The topic of software supply chain security has become mainstream today. Everyone is talking about it, but not a lot of folks know what to do about it. In this talk, I aim to showcase some actionable tips, tools, and techniques towards improved security postures for those working on cloud native technologies.

Specifically, I aim to cover information about securing repos, improved build processes, CI/CD security, SBOM generation, and runtime protection for applications running on Kubernetes.