Application security testing as part of the pipeline

Created by: chayim

At the very least enable https://cloud.google.com/security-scanner/ and test per release DAST (Dynamic Application Security Testing) SAST (Static Application Security Testing) Issue: We need visibility into the relative quality of our code. There is low hanging fruit, and real issues (i.e. security issue #74 (closed)) that would be found by tools like SonarQube at the very least and higher quality tool such as Fortify.