Workflow analyzer is a really good feature and combining it with Governance helps make organizations build guard rails around automations.
We have been exploring governance enablement in our organization for a while now and have implemented the same already.
As part of that process only, we have 1 more recommendation to share with you.
Governance is enabled in an organization, however there still are below possibilities:
- In an enterprise, if download of community version is not yet blocked, developer could download that version, create automation using that, bundle the package and upload it to other environments(uat/prod as well) manually.
- If community version download is blocked, there is still a possibility that any outside package(made using community version) can be brought inside and published to orchestrator manually.
In both of these cases, no governance check or analyzer check would happen as those checks only happen during publish or run from studio where policy is enabled.
If same policy/analyzer checks that are installed on studio can also be run on packages during manual upload on orchestrator, then it can be ensured that all packages are compliant to policy being followed in an organization.
Looking forward to hearing your inputs on same.