Explore the intersection of software supply chain security and Infrastructure as Code (IaC) in this informative conference talk. Delve into the risks associated with reusing IaC snippets and templates, such as HELM charts, and learn how these practices can make infrastructure vulnerable to similar issues found in software packages and dependencies. Discover the open-source project KICS (Keep Infrastructure as Code Secure) and its role in addressing these challenges. Examine the potential future risks in the IaC world and their impact on lower levels of the software stack. Gain insights into leveraging IaC scanning to mitigate software supply chain problems in infrastructure. Explore topics including container supply chain security, the importance of metadata, distroless containers, reproducible builds, and signature verification. Learn about securing container creation and key takeaways for maintaining a robust and secure IaC environment.