QP16 Test Configuration Presence
What this means
SiteShadow flagged missing test configuration signals (framework config, runner settings, coverage config). This often correlates with tests being hard to run consistently, which increases security drift.
Why it matters
Test configuration helps standardize execution and coverage.
- Inconsistent runs: tests behave differently across machines/CI.
- Low coverage on critical paths: auth, permissions, and validation regress.
- Harder onboarding: new contributors skip tests because setup is unclear.
Safer examples
1) Add explicit test runner config
Examples: pytest.ini, jest.config.*, vitest.config.*, go test conventions, etc.
2) Add coverage and environment configuration
Configure coverage reporting and test env vars consistently.
3) Document how to run tests locally
Add a short "Test" section in README.md.
How SiteShadow detects it (high level)
- Detects missing test configuration files commonly associated with your stack.
- Flags repositories where tests exist but appear hard to run or not integrated with CI.
References
- OWASP Top 10: https://owasp.org/Top10/
---