DevOpsil

Deployment Risk Score API

Deployment Risk Score evaluates your deployment context — changed files, test coverage, deploy window, recent incidents — and returns a 0–100 risk score with a breakdown of every contributing factor.

Quick start →View DocsPOST https://devopsil.com/api/v1/deploy/score

What is it?

Deployment Risk Score evaluates your deployment context — changed files, test coverage, deploy window, recent incidents — and returns a 0–100 risk score with a breakdown of every contributing factor. It accepts a single JSON payload and returns a structured response in milliseconds — no agents, plugins, or background workers required. The API is designed for synchronous, real-time use: call it inline in your request handler, CI step, or event pipeline and act on the result immediately.

Why do you need it?

Problem

  • Engineers deploy without a consistent framework for evaluating risk — what's risky for the payments service is routine for a docs update, but both go through the same process.
  • Risk assessment is subjective and inconsistent: some engineers always approve, others block on instinct, and neither approach produces reliable outcomes.
  • Teams have no visibility into the cumulative risk picture: high-traffic window + untested code + recent incidents all happening at once.

Consequence

  • Friday afternoon deployments cause a disproportionate share of on-call incidents — the blast radius is high and responders are slow. Mean time to recovery is typically 3–5× longer on weekends.
  • Deployments during high-traffic windows (peak hours, end of month, product launches) with low test coverage are the leading cause of revenue-impacting outages.
  • Low-coverage code changes that break production cost an average of 4 engineer-hours to diagnose and roll back — plus the customer impact during the incident window.

Solution

  • Objective, configurable risk scoring before every deployment — the same formula for every engineer, every service, every time.
  • Factor breakdown explains exactly why the score is high, making it actionable: 'test coverage is 42%, add tests to reduce score by 18 points'.
  • Integrates into CI/CD as a pass/fail gate or a Slack notification, with no manual step required.

Use cases

Pre-deployment gate in CI/CD

Score every deployment in your pipeline. Block deploys with risk score > 75 automatically and require a named approver to override.

Node.js — CI/CD gate

const API_KEY = process.env.DEVOPSIL_API_KEY;

const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    service: 'payments-api',
    environment: 'prod',
    changed_files: changedFilesList,
    tests_passed: true,
    coverage_pct: 68,
    deploy_window: new Date().toISOString(),
    recent_incidents: 1,
  }),
}).then(r => r.json());

if (result.score > 75) process.exit(1); // block pipeline

result.score is 0–100. result.factors lists each contributing factor with its weight and current value. Print factors as CI annotations.

Deployment window enforcement

Auto-score a deployment based on current time and recent incident count to enforce deploy windows without manual calendar management.

Node.js — time-aware scoring

const API_KEY = process.env.DEVOPSIL_API_KEY;

const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    service: 'billing-service',
    environment: 'prod',
    changed_files: files,
    tests_passed: allPassed,
    coverage_pct: coverage,
    deploy_window: new Date().toISOString(), // API scores based on time of day/week
    recent_incidents: incidentsLast7Days,
  }),
}).then(r => r.json());

result.factors.deploy_window explains the time-based penalty. If score is high due to timing alone, suggest waiting for the recommended window in result.recommended_window.

Team risk dashboard

Record every deployment risk score and display a rolling trend per service — giving teams visibility into whether their risk posture is improving or degrading.

Node.js — store for dashboard

const API_KEY = process.env.DEVOPSIL_API_KEY;

const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify(deployContext),
}).then(r => r.json());

await db.insert('deployment_scores', {
  service: deployContext.service,
  score: result.score,
  risk_level: result.risk_level, // 'low' | 'medium' | 'high' | 'critical'
  factors: JSON.stringify(result.factors),
  deployed_at: new Date(),
});

Aggregate scores per service per week. Chart rolling average to surface services trending riskier over time.

Release manager approvals

Surface the risk score in Slack or email before a release manager approves, giving them the full context in one message.

Node.js — Slack risk notification

const API_KEY = process.env.DEVOPSIL_API_KEY;

const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify(deployContext),
}).then(r => r.json());

await postSlackMessage({
  text: `Deploy approval needed: ${deployContext.service} — Risk score ${result.score}/100 (${result.risk_level})`,
  blocks: result.factors.map(f => ({ type: 'section', text: `${f.name}: ${f.value} (+${f.impact})` })),
});

Release managers see the score, risk level, and every factor in Slack before clicking approve. No context-switching required.

