Master+DevOps+Glossary Cleaned

DEVOPS
GLOSSARY OF TERMS
This glossary is provided for reference only as it contains key
terms that may or may not be examinable.
© DevOps Institute DevOps Glossary of Terms 1

DevOps Glossary of Terms
Course
Term Definition
Appearances
A methodology for building modern,
12-Factor App Continuous Delivery
scalable, maintainable software-as-a-service
Design Architecture
applications.
Two-Factor Authentication, also known as

2FA or TFA or Two-Step Authentication is
when a user provides two authentication
2-Factor or 2-Step
factors; usually firstly a password and then a DevSecOps Engineering
Authentication
second layer of verification such as a code
texted to their device, shared secret,
physical token or biometrics.
Deploy different versions of an EUT to

Continuous Delivery
A/B Testing different customers and let the customer
Architecture
feedback determine which is best.
A structured problem-solving approach that

uses a lean tool called the A3 Problem-
A3 Problem Solving Solving Report. The term "A3" represents the DevOps Foundation
paper size historically used for the report (a
size roughly equivalent to 11" x 17").
Granting an authenticated identity access to

an authorized resource (e.g., data, service,
Access
environment) based on defined criteria (e.g., DevSecOps Engineering
Management
a mapped role), while preventing an
unauthorized identity access to a resource.
Access provisioning is the process of

coordinating the creation of user accounts,
e-mail authorizations in the form of rules and
Access Provisioning DevSecOps Engineering
roles, and other tasks such as provisioning of
physical resources associated with enabling
new users to systems or environments.
The purpose of the test is to determine if an

Administration Continuous Delivery
End User Test (EUT) is able to process
Testing Architecture
administration tasks as expected.

Any person making a decision must seek
advice from everyone meaningfully affected
by the decision and people with expertise in
the matter. Advice received must be taken
into consideration, though it does not have
to be accepted or followed. The objective of
Advice Process DevSecOps Engineering
the advice process is not to form consensus,
but to inform the decision-maker so that they
can make the best decision possible. Failure
to follow the advice process undermines trust
and unnecessarily introduces risk to the
business.
A project management method for complex Certified Agile Process

projects that divides tasks into small "sprints" Owner, Certified Agile
Agile
of work with frequent reassessment and Service Manager, Site
adaptation of plans. Reliability Engineering
Able to move quickly and easily; well-

coordinated. Able to think and understand DevOps Foundation,
Agile (adjective)
quickly; able to solve problems and have DevSecOps Engineering
new ideas.
Help teams master Agile development and

Agile Coach DevOps practices; enables productive ways DevOps Leader
of working and collaboration.
Fast moving, flexible and robust company

DevOps Foundation,
Agile Enterprise capable of rapid response to unexpected
DevSecOps Engineering
challenges, events, and opportunities.
A formal proclamation of values and

principles to guide an iterative and people-
Agile Manifesto DevOps Foundation
centric approach to software
development. http://agilemanifesto.org
Involves evaluating in-flight projects and

proposed future initiatives to shape and
Agile Portfolio
govern the ongoing investment in projects Site Reliability Foundation
Management
and discretionary work. CA’s Agile Central
and VersionOne are examples.
The twelve principles that underpin the Agile Certified Agile Service
Agile Principles
Manifesto. Manager
The aspect of Agile Service Management

(Agile SM) that applies the same Agile Certified Agile Service
Agile Process Design
approach to process design as developers Manager
do to software development.
The aspect of Agile SM that aligns Agile

Agile Process Certified Agile Service
values with ITSM processes through
Improvement Manager
continuous improvement.

An ITSM or other type of process owner that
uses Agile and Scrum principles and
Agile Process Owner DevOps Foundation
practices to design, manage and measure
individual processes.
Framework that ensures that ITSM processes

reflect Agile values and are designed with
Agile Service "just enough" control and structure in order to Certified Agile Service
Management effectively and efficiently deliver services Manager
that facilitate customer outcomes when and
how they are needed.
Agile Service
Process Backlog, Sprint Backlog, Burndown Certified Agile Process
Management
Chart, Process Increment Owner
Artifacts
Process Planning Meeting (optional), Sprint

Agile Service Certified Agile Process
Planning Meeting, Sprint, Daily Scrum, Sprint
Management Events Owner
Review, Sprint Retrospective
Process Owner, Process Improvement Team

Agile Service Certified Agile Process
(Team) and Agile Service Manager. See also
Management Roles Owner
Scrum Roles.
The operational equivalent to Dev's

ScrumMaster. A role within an IT organization
Agile Service
that understands how to leverage Agile and DevOps Foundation
Manager
Scrum methods to improve the design,
speed and agility of ITSM processes.
Group of software development methods in

which requirements and solutions evolve Continuous Delivery
Agile Software through collaboration between self- Architecture, DevOps
Development organizing, cross-functional teams. Usually Foundation, DevSecOps
applied using the Scrum or Scaled Agile Engineering
Framework approach.
Amazon Web Services (AWS) is a secure

cloud services platform, offering compute DevSecOps Engineering,
Amazon Web
power, database storage, content delivery Site Reliability
Services (AWS)
and other functionality to help businesses Engineering
scale and grow.
Test results processed and presented in an Continuous Delivery

Analytics organized manner in accordance with Architecture, DevOps
analysis methods and criterion. Test Engineering
A system gives an assembly line worker the

ability, and moreover the empowerment, to Continuous Delivery
Andon
stop production when a defect is found, and Architecture
immediately call for assistance.
A commonly reinvented but poor solution to

Anti-pattern DevOps Foundation
a problem.

Antifragility is a property of systems that
increases its capability to thrive as a result of DevOps Foundation, Site
Anti-fragility
stressors, shocks, volatility, noise, mistakes, Reliability Engineering
faults, attacks, or failures.
Continuous Delivery
API Testing Architecture, DevOps
API for an EUT functions as expected.
Test Engineering
APM is the monitoring and management of

performance and availability of software
Application
applications. APM strives to detect and Site Reliability
Performance
diagnose complex application performance Engineering
Management (APM)
problems to maintain an expected level of
service.
Application A set of protocols used to create

DevOps Foundation,
Programming applications for a specific OS or as an
Interface (API) interface between modules or applications.
Application
Programming The purpose of the test is to determine if an Continuous Delivery
Interface (API) API for an EUT functions as expected. Architecture
Testing
Controlled continuous delivery pipeline

Continuous Delivery
Application Release capabilities including automation (release
Architecture
upon code commit).
Controlled continuous delivery pipeline

capabilities including automation (release
upon code commit), environment modeling
(end-to-end pipeline stages, and deploy
Application Release
application binaries, packages or other Continuous Delivery
Automation (ARA) or
artifacts to target environments) and release Architecture
Orchestration (ARO)
coordination (project, calendar and
scheduling management, integrate with
change control and/or IT service support
management).
Acceptance Test Driven Development

(ATDD) is a practice in which the whole team
Application Test
collaboratively discusses acceptance Continuous Delivery
Driven Development
criteria, with examples, and then distills them Architecture
(ATDD)
into a set of concrete acceptance tests
before development begins.

Continuous Delivery
Application Testing application is performing according to its
Architecture
requirements and expected behaviors.
Continuous Delivery
Application Under The EUT is a software application. E.g.
Architecture, DevOps
Test (AUT) Business application is being tested.
Test Engineering

The fundamental underlying design of
Architecture computer hardware, software or both in DevSecOps Engineering
combination.
Continuous Delivery
Any element in a software development
Artifact project including documentation, test plans,
Foundation, DevSecOps
images, data files and executable modules.
Engineering
Store for binaries, reports and metadata. Continuous Delivery

Artifact Repository Example tools include: JFrog Artifactory, Architecture, DevOps
Sonatype Nexus. Foundation
The chain of weaknesses a threat may

exploit to achieve the attacker's objective.
For example, an attack path may start by
compromising a user's credentials, which are
Attack path DevSecOps Engineering
then used in a vulnerable system to escalate
privileges, which in turn is used to access a
protected database of information, which is
copied out to an attacker's own server(s).
The use of automated tools to ensure

products and services are auditable,
including keeping audit logs of build, test Site Reliability
Audit Management
and deploy activities, auditing configurations Engineering
and users, as well as log files from production
operations.
The process of verifying an asserted identity.

Authentication can be based on what you
Authentication know (e.g., password or PIN), what you have DevSecOps Engineering
(token or one-time code), what you are
(biometrics) or contextual information.
The process of granting roles to users to have

Authorization DevSecOps Engineering
access to resources.
Auto DevOps brings DevOps best practices

to your project by automatically configuring
Site Reliability
Auto-DevOps software development lifecycles. It
Engineering
automatically detects, builds, tests, deploys,
and monitors applications.
The ability to automatically and elastically

scale and de-scale infrastructure depending Continuous Delivery
Auto-scaling
on traffic and capacity variations while Architecture
maintaining control of costs.
If a failure is detected during a deployment,

an operator (or an automated process) will Site Reliability
Automated rollback
verify the failure and rollback the failing Engineering
release to the previous known working state.

Availability is the proportion of time a system
Site Reliability
Availability is in a functioning condition and therefore
Engineering
available (to users) to be used.
A backdoor bypasses the usual

authentication used to access a system. Its
purpose is to grant the cybercriminals future
Backdoor DevSecOps Engineering
access to the system even if the organization
has remediated the vulnerability initially used
to attack the system.
Requirements for a system, expressed as a

prioritized list of product backlog items
usually in the form of 'User Stories'. The Continuous Delivery
Backlog product backlog is prioritized by the Product Architecture, DevOps
Owner and should include functional, non‐ Foundation
functional and technical team‐generated
requirements.
A common set of minimum-security practices

that must be applied to all environments
without exception. Practices include basic
network security (firewalls and monitoring),
Basic Security hardening, vulnerability and patch
Hygiene management, logging and monitoring, basic
policies and enforcement (may be
implemented under a "policies as code"
approach), and identity and access
management.
Refers to the volume of features involved in a

Batch Sizes DevOps Leader
single code release.
Bateson Stakeholder A tool for mapping stakeholder's

DevOps Leader
Map engagement with the initiative in progress.
Test cases are created by simulating an EUT's

Behavior Driven Continuous Delivery
externally observable inputs, and outputs.
Development (BDD) Architecture
Example tool: Cucumber.
A management model that looks beyond

Beyond Budgeting command-and-control towards a more DevOps Leader
empowered and adaptive state.
Continuous Delivery
Test case only uses knowledge of externally
Black‐Box Architecture, DevOps
observable behaviors of an EUT.
Test Engineering
A process through which engineers whose

actions have contributed to a service
Blameless post Site Reliability
incident can give a detailed account of
mortems Engineering
what they did without fear of punishment or
retribution.

Used for impact analysis of service incidents.
When a particular IT service fails, the users, Site Reliability
Blast Radius
customers, other dependent services that Engineering
are affected.
Taking software from the final stage of testing

to live production using two environments
labelled Blue and Green. Once the software Continuous Delivery
Blue/Green Testing
is working in the green environment, switch Architecture, DevOps
or Deployments
the router so that all incoming requests go to Test Engineering
the green environment - the blue one is now
idle.
An error or defect in software that results in

Bug an unexpected or system-degrading DevSecOps Engineering
condition.
Bureaucratic organizations are likely to use

Bureaucratic Culture standard channels or procedures which may DevOps Leader
be insufficient in a crisis (Westrum).
Certified Agile Service

Chart showing the evolution of remaining
Burndown Chart Manager, DevOps
effort against time.
Foundation
Public cloud resources are added as

Continuous Delivery
Bursting needed to temporarily increase the total
Architecture
computing capacity of a private cloud.
Justification for a proposed project or

Business Case undertaking on the basis of its expected DevOps Leader
commercial benefit.
Business continuity is an organization's ability

to ensure operations and core business
Site Reliability
Business Continuity functions are not severely impacted by a
Engineering
disaster or unplanned incident that take
critical services offline.
Changing how the business functions.

