CI and Engineering Metrics
Track pipeline duration, queue time, pass rate, flaky test rate, vulnerability age, coverage trend, deployment frequency, change failure rate, and recovery time. Segment by repository type and avoid ranking individual developers.
Management views should answer: Are builds becoming faster and more reliable? Which repositories lack baseline controls? Are severe findings aging? Where is release hardening repeatedly delayed?
SonarQube provides code-quality trends, Allure test execution detail, GitHub Actions pipeline metrics, and security tools their specialised findings. A unified scorecard may link these sources without pretending one tool owns every metric.