Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Your company operates an Azure App Service plan responsible for deploying containerized web applications. As part of enhancing security, you are tasked with designing a secure DevOps strategy that ensures these web apps are securely deployed to the App Service plan. Specifically, you need to integrate code scanning tools into the secure software development lifecycle (SDLC). It is crucial that the code is scanned during two specific phases: when the code is uploaded to repositories and when containers are being built. In which stages should you integrate code scanning for each of these phases? Select the most appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Box 1: Box 2:
Explanation:
In the given scenario, code scanning needs to be integrated at two stages: uploading the code to repositories and building containers.
For the first phase, 'Uploading the code to repositories,' GitHub Enterprise is recommended. GitHub Advanced Security provides additional features like code scanning, which searches for potential security vulnerabilities and coding errors in the code stored in the repository. This ensures that the code is scanned immediately upon upload to the repository.
For the second phase, 'Building containers,' Azure Pipelines is recommended. Azure Pipelines can integrate code scanning tools during the build process, including building container images. This ensures that the container is built with scanned code, maintaining security throughout the build process.