This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Choose the best response for each question.
Which of the following description best describes the term software composition analysis?
Assessment of production hosting infrastructure just before deployment.
Analyzing open-source software after it has been deployed to production to identify security vulnerabilities.
Analyzing open-source software (OSS) to identify potential security vulnerabilities and provide validation that the software meets a defined criterion to use in your pipeline.
Which of the following tools can be used to assess open-source security and licensing compliance?
SonarCloud.
Mend Bolt.
OWASP.
Which of the following situations GitHub Dependabot detects vulnerable dependencies and send Dependabot alerts about them?
A new vulnerability is added to the GitHub Advisory database.
A new code is committed to the repository.
A deployment succeeds.
You must answer all questions before checking your work.
Was this page helpful?