Senior Design 2020 – Computer Science and Engineering Team 7
Computer Science and Engineering Team 7
Kiaa Huggan Alan Liu Mohit Mali Tyler Nguyen Amar Sinha
Secure Scrum Design
Being able to create a robust, secure application is a crucial task for any software engineer. With Agile as its adopted methodology, Synchrony proposes to adopt the idea of ‘C. Pohl and H.-J. Hof, Secure Scrum and OpenSAMM for Secure Software Developmentin International Journal On Advances in Security, volume 9, numbers 1 and 2, 2016, 1942-2636, Jan. 2016, vol. 9.’ to enable discovery, systematic tagging and traceability for software components related to secure practices. Using controlled repositories, this project, Secure Scrum Design, leverages Synchrony’s existing CI/CD pipeline to allow security metadata to pass consistently through the pipeline. The project enables this capability by developing OpenAPI specifications across the pipeline elements, starting from the metadata repository and flowing through to executables. In other words, the project enables developers to find tested secure code, include it in their builds, and to trace those security features through the CI/CD pipeline. This capability impacts the following pipeline components such as Eclipse, Jenkins, Jira, BitBucket, Confluence, Pytest, and CEDAR.
Optionally, the project will utilize the specs created for OpenAPI to create test scripts. If successful, the project will enable Synchrony developers to create RESTful interfaces that implement the desired security metadata automation.