Learn about implementing robust security practices for open-source serverless platforms in this 19-minute conference talk from OpenSSF. Explore the implementation of SLSA specifications in Fission, a Kubernetes-based serverless framework, to combat software supply chain attacks. Discover practical approaches to reproducible builds, signed artifacts, and secure dependency management that protect against compromised builds and unauthorized modifications. Through code examples, examine how to integrate security practices into CI/CD pipelines, including automated security scanning, verification pipelines, and base image security. Gain insights from real-world experiences, implementation challenges, and key lessons learned while securing a globally-used open-source platform.