Engineering Glossary

Adherence to laws, regulations, guidelines, and specifications relevant to a business.

Degree to which an organization meets regulatory or industry-specific requirements.

Approach to maintaining regulatory compliance by defining compliance requirements as code, enabling automation and consistency.

Team responsible for a specific complex component within a larger system, requiring specialized knowledge.

Open-source tool for automating continuous deployment and server provisioning, simplifying infrastructure management.

Inconsistencies between the desired configuration state and the actual state of a system.

Process of maintaining systems, such as computer servers, in a desired, consistent state across time.

Managing and provisioning computing infrastructure through machine-readable definition files.

Limitation or restriction in a system that affects its performance or capacity, often a focus in optimization efforts.

Service networking platform to connect and secure services across any runtime platform and cloud.

Lightweight, standalone, executable package of software that includes everything needed to run an application.

Centralized repository for storing, managing, and distributing container images, crucial for container-based development and deployment.

Encapsulating an application and its environment to ensure consistent operation across different computing environments.

Lightweight, standalone executable packages of software that include everything needed to run an application.

Model where container engines, orchestration and underlying compute resources are provided on-demand.

Geographically distributed network of proxy servers to provide high availability and performance.

Ongoing process of adhering to regulatory and security standards throughout the development lifecycle.

Approach where teams produce software in short cycles, ensuring it can be reliably released at any time.

Automated implementation of an application's build, deploy, test, and release process.

Practice of automatically deploying every change that passes all stages of the production pipeline.

Constant flow of information about a product or process to facilitate continuous improvement.

Ongoing process of implementing and monitoring policies and controls in software development.

Ongoing effort to enhance products, services, or processes, central to many management philosophies including Lean and Six Sigma.

Development practice where code changes are automatically built, tested, and prepared for a release.

Combined practices of Continuous Integration and either Continuous Delivery or Continuous Deployment.

Real-time analytics embedded into business operations, processing current and historical data.

Organizational approach that encourages ongoing skill development and knowledge sharing.

Automated process of identifying compliance and security risks in an IT infrastructure.

Ongoing process of building quality assurance into every step of the development lifecycle.

Systematic approach to enhancing processes and products to achieve better performance.

Practice of building and maintaining reliable systems through constant monitoring and improvement.

Integrating security practices throughout the entire software development and deployment lifecycle.

Process of executing automated tests as part of the software delivery pipeline to obtain feedback on business risks.

Testing method that verifies interactions at the boundary of an external service meet expectations.

Mobile application development framework that allows developers to build mobile apps using web technologies like HTML, CSS, and JavaScript.

Lightweight Linux operating system designed for providing infrastructure to clustered deployments, now part of Red Hat.

Automated collection of online coupon codes, often to exploit promotional offers.

Practice of writing a test that reproduces a bug before fixing the issue, ensuring the bug doesn't recur.

Unauthorized use of valid credentials to gain access to systems or data, often resulting from poor password practices or stolen credentials.

Cyberattack method where stolen account credentials are used to gain unauthorized access to user accounts through large-scale automated login requests.

Credential manager tool for securely storing and managing passwords and other secrets.

Time-based job scheduler in Unix-like operating systems, used to automate system maintenance or administration tasks.

Ability of software or hardware to work across different types of platforms or operating systems.

Group of people with different functional expertise working toward a common goal.

Security vulnerability allowing attackers to inject client-side scripts into web pages viewed by others.

Java-based framework for creating a custom continuous integration and deployment environment, popular in early CI/CD implementations.

Malicious software that uses system resources to mine cryptocurrency without user consent.

Shared values, beliefs, and practices that characterize an organization, crucial in shaping DevOps and Agile transformations.

Web performance metric measuring visual stability, quantifying how much page content unexpectedly shifts during loading.

Practice of protecting systems, networks, and programs from digital attacks, crucial in today's interconnected world.

Dynamic Application Security Testing; analyzes running applications to find vulnerabilities.

Distributed Denial of Service; cyberattack that floods a system with traffic to make it unavailable.

Time taken to query the Domain Name System to translate a domain name into an IP address.

Four key metrics (deployment frequency, lead time for changes, time to restore service, change failure rate) used to measure software delivery performance.

Technique of releasing features to production that are invisible to users until activated, allowing for testing in real environments.

Deploying code or feature flags to production without making them visible to users.

Releasing new features to production that are invisible to users until activated.

Visual displays of key performance indicators and metrics, providing at-a-glance views of business performance or system status.

Incident where sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by unauthorized individuals.

Unauthorized transmission of data from within an organization to an external destination or recipient.

Set of tools and processes to ensure sensitive data is not lost, misused, or accessed by unauthorized users.

Protective measures applied to prevent unauthorized access to databases, websites, and computers.

Process of storing, organizing, and managing data in databases, ensuring data integrity, security, and accessibility.

Practice of keeping different versions of database schemas, often in conjunction with application versioning.

Monitoring and analytics platform for cloud-scale applications, providing full-stack observability for IT infrastructure and application performance.

Source code that's never executed or has no effect on program output, often a target for removal to improve maintainability and performance.

Defining infrastructure using a descriptive model, focusing on what should be deployed rather than how.

Computing resources exclusively allocated to a single user, project, or organization.

Cybersecurity strategy that employs multiple layers of security controls to protect assets and data from various types of threats.

Agreed-upon set of items that must be completed before a project or user story can be considered complete.

Open-source Platform-as-a-Service (PaaS) that makes it easy to deploy and manage applications.

Cyberattack aimed at making a machine or network resource unavailable to its intended users.

Tool designed to simplify and automate the process of deploying software applications across different environments and platforms.

Process of making software available and ready for use in a specific environment.

Rate at which new code or features are deployed to production, often used as a key metric in DevOps practices.

Standardized approach to rolling out software updates or changes, ensuring consistency and reliability in the deployment process.

Automated manifestation of the process for getting software from version control to users.

Specific environment or infrastructure where software is deployed, such as development, staging, or production environments.

Reusable solutions to commonly occurring problems in software design, providing tested, proven development paradigms.

Represents the development aspects in the DevOps methodology, focusing on software creation and testing processes.

Set of practices combining software development (Dev) and IT operations (Ops) to shorten the development lifecycle.

Series of automated steps for building, testing, and deploying software in a DevOps environment.

Organizational culture that bridges the gap between development and operation teams.

Professional combining software development and IT operations skills to improve collaboration and productivity.

Continuous cycle of development, testing, deployment, and monitoring in DevOps practices.

Conceptual framework for integrating development and operations teams and practices.

Automated processes and tools used to move code from development to production in DevOps.

Cross-functional team responsible for the entire software delivery process in a DevOps environment.

Outsourcing of DevOps functions to a third-party provider, offering expertise and tools to improve software delivery processes.

Approach integrating security practices within the DevOps process, ensuring security is considered throughout the software development lifecycle.

Automated workflow that integrates security at every phase of the software development lifecycle.

Extension of DevOps principles to include all teams involved in delivering software.

Overall experience developers have when using tools, platforms, or processes in their work.

Technique of collecting information about a device for identification purposes, used in security and fraud prevention.

Ruby-based system monitoring tool that collects metrics and allows configuring custom collectors.

Overall experience a customer has with a brand through digital channels and touchpoints.

Security vulnerability allowing attackers to access unauthorized directories, potentially exposing sensitive files.

Method of tracking application requests as they flow through distributed systems.

Version control system where the complete codebase, including its full history, is mirrored on every developer's computer.

High-level Python web framework that encourages rapid development and clean, pragmatic design.