CI/CD pipelines are a critical component of DevSecOps, requiring integration of security practices into the development process. Leaving pipeline security until the end is no longer an option due to the risks of compromising valuable data and client secrets. Implementing role-based access control (RBAC) limits access to different parts of the system, while automated tools scan for vulnerabilities in coding errors or configuration problems. Secrets managers store and manage sensitive data, encrypting it both at rest and in transit. Managing network exposure by shutting down unnecessary ports and features reduces vulnerability to attack. Limiting trust boundaries and minimizing output from commands can also prevent hackers from gaining information about the system. Automated security testing, such as vulnerability scanning with Snyk, can detect issues arising from outdated components or hard-coded secrets in code or scripts. Integrating security testing into a CI/CD pipeline ensures regular checks of RBAC, APIs, and secrets, providing an added layer of protection against potential attacks.