Making this a reality means changing culture,
Business
processes, and technologies in order to DevSecOps Engineering
Transformation
better align everyone around delivering on
the organization's mission.
The benefit of an approach to key business

Business Value DevOps Leader
KPIs.
DevOps Foundation,
Cadence Flow or rhythm of events. DevOps Leader,

Considered the pillars or values of DevOps:
Culture, Automation, Lean, Measurement,
CALMS Model DevOps Foundation
Sharing (as put forth by John Willis, Damon
Edwards and Jez Humble).
A canary (also called a canary test) is a push

of code changes to a small number of end
users who have not volunteered to test
anything. Similar to incremental rollout, it is
Continuous Delivery
where a small portion of the user base is
Canary Testing Architecture, Site
updated to a new version first. This subset,
Reliability Engineering
the canaries, then serve as the proverbial
“canary in the coal mine”. If something goes
wrong then a release is rolled back and only
a small subset of the users are impacted.
The purpose of the test is to determine if the

EUT can handle expected loads such as Continuous Delivery
Capacity Test
number of users, number of sessions, Architecture
aggregate bandwidth.
Test cases are created by capturing live Continuous Delivery

Capture‐Replay interactions with the EUT, in a format that can Architecture, DevOps
be replayed by a tool. E.g. Selenium Test Engineering
Positive incentives, for encouraging and

Carrots DevSecOps Engineering
rewarding desired behaviors.
A method designed by Roman Pichler of

ensuring that goals are linked and shared at
Chain of Goals DevOps Leader
all levels through the product development
process.
Addition, modification or removal of

DevOps Foundation,
Change anything that could have an effect on IT
services. (ITIL® definition)
Continuous Delivery
A measure of the percentage of failed/rolled
Change Failure Rate Architecture, DevOps
back changes.
Foundation
A general sense of apathy or passive

Change Fatigue resignation towards organizational changes DevSecOps Engineering
by individuals or teams.
A measure of the time from a request for

Change Lead Time DevOps Foundation
change to delivery of the change.
Change Leader Jim Canterucci's model for five levels of

DevOps Leader
Development Model change leader capability.
DevOps Foundation,
Change Process that controls all changes throughout
DevOps Leader,
Management their lifecycle. (ITIL definition)

An approach to shifting or
transitioning individuals, teams &
Change organizations from a current state to a
Management desired future state. Includes the process, DevOps Leader
(Organizational) tools & techniques to manage the people-
side of change to achieve the required
business outcome(s).
Tests are selected according to a criterion Continuous Delivery

Change-based Test
that matches attributes of tests to attributes Architecture, DevOps
Selection Method
of the code that is changed in a build. Test Engineering
The discipline of experimenting on a software

system in production in order to build
Site Reliability
Chaos Engineering confidence in the system's capability to
Engineering
withstand turbulent and unexpected
conditions.
A squad line manager in the Spotify model

who is responsible for traditional people
Chapter Lead management duties, is involved in day to DevOps Leader
day work and grows individual and chapter
competence.
A small family of people having similar skills

and who work within the same general
competency area within the same tribe.
Chapters Chapters meet regularly to discuss DevOps Leader
challenges and area of expertise in order to
promote sharing, skill development, re-use
and problem solving.
An approach to managing technical and

Continuous Delivery
business operations (coined by GitHub) that
involves a combination of group chat and
ChatOps Foundation, DevOps Test
integration with DevOps tools. Example tools
Engineering, Site
include: Atlassian HipChat/Stride, Microsoft
Teams, Slack.
Continuous Delivery
Action of submitting a software change into
Check‐in Architecture, DevOps
a system version management system.
Test Engineering
A subset of regression tests that are run

Continuous Delivery
CI Regression Test immediately after a software component is
Architecture
built. Same as Smoke Test.
Continuous Delivery
Same as Glass‐Box Testing and White‐Box
Clear‐Box Architecture, DevOps
Testing.
Test Engineering
The practice of using remote servers hosted DevSecOps Engineering,

Cloud Computing on the internet to host applications rather Site Reliability
than local servers in a private datacenter. Engineering

Native cloud applications (NCA) are Continuous Delivery
Cloud-Native
designed for cloud computing. Architecture
Cloudbees is a commercially supported

proprietary automation framework tool
Cloudbees which works with and enhances Jenkins by DevOps Test Engineering
providing enterprise levels support and add-
on functionality.
Tools like Kubecost, Replex, Cloudability use

Cluster Cost Site Reliability
monitoring to analyze container clusters and
Optimization Engineering
optimize the resource deployment model.
Tools that let you know the health of your

Site Reliability
Cluster Monitoring deployment environments running in clusters
Engineering
such as Kubernetes.
A group of computers (called nodes or

members) work together as a cluster Continuous Delivery
Clustering
connected through a fast network acting as Architecture
a single system.
A measure of white box test coverage by

counting code units that are executed by a Continuous Delivery
Code Coverage test. The code unit may be a code Architecture, DevOps
statement, a code branch, or control path or Test Engineering
data path through a code module.
See also static code analysis, Sonar and

Checkmarks are examples of tools that
automatically check the seven main
Site Reliability
Code Quality dimensions of code quality – comments,
Engineering
architecture, duplication, unit test coverage,
complexity, potential defects, language
rules.
A repository where developers can commit

and collaborate on their code. It also tracks
Code Repository historical versions and potentially identifies DevSecOps Engineering
conflicting versions of the same code. Also
referred to as "repository" or "repo."
Software engineers inspect each other's Continuous Delivery

Code Review source code to detect coding or code Architecture, DevOps
formatting errors. Test Engineering
Cognitive bias is a limitation in objective

thinking that is caused by the tendency for
the human brain to perceive information
Cognitive Bias through a filter of personal experience and DevOps Leader
preferences: a systematic pattern of
deviation from norm or rationality in
judgment.

People jointly working with others towards a DevOps Foundation,
Collaboration
common goal. DevSecOps Engineering
A culture that applies to everyone which

incorporates an expected set of behaviors,
Collaborative language and accepted ways of working Continuous Delivery
Culture with each other reinforcement by Architecture
leadership.
Test with the purpose to determine if and EUT Continuous Delivery

Compatibility Test interoperates with another EUT such as peer‐ Architecture, DevOps
to‐peer applications or protocols. Test Engineering
Configuration management (CM) is a

systems engineering process for establishing Continuous Delivery
Configuration and maintaining consistency of a product's Architecture, DevOps
Management performance, functional, and physical Foundation, DevSecOps
attributes with its requirements, design, and Engineering
operational information throughout its life.
Continuous Delivery
Conformance Test Architecture, DevOps
EUT complies to a standard.
Test Engineering
Limitation or restriction; something that DevOps Foundation,

Constraint
constrains. See also bottleneck. DevSecOps Engineering
A way of packaging software into

lightweight, stand-alone, executable DevOps Foundation,
packages including everything needed to DevSecOps Engineering,
Container
run it (code, runtime, system tools, system Site Reliability
libraries, settings) for development, shipment Engineering
and deployment.
Used to prove that any app that can be run

on a container cluster with any other app
Container Network Site Reliability
can be confident that there is no unintended
Security Engineering
use of the other app or any unintended
network traffic between them.
Secure and private registry for Container

images. Typically allowing for easy upload
Site Reliability
Container Registry and download of images from the build
Engineering
tools. Docker Hub, Artifactory, Nexus are
examples.
When building a Container image for your

application, tools can run a security scan to
ensure it does not have any known Site Reliability
Container Scanning
vulnerability in the environment where your Engineering
code is shipped. Blackduck, Synopsis, Synk,
Claire and klar are examples.

Continual Service One of the ITIL Core publications and a stage
DevOps Foundation
Improvement (CSI) of the service lifecycle.

Manager, Continuous
A methodology that focuses on making sure Delivery Architecture,
Continuous Delivery
software is always in a releasable state DevOps Foundation,
(CD)
throughout its lifecycle. DevSecOps
Engineering, DevOps Test
Engineering
A person who is responsible to guide the

Continuous Delivery Continuous Delivery
implementation and best practices for a
(CD) Architect Architecture
continuous delivery pipeline.
A continuous delivery pipeline refers to the

series of processes which are performed on
product changes in stages. A change is
Continuous Delivery
injected at the beginning of the pipeline. A
Continuous Delivery Architecture, DevOps
change may be new versions of code, data
Pipeline Foundation Course,
or images for applications. Each stage
DevOps Leader
processes the artifacts resulting from the prior
stage. The last stage results in deployment to
production.
Each process in a continuous delivery

pipeline. These are not standard. Examples
Continuous Delivery are Design: determine implementation Continuous Delivery
Pipeline Stage changes; Creation: implement an Architecture
unintegrated version of design changes;
Integration: merge
A set of practices that enable every change

Continuous DevOps Foundation,
that passes automated tests to be
Deployment DevSecOps Engineering
automatically deployed to production.
Smoothly moving people or products from DevOps Foundation,

Continuous Flow the first step of a process to the last with DevOps Leader,
minimal (or no) buffers between steps. DevSecOps Engineering
Based on Deming's Plan-Do-Check-Act, a

model for ensure ongoing efforts to improve
Improvement DevOps Leader
products, processes and services.

A development practice that requires Manager, Continuous
developers to merge their code into trunk or Delivery Architecture,
Continuous
master ideally at least daily and perform tests DevOps
Integration (CI)
(i.e. unit, integration and acceptance) at Foundation, DevOps Test
every code commit. Engineering, DevSecOps
Engineering

Tools that provide an immediate feedback
loop by regularly merging, building and
testing code. Example tools include:
Integration Tools DevOps Leader
Atlassian Bamboo, Jenkins, Microsoft
VSTS/Azure DevOps, TeamCity.
This is a class of terms relevant to logging, Continuous Delivery

Continuous
notifications, alerts, displays and analysis of Architecture, DevOps
Monitoring (CM)
test results information. Test Engineering
DevOps
This is a class of terms relevant to testing and
Continuous Testing Foundation, Continuous
verification of an EUT in a DevOps
(CT) Delivery Architecture,
environment.
DevOps Test Engineering
Conversation Cafés are open, hosted

conversations in cafés as well as conferences
Conversation Café DevOps Leader
and classrooms—anywhere people gather to
make sense of our world.
Organizations which design systems are

Continuous Delivery
constrained to produce designs which are
Conway's Law Architecture, DevOps
copies of the communication structures of
Leader
these organizations.
The key cultural value shift toward being

Cooperation vs. highly collaborative and cooperative, and
Competition away from internal competitiveness and
divisiveness.
Continuous Delivery
COTS Commercial‐off‐the‐shelf solution Architecture, DevOps
Test Engineering
Certified Agile Process

Something that must happen for an IT Owner, Certified Agile
Critical Success
service, process, plan, project or other Service Manager,
Factor (CSF)
activity to succeed. DevOps Foundation,
Vehicle for recording and managing

CSI Register improvement opportunities throughout their
Manager
lifecycle (Continual Service Improvement).
A metaphor that visualizes the difference

between observable (above the water) and
Cultural Iceberg DevOps Leader
non-observable (below the waterline)
elements of culture.
Continuous Delivery
Culture The values and behaviors that contribute to
(Organizational the unique psychosocial environment of an
Culture) organization.
Engineering

A cumulative flow diagram is a tool used in
agile software development and lean
Cumulative Flow product development. It is an
DevOps Leader
Diagram area graph that depicts the quantity of work
in a given state, showing arrivals, time in
queue, quantity in queue, and departure.
A form of value stream map that helps you

Current State Map identify how the current process works and DevOps Leader
where the disconnects are.
CRE is what you get when you take the

Customer Reliability Sire Reliability
principles and lessons of SRE and apply them
Engineer (CRE) Engineering
towards customers.
DevOps Foundation,
A measure of the time from start of work to
Cycle Time DevOps Leader.
ready for delivery.
Daily timeboxed event of 15 minutes or less Certified Agile Service

Daily Scrum for the Team to replan the next day of work Manager, DevOps
during a Sprint. Foundation
Continuous Delivery
Dashboard Graphical display of summarized test results. Architecture, DevOps
Test Engineering
Tools that prevent files and content from

Data Loss Protection Site Reliability
being removed from within a service
(DLP) Engineering
environment or organization.
A person responsible for keeping database

Database Reliability Site Reliability
systems that support all user facing services in
Engineer (DBRE) Engineering
production running smoothly.
Continuous Delivery
The number of faults found in a unit E.g. #
Defect Density Architecture, DevOps
defects per KLOC, # defects per change.
Test Engineering

A shared understanding of expectations that Owner, Certified Agile
Definition of Done the Increment must live up to in order to be Service Manager,
releasable into production. (Scrum.org) DevOps Foundation,
DevOps Leader
Continuous Delivery
The frequency of deliveries. E.g. # deliveries
Delivery Cadence Architecture, DevOps
per day, per week, etc.
Test Engineering
Continuous Delivery
Set of release items (files, images, etc.) that
Delivery Package Architecture, DevOps
are packaged for deployment.
Test Engineering
A four-stage cycle for process management,

DevOps Foundation,
Deming Cycle attributed to W. Edwards Deming. Also called
Plan-Do-Check-Act (PDCA).

