Correct Answers: A, B, and D
WhiteSource Bolt is a static code scanner for Open Source Software (OSS) security vulnerabilities and compliance. It identifies security vulnerable open source libraries in applications irrespective of the programming language or technology. It provides solutions to address these vulnerabilities. Bolt produces the Security Dashboard that highlights the main indicators: Vulnerability Score, Vulnerable Libraries and Severity Distribution
Also, the WhiteSource Bolt report contains a list of outdated libraries with recommendations on how to correct these issues.
Important to know that, according to research, outdated libraries increase the application vulnerability in four times.
Answers C and E are incorrect. WhiteSource Bolt is a scanner for Open Source libraries only and does not scan any commercial libraries.
Answer F is incorrect. WhiteSource Bolt is a static code scanner and does not conduct any penetration tests. OWASP ZAP is a dynamic penetration scanning tool that is usually used in Release Pipeline to test web application vulnerabilities.
For more information about WhiteSource Bolt and other vulnerability scanning tools, please visit the below URLs-
https://azuredevopslabs.com/labs/vstsextend/whitesource/
https://owasp.org/www-community/Vulnerability_Scanning_Tools
https://ieeexplore.ieee.org/document/7202955