I’ve come from an SRE/security background and moved into software. One glaring problem is that the security fire hose is ALWAYS on and they provide unhelpful reports. We have to hunt in the code for something that may or may not match the report findings. Then security confirms 4 weeks later whether or not the scanner found that the issue was fixed. A huge waste of time, I'm currently looking at tools that provide how and where to fix these problems.