PCI-DSS Req 10.7 requires that failures of critical security controls are detected and reported promptly; OWASP A09 lists the absence of error rate alerting as a primary logging and monitoring failure. Without an error tracking service, you have no signal when your application starts throwing 500s at scale — users silently churn while a deployment bug or dependency failure goes unnoticed. CWE-778 covers this: insufficient logging of error conditions leaves the system operating in a degraded state without any operator awareness. Error rate alerting ("10 errors in 5 minutes → page on-call") is the automated trip wire that converts application errors into human-actionable incidents before they become outages.
High because unmonitored error rates allow deployment bugs and dependency failures to degrade user experience for extended periods before detection.
Install and initialize an error tracking service. For Next.js, Sentry has a wizard that handles all configuration automatically.
npx @sentry/wizard@latest -i nextjs
The wizard creates sentry.client.config.ts, sentry.server.config.ts, and sentry.edge.config.ts and wires everything into next.config.js. Verify the SENTRY_DSN is added to .env.example.
Then configure a Sentry alert rule: in your project's Alerts tab, add a rule that triggers when error count exceeds 10 in a 5-minute window, routed to email or Slack. This threshold prevents alert fatigue from one-off errors while catching real degradation.
ID: saas-logging.monitoring.error-rate-alerting
Severity: high
What to look for: Enumerate all relevant files and Look for error tracking and alerting services. Check package.json for: @sentry/nextjs, @sentry/node, @sentry/browser, dd-trace, newrelic, @bugsnag/js, @rollbar/node, honeybadger-js. Check for Sentry configuration files (sentry.client.config.*, sentry.server.config.*, sentry.edge.config.*). Look for .env.example entries like SENTRY_DSN, DD_API_KEY, BUGSNAG_API_KEY. Also check if the monitoring service (if configured for uptime) also provides error rate alerting.
Pass criteria: An error tracking service is installed and configured. Evidence: the library is in package.json AND a configuration file or initialization call exists AND either a DSN/API key is referenced in .env.example or an environment variable reference is present in code.
Fail criteria: No error tracking library installed, OR the library is installed but not initialized (no config file, no Sentry.init() or equivalent call found in the codebase).
Skip (N/A) when: Never — every production application should track errors.
Detail on fail: Example: "@sentry/nextjs is in package.json but no sentry.*.config.* file found and no Sentry.init() call detected — package is installed but not initialized" or "No error tracking library found in package.json"
Remediation: Error rate alerting tells you when your application starts throwing errors your users are hitting — before they reach out or churn. Sentry is the most common choice for Next.js projects.
npx @sentry/wizard@latest -i nextjs
The Sentry wizard configures everything automatically. After setup, test it by throwing a deliberate error in development and verifying it appears in your Sentry dashboard.
Configure an alert rule in Sentry: "When error count exceeds 10 in 5 minutes, notify via email/Slack." This prevents alert fatigue from one-off errors while catching real degradation.