Explain how you would secure an enterprise CI/CD pipeline against supply chain attacks and credential leakage.