Explore the implementation of the Sigstore ecosystem in a corporate environment to enhance software artifact integrity and mitigate supply chain attacks. This conference talk delves into the challenges and solutions encountered while adopting Sigstore tooling across cloud-native, self-hosted, and on-premise environments. Learn about the trade-offs between self-hosting and using public instances of Rekor and Fulcio, implementing keyless commit signatures with gitsign, developing verification methodologies, utilizing SPIFFE/SPIRE for ephemeral build workload identities, and leveraging OIDC tokens for keyless signatures in various build environments. Gain valuable insights into the road to SLSA4 compliance and discover practical approaches to strengthen your organization's software supply chain security.