Two models for running automated security tests in a CI/CD pipeline: either blocking or parallel security tests
Integration depends on the level of cultural integration of security into DevOps.
3 Models of test ownership:
1. Owned by Security team - least desirable
2. Owned by DevOps, overseen by security - better
3. Owned by SecDevOps, look Ma, no silos.
Overview of BDD-Security
Configuring Jenkins with BDD-Security as inline tests