AZ-400 : Microsoft Azure DevOps Solutions : Part 06

AZ-400 : Microsoft Azure DevOps Solutions : Part 06

1. You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.

   You need to ensure that all the open source libraries comply with your company’s licensing standards.

   Which service should you use?

   • NuGet
   • Maven
   • Black Duck
   • Helm

   Explanation:

   Secure and Manage Open Source Software
   Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
   Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.

   Note: WhiteSource would also be a good answer, but it is not an option here.

2. DRAG DROP

   You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.

   You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.

   Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

   

   

   Explanation:

   Step 1 : az acr create

   An Azure Container Registry (ACR) can also be created using the new Azure CLI.

   az acr create
   –name <REGISTRY_NAME>
   –resource-group <RESOURCE_GROUP_NAME>
   –sku Basic

   Step 2: az ad sp create-for-rbac
   Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret.

   az ad sp create-for-rbac
   –scopes /subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME>
   –role Contributor
   –name <SERVICE_PRINCIPAL_NAME>

   Step 3: kubectl create
   Create a new Kubernetes Secret.

   kubectl create secret docker-registry <SECRET_NAME>
   –docker-server <REGISTRY_NAME>.azurecr.io
   –docker-email <YOUR_MAIL>
   –docker-username=<SERVICE_PRINCIPAL_ID>
   –docker-password <YOUR_PASSWORD>

3. Your company develops an app for iOS. All users of the app have devices that are members of a private distribution group in Microsoft Visual Studio App Center.

   You plan to distribute a new release of the app.

   You need to identify which certificate file you require to distribute the new release from App Center.

   Which file type should you upload to App Center?

   • .cer
   • .pfx
   • .p12
   • .pvk
   Explanation:
   A successful IOS device build will produce an ipa file. In order to install the build on a device, it needs to be signed with a valid provisioning profile and certificate. To sign the builds produced from a branch, enable code signing in the configuration pane and upload a provisioning profile (.mobileprovision) and a valid certificate (.p12), along with the password for the certificate.

4. SIMULATION

   You need to prepare a network security group (NSG) named az400-9940427-nsg1 to host an Azure DevOps pipeline agent. The solution must allow only the required outbound port for Azure DevOps and deny all other inbound and outbound access to the Internet.

   To complete this task, sign in to the Microsoft Azure portal.

   • See explanation below.
   Explanation:

   1. Open Microsoft Azure Portal and Log into your Azure account.
   2. Select network security group (NSG) named az400-9940427-nsg1
   3. Select Settings, Outbound security rules, and click Add
   4. Click Advanced

   

   5. Change the following settings:
   – Destination Port range: 8080
   – Protocol. TCP
   – Action: Allow

   Note: By default, Azure DevOps Server uses TCP Port 8080.

5. DRAG DROP

   You have a project in Azure DevOps named Project1 that contains two Azure DevOps pipelines named Pipeline1 and Pipeline2.

   You need to ensure that Pipeline1 can deploy code successfully to an Azure web app named webapp1. The solution must ensure that Pipeline2 does not have permission to webapp1.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

    

   

6. DRAG DROP

   You need to increase the security of your team’s development process.

   Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security tools to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Threat modeling –
   Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”

   Box 2: Static code analysis –
   Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.

   Box 3: Penetration testing –
   Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.

7. Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.

   You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.

   What should you use?

   • OWASP ZAP
   • Jenkins
   • Code Style
   • WhiteSource Bolt
   Explanation:

   WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server.

   Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

   Note:
   There are several versions of this question in the exam. The question has two possible correct answers:
   1. Black Duck
   2. WhiteSource Bolt

   Other incorrect answer options you may see on the exam include the following:
   1. Microsoft Visual SourceSafe
   2. PDM
   3. SourceGear
   4. SourceGear Vault

8. You plan to use a NuGet package in a project in Azure DevOps. The NuGet package is in a feed that requires authentication.

   You need to ensure that the project can restore the NuGet package automatically.

   What should the project use to automate the authentication?

