Have you Heard of Software Supply Chain Security tools? Are you confused by how many acronyms, concepts, frameworks, and tools exist in the open space? In this session, we will use a practical hands-on guide for securing your software with Open Source tools. Security should be approached in a multilayer way. There is no such thing as 100% secure, but with defense in depth, you can get to a place where your Supply Chain is fortified. This session aims to give you the tools and guidance you need across the entire software lifecycle, from building and packaging your apps to dependencies management and code scanning. We will also look into guidance for establishing trust across the entire software delivery process and ensuring only the things you need to deploy to production get deployed. This session will cover tools like cosign and some other sigstore components, gitsign, kyverno, and policy controllers for Kubernetes.