This summary provides an overview of finding and fixing vulnerabilities in software supply chains, particularly with regards to open source dependencies and container images. To find vulnerabilities, tools such as Snyk can be used to scan for occurrences of vulnerable libraries and packages, including scanning source code repositories and container image registries. A centralized view of the entire ecosystem is crucial in identifying where vulnerabilities exist. Once identified, fixing vulnerabilities often involves waiting for updates from vendors or project maintainers. Tools like Snyk Container can help navigate image dependency trees to find better base images, enabling more secure builds. The process also requires preparation and communication to address vulnerabilities effectively.