Skip to main content
Cover image for Building a Culture of Quality in Fast-Moving Teams
QA culture engineering

Building a Culture of Quality in Fast-Moving Teams

Embed quality into your engineering culture without slowing velocity — shift left, bug bashes, and shared ownership.

ReleaseLens Team 📖 6 min read

In 2014, Knight Capital Group deployed untested code to production and lost $440 million in 45 minutes. In 2017, GitLab accidentally deleted a production database and live-streamed the recovery for 18 hours. These aren’t stories about bad engineers — they’re stories about teams that hadn’t built systems to catch human error before it reached production.

Quality isn’t a phase at the end of a sprint. It’s a set of habits, tools, and agreements embedded into how a team works every single day. And contrary to popular belief, investing in quality doesn’t slow you down — it eliminates the rework, hotfixes, and trust erosion that actually kill velocity.

🔀 Shifting Left: Catching Bugs Where They’re Cheapest

The cost of fixing a defect rises exponentially the later it’s discovered. IBM’s Systems Sciences Institute found that a bug caught during design costs 1x to fix, during coding costs 6.5x, during testing costs 15x, and in production costs 100x. Shifting left means moving quality activities earlier in the development lifecycle.

In practice, this looks like:

  • Pair programming or mob programming on complex features — two sets of eyes catch logic errors that unit tests miss
  • PR review checklists that include testability, error handling, and observability — not just “does the code work”
  • Linting and static analysis in pre-commit hooks using tools like ESLint, SonarQube, or Semgrep so formatting debates and security anti-patterns never reach the PR stage

The shift-left philosophy isn’t about writing more tests. It’s about creating shorter feedback loops so developers learn about problems while the context is still fresh in their minds.

🏃 Baking Quality Into Sprint Ceremonies

Quality becomes cultural when it’s woven into the rituals a team already follows. Here’s how to do it without adding meetings:

Sprint Planning: For every story, ask “How will we test this?” before estimating. If nobody can articulate the test strategy, the story isn’t ready. This single question eliminates the “we’ll figure out testing later” trap that produces untestable features.

Daily Standup: Add a standing question: “Is anything currently untestable or blocked by test environment issues?” This surfaces infrastructure debt that silently degrades quality.

Sprint Review: Demo from the test environment, not a developer’s local machine. When stakeholders see the real product in a real environment, they catch deployment-specific issues before users do.

Retrospective: Track a “quality” metric each sprint — escaped defects (bugs found in production), time spent on hotfixes, and test suite reliability (flaky test rate). When these numbers are visible, teams naturally prioritize improvements.

🐛 Bug Bashes: Structured Chaos That Works

A bug bash is a time-boxed session where the entire team — engineers, designers, PMs, even customer support — explores the product looking for bugs. Done right, bug bashes find the cross-functional issues that automated tests miss: confusing copy, broken flows on specific devices, accessibility gaps, and “nobody would actually do this” edge cases that users absolutely do.

Rules for an effective bug bash:

  1. Time-box strictly — 60-90 minutes, no more. Energy drops fast after that.
  2. Provide focus areas — “Test the checkout flow on mobile” produces better results than “find bugs anywhere.”
  3. Use a shared bug log — A Google Sheet or Notion board where everyone logs issues in real time with screenshots. No context-switching to Jira during the bash.
  4. Triage immediately after — Spend 30 minutes right after the bash categorizing bugs by severity. Ship critical fixes before the next release; backlog the rest.

Teams at Shopify run bug bashes before every major launch. The key insight is that diverse perspectives — a support rep knows which flows confuse users; a designer spots visual inconsistencies; a PM catches misaligned business logic — find categories of bugs that engineers alone would never encounter.

🚦 Quality Gates in CI/CD

Automation turns quality agreements from aspirations into enforcement. A quality gate is a CI/CD check that blocks deployment if standards aren’t met:

  • Test coverage thresholds: Not 100% — that’s counterproductive. Set a floor (e.g., 70% line coverage for new code) and ratchet it up over time. The goal is to prevent coverage from eroding, not to chase a vanity number.
  • No skipped tests: A test.skip() or @Ignore annotation should trigger a warning. More than three skipped tests should block the pipeline. Skipped tests are broken tests with better PR.
  • Performance budgets: Lighthouse scores, bundle size limits, or API response time thresholds that prevent performance regressions from shipping unnoticed.
  • Security scanning: Tools like Snyk, Trivy, or GitHub’s Dependabot catch vulnerable dependencies before they reach production. Make critical vulnerability findings a deploy blocker.

The critical principle: quality gates should be fast. If your CI pipeline takes 45 minutes, developers will find ways around it. Keep the gate under 10 minutes by parallelizing test suites and running only affected tests on PR builds.

🔍 Blameless Post-Mortems: Learning Without Fear

When something breaks in production, the team’s response determines whether the same failure happens again. Blameless post-mortems focus on systems that allowed the failure rather than people who made mistakes.

Google’s SRE team popularized a post-mortem template with five sections: summary, impact, root cause, timeline, and action items. The action items section is where culture lives. Every action item should be a systemic fix — “add integration test for payment webhook retry logic” — not a personal directive like “tell Sarah to be more careful.”

Publish post-mortems internally. When teams see that incidents lead to improvements rather than punishment, they report near-misses voluntarily. Those near-miss reports are gold — they reveal systemic weaknesses before they cause outages.

🚫 When NOT to Write Tests

Quality culture also means knowing where testing effort yields diminishing returns:

  • Throwaway prototypes: If you’re validating a product hypothesis with a two-week prototype, spending three days on test coverage is misallocated effort. Write tests when (and if) the prototype becomes a real feature.
  • Generated code and configuration: Testing auto-generated API clients or Terraform state files tests the generator, not your logic.
  • Heavily mocked unit tests: If a test mocks every dependency and only verifies that your code calls mock methods in the right order, it’s testing implementation details rather than behavior. These tests break on every refactor and catch zero real bugs.

The principle: test behavior your users depend on. Skip tests that only exercise wiring.

Quality culture compounds. Each improvement — a faster CI pipeline, a blameless post-mortem, a pre-sprint testability review — makes the next improvement easier. If you’re looking for a structured starting point to assess where your team’s quality practices have gaps, a QA audit provides a clear-eyed baseline and a prioritized improvement roadmap. Learn about our QA Audit →

Back to all articles

Want an expert review of your product?

Professional QA, UX, CRO, and SEO audits. Delivered in 5–10 days.

View audit services Talk to us