QP19 Pre-commit Hooks Presence

What this means

SiteShadow flagged missing pre-commit hooks (or similar local quality gates). Hooks catch issues before they reach CI, which prevents "quick unsafe changes" from landing.

Why it matters

Pre-commit hooks stop common issues before they reach CI.

Fewer secret leaks when secret scanning runs locally.
Less formatting churn when formatters run before commit.
Faster feedback reduces pressure to bypass checks.

Safer examples

1) Add pre-commit checks for the basics

Format, lint, unit tests (fast subset), secret scanning, and dependency checks.

2) Keep hooks fast

Slow hooks get disabled; run the heavy stuff in CI.

3) Document how to install hooks

One command setup encourages adoption.

How SiteShadow detects it (high level)

Detects missing hook configuration and correlates with lack of "local gates".
Flags repos where issues likely reach CI/mainline unnecessarily.

References

OWASP Top 10: https://owasp.org/Top10/

---

← Back to Vulnerability Library

Request access View coverage