Software Supply Chain Glossary

A comprehensive collection of terms, concepts, and definitions related to software supply chain management.

100+ Terms

59 Categories

Search

Browse by Letter

All A B C D E F G H I J K L M N O P Q R S T U V X Y Z

Filter by Tag

Access Control

Architecture

Attack Vectors

Authentication

Automation

Build Systems

CI/CD

Cloud

Collaboration

Compliance

Configuration

Configuration Management

Containers

Cryptography

Dependencies

DevOps

DevSecOps

Emerging Technology

Encryption

Firmware

Frameworks

Future Technology

General Concepts

Government

Hardware

Identity

Infrastructure

Infrastructure as Code

Integrity

IoT

Kubernetes

Legal

Licensing

Metrics

Open Source

Orchestration

Package Management

Performance

Pipeline Security

Project Management

Quality Assurance

Risk Management

Security

Software Composition

Software Delivery

Software Supply Chain

Standards

Supply Chain

Supply Chain Security

Technical Debt

Testing

Threats

Tools

Verification

Version Control

Vulnerabilities

Vulnerability Management

Workflow

Zero Trust

Active Filters:

Supply Chain×

Clear all filters

A

Attestation

A digitally signed statement or evidence about software artifacts that verifies specific properties, origins, or processes related to the software supply chain, enhancing trust and transparency.

C

Container Bill of Materials (CBOM)

A structured inventory that documents all components, dependencies, and configuration details within a container image, enabling enhanced visibility and security throughout the container lifecycle.

CI/CD Security

The practice of protecting continuous integration and continuous delivery pipelines from security threats, ensuring that automated software delivery processes don't introduce vulnerabilities into applications or infrastructure.

Infrastructure as Code

D

Dependency Confusion

A software supply chain attack where malicious packages with the same name as internal dependencies are published to public repositories, tricking build systems into using the malicious version.

E

End-of-Life Management

The systematic approach to identifying, assessing, and mitigating risks associated with software components, dependencies, and systems that have reached or are approaching end-of-life or end-of-support status.

Risk Management

Supply Chain

Vulnerability Management

Technical Debt

Compliance

H

Hardware Bill of Materials (HBOM)

A comprehensive inventory of all physical components, firmware, and embedded software that make up a hardware product, providing transparency into the hardware supply chain for security and compliance purposes.

S

Software Bill of Materials (SBOM)

A formal, machine-readable inventory that lists all components and dependencies included in a software application, providing transparency into the software supply chain.

T

Typosquatting

A software supply chain attack where malicious packages with names similar to popular dependencies are published, exploiting common typing errors to trick developers into installing them.

U

Upstream Dependencies

External code packages, libraries, frameworks, and services that software projects rely on but don't directly control, representing a critical aspect of software supply chain security and risk management.