CompTIA CASP+ (CAS-004) — Question 158
The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week
Agile sprints. Which of the following would BEST meet the requirement?
Answer options
- A. An open-source automation server
- B. A static code analyzer
- C. Trusted open-source libraries
- D. A single code repository for all developers
Correct answer: B
Explanation
A static code analyzer is the best choice as it can automatically identify vulnerabilities and defects in the code before it is released, ensuring a higher quality of code. While open-source automation servers and trusted libraries are useful, they do not directly address code quality issues. A single code repository enhances collaboration but does not inherently reduce defects or vulnerabilities.