Application developers are increasingly taking the DevSecOps ethos to heart. They are realizing that security is not just something that gets bolted-on to apps or around networks. Instead, security needs to be built into the applications that they create from the start. While many developers have turned to SAST solutions to identify vulnerabilities such as Log4Shell and Log4j, others rightfully wonder how to protect the code that they write themselves; code that – by definition – contains working examples of how to penetrate the security perimeter that their InfoSec colleagues have put in place.