do this · Action
Save your first hour today.
7 days free trial with 20$ free usage included.
No card. Works with personal or business Render.
