AsyncTrix suggests faster CI/CD pipelines
- AsyncTrix urged developers to split CI/CD pipelines so builds, linting and unit tests block merges first, while slower security scans run separately. - The post framed long scans as a feedback problem: fast checks should return in minutes, while heavier analysis can report later. - GitHub and GitLab both support required checks and separate security workflows, making the pattern practical. (docs.github.com) (docs.gitlab.com)
A CI/CD pipeline is the automated assembly line that builds code, runs tests and decides whether a change can merge or deploy. AsyncTrix argued teams should stop making every check wait in the same line. (sotwe.com) The recommendation was to keep fast checks — builds, linting and unit tests — in the blocking path for pull requests and commits. He said heavier jobs such as security scans and deep analysis should run asynchronously instead of holding up every change. (sotwe.com) That split changes what developers feel first. A failing unit test can come back in minutes, while a slower scanner can finish later and still open an alert, fail a separate policy, or block deployment downstream. (docs.github.com) (docs.gitlab.com) GitHub’s model fits that setup because repositories can require specific status checks on protected branches before a pull request merges. Jobs can also run in parallel, and teams can cache dependencies to cut repeat work. (docs.github.com 1) (docs.github.com 2) (docs.github.com 3) GitLab supports a similar separation. Merge request pipelines can run developer-facing checks, while scan execution policies and scheduled policies can enforce security scans across projects without tying every scan to every branch push. (docs.gitlab.com 1) (docs.gitlab.com 2) This is not the same as dropping security work. GitHub says code-scanning results can be configured as required checks for protected branches, and GitLab says security scans can be enforced by policy inside pipelines or on a schedule. (docs.github.com) (docs.gitlab.com) The tradeoff is where teams place the gate. Fast checks protect the developer feedback loop at commit time, while slower scans can gate promotion to staging or production, or trigger approvals when they find a problem. (docs.github.com) (docs.gitlab.com) AsyncTrix’s advice lands as more teams try to shorten pipeline times without weakening controls. The pitch is simple: keep the shortest checks closest to the code change, and move the longest checks to a later, still-enforced stage. (sotwe.com)
