CI/CD – Continuous Integration and Continuous Delivery/Deployment.
DAST – Dynamic Application Security Testing.
Dependency – External library or package included in a project.
Least Privilege – Security principle: each component should have only the minimum rights needed.
OWASP – Open Web Application Security Project.
SAST – Static Application Security Testing.
SBOM – Software Bill of Materials, a list of components in software.
SSDLC – Secure Software Development Lifecycle.
Threat Modeling – Process of identifying potential threats, vulnerabilities, and mitigations.
Zero Trust – Security model where no entity is trusted by default.