This paper documents a series of workflow models to help guide how automated source code analysis can be implemented into an existing development process.

Organizations should implement source code analysis tools as part of the software development life cycle to find and fix the highest number of security issues early in the project. This will result in a higher-quality product and lower overall application life cycle costs.

Countless studies and analyst recommendations suggest the value of improving software security during the development life cycle (SDLC) rather than trying to address security vulnerabilities in software discovered after widespread adoption and deployment.
The earlier in the life cycle that vulnerabilities are discovered, the cheaper they are to address.  For security defects, late-stage costs are often much higher, because in addition to having to remediate the flaws, successful exploits may lead to data theft, sabotage, or other attacks.