A software development group has integrated an unverified third-party library to improve deployment speed. The security team is concerned that a malicious contributor could insert hidden flaws into new versions of the library. Which action helps reduce the risk of harmful modifications entering production?
Store an offline copy of the library and rely on file hashes for periodic verification
Integrate scanning on each build, checking updates to the library for suspicious alterations
Restrict the library to a single environment with minimal logging for efficiency
Use briefer testing cycles by skipping detailed code review in favor of faster release
Scanning on each build allows for real-time detection of malicious changes introduced through third-party libraries. This proactive approach helps identify tampered code before deployment. Offline copies and hash checks only verify snapshots in time and may miss later alterations. Skipping detailed reviews or limiting visibility for efficiency increases the risk of undetected flaws. Regular scanning ensures continuous monitoring and better protection against supply chain attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a third-party library in software development?
Open an interactive chat with Bash
What are supply chain attacks in software development?
Open an interactive chat with Bash
Why is scanning on each build important for software security?