A company wants to confirm that newly developed code is unmodified before it is deployed. Which measure helps confirm the origin of this code prior to release?
Use a pipeline that enforces signed commits, logs build details, and validates artifacts with cryptographic checks
Adopt formal documentation that describes expected code review practices without automatic version checks
Prohibit any external connections during the build process for code security
Store all project data in a shared location where any developer can audit file versions
Validating commits and artifacts with cryptographic signatures confirms that each piece of code comes from a trusted source and has not been changed. Storing all project data in an open network share does not establish the origin of commits. Closing external network access focuses on restricting external threats but does not confirm the legitimate source of changes. A high-level governance policy without a technical control does not guarantee that builds are traceable or signed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are cryptographic signatures in the context of code validation?
Open an interactive chat with Bash
Why are signed commits important for source control?
Open an interactive chat with Bash
How do cryptographic checks validate build artifacts?