Post-incident review

Correlate deployment risk scores with incidents in your postmortem tool to build a historical record of which score thresholds reliably predict outages.

Node.js — incident correlation

const API_KEY = process.env.DEVOPSIL_API_KEY;

// Pull deployment that preceded an incident
const deployment = await db.query(
  'SELECT * FROM deployment_scores WHERE deployed_at < $1 ORDER BY deployed_at DESC LIMIT 1',
  [incidentStartTime]
);

// Enrich the postmortem with the risk score context
const postmortem = {
  incident_id: incidentId,
  preceding_deploy_score: deployment.score,
  preceding_deploy_factors: deployment.factors,
  risk_level: deployment.risk_level,
};

Over time, correlate mean score of deploys preceding incidents vs. non-incident deploys to calibrate your block threshold.

SLO-aware deployments

Feed current error budget burn rate into the risk score so deployments are automatically blocked when you're burning budget faster than expected.

Node.js — SLO-aware scoring

const API_KEY = process.env.DEVOPSIL_API_KEY;

const burnRate = await getCurrentBurnRate('payments-api'); // your SLO tool

const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    ...baseDeployContext,
    custom_factors: [
      { name: 'error_budget_burn_rate', value: burnRate, weight: 0.15 },
    ],
  }),
}).then(r => r.json());

result.custom_factors shows the burn rate contribution. If burn rate is high, the score rises even if all other factors are green.

Risk factors

FactorDescriptionMax impact
changed_filesNumber of files modified+25
tests_passedWhether test suite passed+30
coverage_pctTest coverage percentage+20
deploy_windowTime of day / day of week+15
recent_incidentsIncidents in last 7 days+20
environmentprod / staging / dev+10
rollback_availableWhether rollback is possible−10
canary_deployWhether it's a partial rollout−15

How the API works

All requests use Bearer authentication. Your API key starts with dep_. Get one at /dashboard/api-keys.

Request

{
  "service": "payments-api",
  "environment": "prod",
  "changed_files": ["src/payment/processor.ts", "src/payment/validation.ts", "config/stripe.yaml"],
  "tests_passed": true,
  "coverage_pct": 62,
  "deploy_window": "2024-03-15T17:30:00Z",
  "recent_incidents": 2,
  "rollback_available": true,
  "canary_deploy": false
}

Response

{
  "score": 71,
  "risk_level": "high",
  "recommendation": "warn",
  "recommended_window": "2024-03-18T10:00:00Z",
  "factors": [
    { "name": "tests_passed",      "value": true,  "impact": 0  },
    { "name": "coverage_pct",      "value": 62,    "impact": 12 },
    { "name": "changed_files",     "value": 3,     "impact": 8  },
    { "name": "deploy_window",     "value": "17:30 Fri", "impact": 13 },
    { "name": "recent_incidents",  "value": 2,     "impact": 18 },
    { "name": "environment",       "value": "prod","impact": 10 },
    { "name": "rollback_available","value": true,  "impact": -10 }
  ],
  "evaluated_at": "2024-03-15T17:29:58Z"
}

Quick start

1

Get your API key

Create a free account and generate a key at /dashboard/api-keys. Your key starts with dep_.

2

Make your first call

Node.js

const API_KEY = process.env.DEVOPSIL_API_KEY; // starts with dep_

const result = await fetch('https://devopsil.com/api/v1/deploy/score', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    service: 'my-api',
    environment: 'prod',
    changed_files: ['src/auth.ts', 'config/prod.yaml'],
    tests_passed: true,
    coverage_pct: 70,
    deploy_window: new Date().toISOString(),
    recent_incidents: 0,
  }),
}).then(r => r.json());

console.log(`Risk score: ${result.score} (${result.risk_level})`);
3

Act on the result

Node.js — handle response

if (result.risk_level === 'critical' || result.score > 80) {
  console.error('Deploy blocked. Top factors:', result.factors.filter(f => f.impact > 10));
  process.exit(1);
} else if (result.risk_level === 'high') {
  console.warn('High risk — consider deploying at:', result.recommended_window);
} else {
  console.log('Deploy approved. Score:', result.score);
}

Frequently asked questions

Ready to integrate?

Free tier included. No credit card required.