🔥 3-day streak
Microsoft Cybersecurity Architect Expert125 / 158
Question 125 of 158

A software team at a healthcare ISV builds a patient-portal web application using dozens of open-source npm and NuGet packages. Recent audits found that vulnerable third-party dependencies were shipped to production because developers manually reviewed only their own code. As the cybersecurity architect, you must design a secure development lifecycle control that prevents known-vulnerable open-source components from being promoted to release, while giving developers early feedback in their pull requests. Which control best meets this requirement?

Reviewed for accuracy · Report an issueNext question