SiteShadow
Back to vulnerability library
Detected byPro-tier static analysisPro

CICD01 CI/CD Security Gates Missing

What this means

SiteShadow flagged CI/CD pipelines where security gates are missing, disabled, or easily bypassed (tests not required, scans optional, approvals missing, artifacts unsigned/untracked).

Why it matters

Disabling gates increases the chance of shipping vulnerable code.

Safer examples

1) Require checks before merge

2) Add basic security scanning

3) Control who can release

Restrict deploy credentials, use ephemeral CI tokens, and log release actions.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.