BoostSecurity Terminology¶
This reference guide provides an overview of essential terms commonly encountered in BoostSecurity.
| BoostSecurity Term | Description |
|---|---|
| Scanners | Automated tools used to scan code, infrastructure, or systems for security vulnerabilities. |
| SCM | Source Code Management - Platforms or tools used to manage and version control source code. |
| Findings | Security issues or vulnerabilities identified by scanning tools or manual analysis. |
| Violation | A breach of security policies or standards, often identified during security scans or audits. |
| CVSS | Common Vulnerability Scoring System - A framework used to assess the severity of vulnerabilities. |
| CI/CD | Continuous Integration/Continuous Deployment - Practices for automating software development processes. |
| SBOM | Software Bill of Materials - Inventory of software components used in BoostSecurity. |
| GraphQL | Query language for APIs that enables clients to request only the data they need. |
| SAST | Static Application Security Testing - Analyzing source code for security vulnerabilities. |
| DAST | Dynamic Application Security Testing - Assessing running applications for security vulnerabilities. |
| IAST | Interactive Application Security Testing - Assessing applications while they run within their normal operating environment. |
| IAC | Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes. |
| DevOps | Integration of development and operations teams, processes, and tools to streamline software delivery. |
| DevSecOps | DevSecOps stands for development, security, and operations. |