Quality Gates
A quality gate is an ordered set of blocking steps that must pass before a release is considered good. Each gate is tied to an application + environment; running it executes the steps in order and stops on the first failing blocking step. Steps can be automated (a scan, an API/UI/performance test) or a manual approval.
Find it in the sidebar under Release → Quality Gates (/quality-gates).
Step types
| Type | What it runs |
|---|---|
SECURITY_SCAN | a scan template (e.g. ZAP, Nuclei) |
API_TEST | an API scenario |
UI_TEST | a UI test |
PERFORMANCE | a performance scenario |
APPROVAL | a manual sign-off by a required role (no automation) |
Each step is blocking (a failure stops the gate) or non-blocking (recorded, but the gate continues).
Create a gate (ADMIN)
- New Gate → give it a name, pick the Application and Environment.
- Add steps. For each step choose a Type; the Resource picker then offers the matching thing to run (a scan template, scenario, ui-test, or perf scenario). For an
APPROVALstep, pick the approver role instead. - Toggle Blocking per step. Create Gate.
Run a gate (ANALYST or ADMIN)
Click the ▶ Run action on a gate, optionally enter a version/tag, and Start Run. You land on the gate detail with the run selected; it auto-refreshes while in flight.
Watch runs & approve (detail page)
/quality-gates/:id shows the gate's steps and its runs (version, status, passed/failed counts, start time). Select a run to see its run-steps with live status.
When a run reaches an APPROVAL step it pauses in WAITING_APPROVAL:
- An ADMIN sees an Approve button on that step — approving records who approved and lets the run continue.
- ANALYST/VIEWER see the button disabled (approval requires ADMIN).
A blocking step that fails stops the run and marks the gate FAILED; if everything passes the gate is PASSED.
Related
- How Scoring Works — the release readiness score
- Release-Coverage Advisor — what an app should test before release