Heard of Software Supply Chain Security tools? Are you confused by how many acronyms, concepts, frameworks and tools exist in the open space? In this session we will go throughout a practical hands on guide for securing your software with Open Source tools. Security should be approached in a multilayer way. There is no such a thing as 100% secure but with defense in depth you can get to a place where your Supply Chain is fortified. This is the goal of this session, to give you the tools and guidance you need across the entire lifecycle of Software, from building and packaging your apps, to dependencies management and code scanning. We will also look into guidance for establishing trust across the entire process of software delivery and ensuring only the things you need to deploy to production actually get deployed. In this session we will cover tools like cosign and some other sigstore components, gitsign, kyverno and policy controllers for kubernetes.