To help you better understand the concepts and terminology used in JFrog Academy, this glossary defines essential terms related to the JFrog Platform and modern software development:
Term/Acronym | Definition |
Artifactory | A universal artifact repository manager for storing and managing binary software artifacts. |
CI/CD | Continuous Integration/Continuous Delivery (or Deployment); the practice of automating software builds, tests, and deployments. |
Common Vulnerability Scoring System (CVSS) | A numerical representation (0-10) of the severity of an information security vulnerability, maintained by a nonprofit group. |
CVE | Common Vulnerabilities and Exposures; an industry-accepted convention for reporting and describing discovered vulnerabilities, compiled by The MITRE Corporation. |
DR | Disaster Recovery; a plan for recovering and protecting a business IT infrastructure in the event of a disaster. |
Exposure | The state where a system, network, application, or data is susceptible to potential risks, threats, or unauthorized access, often due to vulnerabilities or misconfigurations. |
HA | High Availability; a system design ensuring high operational performance, typically uptime, for an extended period. |
JAS | JFrog Advanced Security; advanced security features integrated into the JFrog Platform. |
JPD | JFrog Platform Deployment; a specific instance of the JFrog Platform. |
RBAC | Role-Based Access Control; a method of restricting network access based on individual user roles within an enterprise. |
Release Lifecycle Management (RLM) | The process of managing software releases from planning through deployment. |
SCA (Software Composition Analysis) | The process of identifying and analyzing open-source and third-party components in software to find vulnerabilities and security risks. |
SBOM (Software Bill of Materials) | A detailed inventory of all components and dependencies in a software application or system, including names, versions, and licenses. It helps manage risks and ensure license compliance in the software supply chain. |
SCIM | System for Cross-domain Identity Management; a standard for automating user provisioning between identity domains. |
Shift Left Approach | The practice of moving testing, quality, and performance evaluation earlier in the development process, often before code is written, to anticipate changes. |
Single Sign-On (SSO) | An authentication scheme allowing a user to log in with one ID and password to multiple related, independent software systems. |
Static Application Security Testing (SAST) | An analysis of an application's security by examining its source, bytecode, or binary code to identify exploitable parts. |
Vulnerability | A known or unknown weakness in an application that attackers can exploit, such as an entry point for unauthorized access to sensitive data. |
Xray | A universal software composition analysis (SCA) tool by JFrog that scans artifacts for security vulnerabilities and license compliance issues. |
xx | xx |