Skip to main content
Quality gates can be configured at the repository level using a configuration file. This allows teams to version control their quality standards alongside their code and override organization-level settings when needed.

Setup

1. Create Quality Gates Configuration File

Create a quality_gates_conditions.json file in the .codeant folder in your repository root: 
your-repo/
├── .git/
├── .codeant/
│   ├── instructions.json
│   ├── review.json
│   └── quality_gates_conditions.json
├── src/
└── package.json

2. Define Quality Gate Conditions

The quality_gates_conditions.json file allows you to specify quality gate conditions that will be enforced for your repository, taking full precedence over organization or repository database configurations.

Configuration Format

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "metric-name",
                "operator": "comparison-operator",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}

Configuration Options

  • enabled (boolean, required): Controls whether quality gates are active for this repository
    • true: Enable quality gates with the defined conditions
    • false: Disable all quality gates for this repository
  • conditions (array, required when enabled): List of quality gate conditions to enforce
  • metric (string): The code quality metric to monitor
  • operator (string): Comparison operator for the condition
    • "LESS_THAN": Value must be less than threshold
    • "GREATER_THAN": Value must be greater than threshold
    • "EQUALS": Value must equal threshold
    • "LESS_THAN_OR_EQUALS": Value must be less than or equal to threshold
    • "GREATER_THAN_OR_EQUALS": Value must be greater than or equal to threshold
  • value (string): The threshold value for comparison
  • scope (array): Where the condition applies
    • "commit": Apply to individual commits
    • "pull_request": Apply to pull requests
    • Can specify both: ["commit", "pull_request"]

Available Metrics

Security Metrics

Secrets Detection: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "secrets",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}
Ensures no hardcoded secrets (API keys, passwords, tokens) are committed to the repository. Critical Security Issues: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "critical_security_issues",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["pull_request"]
            }
        ]
    }
}
Blocks pull requests with critical security vulnerabilities. High Security Issues: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "high_security_issues",
                "operator": "LESS_THAN_OR_EQUALS",
                "value": "2",
                "scope": ["pull_request"]
            }
        ]
    }
}
Allows a maximum of 2 high-severity security issues per pull request.

Code Quality Metrics

Critical Bugs: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "critical_bugs",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}
Prevents any critical bugs from being merged. Code Coverage: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "code_coverage",
                "operator": "GREATER_THAN_OR_EQUALS",
                "value": "80",
                "scope": ["pull_request"]
            }
        ]
    }
}
Requires at least 80% code coverage for pull requests. Technical Debt: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "technical_debt_ratio",
                "operator": "LESS_THAN",
                "value": "5",
                "scope": ["pull_request"]
            }
        ]
    }
}
Limits technical debt ratio to less than 5%.

Software Composition Analysis (SCA)

Vulnerable Dependencies: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "vulnerable_dependencies",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["pull_request"]
            }
        ]
    }
}
Blocks pull requests that introduce dependencies with known vulnerabilities. High Severity CVEs: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "high_severity_cves",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}
Ensures no high-severity CVEs are introduced through dependencies. License Compliance: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "non_compliant_licenses",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["pull_request"]
            }
        ]
    }
}
Prevents dependencies with non-compliant licenses from being added.

Code Complexity Metrics

Cyclomatic Complexity: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "cyclomatic_complexity",
                "operator": "LESS_THAN",
                "value": "15",
                "scope": ["pull_request"]
            }
        ]
    }
}
Limits maximum cyclomatic complexity per function. Duplicated Code: 
{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "duplicated_lines_percentage",
                "operator": "LESS_THAN",
                "value": "3",
                "scope": ["pull_request"]
            }
        ]
    }
}
Ensures less than 3% of code is duplicated.

Sample quality_gates_conditions.json

Balanced Quality Configuration

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "secrets",
                "operator": "GREATER_THAN",
                "value": "0",
                "scope": ["commit", "pull_request"],
                "exclude_files": ["Analysis/**"]
            },
            {
                "metric": "sca",
                "operator": "GREATER_THAN",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}

Complete Configuration with File Exclusions

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "secrets",
                "operator": "GREATER_THAN",
                "value": 0,
                "scope": ["commit", "pull_request"]
            },
            {
                "metric": "sast",
                "operator": "GREATER_THAN",
                "value": 0,
                "scope": ["commit", "pull_request"]
            },
            {
                "metric": "sca",
                "operator": "GREATER_THAN",
                "value": 0,
                "scope": ["commit", "pull_request"]
            },
            {
                "metric": "new_coverage_percentage",
                "operator": "LESS_THAN",
                "value": 90,
                "scope": ["pull_request"]
            }
        ]
    }
}

Disabled Quality Gates

{
    "quality_gate": {
        "enabled": false
    }
}
Use this configuration to completely disable quality gates for a specific repository, even if they’re enabled at the organization level.

Configuration Precedence

Quality gate settings follow a specific precedence hierarchy:
  1. Repository Configuration File (Highest Priority)
    • If .codeant/quality_gates_conditions.json exists in the repository, its settings take full precedence
    • A repository file with "enabled": false disables quality gates for that repository
    • All conditions defined in the file override any organization or repository database settings
  2. Repository Database Settings (Medium Priority)
    • Explicit repository-level settings in the database or S3
    • Used when no repository configuration file exists
  3. Organization Settings (Lowest Priority)
    • Organization-level default settings
    • Applied to repositories that have no repository-specific configuration
Example Scenarios:
  • Repo file exists with enabled: true → Uses conditions from repo file only
  • Repo file exists with enabled: false → Quality gates disabled, ignores all other settings
  • No repo file, repo DB has settings → Uses repo DB settings
  • No repo file, no repo DB settings → Inherits from organization settings
  • No repo file, repo explicitly disabled in DB → Quality gates disabled

How It Works

  1. File Detection: CodeAnt AI automatically detects the quality_gates_conditions.json file in your .codeant/ directory
  2. Configuration Loading: When a commit or pull request is created, CodeAnt loads the quality gates configuration in precedence order
  3. Condition Evaluation: Each defined condition is evaluated against the code analysis results
  4. Gate Status:
    • Pass: All conditions meet their thresholds
    • Fail: One or more conditions don’t meet their thresholds
  5. Integration: Results are reported to your Git provider as status checks on commits and pull requests

Best Practices

  • Version Control: Store the configuration file in your repository so changes are tracked and reviewed
  • Team Consensus: Discuss and agree on quality thresholds with your team before implementing
  • Start Conservative: Begin with relaxed thresholds and gradually tighten as code quality improves
  • Zero Tolerance for Secrets: Always set secrets detection to zero to prevent credential leaks
  • Security First: Prioritize security metrics (secrets, vulnerabilities) over quality metrics
  • Document Exceptions: If disabling quality gates, document the reason in your team’s documentation
  • Regular Review: Periodically review and adjust thresholds as your codebase and team standards evolve
  • Test Changes: Test configuration changes in a feature branch before applying to main branches

Migration from UI Configuration

If you’re currently using UI-based quality gate configuration and want to migrate to repository-based configuration:
  1. Export Current Settings: Document your current quality gate conditions from the Analysis Configuration page
  2. Create Configuration File: Add .codeant/quality_gates_conditions.json with equivalent settings
  3. Test in Branch: Create a test pull request to verify the conditions work as expected
  4. Commit and Deploy: Once verified, merge the configuration file to your main branch
  5. Clean Up (Optional): You can keep or remove the UI-based configuration; the repository file will take precedence regardless
Once configured, quality gates will automatically enforce your standards on every commit and pull request, ensuring consistent code quality across your team.