Use case

Scan a monorepo

Run one quality gate across many packages in a single repository

GateTest scans a whole monorepo in one pass — every package, multiple languages, shared and per-package config — without standing up a separate pipeline per project, and reports findings with their real file paths.

The problem

Monorepos concentrate many projects, often in several languages, behind one CI pipeline. A scanner that only understands a single language or a single package at the root either misses most of the tree or forces you to wire up N separate jobs.

What you want is one gate that walks the whole repository, understands each package's stack, and reports findings against their actual paths.

How GateTest does it

GateTest's analyzers are polyglot — JavaScript, TypeScript, Python, Go, Java, Ruby, PHP, plus infrastructure-as-code — so a single run covers a mixed monorepo.

The monorepo-constraints module additionally checks for cross-package boundary violations and dependency drift between workspaces, which are the bugs unique to the monorepo shape.

.github/workflows/gatetest.yml
# .github/workflows/gatetest.yml
name: GateTest
on:
  pull_request:
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: crclabs-hq/gatetest-action@v1
        with:
          suite: full
          # error-severity findings fail the job and block the merge
          fail-on: error

Steps

  1. 1Run GateTest from the repository root — it discovers packages and languages automatically.
  2. 2Findings are reported with their full path, so you can route them to the owning team.
  3. 3Use the prSize module to keep cross-package changes reviewable.

Frequently asked questions

Does GateTest need per-package configuration?

No. It discovers packages and languages from the repository structure and manifests, so a single run from the root covers the whole monorepo. Per-package overrides are supported but not required.

Can it catch cross-package problems?

Yes. Beyond scanning each package, the monorepo-constraints and import-cycle modules detect boundary violations and circular dependencies between workspaces — the failure modes specific to monorepos.

Put this gate on your repo

Free preview of findings. Pay per scan — no subscription. AI auto-fix PR on the Scan + Fix tier.

Related use cases