> For the complete documentation index, see [llms.txt](https://docs.gomboc.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.gomboc.ai/glossary.md). # Glossary ## **A** **Audit** Capabilities allow security and engineering teams to identify non-compliance with security policies in infrastructure as code, including identification by external tools. ## B **Branches (re:Repositories)** Versions of the repository that diverge from the main codebase to work on specific features or fixes. ## C **CI/CD** Continuous integration (CI), continuous delivery (CD), and continuous deployment (CD) together comprise a Software Development Lifecycle (SDLC) model, guiding developers to automate the development and delivery of small, frequent changes. This ensures all team members have access to the latest codebase and can ensure the compatibility of committed code during development. #### CSPM Cloud Security Posture Management (CSPM) is a set of security tools and practices designed to monitor and manage cloud infrastructure security. CSPM solutions continuously assess and visualize an organization’s cloud security posture, identifying and mitigating risks through automated detection and remediation of misconfigurations and vulnerabilities **Code Sources (Provider)** Platforms or services where code is hosted and managed, such as GitHub or GitLab. **Code Repositories** Storage locations within these sources where codebases are kept, categorized as first-party (owned by the organization) or third-party (including open-source software). **Cloud Accounts** Accounts that provide access to cloud services and resources, such as AWS, Azure, or Google Cloud. **Compliance and Best Practice Frameworks** Industry standards and guidelines for security and best practices, such as AWS Well-Architected and SOC2. ## F **Findings (re: Assessment)** Results from scans that highlight areas of non-compliance or security vulnerabilities. **First-party** Repositories owned and maintained by the organization. ## M **Modules (Terraform)** Reusable groups of resources defined by Terraform configurations, which can be used to manage complex infrastructure. ## O **Operations** Implements controls to warn and block product deployments if certain business rules are met. This includes integration into Infrastructure as Code (IaC) platforms to enforce policy within planning and deployment workflows. ## P **Paths (re:Repositories)** Paths refer to the directory structure within a branch where specific code files are located. #### Policy Statements Rules and requirements set by security teams that define acceptable configurations and practices for infrastructure as code. ## ## R #### Remediations Actions generated to address and fix the findings from scans. **Resources (Terraform)** Individual components of infrastructure managed by Terraform, such as AWS S3 buckets or EC2 instances. ## S **Scans (re: Assessment)** Processes that analyze codebases to identify compliance with policy statements and detect security issues. **Scenarios (Terraform or other IaC)** Representations of cohesive units of work within IaC, which include specific configurations and setups to achieve a particular objective. ## T **Third-party** External repositories, including open-source software (OSS). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.gomboc.ai/glossary.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.