Organizations are increasingly under threat from attacks on their software supply chains, making it crucial to implement robust security practices. The complexity of modern application development, involving global teams and numerous open-source dependencies, heightens the challenge of securing these supply chains. Best practices include considering all aspects of the software supply chain, such as code repositories and CI/CD tools, and ensuring security controls are in place. The use of Software Bills of Materials (SBOMs) is essential for managing zero-day vulnerabilities by providing detailed inventories of software components. Governance through policy-as-code helps enforce security and compliance by establishing clear guidelines and guardrails. The Supply Chain Levels for Software Artifacts (SLSA) framework aids in verifying the trustworthiness of software artifacts by ensuring the provenance of software components. Despite the challenges, organizations are making progress with DevSecOps practices, although many are still in the early stages of development.