SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP20 Python Project Config Presence

What this means

SiteShadow flagged missing Python project configuration (packaging/tooling config like pyproject.toml, dependency pinning, lint/test tooling setup).

Why it matters

Project configuration standardizes tooling and dependency management.

Safer examples

1) Use pyproject.toml (recommended)

Centralize project metadata and tooling config (formatters, linters, build system).

2) Pin dependencies

Use lockfiles or pinned requirements where appropriate (see DEP01 / A08).

3) Standardize test/lint commands

Make pytest and linting easy to run locally and in CI (see QP02 / QP16).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.