AZ-400 · Question #459
You manage code by using GitHub. You need to ensure that repository owners are notified if a new vulnerable dependency or malware is found in their repository. What should you do?
The correct answer is B. Configure Dependabot alerts.. https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts Dependabot alerts tell you that your code depends on a package that is insecure. If your code depends on a package with a security vulnerability, this can cause a range of problems for y
Question
Options
- AConfigure CodeQL scanning actions.
- BConfigure Dependabot alerts.
- CConfigure branch protection rules for each repository.
- DSubscribe all the repository owners to the GitHub Advisory Database.
How the community answered
(17 responses)- A6% (1)
- B88% (15)
- C6% (1)
Explanation
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts Dependabot alerts tell you that your code depends on a package that is insecure. If your code depends on a package with a security vulnerability, this can cause a range of problems for your project or the people who use it. You should upgrade to a secure version of the package as soon as possible. If your code uses malware, you need to replace the package with a secure alternative.
Community Discussion
No community discussion yet for this question.