A continuous integration/continuous delivery (CI/CD) pipeline is an agile workflow that automates the build, test, and deploy cycles of application delivery. While automated deployment cycles enable developers to release new features and updates rapidly, CI/CD pipelines are commonly targeted by attackers who are looking to exploit vulnerabilities and inject malicious code into application workflows. A compromised pipeline often has severe consequences, such as an attacker gaining access to sensitive data and even controlling the release of new software versions.In this Refcard, we discuss the key aspects and challenges of securing CI/CD pipelines as well as the fundamental steps to administer security on CI/CD pipelines.