KTH · algomaster99 · Sep 29, 2024 · Sep 4, 2024 · Sep 4, 2024 · Sep 4, 2024
diff --git a/contributions/scientific-paper/week6/streuli-prerna/README.md b/contributions/scientific-paper/week6/streuli-prerna/README.md
@@ -0,0 +1,27 @@
+# Assignment Proposal
+
+## Title
+
+Implementing and Automating Security Scanning to
+a DevSecOps CI/CD Pipeline
+
+## Names and KTH ID
+
+  - Prerna Gupta ([email protected])
+  - David Streuli ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Scientific paper
+
+## Description
+
+The paper explores the automation of security scanning focusing on containerised applications. We'll explain how integration SAST and DAST tools improves the security of containerized applications by finding vulnerabilities soon and automating their removal from the CI/CD process, the effectiveness of deploying and automating security scanning in DevSecOps pipeline with Snyk and StackHawk tools and methodologies used for detecting vulnerabilities. We conclude the presentation with future scope. The paper can be found here: https://ieeexplore.ieee.org/abstract/document/10235015
+
+**Relevance**
+
+In this paper, a DevSecOps CI/CD pipeline integrated dynamic security testing strategy to address the special requirements of securing containerised applications. The model features early vulnerability detection and push left practices with automated remediation using tools such as Snyk for Static Application Security Testing (SAST) and StackHawk for Dynamic Application Security Testing (DAST), all during the software development lifecycle (SDLC).