SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP15 CI Workflows Presence

What this means

SiteShadow flagged missing CI workflow definitions (or missing evidence that CI is running). Without workflows, tests and security checks often run inconsistently or not at all.

Why it matters

Without CI workflows, tests and security checks may not run.

Safer examples

1) Add CI workflows for your stack

Run tests, linting, and basic security checks on every PR and on main.

2) Fail builds on broken checks

Treat failures as blockers; don't "greenwash" by making checks optional.

3) Keep CI fast and deterministic

Cache dependencies and pin tool versions so CI remains reliable.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.