You can hook traditional SAST into your coding tool, and get cheap-ish realtime detection for some classes of vulns while coding.

You can optionally layer LLM diff scanning if you want to burn some tokens on your tokens. Modern tools can catch some impressively subtle issues.