GH-100 · Question #65
GH-100 Question #65: Real Exam Question with Answer & Explanation
The correct answer is B: Dependency Graph. Dependency Graph (B) is correct because it's GitHub's built-in feature that maps all your project's dependencies by scanning manifest files (like package.json, requirements.txt, etc.) and cross-references them against the GitHub Advisory Database to surface known CVEs and securit
Question
Which GitHub feature is responsible for tracking dependencies and known vulnerabilities in those dependencies from an advisory database?
Options
- ARepository Insights
- BDependency Graph
- CSecurity Policy
- DCodeQL
Explanation
Dependency Graph (B) is correct because it's GitHub's built-in feature that maps all your project's dependencies by scanning manifest files (like package.json, requirements.txt, etc.) and cross-references them against the GitHub Advisory Database to surface known CVEs and security alerts (via Dependabot).
- A (Repository Insights) shows contributor activity, traffic, and commit frequency - it's about project analytics, not dependency security.
- C (Security Policy) is a
SECURITY.mdfile that tells users how to report vulnerabilities - it's documentation, not automated scanning. - D (CodeQL) performs static analysis on your own source code to find logic flaws and vulnerabilities you introduced; it doesn't track third-party dependencies.
Memory tip: Think "graph" as in a map of connections - the Dependency Graph literally maps what your code depends on, and GitHub checks those connections against its advisory database automatically.
Topics
Community Discussion
No community discussion yet for this question.