How Do You Integrate Security into the SDLC? (Researching Developer & DevOps Workflows)
Hey everyone! I’m currently doing some research into how developers and DevOps teams handle application security across the software development lifecycle (SDLC) — from design to deployment. The goal is to better understand what real-world teams are doing when it comes to: Security Across These Phases: Design phase (do you do threat modeling?) Development/code review (do you run SAST? Get auto-fix suggestions?) Testing phase (any dynamic/DAST tools, custom logic testing?) Deployment phase (cloud config checks, misconfig detection?) What I’d Love to Learn: How do you currently integrate security into your SDLC? Do security tools slow you down or help you move faster? Do you actually use the auto-fix/code suggestions from tools? What’s the most frustrating thing about your current AppSec setup? Why I’m Asking: I'm exploring smarter ways to automate and simplify security across the SDLC — especially for teams without full-time AppSec engineers. But rather than guess, I want to hear how you work: What’s working? What’s missing? What would make AppSec feel less like a chore? Drop a comment below, or DM me if you're open to a short async chat. Any feedback — even one sentence — helps. Thanks for sharing your experience
Hey everyone!
I’m currently doing some research into how developers and DevOps teams handle application security across the software development lifecycle (SDLC) — from design to deployment.
The goal is to better understand what real-world teams are doing when it comes to:
Security Across These Phases:
Design phase (do you do threat modeling?)
Development/code review (do you run SAST? Get auto-fix suggestions?)
Testing phase (any dynamic/DAST tools, custom logic testing?)
Deployment phase (cloud config checks, misconfig detection?)
What I’d Love to Learn:
How do you currently integrate security into your SDLC?
Do security tools slow you down or help you move faster?
Do you actually use the auto-fix/code suggestions from tools?
What’s the most frustrating thing about your current AppSec setup?
Why I’m Asking:
I'm exploring smarter ways to automate and simplify security across the SDLC — especially for teams without full-time AppSec engineers.
But rather than guess, I want to hear how you work:
What’s working?
What’s missing?
What would make AppSec feel less like a chore?
Drop a comment below, or DM me if you're open to a short async chat.
Any feedback — even one sentence — helps.
Thanks for sharing your experience
