Skip to main content
Every finding has a severity. A threshold decides which severities cause a run to fail (exit non-zero) and which are reported but don’t block. This page covers the controls you use to tune blocking behavior.

Severity levels

Findings are reported at these severities, most to least serious:
SeverityMeaning
CriticalA serious issue that should be fixed before merge.
HighAn important issue.
MediumA moderate issue.
LowA minor issue. Hidden from text output by default; show it with --show-low-confidence.
WarningA non-blocking advisory.
InfoInformational only.

Fail on warnings

By default, warnings are reported but don’t fail a check. To treat warnings as errors: 
mergeguide check src/ --fail-on-warning
Or set it for the whole project in config:
.mergeguide/config.yaml
fail_on_warning: true

Set the minimum reported severity

Use the severity config key to set the lowest severity MergeGuide reports:
.mergeguide/config.yaml
severity: warning   # one of: error, warning, info

Fail thresholds for scanners

The vulnerability and IaC scanners take an explicit --fail-on threshold. The run exits 1 when a finding at that severity or above is present; otherwise it exits 0: 
# Fail only on critical vulnerabilities
mergeguide scan vuln --path ./my-project --fail-on critical

# Fail on high or critical IaC misconfigurations
mergeguide scan iac --path ./infra --fail-on high
--fail-on accepts none (default — never fail), high, or critical.

Advisory mode

To report findings without ever blocking — useful when you’re rolling MergeGuide out and don’t want to break builds yet — run in advisory mode. It always exits 0: 
mergeguide check src/ --advisory
A common adoption path: start with --advisory so findings surface without blocking, then remove --advisory and add --fail-on-warning once your team has cleared the backlog.

How blocking maps to your workflow

The same thresholds apply wherever a check runs — locally, in a git hook, or in the PR gate. The fail_mode config key (closed by default) controls whether a failed check blocks. See Enforcement layers for where each check sits in your workflow.

Next steps

Running scans

Run checks and scanners with these thresholds.

Configuration keys

The full list of config keys.