A development team uses various external dependencies in an automated build environment. They want to detect malicious modifications before those changes can affect the production environment. Which method is BEST to ensure suspicious changes are identified rapidly?
Use a fixed baseline for external libraries and avoid updating to newer releases
Depend on vendor alerts for notifications about compromised source code
Include an automated verification step in each build that checks for unexpected changes to external libraries
Schedule manual evaluations of third-party components twice a year to confirm authenticity
Automating verification in each build process allows teams to detect malicious or unauthorized changes to third-party libraries as soon as they occur. This proactive approach is more effective than relying on periodic manual reviews or vendor alerts, which may delay detection. Avoiding updates altogether can lead to outdated libraries and missed security patches, making continuous dependency scanning a critical component of secure CI/CD pipelines.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is dependency scanning in CI/CD pipelines?
Open an interactive chat with Bash
How does automated verification detect unauthorized changes in builds?
Open an interactive chat with Bash
Why is relying on vendor alerts or manual evaluations insufficient?