Tool for real-time vulnerability scan of Appian code

Question

Some of the organisation have strict mandate that all applications must pass the vulnerability scan or security test (run via their preferred tool). 
 Example - https://www.checkmarx.com/technology/static-code-analysis-sca/ is used for java and .Net based applications - and the tool provides real-time indicators/suggestions of vulnerability in the code, as and when the developer develops the code. 
 But Appian is not compatible with Checkmarx (or vice versa!). Any suggestions from other developers or Appian Professional services in these scenarios ? 
 I have already checked following links but no luck: 
 community.appian.com/.../hardening-appian community.appian.com/.../kb-1442-speculative-execution-vulnerabilities community.appian.com/.../kb-1447-vulnerability-testing 
 forum.appian.com/.../Appian_Cloud_FAQ.html 
 community.appian.com/.../25389 community.appian.com/.../security-attacks-in-appian 
 Thanks, 
 Satish

Carlos Santander · Accepted Answer

Having run into situations like this before, I've successfully argued that there's no tool out there (to the best of my knowledge) that can perform static analysis on an Appian application (i.e. SAIL code, process models, etc.) Having made that case, dynamic analysis (vulnerability testing) still remained as a viable option, and that was sufficient to eliminate any security concerns.

ericg329 · Answer

While discussing security I tend to break it into two distinct categories. 
 
The first category is business security. This is how an implementation team configures the application in accordance with business requirements (e.g. "User A" can see information on "Record X", but "User B" can not). Business security should be validated through SDLC test procedures and against Appian configuration best practices with tools like Health Check. 
 
The second category is system security. This is how the platform and related infrastructure is configured (e.g. OS patches, server configuration, access controls, etc). By utilizing Appian Cloud, system security is continuously evaluated and updated by the Appian Cloud Engineering team. Documentation of Appian Cloud's security posture is available to customers based on their various needs (i.e. SOC reports, FedRAMP package, etc). 
 
If you have questions on the Appian Cloud security procedures it would be best to coordinate with your Account Executive and the Appian Support team directly.