Many projects depend on packages that
may come from unknown or unverified
providers, introducing potential security
Dependency vulnerabilities. There are tools to scan Site Reliability
Firewall dependencies but that is after they are Engineering
downloaded. These tools prevent those
vulnerabilities from being downloaded to
begin with.
For many organizations, it is desirable to have

a local proxy for frequently used upstream
images/packages. In the case of CI/CD, the Site Reliability
Dependency Proxy
proxy is responsible for receiving a request Engineering
and returning the upstream image from a
registry, acting as a pull-through cache.
Used to automatically find security

vulnerabilities in your dependencies while
Dependency you are developing and testing your Site Reliability
Scanning applications. Synopisis, Gemnasium, Retire.js Engineering
and bundler-audit are popular tools in this
area.
The installation of a specified version of

DevOps Foundation,
Deployment software to a given environment (e.g.,
promoting a new build into production).
Continuous Delivery
An EUT is designed with features which
Design for Testability Architecture, DevOps
enable it to be tested.
Test Engineering
Principles for designing, organizing, and

Design Principles managing a DevOps delivery operating DevOps Leader
model.
Individuals involved in software development

DevOps Foundation,
Dev activities such as application and software
engineers.
Individual who has responsibility to develop

Continuous Delivery
changes for an EUT. Alternate: Individuals
Developer (Dev) Architecture, DevOps
involved in software development activities
Test Engineering
such as application and software engineers.
Ensuring that the developer's test Continuous Delivery

Development Test environment is a good representation of the Architecture, DevOps
production test environment. Test Engineering
Continuous Delivery
Device Under Test The EUT is a device. E.g. Router or switch is
(DUT) being tested.
Test Engineering

A cultural and professional movement that
stresses communication, collaboration and
integration between software developers
and IT operations professionals while Certified Agile Service
automating the process of software delivery Manager, DevOps
DevOps
and infrastructure changes. It aims at Foundation, DevSecOps
establishing a culture and environment Engineering
where building, testing, and releasing
software, can happen rapidly, frequently,
and more reliably." (Source: Wikipedia)
Help teams master Agile development and

DevOps Coach DevOps practices; enables productive ways DevOps Leader
of working and collaboration.
The entire set of tools and facilities that make Continuous Delivery
DevOps
up the DevOps system. Includes CI, CT, CM Architecture, DevOps
Infrastructure
and CD tools. Test Engineering
Kaizen is a Japanese word that closely

translates to "change for better," the idea of
continuous improvement—large or small—
involving all employees and crossing
DevOps Kaizen DevOps Leader
organisational boundaries. Damon Edwards'
DevOps Kaizen shows how making small,
incremental improvements (little J's) has an
improved impact on productivity long term.
Continuous Delivery
The entire set of interconnected processes
DevOps Pipeline Architecture, DevOps
that make up a DevOps Infrastructure.
Test Engineering
A metric showing DevOps adoption across

Site Reliability
DevOps Score an organization and the corresponding
Engineering
impact on delivery velocity.
Continuous Delivery
The tools needed to support a DevOps Architecture, DevOps
DevOps Toolchain continuous development and delivery cycle Foundation, DevSecOps
from idea to value realisation. Engineering, DevOps Test
Engineering
A mindset that "everyone is responsible for

Continuous Delivery
security" with the goal of safely distributing
DevSecOps security decisions at speed and scale to
those who hold the highest level of context
Engineering
without sacrificing the safety required.
The software revisions are stored in a

Distributed Version
distributed revision control system (DRCS), Continuous Delivery
Control System
also known as a distributed version control Architecture
(DVCS)
system (DVCS).

A DMZ in network security parlance is a
network zone in between the public internet
and internal protected resources. Any
DMZ (De-Militarized
application, server, or service (including APIs) DevSecOps Engineering
Zone)
that need to be exposed externally are
typically placed in a DMZ. It is not
uncommon to have multiple DMZs in parallel.
Dynamic analysis is the testing of an

application by executing data in real-time Continuous Delivery
Dynamic Analysis with the objective of detecting defects while Architecture, DevOps
it is in operation, rather than by repeatedly Test Engineering
examining the code offline.
Dynamic
A type of testing that runs against built code
Application Security DevSecOps Engineering
to test exposed interfaces.
Testing (DAST)
Automated function and regression testing of

EggPlant enterprise applications. Licensed by Test DevOps Test Engineering
Plant.
Elasticity is a term typically used in cloud

computing, to describe the ability of an
IT infrastructure to quickly expand or cut
back capacity and services without Continuous Delivery
Elastic Infrastructure
hindering or jeopardizing Architecture
the infrastructure's stability, performance,
security, governance or compliance
protocols.
A short summary used to quickly and simply

define a process, product, service, Certified Agile Process
Elevator Pitch
organization, or event and its value Owner
proposition.
Process control model in which decisions are

made based on observation and
Empirical Process Certified Agile Process
experimentation (rather than on detailed
Control Owner
upfront planning) and decisions are based
on what is known.
Employee Net Promoter Score (eNPS) is a

way for organizations to measure employee
loyalty. The Net Promoter Score, originally a DevOps Foundation,
eNPS
customer service tool, was later used DevOps Leader
internally on employees instead of
customers.
This is a class of terms which refers to names

of types of entities that are being tested. Continuous Delivery
Entity Under Test
These terms are often abbreviated to the Architecture, DevOps
(EUT)
form xUT where "x" represents a type of entity Test Engineering
under test.

A big chunk of work, made up of a number Certified Agile Process
Epic
of user stories, with a common objective. Owner
Erik Erikson (1950, 1963) proposed a

psychoanalytic theory of psychosocial
Erickson (Stages of development comprising eight stages from
Psychosocial infancy to adulthood. During each stage, the DevSecOps Engineering
Development) person experiences a psychosocial crisis
which could have a positive or negative
outcome for personality development.
The error budget provides a clear, objective

metric that determines how unreliable a Site Reliability
Error Budget
service is allowed to be within a specific time Engineering
period.
An error budget policy enumerates the

activity a team takes when they've Site Reliability
Error Budget Policies
exhausted their error budget for a particular Engineering
service in a particular time period.
Tools to easily discover and show the errors

Site Reliability
Error Tracking that application may be generating, along
Engineering
with the associated data.
Scripts and automation outside of a service Site Reliability

External Automation
that is intended to reduce toil. Engineering
A DevOps tenet referring to the preference Continuous Delivery

Fail Early to find critical problems as early as possible in Architecture, DevOps
a development and delivery pipeline. Test Engineering
A DevOps tenet which emphasizes a Continuous Delivery

Fail Often preference to find critical problems as fast as Architecture, DevOps
possible and therefore frequently. Test Engineering
DevOps Foundation,
Continuous Delivery
Failure Rate Fail verdicts per unit of time.
Test Engineering
A test incorrectly reports a verdict of "fail" Continuous Delivery

False Negative when the EUT actually passed the purpose of Architecture, DevOps
the test. Test Engineering
A test incorrectly reports a verdict of "pass" Continuous Delivery

False Positive when the EUT actually failed the purpose of Architecture, DevOps
the test. Test Engineering
The practice of using software switches to DevOps Foundation,

hide or activate features. This enables Continuous Delivery
Feature Toggle
continuous integration and testing a feature Architecture, DevOps
with selected stakeholders. Test Engineering

A central identity used for access to a wide
range of applications, systems, and services,
but with a particular skew toward web-
based applications. Also, often referenced
Federated Identity DevSecOps Engineering
as Identity-as-a-Service (IDaas). Any identity
that can be reused across multiple sites,
particularly via SAML or OAuth
authentication mechanisms.
A planned failure testing process focussed on

the operation of live services including
Site Reliability
Fire Drills service failure testing as well as
Engineering
communication, documentation, and other
human factor testing.
How people, products or information move DevOps Foundation,

Flow through a process. Flow is the first way of The DevOps Leader,
Three Ways. DevSecOps Engineering
A form of map that shows the end-to-end

Flow of Value value stream. This view is usually not DevOps Leader
available within the enterprise.
Backbone for plugging in tools. Launches Continuous Delivery

Framework automated tasks, collects results from Architecture, DevOps
automated tasks. Test Engineering
A core cultural value that with the freedom

of self-management (such as afforded by
Freedom and DevOps) comes the responsibility to be
Responsibility diligent, to follow the advice process and to
take ownership of both successes and
failures.
Frequency How often an application is released. DevOps Leader
Tests to determine if the functional operation Site Reliability

Functional Testing
of the service is as expected. Engineering
A form of value stream map that helps you

develop and communicate what the target
Future State Map DevOps Leader
end state should look like and how to tackle
the necessary changes.
Fuzzing or fuzz testing is an automated

software testing practice that inputs invalid,
Fuzzing DevSecOps Engineering
unexpected, or random data into
applications.
Define and obtain consensus for criterion of

changes promoted between all CD pipeline
Continuous Delivery
Gated Commits stages such as: Dev to CI stage / CI to
Architecture
packaging / delivery stage / Delivery to
Deployment/Production stage.

In a generative organization alignment takes
place through identification with the mission.
The individual ''buys into'' what he or she is
Generative supposed to do and its effect on the
DevOps Leader
(DevOps) Culture outcome. Generative organizations tend to
be proactive in getting the information to the
right people by any means. necessary.
(Westrum)
A cultural view wherein long-term outcomes

are of primary focus, which in turn drives
Generativity DevSecOps Engineering
investments and cooperation that enable an
organization to achieve those outcomes.
Continuous Delivery
Same as Clear‐Box Testing and White‐Box
Glass‐Box Architecture, DevOps
Testing.
Test Engineering
Process Owner who oversees a single, global

Global Process process. A Global Process Owner (who may Certified Agile Process
Owner reside in a SMO) may oversee one or more Owner
Regional Process Managers.
The purpose of the test is to determine an

EUT's performance boundaries, using
Continuous Delivery
incrementally stresses until the EUT reaches a
Goal‐seeking tests Architecture, DevOps
peak performance. E.g. Determine the
Test Engineering
maximum throughput that can be handled
without errors.
A model by Simon Sinek that emphasizes an

Golden Circle understanding of the business' "why" before DevOps Foundation
focusing on the "what" and "how".
A template for a virtual machine (VM), virtual

Golden Image desktop, server or hard disk drive. DevSecOps Engineering
(TechTarget)
Daniel Goleman (2002) created the Six

Goleman's Six Styles Leadership Styles and found, in his research,
DevOps Leader
of Leadership that leaders used one of these styles at any
one time.

A software platform intended for
concentrating governance, compliance and
risk management data, including policies,
compliance requirements, vulnerability data,
and sometimes asset inventory, business
Governance, Risk
continuity plans, etc. In essence, a
Management and DevSecOps Engineering
specialized document and data repository
Compliance (GRC)
for security governance. Or a team of
people who specialize in IT/security
governance, risk management and
compliance activities. Most often non-
technical business analyst resources.
Continuous Delivery
Test cases use a limited knowledge of the
Gray‐Box Architecture, DevOps
internal design structure of the EUT.
Test Engineering
The purpose of the test is to determine if the Continuous Delivery

GUI testing graphical user interface operates as Architecture, DevOps
expected. Test Engineering
A "community of interest" group that

welcomes anyone and usually cuts across an DevOps Foundation,
Guilds
entire organization. Similar to a Community DevOps Leader
of Practice.
The procedure for transferring the

DevOps Foundation,
Hand Offs responsibility of a particular task from one
DevOps Leader
individual or team to another.
Securing a server or infrastructure

environment by removing or disabling
unnecessary software, updating to known
good versions of the operating system,
Hardening restricting network-level access to only that DevSecOps Engineering
which is needed, configuring logging in order
to capture alerts, configuring appropriate
access management and installing
appropriate security tools.
Helm charts are what describe related

Kubernetes resources. Artifactory and Site Reliability
Helm Chart Registry
Codefresh support a registry for maintaining Engineering
master records of Helm Charts.
Heritage Reliability Applying the principles and practices of SRE Site Reliability
Engineer (HRE) to legacy applications and environments. Engineering
Organizations with a high-trust culture

encourage good information flow, cross-
High-Trust Culture functional collaboration, shared DevOps Foundation
responsibilities, learning from failures and new
ideas.

