The software supply chain is vulnerable to attacks, with malicious actors able to insert weaknesses into builds through supply chain manipulation. Recent examples include the SolarWinds breach and the Dependency Confusion Attack, which exploits public repositories to inject malicious packages. To defend against this type of attack, it's essential to take back control by minimizing trust, isolating from third parties, restricting publishers, pinning dependencies, using environment segregation, promoting secure builds, and drawing a thread from build to deployment. By doing so, developers can secure their supply chain and prevent similar breaches in the future.