In my role I regularly have conversations with customers who want to enforce security and governance best practices while providing developers the flexibility and agility they need to innovate quickly. As you embrace https://aws.amazon.com/what-is/devsecops/, you likely seek to balance governance and agility in your https://aws.amazon.com/solutions/app-development/ci-cd/& pipeline.
Security teams define best practices for the incorporation of security controls throughout the process.
Rather than performing manual security reviews, the security team defines automated controls and ensures they are implemented in the pipeline, often created by the platform engineers.
The platform engineers create the pipeline, including a build action defining security controls.