Software supply chain threats are real! As more developers and companies rely on open-source code - that anyone can contribute to, including attackers - this opens the door to a new vector of attack. There are increasing supply chain compromises which successfully sneak in new backdoored packages, use typosquatting, or even compromise build tooling and signing keys. What’s actually happening in the wild, how do you determine your dependencies, and properly secure yourself?

We’ll first …