Applications and systems today often follow an automated and repeatable flow from the developers to the infrastructure where they run. This allows organizations to scale their development velocity and innovation. When done right this ensures that all applications are secure and verifiable, but if done insecurely the only thing that's been scaled is our attack surface. In this talk we will discuss how to apply threat modeling to CI/CD to achieve better developer satisfaction and security.