Which DevSecOps practice involves automatically scanning source code for security vulnerabilities during the CI/CD pipeline without executing the code?