Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.D
WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server.
Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Black Duck
2. WhiteSource Bolt
Other incorrect answer options you may see on the exam include the following:
1. Microsoft Visual SourceSafe
2. PDM
3. SourceGear
4. SourceGear Vault
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/The correct answer is D. WhiteSource Bolt.
WhiteSource Bolt is a software composition analysis (SCA) tool that can automatically detect open source components in a project's dependencies and check them for potential security vulnerabilities, licensing issues, and other risks. By integrating WhiteSource Bolt into the build pipeline, you can ensure that any new open source libraries introduced by developers are automatically checked for compliance with your company's licensing policies.
Here's a bit more information on the other options:
A. OWASP ZAP is an open-source web application security scanner that can be used to find security vulnerabilities in web applications. While it's a useful tool for identifying security issues, it's not specifically designed for detecting open source components or licensing issues.
B. Jenkins is a popular open-source automation server that can be used to automate various parts of the software development process, including building, testing, and deploying applications. While Jenkins can be used to automate many aspects of the build pipeline, it doesn't have any built-in features for detecting open source components or licensing issues.
C. Code Style is a set of guidelines and best practices for writing code that is easy to read and maintain. While following code style guidelines can improve the readability and maintainability of code, it's not directly related to detecting open source components or licensing issues.