Security is often implemented through bolt-on assessments including periodic testing that only happens once in a release or even annually. Manual security processes can no longer keep up in today's fast paced world of agile development, devops and constant vulnerabilities. DevSecOps, or Security as Code, is an approach that allows security staff to multiply resources and increase agility and speed. Executed properly it also provides the audit trail necessary to demonstrate control even in the most rigorous regulatory environments. This session will explore this approach in the context of regulated medical device software. We'll explore the integration of Software Composition Analysis (3rd Party Open Source Libraries), Static Source Code Analysis, Dynamic Testing along with automated verification leveraged to reduce the risk of security failures in development and post-market/production operations.