nerdexam
Microsoft

AZ-400 · Question #40

Your company is concerned that when developers introduce open source Libraries, it creates licensing compliance issues. You need to add an automated process to the build pipeline to detect when common

The correct answer is C. Black Duck. Secure and Manage Open Source Software Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to au

Submitted by jian89· Mar 6, 2026Develop a security and compliance plan

Question

Your company is concerned that when developers introduce open source Libraries, it creates licensing compliance issues. You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base. What should you use?

Options

  • ACode Style
  • BMicrosoft Visual SourceSafe
  • CBlack Duck
  • DJenkins

How the community answered

(63 responses)
  • A
    3% (2)
  • B
    2% (1)
  • C
    89% (56)
  • D
    6% (4)

Explanation

Secure and Manage Open Source Software Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met. Note: WhiteSource would also be a good answer, but it is not an option here. https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice