A company recently implemented a CI/CD pipeline and is now concerned with the current state of its software development processes. The company wants to augment its CI/CD pipeline with a solution to:
• Prevent code configuration drifts.
• Ensure coding standards are followed.
Which of the following should the company implement to address these concerns? (Choose two.)
To address the concerns of preventing code configuration drifts and ensuring coding standards are followed, the company should implement dynamic code analysis and linters. Dynamic code analysis involves executing the code and observing its behavior during runtime, which helps detect and rectify deviations or drifts in code configuration. Linters analyze source code for programming errors, bugs, stylistic errors, and enforce coding standards, ensuring the consistency and quality of the codebase.
E: linters will ensure good coding practice are implement Linters are tools that analyze the source code of a software program and check for errors, bugs, style, or quality issues. Linters can help developers write better, cleaner, and more consistent code, as well as prevent potential security vulnerabilities or performance problems. Linters can be integrated with various development environments, such as IDEs, editors, or CI/CD pipelines, and can be configured with different rules and standards, depending on the programming language, framework F: regression testing will prevent code configuration drift, unauthorized modification
The company should implement E. Linters and C. Dynamic code analysis to address these concerns. Linters are tools that analyze source code to flag programming errors, bugs, stylistic errors, and suspicious constructs. They can be used to ensure that coding standards are followed and help prevent code configuration drifts. Dynamic code analysis is a method of debugging by examining the code while the program is running. This can provide insight into the code’s behavior, data inputs and outputs, and operational performance, helping to ensure that coding standards are followed and prevent code configuration drifts. While the other options (Code signing, Fuzzers, Manual approval processes, Regression testing) can provide some level of security and quality assurance, they do not directly address the specific concerns of preventing code configuration drifts and ensuring coding standards are followed.
Changing my answer to E,F after additional research.
I agree that it's E and F. It wasn't obvious at first but now I am convinced.
CD, All of them, just taken two, C as a tool and D as a policy. "Configuration drift occurs when an environment’s setup unwittingly shifts away from its intended state. Causes of configuration drift can be hundreds, but primarily due to undocumented ad hoc changes in software or hardware." "When you have multiple engineers and teams interacting with this infrastructure ad hoc and not following the right protocols, these micro-changes can pile up quickly, creating inconsistencies between your current system’s configuration and the baseline of how it should look. This is how configuration drift happens: changes are implemented in an improper way causing issues for your infrastructure over time."
The best solutions to implement in order to address concerns of preventing code configuration drifts and ensuring coding standards are followed are: E. Linters: Linters analyze source code to flag programming errors, bugs, stylistic errors, and suspicious constructs, ensuring that coding standards are followed. C. Dynamic code analysis: Dynamic code analysis involves executing the code to identify issues that occur during runtime, helping to prevent code configuration drifts and ensuring the software behaves as expected.
While the other options listed (Code signing, Fuzzers, Manual approval processes, Regression testing) are valuable in certain contexts for enhancing software security and quality, they are not directly focused on preventing code configuration drifts or enforcing coding standards within the CI/CD pipeline as effectively as dynamic code analysis and linters.