You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.
You need to ensure that all the open source libraries comply with your company's licensing standards.
Which service should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.C
WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server.
Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.
Note: Blackduck would also be a good answer, but it is not an option here.
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/The correct answer is C. WhiteSource Bolt.
WhiteSource Bolt is an Azure DevOps extension that helps organizations to manage open source components by continuously scanning for security vulnerabilities and license compliance issues. It integrates with Azure DevOps pipelines to automatically scan open source components and provide a report of any issues found.
In this case, the organization needs to ensure that all open source libraries used in the build pipeline comply with their licensing standards. WhiteSource Bolt can help with this by scanning the libraries for any license compliance issues and providing a report of any non-compliant components. This will help the organization to identify and remove any non-compliant components before they are used in production.
Ansible is an open-source automation platform that can be used to deploy and manage applications, but it is not specifically designed for license compliance.
Maven is a build automation tool used primarily for Java projects. While it can be used to manage dependencies, it does not provide license compliance scanning.
Helm is a package manager for Kubernetes that helps to deploy and manage applications. Like Ansible, it is not specifically designed for license compliance.
Therefore, WhiteSource Bolt is the most appropriate service for ensuring license compliance in this scenario.