I want my devops to be focused elsewhere but on the other hand the CI/CD pipeline has permissions to access and do many things in very sensitive places.
Specifically we use gitlab & jenkins.
I know there are "best practices" documents for how to secure , but are there tools to monitor, offer compliance checks etc?<p>Thanks!