You are designing the security validation strategy for a project in Azure DevOps. You need to identify package dependencies that have known security issues and can be resolved by an update. What should you use?
Octopus Deploy is a tool to manage releases and deploy the release it-self to the destination host, the Azure DevOps substitute is "Release PipeLine"
SonarQube is for sure the correct answer
I think correct answer id D.
There is a plugin (dependency-check) for SonarQube that do exactly what it is required by the questions. Not a scan of the dependencies but a control based on known security issues
https://github.com/dependency-check/dependency-check-sonar-plugin
This section is not available anymore. Please use the main Exam Page.AZ-400 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dollarpo7
Highly Voted 4 years, 9 months agoPavlo
2 years, 1 month agoAhmed0
Highly Voted 4 years, 7 months agolarrymm
2 years, 12 months agohbergun
4 years, 5 months agojojom19980
4 years, 1 month agoGPRai
Most Recent 1 year, 1 month agoUrbanRellik
1 year, 2 months agoGhauri07
1 year, 10 months agoyana_b
1 year, 11 months agoresonant
2 years agoklayytech
2 years, 5 months agosyu31svc
2 years, 12 months agoGovcomm
3 years agoEltooth
3 years, 2 months agoUnknowMan
3 years, 2 months agordemontis
3 years, 4 months agokennynelcon
3 years agoOptimist_Indian
3 years, 5 months agodurel
3 years, 6 months agoArt3
3 years, 6 months agoPankaj78
3 years, 7 months ago