| People | Local Reqs | Source Code | Integration | Deployment | Runtime | Hardware | DNS | Services | Cloud |
|---|---|---|---|---|---|---|---|---|---|
| Developers | IDE | Languages | SCM providers | Build solutions | Servers | Embedded PC | URL | SaaS solutions | CDN |
| QA team | SCV | Frameworks | Pull requests | Deployment platforms | Operating systems | PCB | hostname | Third party APIs | Cloud services |
| DevOps team | Local tests | Libraries | Secrets mgmt | Unit tests | Webservers | USB dongle | Payment gateways | ||
| Git repos | Package Managers | Functional tests | Application servers | GPU/CPU | Identity Providers | ||||
| Proprietary code | Security tests | Web engines | Analytics | ||||||
| Open source | API test frameworks | Databases | |||||||
| People | Local Reqs | Source Code | Integration | Deployment | Runtime | Hardware | DNS | Services | Cloud |
This includes any software that is needed to successfully write, build or deploy an application.
- Programming languages
- Frameworks
- Libraries
- Package managers
- Open source components
- Proprietary code
- Development teams
- DevOps team
- Knowing what's in your software is the first key
- Source code components are coming from many different sources and used in applications
- Dependency origin for the source code we use is critically important
- Package managers are a primary target for attackers
- Use secure package repositories
- Analysis source code composition
- Software bill of materials