Security is often addressed as an afterthought when critical issues appear, or is left to security professionals. However, you don’t have to be an expert in application security to make your workloads more robust. In this presentation, Anais will showcase how developers can implement security scanning into their existing development processes. Security Scanning can be performed across the entire development lifecycle. The first hurdle is choosing a tool. Thus, we will start discussing some of the popular open source tools available and then use Trivy, an all-in-one open source security scanner, to scan filesystems, containers, and infrastructure as Code manifests. This presentation provides several hands-on examples that you can easily follow.