Software Supply Chain Glossary

A comprehensive collection of terms, concepts, and definitions related to software supply chain management.

100+ Terms

59 Categories

Search

Browse by Letter

All A B C D E F G H I J K L M N O P Q R S T U V X Y Z

Filter by Tag

Access Control

Architecture

Attack Vectors

Authentication

Automation

Build Systems

CI/CD

Cloud

Collaboration

Compliance

Configuration

Configuration Management

Containers

Cryptography

Dependencies

DevOps

DevSecOps

Emerging Technology

Encryption

Firmware

Frameworks

Future Technology

General Concepts

Government

Hardware

Identity

Infrastructure

Infrastructure as Code

Integrity

IoT

Kubernetes

Legal

Licensing

Metrics

Open Source

Orchestration

Package Management

Performance

Pipeline Security

Project Management

Quality Assurance

Risk Management

Security

Software Composition

Software Delivery

Software Supply Chain

Standards

Supply Chain

Supply Chain Security

Technical Debt

Testing

Threats

Tools

Verification

Version Control

Vulnerabilities

Vulnerability Management

Workflow

Zero Trust

Active Filters:

Letter: D×

Clear all filters

D

Dependency Confusion

A software supply chain attack where malicious packages with the same name as internal dependencies are published to public repositories, tricking build systems into using the malicious version.

Dependency Pinning

Dependency pinning is the practice of locking software dependencies to specific versions to ensure build reproducibility, stability, and security in the software supply chain.

Dependency

External software packages or components that a project uses or relies on to function properly.

General Concepts

Package Management

DevSecOps

An approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle, from initial development through production deployment and beyond.

DevOps Research and Assessment (DORA)

A research program that establishes metrics and benchmarks for measuring software delivery performance and organizational effectiveness in technology organizations.