To strengthen application and infrastructure security, I integrated multiple security tools and practices into the CI/CD pipeline. I implemented SAST (Static Application Security Testing) using tools like Snyk, SonarQube, and Docker Scout to scan source code, container images, and dependencies for vulnerabilities before deployment.

I also introduced secret management using Vault and Consul, ensuring sensitive credentials are injected dynamically and securely at runtime. In addition, I configured WAF (Web Application Firewall) and API security scanning during staging and pre-production phases to detect exposure risks through DAST (Dynamic Application Security Testing).

All vulnerability findings were automatically pushed into DefectDojo and tracked via Jira for remediation. This end-to-end security integration allowed us to catch issues early in the pipeline, reduce security debt, and ensure compliance across our environments.