You have been tasked with strengthening the security of your team's development process.
You need to suggest a security tool type for the Continuous Integration (CI) phase of the development process.
Which of the following is the option you would suggest?

A. Penetration testing

B. Static code analysis

C. Threat modeling

D. Dynamic code analysis








 

Suggested Answer: B

Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.
Reference:
https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts

 <img src="https://www.examtopics.com/assets/media/exam-media/04257/0000500001.jpg" alt="Reference Image" />

This question is in AZ-400 Exam
For getting Microsoft DevOps Engineer Expert Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.