You own a service that exposes internal APIs and handles operational customer data. Your team ships frequently through a CI/CD pipeline, pulls open-source dependencies, stores build artifacts, and deploys to a Kubernetes-based runtime. A recent near-miss showed that a vulnerable dependency and an overly broad deployment credential could have reached production without being detected early.
How do you ensure the security and integrity of the software you develop from commit through deployment and runtime? Be explicit about the controls you would put in place, which threats they mitigate, and how you would verify that those controls are actually working.