SAST & DAST Pipeline Integration

Overview

Integrated SAST and DAST tools into CI/CD pipelines to encourage continuous security testing across the software development lifecycle. Automated dependency scanning, code analysis, and dynamic application testing during build and deployment stages. Provided options to block high-severity vulnerabilities and generate developer-friendly remediation guidance.

Role

Director and lead security developer, with production pipelines operated by the DevSecOps team.

Impact

Reduced security defect discovery in production by 45%, enabled shift-left adoption of security testing, and standardized AppSec practices across multiple engineering teams. Increased developer confidence and velocity by embedding security checks directly into pipelines with minimal manual gates.

Technologies, Frameworks, and Artifacts

• Semgrep
• SonarQube
• Tenable
• Burp Suite Enterprise
• OWASP ZAP
• GitHub Actions and Tekton CI/CD