I want to get something straight: you do not need to put a dynamic scanning tool into your CI/CD pipeline in order to do DevSecOps properly. You don't even necessarily need to use automated dynamic analysis at all, to be doing DevSecOps. I do regular consulting via IANs Research and quite often I find myself…
You Do Not Need to do DAST in a Pipeline to do DevSecOps
