Your CI/CD environment is secure when it uses a GitOps continuous integration (CI)/continuous delivery (CD) pipeline combined with good security practices, which improves the overall security of your development workflow to Kubernetes. A typical CI/CD pipeline may have direct access to the container image repository and production cluster, violating Open Web Application Security Project (OWASP) principles like Principle of Least Privilege and Separation of Duties. Adopting a GitOps approach addresses these issues by running a reconciliation operator from within the cluster itself, eliminating credential leakage and minimizing privileged access. This reduces security risk and emphasizes the need for good security in your code repository. To further secure your CI/CD pipeline, consider adding security testing to your PRs, statically analyzing your repo with Snyk, never storing credentials as code/config, tightly controlling access, and creating a SECURITY.md file.