Few need convincing that CI/CD is now a perfect way to "Shift Left" security, but not enough thought has been put into integrating such checks into developer workflows without slowing down software delivery. Not all security checks may be appropriate to be run against Pull Requests, and not all stages in a CI/CD pipeline are created equal when it comes to being sure that software passes security and compliance requirements. In this presentation, learn about the concept of differential security checks for streamlined Pull Request workflows, as well as how to evaluate where in a deployment pipeline is best to perform Open Source vulnerability and license validation.