Software isn’t built from scratch, it’s assembled from open-source libraries, tools, build systems, CI/CD pipelines, cloud services, and container images. That makes your software supply chain one of the biggest attack surfaces in your organization. From dependency confusion and malicious npm, NuGet, and pip packages to insecure GitHub Actions and tampered build artifacts, attackers are increasingly targeting the components that developers rely on every day.

In this session, you’ll learn how to secure your supply chain end-to-end using proven tools and practices across GitHub, Azure, and the open-source ecosystem. We’ll dive into GitHub Advanced Security (GHAS), OWASP Dependency-Check, SBOM generation, package signing, secure workflows, artifact provenance, and SLSA-compliant pipelines. You’ll see how to detect vulnerabilities early, lock down your CI/CD pipeline, enforce safe dependency usage, and generate trusted artifacts that your organization and your customers can rely on.

If you build software, this session will show you exactly how to protect your code, your builds, your packages, and your supply chain.

You will learn:

• How attackers target modern software supply chains, and what you must secure first
• How to use GitHub Advanced Security (GHAS) for code scanning, secret scanning, dependency insights, and supply-chain hardening
• How to integrate OWASP Dependency-Check and other vulnerability scanning tools into GitHub Actions or Azure DevOps pipelines