What is security in the software development lifecycle (SDLC)?

Security in the SDLC (Secure SDLC or DevSecOps) integrates security practices throughout every phase of software development rather than treating it as an afterthought. Phases: Requirements: define security requirements, threat model. Design: threat modeling, architecture review, security patterns. Development: secure coding guidelines, IDE security plugins (SAST in editor), code reviews with security focus. Testing: SAST (static analysis — Checkmarx, SonarQube), DAST (dynamic analysis — OWASP ZAP, Burp Suite), SCA (software composition analysis for vulnerable dependencies — Snyk, OWASP Dependency-Check), penetration testing. Deployment: infrastructure security scanning, secrets management (never hardcode secrets). Operations: monitoring, patching, incident response. The "shift left" philosophy: find and fix security issues as early as possible (cheapest in requirements, most expensive in production). DevSecOps automates security checks in CI/CD pipelines.