QP15 CI Workflows Presence

What this means

SiteShadow flagged missing CI workflow definitions (or missing evidence that CI is running). Without workflows, tests and security checks often run inconsistently or not at all.

Why it matters

Without CI workflows, tests and security checks may not run.

Regressions land unnoticed because nothing enforces checks on PRs.
Security gates are missing (dependency scanning, secret scanning, linting).
Slower releases because validation is manual.

Safer examples

1) Add CI workflows for your stack

Run tests, linting, and basic security checks on every PR and on main.

2) Fail builds on broken checks

Treat failures as blockers; don't "greenwash" by making checks optional.

3) Keep CI fast and deterministic

Cache dependencies and pin tool versions so CI remains reliable.

How SiteShadow detects it (high level)

Detects absence of common CI workflow files/configuration.
Flags repos where automated validation signals are missing.

References

OWASP Top 10: https://owasp.org/Top10/

---

← Back to Vulnerability Library

Request access View coverage