This talk will cover how to build ClusterImagePolicies (CIPs) to set software supply chain policies using the Sigstore project. We will build CIPs from scratch that cover the most common policies within frameworks such as SLSA, NIST SSDF, CIS, and PCI.