top of page

Quality Gates That Actually Gate

  • Contributor
  • Feb 27
  • 7 min read

The pillar essay on quality gates as engineering practice. Read the manifesto first.

The Problem

Most teams have quality gates. Most teams' quality gates do not gate.

A quality gate is a check that runs against a change — a pull request, a build, a deployment — and decides whether the change is allowed to proceed. The conceptual model is simple. The change presents itself. The gate evaluates. The change either passes or is held back. In practice, almost every team has gates that observe rather than gates that hold back.

The gate runs. It produces a result. The result is a warning, or a status, or a number, or a colored badge. The change proceeds anyway, because the gate is configured to inform rather than to enforce. Or because the gate is configured to enforce, but the team has a culture of overriding it. Or because the gate fires too often on benign changes and engineers have learned to scroll past its output. The gate is technically present and functionally absent. The check happens. The gating does not.

This is the most common quality-engineering failure pattern in modern software teams. The infrastructure for quality gates is everywhere. The discipline of letting them work is rare.

Why Gates Get Disabled

A gate that produces noise has a short life. The lifecycle is consistent across organizations.

Week one: The gate fires correctly on a real problem. The team appreciates the catch.

Week two through six: The gate fires on a mix of real problems and false positives. Engineers begin to evaluate each firing rather than trusting the gate. The cognitive cost of triaging accumulates.

Week seven: The gate fires on a false positive that blocks a hot fix the team needs to ship. The team bypasses the gate, gets the fix out, and discusses what to do.

Week eight through twelve: The gate's status is downgraded — sometimes formally to "warning," sometimes informally by adding a "required but bypassable with admin approval" exemption that anyone can request. The signal that the team has decided to live with imperfect gating is now in the org's institutional memory.

Month four: The gate is functionally a status indicator. It runs. It produces output. No one reads it. The next time it would have caught a real problem, no one notices.

This pattern repeats. The cost is not the cost of any individual gate's degradation. The cost is the team's accumulated belief that gates are theater, which then applies to every new gate the team adopts.

The escape from this pattern is twofold: build gates that produce low false-positive rates, and build organizational discipline for letting them block when they fire correctly.

The Technical Pattern: Gates That Work

What separates a gate that holds up from a gate that erodes:

Specificity. A gate that catches one specific class of problem reliably is better than a gate that vaguely measures "code quality." Specificity makes false positives easier to fix and true positives more credible. Examples of specific gates: "no new code allowed without test coverage for the new code's diff" (not "must have 80% overall coverage"); "no merge with a security scanner finding rated High or Critical" (not "must pass security scan"); "all database migrations must be reviewed by the data team" (not "must have appropriate reviewers"). Specific gates produce specific failures, which can be specifically fixed.

Calibration. The threshold of the gate has been tuned with the team's input. If the gate fires on the team's normal work, the gate is miscalibrated; the team will rightly resent it. If the gate never fires, it is also miscalibrated; it is not doing the job. The right calibration produces failures only on the changes that should fail. Reaching this calibration usually requires three months of iteration after the gate is first turned on. Teams that skip the iteration end up with gates the team works around.

Speed. A gate that adds five minutes to the build is doing one kind of work. A gate that adds forty-five minutes is doing a different kind of work — it is changing the flow of the engineer's day. Slow gates encourage engineers to skip them, push speculative changes, or develop locally without running them. Fast gates get run. The right gate runs in the same loop as the change, returns a result in seconds or minutes, and integrates into the engineer's workflow rather than interrupting it.

Explainability. When the gate fails, the engineer should be able to understand why in under thirty seconds. A failure message that says "policy violation" without specifying which policy, in which file, with what fix, is a gate that will be ignored. A failure message that says "this function exceeds the cyclomatic complexity threshold of 15; consider extracting the helper function in lines 42–67" is a gate that will be respected. The cost of building good explanations is repaid every time the gate fires.

Visibility of intent. The team should know why each gate exists. Gates whose purpose has been lost — "I don't know, it's been there forever, no one wants to remove it in case it does something" — accumulate as the team grows and are the source of most of the noise. A periodic audit of gates with the question "what would happen if we removed this" is healthy practice. The gates that nobody can defend should be removed.

