Improving Product Reliability by Imposing Constraints as a Part of CI/CD Process

Revolut built a system that automatically blocks code deployments based on security risk and bug count. Here's how they shifted security left without slowing down 165,000+ pull requests.

Revolut's AppSec team created DARC (Dynamic Application Risk Calculator), a platform that calculates risk scores using weighted formulas and blocks PRs when thresholds are exceeded. The system integrates with their existing Security Drone scanner and multiple internal data sources.

Key Takeaways

• DARC evaluates 165,670 PRs in 2 months, blocking 1,832 automatically in ~5 seconds
• Risk score uses weighted arithmetic mean across 7 factors: data sensitivity, exposure, CIA triad
• Only 1% of applications now exceed risk threshold; open bugs decreased 31%
• Emergency derogation mechanism lets authorized engineers bypass blocks with full audit trail
• Two blocking modes: risk based (per application) and bugs based (per team)

The mathematical formula behind their risk scoring is surprisingly flexible and reveals how they balance security findings with application context.