The Secure Supply Chain Consumption Framework (S2C2F) is a practical guide to securing the consumption of Open Source Software (OSS), providing eight core principles and four maturity levels to help organizations improve their security posture when using OSS. The framework emphasizes the importance of knowing your OSS, preventing vulnerable package introductions, and maintaining robust patch management. S2C2F can effectively counter various real-world attacks targeting OSS, including known vulnerabilities, maintainers-based threats, public upstream-based threats, and others. Cloudsmith, a platform that aligns with S2C2F principles, can help organizations implement the framework by providing features such as artifact repository management, package scanning, policy management, and more. By following S2C2F and utilizing Cloudsmith's tools, organizations can elevate their security posture and mitigate against OSS-related attacks.