-
Notifications
You must be signed in to change notification settings - Fork 0
Detector: CI CD Drift
Jacob Centner edited this page Apr 13, 2026
·
1 revision
Detects stale file path references in GitHub Actions workflows and Dockerfiles.
| Property | Value |
|---|---|
| Name | cicd-drift |
| Tier | DETERMINISTIC |
| Languages | Any (YAML/Dockerfile) |
| External tool | None |
| LLM required | No |
| Confidence | 0.90 |
Paths declared in CI/CD configuration that no longer exist in the repo:
-
GitHub Actions: local action paths (
uses: ./...),working-directory,path,file,entrypointvalues -
Dockerfiles:
COPY/ADDsource paths
- Scans
.github/workflows/*.ymlfor local action paths and path-valued keys - Scans all
Dockerfile*files forCOPY/ADDsource paths - Checks whether each referenced path exists on disk
- Skips glob patterns, absolute paths, URLs,
$-templated values, and--from=multi-stage COPY - Produces a MEDIUM severity finding for each missing path
All findings are MEDIUM — a stale path in CI will cause build failures.
[CICD-DRIFT] .github/workflows/ci.yml (line 42)
The working-directory reference 'build/legacy' points to a path that does
not exist in the repository.
Severity: MEDIUM, Confidence: 0.90
No detector-specific config. Enable/disable via the standard mechanism:
[sentinel]
enabled_detectors = ["cicd-drift"]Local Repo Sentinel · MIT License
Getting Started
Reference
Detectors
- Detector: Todo Scanner
- Detector: Complexity
- Detector: Dead Code
- Detector: Dep Audit
- Detector: Docs Drift
- Detector: Unused Deps
- Detector: Lint Runner
- Detector: ESLint Runner
- Detector: Go Linter
- Detector: Rust Clippy
- Detector: Git Hotspots
- Detector: Stale Env
- Detector: Semantic Drift
- Detector: Test Coherence
- Detector: CI/CD Drift
- Detector: Architecture Drift
- Detector: Inline Comment Drift
- Detector: Intent Comparison
Advanced
Workflow