AZ-400 – Question 18

You intend to make use of Azure Artifacts to share packages that you wrote, tested, validated, and deployed.

You want to use a solitary feed to release several builds of each package. You have to make sure that the release of packages that are in development is restricted.
Which of the following actions should you take?
A. You should make use of static code analysis.
B. You should make use of views.
C. You should make use of dynamic code analysis.
D. You should make use of upstream sources.

Correct Answer: B

Upstream sources enable you to manage all of your product’s dependencies in a single feed. We recommend publishing all of the packages for a given product to that product’s feed, and managing that product’s dependencies from remote feeds in the same feed, via upstream sources. This setup has a few benefits:
✑ Simplicity: your NuGet.config, .npmrc, or settings.xml contains exactly one feed (your feed).
✑ Determinism: your feed resolves package requests in order, so rebuilding the same codebase at the same commit or changeset uses the same set of packages
✑ Provenance: your feed knows the provenance of packages it saved via upstream sources, so you can verify that you’re using the original package, not a custom or malicious copy published to your feed
✑ Peace of mind: packages used via upstream sources are guaranteed to be saved in the feed on first use; if the upstream source is disabled/removed, or the remote feed goes down or deletes a package you depend on, you can continue to develop and build