Glossary

A

Audit

Capabilities allow security and engineering teams to identify non-compliance with security policies in infrastructure as code, including identification by external tools.

B

Branches (re:Repositories)

Versions of the repository that diverge from the main codebase to work on specific features or fixes.

C

CI/CD

Continuous integration (CI), continuous delivery (CD), and continuous deployment (CD) together comprise a Software Development Lifecycle (SDLC) model, guiding developers to automate the development and delivery of small, frequent changes. This ensures all team members have access to the latest codebase and can ensure the compatibility of committed code during development.

CSPM

Cloud Security Posture Management (CSPM) is a set of security tools and practices designed to monitor and manage cloud infrastructure security. CSPM solutions continuously assess and visualize an organization’s cloud security posture, identifying and mitigating risks through automated detection and remediation of misconfigurations and vulnerabilities

Code Sources (Provider)

Platforms or services where code is hosted and managed, such as GitHub or GitLab.

Code Repositories

Storage locations within these sources where codebases are kept, categorized as first-party (owned by the organization) or third-party (including open-source software).

Cloud Accounts

Accounts that provide access to cloud services and resources, such as AWS, Azure, or Google Cloud.

Compliance and Best Practice Frameworks

Industry standards and guidelines for security and best practices, such as AWS Well-Architected and SOC2.

F

Findings (re: Assessment)

Results from scans that highlight areas of non-compliance or security vulnerabilities.

First-party

Repositories owned and maintained by the organization.

M

Modules (Terraform)

Reusable groups of resources defined by Terraform configurations, which can be used to manage complex infrastructure.

O

Operations

Implements controls to warn and block product deployments if certain business rules are met. This includes integration into Infrastructure as Code (IaC) platforms to enforce policy within planning and deployment workflows.

P

Paths (re:Repositories)

Paths refer to the directory structure within a branch where specific code files are located.

Policy Statements

Rules and requirements set by security teams that define acceptable configurations and practices for infrastructure as code.

R

Remediations

Actions generated to address and fix the findings from scans.

Resources (Terraform)

Individual components of infrastructure managed by Terraform, such as AWS S3 buckets or EC2 instances.

S

Scans (re: Assessment)

Processes that analyze codebases to identify compliance with policy statements and detect security issues.

Scenarios (Terraform or other IaC)

Representations of cohesive units of work within IaC, which include specific configurations and setups to achieve a particular objective.

T

Third-party

External repositories, including open-source software (OSS).