Exam AZ-400 All QuestionsBrowse all questions from this exam
Go to Exam
Question 146

Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.

You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.

What should you use?

    Correct Answer: C

    C

    Secure and Manage Open Source Software

    Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.

    Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.

    Note:

    There are several versions of this question in the exam. The question has two possible correct answers:

    ✑ Black Duck

    ✑ WhiteSource Bolt

    Other incorrect answer options you may see on the exam include the following:

    ✑ OWASP ZAP

    ✑ PDM

    ✑ SourceGear

    SourceGear Vault -

    Reference:

    https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs

Discussion
EltoothOption: C

C is correct answer. FYI - there will be an update to exam content in June 2022 and all 3rd party questions will be removed.

syu31svcOption: C

"Overview Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met." Link supports C as the answer

dang12394Option: C

quack quack

zellckOption: C

C is the answer. https://marketplace.visualstudio.com/items?itemName=black-duck-software.detect-for-tfs The Black Duck by Synopsys plugin for TFS and Azure DevOps allows automatic identification of open source security vulnerabilities during your application build process. The integration allows you to enforce policies configured in Black Duck to receive alerts and fail builds when policy violations are met.

zellck

Black Duck by Synopsys helps organizations identify and manage open source security, license compliance and operational risks across applications and containers. Black Duck is powered by the world’s largest open source KnowledgeBase™, which containins information from over 13,000 unique sources, includes support for over 80 programming languages, provides timely and enhanced vulnerability information, and is backed by a dedicated team of open source and security experts. The KnowledgeBase™, combined with the broadest support for platforms, languages and integrations, is why 2,000 organizations worldwide rely on Black Duck to secure and manage open source.

UnknowMan

Correct

GovcommOption: C

Blackduck