Explore the journey of setting up an AppSec pipeline using Docker containers in this 25-minute conference talk from AppSec EU 2017. Discover the challenges faced, solutions implemented, and lessons learned in creating a secure application development workflow. Learn how to combat false positives, leverage existing security products effectively, and minimize disruption to development teams. Gain insights into extending build steps, integrating tools like ZAP and BURP, implementing DAST and reporting, containerizing the process, and addressing issues such as legacy APIs and false negatives. Understand the importance of platform team availability and how to balance security measures with developer productivity.