   • an Azure Automation account
   • an Azure Artifacts Credential Provider
   • an Azure Active Directory (Azure AD) account that has multi-factor authentication (MFA) enabled
   • an Azure Active Directory (Azure AD) service principal
   Explanation:
   The Azure Artifacts Credential Provider automates the acquisition of credentials needed to restore NuGet packages as part of your .NET development workflow. It integrates with MSBuild, dotnet, and NuGet(.exe) and works on Windows, Mac, and Linux. Any time you want to use packages from an Azure Artifacts feed, the Credential Provider will automatically acquire and securely store a token on behalf of the NuGet client you’re using.

9. You use Azure Pipelines to manage project builds and deployments.

   You plan to use Azure Pipelines for Microsoft Teams to notify the legal team when a new build is ready for release.

   You need to configure the Organization Settings in Azure DevOps to support Azure Pipelines for Microsoft Teams.

   What should you turn on?

   • Third-party application access via OAuth
   • Azure Active Directory Conditional Access Policy Validation
   • Alternate authentication credentials
   • SSH authentication
   Explanation:
   The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.

10. You have an existing project in Azure DevOps.

    You plan to integrate GitHub as the repository for the project.

    You need to ensure that Azure Pipelines runs under the Azure Pipelines identity.

    Which authentication mechanism should you use?

    • personal access token (PAT)
    • GitHub App
    • Azure Active Directory (Azure AD)
    • OAuth
    Explanation:

    GitHub App uses the Azure Pipelines identity.

    Incorrect Answers:
    A: Personal access token and OAuth use your personal GitHub identity.

11. Case Study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    Litware, Inc. is an independent software vendor (ISV). Litware has a main office and five branch offices.

    Existing Environment

    Application Architecture

    The company’s primary application is a single monolithic retirement fund management system based on ASP.NET web forms that use logic written in VB.NET. Some new sections of the application are written in C#.

    Variations of the application are created for individual customers. Currently, there are more than 80 live code branches in the application’s code base.

    The application was developed by using Microsoft Visual Studio. Source code is stored in Team Foundation Server (TFS) in the main office. The branch offices access the source code by using TFS proxy servers.

    Architectural Issues

    Litware focuses on writing new code for customers. No resources are provided to refactor or remove existing code. Changes to the code base take a long time, as dependencies are not obvious to individual developers.

    Merge operations of the code often take months and involve many developers. Code merging frequently introduces bugs that are difficult to locate and resolve.

    Customers report that ownership costs of the retirement fund management system increase continually. The need to merge unrelated code makes even minor code changes expensive.

    Customers report that bug reporting is overly complex.

    Requirements

    Planned Changes

    Litware plans to develop a new suite of applications for investment planning. The investment planning applications will require only minor integration with the existing retirement fund management system.

    The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

    Litware plans to move to a more agile development methodology. Shared code will be extracted into a series of packages.

    Litware has started an internal cloud transformation process and plans to use cloud-based services whenever suitable.

    Litware wants to become proactive in detecting failures, rather than always waiting for customer bug reports.

    Technical Requirements

    The company’s investment planning applications suite must meet the following technical requirements:

    – New incoming connections through the firewall must be minimized.
    – Members of a group named Developers must be able to install packages.
    – The principle of least privilege must be used for all permission assignments.
    – A branching strategy that supports developing new functionality in isolation must be used.
    – Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.
    – Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.
    – By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.
    – Code quality and release quality are critical. During release, deployments must not proceed between stages if any active bugs are logged against the release.
    – The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
    – The required operating system configuration for the test servers changes weekly. Azure Automation State Configuration must be used to ensure that the operating system on each test server is configured the same way when the servers are created and checked periodically.

    Current Technical Issue

    The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations.

    Azure Automation State Configuration nodes are registered by using the following command.

    

    1. HOTSPOT

       How should you configure the release retention policy for the investment planning depletions suite? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: Shared Access Authorization token
       Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

       Box 2: Azure Storage with HTTPS access

       Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
       The investment planning application suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

    2. HOTSPOT

       You need to configure a cloud service to store the secrets required by the mobile applications to call the share pricing service.

       What should you include in the solution? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

       Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

       The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

    3. DRAG DROP

       Which package feed access levels should be assigned to the Developers and Team Leaders groups for the investment planning applications suite? To answer, drag the appropriate access levels to the correct groups. Each access level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: Reader
       Members of a group named Developers must be able to install packages.

       Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.

       Box 2: Owner
       Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.

