Scanning Open Source Libraries for Security Weaknesses
Question
Your company has an Azure DevOps project, which includes a build pipeline that makes use of roughly fifty open source libraries.
You have been tasked with making sure that you are able to scan project for common security weaknesses in the open source libraries.
Which of the following actions should you take?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/The best option for scanning open source libraries for security vulnerabilities in an Azure DevOps project is to use a build task and the WhiteSource Bolt service. Therefore, the correct answer is A.
WhiteSource Bolt is a security scanning tool that integrates with Azure DevOps to provide real-time alerts and remediation advice for known security vulnerabilities in open source libraries. By using a build task, you can ensure that the libraries are scanned for security weaknesses before the code is deployed to a production environment.
Option B, creating a deployment task, would not be the best choice because it would mean the libraries are not scanned until after they have already been deployed. This would increase the risk of a security vulnerability being exploited.
Option C, using the Chef service, is not the best choice because Chef is a configuration management tool, not a security scanning tool. While it can be used to manage dependencies, it does not have the same level of security scanning capabilities as WhiteSource Bolt.
Option D, creating a deployment task and using the Chef service, would suffer from the same issues as option B, and would not provide the best solution for scanning open source libraries for security vulnerabilities.
