Skip to content

BoostSecurity Terminology

This reference guide provides an overview of essential terms commonly encountered in BoostSecurity.

BoostSecurity Term Description
Scanners Automated tools used to scan code, infrastructure, or systems for security vulnerabilities.
SCM Source Code Management - Platforms or tools used to manage and version control source code.
Findings Security issues or vulnerabilities identified by scanning tools or manual analysis.
Violation A breach of security policies or standards, often identified during security scans or audits.
CVSS Common Vulnerability Scoring System - A framework used to assess the severity of vulnerabilities.
CI/CD Continuous Integration/Continuous Deployment - Practices for automating software development processes.
SBOM Software Bill of Materials - Inventory of software components used in BoostSecurity.
GraphQL Query language for APIs that enables clients to request only the data they need.
SAST Static Application Security Testing - Analyzing source code for security vulnerabilities.
DAST Dynamic Application Security Testing - Assessing running applications for security vulnerabilities.
IAST Interactive Application Security Testing - Assessing applications while they run within their normal operating environment.
IAC Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes.
DevOps Integration of development and operations teams, processes, and tools to streamline software delivery.
DevSecOps DevSecOps stands for development, security, and operations.