How would you secure first- and third-party software supply chains from the dev environment through CI/CD and into production at Discord?