Link Search Menu Expand Document
Consortium of European Social Science Data Archives

Quality Gate

The following criteria define the CESSDA quality gate.

  • Code Test Coverage is at least 80.0%
  • Duplicated Code Lines is less than 3.0%
  • Maintainability Rating is A
  • Reliability Rating is A
  • Security Rating is A

Ratings

Maintainability

If the estimated time required to fix security and reliability issues is:

  • <=5% of the time that has already gone into the application, the rating is A
  • between 6 to 10% the rating is a B
  • between 11 to 20% the rating is a C
  • between 21 to 50% the rating is a D
  • anything over 50% is an E

Reliability

How buggy is the code?

  • A = 0 Bugs
  • B = at least 1 Minor Bug
  • C = at least 1 Major Bug
  • D = at least 1 Critical Bug
  • E = at least 1 Blocker Bug

Security

How secure is the code?

  • A = 0 Vulnerabilities
  • B = at least 1 Minor Vulnerability
  • C = at least 1 Major Vulnerability
  • D = at least 1 Critical Vulnerability
  • E = at least 1 Blocker Vulnerability

Implementation

CESSDA currently uses SonarQube to automatically calculate these values and ratings. See SonarQube metric definitions for further details.

Checks are performed on each pipeline build. Passing the quality gate is a requirement for any release.