This is where the source code is taken and compiled into build code. At this point, it's good to look at vulnerability scanning against the build software.
Software Composition Analysis (SCA) - Checks Open Source components against known vulnerabilities
Dynamic Application Security Testing (DAST) - Vulnerability scanners run on completed (compiled) code