Secret scanners such as Gitleaks and Trufflehog3 (a fork from Trufflehog specifically for DefectDojo) are used to detect sensitive data that may have been inadvertently committed to version control or shared in other ways.
Code dependency scanners such as Trivy are used to detect security vulnerabilities in code dependencies used by the application.
Image dependency scanners such as Trivy and Grype are used to detect vulnerabilities in Docker images built from public scanners.
Dynamic scanners like Arachni and OWASP ZAP are used to test the application for vulnerabilities while it is running.
Infrastructure scanners like Subfinder and Nuclei are used to scan the infrastructure components like domains and servers for vulnerabilities and security issues.
All these checks are run in transparent mode and don't affect your build/deploy time.