Automated accessibility scanning is integrated in CI/CD

Why it matters

Manual accessibility testing catches only what reviewers know to look for and only in the code paths they exercise. Automated scanning with axe-core or pa11y catches a deterministic subset of WCAG violations — missing alt text, color contrast failures, invalid ARIA — on every build, preventing regressions from silently landing in production. Without CI integration, accessibility quality degrades with each unchecked pull request. WCAG 2.2 SC 1.1.1 and Section 508 compliance require ongoing verification, not one-time review.

Remediation

Add axe-core or pa11y to your CI pipeline so every pull request includes automated accessibility scanning.

# .github/workflows/a11y.yml
name: Accessibility
on: [pull_request]
jobs:
  axe:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - run: npm run build
      - run: npx start-server-and-test 'npm start' 3000 'npx axe-playwright http://localhost:3000'

For React projects, add axe-core to your Jest or Vitest test suite:

import { axe } from 'jest-axe'
it('has no accessibility violations', async () => {
  const { container } = render(<MyPage />)
  expect(await axe(container)).toHaveNoViolations()
})

Start by scanning the homepage, login page, and highest-traffic routes.

Detection

ID: accessibility-wcag.robust.automated-scanning
Severity: info
What to look for: Enumerate every relevant item. Check for accessibility testing tools in the project. Look for axe-core, pa11y, Lighthouse, or similar tools in CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins, etc.). Verify that the scan runs on every pull request or commit.
Pass criteria: At least 1 of the following conditions is met. An automated accessibility scanner is integrated in CI/CD. Critical violations block merges.
Fail criteria: No automated scanning configured, or scan results are ignored.
Skip (N/A) when: Never — automated scanning is recommended for all projects.
Detail on fail: Example: "No accessibility tests in CI/CD pipeline. Manual testing only"

Remediation: Add automated scanning to your CI/CD:

# .github/workflows/accessibility.yml
name: Accessibility Tests
on: [pull_request]
jobs:
  axe:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: npm ci
      - run: npx axe-core [sites or pages to scan]

Or use pa11y in npm scripts:

npm install --save-dev pa11y-ci
npx pa11y-ci

Why it matters

Remediation

Add axe-core or pa11y to your CI pipeline so every pull request includes automated accessibility scanning.

# .github/workflows/a11y.yml
name: Accessibility
on: [pull_request]
jobs:
  axe:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - run: npm run build
      - run: npx start-server-and-test 'npm start' 3000 'npx axe-playwright http://localhost:3000'

For React projects, add axe-core to your Jest or Vitest test suite:

import { axe } from 'jest-axe'
it('has no accessibility violations', async () => {
  const { container } = render(<MyPage />)
  expect(await axe(container)).toHaveNoViolations()
})

Start by scanning the homepage, login page, and highest-traffic routes.

Detection

ID: accessibility-wcag.robust.automated-scanning
Severity: info
What to look for: Enumerate every relevant item. Check for accessibility testing tools in the project. Look for axe-core, pa11y, Lighthouse, or similar tools in CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins, etc.). Verify that the scan runs on every pull request or commit.
Pass criteria: At least 1 of the following conditions is met. An automated accessibility scanner is integrated in CI/CD. Critical violations block merges.
Fail criteria: No automated scanning configured, or scan results are ignored.
Skip (N/A) when: Never — automated scanning is recommended for all projects.
Detail on fail: Example: "No accessibility tests in CI/CD pipeline. Manual testing only"

Remediation: Add automated scanning to your CI/CD:

# .github/workflows/accessibility.yml
name: Accessibility Tests
on: [pull_request]
jobs:
  axe:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: npm ci
      - run: npx axe-core [sites or pages to scan]

Or use pa11y in npm scripts:

npm install --save-dev pa11y-ci
npx pa11y-ci

Automated accessibility scanning is integrated in CI/CD

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Automated accessibility scanning is integrated in CI/CD

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History