KTH · algomaster99 · Sep 29, 2024 · Sep 4, 2024 · Sep 4, 2024 · Sep 4, 2024
diff --git a/contributions/scientific-paper/week6/streuli-prerna/README.md b/contributions/scientific-paper/week6/streuli-prerna/README.md
@@ -0,0 +1,27 @@
+# Assignment Proposal
+
+## Title
+
+Implementing and Automating Security Scanning to
+a DevSecOps CI/CD Pipeline
+
+## Names and KTH ID
+
+  - Prerna Gupta ([email protected])
+  - David Streuli ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Scientific paper
+
+## Description
+
+The paper explores the automation of security scanning focusing on containerised applications. The paper explores the application of Static Application Security Testing (SAST) and Dynmaic Application Security Testing (DAST) to enhance security. SAST is a static analysis technique while DAST tests the application at runtime and does not need to have access to the source code. We'll explain how integrating corresponding tools improves the security of containerized applications by finding vulnerabilities soon and automating their removal from the CI/CD process, the effectiveness of deploying and automating security scanning in DevSecOps pipeline with Snyk and StackHawk tools and methodologies used for detecting vulnerabilities.We conclude the presentation with future scope. The paper can be found here: https://ieeexplore.ieee.org/abstract/document/10235015
+
+**Relevance**
+
+In this paper, a DevSecOps CI/CD pipeline integrated dynamic security testing strategy to address the special requirements of securing containerised applications. The model features early vulnerability detection and push left practices with automated remediation using tools such as Snyk for Static Application Security Testing (SAST) and StackHawk for Dynamic Application Security Testing (DAST), all during the software development lifecycle (SDLC).