Digital Product Release policies

  • Release version: Australia
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Digital Product Release policies

    The Digital Product Release (DPR) policies content pack provides a set of automated policies designed to enforce phase gate verification and continuous evaluation of software artifacts throughout product and service release lifecycles. These policies help ensure that configuration data and release content meet compliance standards, supporting effective lifecycle administration via the Policy as Code Engine (PaCE).

    Show full answer Show less

    Customers cannot modify base system policies directly but can create copies for customization. While most policies apply to both product and service releases, some are exclusive to product releases.

    Key Policies and Their Functions

    • All Completed Stories Have Associated Commits: Validates that every completed story in a release has corresponding commits; flags releases as non-compliant if any completed story lacks commits.
    • All Change Requests Are Closed or Inactive: Ensures all change requests in a release phase are either closed or cancelled; active requests cause non-compliance.
    • All Planned Stories Are Completed: Checks that 100% of planned stories are completed, including those linked via plan versions, epics, features, or enhancements.
    • Code Coverage Threshold: Confirms that average code coverage across artifact versions meets or exceeds a specified minimum (default 100%); artifacts without coverage data are excluded from calculations.
    • Test Pass Thresholds (Integration, Load, Regression, Smoke, System, User Acceptance): Each policy verifies that the percentage of passed tests of the specified type across all artifact versions meets or exceeds a defined threshold (default 100%).
    • No Critical Vulnerabilities Found: Validates that no blocker, critical, high, or major vulnerabilities exist in the release; any such vulnerabilities result in non-compliance.
    • Validate Change Requests: Checks that all change requests across specified release phases are in allowed states, configurable via input arguments.

    Policies Excluded from Service Releases

    The following policies do not apply to service releases:

    • All Completed Stories Have Associated Commits
    • Integration Test Pass Threshold
    • Regression Test Pass Threshold
    • System Test Pass Threshold
    • Code Coverage Threshold
    • No Critical Vulnerabilities Found
    • Load Test Pass Threshold
    • Smoke Test Pass Threshold
    • User Acceptance Test Pass Threshold

    Practical Use for ServiceNow Customers

    These policies enable ServiceNow customers to automate compliance checks throughout their digital product release process, ensuring quality and security standards are met before deployment. By leveraging these policies—either as provided or customized copies—customers can enforce rigorous verification of development artifacts, test results, and change management states. This automation reduces manual oversight, accelerates release readiness, and supports governance requirements.

    Understanding which policies apply to your release type (product vs. service) helps in tailoring your compliance approach effectively. Input parameters such as test pass thresholds and change request states allow fine-tuning policy enforcement to align with organizational standards.

    The Digital Product Release Policy Content Pack contains a set of policies to automate phase gate verification and continuous evaluation of software artifacts.

    You can use or customize these default DPR policies to validate that your configuration data content is conformable, or administrate the full life cycle of PaCE policies. For more information, see Policy as Code Engine (PaCE).
    Note:
    You can’t modify the base system policies. However, you can create a copy of the policy and customize it.

    These policies are for both product and service releases. However, a few don't apply to service releases. For more information about those policies, see Policies not applicable to service releases.

    All Completed Stories Have Associated Commits (all_completed_stories_have_associated_commits)

    This policy checks whether all the completed stories of a release have associated commits.

    The policy results into a non-compliant status when a completed story of a release has no associated commits.

    All Planned Stories Are Completed (all_planned_stories_are_completed)

    This policy checks whether all the planned stories of a release are completed. This policy also checks if the product version is associated with plan version. If it’s associated with plan version, it checks all stories associated with plan version in addition to the stories associated with epics in features or enhancements.

    The policy results into a non-compliant status when the completion percentage of stories planned for a release isn’t 100%. The completion percentage of planned stories is calculated as (Total completed stories/Total planned stories) * 100.

    Code Coverage Exceeds Threshold (code_coverage_threshold)

    This policy checks whether the percentage of code coverage exceeds the threshold value.

    The policy results into a non-compliant status when the percentage of code coverage is less than the specified threshold value. The percentage of code coverage for a release is the average code coverage calculated for all artifact versions included in the release.
    Note:
    The artifact versions with no code coverage data are excluded from the average code coverage calculation.
    Input arguments
    minCodeCoverageThreshold
    • The minimum accepted value for the code coverage for a release.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Integration Test Pass Exceeds Threshold (integration_test_pass_threshold)

    This policy checks whether the percentage of passed integration tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed integration tests is less than the specified threshold value. The passed integration tests percentage is calculated as (Total passed integration tests for all artifact versions/Total integration tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed integration tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Load Test Pass Exceeds Threshold (load_test_pass_threshold)

    This policy checks whether the percentage of passed load tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed load tests is less than the specified threshold value. The passed load tests percentage is calculated as (Total passed load tests for all artifact versions/Total load tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed load tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    No Critical Vulnerabilities Found (no_critical_vulnerabilities)

    This policy checks whether there are no critical vulnerabilities found in a release.

    The policy results into a non-compliant status when the total number of vulnerabilities categorized as blocker, critical, high, or major is greater than zero.

    Regression Test Pass Exceeds Threshold (regression_test_pass_threshold)

    This policy checks whether the percentage of passed regression tests isn’t less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed regression tests is less than the specified threshold value. The passed regression tests percentage is calculated as (Total passed regression tests for all artifact versions/Total regression tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed regression tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Smoke Test Pass Exceeds Threshold (smoke_test_pass_threshold)

    This policy checks whether the percentage of passed smoke tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed smoke tests is less than the specified threshold value. The passed smoke tests percentage is calculated as (Total passed smoke tests for all artifact versions/Total smoke tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed smoke tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    System Test Pass Exceeds Threshold (system_test_pass_threshold)

    This policy checks whether the percentage of passed system tests is not less than the threshold value.

    The policy results into a non-compliant status when the percentage of passed system tests is less than the specified threshold value. The passed system tests percentage is calculated as (Total passed system tests for all artifact versions/Total system tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed system tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    User Acceptance Test Pass Exceeds Threshold (user_acceptance_test_pass_threshold)

    This policy checks whether the percentage of passed user acceptance tests is not lower than the threshold value.

    The policy results into a non-compliant status when the percentage of passed user acceptance tests is less than the specified threshold value. The passed user acceptance tests percentage is calculated as (Total passed user acceptance tests for all artifact versions/Total user acceptance tests for all artifact versions) * 100.

    Input arguments
    minTestPassThreshold
    • The minimum accepted value for the percentage of passed user acceptance tests.
    • Default value: 100
    • Type: Integer
    • Usage: Mandatory

    Validate change requests (validate_change_requests)

    This policy checks whether all change requests are in the given states, across all phases or a single phase of a release.

    The policy results into a non-compliant status when at least one change request is not in any of the given states.

    Input arguments
    Validate all phases: Determines whether to check the state of change requests in all phases or in a single phase of a release.
    • Default value: False
    • Type: Boolean
    • Usage: Mandatory
    States to validate: An array of states of change requests to validate. It accepts comma-separated numeric values corresponding to the states.
    • Default value: Empty
    • Type: Data Array
    • Usage: Mandatory

    Policies not applicable to service releases

    The following policies don't apply to service releases.
    • all_completed_stories_have_associated_commits
    • integration_test_pass_threshold
    • regression_test_pass_threshold
    • system_test_pass_threshold
    • code_coverage_threshold
    • no_critical_vulnerabilities
    • load_test_pass_threshold
    • smoke_test_pass_threshold
    • user_acceptance_test_pass_threshold