You probably heard of security automation as it’s a hot topic at the moment. Adding security checks in your CI/CD pipeline is great! But how to deal with the delays caused by this tooling? What about the developers that hate it when the pipeline is red due to false positives? And how do you secure the pipeline itself? These are all questions that need to be addressed to make sure that the automation becomes sustainable.