GauntletCI logoGauntletCI

Real detections

What GauntletCI actually catches

Six annotated examples from real .NET codebases. These are the patterns that pass code review, pass tests, and fail in production. GauntletCI flags them before the commit is created.

GCI0003

Behavioral change: incompatible method signature

BlockBehavioral Correctness
diff --git
-public IEnumerable<Product> GetProducts(int categoryId)
+public IEnumerable<Product> GetProducts(int categoryId, bool includeArchived)
{
return _repo.Query(categoryId);
}

GCI0003: Required parameter 'includeArchived' added to public method at line 1. Callers in external assemblies compiled against the old signature will throw MissingMethodException at runtime.

GCI0029

PII leak: customer email in structured log

HighSecurity
diff --git
var customer = await _customerService.GetAsync(customerId);
+ _logger.LogInformation("Processing order for {Email}", customer.Email);
await ProcessOrderAsync(customer, order);

GCI0029: PII field 'Email' logged at line 2. Structured log sinks (Application Insights, Datadog, Splunk) persist this value. Review data retention and access policies.

GCI0016

Concurrency: async void event handler

HighConcurrency
diff --git
-private async Task OnOrderReceived(object sender, OrderEventArgs e)
+private async void OnOrderReceived(object sender, OrderEventArgs e)
{
await ProcessOrderAsync(e.Order);
}

GCI0016: Method changed from async Task to async void at line 1. Exceptions thrown inside async void cannot be caught by the caller and will crash the process in .NET.

GCI0004

Breaking change: [Obsolete] guard removed

WarnAPI Contracts
diff --git
-[Obsolete("Use GetOrderV2 instead. Removed in v3.")]
public Task<Order> GetOrder(int id) => GetOrderV2(id);
+public Task<Order> GetOrder(int id) => _repo.FindAsync(id);

GCI0004: [Obsolete] attribute removed from public GetOrder at line 1. Callers lose the deprecation signal and may depend on an API scheduled for removal.

GCI0010

Security: hardcoded connection string

HighSecurity
diff --git
private readonly string _connectionString;
- _connectionString = configuration.GetConnectionString("Default");
+ _connectionString = "Server=prod-db.internal;Database=orders;User Id=sa;Password=P@ssw0rd!";

GCI0010: Hardcoded connection string with embedded credentials at line 4. Credentials committed to version control are compromised. Use IConfiguration or a secrets manager.

GCI0007

Error handling: exception swallowed silently

BlockError Handling
diff --git
try
{
await SendNotificationAsync(order);
}
-catch (Exception ex)
-{
- _logger.LogError(ex, "Notification failed for order {OrderId}", order.Id);
-}
+catch { }

GCI0007: Exception handler removed or emptied at line 9. Errors in SendNotificationAsync will be silently swallowed. Failures will not surface in logs or monitoring.

These are not theoretical

Every pattern above is based on a real class of production incident common to .NET services. GauntletCI's detection rules were built by reverse-engineering incident post-mortems to find the structural signatures visible in the diff before the change was merged.

The analysis is deterministic. No training data. No probability threshold. The same diff produces the same findings every time.

Get started freeView all detection rules