Software Supply Chain Glossary
A comprehensive collection of terms, concepts, and definitions related to software supply chain management.
A
Artifact Repository
A specialized storage system that manages and organizes software packages, binaries, and dependencies throughout the software development lifecycle.
Artifact
A file or package produced by the build process, such as an executable, container image, library, or other deployable component.
Attestation
A digitally signed statement or evidence about software artifacts that verifies specific properties, origins, or processes related to the software supply chain, enhancing trust and transparency.
C
Container Bill of Materials (CBOM)
A structured inventory that documents all components, dependencies, and configuration details within a container image, enabling enhanced visibility and security throughout the container lifecycle.
CI/CD (Continuous Integration / Continuous Deployment)
A set of practices and tools that automate the process of building, testing, and deploying software, enabling frequent and reliable software delivery.
D
DevSecOps
An approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle, from initial development through production deployment and beyond.
DevOps Research and Assessment (DORA)
A research program that establishes metrics and benchmarks for measuring software delivery performance and organizational effectiveness in technology organizations.
J
Jenkins
An open-source automation server that enables the creation and management of continuous integration and continuous delivery (CI/CD) pipelines, with capabilities for securing the software development and deployment process.
Jira
A project management and issue tracking tool developed by Atlassian that helps teams plan, track, and manage software development projects, with capabilities that can be leveraged for supply chain security governance and visibility.