Teams are continuously trying to improve their tools, methodologies and processes, and this is where DevOps has sprouted from, the combination of software development and systems operations to make sure that software development is not done in a vacuum, but in combination with the teams that operate these systems in the real-world.

The next step in this improvement of software development methods is DevSecOps, where Security is included as a critical part of the development process. The realization here is that a security failure is the same, or worse, as a quality failure. Defects in fielded product impact the bottom line as well as company reputation. It is even worse, if a review after the fact determines that these defects could have easily be avoided.

This paper takes a look at the role of static application security testing tools (SAST) and in particular GrammaTech CodeSonar and how it can be used in DevSecOps and continuous development pipelines to improve quality and security and ultimately, make teams more competitive in getting market leading solutions out the door quicker.