Most corporations are adopting a DevSecOps approach - by maximising automation and trying to reduce manual intervention as much as possible.

In continuous delivery environment , most companies dont have the resources and probably not possible to have a team out of project to proceed with security test in a continuous delivery approach.

When looking for a solution , here are the requirements that you should focus on :

Detection of application code vulnerabilities:

1. Cover the entire application
2. Be able to set security rules
3. Ability to perform incremental scans
4. Acceptable false positive rate
5. Detection must not impact application performance
6. anonymization of the name of the applications for the vulnerabilities reported

Automation of detection:

1.   Integration with Continuous delivery platforms (example: Concourse, Jenkins)
2.   Build in case of discovery of vulnerabilities

Reporting:

1.   Integrate with bug management tools
2.   Raising indicators specific to each application in a portal

Dont build i think its a mistake, the market is moving towards solutions that are SaaS and most of these companies are building a blackbox type of security solution, buy a market solution and integrate it

here is a starter list:

1) Veracode https://www.veracode.com/

2) Checkmarx https://www.checkmarx.com/

3) IBM AppScan Entreprise https://www.ibm.com/security/solutions

4) Contrast Security Assess https://www.contrastsecurity.com/interactive-application-security-testing-iast