Managing SAP security patches is one thing — but what about the risks hiding in your custom code? In this session, you’ll hear how one organisation built a real-time vulnerability management program across its SAP landscape, including tools to scan for insecure code, monitor misconfigurations, and flag changes before they cause downstream risk. The result was a significant uplift in both visibility and responsiveness — allowing IT and security teams to prioritise real threats and reduce the noise. With many organisations moving toward clean core strategies, this session offers timely insights for those juggling technical debt and modernisation. Key Takeaways: - How to integrate security scanning into existing development workflows - Approaches for identifying and prioritising custom code vulnerabilities - Why clean core initiatives need custom code visibility from the start