You are joking, but there was actually a very popular enterprise SAST tool that used to offer a "cloud" version of their software. It worked by having someone from their team manually download the zip file of your code, run it through their desktop software, and then upload the results back to make them visible in the web portal.
That's a totally valid and useful way to validate an idea. After a few months of manual labor they will have a good idea of how/what to build and if it is even worth building.
It is if you can keep a baseline level of quality uniform across both your customers and each of your customers projects. It's less OK if the human-assisted output is a loss-leader you burn on the pilot project, the first couple projects, or high-profile customers.
There's nothing fundamentally bad about having Oompa Loompa's behind the scenes, as long as you're honest about the outcomes you can provide.
I agree, though: also a very sensible way to prioritize development work.
Unless the lack of real time (or consistent time to) results drives down interest in the cloud version, or instead of driving down interest makes it appear as if people want something different than what they would want if the time to results was consistent/faster.
Still could be worth doing a bit of manual work like this, but it's worth being cautious about drawing conclusions from it.
I know who you're talking about, but also: this is the joke about basically every hosted SAST and DAST tool. I call it the "Oompa Loompa" model of security products.
