Software Supply Chain Topics

The Software Supply Chain spans a large number of use cases, programming languages, libraries, package managers, toolchains, vocabulary, abbreviations, and personas. To make this as useful as possible, we’re connecting the topics, entities and resources that make up this corner of technology.

In some cases, a word may have multiple meanings. We’ll do our best to include multiple perspectives and to best capture the meaning within the context of either the Software Supply Chain or securing it and any DevOps, DevSecOps, Cloud-Native, SDLC or MLOps implications.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Artifact

Any new object produced as a result of software development. This could mean a compiled binary, the project's source code, container...

B

Binary

The file that results from compiling your code, if written in a language that is compiled rather than interpreted.

Binary Repository Manager

A tool that allows you to organize your compiled binaries into repositories the same way you organize your source code into...

Build

As a verb, to compile your source code into an executable binary. As a noun, a version of your application as an executable binary.

C

CI/CD

The combination of Continuous Integration and either Continuous Deployment or Continuous Delivery. Broadly, this is the term for a set...

Compiler

A tool that translates an entire application written in one higher-level programming language into another lower-level language so that...

Container

A virtualized operating system environment that includes your application and its dependencies, allowing you to have a greater level of...

Continuous Delivery

A philosophy that your software updates should be continuously delivered to the target, although deployment to the user is still...

Continuous Deployment

Like Continuous Delivery, a philosophy that your software updates should be continuously delivered to the target. However, Continuous...

Continuous Integration

Enabled by a Continuous Integration tool like JFrog Pipelines, merging all developers’ working codebase with the source, multiple...

CVE

Common Vulnerabilities and Exposures (CVE) are a dictionary of unique identifiers (CVE ID) assigned to publicly disclosed cybersecurity...

CVSS

Common Vulnerability Scoring System. A numerical score on a scale from 1 to 10, representing the potential severity of a software...

D

Dependency

Code, librarties, or tools that your application relies on to operate. May or may not be written by a third party.

DevSecOps

DevSecOps is the incorporation of continuous security testing into all stages of the software development lifecycle (SDLC). Development,...

Docker

A virtualization tool that allows you to deliver your software in a particular type of package called a container, which includes an...

H

Helm

A package manager for Kubernetes. Written in YAML, a Helm chart allows you to define, install, and upgrade complex Kubernetes...

I

Infrastructure As Code

A tool that allows you to manage and provision infrastructure such as containers and network configuration through your code, in a way...

Integration Tests

A type of testing that verifies entire parts of an application work when combined with other parts of an application.

Interpreter

A tool that translates source code in a higher-level language into a lower-level language for execution, line-by-line, at runtime....

K

Kubernetes

A container orchestration tool designed to make the deployment and management of containerized applications easier. Think of it like the...

L

License

A legal document that defines how a piece of software may be used, and what the implications are for using it. Licenses may define rules...

Local Repository

In the context of JFrog Artifactory, a particular type of repository that contains code originating on your local machine. Does not...

M

Microservice

A software development architecture that breaks your application up into multiple independent services that interact with one another....

Monolith

A software development architecture wherein your application is built as a single unit -- front-end, back-end, and database. Until...

R

Remote Repository

In the context of JFrog Artifactory, a repository type that contains only remote code with an original source outside of your local...

Repository

A place to organize your source code or artifacts into one cohesive, organized group by application or project. Tools like GitHub are...

S

SDLC

Often-used shorthand for Software Development Lifecycle, which is the processes and tools involved in writing and delivering software.

Service Mesh

A tool that makes it easier to monitor and control the flow of information between the microservices that make up your application. This...

Source Control

A tool that helps manage your uncompiled source code into repositories. Examples are GitHub or Bitbucket.

U

Unit Tests

A type of test that aims to verify functionality within a very specific, narrow scope, e.g., a specific function or class.

V

Virtual Repository

In the context of JFrog Artifactory, a type of repository that acts as an envelope around the local and remote repositories that make up...

Vulnerability Management

Vulnerability Management is the process of discovering, identifying, prioritizing and ultimately remediating vulnerabilities and risk in...

Vulnerability Scanning

Vulnerability scanning is the process of using automation to crawl a system, network, or application to find known weaknesses or...

Y

YAML

A data serialization language designed to be human-readable, frequently used for configuration files in DevOps and beyond.

Z

Zero-Day Vulnerability

A Zero Day is a security vulnerability that hasn't been discovered by or disclosed to the public. There are no known detections or...

�

ソフトウェアサプライチェーン

...