Question 124 of 296 from exam AZ-400: Designing and Implementing Microsoft DevOps Solutions

Question 124 of 296 from exam AZ-400: Designing and Implementing Microsoft DevOps Solutions

Question

HOTSPOT -

You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.

You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Explanations

Box 1: A Build task -

Trigger a build -

You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.

1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.

2. To view the build in progress status, click on ellipsis and select View build results.

Box 2: WhiteSource Bolt -

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

https://www.azuredevopslabs.com/labs/vstsextend/whitesource/