### Background Customers managing CI components face significant challenges in both security and governance. They need more control over who can publish components to their CI/CD Catalog to ensure better security and prevent harmful or outdated components from entering their pipelines. Additionally, they struggle with ensuring the integrity and safety of components, as vulnerabilities, tampering, and poor security practices in third-party or internal components expose their CI/CD workflows to risks. ### Key features This epic is divded into 2 sub-epics [Secure](https://gitlab.com/groups/gitlab-org/-/epics/15112) & [Govern](https://gitlab.com/groups/gitlab-org/-/epics/15113)