Glossary
Browse our A to Z list of definitions for terms used across the Defence Developer Services. Use this glossary to check terms used. If any words are missing, contact us.
The glossary is intended to grow over time as the service is populated.
| Term | Definition |
|---|---|
| Applications | An application is a software program designed to perform specific tasks for end-users on different devices, serving operational needs across defence. |
| Continuous Authority to Operate (CAtO) | A unique authority under which D2S operates, meaning that application teams inherit assurances direct from D2S. This also provides certainty of future operations as the authority to operate doesn't expire. |
| Containers | A container in D2S is a package of files that constitutes an executable application that will be run in a target runtime environment. All application components are bundled into a single container for effective management and movement. D2S operates a containerised approach to maximise security and resilience, using a Kubernetes platform. |
| Dynamic Application Security Testing (DAST) | Analysis of an application using simulated attacks to identify security vulnerabilities. |
| D2SNamespace | A D2SNamespace is a grouping of Kubernetes objects and DevSecOps tooling. |
| Development Teams | Any users of D2S who directly, or support in the activities of, application development and application production operations. |
| Development (‘Dev’) Environment | The environment in which all development and testing activities occur, and where tooling can be integrated. |
| MOD Computer Emergency Response Team (MODCert) | Responsible for incident response and distribution of security notices. |
| Kubernetes Platform | This is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation, and is used in all D2S environments. |
| Low code | Low code development streamlines application creation by providing visual interfaces and pre-built components, reducing the reliance on manual coding and enabling rapid deployment. |
| Production (‘Prod’) Environment | The environment in which applications are deployed to for hosting/operations at either OFFICIAL or SECRET classification. Production is sometimes described with the term ‘live’. For the avoidance of confusion this is not the same as ‘live’ in the meaning of the Government Service Manual (opens in new tab). Services in the private beta, public beta or live service (opens in new tab) phases as set out in the Manual are all considered to be ‘production’ services. |
| Secrets | Any application information that could compromise the security posture, e.g. API keys, credentials, certificates, etc. |
| Security Operations Centre (SOC) | The department within MOD responsible for D2S monitoring. |
| Software Bill of Materials (SBOM) | A full inventory of software components building up the container. |
| Software Composition Analysis (SCA) | Full analysis of an application’s supply chain for due diligence. |
| Static Application Security Testing (SAST) | Analysis of the container's code to identify security vulnerabilities. |
| T-shirt Size | D2S refers to ‘T-Shirt Sizing’ when estimating resources required for the development team. Details of available sizes are provided in the D2S Self Service Portal. |