An effective application security program to proactively build secure code relies most often on 2 types of automated security testing. A static scan is typically run during the code development cycle where the static code is scanned and through threat modeling and analysis, security flaws are uncovered. A dynamic scan is a scan of the actual code in a working environment and finds vulnerabilities while the code is “in motion” or working, hence the term dynamic. The more out of cycle work required the less the adoption and the success rate of the security code scanning program.”]