Azure

Azure is Microsoft’s public cloud platform that provides a range of cloud services, including compute, analytics, storage and networking. Solutions include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

Azure Pipelines

Azure Pipeline is a cloud service used to build and test code automatically. The Azure pipeline includes continuous integration and continuous delivery (CI/CD) to regularly and consistently test and build code, and can deploy to any target.

Bitbucket

Bitbucket is a Git-based source code repository hosting service owned by Atlassian. It gives development teams a central place to manage git repositories, collaborate on source code, and guide stakeholders through the development flow.

CircleCI

CircleCI is a continuous integration and continuous delivery (CI/CD) platform that can be used to automatically run builds and test processes whenever developers commit code. This platform also includes functionality to display the build status of your GitHub branch.

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings. This report covers a company’s controls and its operating effectiveness.

Gerrit

Gerrit is a free, web-based team code collaboration tool that uses Git. This tool is part of Google’s suite of open-source tools. Software developers in a team can review each other’s modifications to their source code using a Web browser and approve or reject those changes. Gerrit simplifies project maintenance by permitting any authorized user ...

Git

Git is a free, distributed, and open-source version control system used for source code management. Git is used to track changes in the source code, enabling multiple developers to work together asynchronously.

GitHub

GitHub is a code hosting platform for version control and collaboration. This platform allows developers to work...

Github Actions

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.

Gitlab

GitLab is a repository hosting manager tool that is developed by GitLab Inc and is used for the software development process. It provides a variety of management by which we can streamline our collaborative workflow for completing the software development lifecycle. It also allows us to import the repository from Google Code, Bitbucket, etc.

Gitlab Runner

GitLab runner is a build instance that is used to run the jobs over multiple machines and send the results to GitLab and which can be placed on separate users, servers, and local machines.

Google SLSA

Google SLSA, announced in mid-2021, is a framework for ensuring the integrity of software artifacts throughout the software supply chain.

Helix Core

Perforce Helix Core Version Control is a distributed, scalable version control solution used for source code management.

ISO 27001

ISO 27001, formally known as ISO/IEC 27001, is designed to help organizations manage the security of financial information, intellectual property, employee details, and other assets. Maintaining ISO 27001 compliance helps deepen consumer confidence in an organization’s ability to handle sensitive information, and helps establish a formal risk management process.

Jenkins

Jenkins is an open-source automation server that helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration and continuous delivery. Jenkins is a Java-based program that may be run as a container.

Kallithea

Kallithea is a cross-platform free software source code management system that supports version control through Mercurial and Git. Features include collaboration tools, such as forking, pull requests, code review, and issue tracking.

Mercurial

Mercurial is a cross-platform distributed revision control tool for software developers.

MITRE

MITRE’s System of Trust (SoT) is a recently announced framework designed to help evaluate suppliers, supplies, and service providers; this is done to help mitigate software supply chain attacks. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and has helped formulate the SoT.

NIST

With its creation spurred by executive order 16025, NIST SSDF is a framework designed to help insure the integrity of critical software infrastructure. While compulsory for federal agencies, this framework may be applied to any government, private, public, or non-profit organization.

OWASP SAMM

OWASP SAMM is short for the Software Assurance Maturity Model. It was created to help organizations formulate and implement a strategy for software security.

PCI DSS

PCI DSS is a security framework first introduced in 2004 and is required by the contract for those handling cardholder data. This standard was created to increase controls around cardholder data to reduce credit card fraud.

Perforce

Perforce is an enterprise version-control tool used to manage source files and other documents, such as multiple revisions of a manual, web pages, or operating system administration files.

SCM

Source Code Management (SCM) ensures all the members of a team stay on top of the source code changes within a project. The SCM is where developers store work and results, providing visibility to colleagues and relevant stakeholders.

SOC 2 Type II

SOC 2 Type II is an audit on how a cloud-based service provider handles sensitive information. This report covers a company’s controls and its operating effectiveness.

Subversion

Apache Subversion (SVN) is a free, centralized, and open-source tool that provides enterprise-class centralized version control. Subversion manages files and directories, and the changes made to them, over time. This allows you to recover older versions of your data, or examine the history of how your data changed.

Travis

Travis CI is an open-source hosted distributed continuous integration service used to build and test projects hosted at GitHub. Travis CI also offers a self-hosted version called Travis CI Enterprise, available to organizations using GitHub Enterprise.