Add Preflyt to every deploy
One command. Runs after every deploy. Catches what you missed.
Run your first scan
Run a one-off scan from anywhere. No install needed.
- Run the command above with your deployed URL
- Results show in under 30 seconds - no install, no signup
- Add --share to get a shareable report link
Block bad deploys
Add --fail to exit with code 1 when issues are found. Your CI stops the deploy.
- The --fail flag makes the command exit with code 1 when issues are found
- Your CI/CD pipeline sees the non-zero exit and stops the deploy
- Remove --fail if you want to see results without blocking
Automate it
Add one line to your deploy pipeline and never think about it again.
Frontend deploys
Vercel, Netlify, static sites
Platforms like Vercel and Netlify deploy behind CDNs. Use a GitHub Action to scan your live URL after each deploy.
GitHub Action
# .github/workflows/preflyt.yml
name: Preflyt Scan
on:
deployment_status:
jobs:
scan:
if: github.event.deployment_status.state == 'success'
runs-on: ubuntu-latest
steps:
- run: npx preflyt-check ${{ vars.PRODUCTION_URL }}- Add this workflow to .github/workflows/preflyt.yml in your repo
- Go to repo Settings > Secrets and variables > Actions > Variables
- Add PRODUCTION_URL with your live site URL (e.g. https://mysite.com)
- Scans run automatically after every successful deploy
You can also run npx preflyt-check https://mysite.com from your terminal anytime for instant results.
Backend deploys
VPS, bare metal, Docker
For servers you control, add a scan to your deploy process. Results show right in your terminal.
Option 1: Git hook (fully automatic)
#!/bin/bash # Save as .git/hooks/post-receive on your server cd /home/myapp git checkout -f npm run build pm2 restart app sleep 5 npx preflyt-check https://mysite.com
- Save this as .git/hooks/post-receive in your server's bare git repo
- Run chmod +x .git/hooks/post-receive
- Every git push triggers a deploy and scan automatically
- Results appear right in your terminal
Option 2: GitHub Actions (CI/CD)
- name: Deploy
run: ./deploy.sh
- name: Security scan
run: npx preflyt-check ${{ vars.PRODUCTION_URL }}- Add the step to your existing workflow YAML
- Set PRODUCTION_URL as a repository variable
- The action runs after your deploy step completes
AI coding agents
Any AI coding agent that supports the AgentSkills spec can run Preflyt automatically - including Claude Code, Cursor, GitHub Copilot, OpenClaw, Cline, and others. Drop the skill file in your project and your agent scans after every deploy.
Add the skill file to your project:
curl -o SKILL.md https://preflyt.dev/skill.md
Your agent reads it and knows to run a scan after every deploy.
Or tell your agent directly:
After deploying, run: npx preflyt-check <deployed-url>
- Download the skill file or paste the command to your agent
- The agent runs a Preflyt scan after each deployment
- HIGH severity findings get flagged before release
Go unlimited
Free tier gives you 3 scans. Pro removes the limit - scan on every deploy without worrying about it.
Troubleshooting
Scan blocked (HTTP 403)
Some hosting providers automatically block non-browser requests. If your scan returns 403:
- Vercel - this is usually Vercel's automatic DDoS protection. It triggers when too many automated requests hit your site in a short window. Wait a few hours and try again, or disable Attack Challenge Mode in project Settings > Firewall
- Cloudflare - pause Under Attack Mode or add a firewall allow rule for the Preflyt scanner
- AWS WAF or custom firewalls - add an allow rule for automated health checks
Preflyt scans are read-only and non-intrusive. Allowing them is safe.
Scan shows no issues but I expected some
If your site is behind a CDN like Vercel or Cloudflare, exposed files and open ports on your origin server may not be visible through the CDN. Scan your backend or API URL directly for more thorough results.
Scan limit reached
Free accounts get 3 scans. For automated pipelines that scan on every deploy, upgrade to Pro for unlimited scans.