       

12. This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    General Overview

    Woodgrove Bank is a financial services company that has a main office in the United Kingdom.

    Technical Requirements and Planned Changes

    Planned Changes

    Woodgrove Bank plans to implement the following project management changes:

    -​​ Implement Azure DevOps for project tracking.
    – Centralize source code control in private GitHub repositories.
    – Implement Azure Pipelines for build pipelines and release pipelines.

    Woodgrove Bank plans to implement the following changes to the identity environment:

    – Deploy an Azure AD tenant named woodgrovebank.com.
    – Sync the Active Directory domain to Azure AD.
    – Configure App1 to use a service principal.
    – Integrate GitHub with Azure AD.

    Woodgrove Bank plans to implement the following changes to the core apps:

    – Migrate App1 to ASP.NET Core.
    – Integrate Azure Pipelines and the third-party build tool used to develop App2.

    Woodgrove Bank plans to implement the following changes to the DevOps environment:

    – Deploy App1 to Azure App Service.
    – Implement source control for the DB1 schema.
    – Migrate all the source code from TFS1 to GitHub.
    – Deploy App2 to an Azure virtual machine named VM1.
    – Merge the POC branch into the GitHub default branch.
    – Implement an Azure DevOps dashboard for stakeholders to monitor development progress.

    Technical Requirements

    Woodgrove Bank identifies the following technical requirements:

    – The initial databases for new environments must contain both schema and reference data.
    – An Azure Monitor alert for VM1 must be configured to meet the following requirements:
        – Be triggered when average CPU usage exceeds 80 percent for 15 minutes.
        – Calculate CPU usage averages once every minute.
    – The commit history of the POC branch must replace the history of the default branch.
    – The Azure DevOps dashboard must display the metrics shown in the following table.

    

    – Access to Azure DevOps must be restricted to specific IP addresses.
    – Page load times for App1 must be captured and monitored.
    – Administrative effort must be minimized.

    1. You need to meet the technical requirements for controlling access to Azure DevOps.

       What should you use?

       • Azure Multi-Factor Authentication (MFA)
       • on-premises firewall rules
       • conditional access policies in Azure AD
       • Azure role-based access control (Azure RBAC)
       Explanation:

       Scenario: Access to Azure DevOps must be restricted to specific IP addresses.

       Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD’s conditional access to prevent logins from certain geographies and address ranges.

    2. You need to configure Azure Pipelines to control App2 builds.

       Which authentication method should you use?

       • Windows NTLM
       • certificate
       • SAML
       • personal access token (PAT)
       Explanation:

       Scenario: Deploy App2 to an Azure virtual machine named VM1.

       A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps.

    3. DRAG DROP

       You need to configure authentication for App1. The solution must support the planned changes.

       Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

       

        

       

       Explanation:

       Woodgrove Bank plans to implement the following changes to the identity environment:
       – Configure App1 to use a service principal.

13. You use Azure Artifacts to host NuGet packages that you create.

    You need to make one of the packages available to anonymous users outside your organization. The solution must minimize the number of publication points.

    What should you do?

    • Change the feed URL of the package
    • Create a new feed for the package
    • Promote the package to a release view.
    • Publish the package to a public NuGet repository.
    Explanation:
    Azure Artifacts introduces the concept of multiple feeds that you can use to organize and control access to your packages.
    Packages you host in Azure Artifacts are stored in a feed. Setting permissions on the feed allows you to share your packages with as many or as few people as your scenario requires.
    Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers.

14. You are designing the development process for your company.

    You need to recommend a solution for continuous inspection of the company’s code base to locate common code patterns that are known to be problematic.

    What should you include in the recommendation?

    • Microsoft Visual Studio test plans
    • Gradle wrapper scripts
    • SonarCloud analysis
    • the JavaScript task runner
    Explanation:

    SonarCloud is a cloud service offered by SonarSource and based on SonarQube. SonarQube is a widely adopted open source platform to inspect continuously the quality of source code and detect bugs, vulnerabilities and code smells in more than 20 different languages.

    Note: The SonarCloud Azure DevOps extension brings everything you need to have your projects analyzed on SonarCloud very quickly.

    Incorrect Answers:
    A: Test plans are used to group together test suites and individual test cases. This includes static test suites, requirement-based suites, and query-based suites.

