Glossary
Key terms and concepts used throughout ops0.
A
Agent
A lightweight service installed in your Kubernetes cluster that enables ops0 to monitor pods, collect metrics, and respond to incidents. The agent communicates securely with ops0's API.
Apply
The Terraform/OpenTofu command that creates, updates, or deletes infrastructure to match your configuration. In ops0, apply runs after a successful plan and policy check.
Approval Workflow
A process requiring one or more team members to review and approve changes before they're deployed. Configured per-project based on environment (e.g., production requires approval).
Audit Log
A record of all actions taken in ops0, including who did what and when. Used for compliance, security analysis, and troubleshooting.
B
Blueprint
A reusable project template that contains pre-configured IaC code, variable defaults, and settings. Create new projects from blueprints to standardize infrastructure patterns across your organization.
C
Checkov
A static analysis tool that scans Terraform and OpenTofu files for security misconfigurations before deployment. ops0 integrates Checkov alongside OPA/Rego for layered security scanning.
Cluster
A Kubernetes cluster connected to ops0. Can be any managed Kubernetes (EKS, GKE, AKS) or self-hosted cluster with the ops0 agent installed.
Compliance Score
A percentage representing how many resources pass policy checks. 100% means no violations; lower scores indicate policy violations that need attention.
Configuration Management
The practice of managing server configurations (packages, files, users, services) using tools like Ansible, Chef, or Puppet. Distinct from IaC which provisions infrastructure.
D
Deployment
The process of applying infrastructure changes to your cloud environment. In ops0, a deployment includes plan, policy check, optional approval, and apply phases.
Discovery
An ops0 feature that scans your cloud accounts to find existing resources and produce Terraform code for them. Helps bring unmanaged infrastructure under IaC control.
Drift
When actual infrastructure state differs from what's defined in code. ops0 can detect drift and show you what's changed.
Discovery Session
A single scan run within Discovery. Each session captures a snapshot of your cloud resources at a point in time. Sessions can be compared to track changes over time.
E
External ID
A security identifier used in AWS Assume Role configurations. Prevents confused deputy attacks by ensuring only authorized parties can assume the role.
G
GitHub Sync
Two-way synchronization between ops0 projects and GitHub repositories. Changes in either location sync automatically, enabling GitOps workflows.
GitOps
A practice where Git is the single source of truth for infrastructure. Changes are made via pull requests, reviewed, and automatically deployed when merged.
Hive Agent
A remote infrastructure agent installed on servers or VMs that connects back to ops0 via reverse tunnel. Enables AI-powered diagnostics, remote terminal access, and autonomous remediation without requiring inbound firewall rules.
I
IaC (Infrastructure as Code)
The practice of defining infrastructure using declarative configuration files instead of manual processes. ops0 supports Terraform, OpenTofu, and Oxid, with Pulumi and CloudFormation support upcoming.
Incident
An issue detected by ops0 in your Kubernetes cluster, such as pod crashes, OOMKills, or failed deployments. Incidents include context and suggested remediation.
Integration
A connection between ops0 and an external service (AWS, GCP, Azure, GitHub, Slack). Integrations provide credentials and permissions for ops0 to interact with those services.
Kyverno
A Kubernetes-native policy engine that enforces rules on cluster resources using YAML policies. ops0 uses Kyverno for Kubernetes policy enforcement alongside OPA/Rego for IaC policies.
O
OpenCost
An open-source Kubernetes cost monitoring tool. ops0 integrates OpenCost for per-namespace, per-pod, and per-controller cost breakdowns with efficiency metrics and optimization recommendations.
OpenTofu
An open-source fork of Terraform maintained by the Linux Foundation. Fully compatible with Terraform configurations and state files. ops0 supports OpenTofu as a first-class IaC engine.
OPA (Open Policy Agent)
The policy engine ops0 uses to evaluate infrastructure against your rules. Policies are written in Rego, OPA's query language.
Oxid
A Rust-based IaC engine that stores Terraform/OpenTofu state in a PostgreSQL database instead of cloud object storage. ops0 supports Oxid as a first-class IaC type with automatic post-deployment state sync.
Organization
The top-level container in ops0. Contains users, teams, projects, integrations, and settings. Typically maps to a company or business unit.
P
Plan
A preview of what changes Terraform/OpenTofu will make before applying. Shows resources to be created, modified, or destroyed. Essential for reviewing changes safely.
Policy
A rule that evaluates infrastructure code or runtime behavior. Policies can warn or block deployments. Written in Rego and evaluated before apply.
Project
A workspace in ops0 containing infrastructure code (IaC project) or configuration code (Configuration project). Projects have their own files, deployments, and settings.
Query Console
An interactive interface for exploring your infrastructure state using natural language. Ask questions in plain English about resources, dependencies, costs, vulnerabilities, and project relationships. Powered by Oxid's PostgreSQL backend with cost and vulnerability overlays, saved queries, and CSV/JSON export.
R
Rego
The query language used by Open Policy Agent. Used to write ops0 policies. Example: deny[msg] { input.resource.type == "aws_s3_bucket"; not input.resource.encryption }.
Role
A set of permissions that can be assigned to users. Built-in roles include Owner, Admin, Developer, and Viewer. Custom roles can be created.
Replication
Cloning an IaC project to a different cloud provider, region, or account. ops0's AI transforms resource definitions between clouds (e.g., AWS to GCP) and regenerates provider and backend configurations automatically.
Rollback
Reverting infrastructure to a previous state. In ops0, you can restore any previous deployment version.
S
State
Terraform's record of what infrastructure it manages. Maps configuration to real resources. ops0 manages state securely by default.
Step
A single action within a workflow. Types include IaC Deploy, Script, HTTP Request, Approval, and more. Steps execute sequentially or in parallel.
Sensitive Data Detection
A pre-send scanning system that detects credentials, PII, and secrets in messages before they are sent to the AI assistant. Uses pattern matching and Microsoft Presidio to identify and optionally redact sensitive data.
Suppression
Intentionally ignoring a policy violation. Requires justification and can have an expiration date. Suppressed violations don't affect compliance scores.
T
Team
A group of users within an organization. Teams can be granted access to specific projects with specific roles. Enables department-level permissions.
Terraform
HashiCorp's infrastructure provisioning tool. The most widely used IaC tool. ops0 supports Terraform as a first-class IaC type.
Trivy
A container vulnerability scanner. ops0 integrates the Trivy Operator into Kubernetes clusters to scan running container images for CVEs in OS packages and application dependencies.
Trigger
What starts a workflow execution. Types include manual, scheduled (cron), webhook, Git push, incident, and workflow completion.
V
Variable Graph
An interactive visualization of cross-project IaC dependencies. Shows how outputs from one project feed into variables of another via terraform_remote_state, with impact analysis and blast radius assessment.
Violation
A policy check failure. Violations have severity (Critical, High, Medium, Low) and can block deployments or just warn. Track violations in the Compliance dashboard.
W
Workflow
An automated sequence of steps triggered by an event. Used for CI/CD pipelines, scheduled tasks, incident response, and multi-step operations.
Common Abbreviations
| Abbreviation | Meaning |
|---|---|
| IaC | Infrastructure as Code |
| K8s | Kubernetes |
| OPA | Open Policy Agent |
| RBAC | Role-Based Access Control |
| SSO | Single Sign-On |
| OIDC | OpenID Connect |
| SAML | Security Assertion Markup Language |
| IAM | Identity and Access Management |
| VPC | Virtual Private Cloud |
| EKS | Elastic Kubernetes Service (AWS) |
| GKE | Google Kubernetes Engine |
| AKS | Azure Kubernetes Service |