SLSA, SigStore, SBOM and Software Supply Chain Security. What does that all mean really ?