The National Cybersecurity Strategy and the National Security Agency (NSA) have released new guidance on securing open source software supply chains, emphasizing the importance of managing open source software and maintaining a software bill of materials (SBOM). The NSA provides recommendations for developers to choose the best OSS options, conduct risk assessments, and create secure repositories. Securing the SBOM is crucial, as it can help prevent supply chain attacks that have affected thousands of software packages, with over 185,000 affected in 2022. Google Cloud users can leverage Snyk's open source security management platform to find and fix vulnerabilities, scan pull requests, and create enriched SBOMs, integrating with Google services such as CloudBuild, Artifact Registry, and Kubernetes Engine to ensure secure software supply chains.