How it works

After signing up for QualityGate, the user can install an Agent on its local machines with access to the version control system where the source code is available for analysis. Through the Admin UI the user can set up projects and branches to analyze (Projects and branches).

These agents send so-called heartbeat messages to the QualityGate server every few seconds. As a response to these messages, QualityGate sends back requests to run the analysis for the projects configured. The agents check out the source code from the version control repository, run the analysis on the next version that has not been analyzed yet and upload the result to QualityGate. Source code is analyzed onsite, without ever getting out of the user’s infrastructure. Only the final results of the analysis are uploaded to QualityGate for having them evaluated against benchmarks by using sophisticated quality models.

The following information is uploaded to QualityGate servers:

  • VCS metadata including the commit messages, commit timestamps, author names, hash, the mapping between the branches and versions.
    No access keys or passwords for accessing the source code are uploaded.
  • Internal IP address of the machine running the analysis.
    This IP address should not even exist outside of the user’s organization. QualityGate uses this information when the user attempts to view the source code through the Dashboard. In this case, the browser obtains the source code directly from the machine running the analysis.
  • Unique names of source code elements and their line information (file name, line, end line, column, end column). This includes names of packages, classes, methods, attributes.

  • Metric values for source code elements.

  • The location of coding issues found (file name, line, end line, column, end column).

  • The location of code duplications.

Neither source code nor code fragments are uploaded in any form to QualityGate.


The agent starts the analysis from the first version in the branch by default. Depending on the number of versions and the size of the project, a considerable amount of time can be required for the agent to catch up with the most recent versions.

The versions of the branch that have been analyzed and uploaded successfully to QualityGate can be browsed and evaluated through the Dashboard.

Although the analysis might have been done already it would still take some time for the results to reach the database after which they could be queried through the Dashboard.


Dashboard running in your browser gets the source directly from the Agent and not from QualityGate itself. In this way, the source code never gets out of your infrastructure.

Back: QualityGate’s components Next: Subscriptions and Billing