Software quality & security glossary
The terms that show up in every security review and every AI-generated pull request — defined in plain English, and tied back to exactly how GateTest scans for them.
Static Application Security Testing (SAST)
SAST analyses source code, bytecode, or binaries for security flaws without running the program — catching vulnerabilities like injection, h…
Dynamic Application Security Testing (DAST)
DAST tests a running application from the outside — sending real requests to find vulnerabilities that only appear at runtime, like broken a…
Software Composition Analysis (SCA)
SCA inventories the third-party and open-source dependencies in a project and flags known vulnerabilities, license risks, and unmaintained p…
Static Analysis Results Interchange Format (SARIF)
SARIF is an OASIS-standard JSON format for static-analysis results. It lets any scanner report findings — with file, line, rule id, and seve…
Quality Gate
A quality gate is an automated pass/fail checkpoint in a pipeline that blocks code from merging or deploying unless it meets defined thresho…
Mutation Testing
Mutation testing measures how good your tests actually are by introducing small bugs (mutants) into the code and checking whether the test s…
False Positive Rate
The false positive rate is the share of a scanner's findings that aren't real problems. It's the single biggest factor in whether a security…
Software Supply Chain Security
Supply-chain security protects everything your software depends on but doesn't write — open-source packages, build tools, CI pipelines, and …
Software Bill of Materials (SBOM)
An SBOM is a machine-readable inventory of every component in a piece of software — each dependency, its version, and its license. It's what…
Secret Scanning
Secret scanning detects credentials — API keys, tokens, private keys, passwords — accidentally committed to source code, so they can be revo…
Shift Left
Shift left means moving testing and security earlier in the development lifecycle — into the editor, the commit, and the pull request — inst…
Technical Debt
Technical debt is the implied future cost of choosing a fast or easy solution now instead of a better one that would take longer. Like finan…