Set Up Quality Gates
Quality gates define the minimum standards your code must meet. When a scan or PR review runs, CodeStax evaluates the results against your gate conditions. If any condition fails, the gate fails — and you can optionally block merges until issues are resolved.
What Quality Gates Check
Setting Up Your First Quality Gate
Configuration Reference
Core Gate Settings
| Setting | Type | Default | Description |
|---|---|---|---|
| Risk Threshold | Slider (0-100) | 75 | Maximum acceptable risk score. Lower = stricter |
| Block Merge on Gate Failure | Toggle | Off | When enabled, PRs that fail the gate cannot be merged |
| Reliability Rating | A-E selector | A, B | Minimum acceptable reliability grade |
| Security Rating | A-E selector | A | Minimum acceptable security grade |
| Maintainability Rating | A-E selector | A, B, C | Minimum acceptable maintainability grade |
| Max Cyclomatic Complexity | Slider (0-100) | 60 | Maximum complexity score before gate fails |
| Max Critical Issues | Dropdown | 0 (Zero tolerance) | Maximum critical findings allowed |
| Max High Issues | Dropdown | Unlimited | Maximum high-severity findings allowed |
Code Quality Gate Settings
| Setting | Type | Default | Description |
|---|---|---|---|
| Fail on Dead Code | Toggle | Off | Fail the gate if dead/unreachable code is detected |
| Fail on Duplicates Above % | Slider (0-50%) | Disabled (0) | Fail the gate if code duplication exceeds this percentage |
How Gates Are Evaluated
Quality gates use an all-must-pass model. Every configured condition is checked independently:
Gate Result = ALL conditions must pass
Condition 1: Risk Score (45) < Threshold (75) ✓ Pass
Condition 2: Reliability Rating (B) in [A, B] ✓ Pass
Condition 3: Security Rating (B) in [A] ✗ FAIL
Condition 4: Complexity Score (38) < Max (60) ✓ Pass
Condition 5: Critical Issues (0) <= Max (0) ✓ Pass
Overall: FAILED (Security rating B not in allowed [A])The quality gate status appears on:
- The Code Health Dashboard as a pass/fail badge
- PR review comments posted to GitHub, GitLab, or Bitbucket
- Commit status checks that block or allow merging
Per-Repository Overrides
Different repositories may need different standards. A greenfield microservice might have strict gates, while a legacy monolith needs more lenient ones.
Recommended Starting Configuration
For teams new to quality gates:
| Setting | Recommended Start | Tighten To (After 1 Month) |
|---|---|---|
| Risk Threshold | 75 | 60 |
| Reliability | A, B, C | A, B |
| Security | A, B | A |
| Maintainability | A, B, C | A, B, C |
| Max Critical | 0 | 0 |
| Max High | Unlimited | 10 |
| Block Merge | Off | On |
Related Guides
- Configure Code Quality Tools — Adjust what the scanner reports
- Set Up PR Reviews — Enforce gates on pull requests
- Monitor Code Health — Track quality trends over time