Given the success of open-source software, even small systems have thousands of dependencies, and large enterprises track millions of components, each with unique licensing and the possibility of vulnerabilities. Fortunately, where there is an open-source challenge, there is also an open-source solution. At Lockheed Martin, we're integrating open-source solutions like the Sigstore product suite and TestifySec's Archivista to provide programmatic evidence for how our software is built, including the provenance of dependencies. To get a better understanding of where to start when it comes to securing a supply chain, it’s best to take a deeper look into the problems you’re trying to solve. Our initial focus was providing provenance, pedigree, and integrity of both internally developed software and its dependencies. This talk will go into detail about how open-source products like the ones mentioned above can help provide a more accountable and transparent supply chain for our customers.