Code testing is a crucial part of the shift-left strategy in DevSecOps, aiming to include security from the very beginning and find problems as early as possible. Automated and manual code testing are important for reducing risks specific to each organization. Key aspects of code testing include source code versioning, standards and code reviews, lint scanning, SAST (Static Application Security Testing), secrets scanning, IaC (Infrastructure as Code) scanning and policy as code, container image scanning, and SCA (Software Composition Analysis). Implementing these aspects requires a balance between automated and manual approaches. Prioritization is essential when implementing security measures, with a recommended approach being to start with source code versioning, followed by standards and code reviews, linting, and then moving on to more advanced tools like SAST, secrets scanning, IaC scanning, container image scanning, and finally SCA.