What testing and checklist do you follow before moving new code to production?
Before deploying new code to a production environment, what security testing, validation steps, and checklist items do you usually follow?
I'm interested in understanding industry best practices for secure deployments. Specifically:
What security tests do you perform before production release?
Do you conduct SAST, DAST, or penetration testing for every release?
How do you handle dependency and vulnerability scanning?
What infrastructure and configuration checks do you perform?
What IAM, secrets management, and access control validations are included in your checklist?
How do you verify logging, monitoring, and alerting before go-live?
Do you have a formal security sign-off or approval process?