See Snyk Broker.
A system that takes the source code and builds the deployable application (such as a container).
Continuous Deployment or Continuous Delivery. Practices that focus on packaging and delivering software, with a fully automated deployment process.
- Continuous Deployment: a practice to automate the release of code to a production environment, using automated testing to validate if changes to a codebase are correct and stable.
- Continuous Delivery: the frequent shipping of code to a given environment via manual release.
Continuous Integration. A practice to ensure new code changes are regularly built, tested, and merged to a shared repository.
CI / CD
Continuous integration (CI), continuous delivery (CD) and continuous deployment (CD) together comprise an SDLC model, guiding developers to automate development and delivery of small, frequent changes. This ensures all team members have access to the latest code base and can ensure the compatibility of committed code during development.
Command Line Interface. See Snyk CLI.
Cloud Native Application Security
Implementing security throughout the CI/CD pipeline, automating security embedding in microservices and maximizing repetition to reduce the introduction of vulnerabilities.
A standard unit of software, in runtime, that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. Containers isolate software from its environment, so the software works uniformly despite differences, for instance between development and staging. Also see Snyk Container.
The platform technology through which containers are built and run. Examples include Docker Engine and Kubernetes.
A lightweight, standalone, executable package of software that includes everything need to run an application: code, runtime library, system tools, system libraries, and settings. Container images become containers at runtime.
A repository storing container images created during the application development process, which can then be used throughout the development lifecycle.
Common Vulnerabilities and Exposures. A widely-used identifier for a well-known vulnerability.
Common Vulnerability Scoring System. An industry standard to assess the severity of vulnerabilities, using a score of 0 (lowest) to 10 (highest). Snyk uses CVSS.
Common Weakness Enumeration, an online glossary that categorizes software and hardware weaknesses into different types. For example: CWE-20: Input Validation.
Dynamic Application Security Testing. An application that you can point at a site or service; it then typically profiles the site or service, then examines the output and behaviour to uncover security vulnerabilities.
When your application uses another package, this other package becomes a dependency to your own software.
- A direct dependency is a package you include in your own project.
- A deep dependency (also known as an indirect, chained, or transitive dependency), is a package that is used by one of your direct dependencies.
A set of cultural philosophies, practices, and tools that combines software development and IT operations, to shorten the systems development life cycle.
The integration of security into emerging agile IT and DevOps development as seamlessly and as transparently as possible.
A pull request with an automatic fix for vulnerabilities found that Snyk can offer the user.
A distributed version-control system for tracking changes in source code during software development.
A web-based version control platform for Git.
Infrastructure as Code. See Snyk Infrastructure as Code.
Integrated Development Environment. An application giving facilities for software development, typically with a source code editor, build automation tools and a debugger.
The stored instance of a container that holds a set of software needed to run an application.
Third-party products, applications and platforms that Snyk works with, for example SCM systems such as GitHub.
A license problem or vulnerability identified and lists by Snyk.
A file containing metadata about other files in a package.
A run of the snyk monitor command that tests the project and uploads results to Snyk.
Open Container Initiative. An independent body set up to facilitate collaboration around standards for containers, to ensure they are interoperable between vendor solutions.
An organization in Snyk is a way to collect and organize your projects. Members of organizations can then access these projects.
Software with a license that complies with OSI (Open Source Initiative) criteria.
Platform as a Service. A platform allowing customers to develop, run, and manage applications without building and maintaining the infrastructure themselves. Can also be referred to as ****application platform as a service (aPaaS).
A group of files and additional metadata about those files, used by package managers.
A set of tools that automates and manages packages of bundled files, and are usually specific to a language. For example, npm.
A software package hosting service that allows customers to host packages and code in one place.
Pull request. Allows a user to exchange changes made to source code and collaborate with others on the same branch.
In Snyk, a project represents an area of work for a user. Snyk projects are accessible from the Projects menu on the Snyk dashboard.
See Container registry or Package registry.
Snyk produces a wide range of reports to allow you to review and fix vulnerabilities.
A storage area that contains all elements necessary for the distribution of an application.
Static Application Security Testing. A method to secure software by reviewing the source code of your proprietary software, and identifying sources of vulnerabilities.
Software Composition Analysis. Technology used to identify open-source and third-party components in use in an application, including their known security vulnerabilities, and typically adversarial license restrictions.
Source Code Management. Also known as a code repo / repository / version control system. The method used by developers to store their source code, and track changes to code. SCM helps resolve conflicts when merging updates from multiple contributors. GitHub is an example of a common SCM system.
Snyk scores issues (vulnerabilities and licenses), to help prioritze treatment of each one. Scores are based on multiple factors including as the CVSS score, and range from 0 to 1000.
Software Development Life Cycle. A process followed by a development team, describing how to develop and, maintain software.
A situation when a cloud provider dynamically manages the allocation of machine resources, rather than the developer doing it.
An individual report within a project’s test history. Includes a tree of dependancies, and a list of vulnerabilities that was accurate at the time the test was conducted.
A platform providing Cloud Native Application Security (CNAS) solutions, allowing developers to own and build security for the whole application, from code and open source to containers and cloud infrastructure.
Also, the company providing the Snyk platform.
A Snyk tool, Enables developers to programatically integrate with Snyk. See Snyk API documentation.
A client/server system that serves as an agent / proxy, allowing Snyk to scan private customer environments (Jira, code repositories or container registries). It relays messages and allows users to filter which messages are allowed through; for example, allowing users to expose only some Github APIs to Snyk. See Snyk Broker documentation.
A Snyk platform tool. Snyk CLI enables developers to find and fix known vulnerabilities in dependencies, using a command line interface. See Snyk CLI documentation.
A Snyk product. Enables developers to find and fix vulnerabilities in container images and Kubernetes applications. See Snyk Container documentation.
Snyk Infrastructure as Code
A Snyk product. Enables developers to find and fix vulnerabilities in your Kubernetes, Helm and Terraform configuration files. See Snyk IaC documentation.
Snyk License Compliance Management
Part of Snyk Open Source, used to identify, monitor and manage open source license usage across your projects.
Snyk Open Source
A Snyk product. Enables developers to find and fix open source vulnerabilities. See Snyk Open Source documentation.
A library used by the Snyk CLI to scan a certain language/build system.
A security vulnerability, identified by Snyk.
Snyk’s database of vulnerabilities.