LinkedIn has revamped its Static Application Security Testing (SAST) capabilities to enhance security while maintaining developer efficiency. The previous SAST setup was fragmented, consisting of various bespoke tools that complicated maintenance and rule integration. By moving to GitHub and leveraging CodeQL and Semgrep scanners, LinkedIn developed a more cohesive pipeline that scales effectively across millions of lines of code and tens of thousands of repositories. Key design principles guided this modernization: prioritizing developer experience, allowing self-service integration for teams, ensuring resilience against pipeline failures, and enhancing observability. The team faced challenges with GitHub's default setups, which did not align with LinkedIn's complex build processes or observability goals. As a result, they crafted a custom GitHub Actions Workflow that dynamically processes rules, enriches results with relevant metadata, and includes metrics collection for performance insights. To deploy the updated workflows efficiently across many repositories, LinkedIn implemented a stub workflow strategy. Instead of pushing the entire SAST workflow to each repository, a lightweight stub calls the central workflow, allowing for seamless updates. Additionally, a Drift Management System checks repository compliance with the latest stub workflow, ensuring consistency. This proactive approach addresses the challenge of keeping security measures current across all of LinkedIn’s repositories, particularly for new ones that would initially lack the workflow.