Representative analysis across 3 workflow files. Org name and file names are fictional. Live coverage depends on the currently shipped ruleset for your file type.
Overall Health Score
Invoice_Processing_v3.xamlcriticalCustomer_Refund_Bot.xamlwarningHR_Onboarding_Flow.jsonhealthyCRED-001Invoice_Processing_v3.xamlHardcoded SQL connection string with plaintext password in InvokeCode activity.
PII-001HR_Onboarding_Flow.jsonSSN and date-of-birth fields read and transformed with no surrounding audit log events.
ERR-001Customer_Refund_Bot.xamlExternal HTTP call to payment gateway has no Try/Catch block.
GOV-001Invoice_Processing_v3.xamlWorkflow has no version metadata, owner annotation, or change tracking comments.
VAL-001HR_Onboarding_Flow.jsonForm input used directly in a query expression without sanitization.
ERR-002Customer_Refund_Bot.xamlQueue item processing loop has no explicit timeout — unhandled hangs will block indefinitely.
LOG-001Invoice_Processing_v3.xamlInvoice amount written directly to log message, creating a financial data leakage risk.
GOV-002Customer_Refund_Bot.xamlNo description field set on the workflow project — reduces discoverability in reviews.
PERF-001HR_Onboarding_Flow.jsonDelay activity uses a hardcoded 5-second wait with no configurable timeout parameter.
GOV-003Invoice_Processing_v3.xamlWorkflow has no assigned reviewer or owner in org metadata.
Upload a .xaml or .json file and get back a scored report with the same structure — findings, severity, and remediation — in under a minute.