PR Gates - new product flow [DOCS-10684] #30713
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Smol change for testing, open PR
joepeeples
added
WORK IN PROGRESS
ℹ️ Documentation Team ReviewNo documentation team review is required for this pull request. |
joepeeples
changed the title
Preview links (active after the
|
1 task
no Explorer view currently
Search not currently available, and no longer enough content to justify having a separate Manage page. Also adds redirect alias for the removed page.
joepeeples
added a commit
that referenced
this pull request
Jul 31, 2025
The "Executions" page in the app no longer exists, so links to it will 404. For now I'm just changing to the main PR Gates app page to avoid breaks, and we'll remove the full Explorer content & links in #30713
…es-new-product-flow
forgot to save
…es-new-product-flow
…es-new-product-flow
…es-new-product-flow
Audit Trail does not seem supported yet for PR Gates
joepeeples
added
editorial review
|
Opened DOCS-11772 for editorial review. |
…es-new-product-flow
drichards-87
approved these changes
Aug 12, 2025
| | [**Static Code Analysis**][11] | <li> Code vulnerability violations <li> Code quality violations | | ||
| | [**Software Composition Analysis**][12] | <li> Library vulnerability violations <li> Detected license violations | | ||
| | [**Code Coverage**][15] | <li> Total code coverage threshold <li> Patch code coverage threshold | | ||
| | [**Infrastructure as Code Scanning**][16] | <li> IaC vulnerability severity | |
There was a problem hiding this comment.
Just noting that we recently changed the name to Infrastructure as Code Security. But it looks like the UI still refers to it as Infrastructure as Code Scanning. Could we pass this feedback along to the PR Gates PM?
| [11]: https://learn.microsoft.com/en-us/azure/devops/repos/git/pull-request-status?view=azure-devops | ||
| [12]: https://app.datadoghq.com/integrations/github | ||
| [13]: https://app.datadoghq.com/integrations/azure-devops-source-code | ||
| [14]: https://docs.datadoghq.com/integrations/github/ |
There was a problem hiding this comment.
Suggested change
| [14]: https://docs.datadoghq.com/integrations/github/ | |
| [14]: /integrations/github/ |
markazerdd
reviewed
Aug 15, 2025
| : <br> - Vulnerabilities <br> - Detected licenses | ||
| | Source type | Condition types | | ||
| | --- | ----------- | | ||
| | [**Static Code Analysis**][11] | <li> Code vulnerability violations <li> Code quality violations | |
There was a problem hiding this comment.
Suggested change
| | [**Static Code Analysis**][11] | <li> Code vulnerability violations <li> Code quality violations | | |
| | [**Static Code Analysis**][11] | <li> Code vulnerabilities <li> Code quality violations | |
| | Source type | Condition types | | ||
| | --- | ----------- | | ||
| | [**Static Code Analysis**][11] | <li> Code vulnerability violations <li> Code quality violations | | ||
| | [**Software Composition Analysis**][12] | <li> Library vulnerability violations <li> Detected license violations | |
There was a problem hiding this comment.
Suggested change
| | [**Software Composition Analysis**][12] | <li> Library vulnerability violations <li> Detected license violations | | |
| | [**Software Composition Analysis**][12] | <li> Library vulnerabilities <li> Library license violations | |
| | --- | ----------- | | ||
| | [**Static Code Analysis**][11] | <li> Code vulnerability violations <li> Code quality violations | | ||
| | [**Software Composition Analysis**][12] | <li> Library vulnerability violations <li> Detected license violations | | ||
| | [**Code Coverage**][15] | <li> Total code coverage threshold <li> Patch code coverage threshold | |
There was a problem hiding this comment.
Suggested change
| | [**Code Coverage**][15] | <li> Total code coverage threshold <li> Patch code coverage threshold | | |
| | [**Code Coverage**][15] | <li> Total code coverage <li> Patch code coverage | |
| | [**Static Code Analysis**][11] | <li> Code vulnerability violations <li> Code quality violations | | ||
| | [**Software Composition Analysis**][12] | <li> Library vulnerability violations <li> Detected license violations | | ||
| | [**Code Coverage**][15] | <li> Total code coverage threshold <li> Patch code coverage threshold | | ||
| | [**Infrastructure as Code Scanning**][16] | <li> IaC vulnerability severity | |
There was a problem hiding this comment.
