Quality Framework

5 Pillars of
Quality

Comprehensive scoring across every dimension that matters for AI-driven development. Each pillar contributes to your overall component score (0-10) with configurable weights and thresholds.

Algorithm

How scoring works

Weighted Average Calculation

Your component's overall score is calculated using a weighted average of all enabled policy categories. Each category can be customized with different weights based on your team's priorities.

// Example calculation
Hygiene: 8.4 × 20% = 1.68
Quality: 8.2 × 25% = 2.05
Trust: 8.5 × 15% = 1.28
Security: 9.1 × 25% = 2.28
Velocity: 9.0 × 15% = 1.35
Total Score: 8.64/10

Release Gate Integration

Automatic Release
Score ≥ 8.0
!
Manual Review Required
Score 6.0 - 7.9
×
Release Blocked
Score < 6.0
Analysis

Two paths to insights

Metric Analysis

Triggered by GitHub webhooks — Dependabot alerts, secret scanning, and code scanning results are processed directly into metrics with no AI agent needed.

  • Real-time, event-driven updates
  • Dependabot vulnerability alerts
  • Secret scanning notifications
  • Code scanning (SAST) results

Counts toward analysis run quota only

AI Analysis

AI agents analyze repositories, pull requests, and code patterns for deeper insights that go beyond what webhooks can capture.

  • Hygiene: README quality, branch protection, code reviews
  • Trust: AI detection, attribution, PR completeness
  • Deeper insights powered by LLM analysis
  • Triggered on push and PR events

Counts toward both AI analysis and total run quotas

Pillars

Category breakdown

Hygiene

Code review quality, branch protection rules, repository documentation, and active maintenance tracking.

  • Code review requirements
  • Branch protection rules
  • Repository documentation
  • Active maintenance

Score Breakdown

Code Reviews
8.5
Branch Protection
8.2
Documentation
8.7
Maintenance
8.3
Overall8.4

Quality

Test coverage analysis, code complexity measurement, and duplication detection for maintainable codebases.

  • Test coverage requirements
  • Code complexity limits
  • Code duplication detection
  • Coverage trend analysis

Score Breakdown

Test Coverage
8.5
Code Complexity
7.8
Code Duplication
8.3
Coverage Trend
8
Overall8.2

Trust

AI contribution detection, human review verification, governance compliance, and PR completeness tracking.

  • AI contribution detection
  • Human review verification
  • Governance compliance
  • PR completeness tracking

Score Breakdown

AI Detection
8.5
Human Oversight
8.2
Governance
9
PR Completeness
8.7
Overall8.5

Security

Vulnerability management, secret detection, static analysis scanning, and license compliance verification.

  • Vulnerability management
  • Secret detection
  • SAST code scanning
  • License compliance

Score Breakdown

Vulnerabilities
9.2
Secret Detection
8.8
SAST Scanning
9.5
License Compliance
9
Overall9.1

Velocity

Deployment frequency, lead time for changes, change failure rate, and mean time to recovery.

  • Deployment frequency
  • Lead time for changes
  • Change failure rate
  • Mean time to recovery

Score Breakdown

Deployment Frequency
9.2
Lead Time
8.8
Change Failure Rate
9
Recovery Time
9
Overall9.0

Ready to score your components?

See how your codebase measures up across all 5 pillars of quality.

Start Free TrialLearn More About Cheer