For many companies, security is only done at the edges. Today, there is a movement to shift security left and requiring source code to be more secure. Where companies want to go is an extension of the platform engineering team where tools, automation and processes have security best practices baked in. This allows companies to gain confidence that that once the source code is packaged and deployed they know that everything like InfraAsCode, artifact, APIs, deployment environments are compliant and secure. In this session, we will look at how projects like SLSA, Duffel, SAST, DAST and others play a critical role to your DevOps maturity.