References
The references section provides detailed information on terminology and abbreviations used throughout the Pillars of Creation documentation. Understanding these terms is essential for effectively navigating the documentation and comprehending the concepts discussed.
Terminology and Abbreviations
| Term/Abbreviation | Definition |
|---|---|
| Pipeline | A sequence of automated processes that compile, build, test, and deploy code. |
| Job | A single task executed by a pipeline, such as code compilation or testing. |
| Stage | A collection of jobs that execute in a predefined order within a pipeline. |
| Artifact | A byproduct of the software development process, such as binaries, container images, or reports. |
| Runner | An application that executes the jobs defined in a CI/CD pipeline. |
| Registry | A storage and content delivery system that holds named container images, available in different tagged versions. |
| GitLab Container Registry | A secure, private registry for storing container images within GitLab. |
| SBOM (Software Bill of Materials) | A detailed list of components and dependencies within a software artifact. |
| BoE (Body of Evidence) | Documentation and artifacts collected to demonstrate compliance and security posture. |
| Publish | The act of storing and making artifacts available in a registry or repository. |
| Static Analysis | Examination of artifacts without executing them, identifying potential issues through code inspection. |
| Dynamic Analysis | Testing artifacts during execution to find vulnerabilities that manifest in a running environment. |
| Vulnerability Scan | An automated process to identify security weaknesses within software artifacts. |
| CI/CD (Continuous Integration and Continuous Deployment) | A methodology that emphasizes frequent integration of code changes and automated deployment. |
| Helm | A package manager for Kubernetes that helps you define, install, and upgrade complex Kubernetes applications. |
| Dependency | External code or libraries that a project relies on to function correctly. |
Tools
- Grype: GitHub Repository
- Trivy: GitHub Repository
- Syft: GitHub Repository
- ClamAV: Official Documentation
- NeuVector: Open Docs
- OSCAP (OpenSCAP): Official Website
- OWASP ZAP: Official Documentation
- Cypress: Official Documentation