Today we are talking a lot about security, data protection, prvacy, but we are forget one pretty important stuff, a secure code. Normally most of IT professionals or security experts expect attack from outside. But what if the real enemy is our code? Many times we see that someone from developers forget to delete credentials from code, or just hard-code passwords, database endpoints, etc. From security perspective its very hard to detect it if app is already deployed.. In this session I would like to present how Endava integrate security into our CI/CD pipelines and how it help us to identify security issues.