Attackers that compromise the software development pipeline can: add malicious code to the software that was built and deployed by that pipeline; access any secrets used by the pipeline ...