You can perform static code analysis on the policies generated by the CA Policy Manager, how is this phase integrated during the continuous integration process, can it be integrated with Sonar (generating rules)?
For the policy analysis, we currently don't have a solution for this and have an idea opened in our community (Policy Quality Scanning Tools ). Please review and add any insight along with up voting the idea.
Additional link around CI/CD workflow (Version Control Example - CA API Gateway - 9.3 - CA Technologies Documentation ) .
Stephen HughesBroadcom Support