Glossary G

OPA Gatekeeper is an admission controller webhook for Kubernetes that enforces Open Policy Agent (OPA) policies as Kubernetes-native constraints. Security teams define ConstraintTemplates (Rego policy logic) and Constraint resources (specific policy instances) to prevent workloads from violating security policies at admission time. Gatekeeper enables policy-as-code for Kubernetes security, enforcing controls like disallowing privileged containers, requiring resource limits, and restricting allowed image registries.

Google Cloud Security Command Center (SCC) is GCP's unified security and risk management platform that provides threat detection, vulnerability assessment, and compliance monitoring across Google Cloud resources. It aggregates findings from built-in detectors (Web Security Scanner, Container Threat Detection, VM Threat Detection) and third-party security tools into a single console. SCC Premium includes Event Threat Detection powered by Google's threat intelligence.

Google Cloud Storage (GCS) is Google Cloud's unified object storage service offering high availability, global consistency, and multiple storage classes (Standard, Nearline, Coldline, Archive). GCS integrates with BigQuery, Dataflow, and Vertex AI for analytics and ML pipelines. Its strong read-after-write consistency and uniform bucket-level access controls make it suitable for production data lakes.

GDPR is the European Union's data privacy regulation that governs how organizations collect, process, store, and share personal data of EU residents. It grants individuals rights over their data (access, deletion, portability) and imposes strict requirements on data controllers and processors. Non-compliance penalties can reach 4% of annual global revenue.

Geo-replication synchronizes data across multiple geographic regions to enable low-latency access for global users and provide disaster recovery for regional failures. Managed database services like Cosmos DB, DynamoDB Global Tables, and Cloud Spanner offer transparent geo-replication. Geo-replication introduces the challenge of consistency models — synchronous replication guarantees consistency at the cost of latency.

GitHub Actions is GitHub's integrated CI/CD platform that executes automated workflows triggered by repository events (push, pull request, schedule). Workflows are defined in YAML files and composed from reusable actions published to the GitHub Marketplace. GitHub Actions' tight integration with GitHub's code review and security features makes it the dominant CI/CD choice for open-source and cloud-native projects.

GitLab CI/CD is the integrated CI/CD system built into the GitLab DevSecOps platform. Pipelines are defined in `.gitlab-ci.yml` and run on shared or self-hosted GitLab Runners. GitLab CI includes built-in SAST, DAST, dependency scanning, container scanning, and license compliance — making it popular in regulated industries that need security integrated into every pipeline.

Gitleaks is an open-source secrets detection tool that scans Git repositories, commit history, and staged changes for hardcoded credentials, API keys, and tokens. It uses regex-based rules to identify common secret patterns from hundreds of services and can be run as a pre-commit hook or CI check to prevent secrets from entering version control. Gitleaks can also scan historical commits to identify previously committed secrets requiring rotation.

GitOps is an operational model where Git repositories serve as the single source of truth for infrastructure and application configuration. Changes to production environments are made exclusively through pull requests, with automated controllers reconciling the actual state with the desired state declared in Git. GitOps brings code review, audit trails, and rollback capabilities to operations.

A GitOps agent is a process running inside the target environment (typically a Kubernetes cluster) that continuously polls a Git repository or OCI registry for desired state changes and applies them locally. The pull-based model avoids exposing cluster credentials to external CI systems. ArgoCD, FluxCD, and Fleet are prominent GitOps agents for Kubernetes.

GKE is Google Cloud's managed Kubernetes service, operated by the team that created Kubernetes. GKE Autopilot mode fully manages node provisioning and right-sizing, while Standard mode gives operators control over node configuration. GKE integrates with Google Cloud IAM, Binary Authorization for supply chain security, and Anthos for hybrid and multi-cloud deployments.

GPT refers to OpenAI's series of autoregressive language models built on the transformer decoder architecture. Pre-trained on large text corpora to predict the next token, GPT models are adapted via instruction fine-tuning and RLHF to follow natural language instructions. GPT-4 and its successors are among the most capable language models available and power ChatGPT and the OpenAI API.

GPTQ is a one-shot post-training quantization method for LLMs that uses second-order information (Hessian approximation) to minimize quantization error layer by layer. It achieves high-quality 4-bit and 3-bit quantized models with minimal accuracy loss, enabling large models to run on single consumer GPUs. GPTQ is widely used with the AutoGPTQ library for serving quantized open-source models.

GPUs are massively parallel processors originally designed for graphics rendering that have become the primary hardware for training and running AI models. Their thousands of cores execute matrix multiplications — the dominant operation in neural networks — far faster than CPUs. NVIDIA H100 and A100 GPUs are the workhorses of LLM training, while consumer GPUs like the RTX 4090 enable local inference.

Grafana is an open-source analytics and visualization platform that connects to dozens of data sources including Prometheus, Loki, Tempo, and SQL databases to create dashboards, alerts, and on-call workflows. The Grafana LGTM stack (Loki, Grafana, Tempo, Mimir) provides a fully open-source observability solution. Grafana Cloud offers a managed version of the stack.

GraphQL is a query language and runtime for APIs that allows clients to request exactly the data they need in a single request. Clients define the shape of the response using a typed schema, eliminating over-fetching and under-fetching problems common in REST APIs. GraphQL is especially powerful for frontend-heavy applications with complex data requirements across multiple entity types.

gRPC is a high-performance RPC framework that uses Protocol Buffers for serialization and HTTP/2 for transport. It enables strongly-typed service definitions, bidirectional streaming, and efficient binary serialization. gRPC is commonly used for internal microservice communication where performance matters more than the human-readability of REST/JSON.

Grype is an open-source vulnerability scanner for container images and filesystems developed by Anchore. It matches installed packages against multiple vulnerability databases including NVD, GitHub Advisory Database, and OS-specific feeds. Grype integrates with CI/CD pipelines to block deployments when critical vulnerabilities are detected and pairs with Syft for SBOM-based scanning.

AWS GuardDuty is a managed threat detection service that continuously monitors AWS accounts for malicious activity and unauthorized behavior using machine learning, anomaly detection, and integrated threat intelligence feeds. It analyzes CloudTrail event logs, VPC Flow Logs, DNS logs, and Kubernetes audit logs to detect threats like account compromise, EC2 credential theft, cryptocurrency mining, and Kubernetes cluster attacks without requiring log infrastructure setup.

Guardrails are preventive and detective controls applied organization-wide in cloud environments to enforce baseline security and compliance policies. Preventive guardrails (implemented via SCPs or Azure Policy deny effects) block creation of non-compliant resources, while detective guardrails (AWS Config rules, Azure Policy audit effects) identify existing compliance violations. Landing zone frameworks like AWS Control Tower include a catalog of mandatory and strongly recommended guardrails.