Certificate of Cloud Auditing Knowledge (CCAK) — Question 99

As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

Answer options

• A. Within developer’s laptop
• B. Within the CI/CD server
• C. Within version repositories
• D. Within the CI/CD pipeline

Correct answer: D

Explanation

The correct answer is D, as security tests should be integrated into the CI/CD pipeline to ensure that vulnerabilities are identified and addressed during the development process. Options A, B, and C are not ideal as testing on a developer's laptop can lead to inconsistencies, while CI/CD servers and version repositories do not provide the same level of integration and automation that the pipeline offers.