QP08 Standards & Style Guides Practices

What this means

SiteShadow flagged missing or disabled language/stack standards (formatting, linting, and project conventions). Inconsistent standards slow down review and increase security drift.

Why it matters

Skipping standards can lead to inconsistent code and higher defect rates.

Security fixes apply inconsistently when code patterns vary widely.
Onboarding friction leads to more mistakes in sensitive areas.
Harder automation (lint/test/CI) when projects don't follow conventions.

Safer examples

1) Adopt stack-appropriate standards

Examples: ESLint + Prettier (JS/TS), Black/Ruff (Python), gofmt/golangci-lint (Go).

2) Enforce standards automatically

Run formatters/linters in CI and via pre-commit hooks.

3) Document conventions

Add a short CONTRIBUTING.md / "How to run checks" section to make compliance easy.

How SiteShadow detects it (high level)

Detects whether standards config files exist and appear to be enforced.
Flags repos where standards are absent or not integrated into CI/dev workflow.

References

OWASP Top 10: https://owasp.org/Top10/

---

← Back to Vulnerability Library

Request access View coverage