diff --git a/.github/workflows/sign.yml b/.github/workflows/sign.yml
index 9fa6996..eb6e7a4 100644
--- a/.github/workflows/sign.yml
+++ b/.github/workflows/sign.yml
@@ -35,13 +35,14 @@ jobs:
           MEALIENT_KEY_PASSWORD: ${{ secrets.MEALIENT_KEY_PASSWORD }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          APPSWEEP_API_KEY: ${{ secrets.APPSWEEP_API_KEY }}
         run: |
           echo "$MEALIENT_KEY_STORE" | base64 -d > app/keystore.jks
           echo "storeFile=keystore.jks" > keystore.properties
           echo "storePassword=$MEALIENT_KEY_STORE_PASSWORD" >> keystore.properties
           echo "keyAlias=$MEALIENT_KEY_ALIAS" >> keystore.properties
           echo "keyPassword=$MEALIENT_KEY_PASSWORD" >> keystore.properties
-          ./gradlew build sonarqube --no-daemon
+          ./gradlew build sonarqube uploadToAppSweepRelease --no-daemon
           cp app/build/outputs/apk/release/*.apk mealient-release.apk
 
       - name: Upload signed APK
diff --git a/build.gradle b/build.gradle
index 1059e5b..a252249 100644
--- a/build.gradle
+++ b/build.gradle
@@ -31,6 +31,13 @@ buildscript {
     }
 }
 
+plugins {
+    // https://plugins.gradle.org/plugin/org.sonarqube
+    id "org.sonarqube" version "3.3"
+    // https://github.com/Guardsquare/appsweep-gradle/releases
+    id "com.guardsquare.appsweep" version "1.0.0"
+}
+
 task clean(type: Delete) {
     delete rootProject.buildDir
 }
\ No newline at end of file