Automate Your Change Management Workflows

End-to-end merge request automation with VCS & tracker integration. Classification, risk assessment, security scanning, license compliance, DORA metrics, and approval workflows — all in one platform.

Get Started Explore Features

Key Features

Everything you need to automate change management across your organization.

Automated Classification

Regex-based branch pattern matching to classify MRs as hotfix, feature, or release. Ordered rule evaluation with first-match-wins logic and auto-approve for emergency changes.

Change Management Integration

Automatic CMG issue creation in Jira or built-in tracker. Template-powered fields with dynamic variables, business task validation, and issue linking.

Risk Assessment

Multi-factor risk scoring: change windows, blackout periods, service criticality, diff size, and file footprint rules. Auto-block high-risk changes outside maintenance windows.

Security Scanning

Gitleaks-powered secret detection in MR diffs. SCA for dependency vulnerabilities via OSV.dev across 15+ ecosystems including Go, npm, Python, Java, Rust, and more.

License Compliance

deps.dev API integration for SPDX license resolution. On-demand full-project vulnerability and license analysis with atom and expression breakdowns.

DORA Metrics

Industry-standard DevOps metrics: Deployment Frequency, Lead Time for Changes, Change Failure Rate, and MTTR. Per-project breakdowns with Elite/High/Medium/Low ratings.

Built-in Tracker

MergePilot Tracker as a Jira alternative. Kanban board with drag-and-drop, configurable workflow states, custom fields, and VCS-linked automatic CMG creation.

Multi-Channel Notifications

Route notifications to Slack, Teams, or Email based on project path patterns. Priority-ordered route matching with SMTP support and HTML templates.

Multi-Tenant Architecture

Company-level isolation with separate VCS/Tracker configurations, classification rules, and project mappings. LDAP + GitLab OAuth authentication with role-based access control.

How It Works

From webhook to approval — a fully automated pipeline for every merge request.

1

VCS Webhook

MR events trigger processing

2

Classify MR

Branch pattern matching

3

Validate Tasks

Business task status check

4

Risk Assessment

Multi-factor risk scoring

5

Security Scan

Secrets + dependency vulnerabilities

6

Create CMG

Change management issue

7

Await Approval

Tracker-driven review

8

Approve / Reject

MR action on VCS

Security

Comprehensive Security & Compliance

  • Secret detection — Gitleaks-powered scanning of MR diffs for API keys, passwords, tokens with severity-based alerting
  • Dependency vulnerability scanning — OSV.dev integration across 15+ ecosystems: Go, npm, Python, Java, Rust, Ruby, .NET, and more
  • License compliance — Automated SPDX license resolution via deps.dev API with on-demand project-wide analysis
  • Risk-based blocking — Auto-block MRs with critical vulnerabilities, exposed secrets, or out-of-window changes
sca_scan_result 
{
  "scan_type": "sca",
  "ecosystems": ["Go", "npm", "PyPI"],
  "vulnerabilities": 3,
  "severity": {
    "critical": 1,
    "high": 2
  },
  "licenses_resolved": 142
}
Analytics

DevOps Intelligence & Metrics

  • DORA metrics dashboard — Track Deployment Frequency, Lead Time, Change Failure Rate, and MTTR across all projects
  • Change calendar — Visual timeline of all changes across the organization with risk overlays
  • Approval fatigue detection — Monitor approval concentration and prevent rubber-stamping
  • Comprehensive audit trail — 40+ action types with full traceability from webhook to approval
4 Metrics DORA
15+ Ecosystems
40+ Audit Actions
24/7 Monitoring
Deployment

Enterprise-Ready Deployment

  • Docker Compose — Single command startup with MongoDB included for development and small teams
  • Kubernetes + Helm chart — Production-ready with horizontal scaling and rolling updates
  • Multi-pod safe — Atomic job claiming with heartbeat and stale job recovery across pods
  • Provider-agnostic — VCS and Tracker provider abstraction ready for GitLab, GitHub, Bitbucket, Jira, and built-in tracker
terminal 
$ docker-compose up -d
Creating mongo     ... done
Creating backend   ... done
Creating frontend  ... done

$ curl localhost:8080/health
{"status": "healthy"}

Built With

Modern, battle-tested technologies for reliability and performance.

Go
Gin
React
TypeScript
MongoDB
Docker
Kubernetes
Tailwind CSS

Architecture Overview

A clean, event-driven architecture built for reliability.

GitLab
Merge Pilot
Backend
Jira / Tracker
MongoDB
React Dashboard

Deployment

Production-ready Kubernetes deployment with Helm chart.

Kubernetes

Helm chart included
Horizontal scaling
Health checks & probes
Multi-pod safe with heartbeat
Rolling updates & zero downtime
Production ready
helm install merge-pilot ./chart

Get In Touch

Ready to automate your change management? Contact us for a demo or any questions.

support@cloudnativeworks.com Contact Us