https://blog.abhipraya.dev/tags/qa/Recent content in Qa on Daffa AbhiprayaHugoen-us© Daffa AbhiprayaThu, 09 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/qa/Thu, 09 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/qa/<p>Quality tools are useless if they are not enforced. Our project had SonarQube analyzing every commit, schema fuzzing running against our API, and load tests measuring latency, but every single one of them was set to <code>allow_failure: true</code>. Violations were silently ignored, real bugs slipped through, and nobody noticed because the pipeline was always green. This blog covers how we turned those advisory checks into blocking gates, built automated CI reporting so reviewers could actually see the results, and watched the tools catch a JWT vulnerability, a production crash, and 31 code quality violations that had been accumulating for weeks.</p>https://blog.abhipraya.dev/ppl/part-a/tdd-and-qa/Sun, 15 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/tdd-and-qa/<p>We had 91% line coverage and felt good about it. Then we ran mutation testing and scored 0%. Every line of our service layer was executed by tests; almost nothing was actually verified. This is the story of how six advanced testing tools exposed the gap between &ldquo;code was run&rdquo; and &ldquo;code was checked,&rdquo; and what that means for any team relying on coverage as a quality signal.</p> <blockquote> <p><strong>Note:</strong> Our project is hosted on an internal GitLab instance, so we use the term <strong>MR (Merge Request)</strong> throughout this blog. If you&rsquo;re coming from GitHub, MRs are the equivalent of <strong>Pull Requests (PRs)</strong>.</p>