Deployment Risk Score API
Deployment Risk Score evaluates your deployment context — changed files, test coverage, deploy window, recent incidents — and returns a 0–100 risk score with a breakdown of every contributing factor.
What is it?
Deployment Risk Score evaluates your deployment context — changed files, test coverage, deploy window, recent incidents — and returns a 0–100 risk score with a breakdown of every contributing factor. It accepts a single JSON payload and returns a structured response in milliseconds — no agents, plugins, or background workers required. The API is designed for synchronous, real-time use: call it inline in your request handler, CI step, or event pipeline and act on the result immediately.
Why do you need it?
Problem
- Engineers deploy without a consistent framework for evaluating risk — what's risky for the payments service is routine for a docs update, but both go through the same process.
- Risk assessment is subjective and inconsistent: some engineers always approve, others block on instinct, and neither approach produces reliable outcomes.
- Teams have no visibility into the cumulative risk picture: high-traffic window + untested code + recent incidents all happening at once.
Consequence
- Friday afternoon deployments cause a disproportionate share of on-call incidents — the blast radius is high and responders are slow. Mean time to recovery is typically 3–5× longer on weekends.
- Deployments during high-traffic windows (peak hours, end of month, product launches) with low test coverage are the leading cause of revenue-impacting outages.
- Low-coverage code changes that break production cost an average of 4 engineer-hours to diagnose and roll back — plus the customer impact during the incident window.
Solution
- Objective, configurable risk scoring before every deployment — the same formula for every engineer, every service, every time.
- Factor breakdown explains exactly why the score is high, making it actionable: 'test coverage is 42%, add tests to reduce score by 18 points'.
- Integrates into CI/CD as a pass/fail gate or a Slack notification, with no manual step required.
Use cases
Pre-deployment gate in CI/CD
Score every deployment in your pipeline. Block deploys with risk score > 75 automatically and require a named approver to override.
Node.js — CI/CD gate
const API_KEY = process.env.DEVOPSIL_API_KEY;
const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
method: 'POST',
headers: {
Authorization: `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
service: 'payments-api',
environment: 'prod',
changed_files: changedFilesList,
tests_passed: true,
coverage_pct: 68,
deploy_window: new Date().toISOString(),
recent_incidents: 1,
}),
}).then(r => r.json());
if (result.score > 75) process.exit(1); // block pipelineresult.score is 0–100. result.factors lists each contributing factor with its weight and current value. Print factors as CI annotations.
Deployment window enforcement
Auto-score a deployment based on current time and recent incident count to enforce deploy windows without manual calendar management.
Node.js — time-aware scoring
const API_KEY = process.env.DEVOPSIL_API_KEY;
const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
method: 'POST',
headers: {
Authorization: `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
service: 'billing-service',
environment: 'prod',
changed_files: files,
tests_passed: allPassed,
coverage_pct: coverage,
deploy_window: new Date().toISOString(), // API scores based on time of day/week
recent_incidents: incidentsLast7Days,
}),
}).then(r => r.json());result.factors.deploy_window explains the time-based penalty. If score is high due to timing alone, suggest waiting for the recommended window in result.recommended_window.
Team risk dashboard
Record every deployment risk score and display a rolling trend per service — giving teams visibility into whether their risk posture is improving or degrading.
Node.js — store for dashboard
const API_KEY = process.env.DEVOPSIL_API_KEY;
const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
method: 'POST',
headers: {
Authorization: `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(deployContext),
}).then(r => r.json());
await db.insert('deployment_scores', {
service: deployContext.service,
score: result.score,
risk_level: result.risk_level, // 'low' | 'medium' | 'high' | 'critical'
factors: JSON.stringify(result.factors),
deployed_at: new Date(),
});Aggregate scores per service per week. Chart rolling average to surface services trending riskier over time.
Release manager approvals
Surface the risk score in Slack or email before a release manager approves, giving them the full context in one message.
Node.js — Slack risk notification
const API_KEY = process.env.DEVOPSIL_API_KEY;
const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
method: 'POST',
headers: {
Authorization: `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(deployContext),
}).then(r => r.json());
await postSlackMessage({
text: `Deploy approval needed: ${deployContext.service} — Risk score ${result.score}/100 (${result.risk_level})`,
blocks: result.factors.map(f => ({ type: 'section', text: `${f.name}: ${f.value} (+${f.impact})` })),
});Release managers see the score, risk level, and every factor in Slack before clicking approve. No context-switching required.
