Lineaje Learning Center
  • About Lineaje
  • Lineaje Product Offering
  • Getting started
    • Create an account
      • Configure Azure AD for sso
      • Configure Okta for sso
    • Onboarding workflow
  • SBOM360, OSM
    • Generate an SBOM
      • Source Code Management (SCM) As Source
        • Public Code Repositories
        • Private Code Repositories
          • Configure GitHub credentials
          • Configure Bitbucket credentials
          • Configure Gitlab credentials
          • Configure Git credentials
          • Configure Azure Repo
        • Frequently Asked Questions
      • Container Image As Source
        • Public Container Image
        • Private Container Image
          • Configure AWS Elastic Container Registry
          • Configure Google Container Registry
          • Configure Docker Hub
          • Configure Generic OCI Registry
          • Configure Azure Container Registry
        • Frequently Asked Questions
      • Existing SBOM As Source
        • EO 14028 checks
      • Manifest file As Source
      • Android Package Kit (APK)
      • Using Lineaje CLI
    • Explore Your SBOM
      • Info
      • Attestation
      • IRL
      • Dependencies
      • Provenance
      • Vulnerabilities
      • Mitigations
      • Security Posture
      • Code Quality
      • Suppliers & Licenses
      • Findings
    • Manage Your SBOM
    • Dashboard
    • Search
    • Policies and Gates
    • Organization and User Management
      • Organization example
    • Lineaje AI
    • AI Plan and AI Remediate
      • JIRA Integration
  • SBOM360 Hub
    • My Products
    • My SBOMS
    • Find & Review SBOMs
    • Manage Your Repository
    • Request and Share SBOMS
    • Settings
    • User Roles
  • Lineaje CLI
    • System Configuration
    • Toolset Configuration
    • CLI Installation
    • CLI Usage
    • Troubleshooting CLI issues
    • Support matrix
  • Integration with CICD pipeline
    • Pre-Requisites
    • Generate Project from source code
      • Project creation using Lineaje cloud
  • Abbreviations and Descriptions
  • Release Notes
    • Unified Scanner for AWS
Powered by GitBook
On this page
  • Abbreviations
  • Descriptions

Abbreviations and Descriptions

Abbreviations

You may frequently encounter the following abbreviations when processing and discussing SBOMs:

  • SBOM – Software Bill of Material

  • IT – Information Technology

  • UI – User Interface

  • API – Application Programming Interface

  • GQL – Google Query Language

  • SQL – Structured Query Language

  • LCAL – Lineaje Component Attestation Level

  • CVSS – Common Vulnerability Scoring System

  • OSS – Open-Source Software

  • OSV – Open-Source Vulnerabilities

  • CISA – Cybersecurity and Infrastructure Security Agency

  • SAL – Self-Attestation document

  • SKU – Stock Keeping Units

  • CVE – Common Vulnerability and Exposure

  • SDLC – Software Development Lifecycle

  • SSDF – Secure Software Development Framework, also known as

  • NIST – National Institute of Standards and Technology

  • APK – Android Package Kit

  • CLI – Command-line Interface

  • GCP – Google Cloud Platform

  • APT – Advanced Persistent Threat

Descriptions

Attested​

  • Component whose integrity check passed along with its provenance thereby further classifying it as a “Known” open-source, private, and/or third-party component.

  • LCAL degrees that fall under attested are 2, 3, and 4.

Unattested​

  • Component whose integrity check failed, or provenance could not be verified, thereby further classifying it as an “Unknown” component.

  • LCAL degrees that fall under unattested are 0 (unknown) and 1 (known).

Direct Dependency​

  • Direct (first-level dependency): Direct dependency is when a package has a direct, immediate dependency on another package.

Transitive Dependency​

  • Transitive (dependency of a dependency): Transitive dependency is when a package indirectly depends on another package through a chain of dependencies.

Compromised Chain​

If there is a component in your supply chain that is either directly or transitively interacting with a compromised component, then that dependency is also unsecure. SBOM360 locates and displays the components of a supply chain that are a risk to security. You can view this at a project level to see the total packages or at a component level to see the dependencies of a specific package.

PreviousProject creation using Lineaje cloudNextRelease Notes

Last updated 6 months ago