Skip to main content

Remove commented-out code


The source code must not contain commented-out code when it is deployed to the production environment.


Commented-out code often represents pieces of logic or functionality that is incomplete or used for testing purposes. Leaving such code in the source can lead to the accidental use of outdated or obsolete code by developers. This code may contain security vulnerabilities, deprecated functions, or sensitive information that should not be present in the production environment. When this type of code is present increases the risk of exposing security weaknesses to potential attackers.

Supported In

This requirement is verified in following services



free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.