Standard : Quality Gate Compliance

Description

Quality Gate Compliance measures the proportion of code changes, deployments, or builds that pass through automated quality checks—such as static analysis, unit test thresholds, security scans, or policy rules—without being blocked or overridden.

This metric ensures that engineering teams are meeting agreed-upon quality criteria before code is allowed to progress through the delivery pipeline.

How to Use

What to Measure

  • The number of pull requests, builds, or deployments evaluated by quality gates.
  • The number of those that pass all gates versus those that fail or are bypassed.

Formula

Quality Gate Compliance (%) = (Passed Checks / Total Checks Evaluated) × 100

Break down by:

  • Repository, service, or team
  • Type of gate (e.g. test pass rate, code coverage, lint rules, security scan)
  • Pipeline stage (build, test, deploy)

Instrumentation Tips

  • Use CI/CD tooling (e.g. GitHub Actions, GitLab CI, Azure DevOps) to enforce and track gate results.
  • Integrate static analysis tools (e.g. SonarQube, ESLint, Checkov, Bandit).
  • Store results in dashboards and correlate with failure recovery or defect trends.

Why It Matters

  • Prevents defects early: Stops flawed code from progressing.
  • Supports shared standards: Makes team-wide and cross-team policies visible and enforceable.
  • Reduces rework and risk: Catches violations before they reach production.
  • Promotes a culture of quality: Signals that quality is everyone’s responsibility, not a last-minute check.

Best Practices

  • Automate all quality checks to remove subjectivity and improve consistency.
  • Define gates that are meaningful to your system's architecture and domain.
  • Use threshold-based rules (e.g. 80% unit test coverage, 0 critical security issues).
  • Make failures visible and actionable—link gate failures to remediation guides.
  • Gradually raise gate thresholds to improve maturity without blocking flow.

Common Pitfalls

  • Gates are too permissive, allowing risky code through.
  • Overly strict gates block teams without clear remediation.
  • Bypassing gates manually becomes a common workaround.
  • Lack of visibility on gate status across repositories or teams.

Signals of Success

  • Most changes pass gates on first submission.
  • Gate failures lead to quick learning and remediation.
  • Teams proactively monitor and improve gate compliance.
  • Quality gates evolve with architecture and product complexity.
  • [[Test Coverage of Critical Paths]]
  • [[Change Failure Rate]]
  • [[Defect Escape Rate]]
  • [[Build Success Rate]]
  • [[Policy Adherence Score]]