Software Supply Chain Glossary

A comprehensive collection of terms, concepts, and definitions related to software supply chain management.

100+ Terms

59 Categories

Search

Browse by Letter

All A B C D E F G H I J K L M N O P Q R S T U V X Y Z

Filter by Tag

Access Control

Architecture

Attack Vectors

Authentication

Automation

Build Systems

CI/CD

Cloud

Collaboration

Compliance

Configuration

Configuration Management

Containers

Cryptography

Dependencies

DevOps

DevSecOps

Emerging Technology

Encryption

Firmware

Frameworks

Future Technology

General Concepts

Government

Hardware

Identity

Infrastructure

Infrastructure as Code

Integrity

IoT

Kubernetes

Legal

Licensing

Metrics

Open Source

Orchestration

Package Management

Performance

Pipeline Security

Project Management

Quality Assurance

Risk Management

Security

Software Composition

Software Delivery

Software Supply Chain

Standards

Supply Chain

Supply Chain Security

Technical Debt

Testing

Threats

Tools

Verification

Version Control

Vulnerabilities

Vulnerability Management

Workflow

Zero Trust

Active Filters:

Letter: S×

Clear all filters

S

Software Bill of Materials (SBOM)

A formal, machine-readable inventory that lists all components and dependencies included in a software application, providing transparency into the software supply chain.

SCA (Software Composition Analysis)

Tools and methods for identifying, analyzing, and managing third-party and open source components within software applications to mitigate security and compliance risks.

Security

Compliance

Tools

Secrets Management

The processes, practices, and tools for securely handling sensitive information like credentials, tokens, and encryption keys throughout the software development lifecycle and across the supply chain.

Sigstore

An open-source project providing a standard way to sign, verify, and protect software artifacts without managing long-term cryptographic keys.

Security

Tools

Cryptography

Supply Chain Security

SLSA (Supply-chain Levels for Software Artifacts)

A security framework that defines graduated levels of software supply chain security, helping organizations incrementally improve their security posture.

Security

Frameworks

Supply Chain Security

Software Supply Chain

The full lifecycle and pipeline involved in developing, building, packaging, distributing, and deploying software—including dependencies, tools, infrastructure, and people.

General Concepts

Security

DevOps

Source-Available Licensing

Source-available licensing allows access to source code while restricting certain usage rights, striking a middle ground between open source and proprietary software models.

SPDX (Software Package Data Exchange)

A comprehensive overview of the Software Package Data Exchange (SPDX) standard, its importance in the software supply chain, and how it enables license compliance and security.

Server Side Public License (SSPL)

The Server Side Public License (SSPL) is a source-available license created by MongoDB that requires service providers to release the complete source code of applications built on SSPL-licensed software.

Supply Chain Attack

A cyberattack that targets the less-secure elements in the software supply chain to compromise the intended target.

Security

Attack Vectors

Threats