I’m currently using AppSweep in one of my open-source projects, pretty much to compare it with some other solutions in the field (like Oversecured and NowSecure)
I’m currently driving the integration using the Github Action, since it fits naturally in my CI/CD pipeline.
I’ve been questioning if such Security analysis should follow a blocking behavior, ie, waiting until the analysis to finished before exiting at pipeline level and eventually breaking the CI/CD pipeline according conditions defined by AppSweep and/or by the user (eg, don’t fail pipelines unless the Security issue is Severe/Critical, etc).
I know that such analysis can take a lot of time sometimes, but for some scenarios this is quite doable and even desirable; for instance, I could have such Security checks running on my nightly builds, so Engineers won’t be blocked by AppSweep while developing new stuff (eg, waiting for PR checks).
Do you folks have any plans to provide such behavior for this Github Action and also for the Gradle plugin?
Thanks in advance!