Computing resources are scaled wider to
Continuous Delivery
increase the volume of processing. E.g. Add
Horizontal Scaling Architecture, DevOps
more computers and run more tasks in
Test Engineering
parallel.
CM tools (e.g., Puppet, Chef, Ansible, and

Salt) claim that they are 'idempotent' by
allowing the desired state of a server to be Continuous Delivery
Idempotent
defined as code or declarations and Architecture
automate steps necessary to consistently
achieve the defined state time‐after‐time.
The unique name of a person, device, or the

combination of both that is recognized by a
Identity DevSecOps Engineering
digital system. Also referred to as an
"account" or "user."
Policies, procedures and tools for ensuring

Identity and Access
the right people have the right access to DevSecOps Engineering
Management (IAM)
technology resources.
Identity and access management services

Identity as a Service
that are offered through the cloud or on a DevSecOps Engineering
(IDAAS)
subscription basis.
Build images are pre‐assigned test cases.

Continuous Delivery
Image‐based test Tests cases are selected for a build by
selection method matching the image changes resulting from
Test Engineering
a build.
A learning approach that guides teams with

Immersive learning coaching and practice to help them learn to DevOps Leader
work in a new way.
An immutable object is an object whose

state cannot be modified after it is created. Continuous Delivery
Immutable
The antonym is a mutable object, which can Architecture
be modified after it is created.
Instead of instantiating an instance (server,

container, etc.), with error‐prone, time‐
Continuous Delivery
Immutable consuming patches and upgrades (i.e.
Architecture, Site
Infrastructures mutations), replace it with another instance
to introduce changes or ensure proper
behavior.

Anything that prevents a team member from Owner, Certified Agile
Impediment
performing work as efficiently as possible. Service Manager,
DevOps Foundation
Agile Service
Anything that prevents a team member from
Impediment (Scrum) Management, DevOps
performing work as efficiently as possible.
Foundation

Continuous Delivery
Implementation The EUT is a software implementation. E.g.
Under Test Embedded program is being tested.
Test Engineering
A structured way to create a culture of

continuous learning and improvement. (In
Japanese business, Kata is the idea of doing
Improvement Kata things the "correct" way. An organization's DevOps Foundation
culture can be characterized as its Kata
through its consistent role modeling,
teaching and coaching.)
A system designed to motivate people to

complete tasks toward achieving objectives.
Incentive model DevSecOps Engineering
The system may employ either positive or
negative consequences for motivation.
Any unplanned interruption to an IT service or

reduction in the quality of an IT service. DevOps Foundation,
Incident
Includes events that disrupt or could disrupt DevSecOps Engineering
the service. (ITIL definition)
Process that restores normal service

operation as quickly as possible to minimize
business impact and ensure that agreed DevOps Foundation,
Incident levels of service quality are maintained. (ITIL DevSecOps Engineering,
Management definition). Involves capturing the who, Site Reliability
what, when of service incidents and the Engineering
onward use of this data in ensuring service
level objectives are being met.
An organized approach to addressing and

managing the aftermath of a security
DevSecOps Engineering,
breach or attack (also known as an
Incident Response Site Reliability
incident). The goal is to handle the situation
Engineering
in a way that limits damage and reduces
recovery time and costs.

Potentially shippable completed work that is
Increment Manager, DevOps
the outcome of a Sprint.
Foundation
Incremental rollout means deploying many

small, gradual changes to a service instead
of a few large changes. Users are
incrementally moved across to the new Site Reliability
Incremental Rollout
version of the service until eventually all users Engineering
are moved across. Sometimes referred to by
colored environments e.g. Blue/green
deployment.

All of the hardware, software, networks,
facilities, etc., required to develop, test,
deliver, monitor and control or support IT
DevOps Foundation,
Infrastructure services. The term IT infrastructure includes all
of the information technology but not the
associated people, processes and
documentation. (ITIL definition)
Infrastructure as The practice of using code (scripts) to DevOps Foundation,

Code configure and manage infrastructure. DevSecOps Engineering
The purpose of the test is to verify the

Continuous Delivery
framework for EUT operating. E.g. verify
Infrastructure Test Architecture, DevOps
specific operating system utilities function as
Test Engineering
expected in the target environment.
Continuous Delivery
Infrastructure‐as‐a‐ On‐demand access to a shared pool of
Service (IaaS) configurable computing resources.
Test Engineering
An integrated development environment

(IDE) is a software suite that consolidates the
basic tools developers need to write and test
software. Typically, an IDE contains a code
Integrated editor, a compiler or interpreter and a
development debugger that the developer accesses DevSecOps Engineering
environment (IDE) through a single graphical user interface
(GUI). An IDE may be a standalone
application, or it may be included as part of
one or more existing and compatible
applications. (TechTarget)
Linting is the process of running a program

Integrated
that will analyze code for potential errors
development
(e.g., formatting discrepancies, non- DevSecOps Engineering
environment (IDE)
adherence to coding standards and
'lint' checks
conventions, logical errors).
A network of physical devices that connect

DevOps Foundation,
Internet of Things to the internet and potentially to each other
through web-based wireless services.
Scripts and automation delivered as part of Site Reliability

Internal Automation
the service that is intended to reduce toil. Engineering
A mnemonic was created by Bill Wake as a

INVEST reminder of the characteristics of a quality
Manager
user story.
A family of standards that provide principles

ISO 31000 DevSecOps Engineering
and generic guidelines on risk management.

International standard for IT service
management. ISO/IEC 20000 is used to audit
ISO/IEC 20000 DevOps Foundation
and certify service management
capabilities.
A process for capturing, tracking, and

Issue Management resolving bugs and issues throughout the DevSecOps Engineering
software development lifecycle.
Set of best practice publications for IT service

management. Published in a series of five
core books representing the stages of the IT
IT Infrastructure Certified Agile Process
service lifecycle which are: Service Strategy,
Library (ITIL) Owner
Service Design, Service Transition, Service
Operation and Continual Service
Improvement.
A service provided to a customer from an IT

IT Service DevOps Foundation
organization.
Implementation and management of quality Certified Agile Process

IT Service
IT services that meet the needs of the Owner, Site Reliability
Management (ITSM)
business. (ITIL definition) Engineering
Tool licensed by Spirent Communications for

iTest DevOps Test Engineering
creating automated test cases.
Set of best practice publications for IT service

management. Published in a series of five
core books representing the stages of the IT
Manager, DevOps
ITIL service lifecycle which are: Service Strategy,
Foundation, Site
Service Design, Service Transition, Service
Operation and Continual Service
Improvement.
Jenkins is a freeware tool. It is the most

popular master automation framework tool,
especially for continuous integration task Continuous Delivery
Jenkins automation. Jenkins task automation centers Architecture, DevOps
around timed processes. Many test tools and Test Engineering
other tools offer plugins to simplify integration
with Jenkins.
Kaizen The practice of continuous improvement. DevOps Foundation

Method of work that pulls the flow of work
Kanban Manager, DevOps
through a process at a manageable pace.
Foundation
Tool that helps teams organize, visualize and

Kanban Board DevOps Foundation
manage work.

The drama triangle is a social model of
Karpman Drama human interaction. The triangle maps a type
DevOps Leader
Triangle of destructive interaction that can occur
between people in conflict.
Something that is measured and reported

DevOps Foundation,
Key Metrics upon to help manage a process, IT service or
DevOps Leader
activity.
Key metric used to measure the

Key Performance achievement of critical success factors. KPIs
Owner, Certified Agile
Indicator underpin critical success factors and are
Service Manager
measured as a percentage.
Key metric used to measure the

Key Performance achievement of critical success factors. KPIs
Manager, DevOps
Indicator (KPI) underpin critical success factors and are
Foundation
measured as a percentage. (ITIL definition)
Test cases are created using pre‐defined Continuous Delivery

Keywords‐Based names that reference programs useful for Architecture, DevOps
testing. Test Engineering
Process that ensures the right information is DevOps

Knowledge
delivered to the right place or person at the Foundation, DevSecOps
Management
right time to enable an informed decision. Engineering
Problem with a documented root cause and DevOps Foundation,

Known Error
a workaround. (ITIL definition) DevSecOps Engineering
David Kolb published his learning styles

model in 1984; his experiential learning theory
Kolb's Learning Styles DevOps Leader
works on two levels: a four stage cycle of
learning and four separate learning styles.
John Kotter describes the need for a dual

operating system that combines the
Kotter's Dual
entrepreneurial capability of a network with DevOps Leader
Operating System
the organisational efficiency of traditional
hierarchy.
Kubernetes is an open-source container-

orchestration system for automating
application deployment, scaling, and Site Reliability
Kubernetes
management. It was originally designed by Engineering
Google, and is now maintained by the Cloud
Native Computing Foundation.
Describes and predicts the stages of

Kubler-Ross Change
personal and organizational reaction to DevOps Foundation
Curve
major changes.

Category of cloud computing services that
provides a laboratory allowing customers to Continuous Delivery
Lab‐as‐a‐Service
test applications without the complexity of Architecture, DevOps
(LaaS)
building and maintaining the lab Test Engineering
infrastructure.
Laloux (Culture Frederic Laloux created a model for

Models) understanding organizational culture.
Latency is the delay incurred in

communicating a message, the time a
message spends “on the wire” between the Site Reliability
Latency
initial request being received e.g. by a server Engineering
and the response being recieved e.g. by a
client.
In his book 'The Fifth Discipline', Peter Senge

outlines eleven laws will help the
Laws of Systems
understanding of business systems and to DevOps Leader
Thinking
identify behaviors for addressing complex
business problems.
Production philosophy that focuses on

Lean reducing waste and improving the flow of DevOps Leader
processes to improve overall customer value.
Spare, economical. Lacking richness or DevOps Foundation,

Lean (adjective)
abundance. DevSecOps Engineering
Production philosophy that focuses on

DevOps Foundation,
Lean (production) reducing waste and improving the flow of
processes to improve overall customer value.
Lean Canvas is a 1-page business plan

Lean Canvas DevOps Leader
template.
Organization that strategically applies the

DevOps Foundation,
Lean Enterprise key ideas behind lean production across the
enterprise.
Applying the key ideas behind lean

DevOps Foundation,
Lean IT production to the development and
management of IT products and services.
Lean production philosophy derived mostly DevOps Foundation,

Lean Manufacturing
from the Toyota Production System. DevSecOps Engineering
Lean Product Development, or LPD, utilizes

Lean Product
Lean principles to meet the challenges of DevOps Leader
Development
Product Development.
Management approach that combines the

concepts of Lean Manufacturing and Six Certified Agile Process
Lean Six Sigma
Sigma by removing 'waste' and reducing Owner
'defects'.

A system for developing a business or
Lean Startup product in the most efficient way possible to DevOps Leader
reduce the risk of failure.
The goal of lean thinking is to create more

value for customers with fewer resources and Certified Agile Service
Lean Thinking
less waste. Waste is considered any activity Manager
that does not add value to the process.
Tools, such as Blackduck and Synopsis, that

check that licenses of your dependencies Site Reliability
License Scanning
are compatible with your application, and Engineering
approve or blacklist them.
A theorem by John Little which states that

the long-term average number L of
customers in a stationary system is equal to
Little's Law DevOps Leader
the long-term average effective arrival
rate λ multiplied by the average time W that
a customer spends in the system.
Tool used to test applications, measuring Continuous Delivery

LoadRunner system behavior and performance under Architecture, DevOps
load. Licensed by HP. Test Engineering
Continuous Delivery
Serialized report of details such as test
Log Architecture, DevOps
activities and EUT console logs.
Test Engineering
The collective processes and policies used to

administer and facilitate the generation,
Log Management transmission, analysis, storage, archiving and DevSecOps Engineering
ultimate disposal of the large volumes of log
data created within an information system.
The capture, aggregation and storage of all

logs associated with system performance
including, but not limited to, process calls, Site Reliability
Logging
events, user data, responses, error and status Engineering
codes. Logstash and Nagios are popular
examples.
A string of malicious code used to cause

Logic Bomb (Slag
harm to a system when the programmed DevSecOps Engineering
Code)
conditions are met.
The purpose of the test is to determine if a Continuous Delivery

Longevity Test complete system performs as expected over Architecture, DevOps
an extended period of time Test Engineering
Data analysis that uses algorithms that learn

Machine Learning DevOps Foundation
from data.

