Software Supply Chain Glossary
A comprehensive collection of terms, concepts, and definitions related to software supply chain management.
S
Software Bill of Materials (SBOM)
A formal, machine-readable inventory that lists all components and dependencies included in a software application, providing transparency into the software supply chain.
SCA (Software Composition Analysis)
Tools and methods for identifying, analyzing, and managing third-party and open source components within software applications to mitigate security and compliance risks.
Secrets Management
The processes, practices, and tools for securely handling sensitive information like credentials, tokens, and encryption keys throughout the software development lifecycle and across the supply chain.
Sigstore
An open-source project providing a standard way to sign, verify, and protect software artifacts without managing long-term cryptographic keys.
SLSA (Supply-chain Levels for Software Artifacts)
A security framework that defines graduated levels of software supply chain security, helping organizations incrementally improve their security posture.
Software Supply Chain
The full lifecycle and pipeline involved in developing, building, packaging, distributing, and deploying software—including dependencies, tools, infrastructure, and people.
Supply Chain Attack
A cyberattack that targets the less-secure elements in the software supply chain to compromise the intended target.