Integrating security tools and processes in CI/CD pipelines