Software Supply Chain Glossary

A comprehensive collection of terms, concepts, and definitions related to software supply chain management.

100+ Terms

59 Categories

Search

Browse by Letter

All A B C D E F G H I J K L M N O P Q R S T U V X Y Z

Filter by Tag

Access Control

Architecture

Attack Vectors

Authentication

Automation

Build Systems

CI/CD

Cloud

Collaboration

Compliance

Configuration

Configuration Management

Containers

Cryptography

Dependencies

DevOps

DevSecOps

Emerging Technology

Encryption

Firmware

Frameworks

Future Technology

General Concepts

Government

Hardware

Identity

Infrastructure

Infrastructure as Code

Integrity

IoT

Kubernetes

Legal

Licensing

Metrics

Open Source

Orchestration

Package Management

Performance

Pipeline Security

Project Management

Quality Assurance

Risk Management

Security

Software Composition

Software Delivery

Software Supply Chain

Standards

Supply Chain

Supply Chain Security

Technical Debt

Testing

Threats

Tools

Verification

Version Control

Vulnerabilities

Vulnerability Management

Workflow

Zero Trust

Active Filters:

Compliance×

Clear all filters

C

Cybersecurity and Infrastructure Security Agency (CISA)

A federal agency responsible for improving cybersecurity across government and critical infrastructure sectors, coordinating national cyber defense, and providing guidance on emerging security threats.

Security

Government

Compliance

Vulnerability Management

Copyleft Licenses

Open source licenses that require derivative works to be distributed under the same or compatible license terms, ensuring that modifications remain freely available to the community.

E

End-of-Life Management

The systematic approach to identifying, assessing, and mitigating risks associated with software components, dependencies, and systems that have reached or are approaching end-of-life or end-of-support status.

Risk Management

Supply Chain

Vulnerability Management

Technical Debt

Compliance

G

GPL License

The GNU General Public License (GPL) is a copyleft open source license that requires derivative works to be distributed under the same license terms, ensuring that software remains free and open.

L

License Compliance

Ensuring that software usage, distribution, and modification adhere to the legal requirements and obligations specified in software licenses and agreements.

O

Open Source License

Legal agreements that govern the use, modification, and distribution of open source software, balancing creators' rights with users' freedoms.

P

Permissive Licenses

Open source licenses that impose minimal restrictions on the redistribution and use of software, allowing for incorporation into proprietary products with few requirements beyond attribution.

Provenance

Metadata that describes the origin, creation process, and supply chain journey of a software artifact, enabling verification of its authenticity and integrity.

Security

Compliance

Supply Chain Security

S

Software Bill of Materials (SBOM)

A formal, machine-readable inventory that lists all components and dependencies included in a software application, providing transparency into the software supply chain.

SCA (Software Composition Analysis)

Tools and methods for identifying, analyzing, and managing third-party and open source components within software applications to mitigate security and compliance risks.

Security

Compliance

Tools

Secrets Management

The processes, practices, and tools for securely handling sensitive information like credentials, tokens, and encryption keys throughout the software development lifecycle and across the supply chain.

X

XCCDF (Extensible Configuration Checklist Description Format)

A standardized XML-based specification language for writing security checklists, benchmarks, and related documents that enable automated vulnerability management and security compliance testing.

Compliance

Security

Standards

Configuration Management