Q41 — AWS DOP-C02 Ch.1

Question 41 of 100 | ← Chapter 1

A company needs to scan code changes for security issues before deployment and prevent deployment of noncompliant code. The company uses an AWS CodePipeline pipeline that triggers on code changes, which occur multiple times per day. The company's security team supports a third-party scanning application and provides command-line integration steps for the scan. The code scanning step requires credentials. Which solution meets these requirements in the most secure manner?

Correct Answer: B. Create a new AWS CodeBuild project. Store the username and password as secrets in AWS Secrets Manager. Read the secrets from Secrets Manager. Run the command-line integration steps using the username and password. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.

Explanation

B is correct (Secrets Manager is the key).