This project provides a lightweight, enterprise‑focused risk‑based quality gate for CI/CD pipelines.
Instead of relying solely on binary pass/fail test signals, it evaluates release risk by considering the context, severity, and concentration of quality issues.
In large‑scale and regulated systems—such as property insurance and healthcare platforms—not all test failures carry the same impact. This tool helps engineering teams assess where risk is concentrated and supports informed GO / CAUTION / STOP release decisions before deployment.
This project introduces a risk‑aware decision layer into CI/CD pipelines, enabling teams to move beyond static thresholds and toward contextual release evaluation.
By incorporating risk context into quality gating, the framework supports:
- More accurate release decisions in complex systems
- Reduced noise from low‑impact test failures
- Clear, explainable, and auditable quality outcomes
Traditional CI/CD pipelines treat all failures equally. In real‑world enterprise environments, failures in critical business flows or regulated areas can introduce significantly higher operational, financial, or compliance risk than failures in non‑critical paths.
This project applies risk‑aware decision logic to reflect how experienced engineering teams evaluate releases in practice—by weighing severity, domain impact, and risk concentration rather than raw failure counts.
The core contribution of this project is a risk‑based quality gate model that evaluates release readiness using weighted indicators instead of a single blocking rule.
Rather than treating quality signals independently, the gate computes an overall risk assessment based on factors such as:
- Test severity and business criticality
- Distribution of failures across functional areas
- Aggregated risk score thresholds
Release outcomes are derived from this evaluation, enabling policy‑driven decisions instead of rigid binary enforcement.
- Risk‑based evaluation over raw test counts
- Domain‑aware severity weighting
- CI/CD‑friendly command‑line execution
- Clear and actionable release decision signals
- Ingest test results during CI execution
- Map failures to severity and functional risk categories
- Compute an aggregated release risk score
- Generate a release decision:
- ✅ GO – acceptable risk
⚠️ CAUTION – review recommended- ❌ STOP – high release risk
This approach emphasizes transparency and explainability over opaque pass/fail outcomes.
Given the following input file:examples/high_risk_release.json Running the quality gate produces an explainable release decision: Release Risk Score: 125 Decision: STOP Reason: High aggregated risk score across critical areas Recommended Action: Block deployment pending investigation
This output is intentionally designed to make release risk explicit and auditable, supporting informed human decision‑making rather than automatic pass/fail enforcement.
Reference implementation.
Core risk scoring and explainable release decision logic are stable. The project is intentionally lightweight and focused on clarity, auditability, and decision support rather than CI/CD tooling integration.
Future enhancements will prioritize governance transparency over feature expansion.
##Tags: ci-cd quality-engineering software-reliability release-management risk-management
Run the CLI against a test results file:
Low or medium risk:
python src/cli.py examples/sample_test_results.json
High risk:
python run.py examples/high_risk_release.json