Docs / Integrations

Vercel Integration

Automatically scan every preview deployment and get results directly in your workflow.

What it does

The Panache Vercel integration monitors your preview deployments for security issues, performance regressions, SEO problems, and configuration errors. Every time a preview deployment is ready on Vercel, Panache runs a full scan and reports the results. You catch regressions before they reach production.

1. Connect Vercel

Go to your Panache dashboard, then Settings > Integrations. Click "Connect" next to Vercel. You will be redirected to Vercel to authorize the integration. Once connected, your Vercel team name will appear in the Integrations page.

2. Configure a site

Go to Workflow > [your site] > Settings. Set the trigger provider to "Vercel Webhook" and enter your Vercel project ID (found in your Vercel project settings). Optionally, choose where to post results: GitLab MR comment or Vercel Checks API.

3. How scans are triggered

Panache listens for Vercel's deployment.ready webhook. When a preview deployment is ready, a scan starts automatically. Production deployments (target: production) are always skipped. Only preview branches are scanned. You can filter which branches are scanned in the branch filtering settings (all, include matching, or exclude matching patterns).

4. Scan results

Each scan produces a score and a detailed breakdown by category: security, performance, SEO, and best practices. Results are compared to your production score. The delta tells you if the branch introduces regressions or improvements. If an output provider is configured, a summary is posted as a comment on your merge request or as a Vercel Check.

Alternative: Next.js plugin

If you use @withpanache/nextjs, the plugin can also trigger scans automatically during next build. The preview URL is auto-detected from Vercel environment variables. Install the plugin: npm install @withpanache/nextjs Wrap your config: import {withPanache} from "@withpanache/nextjs" export default withPanache({/* your next config */}). Set PANACHE_SITE_TOKEN in your Vercel project environment variables.

Security

All OAuth tokens are encrypted at rest (AES-256-GCM). Webhooks are verified using HMAC signatures. No source code or build artifacts are accessed. Panache only reads the deployment URL and git metadata (branch, commit SHA) from webhooks. Scans are performed against the public preview URL.

Need help?

If you have questions about the Vercel integration or need assistance, reach out at hello@withpanache.dev