SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP21 Java Style Guide Presence

What this means

SiteShadow flagged missing Java style configuration (Checkstyle/Spotless/formatter config) or missing enforcement signals.

Why it matters

Style configuration enforces consistent code practices.

Safer examples

1) Add a Java formatter / style tool

Use Checkstyle/Spotless/Google Java Format, and commit the config.

2) Enforce style in CI

Fail builds when formatting/lint checks fail (see QP02 / QP15).

3) Keep rules consistent across modules

In multi-module projects, share a single config to avoid drift.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.