Software Supply Chain Topics

The Software Supply Chain spans a large number of use cases, programming languages, libraries, package managers, toolchains, vocabulary, abbreviations, and personas. To make this as useful as possible, we’re connecting the topics, entities and resources that make up this corner of technology.

In some cases, a word may have multiple meanings. We’ll do our best to include multiple perspectives and to best capture the meaning within the context of either the Software Supply Chain or securing it and any DevOps, DevSecOps, Cloud-Native, SDLC or MLOps implications.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Artifact

Any new object produced as a result of software development. This could mean a compiled binary, the project's source code, container...

B

Binary

The file that results from compiling your code, if written in a language that is compiled rather than interpreted.

Binary Repository Manager

A tool that allows you to organize your compiled binaries into repositories the same way you organize your source code into...

Build

As a verb, to compile your source code into an executable binary. As a noun, a version of your application as an executable binary.

C

CI/CD

The combination of Continuous Integration and either Continuous Deployment or Continuous Delivery. Broadly, this is the term for a set...

Compiler

A tool that translates an entire application written in one higher-level programming language into another lower-level language so that...

Container

A virtualized operating system environment that includes your application and its dependencies, allowing you to have a greater level of...

Continuous Delivery

A philosophy that your software updates should be continuously delivered to the target, although deployment to the user is still...

Continuous Deployment

Like Continuous Delivery, a philosophy that your software updates should be continuously delivered to the target. However, Continuous...

Continuous Integration

Enabled by a Continuous Integration tool like JFrog Pipelines, merging all developers’ working codebase with the source, multiple...

CVE

共通脆弱性識別子 (CVE) は、公開されたサイバーセキュリティの脆弱性に割り当てられた一意の識別子...

CVSS

Common Vulnerability Scoring System. A numerical score on a scale from 1 to 10, representing the potential severity of a software...

D

Dependency

Code, librarties, or tools that your application relies on to operate. May or may not be written by a third party.

DevOps

DevOps is the term for the union of the development team and the IT operations team, through the use of a specific set of practices and...

DevSecOps

DevSecOps is the incorporation of continuous security testing into all stages of the software development lifecycle (SDLC). Development,...

Docker

A virtualization tool that allows you to deliver your software in a particular type of package called a container, which includes an...

H

Helm

A package manager for Kubernetes. Written in YAML, a Helm chart allows you to define, install, and upgrade complex Kubernetes...

I

Infrastructure As Code

A tool that allows you to manage and provision infrastructure such as containers and network configuration through your code, in a way...

Integration Tests

A type of testing that verifies entire parts of an application work when combined with other parts of an application.

Interpreter

A tool that translates source code in a higher-level language into a lower-level language for execution, line-by-line, at runtime....

K

Kubernetes

A container orchestration tool designed to make the deployment and management of containerized applications easier. Think of it like the...

L

License

A legal document that defines how a piece of software may be used, and what the implications are for using it. Licenses may define rules...

Local Repository

In the context of JFrog Artifactory, a particular type of repository that contains code originating on your local machine. Does not...

M

Microservice

A software development architecture that breaks your application up into multiple independent services that interact with one another....

Model Registry

A model registry in MLOps (Machine Learning Operations) is a centralized repository that manages the lifecycle of machine learning...

Monolith

A software development architecture wherein your application is built as a single unit -- front-end, back-end, and database. Until...

N

NuGet

NuGet is a commonly-used package manager that simplifies dependency management by enabling developers to easily add, remove, and update...

P

Package Management

Packages are bundles of code used to extend the functionality of an application.

R

Remote Repository

In the context of JFrog Artifactory, a repository type that contains only remote code with an original source outside of your local...

Repository

A place to organize your source code or artifacts into one cohesive, organized group by application or project. Tools like GitHub are...

S

SAST

Static Application Security Testing (SAST), is a type of application security testing that scans applications in a static state to...

SBOM

An SBOM is a list of all of the components used to build and run an application. They include an inventory of any modules, libraries,...

SCA

Software Composition Analysis (SCA) is the use of automated tools to identify open source components within an application’s code...

SDLC

The software development life cycle, or SDLC, is the set of phases that occur as developers create software. It includes a series of...

Service Mesh

A tool that makes it easier to monitor and control the flow of information between the microservices that make up your application. This...

Software Artifact

A software artifact is any item produced during the development of software, whether tangible or...

Source Control

A tool that helps manage your uncompiled source code into repositories. Examples are GitHub or Bitbucket.

U

Unit Tests

A type of test that aims to verify functionality within a very specific, narrow scope, e.g., a specific function or class.

V

Virtual Repository

In the context of JFrog Artifactory, a type of repository that acts as an envelope around the local and remote repositories that make up...

Y

YAML

A data serialization language designed to be human-readable, frequently used for configuration files in DevOps and beyond.