This conference talk explores how to protect your software supply chain using the in-toto framework, presented by Alan Chung Ma from Keytos and Justin Cappos from New York University. Learn about the framework's two key capabilities: cryptographically attesting steps throughout the supply chain and enforcing policies that govern relationships between attestations. The 33-minute presentation provides an introduction for newcomers to in-toto while offering a comprehensive overview of progress made across all subprojects and working groups. Discover practical approaches to securing your development pipeline and ensuring software integrity from development through deployment.