Twistlock is a commercial product with build-time and run-time security vulnerability detection and prevention capabilities. These capabilities span protecting VMs, container schedulers and containers to various registries and repositories that applications rely on. Twistlock has helped our teams accelerate development of regulated applications, where application infrastructure and architecture require compliance with, for example, Payment Card Industry (PCI) standards and the Health Insurance Portability and Accountability Act (HIPAA). Our teams have enjoyed the developer experience that Twistlock provides: the ability to run provisioning as code, the easy integration with other common observability platforms, and the out-of-the-box benchmarks to measure the infrastructure against industry-consensus best practices. We run Twistlock with regular runtime scans over our cloud-native applications, particularly when regulatory compliance is required.