Security is a major focus area in the software development lifecycle. With the advent of zero trust and defense in depth architectures, security concepts like secure coding practices, vulnerability scanning, etc. need to be incorporated from the initial stages of the software development cycle. There are several security tools that can make the task of applying security concepts easier for software developers, and these tools can also be incorporated into the CI/CD pipelines for continuous application of security concepts.
These security tools can be used at various stages in CI/CD pipelines to get the best results. This presentation will cover a comprehensive survey of various security tools and depict graphically at what stage in the CI/CD pipeline these tools can be used for the best results. Using Venn diagrams, it would also be depicted what are the similar and different features of the tool when multiple tools are applicable for a given stage of the CI/CD pipeline.