Skip to main content
Quality gates can be configured at the repository level using a configuration file. This allows teams to version control their quality standards alongside their code and override organization-level settings when needed.

Setup

1. Create Quality Gates Configuration File

Create a quality_gates_conditions.json file in the .codeant folder in your repository root: 
your-repo/
├── .git/
├── .codeant/
│   ├── instructions.json
│   ├── review.json
│   └── quality_gates_conditions.json
├── src/
└── package.json

2. Define Quality Gate Conditions

The quality_gates_conditions.json file allows you to specify quality gate conditions that will be enforced for your repository, taking full precedence over organization or repository database configurations.

Configuration Format

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "metric-name",
                "operator": "comparison-operator",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}

Configuration Options

  • enabled (boolean, required): Controls whether quality gates are active for this repository
    • true: Enable quality gates with the defined conditions
    • false: Disable all quality gates for this repository
  • conditions (array, required when enabled): List of quality gate conditions to enforce
  • metric (string): The code quality metric to monitor
  • operator (string): Comparison operator for the condition
    • "LESS_THAN": Value must be less than threshold
    • "GREATER_THAN": Value must be greater than threshold
    • "EQUALS": Value must equal threshold
    • "LESS_THAN_OR_EQUALS": Value must be less than or equal to threshold
    • "GREATER_THAN_OR_EQUALS": Value must be greater than or equal to threshold
  • value (string): The threshold value for comparison
  • scope (array): Where the condition applies
    • "commit": Apply to individual commits
    • "pull_request": Apply to pull requests
    • Can specify both: ["commit", "pull_request"]

Available Metrics

Security Issues Count

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "security_issues_count",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}
Ensures no security issues are present in the code.

High Severity Issues

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "high_severity_issues",
                "operator": "LESS_THAN_OR_EQUALS",
                "value": "2",
                "scope": ["pull_request"]
            }
        ]
    }
}
Allows a maximum of 2 high-severity security issues per pull request.

New Coverage Percentage

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "new_coverage_percentage",
                "operator": "GREATER_THAN_OR_EQUALS",
                "value": "80",
                "scope": ["pull_request"]
            }
        ]
    }
}
Requires at least 80% code coverage for new code in pull requests.

Duplicated Lines Density

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "duplicated_lines_density",
                "operator": "LESS_THAN",
                "value": "3",
                "scope": ["pull_request"]
            }
        ]
    }
}
Ensures duplicated lines density is less than 3%.

Infrastructure as Code (IaC)

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "iac",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            }
        ]
    }
}
Blocks commits and pull requests with Infrastructure as Code security issues.

Software Composition Analysis (SCA)

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "sca",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["pull_request"]
            }
        ]
    }
}
Prevents dependencies with known vulnerabilities from being added.

Sample Configuration

Comprehensive Quality Configuration

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "security_issues_count",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            },
            {
                "metric": "high_severity_issues",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["pull_request"]
            },
            {
                "metric": "sca",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            },
            {
                "metric": "iac",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"]
            },
            {
                "metric": "new_coverage_percentage",
                "operator": "GREATER_THAN_OR_EQUALS",
                "value": "80",
                "scope": ["pull_request"]
            },
            {
                "metric": "duplicated_lines_density",
                "operator": "LESS_THAN",
                "value": "3",
                "scope": ["pull_request"]
            }
        ]
    }
}

Configuration with File Exclusions

{
    "quality_gate": {
        "enabled": true,
        "conditions": [
            {
                "metric": "security_issues_count",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["commit", "pull_request"],
                "exclude_files": ["tests/**", "*.test.js"]
            },
            {
                "metric": "sca",
                "operator": "EQUALS",
                "value": "0",
                "scope": ["pull_request"]
            }
        ]
    }
}

Disabled Quality Gates

{
    "quality_gate": {
        "enabled": false
    }
}
Use this configuration to completely disable quality gates for a specific repository, even if they’re enabled at the organization level.

Configuration Precedence

Quality gate settings follow a specific precedence hierarchy:
  1. Repository Configuration File (Highest Priority)
    • If .codeant/quality_gates_conditions.json exists in the repository, its settings take full precedence
    • A repository file with "enabled": false disables quality gates for that repository
    • All conditions defined in the file override any organization or repository database settings
  2. Repository Database Settings (Medium Priority)
    • Explicit repository-level settings in the database or S3
    • Used when no repository configuration file exists
  3. Organization Settings (Lowest Priority)
    • Organization-level default settings
    • Applied to repositories that have no repository-specific configuration
Example Scenarios:
  • Repo file exists with enabled: true → Uses conditions from repo file only
  • Repo file exists with enabled: false → Quality gates disabled, ignores all other settings
  • No repo file, repo DB has settings → Uses repo DB settings
  • No repo file, no repo DB settings → Inherits from organization settings

How It Works

  1. File Detection: CodeAnt AI automatically detects the quality_gates_conditions.json file in your .codeant/ directory
  2. Configuration Loading: When a commit or pull request is created, CodeAnt loads the quality gates configuration in precedence order
  3. Condition Evaluation: Each defined condition is evaluated against the code analysis results
  4. Gate Status:
    • Pass: All conditions meet their thresholds
    • Fail: One or more conditions don’t meet their thresholds
  5. Integration: Results are reported to your Git provider as status checks on commits and pull requests

Best Practices

  • Version Control: Store the configuration file in your repository so changes are tracked and reviewed
  • Team Consensus: Discuss and agree on quality thresholds with your team before implementing
  • Start Conservative: Begin with relaxed thresholds and gradually tighten as code quality improves
  • Security First: Prioritize security metrics over quality metrics
  • Document Exceptions: If disabling quality gates, document the reason in your team’s documentation
  • Regular Review: Periodically review and adjust thresholds as your codebase and team standards evolve
  • Test Changes: Test configuration changes in a feature branch before applying to main branches
Once configured, quality gates will automatically enforce your standards on every commit and pull request, ensuring consistent code quality across your team.