Improving software supply chain security is quickly becoming a necessary endeavor. New government regulations mandate things like Software Bill of Materials (SBOMs) and compliance frameworks are adding requirements that necessitate hardening the software supply chain. In this talk I'll walk you through standing up your own automated governance infrastructure. You'll learn how to use software attestations, policy as code, and tools like OpenSearch to improve your software supply chain security. This talk is based on the work that we've done on behalf of several of our customers.