 
		Figure 1
 
Figure 2
 
Computer Science and Engineering
	Team 7
| Team Members | Faculty Advisor | 
| Kiaa Huggan | Hanna Aknouche-Martinsson Sponsor Synchrony | 
sponsored by
         
	
	
Being able to create a robust, secure application is a crucial task for any software engineer. With Agile as its adopted methodology, Synchrony proposes to adopt the idea of ‘C. Pohl and H.-J. Hof, Secure Scrum and OpenSAMM for Secure Software Developmentin International Journal On Advances in Security, volume 9, numbers 1 and 2, 2016, 1942-2636, Jan. 2016, vol. 9.’ to enable discovery, systematic tagging and traceability for software components related to secure practices. Using controlled repositories, this project, Secure Scrum Design, leverages Synchrony’s existing CI/CD pipeline to allow security metadata to pass consistently through the pipeline. The project enables this capability by developing OpenAPI specifications across the pipeline elements, starting from the metadata repository and flowing through to executables. In other words, the project enables developers to find tested secure code, include it in their builds, and to trace those security features through the CI/CD pipeline. This capability impacts the following pipeline components such as Eclipse, Jenkins, Jira, BitBucket, Confluence, Pytest, and CEDAR. Optionally, the project will utilize the specs created for OpenAPI to create test scripts. If successful, the project will enable Synchrony developers to create RESTful interfaces that implement the desired security metadata automation.