Rohit Sehgal, a Staff Security Engineer at Gojek, highlights the potential risks associated with forgotten Jenkins credentials, which can lead to the complete compromise of a software supply chain. Through a case study in Security Zines, he explains the importance of understanding what a Jenkins pipeline and CI/CD are, discusses why credentials are necessary, and outlines the problems they can present. The article also provides insights into protecting software supply chains, referencing recent incidents like the Codecov breach, and emphasizes best practices for securing CI pipelines to prevent supply chain attacks. Additionally, it points readers to further resources on supply chain security and encourages sharing the information to raise awareness.