Prepare the test data and environment for the security test.
Run the security test in CI, using a separate build from your normal functional testing builds. (This will allow you to run them in parallel.)
If the API passes all its security tests, then deploy it to production; otherwise, fail fast and roll back changes
https://t.co/aCXiM3mu16