2.4 Pipeline Integrity
2.4.2 Ensure all external dependencies used in the build process are locked
Recommended Action
For every external dependency in use in pipelines, lock it.
2.4.6 Ensure pipeline steps produce an SBOM
Recommended Action
For each pipeline, configure it to produce an SBOM on every run.