Answer-first summary for fast verification
Answer: Use source code security analyzers as part of the CI/CD pipeline, Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline
To minimize the risk of inadvertently introducing security errors during software development and deployment, integrating security tools into your CI/CD pipeline is essential. Using source code security analyzers (B) helps to inspect the code for security vulnerabilities early in the development process. Additionally, running a vulnerability security scanner (E) as part of the CI/CD pipeline ensures that the code and infrastructure are checked for known vulnerabilities before being deployed to production. Together, these actions help catch security issues early and ensure a more secure and agile release process.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company highly values responsiveness and aims to quickly meet customer needs. The primary business objectives are to enhance release speed and agility. In this context, you want to minimize the risk of inadvertently introducing security errors during software development and deployment. Considering these objectives, which two actions can you take to enhance security in your CI/CD pipeline? (Choose two.)
A
Ensure every code check-in is peer reviewed by a security SME
B
Use source code security analyzers as part of the CI/CD pipeline
C
Ensure you have stubs to unit test all interfaces between components
D
Enable code signing and a trusted binary repository integrated with your CI/CD pipeline
E
Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline