Explore how to implement and enforce the Open Source Project Security Baseline through cryptographically secure attestations in this 23-minute conference talk. Learn about the development of minimum security requirements designed for open source projects of all sizes, and discover how to create unforgeable compliance evidence using the In-Toto attestation framework and Sigstore transparency log. Understand practical approaches to achieving high compliance levels with OpenSSF family tools, including alternatives for each baseline requirement. Examine how to securely associate attested evidence with repositories, binaries, and container images, and see enforcement examples that gate build and deployment processes when projects fail to meet baseline compliance standards.