A software development group has integrated an unverified third-party library to improve deployment speed. The security team is concerned that a malicious contributor could insert hidden flaws into new versions of the library. Which action helps reduce the risk of harmful modifications entering production?
Use briefer testing cycles by skipping detailed code review in favor of faster release
Integrate scanning on each build, checking updates to the library for suspicious alterations
Restrict the library to a single environment with minimal logging for efficiency
Store an offline copy of the library and rely on file hashes for periodic verification
Scanning on each build allows for real-time detection of malicious changes introduced through third-party libraries. This proactive approach helps identify tampered code before deployment. Offline copies and hash checks only verify snapshots in time and may miss later alterations. Skipping detailed reviews or limiting visibility for efficiency increases the risk of undetected flaws. Regular scanning ensures continuous monitoring and better protection against supply chain attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a build scan in software development?
Open an interactive chat with Bash
What are supply chain attacks in the context of software security?
Open an interactive chat with Bash
How do file hashes work, and why are they insufficient alone for library verification?