As organizations move to cloud-native application development to meet business demands with greater productivity and innovation, security teams need to adapt their application security strategies to support modern development processes. Developers’ increased usage of infrastructure-as-code (IaC) to provision their own cloud infrastructure and the availability of open source software (OSS) enable them to efficiently build, release, and update their software. Security teams need to ensure that they have the right security processes and controls in place to support these key components of cloud-native software and to effectively manage risk as development scales.