Basic Concept: Preventing vulnerable code from reaching production requires an automated, mandatory gate in the software delivery pipeline. The CI/CD pipeline is the enforcement point where all code must pass before deployment. CompTIA SecAI+ Study Guide covers AI integration in secure development pipelines under AI-assisted security.
Why C is Correct: Implementing an LLM in the CI/CD runner creates a mandatory automated security gate that every code change must pass. The LLM can analyze code for vulnerabilities, insecure patterns, and policy violations, then automatically fail the build if issues are found. This prevents vulnerable code from progressing toward production without human bypass capability, making it the most effective enforcement mechanism.
Why A is Wrong: IDE plug-ins provide warnings to developers during coding, but developers can choose to ignore them and proceed with compilation and commits. Warnings are advisory, not preventive, and cannot guarantee vulnerable code is blocked from the pipeline.
Why B is Wrong: SOAR platforms with ML models are excellent for incident response and security operations automation. However, they are not positioned in the code delivery pipeline and do not gate code from progressing to production.
Why D is Wrong: An agentic penetration testing tool validates vulnerabilities reactively after code is written or deployed. This approach does not intercept code before production deployment and is typically used for post-deployment assessment rather than prevention.
