GH-500 · Question #113
GH-500 Question #113: Real Exam Question with Answer & Explanation
The correct answer is C: in security advisories reported on GitHub. {"question_number": 1, "question": "You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed?", "correct_answers": ["C", "D"], "explanation": "Dependabot detects vulnerabilities by combining two pieces
Question
You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? Each answer presents part of the solution. (Choose two.)
Options
- Ain the National Vulnerability Database
- Bin the dependency graph
- Cin security advisories reported on GitHub
- Din manifest and lock files
Explanation
{"question_number": 1, "question": "You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed?", "correct_answers": ["C", "D"], "explanation": "Dependabot detects vulnerabilities by combining two pieces of information. First, it checks security advisories reported on GitHub (C) - GitHub maintains the GitHub Advisory Database, which catalogs known vulnerabilities in open-source packages. Second, Dependabot scans your repository's manifest and lock files (D), such as package.json, package-lock.json, Gemfile.lock, etc., to identify which vulnerable versions of dependencies your project actually uses. The vulnerability is disclosed in the advisory (C), and the affected dependency is discovered via the manifest/lock files (D). Option A (NVD) is a source GitHub ingests into its own advisory database but is not directly where Dependabot reports the disclosure to you. Option B (dependency graph) is a visualization tool, not a disclosure source.", "generated_by": "claude-sonnet", "llm_judge_score": 3}
Topics
Community Discussion
No community discussion yet for this question.