Interview Guides

You're reviewing how application and data pipeline changes move from commit to production. The team wants a clear approach for protecting the pipeline from poisoned packages, untrusted build steps, and tampered artifacts.
How would you secure a continuous integration and continuous deployment (CI/CD) pipeline against dependency confusion and malicious code injection?