SAST: CodeQL transition is ongoing, PRs to add corresponding workflows is ongoing. Veracode license will expire at the end of March, so everyone is encouraged to review their workflows to ensure a timely transition to CodeQL.
DAST: Invicti license will expire at the end of August and already exceeded the website limit. There will be no DAST tool required for the next Quality Gate.
Secret scanning
Gitguardian is currently set up, but Gitleaks is a potential successor.
Testing of Github secret scanning is still in progress.
TRG 8.0 has been published as a draft, adjustments as PR are warmly welcome.