continue-on-error masking failures
==================================

.. list-table::
   :stub-columns: 1
   :widths: 20 80

   * - Rule ID
     - ``continue_on_error_abuse``
   * - Category
     - reliability
   * - Severity
     - medium

continue-on-error: true is set on a step that is not explicitly intended to be optional. This can silently hide real failures.

Detection
---------

``static_analysis`` — Checks field presence or value in the workflow YAML.

Examples
--------

**Non-compliant:**

.. code-block:: yaml

   jobs:
     ci:
       steps:
         - name: Run tests
           run: npm test
           continue-on-error: true

**Compliant:**

.. code-block:: yaml

   jobs:
     ci:
       steps:
         - name: Run tests
           run: npm test

**Fix**: Remove continue-on-error: true from non-optional steps. If the step is genuinely optional (e.g. coverage upload), add a comment explaining why.