Question 5 of 10Pro Only

What security scanning tools should be integrated into a CI/CD pipeline? Explain the differences between SAST, DAST, and SCA, and when each is used.

Sample answer preview

A secure CI/CD pipeline integrates multiple types of security scanning to catch different categories of vulnerabilities at the appropriate stages. The three main types of application security testing are SAST, DAST, and SCA.

SASTDASTSCAstatic analysisdynamic analysisdependency scanning

Unlock the full answer

Get the complete model answer, key points, common pitfalls, and access to 9+ more DevOps Engineer interview questions.

Upgrade to Pro

Starting at $19/month • Cancel anytime

Back to Track