Attackers are taking advantage of insecure software deployment pipelines; the White House, OWASP, Google, and others have released guidelines on best practices in response. We will break down the key takeaways and compile a list of best practices for mitigating software supply chain security risk.