Hi Tattwa,
Do you mean the code quality of custom assertions that you are writings? Or are you talking about the quality of the policy itself?
Custom assertions are written in Java. We use tools specific to Java when verifying the quality of them. Some tools we use are:
- SonarQube for code quality
- Veracode for security scanning
If you meant the quality of the policy itself. We currently do not have any tools for that. However, we do recognize that it is definitely an important need. I've just created an idea for this: Policy Quality Scanning Tools