To avoid that, Orca Security tried to create more quality gates on the developers' side. That crippled them, and their developer velocity crashed.
Fond of building systems, John started to check how other companies — such as Facebook or Google — managed their mono-repo. He found out at this time that Facebook was letting the pull requests being merged, and then they ran the quality gates. If those gates failed, they started hunting down what was the single pull request that caused the problem, reverted that code, and notified the user. Nothing satisfying.
Deepening his research, John discovered an open-source project called Bors. The promise was exciting. They tried to use it, but many issues occurred, from missing features such as managing squashed pull requests to the struggle to integrating Bors into GitHub. They wanted more. At the end of the day, they had closed pull requests and not merged ones.
Moreover, Bors does not offer managed services as an open-source project. To use Bors efficiently, they had to create and staff a dedicated team. Problem: that's neither their expertise nor their job. This was not a cost-efficient option for Orca Security since it would have required two full-time engineers to maintain the system.
Orca Security wanted to rely on a managed service and an expert team. That is how they discovered Mergify. A developer from Orca was in charge of finding alternatives and building POC.
After building one with Mergify, it appeared that Mergify had the best set of features and worked frictionlessly.