Software Supply Chain Security in 2026 — SBOM, SLSA, and Sigstore
How modern supply chain security actually works — SBOMs, SLSA levels, signing with Sigstore/cosign, attestations, and a practical CI pipeline that protects against typosquatting, dependency hijacks, and tampered builds.