A key element of successfully integrating security into the DevOps lifecycle is embedding it right from the start. Helping developers and operators build security controls in from day one with easy-to-use open source tooling can make that a reality. This workshop will take a hands-on approach to demonstrate how to install, configure and customize open-source security tools to be used throughout the DevOps process. The workshop will focus on a couple of core tools. Firstly understanding how Trivy can be used to help secure container images, Dockerfiles, Kubernetes manifests, and IaC code such as Terraform. Then the workshop will move on to operationalizing security controls using Starboard to automate the operation of Trivy and other security tools, providing continuous security assurance of workloads and Kubernetes clusters.