Glossary of terms related to Konflux

Konflux
A platform to automate the process of building, testing, and releasing applications. Konflux offers enterprise-grade security and customizable feature sets.

build pipeline customization
The ability to update and manage build pipelines for each component in an application.

cluster
A Kubernetes deployment with nodes that run containerized applications and a control plane that manages the nodes.

component
An internal representation of a container image that Konflux builds and tests, using source code from a git repository.

Enterprise Contract (EC)
A set of release policies that you apply to your application snapshot. You can use the EC to prevent releases that are not compliant with Supply-chain Levels for Software Artifacts (SLSA) guidelines.

integration test
A pipeline that you set up in GitHub. When you add components, it tests each one individually, and then tests the application as a whole.

IntegrationTestScenario (ITS)
A Kubernetes resource that defines a pipeline to run. The integration service uses the ITS to test application components.

managed workspace
A workspace that mirrors some details of an already existing workspace. Supporting teams can create a managed workspace to grant limited permissions to development teams in the production environment.

persister
A component that moves all of the relevant PipelineRun information, known as the Pipeline output, to an external storage that is outside of the cluster’s etcd database. The persister runs after the system completes the PipelineRun.

pipelines as code
A practice that defines pipelines by using source code in Git. Pipelines as Code is also the name of a subsystem that executes those pipelines.

pipeline results
Systems that retain the history and details of builds.

PipelineRun
A collection of TaskRuns that are arranged in a specific order of execution.

provenance
Konflux produces a type of attestation for software artifacts called SLSA provenance. As an attestation, provenance lists the steps that Konflux took to create a given artifact. For higher build levels, SLSA provenance must include a signature, which enables you to verify that no one tampered with that attestation. Konflux signs the provenance it produces, to support that verification.

pruner
A component that removes resources that are associated with the completed PipelineRuns. The system assigns resources, such as pods, to every PipelineRun. Without a pruner, these resources remain in the cluster indefinitely, even after the system completes the PipelineRun.

release pipeline
A generic Tekton pipeline that can provide release destinations. An application snapshot must pass the Enterprise Contract test before Konflux can run the release pipeline.

security testing
A process that determines if images meet security quality standards.

snapshot
A set of component and container images that specifies which components the system should release with which container images. The system creates a snapshot when it finishes running a component’s build pipeline.

Supply-chain Levels for Software Artifacts (SLSA)
A security framework that helps prevent tampering by securing the packages and infrastructure of customers’ projects.

task
One or more steps that run container images. Each container image performs a piece of construction work.

TaskRun
A process that executes a task on a cluster with inputs, outputs, and execution parameters. Konflux creates a TaskRun on its own, or as a part of a PipelineRun for each task in a pipeline.

Tekton
A Knative-based framework for CI/CD pipelines. Tekton is decoupled which means that you can use one pipeline to deploy to any Kubernetes cluster in multiple hybrid cloud providers. Tekton stores everything that is related to a pipeline in the cluster.

Tekton chains
A mechanism to secure the software supply chain by recording events in a user-defined pipeline.

Tekton integration testing
A process that uses Tekton tasks to support the setup and execution of dynamic application tests against container images.

Tekton results
A mechanism that stores PipelineRun and TaskRun metadata in a separate database and underlying pod logs in cloud storage.

workspace
A storage volume that a task requires at runtime to receive input or provide output.