List Render env vars when GitHub raises a code scanning alert

A new code scanning alert often hints that something sensitive is being handled carelessly. Notis reacts by listing the environment variables on your Render service, so you can immediately see whether a related value is sitting where it should not be.

Trigger

New Code Scanning Alert Created

Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.

Render logo

Action

List Environment Variables for Service

Tool to list all environment variables configured directly on a Render service (with pagination). Use when you need to enumerate env vars without knowing individual keys.

Why this helps

GitHub flags a security finding, and your gut says check the env config, but pulling up every variable on the Render service is a chore you keep postponing until it becomes a real problem.

  • Get an instant env var inventory when a security finding lands.
  • Spot a sensitive value in the wrong place before it is exploited.
  • Turn a vague alert into a concrete next step automatically.
  • Reduce the friction that makes you skip security follow-up.

Setup

Build it in a few focused steps.

  • 1Connect GitHub and Render to Notis once from the portal.
  • 2Open your portal link and start a New Automation.
  • 3Describe it plainly: when GitHub creates a new code scanning alert, list the environment variables on my Render service and report them to me.
  • 4Select the New Code Scanning Alert Created trigger and choose a secure channel.
  • 5Trigger a test alert to confirm the env var list arrives.

Questions about this workflow

Does this expose secret values in my channel?

Notis lists the configured variables so you can review them. Choose a private, secure channel for the report and describe how much detail you want.

Can I filter which alerts trigger it?

Yes. Mention the severity or tool you care about in the instruction and Notis will act only on matching alerts.

Do I need to know the service ID?

No. You describe the Render service in words and Notis resolves it for you.

When this happens · Trigger

Do this · Action

Supported Triggers and Actions

Notis builds workflows that link GitHub to Render. A trigger fires from one place; an action lands in another.

GitHub logo

GitHub triggers

Render logo

Render actions

New Workflow Artifact Created

Triggers when a new workflow artifact is created in a GitHub repository. Monitors for newly created GitHub Actions workflow artifacts. Optionally filters by artifact name to restrict monitoring to specific artifacts.

TriggerPolling

Add Header Rule

Tool to add a custom HTTP header rule to a Render service. Use when you need to configure headers like Cache-Control, security headers, or CORS headers for specific request paths.

ActionInstant

Branch Changed

Triggers when a GitHub branch changes. Monitors a specific branch for: - New commits pushed (head commit SHA changes) - Protection status toggled (branch becomes protected or unprotected) - Protection settings changed, including: required status checks and their enforcement level, admin enforcement, required pull request reviews (dismiss stale reviews, code owner reviews, approving review count, last push approval), required linear history, force push allowance, deletion allowance, conversation resolution, branch locking, and fork syncing.

TriggerPolling

Add or Update Secret File

Tool to add or update a secret file for a Render service. Use when you need to create a new secret file or update the content of an existing secret file.

ActionInstant

New Branch Created

Triggers when a new branch is created in a GitHub repository. Detects newly created branches. Deleted branches do not fire events.

TriggerPolling

Add Resources to Environment

Tool to add resources to a Render environment. Use when you need to associate services, databases, Redis instances, or environment groups with an existing environment.

ActionInstant

Check Run Status / Conclusion Changed

Triggers when a specific GitHub check run changes its status or conclusion. Monitors a single check run for changes to: status (queued, in_progress, completed, etc.), conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required), started_at, and completed_at.

TriggerPolling

Add Route

Tool to add redirect or rewrite rules to a Render service. Use when you need to configure URL routing, redirects, or rewrites for a service. Redirect rules send HTTP redirects to clients, while rewrite rules modify the request path internally.

ActionInstant

Check Suite Status / Conclusion Changed

Triggers when a GitHub check suite changes its status or conclusion for a given ref. Monitors all check suites associated with a git reference (branch, tag, or commit SHA) for changes to status (queued, in_progress, completed, etc.) and conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required, startup_failure, stale). Optionally filters by GitHub App ID.

TriggerPolling

Create Custom Domain

Tool to add a custom domain to a Render service. Use when you need to configure a custom domain for a service.

ActionInstant

New Code Scanning Alert Created

Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.

TriggerPolling

Create Environment Group

Tool to create a new environment group. Use when you need to create a shared collection of environment variables and secret files that can be used across multiple services.

ActionInstant

New Repository Collaborator Added

Triggers when a new collaborator is added to a GitHub repository. Monitors the full list of collaborators on a repository and fires an event for each newly added collaborator. The payload includes the collaborator's GitHub username, account ID, profile URL, avatar URL, permission flags (pull, triage, push, maintain, admin), and assigned role name.

TriggerPolling

Create Environment

Tool to create a new environment within a Render project. Use when you need to set up a new environment for organizing services, databases, and other resources.

ActionInstant

Commit Event

Triggered when a new commit is pushed to a repository.

TriggerInstant

Create Postgres Instance

Tool to create a new Postgres instance on Render. Use when you need to provision a new PostgreSQL database with configurable plan, version, and region.

ActionInstant

Connect any two apps with Notis in the middle.

Not just GitHub and Render. Any combination from 985+ integrations.

When this happens · Trigger

Do this · Action

Save your first hour today.

7 days free trial with 20$ free usage included.
No card. Works with personal or business Render.