# Abbreviations and Descriptions ### Abbreviations You may frequently encounter the following abbreviations when processing and discussing SBOMs: * SBOM – Software Bill of Material * IT – Information Technology * UI – User Interface * API – Application Programming Interface * GQL – Google Query Language * SQL – Structured Query Language * LCAL – Lineaje Component Attestation Level * CVSS – Common Vulnerability Scoring System * OSS – Open-Source Software * OSV – Open-Source Vulnerabilities * CISA – Cybersecurity and Infrastructure Security Agency * SAL – Self-Attestation document * SKU – Stock Keeping Units * CVE – Common Vulnerability and Exposure * SDLC – Software Development Lifecycle * SSDF – Secure Software Development Framework, also known as * NIST – National Institute of Standards and Technology * APK – Android Package Kit * CLI – Command-line Interface * GCP – Google Cloud Platform * APT – Advanced Persistent Threat ### Descriptions #### Attested​ * Component whose integrity check passed along with its provenance thereby further classifying it as a “Known” open-source, private, and/or third-party component. * LCAL degrees that fall under attested are 2, 3, and 4. #### Unattested​ * Component whose integrity check failed, or provenance could not be verified, thereby further classifying it as an “Unknown” component. * LCAL degrees that fall under unattested are 0 (unknown) and 1 (known). #### Direct Dependency​ * Direct (first-level dependency): Direct dependency is when a package has a direct, immediate dependency on another package. #### Transitive Dependency​ * Transitive (dependency of a dependency): Transitive dependency is when a package indirectly depends on another package through a chain of dependencies. #### Compromised Chain​ If there is a component in your supply chain that is either directly or transitively interacting with a compromised component, then that dependency is also unsecure. SBOM360 locates and displays the components of a supply chain that are a risk to security. You can view this at a project level to see the total packages or at a component level to see the dependencies of a specific package. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veedna.com/abbreviations-and-descriptions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.