Shift Left, Measure Right: Assessing the Efficacy of Application Security in the Age of CI/CD