The Organizational Pattern: Letting Them Block

The technical patterns are necessary and insufficient. The harder work is organizational.

A gate that blocks correctly will, at some point, fire on a change that someone with authority wants to ship. The PM is waiting. The customer is escalating. The deadline is tight. The gate has caught a real problem. What does the organization do?

The teams whose gates remain functional do one specific thing: they fix the problem, ship the fix, and ship the change through the gate. The teams whose gates erode do the other thing: they bypass the gate, ship the change, and queue the fix for later. "Later" is rarely a real time. The gate is now optional in practice. The next time it fires, the same calculus applies.

The leadership move that protects gates is the one that protects most things in shift quality: refusing to bypass once, visibly. The leader who has the authority to override the gate, and chooses not to, sends a signal that the gates are real. The leader who overrides once teaches the organization the opposite, and the lesson sticks for years.

The argument against this position is always "we have to ship this thing now." The response is that the alternative — eroding the gate — costs more over the long arc than missing the ship date costs in the moment. The math is rarely calculated, because the cost of eroding the gate is invisible (it is the future incident that does not happen because the gate caught it, except now the gate did not catch it). The discipline is in trusting the math anyway.

The Gates Worth Building First

Not all gates are equally valuable. If a team is starting from zero, the order matters.

First: deployment gates that block on test failure. If your tests pass and you can still deploy broken code, your tests are not gating anything. This is the most basic gate and the most commonly missing one. Required CI before merge, required CI before deploy. Configured at the infrastructure layer, not in policy.

Second: branch protection that prevents direct commits to main. Code changes go through pull requests. Pull requests have required reviews. Required reviews are not waived without an audit trail. This is configurable in five minutes on GitHub or GitLab. The teams that have not done it have not done it because no one has insisted.

Third: security scanning that blocks on high-severity findings. SAST, dependency scanning, secret detection. The bar should be "no new High or Critical findings in the changed code." Not "the whole codebase must be clean," which is unachievable at the start. The bar is on new problems being introduced.

Fourth: schema and migration review. Database changes are different from code changes. They go to a specific reviewer who has context on the data layer. The gate is procedural — the right reviewer must approve — not technical.

Fifth: observability requirements for new endpoints. Every new endpoint ships with at least one metric, one log, and one trace. The gate is enforced at code review by the reviewer's checklist. The first team to adopt this gate at scale was running a small SaaS that survived three years of growth without an outage that took more than an hour to diagnose. The pattern is replicable.

Sixth: load and performance budgets. For systems where performance matters, the change must demonstrate that it does not exceed a defined budget on the team's representative benchmarks. This gate is more expensive to build than the previous ones. It is worth it for systems where performance regressions compound.

The list is not exhaustive. The order is approximately right. A team that has the first four is in the top quartile of the industry. A team that has all six is unusually disciplined.

The Discipline Underneath

The technical work of building good gates is straightforward. The libraries exist. The platform support exists. The patterns are documented. None of it is the hard part.

The hard part is the organizational discipline of letting the gates work. A gate is only as strong as the leader's willingness to be held by it. The team learns very quickly which gates are real and which are theater, and they calibrate their behavior accordingly. A team in an organization with real gates produces a different category of work than a team in an organization with theatrical gates. The difference is not visible in any single change. It is visible in the bug rate, the incident rate, and the engineer retention rate, over months and years.

That is the shift in shift quality, applied to gates: the gates exist before the code is written, in the conditions under which the code can be merged and deployed, instead of in the inspection that happens after the code is already in the customer's hands. The earlier the gating, the cheaper the catch. The cheaper the catch, the more often the team is willing to keep the gate. Once the team is willing to keep the gate, the gate starts compounding value.

Build the gates. Then defend them.

Related reading

Keep learning. This article is part of the Quality Management Fundamentals path in the ShiftQuality Learning Center. Build a quality strategy your whole team can actually apply.

bottom of page