Building a secure software supply chain is no easy feat. SolarWinds showed us that even the experts have a difficult time. This talk gives an overview of what's required, including ingesting external dependencies, attestation of the build infrastructure, signing artifacts, SBoMs, reproducible builds, and admission controllers. We'll also look at some of the key projects in this space being developed within the CNCF and Linux Foundation.