Developer pipelines expose complicated and often uncharted attack surfaces. This talk will provide security professionals with the knowledge they need to better understand modern development pipelines so they can evaluate and address associated security risks. This knowledge can be used to evaluate the security of their own build pipelines as well as to direct inquiries into software suppliers.