"We'll see about security later, we'll put it into production first and then we'll think about it later", how many times have we heard this sentence? Modern CI/CD tools offer more and more functionalities around security, yet this aspect is very often neglected, considered complex, rigid, too expensive, ... Dream or reality? Achievable or utopian? Affordable or expensive? Many questions asked when the ghost of security appears. I have a dream, to show that this ghost is called Casper and he's our best friend. I propose concrete and unadorned feedback of a CI/CD project where security became an ally, not an enemy. How few tools allowed to secure deployments without it being a burden for the dev teams. We'll talk about vulnerability scanning, consistency checking and a few tips and tricks. Dream or reality? Let's find out together :)