Most projects barely scratch the surface when it comes to security in CI pipelines — if they implement it at all. I wanted more than just a checkbox. I wanted source code analysis, dependency scanning, and centralized vulnerability tracking through DefectDojo.