Security testing and automation help to identify the security issues present in code during development and help to catch the issue before it merges to master or reaches production.
Basically doing a shift left approach to identify and fix issues at the design and development stage.
Some of the tools that help to automate security Testing in CI/CD
SAST – Semgrep
DAST – OSWZAP
Image vulnerability – Trivy
Dependency Upgrade – Dependabot
Vulnerability Management – DefectDojo
Sample Architecture in CI/CD including security automation
