In short, it represents a portable, often vendor-neutral reference for embedding security throughout the software development lifecycle (SDLC).
When code is committed and built, automated scanning takes over. devsecops pdf
