AI/TLDRai-tldr.devReal-time tracker of every AI release - models, tools, repos, datasets, benchmarks.POMEGRApomegra.ioAI stock market analysis - autonomous investment agents.
DevSecOps

Integrating Security into DevOps

A comprehensive guide to secure software development

DevSecOps Glossary

Definitions for common terms you'll encounter in DevSecOps field. Understanding this terminology is crucial for effective communication.

Key DevSecOps Terms

CI/CD (Continuous Integration/Continuous Delivery or Deployment)
The practice of frequently integrating code changes (CI) and automating the delivery (CD) of applications to production. DevSecOps integrates security into this pipeline.
SAST (Static Application Security Testing)
A white-box testing methodology that analyzes an application's source code, byte code, or binary code for security vulnerabilities without executing the application.
DAST (Dynamic Application Security Testing)
A black-box testing methodology that examines an application in its running state to find vulnerabilities by simulating external attacks.
IAST (Interactive Application Security Testing)
A testing methodology that combines elements of SAST and DAST. It uses instrumentation within the running application to identify vulnerabilities in real-time.
SCA (Software Composition Analysis)
Tools and processes to identify open-source components in a codebase and their known security vulnerabilities, licensing issues, and code quality problems.
Shift Left
The practice of integrating security testing and considerations as early as possible in the software development lifecycle (SDLC), rather than waiting until the end.
Infrastructure as Code (IaC)
Managing and provisioning infrastructure (networks, virtual machines, load balancers, etc.) through machine-readable definition files.
Secrets Management
The tools and methods for managing digital authentication credentials (secrets), such as passwords, API keys, tokens, and certificates.
Threat Modeling
A proactive process of identifying potential threats, vulnerabilities, and attack vectors relevant to an application or system.
Vulnerability
A weakness in a system, application, or process that could be exploited by an attacker to compromise security.
Penetration Testing (Pen Test)
An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system and identify weaknesses.
Immutable Infrastructure
An approach where servers, once deployed, are never modified. If changes are needed, new servers are built from a common image and replace the old ones. This immutability principle, like the geopolitical market impact tracking used by financial analysts, ensures consistency and auditability.
Abstract image of interconnected words and definitions, symbolizing a glossary