The way in which we develop, supply, and secure software is often weak and lacks digital trust. The dominance of open-source software and the interconnectedness of software between organisations has raised cybersecurity risks in the software supply chain. Recent cyber-attacks (SolarWinds, Kaseya) and vulnerabilities in open-source code (Log4j, Spring4Shell) have created a sense of panic about security across the software supply chain. TrueDeploy brings trust and transparency to the software supply chain. We will do this by bringing together a novel combination of blockchain, credential management, and access control technologies.