Chapter 4. Glossary

Common terms and definitions for Red Hat’s Trusted Profile Analyzer service.

Exhort: The backend endpoint of Trusted Profile Analyzer where all the API requests get sent, to retrieve the necessary data to analyze, including package dependencies and vulnerabilities. The Red Hat Dependency Analytics (RHDA) integrated development environment (IDE) plugin uses this endpoint to generate vulnerability reports within the IDE framework.

Software Bill of Materials: Also known by the acronym, SBOM. A manifest of dependent software packages needed for a particular application.
Single Pane of Glass: Also known by the acronym, SPOG. The RESTful application programming interface (API) for the Trusted Profile Analyzer web dashboard, and notifications.

Vulnerability Exploitability eXchange: Also known by the acronym, VEX. A security advisory issued by a software provider for specific vulnerabilities within a product.
Common Vulnerability and Exposures: Also known by the acronym, CVE. A CVE indicates a product’s exposure to attacks and malicious activities by giving it a score 1-10, where 1 is the lowest exposure level and 10 is the highest exposure level.
Common Vulnerability Score System: Also known by the acronym CVSS. The CVSS calculates CVE scores according to specific formulas when trying to calculate CVEs in a broad range of products and networks.