Cycodepedia
appsec in plain english
Discover & learn everything you'd need to know about Software Supply Chain Security
-
Azure
Azure is Microsoft’s public cloud platform that provides a range of cloud services, including compute, analytics, storage and networking. Solutions include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
-
Azure Pipelines
Azure Pipeline is a cloud service used to build and test code automatically. The Azure pipeline includes continuous integration and continuous delivery (CI/CD) to regularly and consistently test and build code, and can deploy to any target.
-
Bitbucket
Bitbucket is a Git-based source code repository hosting service owned by Atlassian. It gives development teams a central place to manage git repositories, collaborate on source code, and guide stakeholders through the development flow.
-
CircleCI
CircleCI is a continuous integration and continuous delivery (CI/CD) platform that can be used to automatically run builds and test processes whenever developers commit code. This platform also includes functionality to display the build status of your GitHub branch.
-
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings. This report covers a company’s controls and its operating effectiveness.
-
Gerrit
Gerrit is a free, web-based team code collaboration tool that uses Git. This tool is part of Google’s suite of open-source tools. Software developers in a team can review each other’s modifications to their source code using a Web browser and approve or reject those changes. Gerrit simplifies project maintenance by permitting any authorized user ...
-
Git
Git is a free, distributed, and open-source version control system used for source code management. Git is used to track changes in the source code, enabling multiple developers to work together asynchronously.
-
GitHub
GitHub is a code hosting platform for version control and collaboration. This platform allows developers to work...
-
Github Actions
GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.
-
Gitlab
GitLab is a repository hosting manager tool that is developed by GitLab Inc and is used for the software development process. It provides a variety of management by which we can streamline our collaborative workflow for completing the software development lifecycle. It also allows us to import the repository from Google Code, Bitbucket, etc.
-
Gitlab Runner
GitLab runner is a build instance that is used to run the jobs over multiple machines and send the results to GitLab and which can be placed on separate users, servers, and local machines.
-
Google SLSA
Google SLSA, announced in mid-2021, is a framework for ensuring the integrity of software artifacts throughout the software supply chain.
-
Helix Core
Perforce Helix Core Version Control is a distributed, scalable version control solution used for source code management.
-
ISO 27001
ISO 27001, formally known as ISO/IEC 27001, is designed to help organizations manage the security of financial information, intellectual property, employee details, and other assets. Maintaining ISO 27001 compliance helps deepen consumer confidence in an organization’s ability to handle sensitive information, and helps establish a formal risk management process.
-
Jenkins
Jenkins is an open-source automation server that helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration and continuous delivery. Jenkins is a Java-based program that may be run as a container.
-
Kallithea
Kallithea is a cross-platform free software source code management system that supports version control through Mercurial and Git. Features include collaboration tools, such as forking, pull requests, code review, and issue tracking.
-
Mercurial
Mercurial is a cross-platform distributed revision control tool for software developers.
-
MITRE
MITRE’s System of Trust (SoT) is a recently announced framework designed to help evaluate suppliers, supplies, and service providers; this is done to help mitigate software supply chain attacks. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and has helped formulate the SoT.
-
NIST
With its creation spurred by executive order 16025, NIST SSDF is a framework designed to help insure the integrity of critical software infrastructure. While compulsory for federal agencies, this framework may be applied to any government, private, public, or non-profit organization.
-
OWASP SAMM
OWASP SAMM is short for the Software Assurance Maturity Model. It was created to help organizations formulate and implement a strategy for software security.
-
PCI DSS
PCI DSS is a security framework first introduced in 2004 and is required by the contract for those handling cardholder data. This standard was created to increase controls around cardholder data to reduce credit card fraud.
-
Perforce
Perforce is an enterprise version-control tool used to manage source files and other documents, such as multiple revisions of a manual, web pages, or operating system administration files.
-
SCM
Source Code Management (SCM) ensures all the members of a team stay on top of the source code changes within a project. The SCM is where developers store work and results, providing visibility to colleagues and relevant stakeholders.
-
SOC 2 Type II
SOC 2 Type II is an audit on how a cloud-based service provider handles sensitive information. This report covers a company’s controls and its operating effectiveness.
-
Subversion
Apache Subversion (SVN) is a free, centralized, and open-source tool that provides enterprise-class centralized version control. Subversion manages files and directories, and the changes made to them, over time. This allows you to recover older versions of your data, or examine the history of how your data changed.
-
Travis
Travis CI is an open-source hosted distributed continuous integration service used to build and test projects hosted at GitHub. Travis CI also offers a self-hosted version called Travis CI Enterprise, available to organizations using GitHub Enterprise.