nerdexam
Microsoft

AZ-400 · Question #129

Hotspot Question You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that the project can be scanned for

The correct answer is Object to create:: A build task; Service to use:: WhiteSource Bolt. This question tests your knowledge of integrating open source vulnerability scanning into Azure DevOps pipelines using appropriate tools and configurations.

Submitted by carter_n· Mar 6, 2026Develop a security and compliance plan

Question

Hotspot Question You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Exhibit

AZ-400 question #129 exhibit

Answer Area

  • Object to create:A build task
    A build taskA deployment taskAn artifacts repository
  • Service to use:WhiteSource Bolt
    WhiteSource BoltBambooCMakeChef

Explanation

This question tests your knowledge of integrating open source vulnerability scanning into Azure DevOps pipelines using appropriate tools and configurations.

Approach. To scan open source libraries for known security vulnerabilities in Azure DevOps, you should add the WhiteSource Bolt (now known as Mend) extension from the Azure DevOps Marketplace, which specializes in open source security and license compliance scanning. You then add the WhiteSource Bolt build task to the build pipeline so it automatically scans the ~50 open source libraries during each build. This integration checks dependencies against known CVE (Common Vulnerabilities and Exposures) databases and generates security reports directly within Azure DevOps. WhiteSource Bolt is a free tier offering that integrates natively with Azure DevOps pipelines and is specifically designed for open source component analysis (SCA - Software Composition Analysis).

Concept tested. Software Composition Analysis (SCA) in Azure DevOps - specifically using WhiteSource Bolt (Mend) to detect known security vulnerabilities (CVEs) in open source libraries integrated into a CI/CD build pipeline. This tests understanding of DevSecOps practices, Azure DevOps Marketplace extensions, and the distinction between SAST (static code analysis) tools versus SCA tools designed for open source dependency scanning.

Reference. https://docs.microsoft.com/en-us/azure/devops/pipelines/ecosystems/android?view=azure-devops - WhiteSource Bolt Azure DevOps extension documentation and Microsoft Learn: Implement open source software security with WhiteSource Bolt

Topics

#WhiteSource Bolt#open source scanning#vulnerability detection#build pipeline

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice