No new high severity risks
Detect risks before production. Effective supply chain security must eliminate risks as early as possible and stop the bleed, shifting focus to the security backlog.
Implement a zero new hardcoded secrets policy. Mitigate newly pushed secrets in code immediately to prevent secret sprawl.
Identify risks on code push and pull requests to ensure that new vulnerabilities are not added to production environments.