Continuous SQL injection testing

You could script up example based testing pretty easily. With a sample request, sqlmap can do the rest. The only thing it doesnt do by default I believe is path paramters, but that as well could be incorporated into your script. The issue with this is that it will exponentially increase the amount of time it takes for unit tests to run and is generally not done this way because of that. Its up to you and your developers to determine if time added is acceptable. In my experience, it generally isn’t. You could also build somethig out that launches sql map in a separate thread, for example, when something is deployed to stage, and alert security if something is found. This way it wouldnt block your build. Example based testing would be the answer to your question though.