🔥 3-day streak
CompTIA SecurityX (CAS-005)7 / 120
Question 7 of 120
A DevSecOps team discovers that a compromised open-source package was pulled during a recent CI build, injecting a malicious script into the resulting container image before it was pushed to the production registry. The pipeline currently pulls dependencies directly from public repositories at build time and signs images only after they reach the registry. Which combination of controls would MOST effectively prevent this class of build-integrity compromise going forward?
Reviewed for accuracy · Report an issueNext question