Once the SDLC reached the development phase, code starts to be generated. That means that the ability to control the version of the software or component that your team is working on, combined with check-in/check-out functionality and revision histories, is a necessary and powerful tool when developing software.
The question refers to a "new" product so I believe that is key. However, it also makes it seem that it is about the development of a product that could be in production.
Regression testing focuses on testing to ensure that changes that have been made do not create new issues, and ensure that no new vulnerabilities, misconfigurations, or other issues have been introduced.
A code review is a process that involves examining and evaluating the source code of a software application or system for security deficiencies, errors, bugs, or vulnerabilities. A code review can help improve the quality and security of the software product by identifying and fixing issues before they become operational problems. A code review is part of the evaluation and validation of a new product’s security capabilities. User acceptance testing, stress testing, or security regression testing are other types of testing that can be used to evaluate and validate a new product’s security capabilities, but they do not involve reviewing design changes at specific intervals for security deficiencies. Reference: https://www.synopsys.com/blogs/software-security/code-review/
