Learn about Witness, an open-source modular framework for supply chain security, in this 23-minute conference talk. Explore how Witness creates collections of attestations bound to the CI process, providing trusted sectors for policy enforcement. Discover the Witness trust model and its integration with cloud-native security tools like rekor, spire, cosign, and Kubernetes. Gain insights into SLSA Level 4 providence requirements, signer support, cryptographic document support, and policy verification. Examine use cases such as ensuring builds on approved infrastructure, verifying SAST testing, and handling upstream build system compromises. Watch a demonstration of implementing SLSA 3 for a major project using SPIRE.