You can do exactly that. Just run your end-to-end tests within a testing environment instrumented with the IAST agents and stop the pipeline if the IAST agents report any security violation. At least it is as I understood it.

IAST solutions usually have powerful APIs so you can integrate them with CI/CD, ASOC, etc. You should be able to configure pipeline gates that depend on the findings of the IAST tool.

I would like to know iast tools that can I use in my cicd pipeline

@@danilaors seeker IAST

@@danilaors Contrast has a very strong product. Ask your Performance Mgmt / Site Reliability / Operations teams if your company is already using Dynatrace for observability. There's Passive IAST, Runtime SCA, and RASP features in there that can be activated with zero install / configuration / maintenance if already there for observability.