Software Supply Chain Glossary

A comprehensive collection of terms, concepts, and definitions related to software supply chain management.

100+ Terms

59 Categories

Search

Browse by Letter

All A B C D E F G H I J K L M N O P Q R S T U V X Y Z

Filter by Tag

Access Control

Architecture

Attack Vectors

Authentication

Automation

Build Systems

CI/CD

Cloud

Collaboration

Compliance

Configuration

Configuration Management

Containers

Cryptography

Dependencies

DevOps

DevSecOps

Emerging Technology

Encryption

Firmware

Frameworks

Future Technology

General Concepts

Government

Hardware

Identity

Infrastructure

Infrastructure as Code

Integrity

IoT

Kubernetes

Legal

Licensing

Metrics

Open Source

Orchestration

Package Management

Performance

Pipeline Security

Project Management

Quality Assurance

Risk Management

Security

Software Composition

Software Delivery

Software Supply Chain

Standards

Supply Chain

Supply Chain Security

Technical Debt

Testing

Threats

Tools

Verification

Version Control

Vulnerabilities

Vulnerability Management

Workflow

Zero Trust

Active Filters:

Letter: C×

Clear all filters

C

Container Bill of Materials (CBOM)

A structured inventory that documents all components, dependencies, and configuration details within a container image, enabling enhanced visibility and security throughout the container lifecycle.

CI/CD (Continuous Integration / Continuous Deployment)

A set of practices and tools that automate the process of building, testing, and deploying software, enabling frequent and reliable software delivery.

DevOps

Automation

Tools

CI/CD Security

The practice of protecting continuous integration and continuous delivery pipelines from security threats, ensuring that automated software delivery processes don't introduce vulnerabilities into applications or infrastructure.

Infrastructure as Code

Cybersecurity and Infrastructure Security Agency (CISA)

A federal agency responsible for improving cybersecurity across government and critical infrastructure sectors, coordinating national cyber defense, and providing guidance on emerging security threats.

Security

Government

Compliance

Vulnerability Management

Code Signing

The process of digitally signing executables and software packages to verify the author's identity and ensure the code hasn't been altered or corrupted since signing.

Security

Cryptography

Integrity

Commons Clause

The Commons Clause is a license condition that restricts commercial use of software when applied to an existing open source license, creating a source-available approach.

Copyleft Licenses

Open source licenses that require derivative works to be distributed under the same or compatible license terms, ensuring that modifications remain freely available to the community.

Cryptography

The practice and study of techniques for securing communication and data through the use of mathematical algorithms, enabling confidentiality, integrity, authentication, and non-repudiation in software systems.

CycloneDX

CycloneDX is a lightweight SBOM standard designed for application security contexts and supply chain component analysis.