Software Composition Analysis (SCA) Glossary
Useful topics, words, acronyms, and jargon, for software composition analysis (SCA) teams
A
The AGPL is a free software license designed to ensure users have the freedom to use, modify, and distribute software. It builds upon the standard GPL by addressing software use over a network, making it particularly relevant for web applications and SaaS.
B
The BSD License encompasses a range of permissive free software licenses that are particularly noted for their minimal restrictions on the redistribution of covered software.
C
CI/CD accelerates the development cycle while ensuring higher code quality and stability by automating code integration, testing, and deployment. CI/CD enables teams to release features, updates, and bug fixes more frequently, providing a faster response to user needs and market changes.
Containers, which package applications and their dependencies in a lightweight, portable format, can carry security risks from outdated software libraries, exposed secrets, or misconfigurations. Container Scanning is the process of inspecting container images for vulnerabilities, configuration flaws, and compliance issues.
Copyleft is a licensing method that ensures software remains free to use, modify, and distribute, even in its modified versions. Unlike permissive licenses, derivative works can be distributed under the same license, preserving the freedoms of the original software.
M
The MIT License, originating from the Massachusetts Institute of Technology, is a permissive free software license. It is one of the most popular open-source licenses in the software development community.
O
Open Source Software (OSS) provides publicly accessible source code, fostering transparency and collaboration. This enables users to view, modify, and distribute the software, promoting tailored solutions and communal enhancements.
Open source security refers to the practices, tools, and strategies used to safeguard software and systems that are developed and distributed under open source licenses. This security model emphasizes transparency and community collaboration, allowing users to inspect, modify, and enhance the source code.
S
The Software Development Life Cycle (SDLC) framework ensures a systematic, efficient, and effective approach to software development. By following its structured phases, development teams can deliver high-quality software that meets or exceeds stakeholder expectations.
V
VEX (Vulnerability Exploitability eXchange) is a cybersecurity framework that identifies whether known vulnerabilities in software or hardware are exploitable in a specific context. This helps organizations prioritize remediation efforts by focusing on real security risks.