What Is a Quality Gate?
A quality gate is a pass/fail checkpoint that blocks a change from progressing unless it meets defined thresholds - coverage, security, or test results.
CI produces lots of signals: test results, coverage numbers, security findings. A quality gate turns those signals into an enforceable decision - it stops a change from merging or deploying when the signals fall below your standards.
What a gate evaluates
- Test results - all tests must pass.
- Coverage thresholds - no drop below a set percentage.
- Security findings - no new critical or high vulnerabilities.
How gates are enforced
A gate is a required check: branch protection or a deploy condition refuses to proceed unless the check passes. This makes the standard non-negotiable rather than advisory.
A small example
A branch protection rule that requires the "tests", "lint", and "coverage" checks to pass means a pull request simply cannot merge until all three are green - the gate is enforced by the platform, not by reviewer discipline.
Designing good gates
Gate on deltas, not absolutes, where possible - "do not make coverage worse" is more actionable than a blanket number on a legacy codebase. Keep gates fast and meaningful so they protect quality without becoming friction people route around.
Avoid gate fatigue
A flaky or slow gate gets bypassed or rubber-stamped. Keep gates reliable and quick, and reserve hard blocks for things that genuinely matter, so a red gate is always a real signal worth stopping for.
Key takeaways
- A quality gate blocks changes that fail defined thresholds.
- Common gates cover tests, coverage, and security findings.
- Gating on deltas is often more practical than absolute thresholds.