SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP04 Code Reviews Practices

What this means

SiteShadow flagged signals that code reviews may be bypassed or not required for changes that reach mainline.

Why it matters

Code review is a core control for quality and security.

Safer examples

1) Require PRs and reviews for mainline

Protect main/master; block direct pushes.

2) Use a security checklist for risky changes

Auth, permissions, crypto, file handling, outbound requests, dependency updates.

3) Enforce "two person" rule for sensitive areas

Require additional reviewers for auth/infra/security config changes.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.