MergeGate

MergeGate is a web app (with optional GitHub/GitLab UI extensions) that enforces security and compliance checks at pull/merge time using policy-as-code and verifiable evidence. Instead of dumping noisy scanner results into PR comments, it compiles a single “merge verdict” based on configured rules: SBOM present, SAST/DAST thresholds met, dependency risk acceptable, secrets scan clean, and required approvals recorded. It stores an auditable trail of what ran, when, on which commit, and why a merge was allowed or blocked. The product focuses on reducing false positives and developer friction by supporting exception workflows (time-boxed waivers with owner + justification), and by mapping findings to the exact diff/introduced dependency. Realistically, this won’t replace existing scanners; it sits above them to make decisions consistent and reviewable across repos and teams.