Which practice BEST mitigates the risk of malicious packages being introduced through open-source dependencies?
-
A
Prohibiting all use of open-source software
-
B
Using a private artifact repository with vetted, approved packages and automated vulnerability scanning
-
C
Requiring developers to manually review all open-source licenses
-
D
Storing open-source packages on a USB drive disconnected from the internet