Glossary
Learn the terms and definitions related to IBM® Concert.
See cross references refer you from a nonpreferred term to the preferred term or from an abbreviation to the spelled-out form.
A
- application definition
- The aggregated representation of the data from one or more SBOMs, copied from ingestion jobs, or both.
- application topology
- A visual representation of all the data currently related to an application, including peripheral data like CVEs and compliance assessments.
- assessment
- The scan results of a specific environment and a standard or a law for an organization and profile.
- automation rule
- A rule that defines the actions that are triggered automatically by an event or observation.
C
- catalog
- A collection of controls that make up a regulation standard or law.
- Common Vulnerabilities and Exposures (CVE)
- A reference of publicly known vulnerabilities which is part of the National Vulnerabilities Database (NVD), maintained by the US National Institute of Standards and Technology (NIST).
- Compliance dimension
- A dimension that is used to assess the compliance of an environment against applicable security, privacy, or operational standards.
- component
- An image, binary, or source code repository that is included in an application definition.
- CVE
- See Common Vulnerabilities and Exposures.
D
- dimension
- A category of data that is related to one aspect of application and environment health. The data in a dimension is used to analyze, prioritize, and mitigate critical issues or risks that impact applications and environments.
E
- environment definition
- A definition of deployment targets, based on the stage of the development process.
- evidence store
- Long term storage for meaningful data that is intended to facilitate historical comparison and audit readiness.
I
- IBM risk score
- A value that is based on multiple risk metrics, including Common Vulnerability Scoring System (CVSS), network exposure, asset criticality, and global evidence of exploitation.
- infrastructure insights dimension
- A dimension that is used to indicate the current state of compute resources, such as the uptime or availability rate, latency, mean time to repair (MTTR), or error rate.
- ingestion
- The process of feeding data into the system to create its base of knowledge.
- ingestion job
- A job that pulls data from third-party sources.
- integration
- A connection to an external source to enable the movement of data to and from an external service.
- inventory
- A dynamic set of application and environment data from ingestion jobs or uploaded software bill of materials (SBOM) data.
L
- lens
- A view that shows an analysis and insights of your organization's posture from the perspective of multiple dimensions.
M
- microservice
- A set of small, independent architectural components, each with a single purpose, that communicate over a common lightweight API.
O
- operation dimension
- A dimension that is used to identify and address expiring cryptographic certificates.
P
- posture
- A snapshot of the current state of application and environment health that considers aggregated insights, scores, and recommendations from one or more relevant dimensions.
- profile
- A set of compliance controls that an organization establishes as minimum mandatory requirements for their information systems.
S
- SBOM
- See software bill of materials.
- software bill of materials (SBOM)
- A list of the components, dependencies, and metadata that make up an application.
- software composition dimension
- A dimension that is used to identify and mitigate risks associated with open-source packages and components based on key indicators, such as maintenance, licensing, and security.
V
- vulnerability dimension
- A dimension that is used to identify and prioritize Common Vulnerabilities and Exposures (CVEs) data and non-CVE exposures.