Attacks on the software supply chain are becoming increasingly common. Attackers are trying to access critical systems via the software supply chain. Such attacks can have serious consequences, particularly in the public sector. In our talk, we will demonstrate how DevGuard, as an open-source vulnerability management project, helps ZenDiS by finding and closing vulnerabilities before the release of the software and deliver a toolchain for the hardening of base images. DevGuard itself is an OWASP Incubator Project which is available via the openCode-DevGuard instance or as 100% open-source software on GitHub for community use.