A program designed to gain access to
computer systems, normally for the benefit of
Malware DevSecOps Engineering
some third party, without the user’s
permission
The practice of using at least 2 factors for

Many-factor
authentication. The two factors can be of DevSecOps Engineering
Authentication
the same class.
Mean Time Between DevOps Foundation,

Used to measure deployment frequency.
Deploys DevSecOps Engineering
Average time that a CI or IT service can

perform its agreed function without
Mean Time Between interruption. Often used to measure reliability. DevOps Foundation,
Failures (MTBF) Measured from when the CI or service starts DevSecOps Engineering
working, until the time it fails (uptime). (ITIL
definition)
Continuous Delivery
Mean Time to Architecture, DevOps
Average time required to detect a failed
Detect Defects Foundation, DevSecOps
component or device.
(MTTD) Engineering, Site
Mean Time to How long a vulnerability or software

Discovery bug/defect exists before it's identified.
How long it takes to apply patches to

Mean Time to Patch environments once a vulnerability has been DevSecOps Engineering
identified.
Average time required to repair a failed

Mean Time to Repair component or device. MTTR does not DevOps Foundation,
(MTTR) include the time required to recover or DevSecOps Engineering
restore service.
Mean Time to How long it takes for a production-impacting
Site Reliability
Resolution (MTTRe) issue to be resolved.
Engineering
Used to measure time from when the CI or IT

DevOps Foundation,
Mean Time to service fails until it is fully restored and
Restore Service delivering its normal functionality
Site Reliability
(MTRS) (downtime). Often used to measure
Engineering
maintainability. (ITIL definition).
A mental model is an explanation of

Mental Models someone's thought process about how DevOps Leader
something works in the real world.
Action of integrating a software changes Continuous Delivery

Merge together into a software version Architecture, DevOps
management system. Test Engineering

Something that is measured and reported
DevOps Foundation,
Metric upon to help manage a process, IT service or
activity.
This is a class of terms relevant to Continuous Delivery

Metrics measurements used to monitor the health of Architecture, DevOps
a product or infrastructure. Test Engineering
A software architecture that is composed of

smaller modules that interact through APIs
Microservices DevOps Foundation
and can be updated without affecting the
entire system.
A person's usual attitude or mental state is

Mindset DevOps Leader
their mindset.
Activities that must be performed to provide

Minimum Critical Certified Agile Process
evidence of compliance with a given
Activities Owner
process.

Most minimal version of a product that can
Minimum Viable Manager, DevOps
be released and still provide enough value
Product Foundation, DevOps
that people are willing to use it.
Leader
Mock is a method/object that simulates the

behavior of a real method/object in
Continuous Delivery
controlled ways. Mock objects are used in
Mock Object Architecture, DevOps
unit testing. Often a method under a test
Test Engineering
calls other external services or methods
within it. These are called dependencies.
Representation of a system, process, IT

service, CI, etc. that is used to help
understand or predict future behavior. In the
Model DevSecOps Engineering
context of processes, models represent pre-
defined steps for handling specific types of
transactions.
Test cases are automatically derived from a Continuous Delivery

Model‐Based model of the entity under test. Example tool: Architecture, DevOps
Tricentus Test Engineering
The use of a hardware or software

Site Reliability
Monitoring component to monitor the system resources
Engineering
and performance of a computer service.
Tools that allow IT organizations to identify

Monitoring Tools specific issues of specific releases and to DevOps Leader
understand the impact on end-users.

A software system is called "monolithic" if it
has a monolithic architecture, in which
functionally distinguishable aspects (for
example data input and output, data Continuous Delivery
Monolithic
processing, error handling, and the user Architecture
interface) are all interwoven, rather than
containing architecturally separate
components.
The practice of using 2 or more factors for

Multi-factor
authentication. Often used synonymously DevSecOps Engineering
Authentication
with 2-factor Authentication.
Multi‐cloud DevOps solutions provide on‐

Continuous Delivery
Multi‐cloud demand multi‐tenant access to
Architecture
development and test environments.
Someone who applies a reliability

Network Reliability Site Reliability
engineering approach to measure and
Engineer (NRE) Engineering
automate the reliability of networks.
Describes the ability of the brain to form and

reorganize synaptic connections, especially
Neuroplasticity DevOps Leader
in response to learning or experience or
following injury.
Neuroscience The study of the brain and nervous system. DevOps Leader
Requirements that specify criteria that can

be used to judge the operation of a system,
Non-functional
rather than specific behaviors or functions DevOps Foundation
requirements
(e.g., availability, reliability, maintainability,
supportability); qualities of a system.
Defined as a type of service testing intending

to check non-functional aspects such as Site Reliability
Non-functional tests
performance, usability and reliability of a Engineering
software service.
Continuous Delivery
Object Under Test The EUT is a software object or class of
(OUT) objects.
Test Engineering

Objective An aim or goal of a process.
Owner
Observability is focused on externalizing as

much data as you can about the whole Site Reliability
Observability
service allowing us to infer what the current Engineering
state of that service is.

Being on-call means someone being
available during a set period of time, and
Site Reliability
On-call being ready to respond to production
Engineering
incidents during that time with appropriate
urgency.
Software that is distributed with its source

DevOps Foundation,
Open Source code so that end user organizations and
vendors can modify it for their own purposes.
Agreement between an IT service provider

Operational Level Certified Agile Process
and another part of the same organization.
Agreement Owner
(ITIL definition)
Individuals involved in the daily operational

activities needed to deploy and manage
systems and services such as quality
Continuous Delivery
Operations (Ops) assurance analysts, release managers,
Architecture
system and network administrators,
information security officers, IT operations
specialists and service desk analysts.
Function that performs the daily activities

Operations needed to deliver and support IT services
Management and the supporting IT infrastructure at the
agreed levels. (ITIL)
Individuals involved in the daily operational

activities needed to deploy and manage
systems and services such as quality
DevOps Foundation,
Ops assurance analysts, release managers,
system and network administrators,
information security officers, IT operations
specialists and service desk analysts.
An approach to building automation that

DevOps Foundation,
Orchestration interfaces or "orchestrates" multiple tools
together to form a toolchain.
A system of shared values, assumptions,

Organization Culture beliefs, and norms that unite the members of DevOps Leader
an organization.
For DevOps, an approach that models

Organization Model DevOps Leader
Spotify's Squad approach for organizing IT.
Efforts to adapt the behavior of humans

Organizational DevOps Foundation,
within an organization to meet new
Change DevSecOps Engineering
structures, processes or requirements.
A method for splitting a server into multiple

partitions called "containers" or "virtual
OS Virtualization DevOps Foundation
environments" in order to prevent
applications from interfering with each other.

DevOps Foundation,
Outcome Intended or actual results.
Deliverable produced by a process activity

Output (e.g., information, plans, documents, records,
Owner
reports and so forth).
A repository for software packages, artifacts

and their corresponding metadata. Can
Site Reliability
Package Registry store files produced by an organization itself
Engineering
or for third party binaries. Artifactory and
Nexus are amongst the most popular.
Something for creating supporting web

Site Reliability
Pages pages automatically as part of a CI/CD
Engineering
pipeline.
A software update designed to address

Patch DevSecOps Engineering
(mitigate/remediate) a bug or weakness.
The process of identifying and implementing

Patch management DevSecOps Engineering
patches.
Pathological cultures tend to view

DevOps Leader, Site
Pathological Culture information as a personal resource, to be
used in political power struggles (Westrum).
An authorized simulated attack on a

computer system that looks for security
Penetration Testing DevSecOps Engineering
weaknesses, potentially gaining access to
the system's features and data.
Focuses on changing attitudes, behaviors,

People Changes DevOps Leader
skills, or performance of employees.
The purpose of the test is to determine an EUT

Continuous Delivery
meets its system performance criterion or to
Performance Test Architecture, DevOps
determine what a system's performance
Test Engineering
capabilities are.
Formal, approved document that describes

Plan the capabilities and resources needed to
Owner
achieve a result.

A four-stage cycle for process management Owner, Certified Agile
and improvement attributed to W. Edwards Service
Plan-Do-Check-Act
Deming. Sometimes called the Deming Manager, DevOps
Cycle or PDCA. Foundation, DevSecOps
Engineering
Category of cloud computing services that

provides a platform allowing customers to Continuous Delivery
Platform‐as‐a‐
develop, run, and manage applications Architecture, DevOps
Service (PaaS)
without the complexity of building and Test Engineering
maintaining the infrastructure.

A pre‐programmed integration between an
Continuous Delivery
Orchestration tool and other tools. For
Plugin Architecture, DevOps
example, many tools offer plugins to
Test Engineering
integrate with Jenkins.
Formal documents that define boundaries in

DevOps Foundation,
Policies terms of what the organization may or may
not do as part of its operations.
Formal document that describes the overall

Policy intentions and direction of a service provider,
Owner
as expressed by senior management.
The notion that security principles and

concepts can be articulated in code (e.g.,
software, configuration management,
automation) to a sufficient degree that the
need for an extensive traditional policy
Policy as Code framework is greatly reduced. Standards and DevSecOps Engineering
guidelines should be implemented in code
and configuration, automatically enforced
and automatically reported-on in terms of
compliance, variance or suspected
violations.
Review that takes place after a change or a

Post Implementation project has been implemented that assesses
Manager, DevOps
Review (PIR) whether the change was successful and
Foundation
opportunities for improvement.
Increment of work that is "done" and Certified Agile Service

Potentially
capable of being released if it makes sense Manager, DevOps
Shippable Product
to do so. Foundation
This is a class of terms which refers names of

Continuous Delivery
activities and processes that are conducted
Pre‐Flight Architecture, DevOps
on an EUT prior to integration into the trunk
Test Engineering
branch.
The relative importance of an incident,

DevOps Foundation,
Priority problem or change; based on impact and
urgency. (ITIL definition)
Technologies that help organizations provide

secured privileged access to critical assets
Privileged Access
and meet compliance requirements by DevSecOps Engineering
Management (PAM)
securing, managing and monitoring
privileged accounts and access. (Gartner)
The underlying cause of one or more DevOps Foundation,

Problem
incidents. (ITIL definition) DevSecOps Engineering
Step‐by‐step instructions that describe how Certified Agile Service

Procedure
to perform the activities in a process. Manager

Structured set of activities designed to
accomplish a specific objective. A process Certified Agile Service
takes inputs and turns them into defined Manager, DevOps
Process
outputs. Related work activities that take Foundation, DevSecOps
specific inputs and produce specific outputs Engineering
that are of value to a customer.
Prioritized list of everything that needs to be

Process Backlog designed or improved for a process including
Manager
current and future requirements.
Focuses on changes to standard IT process,

such as software development practices, ITIL
Process Changes DevOps Leader
processes, change management, approvals
etc.

Process Customer Recipient of a process' output.
Manager
Team of individuals that designs or redesigns

Process a process and determines how best to Certified Agile Process
Improvement Team implement the new process across the Owner
organization.
Individual responsible for operational (day- Certified Agile Process

Process Manager
to-day) management of a process. Owner
Role accountable for the overall quality of a

DevOps Foundation,
process. May be assigned to the same
DevSecOps
Process Owner person who carries out the Process Manager
Engineering, Certified
role, but the two roles may be separate in
Agile Service Manager
larger organizations. (ITIL definition)
Person accountable for the overall quality of

Process Owner a process and the owner of the Process
Manager
Backlog.
A high-level event to define the goals,

Process Planning objectives, inputs, outcomes, activities, Certified Agile Service
Meeting stakeholders, tools and other aspects of Manager
a process. This meeting is not timeboxed.

Process Supplier Creator of process input.
Manager
The period during which one or more inputs

are transformed into a finished product by a
Processing Time DevOps Leader
manufacturing or development procedure.
(Business Dictionary)

Prioritized list of functional and non-functional
Product Backlog requirements for a system usually expressed
Service Manager,
as user stories.
DevOps Foundation

Ongoing process of adding detail, estimates
Product Backlog Certified Agile Service
and order to backlog items. Sometimes
Refinement Manager
referred to as Product Backlog grooming.

An individual responsible for maximizing the
value of a product and for managing the
Product Owner Service Manager,
product backlog. Prioritizes, grooms, and
DevOps Foundation,
owns the backlog. Gives the squad purpose.
DevOps Leader
Test cases are created by writing code in a Continuous Delivery

Programming‐Based programming language. E.g. JavaScript, Architecture, DevOps
Python, TCL, Ruby Test Engineering
Temporary endeavor undertaken to create a Certified Agile Process

Project
unique product, service or result. Owner
Tools that provide platforms for provisioning

Provision Platforms DevOps Leader
infrastructure (e.g., Puppet, Chef, Salt).
Psychological safety is a shared belief that

Psychological Safety DevOps Leader
the team is safe for interpersonal risk taking.
Quick Test Professional is a functional and

QTP regression test automation tool for software DevOps Test Engineering
applications. Licensed by HP.
Tools that handle test case planning, test

Quality execution, defect tracking (often into Site Reliability
Management backlogs), severity and priority analysis. CA’s Engineering
Agile Central
Maps roles and responsibilities to the Certified Agile Process

RACI Matrix
activities of a process or project. Owner
GUI test automation framework for testing of

Ranorex desktop, web‐based and mobile DevOps Test Engineering
applications. Licensed by Ranorex.
Encrypts the files on a user’s device or a

network’s storage devices. To restore access
to the encrypted files, the user must pay a
Ransomware DevSecOps Engineering
“ransom” to the cybercriminals, typically
through a tough-to-trace electronic
payment method such as Bitcoin.

