Cycodepedia
appsec in plain english
Discover & learn everything you'd need to know about Software Supply Chain Security
[ivory-search id="2806" title="Default Search Form"]
-
Apache Subversion
Apache Subversion (SVN) is a free, centralized, and open-source tool that provides enterprise-class centralized version control. Subversion manages files and directories, and the changes made to them, over time. This allows you to recover older versions of your data, or examine the history of how your data changed. Unlike Git, only the working tree and ... Read more
-
Integrates with Cycode
Azure Pipeline
Azure Pipeline is a cloud service used to build and test code automatically. Azure Pipeline includes continuous integration and continuous delivery (CI/CD) to regularly and consistently test and build code, and can deploy to any target. Microsoft first released Azure in 2010 as a way for developers to deploy apps to the cloud. Developers can ... Read more
-
Integrates with Cycode
Bitbucket
Bitbucket is a Git-based source code repository hosting service owned by Atlassian. It gives development teams a central place to manage git repositories, collaborate on source code, and guide stakeholders through the development flow. Bitbucket is written in Python and uses the Django web framework. Bitbucket was launched in 2008, in Australia, and was originally ... Read more
-
Integrates with Cycode
CircleCI
CircleCI is a continuous integration and continuous delivery (CI/CD) platform that can be used to automatically run builds and test processes whenever developers commit code. This platform also includes functionality to display the build status of your GitHub branch. CircleCI offers a cloud-based CI orchestration tool, as well as an enterprise version that can be ... Read more
-
Federal Risk and Authorization Management Program (FedRAMP)
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings. This report covers a company’s controls and its operating effectiveness.
-
Integrates with Cycode
Gerrit
Gerrit is a free, web-based team code collaboration tool that uses Git. This tool is part of Google’s suite of open-source tools. Software developers in a team can review each other’s modifications to their source code using a Web browser and approve or reject those changes. Gerrit simplifies project maintenance by permitting any authorized user ...
-
Git
Git is a free, distributed, and open-source version control system used for source code management. Git is used for tracking changes in the source code, enabling multiple developers to work together asynchronously. Git supports non-linear development through its thousands of parallel branches. Git Features Tracks history Git maintains a log of who made code changes, ... Read more
-
Integrates with Cycode
GitHub
GitHub is a code hosting platform for version control and collaboration. This platform allows developers to work...
-
Integrates with Cycode
Github Actions
GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.
-
Integrates with Cycode
Gitlab
GitLab is a repository hosting manager tool that is developed by GitLab Inc and is used for the software development process. It provides a variety of management by which we can streamline our collaborative workflow for completing the software development lifecycle. It also allows us to import the repository from Google Code, Bitbucket, etc.
-
Integrates with Cycode
Gitlab Runner
GitLab runner is a build instance that is used to run the jobs over multiple machines and send the results to GitLab and which can be placed on separate users, servers, and local machines.
-
ISO 27001
ISO 27001, formally known as ISO/IEC 27001, is designed to help organizations manage the security of financial information, intellectual property, employee details, and other assets. Maintaining ISO 27001 compliance helps deepen consumer confidence in an organization’s ability to handle sensitive information, and helps establish a formal risk management process.
-
Integrates with Cycode
Jenkins
Jenkins is an open-source automation server that helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration and continuous delivery. Jenkins is a Java-based program that may be run as a container. This tool was initially made by Hudson, but was separated into a new tool and made open ... Read more
-
Kallithea
Kallithea is a cross-platform free software source code management system that supports version control through Mercurial and Git. Features include collaboration tools, such as forking, pull requests, code review, and issue tracking.
-
Mercurial
Mercurial is a cross-platform distributed revision control tool for software developers.
-
Integrates with Cycode
Microsoft Azure
Azure is Microsoft’s public cloud platform that provides a range of cloud services, including compute, analytics, storage and networking. Solutions include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
-
MITRE System of Trust (SoT)
MITRE’s System of Trust (SoT) is a recently announced framework designed to help evaluate suppliers, supplies, and service providers; this is done to help mitigate software supply chain attacks. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and has helped formulate the SoT.
-
NIST SSDF
NIST SSDF is a framework designed to help insure the integrity of critical software infrastructure, spurred by executive order 16025. While compulsory for federal agencies, this framework may be applied to any government, private, public, or non-profit organization.
-
OpenSSF SLSA
OpenSSF SLSA (formerly Google SLSA), announced in mid-2021, is a framework for ensuring the integrity of software artifacts throughout the software supply chain. SLSA is best described as a checklist of standards and controls to prevent tampering, improve software integrity, and secure packages and infrastructure. SLSA provides an industry standard for communicating a recognizable and ... Read more
-
OWASP SAMM
OWASP SAMM is short for the Software Assurance Maturity Model. It was created to help organizations formulate and implement a strategy for software security.
-
PCI DSS
PCI DSS is a security framework first introduced in 2004 and is required by the contract for those handling cardholder data. This standard was created to increase controls around cardholder data to reduce credit card fraud.
-
Perforce
Perforce is an enterprise version-control tool used to manage source files and other documents, such as multiple revisions of a manual, web pages, or operating system administration files.
-
Perforce Helix Core Version Control
Perforce Helix Core Version Control is a distributed, scalable version control solution used for source code management.
-
SOC 2 Type II
SOC 2 Type II is an audit on how a cloud-based service provider handles sensitive information. This report covers a company’s controls and its operating effectiveness.
-
Source Code Management (SCM)
Source Code Management (SCM) ensures all the members of a team stay on top of the source code changes within a project. The SCM is where developers store work and results, providing visibility to colleagues and relevant stakeholders.
-
Integrates with Cycode
Travis CI
Travis CI is an open-source hosted distributed continuous integration service used to build and test projects hosted at GitHub. Travis CI also offers a self-hosted version called Travis CI Enterprise, available to organizations using GitHub Enterprise.
