# Quality Gate

## Pre requirement

You have to setup the integration with your version control ([guide](/appsec-portal/general-portal-settings/version-control-integration.md))

## How to put comments on merge requests

1. Navigate to Settings->Integrations->Version Control-> \<your version control system>
2. Scroll to the bottom

<figure><img src="/files/0MUBMbm6QlYK67cE2VRR" alt="" width="375"><figcaption></figcaption></figure>

There are some usefull settings here. Take a deep look, if you want this quality gate to be applied to products with specific business criticality/verified or just critical vulnerabilities

<figure><img src="/files/9Ix3qAcwlwrnKFvj2EuG" alt="" width="375"><figcaption></figcaption></figure>

General filters example:

<figure><img src="/files/R02QvlvILfDf70khKFWn" alt="" width="375"><figcaption></figcaption></figure>

This is a **general** filter, which means that there's a functionality to setup an own filter for each action as well.

We don't recommend beginners to setup additional filters, because there might be some misunderstanding about "absent" comments.

<figure><img src="/files/OyDBiUW5tNF7ZJbgVGeT" alt="" width="375"><figcaption></figcaption></figure>

Summary comment example:

<figure><img src="/files/wbIWhHdVPGyF17xz9Bj5" alt="" width="375"><figcaption></figcaption></figure>

## How to block merge requests

Another question, that we usually get is "how to kill the pipeline if there are verified vulnerabilities?"

There's no need to kill something. You are free to just close merge request with additional comment to let developers know, that they won't merge their changes until they fix vulnerabilities.

> It's better to set up comments first, then test auto closer with resolve action for your scanners and block merge requests only after that

<figure><img src="/files/lqmZ6ibPI8zpwMbaWXc2" alt="" width="375"><figcaption></figcaption></figure>

## I need a job in CI/CD for devops team

We have seen some clients with this feature request, so maybe you want it too :smile:

If your DevOps team wants CI semaphore - you can enable it&#x20;

<figure><img src="/files/arvtEdk5SCS42aPGSE9T" alt="" width="188"><figcaption></figcaption></figure>

<figure><img src="/files/8Qha1eRJDboy9rjz0hU6" alt="" width="375"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.whitespots.io/appsec-portal/features/quality-gate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.