Regression testing new version of an EUT has broken somethings Architecture, DevOps
that worked previously. Test Engineering

EUT conforms to specific regulatory Continuous Delivery
Regulatory
requirements. E.g. verify an EUT satisfies Architecture, DevOps
compliance testing
government regulations for consumer credit Test Engineering
card processing.

Continuous Delivery
Software that is built, tested and deployed Architecture, DevOps
Release
into the production environment. Foundation, DevSecOps
Engineering
Measurable attributes for a release package

Continuous Delivery
Release which determine whether a release
Acceptance Criteria candidate is acceptable for deployment to
Test Engineering
customers.
A release package that has been prepared Continuous Delivery

Release Candidate for deployment, may or may not have Architecture, DevOps
passed the Release. Test Engineering
Release Governance is all about the controls

and automation (security, compliance, or
Release otherwise) that ensure your releases are Site Reliability
Governance managed in an auditable and trackable Engineering
way, in order to meet the need of the
business to understand what is changing.
Process that manages releases and

Release DevOps Foundation,
underpins Continuous Delivery and the
Management DevSecOps Engineering
Deployment Pipeline.
Typically a deployment pipeline, used to

detect any changes that will lead to
Release problems in production. Orchestrating other Site Reliability
Orchestration tools will identify performance, security, or Engineering
usability issues. Tools like Jenkins and Gitlab CI
can “orchestrate” releases.
Time-boxed event that establishes the goals,

Release Planning risks, features, functionality, delivery date and
Meeting cost of a release. It also includes prioritizing
Service Manager
the Product Backlog.
A Continuous Testing tenet which emphasizes Continuous Delivery

Relevance a preference to focus on the most important Architecture, DevOps
tests and test results Test Engineering
Measure of how long a service, component DevOps Foundation,

or CI can perform its agreed function without DevSecOps Engineering,
Reliability
interruption. Usually measured as MTBF or Site Reliability
MTBSI. (ITIL definition) Engineering
The purpose of the test is to determine if a

Continuous Delivery
complete system performs as expected
Reliability Test Architecture, DevOps
under stressful and loaded conditions over
Test Engineering
an extended period of time.
Action to resolve a problem found during

Continuous Delivery
DevOps processes. E.g. Roll‐back changes
Remediation Architecture, DevOps
for an EUT change that resulted in a CT a test
Test Engineering
case fail verdict.

Plan that determines the actions to take after DevOps Foundation,
Remediation Plan
a failed change or release. (ITIL definition) DevSecOps Engineering
Formal proposal to make a change. The term

Request for Change
RFC is often misused to mean a change DevOps Foundation
(RFC)
record, or the change itself. (ITIL definition)
Tools than handle requirements definition,

Requirements traceability, hierarchies & dependency. Site Reliability
Management Often also handles code requirements and Engineering
test cases for requirements.
Building an environment or organization that
Resilience Site Reliability
is tolerant to change and incidents.
Engineering
Response time is the total time it takes from

Site Reliability
Response Time when a user makes a request until they
Engineering
receive a response.
Continuous Delivery
Representation State Transfer. Software
REST Architecture, DevOps
architecture style of the world‐wide web.
Test Engineering
Representational state transfer (REST) or

RESTful services on a network, such as HTTP,
provide scalable interoperability for
requesting systems to quickly and reliably Continuous Delivery
Restful API
access and manipulate textual Architecture
representations (XML, HTML, JSON) of
resources using stateless operations (GET,
POST, PUT, DELETE, etc.).
The purpose of the test is to determine if an Continuous Delivery

RESTful interface
API satisfies its design criterion and the Architecture, DevOps
testing
expectations of the REST architecture. Test Engineering
Difference between the benefit achieved

Return on DevOps Foundation,
and the cost to achieve that benefit,
Investment (ROI) DevSecOps Engineering
expressed as a percentage.
Allow code to be committed and launched

Site Reliability
Review Apps in real time – environments are spun up to
Engineering
allow developers to review their application.
The time and effort required to correct

Rework DevOps Leader
defects (waste).

Possible event that could cause harm or loss
or affect an organization's ability to achieve
its objectives. The management of risk
consists of three activities: identifying risks,
analyzing risks and managing risks. The DevOps Foundation,
Risk
probably frequency and probable DevSecOps Engineering
magnitude of future loss. Pertains to a
possible event that could cause harm or loss
or affect an organization's ability to execute
or achieve its objectives.
Possible event that could cause harm or loss

or affect an organization's ability to achieve
Risk Event its objectives. The management of risk DevOps Leader
consists of three activities: identifying risks,
analyzing risks and managing risks.
The process by which "risk" is contextualized,

Risk Management assessed, and treated. From ISO 31000: 1)
Process Establish context, 2) Assess risk, 3) Treat risk
(remediate, reduce or accept).
Continuous Delivery
TDD framework created and supported by
Robot Framework Architecture, DevOps
Google.
Test Engineering
Set of responsibilities, activities and

authorities granted to a person or team. A
role is defined by a process. One person or
DevOps Foundation,
Role team may have multiple roles. A set of
permissions assigned to a user or group of
users to allow a user to perform actions within
a system or application.
Role-based Access An approach to restricting system access to

Control (RBAC) authorized users.
Continuous Delivery
Software changes which have been
Roll‐back Architecture, DevOps
integrated are removed from the integration.
Test Engineering
Root Cause Analysis Actions take to identify the underlying cause DevOps Foundation,
(RCA) of a problem or incident. DevSecOps Engineering
Rugged Development (DevOps) is a method

that includes security practices as early in the
Rugged
continuous delivery pipeline as possible to
Development DevOps Foundation
increase cybersecurity, speed, and quality of
(DevOps)
releases beyond what DevOps practices can
yield alone.

Rugged DevOps is a method that includes
security practices as early in the continuous
Continuous Delivery
delivery pipeline as possible to increase
Rugged DevOps Architecture, DevOps
cybersecurity, speed, and quality of releases
Test Engineering
beyond what DevOps practices can yield
alone.
A collection of procedures necessary for the

smooth operation of a service. Previously Site Reliability
Runbooks
manual in nature they are now usually Engineering
automated with tools like Ansible.
Runtime Application Tools that actively monitor and block threats

Site Reliability
Self Protection in the production environment before they
Engineering
(RASP) can exploit vulnerabilities.
Continuous Delivery
A very basic set of tests that determine if a
Sanity Test Architecture, DevOps
software is functional at all.
Test Engineering
Scalability is a characteristic of a service that

Site Reliability
Scalability describes its capability to cope and perform
Engineering
under an increased or expanding load.
A proven, publicly available, framework for

Scaled Agile
applying Lean-Agile principles and practices DevOps Foundation
Framework (SAFE)
at an enterprise scale.
A summary of important discoveries from

SCARF Model neuroscience about the way people interact DevOps Leader
socially.
Scheduling: the process of planning to

Scheduling DevOps Leader
release changes into production.
A simple framework for effective team

collaboration on complex projects. Scrum
provides a small set of rules that create "just Certified Agile Service
Scrum enough" structure for teams to be able to Manager, DevOps
focus their innovation on solving what might Foundation
otherwise be an insurmountable
challenge. (Scrum.org)
Product Backlog, Sprint Backlog, Burndown Certified Agile Process

Scrum Artifacts
Chart, Product Increment Owner
Scrum's roles, events, artifacts and the rules Certified Agile Service
Scrum Components
that bind them together. Manager
Release Planning Meeting (optional), Sprint

Scrum Events Planning Meeting, Sprint, Daily Scrum, Sprint
Owner
Review, Sprint Retrospective
The definition of Scrum concepts and

Scrum Guide practices, written by Ken Schwaber and Jeff
Manager
Sutherland.

Pillars that uphold the Scrum framework that
Scrum Pillars include: Transparency, Inspection and
Owner
Adaption.
Product Owner, Development Team (Team)

Scrum Roles and ScrumMaster. See also Agile Service
Owner
Management Roles.
A self-organizing, cross-functional team that

uses the Scrum framework to deliver
Scrum Team products iteratively and incrementally. The DevOps Foundation
Scrum Team consists of a Product Owner, the
Development Team, and a Scrum Master.
A set of fundamental values and qualities

underpinning the Scrum framework:
Scrum values Owner, Certified Agile
commitment, focus, openness, respect and
Service Manager
courage.
An individual who provides process

leadership for Scrum (i.e., ensures Scrum
ScrumMaster practices are understood and followed) and DevOps Foundation
who supports the Scrum Team by removing
impediments.
Secret Detection aims to prevent that

sensitive information, like passwords,
Site Reliability
Secret Detection authentication tokens, and private keys are
Engineering
unintentionally leaked as part of the
repository content.
Secrets management refers to the tools and

methods for managing digital authentication
Secrets credentials (secrets), including passwords, Site Reliability
Management keys, APIs, and tokens for use in applications, Engineering
services, privileged accounts and other
sensitive parts of the IT ecosystem.
Secure automation removes the chance of

human error (and wilful sabotage) by Site Reliability
Secure Automation
securing the tooling used across the delivery Engineering
pipeline.
Practices intended to protect the

Security (Information confidentiality, integrity and availability of DevOps Foundation,
Security) computer system data from those with DevSecOps Engineering
malicious intentions.
Automating and building security into

DevOps Foundation,
Security as Code DevOps tools and practices, making it an
essential part of tool chains and workflows.

Continuous Delivery
EUT meets its security requirements. An
Security tests Architecture, DevOps
example is a test that determines if an EUT
Test Engineering
processes login credentials properly.
Continuous Delivery
Popular open‐source tool for software testing
Selenium Architecture, DevOps
GUI and web applications.
Test Engineering
Self-healing means the ability of services and

underlying environments to detect and Site Reliability
Self-healing
resolve problems automatically. It eliminates Engineering
the need for manual human intervention.
Management principle in which a team

chooses how best to accomplish their work,
rather than being directed by others outside Certified Agile Process
Self-organizing Team
the team. Self-organization happens within Owner
boundaries and against given goals (i.e.,
what to do).
The management principle that teams

autonomously organize their work. Self‐
organization happens within boundaries and Certified Agile Service
Self‐organizing
against given goals. Teams choose how best Manager
to accomplish their work, rather than being
directed by others outside the team.
A code execution paradigm were no

underlying infrastructure or dependencies
are needed, moreover a piece of code is
Site Reliability
Serverless executed by a service provider (typically
Engineering
cloud) who takes over the creation of the
execution environment. Lambda functions in
AWS and Azure Functions are examples.
Means of delivering value to customers by

facilitating outcomes customers want to DevOps Foundation,
Service
achieve without the ownership of specific DevSecOps Engineering
costs and risks.
Subset of the Service Portfolio that consists of

services that are live or available for
deployment. Has two aspects: The
Service Catalog DevOps Foundation
Business/Customer Service Catalog (visible to
customers) and the Technical/Supporting
Service Catalog. (ITIL definition)
One of the ITIL Core publications and a stage

Service Design DevOps Foundation
of the service lifecycle.

Single point of contact between the service
provider and the users. Tools like Service
Service Desk Now are used for managing the lifecycle of DevOps Foundation
services as well as internal and external
stakeholder engagement.
Written agreement between an IT service

provider and its customer(s) that defines key
Service Level Owner, DevOps
service targets and responsibilities of both
Agreement (SLA) Foundation, Site
parties. An SLA may cover multiple services
or customers. (ITIL definition)
SLI's are used to communicate quantitative

Service Level Site Reliability
data about services, typically to measure
Indicator (SLI) Engineering
how the service is performing against an SLO.
Process that ensures all current and planned

Service Level Certified Agile Process
IT services are delivered to agreed
Management Owner
achievable targets. (ITIL definition)
An SLO is a goal for how well a product or

Service Level service should operate. SLO's are set based Site Reliability
Objective (SLO) on what an organization is expecting from a Engineering
service.
Service Lifecycle Structure of the ITIL Core guidance. DevOps Foundation
Set of specialized organizational capabilities

Service
for providing value to customers in the form DevOps Foundation
Management
of services. (ITIL definition)
Function that coordinates all processes and

Service functions that manage a service provider's
Management Office services throughout their lifecycle. Process
Owner
(SMO) Owners may report directly or via a 'dotted'
reporting line to the SMO.

