Load when setting up a quality gate sequence, defining done criteria for a feature or bug fix, running the full verification pipeline (compile → unit test → integration test → coverage check → security scan), diagnosing which gate is failing and why, or when the user says "verify this", "is this ready to merge", "run the full check", or "what's the definition of done here".
A verification loop is a repeatable, ordered sequence of quality gates. The rule is simple: never advance past a red gate. If a gate fails, fix it before running the next one.
compile → unit tests → integration tests → coverage → security scan → contract tests
Each gate depends on the previous. Skipping gates hides bugs. Running them in parallel masks root causes.
# Maven
./mvnw compile -q
# Gradle
./gradlew compileJava
Pass criteria: Zero compilation errors.
On failure: Fix before anything else. A red compile gate means nothing else will tell you the truth.
# Maven
./mvnw test -q
# Gradle
./gradlew test
Pass criteria: All tests green. No skipped tests (@Disabled, @Ignore) unless explicitly justified with a ticket reference.
On failure: Read the stack trace. Common causes:
NullPointerException → missing mock setup (when(mock.method()).thenReturn(...))BeanCreationException → test slice missing required bean (@MockBean for dependencies)AssertionError → actual behavior changed; either the code or the test is wrong# Maven — includes @SpringBootTest, @DataJpaTest, Testcontainers
./mvnw verify -DskipUnitTests=true -q
# Or run all together
./mvnw verify -q
Pass criteria: All integration tests green. Testcontainers started and stopped cleanly.
On failure: Check for:
DataAccessException → DB schema mismatch — run migrations before testsApplicationContext fails to load → missing @MockBean, misconfigured @TestConfiguration# Maven + JaCoCo
./mvnw verify jacoco:check -q
# View HTML report
open target/site/jacoco/index.html
Minimum coverage configuration:
<!-- pom.xml -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution>
<id>check</id>
<goals><goal>check</goal></goals>
<configuration>
<rules>
<rule>
<element>BUNDLE</element>
<limits>
<limit>
<counter>LINE</counter>
<value>COVEREDRATIO</value>
<minimum>0.80</minimum>
</limit>
</limits>
</rule>
</rules>
</configuration>
</execution>
</executions>
</plugin>
Pass criteria: ≥ 80% line coverage. Focus on business logic coverage, not generated code (DTOs, config classes).
Exclude generated code from coverage:
<configuration>
<excludes>
<exclude>**/dto/**</exclude>
<exclude>**/*Config.class</exclude>
<exclude>**/Application.class</exclude>
</excludes>
</configuration>
./mvnw org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=7 -q
Pass criteria: No CVEs with CVSS score ≥ 7 (configurable).
On failure: Identify the vulnerable dependency and its transitive path. Fix by upgrading:
<!-- Force upgrade of a transitive dependency -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.2</version>
</dependency>
</dependencies>
</dependencyManagement>
# Spring Cloud Contract — verify consumer contracts
./mvnw spring-cloud-contract:test -q
When required: Any service that is consumed by another service (API producer). Skip if the service has no consumers.
# .github/workflows/ci.yml