Domain 6 of 6 · Chapter 5 of 6

Quality Control

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing Professional Cloud Architect premium course — no separate purchase.

Included in this chapter:

  • The quality gate: the one model for this page
  • The supply-chain gate: test, scan, review, attest
  • The reliability gate and the data quality gate
  • Exam-pattern recognition: gate vs metric, report vs enforce

The three gate families plus the improvement scoreboard

DimensionReliability gateSupply-chain gateData quality gateImprovement metrics
What it checksIs the live service meeting its SLO?Is the artifact tested, scanned, reviewed, attested?Does the dataset meet its quality rules?Is the delivery system getting better?
Where it runsProduction, against the SLOPull request, build, and deploy admissionData pipeline, before publishAcross the org, over time
GCP mechanismError-budget policy on a Cloud Monitoring SLORequired tests, Artifact Analysis scanning, Binary AuthorizationDataplex auto data qualityDORA four keys
Blocks a change?Yes, freezes launches when exhaustedYes, when wired as required and as a deploy policyYes, fail the pipeline on rule violationNo, it is a trend, not a gate
Failure consequenceStop risky launches, do reliability workBuild or deploy failsBad data is quarantined or pipeline haltsInvestigate and invest where the metric lags

Decision tree

Block a change,or measure the system?block: a gatemeasure: a metricGate on what?service, artifact, or dataDORA four keysthroughput + stabilityserviceartifactdataError-budgetpolicyBinaryAuthorizationDataplex autodata qualityFreeze releaseswhen budget spentAttestation admits;scan only reportsFail pipeline ifscore below targetA gate must be automated and blocking; a report that emails findings is not a control

Cheat sheet

  • A quality measure becomes a control only when it is automated and blocking
  • Quality gates split into three families: reliability, supply-chain, and data
  • The error budget turns an SLO into a release decision
  • Run automated tests as a required check, so a failure blocks the merge
  • Mandatory code review is both a quality control and a separation-of-duties control
  • Vulnerability scanning reports findings; it does not block a deploy
  • Binary Authorization is the deploy-time gate that enforces via attestation
  • Run a new Binary Authorization policy in dry-run before you enforce it
  • Cloud Build can produce SLSA Level 3 build provenance to strengthen the gate
  • Dataplex auto data quality gates data before consumers read it
  • Data quality rules are row-level or aggregate, each tagged with a dimension
  • DORA metrics trend; they are not a gate on any one change
  • Read the stem for gate versus metric, and report versus enforce
  • Continuous compliance monitoring against CIS/PCI-DSS benchmarks requires Security Command Center Premium

Unlock with Premium — includes all practice exams and the complete study guide.

References

  1. Cloud Build overview
  2. Artifact Registry overview
  3. Artifact Analysis: OS vulnerability scanning overview
  4. Binary Authorization overview
  5. Software supply chain security overview
  6. Well-Architected Framework: set reliability targets Well-Architected
  7. Google SRE Workbook: error budget policy Whitepaper
  8. Dataplex auto data quality overview
  9. Using the Four Keys to measure your DevOps performance Blog