Week 6: demo proposal (#2553)

* week 5: presentation proposal * Create README.md Week 6. Demo * Week 6: Demo proposal updated
KTH · Sep 29, 2024 · 89355d6 · 89355d6
1 parent bd042de
commit 89355d6
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/contributions/demo/week6/ollegu-smhanna/README.md b/contributions/demo/week6/ollegu-smhanna/README.md
@@ -0,0 +1,25 @@
+# Assignment Proposal
+
+## Title
+
+Integrate RetireJS into Github workflow
+
+## Names and KTH ID
+
+- Olle Gunnemyr ([email protected])
+- Sam Maltin ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Demo
+
+## Description
+
+RetireJS is an open-source tool that can detect the use of JavaScript library versions with known vulnerabilities when developing a web application. By integrating the scan into a Github CI/CD pipeline via Github Actions, it would mitigate the risks from vulnerable libraries early in the Software Development Life Cycle (SDLC). Modifications/uses of RetireJS within Github for further security measures will also be demonstrated.
+
+_Relevance
+With the growing number of Javascript libraries on the web and Node.js applications, it is easier to unknowingly choose insecure libraries during development. Automating the vulnerability detection in the CI/CD pipeline by integrating RetireJS, would earlier mitigate the risks of security breaches from these vulnerable libraries, such as Cross-Site Scripting or Remote Code Execution attacks, and thus would be a relevant aspect within DevSecOps.