Explore the critical aspects of software supply chain security in Infrastructure as Code (IaC) and learn effective strategies to mitigate risks. Delve into the KICS (Keep Infrastructure as Code Secure) open-source project and its role in enhancing IaC security. Examine the parallels between IaC vulnerabilities and software package dependencies, highlighting the importance of scrutinizing reused Docker files, HELM charts, and container sources. Gain insights into emerging risks in the IaC world and their potential impact on lower levels of the software stack. Discover how to leverage IaC scanning techniques to prevent software supply chain issues in your infrastructure. Cover key topics including software security, container supply chain, typosquatting, metadata importance, distroless containers, reproducibility, and secure container creation practices.