Home » Microsoft » AZ-400 v.2 » You are designing the security validation strategy for a project in Azure DevOps.
You are designing the security validation strategy for a project in Azure DevOps.
You need to identify package dependencies that have known security issues and can be resolved by an update.
What should you use?
A. Octopus Deploy
B. Jenkins
C. Gradle
D. SonarQube
Correct Answer: A
Explanation/Reference:
Explanation:
Incorrect Answers:
B: Jenkins is a popular open-source automation server used to set up continuous integration and delivery (CI/CD) for your software projects.
D: SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future.
Reference:
https://octopus.com/docs/packaging-applications01 – Implement Application Infrastructure
Correct Answer => SonarQube
Correct Answer => SonarQube
Enterprise Sonarqube with OWASP support is able to do that check:
https://www.sonarqube.org/features/security/owasp/?gclid=Cj0KCQiAzZL-BRDnARIsAPCJs70Teq0-efI2Hd_h-kykCB7I_C7L88Q7kpiuTzuD6Xw1jUb6ZqIP7O0aApVzEALw_wcB