What coverage threshold should we start with?

Pick a floor you can pass today (even 0 in a legacy repo), then ratchet +5% every sprint until you hit your target (80% is typical for business logic; lower is fine for glue code). Always fail on decreased diff coverage so you don’t backslide.

Aren’t quality gates going to slow delivery?

You’ll add 5–10 minutes of CI time, yes. But teams consistently report fewer hotfixes and lower MTTR, which reduces overall lead time. The goal is predictable, safe delivery, not raw PR merge speed.

Do we need SonarQube to have a quality gate?

No. Start with platform-native checks (lint/format/type, tests/coverage, CodeQL, Dependabot/GitLab SCA) and branch protection. Add SonarCloud/SonarQube later if you need deeper rules—keep rules lean to avoid noise.

How do we handle AI-generated (vibe) code safely?

Treat AI like a junior dev on turbo: require tests in the same PR, run the same gates, and add a PR template checkbox for risk/test plans. We’ve rescued teams buried by AI “vibe coding” by enforcing these gates and doing targeted refactors where the bot overfit copy/paste.

We have a monorepo. Does this still apply?

Yes. Scope checks by path (e.g., only run Go jobs when `go/` changes) and use a single `make check` per package. Keep jobs parallel and cache dependencies. The rules are the same; orchestration just matters more.

Platform-productivity · Nov 18, 2025 · 8 minute read

The Quality Gate That Paid For Itself In One Sprint: Paved-Road Defaults That Stop Tech Debt At The PR

If your CI doesn’t block low-signal code from merging, you’re paying compounding interest on technical debt. Here’s the minimal, boring set of automated gates that actually work—and the ones I’ve watched blow up teams.

Back to all posts

The Quality Gate That Paid For Itself In One Sprint: Paved-Road Defaults That Stop Tech Debt At The PR

Key takeaways

Implementation checklist