15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    The lead developer at your company reports that adding new application features takes longer than expected due to a large accumulated technical debt.

    You need to recommend changes to reduce the accumulated technical debt.

    Solution: You recommend reducing the code coupling and the dependency cycles?

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    Instead reduce the code complexity.

    Note: Technical debt is the accumulation of sub-optimal technical decisions made over the lifetime of an application. Eventually, it gets harder and harder to change things: it’s the ‘sand in the gears’ that sees IT initiatives grind to a halt.

16. Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-based projects.

    You need to recommend a strategy for managing technical debt.

    Which two actions should you include in the recommendation? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Configure post-deployment approvals in the deployment pipeline.
    • Configure pre-deployment approvals in the deployment pipeline.
    • Integrate Azure DevOps and SonarQube.
    • Integrate Azure DevOps and Azure DevTest Labs.
    Explanation:

    B: With SonarQube pre-approval, you can set quality gate.
    C: You can manage technical debt with SonarQube and Azure DevOps.

    Note: Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Unless they are managed, technical debt can accumulate and hurt the overall quality of the software and the productivity of the development team in the long term

    SonarQube an open source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to:
    – Detect Bugs
    – Code Smells
    – Security Vulnerabilities
    – Centralize Quality
    – What’s covered in this lab

17. Your company is building a new solution in Java.

    The company currently uses a SonarQube server to analyze the code of .NET solutions.

    You need to analyze and monitor the code quality of the Java solution.

    Which task types should you add to the build pipeline?

    • Gradle
    • CocoaPods
    • Grunt
    • Gulp
    Explanation:

    SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps Services build task.

    Prepare Analysis Configuration task, to configure all the required settings before executing the build.
    – This task is mandatory.
    – In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.

    Incorrect Answers:
    B: CocoaPods is the dependency manager for Swift and Objective-C Cocoa projects.

    Note: There are several versions of this question in the exam. The question can have three correct answers:
    – MSBuild
    – Maven
    – Gradle

    The question can also have different incorrect options, including:
    – Chef
    – Octopus
    – xCODE

18. Your company is building a new solution in Java.

    The company currently uses a SonarQube server to analyze the code of .NET solutions.

    You need to analyze and monitor the code quality of the Java solution.

    Which task types should you add to the build pipeline?

    • Grunt
    • Octopus
    • Maven
    • Gulp
    Explanation:

    SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps Services build task.

    Prepare Analysis Configuration task, to configure all the required settings before executing the build.
    – This task is mandatory.
    – In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.

    Note: There are several versions of this question in the exam. The question can have three correct answers:
    – MSBuild
    – Maven
    – Gradle

    The question can also have different incorrect options, including:
    – Chef
    – xCODE
    – CocoaPods

19. DRAG DROP

    You are developing a full Microsoft .NET Framework solution that includes unit tests.

    You need to configure SonarQube to perform a code quality validation of the C# code as part of the build pipelines.

    Which four tasks should you perform in sequence? To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.

    

    

    Explanation:

    Step 1: Prepare Analysis Configuration
    Prepare Analysis Configuration task, to configure all the required settings before executing the build.
    This task is mandatory.
    In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.

    Step 2: Visual Studio Build
    Reorder the tasks to respect the following order:
    Prepare Analysis Configuration task before any MSBuild or Visual Studio Build task.

    Step 3: Visual Studio Test
    Reorder the tasks to respect the following order:
    Run Code Analysis task after the Visual Studio Test task.

    Step 4: Run Code Analysis
    Run Code Analysis task, to actually execute the analysis of the source code.
    This task is not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build.

    Note:

    

20. Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-based projects.

    You need to recommend a strategy for managing technical debt.

    Which action should you include in the recommendation?

    • Configure post-deployment approvals in the deployment pipeline.
    • Integrate Azure DevOps and SonarQube.
    • Integrate Azure DevOps and Azure DevTest Labs.
    Explanation:

    You can manage technical debt with SonarQube and Azure DevOps.

    Note: Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Unless they are managed, technical debt can accumulate and hurt the overall quality of the software and the productivity of the development team in the long term

    SonarQube an open source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to:
    – Detect Bugs
    – Code Smells
    – Security Vulnerabilities
    – Centralize Quality
    – What’s covered in this lab