team photo

Figure 1
project photo

Figure 2
project photo

Computer Science and Engineering
Team 7

Team Members

Faculty Advisor

Kiaa Huggan
Alan Liu
Mohit Mali
Tyler Nguyen
Amar Sinha

Hanna Aknouche-Martinsson

Sponsor

Synchrony

sponsored by
sponsor logo

Being able to create a robust, secure application is a crucial task for any software engineer. With Agile as its adopted methodology, Synchrony proposes to adopt the idea of ‘C. Pohl and H.-J. Hof, Secure Scrum and OpenSAMM for Secure Software Developmentin International Journal On Advances in Security, volume 9, numbers 1 and 2, 2016, 1942-2636, Jan. 2016, vol. 9.’ to enable discovery, systematic tagging and traceability for software components related to secure practices. Using controlled repositories, this project, Secure Scrum Design, leverages Synchrony’s existing CI/CD pipeline to allow security metadata to pass consistently through the pipeline. The project enables this capability by developing OpenAPI specifications across the pipeline elements, starting from the metadata repository and flowing through to executables. In other words, the project enables developers to find tested secure code, include it in their builds, and to trace those security features through the CI/CD pipeline. This capability impacts the following pipeline components such as Eclipse, Jenkins, Jira, BitBucket, Confluence, Pytest, and CEDAR. Optionally, the project will utilize the specs created for OpenAPI to create test scripts. If successful, the project will enable Synchrony developers to create RESTful interfaces that implement the desired security metadata automation.