Explore the comprehensive security and compliance services available to CNCF projects through this conference talk delivered by Evan Anderson from Custcodian and Brandt Keller from Defense Unicorns. Learn about the various sub-projects and initiatives maintained by TAG Security and Compliance that help projects enhance their security posture and minimize vulnerability risks. Discover the distinction between mandatory services required for CNCF lifecycle graduation, such as joint security assessments, and optional advisory services that inform policy recommendations. Gain practical insights into complementary security tools including LF code audits, OpenSSF Scorecard, and Best Practices Badge, while understanding the optimal timing for engaging with each service and the specific benefits they provide to project maintainers and community members seeking to mature their security practices.