So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. We will introduce a practical, risk-based, PCI aligned approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. This approach will allow Engineering, Security and Internal Audit to ship product with confidence. Finally, we will touch on the concepts of Interactive Analysis (IAST) and Runtime Protection (RASP) as key tools in this approach.