This whitepaper addresses questions raised by security leaders that want to better understand their organization’s development environments, the risks development tools expose and the best practices and approaches for securing them. Three critical use cases are examined which address how security leaders can secure developer endpoints, the applications being developed, as well as the tool and admin consoles used to run CI/CD pipelines and development environments. Each provide best practices and practical steps, including how to achieve developer adoption, and are based on customer and deployment examples.