Document tools used for 

• Static and dynamic vulnerabilities in source code and binary depenedncies
• Penetration testing
• Security hardening
• ...