Test Coverage
Live ecosystem health metrics from Codecov
Verification & Coverage
We believe in radical transparency. Every line of security logic in Interlace is verified through automated testing, and the results are publicly visible.
Trust Through Transparency
Coverage data is fetched dynamically from Codecov and cached for 4 hours. Updates are reflected automatically—no redeployment needed.
How It Works
- Codecov Integration — Coverage is measured on every CI run
- JSON Caching — Data is cached using our json-cache policy (4-hour TTL)
- Real-Time Display — This page shows live metrics from the ecosystem
Coverage Standards
| Plugin Type | Minimum Coverage | Rationale |
|---|---|---|
| Core Security | 85%+ | Mission-critical vulnerability detection |
| Framework Plugins | 80%+ | Framework-specific security patterns |
| Quality Plugins | 75%+ | Code quality and best practices |
Why Coverage Matters for Security
High test coverage in security tooling means:
No False Negatives
Every vulnerability pattern is tested to ensure detection works correctly.
No False Positives
Edge cases are covered to prevent noisy, incorrect warnings.
Regression Safety
Changes are validated against known vulnerability patterns.
Coverage Standards Enforcement
CI/CD Gates
Every pull request must pass coverage gates:
# .github/workflows/test.yml
- name: Run Tests with Coverage
run: npm run test:coverage
- name: Upload to Codecov
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: true
- name: Check Coverage Thresholds
run: |
if [ $(cat coverage/coverage-summary.json | jq '.total.lines.pct') -lt 80 ]; then
echo "Coverage below threshold!"
exit 1
fiCodecov Configuration
coverage:
status:
project:
default:
target: 85%
threshold: 2%
patch:
default:
target: 90%What We Test
- Detection accuracy — Does the rule catch the vulnerability?
- Edge cases — Safe patterns that shouldn't trigger
- Auto-fixes — Do fixes produce valid, secure code?
- Error messages — Is metadata (CWE, CVSS) correct?
View Live Dashboard
Open Codecov Dashboard →
Our Commitment
Security plugins are required to maintain at least 85% coverage. Framework-specific plugins target 80%. We reject PRs that decrease coverage without justification.