# Glossary

* **DevOps: "**&#x44;evOps" combines development and operations to unite people, process and technology in all software lifecycle [\[source\]](https://learn.microsoft.com/en-us/devops/what-is-devops).
* **GitOps:** "GitOps" uses Git repositories as a single source of truth to deliver infrastructure as code [\[source\]](https://www.redhat.com/en/topics/devops/what-is-gitops).
* **DevSecOps:** "DevSecOps" stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle [\[source\]](https://www.redhat.com/en/topics/devops/what-is-devsecops).
* **SasS:** short for "Software as a Service".
* **SAST:** short for "Static Application Security Testing". Analysing source code to identify vulnerabilities.
* **DAST:** short for "Dynamic Application Security Testing". Analysing the application from the outside using the available outputs and inputs (a black-box approach).
* **IAST:** short for "Interactive Application Security Testing". Combine static and dynamic techniques to improve testing [\[source\]](https://www.contrastsecurity.com/security-influencers/why-the-difference-between-sast-dast-and-iast-matters).
* **SDLC:** short for "Software Development Lifecycle". Is the cost-effective and time-efficient process that development teams use to design and build high-quality software [\[source\]](https://aws.amazon.com/what-is/sdlc/).
* **SCA:** short for "Software Composition Analysis". Analysing dependencies in a codebase to manage exposure to security and/or license compliance issues.
* **SRE:** short for "Site Reliability Engineering".
* **K8s:** short-way to write "Kubernetes".
* **IaC:** short for "Infrastructure as Code", using DevOps methodology and versioning with a descriptive model to define and deploy infrastructure [\[source\]](https://learn.microsoft.com/en-us/devops/deliver/what-is-infrastructure-as-code).
* **SBOM:** short for "Software Bill Of Materials", is a nested inventory that make up software components. They include critical information about the libraries, tools, and processes used to develop, build, and deploy a sofware artifact [\[source\]](https://about.gitlab.com/blog/2022/10/25/the-ultimate-guide-to-sboms/).
* **AIO:** short for "All In One".
* **CVE:** short for "Common Vulnerabilities and Exposures", is a list of publicly disclosed computer security flaws [\[source\]](https://www.redhat.com/en/topics/security/what-is-cve).
* **VM:** short for "Virtual Machine".
* **AWS:** short for "Amazon Web Services".
* **GCP:** short for "Google Cloud Platform".
* **GH:** short for "GitHub".
* **GHAS:** short for "GitHub Advanced Security".
* **CSPM:** short for "Cloud Security Posture Management".
* **IDS:** short for "Intrusion Detection System".
* **IPS:** short for "Intrusion Protection System".
* **SOC:** short for "System and Organization Controls".
* **CERT:** short for "Computer Emergency Response (or readiness) Team".
* **CSIRT:** short for "Computer Security Incident Response Team".
* **CIRT:** short for "Computer Incident Response Team" or (less frequently) "Cybersecurity Incident Response Team".
* **SOAR:** short for "Security Orchestration, Automation and Response".
* **SIEM:** short for "Security Information and Event Management".
* **SIM:** short for "Security Information Management".
* **SEM:** short for "Security Event Management".
* **DFIR:** short for "Digital Forensics and Incident Response".
* **SCAP:** short for "Security Content Automation Protocol".
* **CSP:** short for "Content Security Policy".
* **OSS:** short for "Open Source Software".
* **XSS:** short for "Cross-Site Scripting".
* **RSS:** short for "Really Simple Syndication", a XML format to distribute content in the web.
* **REST:** acronym for "REpresentational State Transfer", an architectural style for distributed hypermedia systems.
* **E2E:** short for "End to End".
* **SSL:** short for "Secure Sockets Layer", to protect connections.
* **TLS:** short for "Transport Layer Security", transport protocol.
* **JWT:** short for "JSON Web Token".
* **OTP:** short for "One Time Password".
* **OATH:** short for "Open Authentication".
* **X509:** standard defining the format of public key credentials.
* **UFW:** short for "Uncomplicated Firewall", a Linux firewall.
* **DSL:** short for "Domain-specific language".
* **CI:** short for "Continuous Integration".
* **CD:** short for "Continuous Delivery".
* **HW:** short for "Hardware".
* **OCI:** short for "Oracle Cloud Infrastructure" or "Open Container Initiative".
* **MDR:** short for "Managed Detection and Response".
* **MSS:** short for "Managed Security Services".
* **CIS:** short for "Cyber Intelligence Services" (also the abbreviation for the "Center of Internet Security").
* **RTS:** short for "Red Team Services".
* **GRC:** short for "Governance, Risk and Compliance".
* **CTI:** short for "Cybersecurity Technology Integration".