Rule Library

Governance Rule Playbooks

18 governance rules across 7 categories, each with severity rating, detection scope, and step-by-step remediation guidance. Rules are applied automatically on every workflow upload.

18 active rules7 categoriesUiPath · Power Automate · Automation Anywhere

Hardcoded Values

1 rule
criticalANL-001

ANL-001: Hardcoded Value

Hardcoded credential or sensitive value detected.

uipath

Selector Quality

1 rule
highANL-002

ANL-002: Fragile Selector

UI selector uses volatile runtime attributes.

uipath

Error Handling

6 rules
highANL-003

ANL-003: Missing Retry Scope

Activity has no surrounding Retry Scope.

uipath
highANL-004

ANL-004: Unguarded Ui Action

UI interaction activity lacks error handling.

uipath
highERR-001

ERR-001: Missing Try Catch External

External HTTP/API call has no surrounding Try/Catch block

uipath · power_automate · aa · blue_prism
highERR-005

ERR-005: Exception Swallowed

Catch block exists but does not log or rethrow the exception

uipath · power_automate · aa · blue_prism
highERR-007

ERR-007: Infinite Retry No Limit

RetryScope or retry loop has no maximum retry count set

uipath · power_automate
highPA-001

PA-001: Pa Unguarded Http

HTTP or connector action has no downstream failure handler (runAfter: Failed/TimedOut).

uipath

Maintainability

2 rules
mediumANL-005

ANL-005: Excessive Nesting

Workflow nesting depth exceeds recommended threshold.

uipath
mediumANL-006

ANL-006: Delay Activity

Hard-coded Delay activity detected.

uipath

Observability

1 rule
lowANL-007

ANL-007: Missing Log Message

Workflow contains no log message activities.

uipath

Credentials & Secrets

4 rules
criticalCRED-001

CRED-001: Hardcoded Connection String

Hardcoded database connection string with embedded credentials

uipath · power_automate · aa
criticalCRED-001

CRED-001: Hardcoded Connection String

Hardcoded database connection string with embedded credentials

uipath · power_automate · aa
criticalCRED-002

CRED-002: Hardcoded Api Key

API key or token stored as plaintext workflow variable

uipath · power_automate · aa · blue_prism
criticalCRED-002

CRED-002: Hardcoded Api Key

API key or token stored as plaintext workflow variable

uipath · power_automate · aa · blue_prism

PII Handling

3 rules
criticalPII-001

PII-001: Pii No Audit Log

PII field (SSN/DOB/email/phone) accessed without surrounding log activity

uipath · power_automate · aa
criticalPII-003

PII-003: Financial Data No Audit

Financial account number or card data accessed without audit logging

uipath · power_automate · aa · blue_prism
highPII-002

PII-002: Pii Unmasked Log

PII field value written directly to log output

uipath · power_automate · aa

Rules are applied automatically when you upload a workflow. No configuration required on Starter. Policy packs let you override severity thresholds and add exemptions on Growth and above.

See plansAPI integration →