BenchMark Quizzes by MDFT Pro

Choose The Tool For Security Validation

You are designing the security validation strategy for a project in Azure DevOps at MDFT Pro, a well-known training agency. You need to identify package dependencies that have known security issues and can be resolved by an update.

What should you use?

Choose the correct answer from the options below.

Explanations for each answer:

Octopus Deploy is incorrect. Octopus Deploy is a deployment automation tool, not a security scanning tool. It focuses on simplifying deployment processes but does not provide package dependency security scanning.
Jenkins is incorrect. Jenkins is a continuous integration server that can orchestrate builds and deployments. While Jenkins can integrate with security tools through plugins, it is not itself a tool for identifying package dependencies with security vulnerabilities.
Gradle is incorrect. Gradle is a build automation tool focused on flexibility and performance. While it manages dependencies, it doesn't natively provide security vulnerability scanning for those dependencies.
SonarQube is correct.

Learn more about dependency vulnerability checks with SonarQube:

SonarQube Dependency Checks

Exam Preparation Quiz

Choose The Tool For Security Validation