Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. The financial industry is not immune to these attacks and now more than ever they need to be working harder to prevent potential attacks. The question then becomes how do you protect your DevOps pipeline?

This is a problem that projects in foundations like the Continuous Delivery Foundation (CDF), OpenSSF, CNCF and OWASP are working to solve.. To help ensure a secure SDLC, these vendor neutral, developer focused communities are investing in projects that provide security solutions. This talk will highlight the importance of securing your software supply chain at the source and how technologists all around the globe are working to solve this problem.