What is a quality gate?
A quality gate is a milestone in an IT project that requires that predefined criteria be met before the project can proceed to the next phase. Designed to provide benchmarks for quality standards, these gates are commonly used throughout application or software development projects. Typically, quality gates are located before phases that are highly dependent on the outcome of a previous phase, particularly where potential trouble spots need to be addressed and resolved.
The concept of a quality gate combines aspects of project management, decision modeling and workflow management to increase measurability and promote superior conditions. Quality gates can be applied at many levels throughout an organization such as system, project and release. Additionally, they can be used as part of the overall product development or quality assurance methodologies.
How does a quality gate work?
Quality gates help ensure that a project is well thought out technically and can be supported after deployment. Quality gates are composed of predefined conditions based on aspects of the project that can be measured. Examples of conditions could be the amount of vulnerabilities present in a project, whether outputs are on target or compile time. These milestones minimize project risk through phase-by-phase checklists and by enabling project managers to communicate the process continuously, reducing development cycle time by achieving higher success rates and increasing focus on a well-designed product.
When a quality gate is reached, the project results are checked against the predefined criteria and status information is returned. The three potential quality gate statuses are the following:
- Pass-Quality. Gate metrics are met and production can continue.
- Warn-Quality. Gate metrics may not be met, or just barely, and should be verified before production continues.
- Fail-Quality. Gate metrics are not met, and issues need to be resolved before production can continue.
Often, software projects fail to meet time, budget and other requirements, but monitoring the quality of project results by presetting benchmarks and steering a project at key points can help resolve these issues.
How to implement quality gates
Quality gates are customizable, and their format varies by level of implementation. Some applications, such as with internal frameworks, may need stronger requirements than others. Organizations can apply checklists of deliverables throughout a project's lifecycle. Proceeding to each gate requires the successful completion of items on the list. Formal sign-off and acceptance are mandatory at each gate. The IT project manager and a senior executive or sponsor involved with the project should review the checklists. They should then communicate the quality assessment and integrity of the product and information to the correct stakeholders.
How do quality gates impact security?
Although quality gates are traditionally employed to ensure that code meets specific requirements, they can also be used to check for security issues within the code. Project managers or admins can configure gates to stop or fail a build if the code does not meet security standards or metrics. This allows security to be built into the product, rather than as an add-on or afterthought. The sooner security can be implemented into the software development lifecycle, the more time developers can save.