Suggested change
| | [**Infrastructure as Code Scanning**][16] | <li> IaC vulnerability severity | | |
| | [**Infrastructure as Code Scanning**][16] | <li> IaC vulnerabilities | |
|
|
||
| {{% /tab %}} | ||
| {{% tab "Static Analysis" %}} | ||
| {{% tab "Static Code Analysis" %}} |
There was a problem hiding this comment.
Suggested change
| {{% tab "Static Code Analysis" %}} | |
| {{% tab "Static Code Analysis (SAST)" %}} |
|
|
||
| {{< img src="pr_gates/setup/static_analysis_2.png" alt="A PR Gate rule that fails when one or more new code quality violations of error-level severity are contained in the repository" style="width:80%" >}} | ||
| {{< img src="pr_gates/setup/static_analysis_3.png" alt="A PR Gate rule that fails when one or more new code quality violations of error-level severity are contained in the repository" style="width:80%" >}} | ||
|
|
||
| {{% /tab %}} | ||
| {{% tab "Software Composition Analysis" %}} |
There was a problem hiding this comment.
Suggested change
| {{% tab "Software Composition Analysis" %}} | |
| {{% tab "Software Composition Analysis (SCA)" %}} |
|
|
||
| {{% /tab %}} | ||
| {{% tab "Software Composition Analysis" %}} | ||
|
|
||
| You can create rules to block code from being merged when your repository has a certain number of library vulnerabilities or forbidden licenses. | ||
| You can create rules to block code from being merged when a pull request introduces at least one library vulnerability or forbidden license of a certain severity. |
There was a problem hiding this comment.
Suggested change
| You can create rules to block code from being merged when a pull request introduces at least one library vulnerability or forbidden license of a certain severity. | |
| You can create rules to block code from being merged when a pull request introduces at least one library vulnerability of a certain severity or at least one library with a forbidden license. |
|
|
||
| You can evaluate and update quality control processes by accessing PR Gates rules on the [**PR Gates Rules** page][6]. Improve your deployment practices based on your project requirements and desired performance outcomes. | ||
| {{% tab "Code Coverage" %}} | ||
| You can create rules to block code from being merged when a pull request causes the repository's overall code coverage to fall below a certain percentage. |
There was a problem hiding this comment.
Suggested change
| You can create rules to block code from being merged when a pull request causes the repository's overall code coverage to fall below a certain percentage. | |
| You can create rules to block code from being merged when a pull request causes the repository's overall code coverage to fall below a certain percentage or if the patch coverage is below a certain threshold. |
|
|
||
| You can view information about who created, modified, and deleted PR Gates rules in [Audit Trail][3]. | ||
| You can evaluate and update quality control processes by accessing PR Gates rules on the [**PR Gates Rules**][6] page. Improve your deployment practices based on your project requirements and desired performance outcomes. |
There was a problem hiding this comment.
Suggested change
| You can evaluate and update quality control processes by accessing PR Gates rules on the [**PR Gates Rules**][6] page. Improve your deployment practices based on your project requirements and desired performance outcomes. | |
| You can managed and update PR Gates rules on the [**PR Gates Rules**][6] page. Improve your security and quality practices based on your project requirements and risk tolerances. |
|
|
||
| {{< img src="pr_gates/audit_event.png" alt="A PR Gates event in Datadog Audit Trail" style="width:100%" >}} | ||
| This view is useful for developers who want to keep an eye on the PR gates for their build pipelines. You can see all of the rules defined by the organization. |
There was a problem hiding this comment.
Suggested change
| This view is useful for developers who want to keep an eye on the PR gates for their build pipelines. You can see all of the rules defined by the organization. | |
| You can see all of the rules defined by the organization. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do? What is the motivation?
Revises documentation for new PR Gates product.
Important
This PR builds on and targets the product renaming branch in #29089. When we're ready to merge, we need to merge the renaming PR first, then rebase this PR to
main. This shouldn't affect any content being reviewed in the current PR.Tip
For reviewers: Because of extensive revisions to multiple sections, the diff tab in GitHub looks pretty choppy and isn't great for reviewing. It's probably easier to review the preview as a whole, focusing on the main landing page and Setup page.
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
Additional notes