Have you been keeping up with the latest news about software supply chain attacks? Wondering how you can comply with Executive Order 14028 or the latest NIST guidance on software attestations? In this talk we’ll dive deep into what it takes to build a secure software supply chain. You’ll learn about the Supply-chain Levels for Software Artifacts, build provenance, software attestations, with a demo of a secure pipeline. Attendees will walk away with the knowledge needed to secure their CI/CD pipelines and achieve SLSA build level 3.