Software supply chain attacks are top of mind and with good reason. Not only are these attacks extremely high profile but they can cause lasting damage. Dealing with the SolarWinds attack and the Log4Shell vulnerability still brings up difficult memories long after the initial incidents. To detect these attacks and defend against them, organizations can scan first-party code, third-party components, containers, and other pipeline tools that manage the code-to-cloud process. Another tactic, recently mandated by the U.S. federal government, is the software bill of materials. SBOMs itemize the components embedded within code, allowing users and consumers of these applications and software packages to track potential exposure to existing and not-yet-discovered vulnerabilities within those components. There are also runtime application security defenses that can detect and block attacks.