Automating and securing your CI/CD-pipeline is an important step in creating efficient teams while maintaining a state of comfort amongst the developers by protecting the production environment with tests and tools. Some functionality requires relatively expensive subscriptions or enterprise level features, but there are a lot of recommendations and best practices that you could and should consider already available in the basic configuration. Let's threat model your CI/CD pipeline to identify threats, mitigations and verifications.