Digital Product Release policies

  • Release version: Yokohama
  • Updated July 22, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Digital Product Release policies

    The Digital Product Release (DPR) policies in the Policy as Code Engine (PaCE) Content Pack automate verification and continuous evaluation of software artifacts throughout product and service release lifecycles. These policies help ServiceNow customers ensure configuration data compliance, validate release readiness, and maintain quality standards by enforcing phase gate checks and lifecycle governance.

    Show full answer Show less

    While the base system policies cannot be modified, customers can create copies and customize them to suit their specific release processes. Most policies apply to both product and service releases, but several are not applicable to service releases.

    Key policies and their purposes

    • All Completed Stories Have Associated Commits: Ensures every completed story in a release is linked to code commits to maintain traceability.
    • All Planned Stories Are Completed: Verifies that 100% of planned stories for a release are completed, including those linked to plan versions, epics, features, or enhancements.
    • Code Coverage Exceeds Threshold: Validates that average code coverage across all artifacts meets or exceeds a defined minimum percentage, excluding artifacts without coverage data.
    • Test Pass Threshold Policies: Enforce minimum pass rates for various test types—Integration, Load, Regression, Smoke, System, and User Acceptance Tests—to ensure quality and stability. Each requires a configurable minimum pass percentage, defaulting to 100%.
    • No Critical Vulnerabilities Found: Checks that no blocker, critical, high, or major security vulnerabilities exist in the release.
    • Validate Change Requests: Confirms that all change requests across specified phases are in approved or expected states, helping maintain change control compliance.

    Policies not applicable to service releases

    The following policies are specific to product releases and are excluded from service releases:

    • All Completed Stories Have Associated Commits
    • Code Coverage Exceeds Threshold
    • Integration Test Pass Exceeds Threshold
    • Load Test Pass Exceeds Threshold
    • No Critical Vulnerabilities Found
    • Regression Test Pass Exceeds Threshold
    • Smoke Test Pass Exceeds Threshold
    • System Test Pass Exceeds Threshold
    • User Acceptance Test Pass Exceeds Threshold

    Practical benefits for ServiceNow customers

    • Automate compliance verification and quality gates during release management.
    • Customize policies to align with specific release workflows and quality criteria.
    • Gain confidence that all planned work is completed and properly linked to code changes.
    • Ensure testing thresholds are met to reduce defects in production.
    • Maintain security by preventing releases with critical vulnerabilities.
    • Enforce change management controls by validating change request states.

    The Digital Product Release Policy Content Pack contains a set of policies to automate phase gate verification and continuous evaluation of software artifacts.

    You can use or customize these default DPR policies to validate that your configuration data content is conformable, or administrate the full life cycle of PaCE policies. For more information, see Policy as Code Engine (PaCE).
    Note:
    You can’t modify the base system policies. However, you can create a copy of the policy and customize it.

    These policies are for both product and service releases. However, a few don't apply to service releases. For more information about those policies, see Policies not applicable to service releases.

    All Completed Stories Have Associated Commits (all_completed_stories_have_associated_commits)

    This policy checks whether all the completed stories of a release have associated commits.

    The policy results into a non-compliant status when a completed story of a release has no associated commits.

    All Planned Stories Are Completed (all_planned_stories_are_completed)

    This policy checks whether all the planned stories of a release are completed. This policy also checks if the product version is associated with plan version. If it’s associated with plan version, it checks all stories associated with plan version in addition to the stories associated with epics in features or enhancements.

    The policy results into a non-compliant status when the completion percentage of stories planned for a release isn’t 100%. The completion percentage of planned stories is calculated as (Total completed stories/Total planned stories) * 100.

    Code Coverage Exceeds Threshold (code_coverage_threshold)

    This policy checks whether the percentage of code coverage exceeds the threshold value.

    The policy results into a non-compliant status when the percentage of code coverage is less than the specified threshold value. The percentage of code coverage for a release is the average code coverage calculated for all artifact versions included in the release.
    Note:
    The artifact versions with no code coverage data are excluded from the average code coverage calculation.
    Input arguments
    minCodeCoverageThreshold
    • The minimum accepted value for the code coverage for a release.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Integration Test Pass Exceeds Threshold (integration_test_pass_threshold)

    This policy checks whether the percentage of passed integration tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed integration tests is less than the specified threshold value. The passed integration tests percentage is calculated as (Total passed integration tests for all artifact versions/Total integration tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed integration tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Load Test Pass Exceeds Threshold (load_test_pass_threshold)

    This policy checks whether the percentage of passed load tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed load tests is less than the specified threshold value. The passed load tests percentage is calculated as (Total passed load tests for all artifact versions/Total load tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed load tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    No Critical Vulnerabilities Found (no_critical_vulnerabilities)

    This policy checks whether there are no critical vulnerabilities found in a release.

    The policy results into a non-compliant status when the total number of vulnerabilities categorized as blocker, critical, high, or major is greater than zero.

    Regression Test Pass Exceeds Threshold (regression_test_pass_threshold)

    This policy checks whether the percentage of passed regression tests isn’t less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed regression tests is less than the specified threshold value. The passed regression tests percentage is calculated as (Total passed regression tests for all artifact versions/Total regression tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed regression tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Smoke Test Pass Exceeds Threshold (smoke_test_pass_threshold)

    This policy checks whether the percentage of passed smoke tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed smoke tests is less than the specified threshold value. The passed smoke tests percentage is calculated as (Total passed smoke tests for all artifact versions/Total smoke tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed smoke tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    System Test Pass Exceeds Threshold (system_test_pass_threshold)

    This policy checks whether the percentage of passed system tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed system tests is less than the specified threshold value. The passed system tests percentage is calculated as (Total passed system tests for all artifact versions/Total system tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed system tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    User Acceptance Test Pass Exceeds Threshold (user_acceptance_test_pass_threshold)

    This policy checks whether the percentage of passed user acceptance tests is not lower than the threshold value.

    The policy results into a non-compliant status when the percentage of passed user acceptance tests is less than the specified threshold value. The passed user acceptance tests percentage is calculated as (Total passed user acceptance tests for all artifact versions/Total user acceptance tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed user acceptance tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Validate change requests (validate_change_requests)

    This policy checks whether all change requests are in the given states, across all phases or a single phase of a release.

    The policy results into a non-compliant status when at least one change request is not in any of the given states.

    Input arguments
    Validate all phases: Determines whether to check the state of change requests in all phases or in a single phase of a release.
    • Default value: False
    • Type: Boolean
    • Usage: Mandatory
    States to validate: An array of states of change requests to validate. It accepts comma-separated numeric values corresponding to the states.
    • Default value: Empty
    • Type: Data Array
    • Usage: Mandatory

    Policies not applicable to service releases

    The following policies don't apply to service releases.
    • all_completed_stories_have_associated_commits
    • integration_test_pass_threshold
    • regression_test_pass_threshold
    • system_test_pass_threshold
    • code_coverage_threshold
    • no_critical_vulnerabilities
    • load_test_pass_threshold
    • smoke_test_pass_threshold
    • user_acceptance_test_pass_threshold