ITGSS Certified DevOps Engineer Practice Test

What is required in the build process to keep the image secure?

• A. Regularly updating the image documentation
• B. Scanning images for security vulnerabilities
• C. Limiting the number of developers accessing the pipeline
• D. Disabling all security checks

The correct answer is: Scanning images for security vulnerabilities

Scanning images for security vulnerabilities is essential in the build process to maintain the security of images. This step involves inspecting container images for known vulnerabilities, outdated software, and misconfigurations that could be exploited by attackers. By identifying and addressing these security issues before deployment, organizations can significantly reduce the risk of security breaches. Regular scanning can also assist in ensuring compliance with security policies and best practices, which is increasingly important in today's cybersecurity landscape. By integrating automated vulnerability scanning into the continuous integration and continuous deployment (CI/CD) pipeline, organizations can create a proactive approach to security that helps protect their applications and data from potential threats. While keeping image documentation updated and limiting developer access can enhance security in different ways, they do not directly address the potential vulnerabilities present in the software itself. In contrast, the act of disabling all security checks would directly increase risk, making the deployment more susceptible to various attacks and exploitation methods. Thus, scanning for security vulnerabilities is the most effective and necessary action to keep images secure during the build process.