Testing Fundamentals - Non-Functional Testing
What is an effective way to integrate automated security scanning into a continuous integration (CI) pipeline?
What is an effective way to integrate automated security scanning into a continuous integration (CI) pipeline?
hard📝 Application Q9 of 15
Step-by-Step Solution
Solution:
Step 1: Understand CI pipeline security integration
Integrating automated security scans into CI helps detect vulnerabilities early and prevents insecure code from progressing.Step 2: Evaluate options
Configure automated security tools to run after each code commit and block builds on critical vulnerabilities describes running automated security tools after each commit and blocking builds if critical issues are found, which is best practice.
Run manual security tests only after the final product release delays testing until after release, which is risky.
Ignore security testing during CI to speed up deployment ignores security testing, which is unsafe.
Perform security testing only on production servers tests only in production, which is too late and risky.Final Answer:
Configure automated security tools to run after each code commit and block builds on critical vulnerabilities -> Option CQuick Check:
Automate security scans early in CI [OK]
Quick Trick: Automate security scans in CI to catch issues early [OK]
Common Mistakes:
- Skipping security tests during development
- Relying only on manual testing after release
- Testing only in production environment
Master "Non-Functional Testing" in Testing Fundamentals
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Testing Fundamentals Quizzes