Per CodeDx, organizations can ensure the security of their CI/CD pipeline with relative ease so long as they’ve followed the best practices for DevSecOps. They should specifically require authentication for anyone to push changes to the CI/CD pipeline, implement login tracking and confirm that builds reside on secure servers only.
In contrast to security of the pipeline, security in the pipeline is a bit more involved. Organizations should focus on several best practices like SAST, peer code reviewes, unit testing, functional security testing, security automation.