I'd say that continuous integration testing is quite a different thing from penetration testing. I have seen where security testing has been built into testing on a regular basis and I think it's valuable when done as part of the development and build process rather than after the fact. Trying to do testing after the fact isn't as helpful and the more security is built into the development process, the better off everyone is. Earlier reporting of issues allows for more rapid fixing. Ideally, before the ship rather than in a patch afterwards.
I don't think I'd refer to that as penetration testing but after every sprint, I would strongly recommend adding in a variety of security testing to whatever other testing you are doing. Anomaly testing is really good. Boundary testing in a serious way, rather than just testing the programmer's assumptions. Input validation. Lots and lots of input validation, including using anomaly testing.
Tongue wrestling. It's not what you think. And here, take this tiny ad. You'll need it.
Free, earth friendly heat - from the CodeRanch trailboss