Why implementing security as code is important for DevSecOps