AZ-400 · Question #495
You have an app named App1 that is built by using Azure Pipelines. The source code for App1 is stored in Azure Repos and contains open source libraries. You need to identify security vulnerabilities i
The correct answer is A. Mend Bolt. Explanation Mend Bolt (formerly WhiteSource Bolt) is the correct answer because it is a free extension specifically designed for Azure DevOps (Azure Pipelines + Azure Repos) that automatically detects and reports security vulnerabilities, licensing risks, and outdated dependencie
Question
Options
- AMend Bolt
- BRollbar
- CCode Climate
- DDeepSource
How the community answered
(20 responses)- A90% (18)
- C5% (1)
- D5% (1)
Explanation
Explanation
Mend Bolt (formerly WhiteSource Bolt) is the correct answer because it is a free extension specifically designed for Azure DevOps (Azure Pipelines + Azure Repos) that automatically detects and reports security vulnerabilities, licensing risks, and outdated dependencies in open source libraries - making it the ideal fit for this exact scenario.
Why the distractors are wrong:
- Rollbar (B) is an error monitoring and crash reporting tool focused on runtime exceptions, not security vulnerability scanning of open source code.
- Code Climate (C) is a code quality and maintainability analysis platform that checks for code smells and technical debt, but is not specialized for open source security vulnerability detection in Azure DevOps.
- DeepSource (D) is a static analysis tool focused on code quality issues and bug detection, not specifically designed to identify security vulnerabilities in open source dependencies within Azure Pipelines.
Memory Tip: Think "Mend" = fixing vulnerabilities - just as you mend something that is broken, Mend Bolt fixes (identifies and flags) security vulnerabilities in open source libraries. Also remember: Mend Bolt is the go-to Azure DevOps integration for open source security, while Rollbar = runtime errors, Code Climate = code quality.
Topics
Community Discussion
No community discussion yet for this question.