You are designing the security validation strategy for a project in Azure DevOps. You need to identify package dependencies that have known security issues and can be resolved by an update. What should you use?
Octopus Deploy is a tool to manage releases and deploy the release it-self to the destination host, the Azure DevOps substitute is "Release PipeLine"
SonarQube is for sure the correct answer
I think correct answer id D.
There is a plugin (dependency-check) for SonarQube that do exactly what it is required by the questions. Not a scan of the dependencies but a control based on known security issues
https://github.com/dependency-check/dependency-check-sonar-plugin
This section is not available anymore. Please use the main Exam Page.AZ-400 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dollarpo7
Highly Voted 4 years, 7 months agoPavlo
1 year, 12 months agoAhmed0
Highly Voted 4 years, 5 months agolarrymm
2 years, 10 months agohbergun
4 years, 3 months agojojom19980
3 years, 11 months agoGPRai
Most Recent 11 months, 2 weeks agoUrbanRellik
1 year agoGhauri07
1 year, 8 months agoyana_b
1 year, 9 months agoresonant
1 year, 10 months agoklayytech
2 years, 3 months agosyu31svc
2 years, 10 months agoGovcomm
2 years, 10 months agoEltooth
3 years agoUnknowMan
3 years, 1 month agordemontis
3 years, 2 months agokennynelcon
2 years, 10 months agoOptimist_Indian
3 years, 3 months agodurel
3 years, 4 months agoArt3
3 years, 4 months agoPankaj78
3 years, 5 months ago