Explore the critical issue of securing the software supply chain in this 22-minute conference talk from USENIX Enigma 2020. Delve into the challenges posed by widespread code reuse and third-party dependencies in modern software development. Examine high-profile security incidents and their patterns, including compromised developer credentials and ecosystem access issues. Learn about the innovative Go checksum database, designed to secure the Go modules ecosystem without additional work from module authors. Discover how this centralized log system employs Certificate Transparency technology to ensure accountability and enables third-party auditors to provide new version notifications. Understand the database's cacheability features and their implications for resource management and privacy. Gain insights into applying these concepts to other software package ecosystems to enhance overall software supply chain security.