Explore the Yocto Project's approach to software supply chain management in this 32-minute conference talk by Joshua Watt from Garmin. Delve into the importance of software supply chains and learn how Yocto Project addresses key concerns. Discover the process of building images from source code, understand the concept of Software Bill of Materials (SBOM), and examine recipe metadata and SBOM relationships. Gain insights into enabling SPDX generation and future improvements in the pipeline. Investigate the significance of reproducible builds, binary output association with recipe hashes, and tracing target images. Learn about reproducibility testing, extending quality assurance tests, and CVE tracking within the Yocto Project. Explore CVE metrics and how buildtools replace host tools to extend the supply chain.