Service Operation DevOps Foundation
Organization that supplies services to one or

Service Provider more internal or external customers. (ITIL DevOps Foundation
definition)
User request for a standard service from an IT

Service Request DevOps Foundation
service provider. (ITIL definition)

Service Strategy DevOps Foundation

Service Transition DevOps Foundation

Seven distinct "pillars" provide a foundation
for DevOps systems which include
Collaborative Culture, Design for DevOps,
Seven Pillars of Continuous Delivery
Continuous Integration, Continuous Testing,
DevOps Architecture
Continuous Delivery and Deployment,
Continuous Monitoring and Elastic
Infrastructures and Tools.
An approach that strives to build quality into

the software development process by
incorporating testing early and often. This DevOps Foundation,
Shift Left
notion extends to security architecture, DevSecOps Engineering
hardening images, application security
testing, and beyond.
Automated function and regression testing of

SilkTest DevOps Test Engineering
enterprise applications. Licensed by Borland.
The Simian Army is a suite of failure-inducing

tools designed by Netflix. The most famous
Site Reliability
Simian Army example is Chaos Monkey which randomly
Engineering
terminates services in production as part of a
Chaos Engineering approach.
The discipline that incorporates aspects of

software engineering and applies them to
Site Reliability Site Reliability
infrastructure and operations problems. The
Engineering (SRE) Engineering
main goals are to create scalable and highly
reliable software systems.
Disciplined, data-driven approach that

Six Sigma focuses on reducing defects by measuring
Owner
standard deviations from an expected norm.
Specific, measurable, achievable, relevant

SMART Goals DevOps Foundation
and time-bound goals.
A basic set of functional tests that are run Continuous Delivery

Smoke Test immediately after a software component is Architecture, DevOps
built. Same as CI Regression Test. Test Engineering
Continuous Delivery
Snapshot Report of pass/fail results for a specific build. Architecture, DevOps
Test Engineering
Stored and shared code snippets to allow

collaboration around specific pieces of
Site Reliability
Snippets code. Also allows code snippets to be used
Engineering
in other code-bases. BitBucket and GitLab
allow this.
Simple Object Access Protocol (SOAP) is an Continuous Delivery

SOAP XML-based messaging protocol for Architecture, DevOps
exchanging information among computers. Test Engineering

Software
A tool that checks for libraries or functions in
Composition DevSecOps Engineering
source code that have known vulnerabilities.
Analysis
Software-Defined Networking (SDN) is a

network architecture approach that enables
Software Defined Site Reliability
the network to be intelligently and centrally
Networking (SDN) Engineering
controlled, or 'programmed,' using software
applications.
Software Delivery The process used to design, develop and test DevOps Leader, Site
Lifecycle (SDLC) high quality software. Reliability Engineering
Software Version A repository tool which is used to manage Continuous Delivery

Management software changes. Examples are: Azure Architecture, DevOps
System DevOps, BitBucket, Git, GitHub, GitLab, VSTS. Test Engineering
DevOps Foundation,
Category of cloud computing services in
Software‐as‐a‐ Continuous Delivery
which software is licensed on a subscription
Service (SaaS) Architecture, DevOps
basis.
Test Engineering
Repositories for controlling source code for

DevOps Foundation,
Source Code Tools key assets (application and infrastructure) as
DevOps Leader
a single source of truth.
An organizational model that helps teams in

DevOps Foundation,
Spotify Squad Model large organizations behave like startups and
DevOps Leader
be nimble.

A period of 2‐4 weeks during which an
Sprint Service Manager,
increment of product work is completed.
Continuous Delivery
Architecture
A time-boxed iteration of work during which

Sprint (Scrum) an increment of product functionality is DevOps Foundation
implemented.
Subset of the backlog that represents the Certified Agile Process

Sprint Backlog work that must be completed to realize the Owner, DevOps
Sprint Goal. Foundation
Purpose and objective of a Sprint, often Certified Agile Process

Sprint Goal expressed as a business problem that is going Owner, Certified Agile
to be solved. Service Manager
A 4 to 8-hour time-boxed event that defines

Sprint Planning the Sprint Goal, the increment of the Product
Meeting Backlog that will be completed during the
Service Manager
Sprint and how it will be completed.

A 1.5 to 3-hour time-boxed event during
which the Team reviews the last Sprint and
Sprint Retrospective Owner, Certified Agile
identifies and prioritizes improvements for the
Service Manager
next Sprint.
A time-boxed event of 4 hours or less where

the Team and stakeholders inspect the work
Sprint Review Owner, Certified Agile
resulting from the Sprint and update the
Service Manager
Product Backlog.
Software that is installed in a computer

without the user's knowledge and transmits
Spyware DevSecOps Engineer
information about the user's computer
activities over back to the threat agent.
A cross-functional, co-located, autonomous,

Squads DevOps Leader
self-directed team.
Person who has an interest in an

organization, project or IT service. DevOps Foundation,
Stakeholder
Stakeholders may include customers, users DevSecOps Engineering
and suppliers. (ITIL definition).
The sensitivity a service has to accept

changes and the negative impact that may
be caused by system changes. Services may Site Reliability
Stability
have reliability, in that if functions over a long Engineering
period of time, but may not be easy to
change and so does not have stability.
Pre-approved, low risk change that follows a DevOps Foundation,

Standard Change
procedure or work instruction. (ITIL definition) DevSecOps Engineering
Static Application
A type of testing that checks source code for
Security Testing DevSecOps Engineering
bugs and weaknesses.
(SAST)
The purpose of the test is to detect source

Continuous Delivery
code logic errors and omissions such as
Static Code Analysis Architecture, DevOps
memory leaks, unutilized variables, unutilized
Test Engineering
pointers.
Service pages that easily communicate the Site Reliability

Status Page
status of services to customers and users. Engineering
Negative incentives, for discouraging or

Sticks DevSecOps Engineering
punishing undesired behaviors.
A specialty area of security that is concerned

with securing data storage systems and Site Reliability
Storage Security
ecosystems and the data that resides on Engineering
these systems.
A commercial orchestration tool based on

Stormstack DevOps Test Engineering
event triggers instead of time based.

This stands for stop, start, and keep: this is an
StoStaKee interactive time-boxed exercise focused on DevOps Leader
past events.
A 2‐4 week timeboxed Sprint during which

strategic elements that were defined during Certified Agile Process
Strategic Sprint the Process Planning Meeting are completed Owner, Certified Agile
so that the Team can move on to designing Service Manager
the activities of the process.
Changes in the hierarchy of authority, goals,

Structural Changes structural characteristics, administrative DevOps Leader
procedures and management systems.
External (third party) supplier, manufacturer

or vendor responsible for supplying goods or
Supplier DevOps Foundation
services that are required to deliver IT
services.
Synthetic monitoring (also known as active

monitoring, or semantic monitoring) runs a
subset of an application's automated tests
Continuous Delivery
Synthetic Monitoring against the system on a regular basis. The
Architecture
results are pushed into the monitoring
service, which triggers alerts in case of
failures.
A system of record is the authoritative data DevOps Foundation,

System of Record
source for a data element or data entity. DevSecOps Engineering

System Test complete system performs as expected in its Architecture, DevOps
intended configurations. Test Engineering
Continuous Delivery
System Under Test The EUT is an entire system. E.g. Bank teller
(SUT) machine is being tested.
Test Engineering
Tests and Code modules are pre‐assigned Continuous Delivery

Tag‐Based Test
tags. Tests are selected for a build matching Architecture, DevOps
Selection Method
pre‐assigned tags. Test Engineering
Target Operating A description of the desired state of

DevOps Leader
Model the operating model of an organisation.
An emerging organizational paradigm that

advocates a level of consciousness including
Teal Organization DevOps Leader
all previous world views within the operations
of an organisation.
A measurement of how a team works

together. Includes team culture,
Team Dynamics communication styles, decision making DevOps Leader
ability, trust between members, and the
willingness of the team to change.

Techno-economic paradigm shifts are at the
Techno-Economic core of general, innovation-based theory of
DevOps Leader
Paradigm Shifts economic and societal development as
conceived by Carlota Perez.
Telemetry is the collection of measurements

or other data at remote or inaccessible Site Reliability
Telemetry
points and their automatic transmission to Engineering
receiving equipment for monitoring.
Continuous Delivery
Person who has responsibility for defining the
Test Architect Architecture, DevOps
overall end‐to‐end test strategy for an EUT.
Test Engineering
Continuous Delivery
Test Artifact
Database of files used for testing. Architecture, DevOps
Repository
Test Engineering
Continuous Delivery
A test campaign may include one or more
Test Campaign Architecture, DevOps
test sessions.
Test Engineering
Set of test steps together with data and

Continuous Delivery
configuration information. A test case has a
Test Case Architecture, DevOps
specific purpose to test at least one attribute
Test Engineering
of the EUT.
Continuous Delivery
Test Creation This is a class of test terms which refers to the
Methods methodology used to create test cases.
Test Engineering
Test-driven development (TDD) is a software

development process in which the
developer writes a test before composing
code. They then follow this process:
1. Write the test

2. Run the test and any others that are Continuous Delivery
Test Driven relevant and see them fail Architecture, DevOps
Development (TDD) 3. Write the code Foundation, DevOps Test
4. Run test(s) Engineering
5. Refactor code if needed
6. Repeat
Unit level tests and/or application tests are

created ahead of the code that is to be
tested.
Continuous Delivery
The time it takes to run a test. E.g. # hours per
Test Duration Architecture, DevOps
test
Test Engineering

The test environment refers to the operating
system (e.g. Linus, windows version etc.),
configuration of software (e.g. parameter Continuous Delivery
Test Environment options), dynamic conditions (e.g. CPU and Architecture, DevOps
memory utilization) and physical environment Test Engineering
(e.g. power, cooling) in which the tests are
performed.
Continuous Delivery
Test Fast A CT tenet referring to accelerated testing. Architecture, DevOps
Test Engineering
A set of processes, procedures, abstract

Continuous Delivery
concept and environment in which
Test Framework Architecture, DevOps
automated tests are designed and
Test Engineering
implemented.
A tool which enables the automation of tests.

It refers to the system test drivers and other
Continuous Delivery
supporting tools that requires to execute
Test Harness Architecture, DevOps
tests. It provides stubs and drivers which are
Test Engineering
small programs that interact with the
software under test.
Continuous Delivery
This is a class of terms describes the
Test Hierarchy Architecture, DevOps
organization of tests into groups.
Test Engineering
This class of terms identifies the general Continuous Delivery

Test Methodology methodology used by a test. Examples are Architecture, DevOps
White Box, Black Box Test Engineering
Continuous Delivery
Test result repository Database of test results. Architecture, DevOps
Test Engineering
A matrix of correlation factors correlates test Continuous Delivery

Test Results Trend‐
cases and code modules according to test Architecture, DevOps
based
result (verdict). Test Engineering
Continuous Delivery
This class of terms identifies general roles and
Test Roles Architecture, DevOps
responsibilities for people relevant to testing.
Test Engineering
Automated test case. A single test script may Continuous Delivery

Test Script be implemented one or more test cases Architecture, DevOps
depending on the data. Test Engineering
This class of terms refers to the method used Continuous Delivery

Test Selection
to select tests to be executed on a version of Architecture, DevOps
Method
an EUT. Test Engineering
Continuous Delivery
Set of one or more test suites that are run
Test Session Architecture, DevOps
together on a single build at a specific time.
Test Engineering

Continuous Delivery
Set of test cases that are run together on a
Test Suite Architecture, DevOps
single build at a specific time.
Test Engineering
Continuous Delivery
Test Trend History of verdicts. Architecture, DevOps
Test Engineering
Continuous Delivery
Class that indicates what the purpose of the
Test Type Architecture, DevOps
test is.
Test Engineering
Continuous Delivery
The version of files used to test a specific
Test Version Architecture, DevOps
build.
Test Engineering
Continuous Delivery
Individual who has responsibility to test a
Tester Architecture, DevOps
system or service.
Test Engineering
Tools that verify code quality before passing

Testing Tools DevOps Leader
the build.
Any person deciding must seek advice from

everyone meaningfully affected by the
decision and people with expertise in the
matter. Advice received must be taken into
consideration, though it does not have to be
accepted or followed. The objective of the
The Advice Process DevSecOps Engineering
advice process is not to form consensus, but
to inform the decision-maker so that they
can make the best decision possible. Failure
to follow the advice process undermines trust
and unnecessarily introduces risk to the
business.
The situation wherein an audit-centric

perspective focuses exclusively on "checking
The Checkbox Trap the box" on compliance requirements DevSecOps Engineering
without consideration for overall security
objectives.
The Power of TED* offers an alternative to the

