You need to consider the underlined segment to establish whether it is accurate.
To find when common open source libraries are added to the code base, you should add Jenkins to the build pipeline.
Select No adjustment required if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
Click on the arrows to vote for the correct answer
A. B. C. D.C
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
1. Detect and remedy vulnerable open source components.
2. Generate comprehensive open source inventory reports per project or build.
3. Enforce open source license compliance, including dependencies' licenses.
4. Identify outdated open source libraries with recommendations to update.
Note: Black duck would also be a good answer, but it is not an option here.
https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/The underlined segment in the question suggests that adding Jenkins to the build pipeline is a suitable approach for identifying when common open source libraries are added to the code base. However, this statement is not entirely accurate.
Jenkins is a popular open-source automation server that is widely used for continuous integration and continuous delivery (CI/CD) pipelines. While it can be used to automate software builds and deployments, it does not provide any specific capabilities for identifying when common open source libraries are added to the code base.
To address this requirement, organizations can consider using a software composition analysis (SCA) tool such as WhiteSource, which can scan the code base and identify open source components and their associated licenses. WhiteSource can be integrated into the CI/CD pipeline to automatically detect new dependencies as they are added.
SourceGear Vault, on the other hand, is a version control system that can be used to manage source code and track changes. While it can be used as part of the build pipeline, it does not provide any specific capabilities for identifying open source libraries.
OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner that can be used to identify vulnerabilities in web applications. While it can be used to scan for known vulnerabilities in open source libraries used in a web application, it is not specifically designed to identify when open source libraries are added to the code base.
Therefore, based on the given options, the accurate answer to the question is option C - WhiteSource.