Back to Documentation

Installation Guide

Get RSOLV up and running in your repository in just a few minutes.

Prerequisites Checklist

  • A GitHub repository with admin access
  • GitHub Actions enabled in your repository
  • GitHub Issues enabled in your repository (RSOLV reports vulnerabilities as issues)
  • 5-10 minutes to complete setup

1 Get Your RSOLV API Key

  1. Visit rsolv.dev/signup and create an account
  2. Complete email verification
  3. Navigate to your dashboard at rsolv.dev/portal
  4. Copy your API key from the API Keys section

Free Plan: Free accounts include 5 validations per month. Scan mode is always free and unlimited.

2 Add API Key to GitHub Secrets

Store your RSOLV API key securely as a GitHub Secret:

  1. Go to your repository on GitHub
  2. Click SettingsSecrets and variablesActions
  3. Click New repository secret
  4. Set the name to: RSOLV_API_KEY
  5. Paste your API key in the value field
  6. Click Add secret

Security Note: Never commit API keys directly to your repository. Always use GitHub Secrets.

3 Create GitHub Actions Workflow

Create a new file in your repository at: 

.github/workflows/rsolv-security.yml

Option A: Simple Scan (Recommended to Start)

This workflow runs on every push to main and detects vulnerabilities without applying fixes: 

name: RSOLV Security Scan

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      issues: write

    steps:
      - uses: actions/checkout@v4

      - name: RSOLV Security Scan
        uses: RSOLV-dev/rsolv-action@v4
        with:
          rsolvApiKey: ${{ secrets.RSOLV_API_KEY }}
          mode: 'scan'

Option B: Full Pipeline (Scan + Matrix Process)

This workflow scans for vulnerabilities, then processes each issue independently using a matrix strategy to validate and create fix pull requests: 

name: RSOLV Security Pipeline

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  scan:
    runs-on: ubuntu-latest
    outputs:
      pipeline_run_id: ${{ steps.rsolv.outputs.pipeline_run_id }}
      issue_numbers: ${{ steps.rsolv.outputs.issue_numbers }}
    permissions:
      contents: write
      issues: write
    steps:
      - uses: actions/checkout@v4
      - name: Scan for vulnerabilities
        id: rsolv
        uses: RSOLV-dev/RSOLV-action@v4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          rsolvApiKey: ${{ secrets.RSOLV_API_KEY }}
          mode: 'scan'
          max_issues: '3'

  process:
    needs: scan
    if: needs.scan.outputs.issue_numbers != '[]'
    strategy:
      matrix:
        issue_number: ${{ fromJSON(needs.scan.outputs.issue_numbers) }}
      fail-fast: false
      max-parallel: 1
    runs-on: ubuntu-latest
    permissions:
      contents: write
      issues: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - name: Validate and fix issue
        uses: RSOLV-dev/RSOLV-action@v4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          rsolvApiKey: ${{ secrets.RSOLV_API_KEY }}
          mode: 'process'
          pipeline_run_id: ${{ needs.scan.outputs.pipeline_run_id }}
          issue_number: ${{ matrix.issue_number }}

Tip: Start with Option A (scan only) to review detected vulnerabilities. Upgrade to Option B when you're ready for automated fixes.

4 Commit and Verify Installation

Commit the workflow file 

git add .github/workflows/rsolv-security.yml
git commit -m "Add RSOLV security workflow"
git push origin main

Verify the workflow runs

  1. Go to your repository's Actions tab
  2. You should see "RSOLV Security Scan" or "RSOLV Security Pipeline" workflow running
  3. Click on the workflow run to view progress
  4. Wait for completion (typically 2-5 minutes)

Check for detected vulnerabilities

  • Navigate to your repository's Issues tab
  • Look for issues labeled security and rsolv
  • Each issue describes a detected vulnerability with file location and details

Common Installation Issues

Workflow fails with "Invalid API key"

  • Verify the secret name is exactly RSOLV_API_KEY
  • Check that you copied the full API key from your dashboard
  • Regenerate your API key if necessary

No issues created after scan

  • Great news! Your code may not have detectable vulnerabilities
  • Check workflow logs to confirm scan completed successfully
  • RSOLV only creates issues for confirmed vulnerabilities (AST-validated)

Scan fails with "410" or "Issues has been disabled"

  • GitHub Issues must be enabled for RSOLV to report vulnerabilities
  • Go to Settings → General → Features and check Issues
  • This is common on forked repositories, where GitHub disables Issues by default

Permission errors

  • Ensure permissions block is present in your workflow (see examples above)
  • For organizations: Settings → Actions → General → Allow GitHub Actions to create PRs
  • Verify you have admin access to the repository

For more help, see the Troubleshooting Guide or email support@rsolv.dev.

Next Steps

Getting Started Tutorial

Learn how to run your first security scan

Workflow Templates

Advanced workflow patterns and examples

Configuration Guide

Customize RSOLV for your needs

FAQ

Common questions about pricing and features