Healthcare cloud systems must satisfy strict security and compliance controls while operating under constrained budgets. Traditional DevSecOps pipelines improve delivery velocity but often treat cost governance and supply-chain assurance as separate concerns, leaving gaps in artifact traceability, dependency risk visibility, and budget enforcement. This paper proposes a FinOps-aware DevSecOps pipeline for healthcare workloads that integrates software bill of materials (SBOM) generation, SLSA-aligned supply-chain assurance checkpoints, and policy-as-code gates that jointly enforce security, compliance, and cost guardrails from build to deployment. The approach emphasizes auditable evidence, artifact integrity, and continuous validation to reduce release risk and cost drift without undermining delivery performance.