Karpman Drama Triangle with its roles of
Victim, Persecutor, and Rescuer. The
The Power of TED Empowerment Dynamic (TED) provides the DevOps Leader
antidote roles of Creator, Challenger and
Coach and a more positive approach to
life's challenges.
DevOps Foundation,
Key principles of DevOps – Flow, Feedback, DevSecOps Engineering,
The Three Ways
Continuous experimentation and learning. Site Reliability
Engineering

Methodology for identifying the most
important limiting factor (i.e., constraint) that
DevOps Foundation,
Theory of Constraints stands in the way of achieving a goal and
then systematically improving that constraint
until it is no longer the limiting factor.
Thomas Kilmann Measures a person's behavioral choices

DevOps Foundation
Inventory (TKI) under certain conflict situations.
An actor, human or automated, that acts

against a system with intent to harm or
Threat Agent DevSecOps Engineering
compromise that system. Sometimes also
called a "Threat Actor."
Refers to the ability to detect, report, and

support the ability to respond to attacks.
Threat Detection Intrusion detection systems and denial-of-
service systems allow for for some level of
threat detection and prevention.
Information pertaining to the nature of a

threat or the actions a threat may be known
to be perpetrating. May also include
Threat Intelligence "indicators of compromise" related to a given DevSecOps Engineering
threat's actions, as well as a "course of
action" describing how to remediate the
given threat action.
A method that ranks and models potential

threats so that the risk can be understood
Threat Modeling DevSecOps Engineering
and mitigated in the context of the value of
the application(s) to which they pertain.
The period of time between when an idea is

Time to Market conceived and when it is available to DevOps Leader
customers.
Measure of the time it takes for the business DevOps Foundation,

Time to Value
to realize value from a feature or service. DevSecOps Engineering
Tools that allow for time to be tracked, either

Site Reliability
Time Tracking against individual issues or other work or
Engineering
project types.

Time-box Maximum duration of a Scrum event. Owner, Certified Agile
Service Manager
A kind of work tied to running a production

service that tends to be manual, repetitive, Site Reliability
Toil
automatable, tactical, devoid of enduring Engineering
value.

This class describes tools that orchestrate, Continuous Delivery
Tool automate, simulate and monitor EUT's and Architecture, DevOps
infrastructures. Test Engineering
A philosophy that involves using an

integrated set of complimentary task specific
Toolchain DevOps Foundation
tools to automate an end to end process (vs.
a single-vendor solution).
In a Lean Production system the The touch

Touch Time time is the time that the product is actually DevOps Leader
being worked on, and value is being added.
Tracing provides insight into the performance

and health of a deployed application, Site Reliability
Tracing
tracking each function or microservice which Engineering
handles a given request.
The amount of data sent and received by Site Reliability

Traffic Volume
visitors to a service (e.g. a website or API). Engineering
An accelerated learning model in line with

Training From the agile values and principles using the 4Cs
Back of the Room instructional design “map” (Connection,
Concept, Concrete Practice, Conclusion).
A leadership model in which leaders inspire

and motivate followers to achieve higher
Transformational performance by appealing to their values
DevOps Leader
Leadership and sense of purpose, facilitating wide-scale
organizational change (State of DevOps
Report, 2017).
A senior technical leader that has broad and

deep technical expertise across all the
squads' technical areas. A group of squads
Tribe Lead DevOps Leader
working together on a common feature set,
product or service is a tribe in Spotify's
definitions.
A collection of squads with a long-term

Tribes mission that work on/in a related business DevOps Leader
capability.
Malware that carries out malicious

operations under the appearance of a
desired operation such as playing an online
game. A Trojan horse differs from a virus
Trojan (horses) DevSecOps Engineering
because the Trojan binds itself to non-
executable files, such as image files, audio
files whereas a virus requires an executable
file to operate.

Continuous Delivery
The primary source code integration
Trunk Architecture, DevOps
repository for a software product.
Test Engineering
Continuous Delivery
Unit Test The purpose of the test is to verify code logic. Architecture, DevOps
Test Engineering
The purpose of the test is to determine if Continuous Delivery

Usability Test humans have a satisfactory experience Architecture, DevOps
when using an EUT. Test Engineering
Consumer of IT services. Or, the identity

DevOps Foundation,
User asserted during authentication (aka
username).
User and Entity A machine learning technique to analyze

Site Reliability
Behavior Analytics normal and “abnormal” user behaviour with
Engineering
(UEBA) the aim of preventing the latter.
Statement written from the user's business

perspective that describes how the user will Certified Agile Process
User Story achieve a goal from a feature of the Owner, Certified Agile
product. User stories are captured in the Service Manager
Product Backlog (or Process Backlog).
The amount of time spent on an activity that

Value Added Time DevOps Leader
creates value (e.g., development, testing).
Being able to produce value with the

Value Efficiency DevOps Leader
minimum amount of time and resources.
All of the activities to go from a customer

Value Stream DevOps Foundation
request to a delivered product or service.
Lean tool that depicts the flow of

information, materials and work across
Value Stream
functional silos with an emphasis on DevOps Foundation
Mapping
quantifying waste, including time and
quality.
The ability to visualize the flow of value

delivery through the DevOps lifecycle. Gitlab
Value Stream Site Reliability
CI and the Jenkins extension (from Cloud
Management Engineering
Bees) DevOptics can provide this
visualization.
Individual accountable to senior

Value Stream Owner management for improving the value to
Owner
non-value ratio of a given product or service.
An approach where traditional and digital

Variable Speed IT processes co-exist within an organization DevOps Foundation
while moving at their own speed.

Measure of the quantity of work done in a DevOps Foundation,
pre-defined interval. The amount of work an DevSecOps Engineering,
Velocity
individual or team can complete in a given Site Reliability
amount of time. Engineering
Continuous Delivery
Test result classified as Fail, Pass or
Verdict Architecture, DevOps
Inconclusive.
Test Engineering
Ensure a 'single source of truth' and enable

Version control tools change control and tracking for all DevOps Foundation
production artifacts.
Computing resources are scaled higher to

Vertical Scaling increase processing speed e.g. using faster DevOps Test Engineering
computers to run more tasks faster.
Malicious executable code attached to a

file that spreads when an infected file is
Virus (Computer) passed from system to system that could be DevSecOps Engineering
harmless (but annoying) or it could modify or
delete data.
A process that captures and analyzes

Voice of the
customer requirements and feedback to DevOps Foundation
Customer (VOC)
understand what the customer wants.
A weakness in a design, system, or

Vulnerability application that can be exploited by an DevSecOps Engineering
attacker.
Information describing a known vulnerability,

including affected software by version,
relative severity of the vulnerability (for
example, does it result in escalation of
privileges for user role, or does it cause a
denial of service), exploitability of the
Vulnerability
vulnerability (how easy/hard it is to exploit), DevSecOps Engineering
Intelligence
and sometimes current rate of exploitation in
the wild (is it being actively exploited or is it
just theoretical). This information will also
often include guidance on what software
versions are known to have remediated the
described vulnerability.
Vulnerability The process of identifying and remediating

management vulnerabilities.
The amount of time wasted on waiting for

work (e.g., waiting for development and test
Wait Time DevOps Leader
infrastructure, waiting for resources, waiting
for management approval).

Waste (Lean Any activity that does not add value to a
Service Manager,
Manufacturing) process, product or service.
DevOps Foundation,
DevOps Leader
A hybrid approach to application lifecycle

management that combines waterfall and Continuous Delivery
Water‐scrum‐fall
Scrum development can complete in a Architecture
given amount of time.
Linear and sequential approach to

managing software design and
Waterfall (Project Manager, Continuous
development projects in which progress is
Management) Delivery Architecture,
seen as flowing steadily (and sequentially)
DevOps Foundation
downwards (like a waterfall).
An error in software that can be exploited by

an attacker to compromise the application,
Weakness DevSecOps Engineering
system, or the data contained therein. Also
called a vulnerability.
Tools that examine traffic being sent to an

Web Applicaion Site Reliability
application and can block anything that
Firewall (WAF) Engineering
looks malicious.
Tools that have a web client integrated

development environment. Enables Site Reliability
Web IDE
developer productivity without having to use Engineering
a local development tool.
Ron Westrum developed a typology of

organizational cultures that includes three DevSecOps Engineering,
Westrum
types of organizations: Pathological (power- Site Reliability
(Organization Types)
oriented), Bureaucratic (rule-oriented) and Engineering
Generative (performance-oriented).
White‐Box Testing
Test cases use extensive knowledge of the
(or Clear-, Glass-, Continuous Delivery
internal design structure or workings of an
Transparent-Box Architecture, DevOps
application, as opposed to its functionality
Testing or Structural Test Engineering
(i.e. Black-Box Testing).
Testing)
Application whitelisting is the practice of

specifying an index of approved software Continuous Delivery
Whitelisting
applications that are permitted to be present Architecture
and active on a computer system.
Wicked questions are used to expose the

assumptions which shape our actions and
choices. They are questions that articulate
Wicked Questions DevOps Leader
the embedded, and often contradictory
assumptions, we hold about an issue, a
problem or a context.

Knowledge sharing can be enabled by using
Site Reliability
Wiki tools like Confluence which create a rich Wiki
Engineering
of content
A model that recognises four modes of

general approach for human beings. Two
Wilber's Quadrants DevOps Leader
axes are used: on one axis people tend
towards individuality OR collectivity.
Work in Progress Any work that has been started but has not
DevOps Foundation
(WIP) been completed.
Temporary way to reduce or eliminate the

impact of incidents or problems. May be DevOps Foundation,
Workaround
logged as a known error in the Known Error DevSecOps Engineering
Database. (ITIL definition).
Is a structured conversational process for

knowledge sharing in which groups of
people discuss a topic at several tables, with
World Café DevOps Leader
individuals switching tables periodically and
getting introduced to the previous discussion
at their new table by a "table host".
Worms replicate themselves on a system by

attaching themselves to different files and
looking for pathways between computers.
Worms (Computer) DevSecOps Engineering
They usually slow down networks and can run
by themselves (where viruses need a host
program to run).

Master+DevOps+Glossary Cleaned

Uploaded by

Copyright:

Available Formats

You might also like

Master+DevOps+Glossary Cleaned

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Master+DevOps+Glossary Cleaned

Uploaded by

Copyright:

Available Formats

DEVOPS

© DevOps Institute DevOps Glossary of Terms 1

Two-Factor Authentication, also known as

Deploy different versions of an EUT to

A structured problem-solving approach that

Granting an authenticated identity access to

Access provisioning is the process of

The purpose of the test is to determine if an

© DevOps Institute DevOps Glossary of Terms 2

A project management method for complex Certified Agile Process

Able to move quickly and easily; well-

Help teams master Agile development and

Fast moving, flexible and robust company

A formal proclamation of values and

Involves evaluating in-flight projects and

The aspect of Agile Service Management

The aspect of Agile SM that aligns Agile

© DevOps Institute DevOps Glossary of Terms 3

Framework that ensures that ITSM processes

Process Planning Meeting (optional), Sprint

Process Owner, Process Improvement Team

The operational equivalent to Dev's

Group of software development methods in

Amazon Web Services (AWS) is a secure

Test results processed and presented in an Continuous Delivery

A system gives an assembly line worker the

A commonly reinvented but poor solution to

© DevOps Institute DevOps Glossary of Terms 4

APM is the monitoring and management of

Application A set of protocols used to create

Controlled continuous delivery pipeline

Controlled continuous delivery pipeline

Acceptance Test Driven Development

The purpose of the test is to determine if an

© DevOps Institute DevOps Glossary of Terms 5

Store for binaries, reports and metadata. Continuous Delivery

The chain of weaknesses a threat may

The use of automated tools to ensure

The process of verifying an asserted identity.

The process of granting roles to users to have

Auto DevOps brings DevOps best practices

The ability to automatically and elastically

If a failure is detected during a deployment,

© DevOps Institute DevOps Glossary of Terms 6

A backdoor bypasses the usual

Requirements for a system, expressed as a

A common set of minimum-security practices

Refers to the volume of features involved in a

Bateson Stakeholder A tool for mapping stakeholder's

Test cases are created by simulating an EUT's

A management model that looks beyond

A process through which engineers whose

© DevOps Institute DevOps Glossary of Terms 7

Taking software from the final stage of testing

An error or defect in software that results in

Bureaucratic organizations are likely to use

Certified Agile Service

Public cloud resources are added as