B . Pre-commit code linting: Linting tools analyze code for syntax errors and adherence to coding standards before the code is committed to the repository. This helps catch minor code issues early in the development process, reducing the likelihood of deployment failures.
D . Automated regression testing: Automated regression tests ensure that new code changes do not introduce bugs or regressions into the existing codebase. By running these tests automatically during the deployment process, developers can catch issues early and ensure the stability of the development environment.
Other options:
A . Software composition analysis: This helps identify vulnerabilities in third-party components but does not directly address code quality or deployment failures.
C . Repository branch protection: While this can help manage the code submission process, it does not directly prevent deployment failures caused by code issues or security check failures.
E . Code submit authorization workflow: This manages who can submit code but does not address the quality of the code being submitted.
F . Pipeline compliance scanning: This checks for compliance with security policies but does not address syntax or regression issues.
Reference:
CompTIA Security+ Study Guide
"Continuous Integration and Continuous Delivery" by Jez Humble and David Farley OWASP (Open Web Application Security Project) guidelines on secure coding practices