SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP01 Version Control Practices

What this means

SiteShadow flagged signals that version control practices may be missing or discouraged (no git history/lock-in, code shared outside VCS, or workflows that bypass review/traceability).

Why it matters

Without version control, auditing, rollback, and review are difficult.

Safer examples

1) Use git (or equivalent) for all code and configs

Include application code, infrastructure-as-code, and security config in version control.

2) Require PRs for changes

Use protected branches and require reviews for mainline merges.

3) Tag releases and maintain change history

Releases + changelogs make incident response and rollback much faster.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.