The modern automated software development and deployment process automates a lot of build, test, and deployment steps. Where and how should we embed security controls so that they adequately mitigate risks without affecting the velocity of software delivery or introducing toil? In this webinar we first survey the typical deployment pipeline and the threats that we should mitigate, and then propose a reference architecture for embedding security controls. We will conclude with some practical examples of security tools that can be embedded across the software delivery lifecycle.