Post-incident review
Correlate deployment risk scores with incidents in your postmortem tool to build a historical record of which score thresholds reliably predict outages.
Node.js — incident correlation
const API_KEY = process.env.DEVOPSIL_API_KEY;
// Pull deployment that preceded an incident
const deployment = await db.query(
'SELECT * FROM deployment_scores WHERE deployed_at < $1 ORDER BY deployed_at DESC LIMIT 1',
[incidentStartTime]
);
// Enrich the postmortem with the risk score context
const postmortem = {
incident_id: incidentId,
preceding_deploy_score: deployment.score,
preceding_deploy_factors: deployment.factors,
risk_level: deployment.risk_level,
};Over time, correlate mean score of deploys preceding incidents vs. non-incident deploys to calibrate your block threshold.
SLO-aware deployments
Feed current error budget burn rate into the risk score so deployments are automatically blocked when you're burning budget faster than expected.
Node.js — SLO-aware scoring
const API_KEY = process.env.DEVOPSIL_API_KEY;
const burnRate = await getCurrentBurnRate('payments-api'); // your SLO tool
const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
method: 'POST',
headers: {
Authorization: `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
...baseDeployContext,
custom_factors: [
{ name: 'error_budget_burn_rate', value: burnRate, weight: 0.15 },
],
}),
}).then(r => r.json());result.custom_factors shows the burn rate contribution. If burn rate is high, the score rises even if all other factors are green.
Risk factors
| Factor | Description | Max impact |
|---|---|---|
| changed_files | Number of files modified | +25 |
| tests_passed | Whether test suite passed | +30 |
| coverage_pct | Test coverage percentage | +20 |
| deploy_window | Time of day / day of week | +15 |
| recent_incidents | Incidents in last 7 days | +20 |
| environment | prod / staging / dev | +10 |
| rollback_available | Whether rollback is possible | −10 |
| canary_deploy | Whether it's a partial rollout | −15 |
How the API works
All requests use Bearer authentication. Your API key starts with dep_. Get one at /dashboard/api-keys.
Request
{
"service": "payments-api",
"environment": "prod",
"changed_files": ["src/payment/processor.ts", "src/payment/validation.ts", "config/stripe.yaml"],
"tests_passed": true,
"coverage_pct": 62,
"deploy_window": "2024-03-15T17:30:00Z",
"recent_incidents": 2,
"rollback_available": true,
"canary_deploy": false
}Response
{
"score": 71,
"risk_level": "high",
"recommendation": "warn",
"recommended_window": "2024-03-18T10:00:00Z",
"factors": [
{ "name": "tests_passed", "value": true, "impact": 0 },
{ "name": "coverage_pct", "value": 62, "impact": 12 },
{ "name": "changed_files", "value": 3, "impact": 8 },
{ "name": "deploy_window", "value": "17:30 Fri", "impact": 13 },
{ "name": "recent_incidents", "value": 2, "impact": 18 },
{ "name": "environment", "value": "prod","impact": 10 },
{ "name": "rollback_available","value": true, "impact": -10 }
],
"evaluated_at": "2024-03-15T17:29:58Z"
}Quick start
Get your API key
Create a free account and generate a key at /dashboard/api-keys. Your key starts with dep_.
Make your first call
Node.js
const API_KEY = process.env.DEVOPSIL_API_KEY; // starts with dep_
const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
method: 'POST',
headers: {
Authorization: `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
service: 'my-api',
environment: 'prod',
changed_files: ['src/auth.ts', 'config/prod.yaml'],
tests_passed: true,
coverage_pct: 70,
deploy_window: new Date().toISOString(),
recent_incidents: 0,
}),
}).then(r => r.json());
console.log(`Risk score: ${result.score} (${result.risk_level})`);Act on the result
Node.js — handle response
if (result.risk_level === 'critical' || result.score > 80) {
console.error('Deploy blocked. Top factors:', result.factors.filter(f => f.impact > 10));
process.exit(1);
} else if (result.risk_level === 'high') {
console.warn('High risk — consider deploying at:', result.recommended_window);
} else {
console.log('Deploy approved. Score:', result.score);
}