PR Gates

This product is not supported for your selected Datadog site. ().

Overview

PR Gates allow you to control software security and quality by configuring rules to block pull requests with substandard code from being merged. Preventing pull requests with substandard code from being merged can ensure that the code that is eventually deployed to production adheres to high organizational standards, reducing incidents and minimizing unwanted behaviors.

An SCA rule that triggers a failure if any library vulnerabilities with critical or high severity are detected in the repository.

PR Gates, similar to Datadog Monitors, consume data and findings output by compatible Datadog products and apply conditions to these findings to determine if a PR meets your organizational standards. To prevent unnecessary impact on your developers’ velocity, PR Gates only block on violations introduced by the code changes of the PR in question, not on findings that already existed in your repository before the PR and its branch were created. For example, if you configure PR Gates to block on Critical-severity code vulnerabilities, PR Gates fails and blocks the PR only if a developer introduces a new Critical code vulnerability as part of that PR.

You can configure PR Gates rules for the following categories. Please note that the compatible product must be running on your desired repositories before PR Gates can begin taking action on the relevant PRs:

Source typeCondition types
Static Code Analysis (SAST)- Code vulnerabilities
- Code quality violations
Software Composition Analysis- Library vulnerabilities
- Library license violations
Code Coverage- Total code coverage
- Patch code coverage
Infrastructure as Code Scanning- IaC vulnerabilities

After creating PR Gates rules, Datadog will automatically create checks on your pull requests using the GitHub integration or Azure DevOps Source Code integration. Set those checks as required in GitHub or Azure DevOps when you are ready to enforce them.

PR Gates are not supported in pull requests in public repositories, or on pull requests targeting a destination branch in a different repository from the source branch (that is, forked repositories trying to merge into the main repository).

Rule types

PR Gates offers the following rule types:

    You can create rules to block code changes from being merged when a pull request’s modified lines introduce at least one new code vulnerability or code quality violation of a certain severity.

    A PR Gate rule that fails when one or more new code quality violations of error-level severity are contained in the repository

    You can create rules to block code changes from being merged when a pull request’s modified lines introduce at least one new library vulnerability of a certain severity or at least one new library with a forbidden license.

    A PR Gate rule that fails when one or more critical or high severity library vulnerabilities are contained in the repository

    You can create rules to block code changes from being merged when a pull request’s modified lines cause the repository’s overall code coverage to fall below a certain percentage or if the patch coverage of those lines is below a certain threshold.

    A PR Gate rule that fails when one or more critical or high severity library vulnerabilities are contained in the repository

    You can create rules to block code changes from being merged when a pull request’s modified lines introduce at least one new infrastructure as code (IaC) vulnerability of a certain severity.

    A PR Gate rule that fails when one or more critical or high severity library vulnerabilities are contained in the repository

    To create a PR Gate rule, see the Setup documentation.

    Manage rules

    You can manage and update PR Gates rules on the PR Gates Rules page. Improve your security and quality practices based on your project requirements and risk tolerances.

    You can see all of the rules defined by the organization.

    List of PR Gate rules in Datadog

    Further Reading

    Additional helpful documentation, links, and articles:

    Check out the latest Software Delivery releases! (App login required)RELEASE NOTES more more Enhance code reliability with Datadog Quality GatesBLOG more more Use Datadog monitors as quality gates for GitHub Actions deploymentsBLOG more more Flaky tests: their hidden costs and how to address flaky behaviorBLOG more more Prevent cloud misconfigurations from reaching production with Datadog IaC SecurityBLOG more more