We have learned that we need to trust others, but as our parents used to say - don’t trust strangers. So we secure our production server more than ever. Yet, there is this no-man's land: “the build server”. We think it’s time to take a closer look at some of the good practices around securing builds & artifacts to improve our day to day level of trust. Please note that this talk replaces one entitled "Safe, gated and integrated GitOps for Kubernetes" that was due to have been given by Mohammed Naser, who unfortunately is now unable to present. We wish him a speedy recovery. Development has changed over the years, from doing everything yourself to a 3rd party package for every function. Operations has changed too, running your own servers is now considered an exception. To the cloud! We have learned that we need to trust others, but as our parents used to say - don’t trust strangers. So we secure our production server more than ever. Yet, in the middle sits this no-man's land: “the CI server”. We think it’s time to take a closer look at some of the good practices around securing builds & artifacts to improve our day to day level of trust. With Marked Sherman statement “Development is now assembly” in mind, the talk will focus more on the package/artifact/repository aspect. Less on the app security inside the code itself or at the OS/Machine level.