nerdexam
Microsoft

AZ-400 · Question #224

You are designing the security validation strategy for a project in Azure DevOps. You need to identify package dependencies that have known security issues and can be resolved by an update. What shoul

The correct answer is D. SonarQube. SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Submitted by suresh_in· Mar 6, 2026Develop a security and compliance plan

Question

You are designing the security validation strategy for a project in Azure DevOps. You need to identify package dependencies that have known security issues and can be resolved by an update. What should you use?

Options

  • AOctopus Deploy
  • BJenkins
  • CGradle
  • DSonarQube

How the community answered

(29 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    93% (27)

Explanation

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice