DevSecOps

When to Use

• Add or harden SAST, SCA, secrets, IaC, DAST, or container scans in CI/CD
• Configure protected-branch security gates, artifact signing, SBOMs, provenance, or OIDC federation
• Triage pipeline security findings and define remediation SLAs or exception workflows
• Secure GitHub Actions, GitLab CI, build containers, registries, and deployment credentials
• Map delivery artifacts to SOC 2, ISO 27001, SSDF, or supply-chain evidence requirements

When NOT to Use