What strategies do you use to secure a CI/CD pipeline, and how do you integrate static application security testing (SAST) tools?