Now developers just need to make sure they secure their code at the pipeline level. Pipeline compromise = package compromise.