A DevOps team is currently looking at the security aspect of their CI/CD pipeline. They are making use of AWS resources for their infrastructure. They want to ensure that the EC2 Instances don’t have any high security vulnerabilities. They want to ensure a complete DevSecOps process. How can this be achieved?

Answer options:

A.Use AWS Config to check the state of the EC2 instance for any sort of security issues.
B.Use AWS Inspector APIs in the pipeline for the EC2 Instances.
C.Use AWS Trusted Advisor APIs in the pipeline for the EC2 Instances.
D.Use AWS Security Groups to ensure no vulnerabilities are present.

Answer – B
Amazon Inspector offers a programmatic way to find security defects or misconfigurations in your operating systems and applications. Because you can use API calls to access both the processing of assessments and the results of your assessments, integration of the findings into workflow and notification systems is simple. DevOps teams can integrate Amazon Inspector into their CI/CD pipelines and use it to identify any pre-existing issues or when new issues are introduced.
Options A, C and D are all incorrect since these services cannot check for Security Vulnerabilities. The AWS Inspector service can only check these.
For more information on AWS Security best practices, please refer to the below URL:
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf