Safeguard Documentation Center

Abbreviations and Descriptions

Glossary of terms used in Safeguard.sh documentation

Abbreviations and Descriptions

A comprehensive glossary of terms and abbreviations used throughout Safeguard.sh documentation.

Safeguard.sh Products

TermDescription
ESSCMEnterprise Software Supply Chain Manager
OSMOpen Source Manager
TPRMThird Party Risk Manager
PortalCentralized SBOM management platform
Griffin AIPurpose-built LLM for supply chain security
AI RemediateAutomated vulnerability remediation feature

Security Terms

TermDescription
CVECommon Vulnerabilities and Exposures
CVSSCommon Vulnerability Scoring System
EPSSExploit Prediction Scoring System
KEVKnown Exploited Vulnerabilities (CISA catalog)
NVDNational Vulnerability Database

SBOM Standards

TermDescription
SBOMSoftware Bill of Materials
SPDXSoftware Package Data Exchange format
CycloneDXOWASP SBOM format
VEXVulnerability Exploitability eXchange
PURLPackage URL - universal package identifier

Supply Chain Security

TermDescription
SLSASupply chain Levels for Software Artifacts
SSDFSecure Software Development Framework
SCASoftware Composition Analysis
ESCMSoftware Supply Chain Management

Compliance

TermDescription
EO 14028Executive Order 14028 on Cybersecurity
FedRAMPFederal Risk and Authorization Management Program
IL7Impact Level 7 (DoD classification)
NTIANational Telecommunications and Information Administration
SOC 2Service Organization Control 2

Infrastructure

TermDescription
ACRAzure Container Registry
ECRElastic Container Registry (AWS)
GCRGoogle Container Registry
OCIOpen Container Initiative
SCMSource Code Management

Authentication

TermDescription
SSOSingle Sign-On
SAMLSecurity Assertion Markup Language
OIDCOpenID Connect
SCIMSystem for Cross-domain Identity Management
MFAMulti-Factor Authentication

Definitions

Software Bill of Materials (SBOM)

A formal, structured list of components, libraries, and modules that make up a piece of software, along with their relationships and metadata.

AI Remediate

Safeguard.sh's automated remediation feature powered by Griffin AI that generates pull requests to fix vulnerabilities.

Attestation Score

A measure of package integrity and trustworthiness based on malicious package detection, supply chain verification, and provenance attestation.

Risk Score

Overall security scoring based on the package itself, including vulnerability count, severity distribution, maintenance status, and community trust.

Compliance

FedRAMP HIGH, IL7, EO 14028, and regulatory compliance

Release Notes

Latest updates and changes to Safeguard.sh products

On this page

Abbreviations and DescriptionsSafeguard.sh ProductsSecurity TermsSBOM StandardsSupply Chain SecurityComplianceInfrastructureAuthenticationDefinitionsSoftware Bill of Materials (SBOM)AI RemediateAttestation ScoreRisk Score